6fbe61a6763b7878afc25b418ba16d94_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

6fbe61a6763b7878afc25b418ba16d94_JaffaCakes118
Size

5.5MB
MD5

6fbe61a6763b7878afc25b418ba16d94
SHA1

02413cff6defd9672e66336dc749eb22dcdb71f4
SHA256

e3546b7428f06eb927a1d7856d31365b7efc7adec7eddc06c85e37fae6723f99
SHA512

b5dbd3383f22f28b200567b724674a431189811be6c3e2ebc72ca99d032d1a455c020f298399ae6a30ecca4792a5319a7ecfc57816e7fe6b80359ceec62f124c
SSDEEP

98304:CiuHpLm3wUfC17xSABTnaJ3ZOXTa9124VuK/G8vQC5OMO9CBIcTR:7uHQzSSIrw0ja/RuqKMOjUR

Score

7^/10

upx

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 1 IoCs

Detects file using ACProtect software.

resource	yara_rule
static1/unpack001/efsdll.dll	acprotect

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/efsdll.dll	upx
static1/unpack001/efskey.exe	upx

Unsigned PE 39 IoCs

Checks for missing Authenticode signature.

resource
unpack001/$PLUGINSDIR/InstallOptions.dll
unpack001/$PLUGINSDIR/StartMenu.dll
unpack001/$PLUGINSDIR/nsisdll.dll
unpack001/123key.exe
unpack001/acbtkey.exe
unpack001/actkey.exe
unpack001/ariskkey.dll
unpack001/ariskkey.exe
unpack001/bckey.exe
unpack001/bckupkey.exe
unpack001/efsdll.dll
unpack001/efskey.exe
unpack001/fmkey.exe
unpack001/iekey.exe
unpack001/lnkey.exe
unpack001/mailkey.exe
unpack001/moneykey.exe
unpack001/msgrkey.exe
unpack001/msvcr71.dll
unpack001/myobkey.exe
unpack001/nckey.exe
unpack001/oekey.exe
unpack001/offkey.exe
unpack001/onkey.exe
unpack001/orgkey.exe
unpack001/pdoxkey.exe
unpack001/peachkey.exe
unpack001/pk80.dll
unpack001/projkey.exe
unpack001/qbkey.exe
unpack001/qpkey.exe
unpack001/quickey.exe
unpack001/rarkey.exe
unpack001/scdkey.exe
unpack001/sqlkey.exe
unpack001/winkey.exe
unpack001/wpkey.exe
unpack001/wprokey.exe
unpack001/zipkey.exe

NSIS installer 1 IoCs

installer

resource	yara_rule
sample	nsis_installer_1

Files

6fbe61a6763b7878afc25b418ba16d94_JaffaCakes118
.exe windows:4 windows x86 arch:x86

18bc6fa81e19f21156316b1ae696ed6b

Code Sign

17:3f:ef:6b:b6:3a:24:cb:b1:77:7c:06:81:11:df:82
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

18/08/2005, 00:00

Not After

18/08/2007, 23:59

Subject

CN=Passware\, Inc. Limited,O=Passware\, Inc. Limited,POSTALCODE=NA,STREET=30-38 Main Street+STREET=Suite 31 Don House,L=Gibraltar,ST=GI,C=GI

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

1f:e4:9a:0e:a7:ca:a5:78:2c:70:66:41:b8:86:52:c4:ad:fe:cc:08
Signer

Actual PE Digest

1f:e4:9a:0e:a7:ca:a5:78:2c:70:66:41:b8:86:52:c4:ad:fe:cc:08

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CloseHandle
SetFileTime
CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetFileSize
GetModuleFileNameA
GetTickCount
GetCurrentProcess
lstrcmpiA
ExitProcess
GetCommandLineA
GetWindowsDirectoryA
GetTempPathA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
CreateFileA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
lstrcmpA
GetEnvironmentVariableA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
SetErrorMode
GetModuleHandleA
LoadLibraryA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
MulDiv
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
CopyFileA

user32

ScreenToClient
GetWindowRect
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
EndDialog
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxA
CharPrevA
DispatchMessageA
PeekMessageA
CreateDialogParamA
DestroyWindow
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
RegisterClassA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
TrackPopupMenu
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ShowWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetMalloc
SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 108KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 40KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/InstallOptions.dll
.dll windows:4 windows x86 arch:x86

57354bdeea3dfae6e948101add87501a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetCurrentDirectoryA
GetCurrentDirectoryA
GetPrivateProfileIntA
GetModuleHandleA
lstrcmpiA
GetPrivateProfileStringA
lstrcatA
lstrcpynA
WritePrivateProfileStringA
lstrlenA
lstrcpyA
GlobalFree
MultiByteToWideChar
GlobalAlloc

user32

GetDlgCtrlID
GetClientRect
SetWindowRgn
MapWindowPoints
LoadImageA
SetWindowLongA
CreateWindowExA
MapDialogRect
SetWindowPos
GetWindowRect
CreateDialogParamA
ShowWindow
EnableWindow
GetDlgItem
DestroyIcon
DestroyWindow
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
PtInRect
LoadCursorA
SetCursor
DrawTextA
GetWindowLongA
DrawFocusRect
CallWindowProcA
PostMessageA
MessageBoxA
CharNextA
wsprintfA
GetWindowTextA
SetWindowTextA
SendMessageA
LoadIconA

gdi32

SetTextColor
GetObjectA
SelectObject
GetDIBits
CreateRectRgn
CombineRgn
DeleteObject
CreateCompatibleDC

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetDesktopFolder
SHGetMalloc
ShellExecuteA

comdlg32

GetOpenFileNameA
GetSaveFileNameA
CommDlgExtendedError

Exports

Exports

dialog
initDialog
show

Sections

.text
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 954B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/StartMenu.dll
.dll windows:4 windows x86 arch:x86

28d94e5199b88ad374b3cb2118e31a66

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrcpynA
GlobalAlloc
MulDiv
GetModuleHandleA
GlobalFree
FindClose
FindNextFileA
FindFirstFileA
lstrcmpiA
lstrcatA
lstrcpyA

user32

GetMessageA
IsDialogMessageA
PostMessageA
CallWindowProcA
TranslateMessage
CheckDlgButton
ShowWindow
LoadIconA
GetClientRect
MoveWindow
ScreenToClient
GetWindowRect
ReleaseDC
GetDC
EnableWindow
SetWindowTextA
SendMessageA
IsDlgButtonChecked
GetWindowTextA
DispatchMessageA
DestroyWindow
GetDlgItem
CreateDialogParamA
SetWindowLongA
wsprintfA
GetWindowLongA

gdi32

GetTextMetricsA
SelectObject

shell32

SHGetMalloc
SHGetSpecialFolderLocation
SHGetPathFromIDListA

Exports

Exports

Init
Select
Show

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 296B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 460B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/ioSpecial.ini
$PLUGINSDIR/modern-header.bmp
$PLUGINSDIR/modern-wizard.bmp
$PLUGINSDIR/nsisdll.dll
.dll windows:4 windows x86 arch:x86

7a1b2222bcad8848ee1e1190f24f1473

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetLastError
GlobalMemoryStatus
GetVersionExA
GetFullPathNameA
WideCharToMultiByte
MultiByteToWideChar
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
GetModuleHandleA
SetEndOfFile
RtlUnwind
RaiseException
GetCurrentThreadId
GetCommandLineA
ExitProcess
TerminateProcess
GetCurrentProcess
GetDriveTypeA
GetCurrentDirectoryA
GetSystemTimeAsFileTime
GetFileAttributesA
FindClose
FileTimeToSystemTime
FileTimeToLocalFileTime
FindFirstFileA
FlushFileBuffers
CloseHandle
SetFilePointer
SetStdHandle
GetFileType
SetLastError
HeapFree
HeapAlloc
GetStdHandle
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
UnhandledExceptionFilter
WriteFile
VirtualProtect
VirtualAlloc
GetSystemInfo
LCMapStringA
LCMapStringW
GetTimeZoneInformation
CompareStringA
CompareStringW
HeapReAlloc
HeapSize
ReadFile
IsBadReadPtr
IsBadWritePtr
IsBadCodePtr
GetACP
GetOEMCP
GetCPInfo
InterlockedExchange
GetLocaleInfoA
GetStringTypeA
GetStringTypeW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
CreateFileA
SetEnvironmentVariableA
GlobalAlloc
GlobalLock
GlobalUnlock
MulDiv
TlsAlloc
LoadLibraryA
GetProcAddress
TlsFree
FreeLibrary
SetUnhandledExceptionFilter
TlsGetValue
TlsSetValue
GetModuleFileNameA
VirtualQuery
GlobalFree
InterlockedDecrement
InterlockedIncrement
SetHandleCount
lstrcpyA

advapi32

RegEnumKeyExA
RegDeleteValueA
RegDeleteKeyA
RegQueryInfoKeyA
RegQueryValueExA
GetUserNameA
RegSetValueExA
RegOpenKeyExA
RegCloseKey
RegCreateKeyExA
RegEnumValueA
RegFlushKey

user32

GetDlgItemTextA
GetSysColor
EnableMenuItem
GetSystemMenu
SetWindowLongA
SystemParametersInfoA
DialogBoxIndirectParamA
GetWindowLongA
SetFocus
GetParent
GetDesktopWindow
GetWindowRect
CopyRect
SetCursor
SetWindowPos
GetClassInfoA
LoadCursorA
CreateCursor
UnregisterClassA
RegisterClassA
SendDlgItemMessageA
SetClipboardData
OpenClipboard
EmptyClipboard
CloseClipboard
GetKeyState
MessageBoxA
GetDC
ReleaseDC
EndDialog
OffsetRect
SendMessageA
GetDlgItem

gdi32

GetDeviceCaps
CreateSolidBrush
SetTextColor
SetBkMode
GetStockObject
GetObjectA
CreateFontIndirectA
SelectObject
DeleteObject
GetTextExtentPoint32A

shell32

ShellExecuteA

Exports

Exports

install
send_email

Sections

.text
Size: 156KB - Virtual size: 154KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 40KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/serial.ini
123key.exe
.exe windows:4 windows x86 arch:x86

21408485e9c4d3dfa193286ce8b8fc5b

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

InterlockedDecrement
InterlockedIncrement
GetModuleHandleA
GetStartupInfoA

pk80

ord12572
ord18818
ord18847
ord18025
ord19301
ord5915
ord11586
ord14606
ord3030
ord17192
ord18546
ord8301
ord8320
ord11162
ord6085
ord15604
ord9413
ord13938
ord10872
ord8316
ord20254
ord3210
ord19385
ord3803
ord12897
ord20557
ord6025
ord6079
ord17448
ord2746
ord19664
ord12203
ord4193
ord2451
ord301
ord12144
ord6074
ord15637
ord5419
ord18036
ord3440
ord14775
ord16529
ord3659
ord9377
ord18152
ord14798
ord15865
ord2595
ord11165
ord2392
ord5488
ord1551
ord17446
ord18698
ord17403
ord2292
ord9064
ord9903
ord920
ord7960
ord16361
ord7504
ord13279
ord11728
ord11440
ord10794
ord15201
ord19597
ord11423
ord7270
ord11920
ord18504
ord1557
ord1545
ord6688
ord13272
ord198
ord3631
ord9843
ord3583
ord6640
ord2030
ord1806
ord1524
ord16700
ord20311
ord2418
ord19945
ord17381
ord15827
ord16604
ord7034
ord7150
ord4258
ord9253
ord15124
ord521
ord11450
ord17578
ord14696
ord425
ord6511
ord448
ord19235
ord19149
ord13709
ord14149
ord9025
ord16652
ord5118
ord13097
ord351
ord3716
ord2006

msvcr71

_controlfp
_onexit
__dllonexit
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_amsg_exit
_acmdln
exit
_cexit
_ismbblead
_XcptFilter
_exit
_c_exit
??1type_info@@UAE@XZ
_except_handler3
?terminate@@YAXXZ
??0exception@@QAE@ABV0@@Z
??1exception@@UAE@XZ
??0exception@@QAE@ABQBD@Z
?what@exception@@UBEPBDXZ
_callnewh
malloc
__CxxLongjmpUnwind
_setjmp3
memcmp
strcpy
isprint
_purecall
memcpy
_CxxThrowException
strlen
??_V@YAXPAX@Z
__CxxFrameHandler
??3@YAXPAX@Z

Sections

.text
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

CONST
Size: 4KB - Virtual size: 677B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

_TEXT
Size: 124KB - Virtual size: 121KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

xdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

text
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

_BSS
Size: - Virtual size: 1024B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_DATA
Size: 4KB - Virtual size: 506B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
acbtkey.exe
.exe windows:4 windows x86 arch:x86

029bb465c3fc43968f839633c2b895a0

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

InterlockedIncrement
GetStartupInfoA
GetModuleHandleA
InterlockedDecrement

pk80

ord13097
ord15637
ord5419
ord18036
ord3440
ord7150
ord15827
ord7034
ord14775
ord9843
ord3631
ord198
ord13272
ord6688
ord1545
ord1557
ord6074
ord12572
ord18818
ord18025
ord5915
ord11586
ord17841
ord8531
ord15463
ord13216
ord17808
ord3030
ord17192
ord18546
ord8301
ord8320
ord11162
ord6085
ord15604
ord9413
ord3958
ord14716
ord10872
ord5236
ord14011
ord16529
ord3659
ord9377
ord18152
ord14798
ord15865
ord2595
ord11165
ord9467
ord2392
ord5488
ord1551
ord16604
ord17446
ord18698
ord16652
ord17403
ord2292
ord9064
ord9903
ord6680
ord6933
ord5422
ord3210
ord7960
ord16361
ord7504
ord13279
ord11728
ord10288
ord11440
ord10794
ord15201
ord19597
ord11423
ord7270
ord11920
ord18504
ord3852
ord7413
ord10917
ord3506
ord10828
ord7600
ord294
ord5262
ord6231
ord17202
ord20393
ord15221
ord16626
ord5908
ord14819
ord2006
ord9984
ord1115
ord6000
ord6818
ord3817
ord1602
ord6633
ord19474
ord16078
ord9996
ord4116
ord11462
ord20543
ord2892
ord19819
ord13656
ord4618
ord19511
ord3469
ord18182
ord17674
ord18188
ord13151
ord75
ord6275
ord16634
ord6844
ord1854
ord19319
ord13867
ord18474
ord13770
ord2084
ord16845
ord13141
ord2030
ord731
ord17233
ord20359
ord6122
ord9783
ord3933
ord4083
ord1225
ord10893
ord4587
ord13596
ord1655
ord2995
ord621
ord5018
ord5545
ord16516
ord5569
ord18971
ord5068
ord18779
ord9253
ord15124
ord5619
ord14592
ord4644
ord16991
ord13049
ord14219
ord2658
ord7656
ord8233
ord16370
ord13276
ord9576
ord13124
ord7121
ord7806
ord1375
ord11222
ord19985
ord3308
ord9068
ord311
ord15268
ord9421
ord2092
ord5447
ord8516
ord1815
ord7124
ord12659
ord7739
ord4397
ord3976
ord7791
ord3540
ord8882
ord301
ord2451
ord4193
ord12203
ord19664
ord2746
ord17448
ord6079
ord6025
ord20557
ord12897
ord3803
ord19385
ord19945
ord17745
ord19849
ord12091
ord8953
ord4974
ord17381
ord6427
ord14023
ord448
ord19149
ord6511
ord425
ord19235
ord16347
ord14696
ord1442
ord11450
ord17578
ord19456
ord6963
ord13709
ord14149
ord9025
ord6609
ord16304
ord4709
ord4680
ord18078
ord18216
ord3716
ord11369

msvcr71

_controlfp
_onexit
__dllonexit
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_amsg_exit
_acmdln
exit
_cexit
_ismbblead
_XcptFilter
_exit
_c_exit
??1type_info@@UAE@XZ
_except_handler3
?terminate@@YAXXZ
??0exception@@QAE@ABV0@@Z
??1exception@@UAE@XZ
??0exception@@QAE@ABQBD@Z
?what@exception@@UBEPBDXZ
_callnewh
malloc
memmove
memcmp
memset
__CxxLongjmpUnwind
_setjmp3
memcpy
strchr
_CxxThrowException
strlen
strcmp
_purecall
__CxxFrameHandler
??_V@YAXPAX@Z
??3@YAXPAX@Z
_access

Sections

.text
Size: 132KB - Virtual size: 128KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

CONST
Size: 4KB - Virtual size: 602B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

_TEXT
Size: 60KB - Virtual size: 57KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

xdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

text
Size: 4KB - Virtual size: 714B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 788B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_DATA
Size: 4KB - Virtual size: 112B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
actkey.exe
.exe windows:4 windows x86 arch:x86

8213451e5c8ffd3261b1f8da1ac99587

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

InterlockedIncrement
InterlockedDecrement
GetStartupInfoA
GetModuleHandleA

advapi32

ControlService
OpenSCManagerA
StartServiceA
QueryServiceStatus
OpenServiceA
CloseServiceHandle

pk80

ord18474
ord15845
ord10201
ord7485
ord17094
ord5184
ord4080
ord1726
ord11653
ord17983
ord15436
ord8923
ord12779
ord11605
ord19110
ord2382
ord8878
ord19399
ord6275
ord9253
ord15673
ord14149
ord521
ord2621
ord15124
ord19624
ord17745
ord8882
ord4358
ord4117
ord2030
ord5457
ord3583
ord9843
ord3631
ord198
ord13272
ord6688
ord1545
ord1557
ord6074
ord12572
ord18818
ord18847
ord18025
ord19301
ord5915
ord11586
ord14606
ord3030
ord17192
ord18546
ord8301
ord8320
ord11162
ord6085
ord16604
ord9413
ord13938
ord10872
ord8316
ord20254
ord3210
ord3011
ord20557
ord6025
ord6079
ord17448
ord2746
ord19664
ord12203
ord4193
ord2451
ord301
ord2006
ord13097
ord15637
ord5419
ord18036
ord3440
ord7150
ord15827
ord14775
ord10534
ord16529
ord3659
ord9377
ord18152
ord14798
ord15865
ord2595
ord11165
ord5488
ord1551
ord7960
ord16361
ord13279
ord11728
ord11440
ord10794
ord15201
ord19597
ord11423
ord7270
ord11920
ord18504
ord17446
ord18698
ord16652
ord17403
ord2292
ord9064
ord15885
ord6334
ord10353
ord2953
ord1643
ord6382
ord3143
ord920
ord4258
ord11693
ord2995
ord1815
ord3977
ord18108
ord17254
ord8516
ord2392
ord7413
ord7034
ord1854
ord9421
ord621
ord7504
ord39
ord8823
ord18823
ord10893
ord2511
ord19945
ord1470
ord8953
ord1442
ord6540
ord6728
ord4974
ord11450
ord12897
ord3803
ord19385
ord19456
ord13709
ord9025
ord16854
ord448
ord19149
ord6511
ord425
ord19235
ord17381
ord7261
ord14528
ord859
ord14696
ord17578
ord3716
ord15604

msvcr71

_controlfp
_onexit
__dllonexit
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_amsg_exit
_acmdln
exit
_cexit
_ismbblead
_XcptFilter
_exit
_c_exit
??1type_info@@UAE@XZ
_except_handler3
?terminate@@YAXXZ
??0exception@@QAE@ABV0@@Z
??1exception@@UAE@XZ
??0exception@@QAE@ABQBD@Z
?what@exception@@UBEPBDXZ
_callnewh
malloc
strcpy
setlocale
toupper
_purecall
__CxxLongjmpUnwind
_setjmp3
memcpy
wcscmp
memcmp
strlen
strcmp
_CxxThrowException
__CxxFrameHandler
??_V@YAXPAX@Z
??3@YAXPAX@Z
_wcsupr

Sections

.text
Size: 52KB - Virtual size: 50KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

CONST
Size: 4KB - Virtual size: 546B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

_TEXT
Size: 132KB - Virtual size: 129KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

xdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

text
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_DATA
Size: 4KB - Virtual size: 140B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
ariskkey.dll
.dll windows:4 windows x86 arch:x86

b52d799c44c87a199ae8aec934147fc4

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetVersionExA
CloseHandle
MapViewOfFile
UnmapViewOfFile
OpenFileMappingA
MultiByteToWideChar
WaitForSingleObject
OpenEventA
SetEvent
CreateEventA
CreateFileMappingA
GetModuleHandleA
GetSystemInfo
VirtualProtect
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
LCMapStringW
LCMapStringA
GetStringTypeW
GetStringTypeA
GetCurrentThreadId
GetCommandLineA
ExitProcess
GetProcAddress
TerminateProcess
GetCurrentProcess
TlsAlloc
SetLastError
GetLastError
TlsFree
TlsSetValue
TlsGetValue
HeapFree
HeapAlloc
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
UnhandledExceptionFilter
WriteFile
LeaveCriticalSection
EnterCriticalSection
GetACP
GetOEMCP
GetCPInfo
VirtualAlloc
HeapReAlloc
InitializeCriticalSection
RtlUnwind
InterlockedExchange
VirtualQuery
LoadLibraryA
HeapSize
GetLocaleInfoA

user32

SetWindowsHookExA
CallNextHookEx
EnumChildWindows
PostMessageA
UnhookWindowsHookEx
RegisterWindowMessageA
GetClassNameW
GetWindowTextLengthW
GetWindowLongA
IsWindowVisible
GetClassNameA
GetWindowTextW
GetWindowTextA
GetWindow
GetParent

Exports

Exports

pk_assert_dll_version

Sections

.text
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

CONST
Size: 1024B - Virtual size: 549B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

_TEXT
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_DATA
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ariskkey.exe
.exe windows:4 windows x86 arch:x86

c8b57a6e4c7fc5114b95fc746ae23014

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

InterlockedDecrement
InterlockedIncrement
GetCurrentThreadId
GetStartupInfoA
LocalFree
GetModuleHandleA

user32

GetClassNameA
GetWindowTextLengthA
GetWindowTextW
GetWindowTextLengthW
GetKeyState
GetParent
EnumChildWindows
IsWindowVisible
EnumWindows
PostMessageA
SetActiveWindow
AttachThreadInput
GetWindowThreadProcessId
IsWindow
GetWindowTextA

ole32

OleInitialize
OleUninitialize
OleRun
CoCreateInstance

oleaut32

GetErrorInfo
VariantClear

ariskkey

ord25
ord11
ord19
ord33
ord41

pk80

ord16604
ord19084
ord1854
ord7034
ord7413
ord19945
ord12341
ord5280
ord14040
ord12446
ord2611
ord7150
ord15827
ord3583
ord9843
ord3631
ord198
ord13272
ord6688
ord1545
ord1557
ord6074
ord1442
ord18818
ord18847
ord18025
ord19301
ord5915
ord11586
ord14606
ord3030
ord17192
ord18546
ord8320
ord11162
ord6085
ord15604
ord9413
ord8316
ord10872
ord20254
ord2476
ord13938
ord16529
ord3659
ord9377
ord18152
ord14798
ord15865
ord16981
ord11165
ord2392
ord5488
ord8516
ord18698
ord17403
ord2292
ord4749
ord2758
ord1551
ord15171
ord1704
ord14486
ord3210
ord7960
ord16361
ord7504
ord13279
ord11728
ord11440
ord10794
ord15201
ord19597
ord11423
ord7270
ord11920
ord18504
ord6540
ord6844
ord7485
ord6728
ord4974
ord11450
ord17578
ord14696
ord12897
ord15637
ord19385
ord301
ord2451
ord3803
ord4193
ord19456
ord6963
ord13709
ord14149
ord9025
ord3716
ord1281
ord7439
ord2410
ord14775
ord448
ord6511
ord425
ord19235
ord2536
ord15124
ord15610
ord3440
ord18036
ord19664
ord2746
ord17448
ord5419
ord17381
ord13097
ord2006
ord12203
ord19149
ord6079
ord6025
ord20557
ord2595
ord8953
ord12572

msvcr71

strcmp
__CxxFrameHandler
strlen
_CxxThrowException
_controlfp
_onexit
__dllonexit
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
strncmp
_setjmp3
_amsg_exit
_acmdln
exit
_cexit
_ismbblead
_XcptFilter
_exit
_c_exit
??1type_info@@UAE@XZ
_except_handler3
?terminate@@YAXXZ
??0exception@@QAE@ABV0@@Z
??1exception@@UAE@XZ
??0exception@@QAE@ABQBD@Z
?what@exception@@UBEPBDXZ
_callnewh
malloc
_purecall
__CxxLongjmpUnwind
??3@YAXPAX@Z

Sections

.text
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 376B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
bckey.exe
.exe windows:4 windows x86 arch:x86

53cb964a8e88654faae4aa508c6f2efc

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

InterlockedDecrement
InterlockedIncrement
GetModuleHandleA
GetStartupInfoA

pk80

ord14819
ord11369
ord9984
ord1115
ord6000
ord6818
ord3817
ord1602
ord6633
ord19474
ord16078
ord6025
ord20557
ord6079
ord17381
ord17448
ord19664
ord2746
ord14149
ord5419
ord12203
ord13097
ord15637
ord2006
ord4193
ord2451
ord301
ord18036
ord3440
ord14775
ord2084
ord16845
ord13141
ord11423
ord16361
ord15201
ord5488
ord1551
ord19597
ord731
ord17233
ord17446
ord18698
ord16652
ord17403
ord2292
ord9064
ord9903
ord6680
ord13709
ord7150
ord15827
ord9843
ord3631
ord198
ord13272
ord6688
ord18078
ord1557
ord5908
ord12572
ord18818
ord18025
ord5915
ord11586
ord17841
ord8531
ord15463
ord13216
ord17808
ord3030
ord17192
ord18546
ord8301
ord8320
ord11162
ord6085
ord15604
ord9413
ord3958
ord14716
ord10872
ord5236
ord14011
ord16529
ord3659
ord9377
ord18152
ord14798
ord15865
ord2595
ord11165
ord9467
ord6933
ord5422
ord3210
ord7960
ord7504
ord13279
ord11728
ord10288
ord11440
ord10794
ord7270
ord11920
ord18504
ord6963
ord17674
ord9996
ord1854
ord9744
ord13590
ord16467
ord19033
ord3852
ord16626
ord15221
ord20393
ord17202
ord6231
ord5262
ord294
ord12897
ord3803
ord19385
ord14696
ord2392
ord7600
ord448
ord19149
ord6511
ord425
ord8953
ord10828
ord3506
ord19945
ord10917
ord7413
ord16347
ord18216
ord17578
ord9025
ord13151
ord18182
ord3469
ord19511
ord4618
ord13656
ord19819
ord2892
ord20543
ord11462
ord9448
ord13919
ord7034
ord16604
ord2995
ord6074
ord19235
ord3716
ord1545

msvcr71

_controlfp
_onexit
__dllonexit
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_amsg_exit
_acmdln
exit
_cexit
_ismbblead
_XcptFilter
_exit
_c_exit
??1type_info@@UAE@XZ
_except_handler3
?terminate@@YAXXZ
??0exception@@QAE@ABV0@@Z
??1exception@@UAE@XZ
??0exception@@QAE@ABQBD@Z
?what@exception@@UBEPBDXZ
_callnewh
free
malloc
fopen
memcmp
__CxxLongjmpUnwind
_setjmp3
_purecall
strlen
memcpy
memset
_CxxThrowException
__CxxFrameHandler
??_V@YAXPAX@Z
??3@YAXPAX@Z

Sections

.text
Size: 84KB - Virtual size: 81KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

CONST
Size: 4KB - Virtual size: 315B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

_TEXT
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

xdata
Size: 4KB - Virtual size: 620B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

text
Size: 4KB - Virtual size: 419B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 36KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_DATA
Size: 4KB - Virtual size: 59B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
bckupkey.exe
.exe windows:4 windows x86 arch:x86

b5263785dabec82d2d37acbb4bce0d67

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

InterlockedDecrement
InterlockedIncrement
GetModuleHandleA
GetStartupInfoA

pk80

ord8301
ord8320
ord11162
ord6085
ord15604
ord9413
ord13938
ord10872
ord8316
ord20254
ord3210
ord19385
ord3803
ord12897
ord20557
ord6025
ord6079
ord17448
ord17381
ord2746
ord19664
ord12203
ord4193
ord2451
ord301
ord2006
ord13097
ord15637
ord5419
ord18036
ord3440
ord7150
ord14149
ord18546
ord14775
ord16529
ord3659
ord9377
ord18152
ord14798
ord15865
ord2595
ord11165
ord2392
ord5488
ord1551
ord16604
ord7960
ord16361
ord7504
ord13279
ord11728
ord11440
ord10794
ord15201
ord19597
ord11423
ord7270
ord11920
ord18504
ord17446
ord18698
ord17403
ord2292
ord9064
ord9903
ord920
ord17192
ord3030
ord14606
ord11586
ord5915
ord19301
ord18025
ord18847
ord18818
ord12572
ord6074
ord1557
ord1545
ord6688
ord13272
ord198
ord3631
ord9843
ord3583
ord425
ord6511
ord16652
ord2030
ord5457
ord448
ord19235
ord19149
ord2621
ord9421
ord4258
ord9253
ord15124
ord521
ord11450
ord17578
ord7034
ord13709
ord3716
ord15827

msvcr71

_controlfp
_onexit
__dllonexit
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_amsg_exit
_acmdln
exit
_cexit
_ismbblead
_XcptFilter
_exit
_c_exit
??1type_info@@UAE@XZ
_except_handler3
?terminate@@YAXXZ
??0exception@@QAE@ABV0@@Z
??1exception@@UAE@XZ
??0exception@@QAE@ABQBD@Z
?what@exception@@UBEPBDXZ
_callnewh
malloc
__CxxLongjmpUnwind
_setjmp3
_purecall
memcpy
_CxxThrowException
strncmp
??_V@YAXPAX@Z
__CxxFrameHandler
??3@YAXPAX@Z

Sections

.text
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

CONST
Size: 512B - Virtual size: 484B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

_TEXT
Size: 81KB - Virtual size: 81KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

xdata
Size: 1024B - Virtual size: 876B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

text
Size: 1024B - Virtual size: 604B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 184B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_DATA
Size: 512B - Virtual size: 76B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
dict.txt
efsdll.dll
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

?GetFile@@YAHPADH0AAKAA_JH@Z
?GetFileWillBeLong@@YAHPAD@Z
?InitializeDll@@YAXPBD@Z
?SetParams@@YAHW4CSTYLE@@PAD@Z
?dll_breakflag@@3_NA
?lp_SetProgress@@3P6GXH@ZA

Sections

UPX0
Size: - Virtual size: 2.8MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 248KB - Virtual size: 252KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX2
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
efskey.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 280KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 157KB - Virtual size: 160KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 35KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
fmkey.exe
.exe windows:4 windows x86 arch:x86

562af7036117848b4446cbf594e5b75a

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

InterlockedDecrement
InterlockedIncrement
InterlockedExchange
GetSystemDefaultLCID
GetModuleHandleA
GetStartupInfoA

user32

GetKeyState

pk80

ord3583
ord9843
ord3631
ord198
ord13272
ord6688
ord1545
ord1557
ord6074
ord12572
ord18818
ord18847
ord18025
ord19301
ord5915
ord11586
ord14606
ord3030
ord17192
ord18546
ord8301
ord8320
ord11162
ord6085
ord15604
ord9413
ord13938
ord10872
ord8316
ord20254
ord3210
ord19385
ord3803
ord12897
ord20557
ord6025
ord6079
ord17448
ord2746
ord19664
ord12203
ord4193
ord2451
ord301
ord2006
ord13097
ord15637
ord5419
ord18036
ord3440
ord7150
ord15827
ord14775
ord16529
ord3659
ord9377
ord18152
ord18320
ord15865
ord2595
ord11803
ord2392
ord5488
ord1551
ord7504
ord13279
ord7960
ord16361
ord11728
ord7270
ord11440
ord10794
ord15201
ord19597
ord11423
ord18504
ord17446
ord18698
ord16652
ord17403
ord2292
ord9064
ord9903
ord920
ord10893
ord4587
ord13596
ord18971
ord1655
ord621
ord17745
ord8923
ord12779
ord11605
ord3041
ord808
ord16538
ord6182
ord1442
ord12110
ord16794
ord9170
ord7083
ord7540
ord16112
ord15812
ord3917
ord19569
ord13590
ord9087
ord13841
ord12817
ord4170
ord7720
ord9220
ord7594
ord1477
ord16180
ord4528
ord14158
ord4366
ord4974
ord4377
ord19685
ord9744
ord19033
ord1391
ord6078
ord10060
ord17381
ord2536
ord1854
ord18474
ord7682
ord2995
ord5927
ord13919
ord4094
ord7034
ord16604
ord5457
ord8953
ord2621
ord5480
ord11961
ord8112
ord4258
ord9253
ord15124
ord521
ord11450
ord17578
ord13709
ord14149
ord9025
ord448
ord19149
ord6511
ord425
ord19945
ord19235
ord11165
ord3716
ord14798

msvcr71

_controlfp
_onexit
__dllonexit
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_amsg_exit
_acmdln
exit
_cexit
_ismbblead
_XcptFilter
_exit
_c_exit
??1type_info@@UAE@XZ
_except_handler3
?terminate@@YAXXZ
??0exception@@QAE@ABQBD@Z
?what@exception@@UBEPBDXZ
_callnewh
malloc
memset
__CxxLongjmpUnwind
_setjmp3
_purecall
??0exception@@QAE@ABV0@@Z
??0exception@@QAE@XZ
??1exception@@UAE@XZ
memcmp
memmove
strlen
_CxxThrowException
memcpy
??_V@YAXPAX@Z
__CxxFrameHandler
??3@YAXPAX@Z

Sections

.text
Size: 20KB - Virtual size: 18KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

CONST
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

_TEXT
Size: 300KB - Virtual size: 297KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

xdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 952B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_DATA
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
iekey.exe
.exe windows:4 windows x86 arch:x86

33fb232f8d16aec4325b343cca3669a0

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcAddress
LoadLibraryA
lstrlenA
GetModuleHandleA
LeaveCriticalSection
InterlockedIncrement
FreeLibrary
InterlockedDecrement
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
GetStartupInfoA

user32

FindWindowExA

advapi32

RegOpenKeyExA
RegQueryValueExA
RegCloseKey
RegSetValueExA

pk80

ord11759
ord6356
ord13903
ord16515
ord12533
ord6958
ord7843
ord14803
ord13580
ord5846
ord8677
ord19078
ord15107
ord12362
ord5853
ord6963
ord8516
ord4537
ord12643
ord17292
ord14830
ord9085
ord11957
ord3583
ord9843
ord3631
ord13709
ord13272
ord6688
ord1545
ord1557
ord6074
ord12572
ord18818
ord18847
ord18025
ord7485
ord5915
ord11586
ord14606
ord3030
ord17192
ord18546
ord8320
ord11162
ord6085
ord15604
ord9413
ord8316
ord10872
ord20254
ord2476
ord13938
ord16529
ord3659
ord9377
ord18152
ord14798
ord15865
ord2595
ord11165
ord2758
ord5505
ord12446
ord3210
ord7960
ord11728
ord11440
ord10794
ord7270
ord11920
ord18504
ord11222
ord15610
ord10230
ord16147
ord4803
ord5614
ord15209
ord7331
ord20244
ord19456
ord1442
ord2392
ord1551
ord5488
ord13279
ord15201
ord16361
ord11423
ord2953
ord19597
ord7504
ord19537
ord15171
ord19119
ord9253
ord4216
ord7413
ord19945
ord15895
ord16644
ord18582
ord8882
ord4974
ord6334
ord1643
ord10353
ord2995
ord1854
ord6382
ord16468
ord17519
ord16002
ord16415
ord14775
ord16604
ord448
ord19235
ord425
ord6511
ord7034
ord7150
ord15827
ord19109
ord2093
ord16781
ord2611
ord3440
ord18036
ord301
ord2451
ord4193
ord2006
ord15637
ord13097
ord12203
ord5419
ord19149
ord2746
ord19664
ord17448
ord17381
ord6079
ord20557
ord6025
ord15227
ord8953
ord6844
ord11450
ord14696
ord12897
ord19385
ord3011
ord14149
ord9025
ord15885
ord17578
ord3716
ord19301
ord3803
ord198

msvcr71

abort
_controlfp
_onexit
__dllonexit
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_amsg_exit
_acmdln
exit
_cexit
_ismbblead
_XcptFilter
_exit
_c_exit
??1type_info@@UAE@XZ
?terminate@@YAXXZ
??0exception@@QAE@ABQBD@Z
?what@exception@@UBEPBDXZ
__uncaught_exception
fopen
islower
setlocale
_except_handler3
___unguarded_readlc_active_add_func
___setlc_active_func
_lock
_unlock
___lc_handle_func
___lc_codepage_func
isupper
__pctype_func
__crtLCMapStringA
_callnewh
??3@YAXPAX@Z
calloc
realloc
malloc
__RTDynamicCast
??0exception@@QAE@XZ
??1exception@@UAE@XZ
memchr
fclose
fsetpos
fseek
fgetpos
fputc
fwrite
fgetc
ungetc
fflush
setvbuf
??0bad_cast@@QAE@PBD@Z
??1bad_cast@@UAE@XZ
??0bad_cast@@QAE@ABV0@@Z
??0exception@@QAE@ABV0@@Z
free
memset
memmove
memcmp
time
srand
rand
_purecall
_setjmp3
__CxxLongjmpUnwind
memcpy
_CxxThrowException
strlen
strcmp
__CxxFrameHandler
??_V@YAXPAX@Z

Sections

.text
Size: 172KB - Virtual size: 169KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

CONST
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

_TEXT
Size: 504KB - Virtual size: 500KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

xdata
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

text
Size: 24KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

_BSS
Size: - Virtual size: 4B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 44KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_DATA
Size: 4KB - Virtual size: 598B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
lnkey.exe
.exe windows:4 windows x86 arch:x86

f3d2e28653f26430643548906b71e1b5

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

InterlockedDecrement
InterlockedIncrement
GetModuleHandleA
GetStartupInfoA

pk80

ord1551
ord11423
ord13709
ord9843
ord3631
ord198
ord13272
ord6688
ord1545
ord1557
ord6074
ord12572
ord18818
ord18025
ord5915
ord11586
ord17841
ord8531
ord15463
ord13216
ord17808
ord3030
ord17192
ord18546
ord8301
ord8320
ord11162
ord6085
ord15604
ord9413
ord3958
ord14716
ord10872
ord5236
ord14011
ord16529
ord3659
ord9377
ord18152
ord14798
ord15865
ord2595
ord11165
ord9467
ord17446
ord18698
ord16652
ord17403
ord2292
ord9064
ord9903
ord920
ord5422
ord3210
ord7960
ord7504
ord6511
ord448
ord13279
ord11728
ord10288
ord11440
ord10794
ord7270
ord11920
ord19597
ord17578
ord11450
ord8953
ord18216
ord16236
ord3701
ord2285
ord9338
ord19610
ord3852
ord17674
ord9996
ord7961
ord12849
ord16347
ord9448
ord19213
ord11462
ord20543
ord2892
ord19819
ord13656
ord4618
ord19511
ord3469
ord18182
ord13151
ord7413
ord10917
ord19235
ord19945
ord3506
ord10828
ord425
ord7600
ord14696
ord294
ord5262
ord6231
ord17202
ord20393
ord15221
ord16626
ord5908
ord14819
ord11369
ord9984
ord1115
ord6000
ord6818
ord3817
ord1602
ord6633
ord19474
ord16078
ord10893
ord4587
ord13596
ord18971
ord2995
ord621
ord1655
ord8516
ord9421
ord1815
ord4974
ord15201
ord731
ord2084
ord13141
ord16845
ord17233
ord5488
ord16361
ord2030
ord2392
ord16604
ord14775
ord7034
ord15827
ord7150
ord521
ord3440
ord18036
ord5419
ord15637
ord13097
ord2006
ord301
ord2451
ord4193
ord14149
ord12203
ord19149
ord19664
ord2746
ord17381
ord17448
ord6079
ord6025
ord20557
ord12897
ord3803
ord9025
ord19385
ord3716
ord18504

msvcr71

_controlfp
_onexit
__dllonexit
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_amsg_exit
_acmdln
exit
_cexit
_ismbblead
_XcptFilter
_exit
_c_exit
??1type_info@@UAE@XZ
_except_handler3
?terminate@@YAXXZ
??0exception@@QAE@ABV0@@Z
??1exception@@UAE@XZ
??0exception@@QAE@ABQBD@Z
?what@exception@@UBEPBDXZ
_callnewh
malloc
memcpy
memcmp
memset
strlen
_CxxThrowException
__CxxLongjmpUnwind
_setjmp3
_purecall
__CxxFrameHandler
??3@YAXPAX@Z

Sections

.text
Size: 36KB - Virtual size: 33KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 468B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
mailkey.exe
.exe windows:4 windows x86 arch:x86

4a16441a0ff60a4e8139780d7fa1ce4b

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

InterlockedDecrement
InterlockedIncrement
GetModuleHandleA
GetStartupInfoA

pk80

ord6079
ord17448
ord17381
ord2746
ord19664
ord19149
ord12203
ord14149
ord4193
ord2451
ord301
ord2006
ord13097
ord15637
ord5419
ord18036
ord3440
ord7150
ord15827
ord7034
ord14775
ord16529
ord3659
ord9377
ord18152
ord14798
ord15865
ord2595
ord11165
ord2392
ord5488
ord1551
ord3583
ord6025
ord16361
ord7504
ord6511
ord448
ord13279
ord11728
ord11440
ord10794
ord15201
ord19597
ord11423
ord7270
ord11920
ord18504
ord17446
ord18698
ord16652
ord17403
ord2292
ord9064
ord9903
ord920
ord17578
ord11450
ord521
ord2995
ord2621
ord19235
ord4358
ord15124
ord5457
ord2030
ord20557
ord12897
ord3803
ord19385
ord13709
ord3210
ord20254
ord8316
ord10872
ord13938
ord9413
ord15604
ord6085
ord11162
ord8320
ord8301
ord18546
ord17192
ord3030
ord14606
ord11586
ord5915
ord19301
ord18025
ord18847
ord18818
ord12572
ord6074
ord1557
ord1545
ord6688
ord13272
ord198
ord3631
ord7960
ord9843
ord3716
ord16604

msvcr71

_controlfp
_onexit
__dllonexit
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_amsg_exit
_acmdln
exit
_cexit
_ismbblead
_XcptFilter
_exit
_c_exit
??1type_info@@UAE@XZ
_except_handler3
?terminate@@YAXXZ
??0exception@@QAE@ABV0@@Z
??1exception@@UAE@XZ
??0exception@@QAE@ABQBD@Z
?what@exception@@UBEPBDXZ
_callnewh
malloc
strlen
_CxxThrowException
__CxxLongjmpUnwind
_setjmp3
_purecall
??_V@YAXPAX@Z
__CxxFrameHandler
??3@YAXPAX@Z

Sections

.text
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

CONST
Size: 512B - Virtual size: 227B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

_TEXT
Size: 40KB - Virtual size: 40KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

xdata
Size: 512B - Virtual size: 364B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

text
Size: 512B - Virtual size: 148B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 208B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_DATA
Size: 1024B - Virtual size: 844B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
moneykey.exe
.exe windows:4 windows x86 arch:x86

a0d047e43334553486ffe9f94b090cb4

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

InterlockedIncrement
InterlockedDecrement
GetModuleHandleA
GetStartupInfoA

advapi32

CryptDestroyHash
CryptGetHashParam
CryptDestroyKey
CryptAcquireContextA
CryptReleaseContext
CryptSetKeyParam
CryptDecrypt
CryptDeriveKey
CryptHashData
CryptCreateHash

pk80

ord19385
ord3803
ord12897
ord294
ord5262
ord6231
ord17202
ord20393
ord15221
ord16626
ord5908
ord14819
ord11369
ord9984
ord1115
ord7083
ord6818
ord3817
ord1602
ord6633
ord19474
ord16078
ord14149
ord6728
ord6025
ord20557
ord6079
ord17448
ord19664
ord2746
ord5419
ord12203
ord13097
ord15637
ord2006
ord4193
ord2451
ord301
ord18036
ord3440
ord521
ord7150
ord7034
ord15827
ord14775
ord5480
ord4358
ord15124
ord5457
ord2030
ord16652
ord11222
ord9253
ord16604
ord2995
ord19033
ord9744
ord16467
ord4992
ord14233
ord13230
ord731
ord17233
ord2084
ord16845
ord13141
ord11423
ord16361
ord15201
ord19597
ord13919
ord19084
ord18078
ord9843
ord3631
ord198
ord13272
ord6688
ord14696
ord1557
ord6074
ord12572
ord18818
ord18025
ord5915
ord11586
ord17841
ord8531
ord15463
ord13216
ord17808
ord3030
ord17192
ord18546
ord8301
ord8320
ord11162
ord6085
ord15604
ord9413
ord3958
ord14716
ord10872
ord5236
ord14011
ord16529
ord3659
ord9377
ord18152
ord14798
ord15865
ord2595
ord11165
ord9467
ord5488
ord1551
ord17446
ord18698
ord17403
ord2292
ord9064
ord9903
ord920
ord5422
ord3210
ord7960
ord7504
ord13279
ord11728
ord10288
ord11440
ord10794
ord7270
ord11920
ord18504
ord7656
ord8233
ord16370
ord13276
ord10893
ord4587
ord13596
ord1655
ord621
ord17674
ord8516
ord2621
ord1815
ord11147
ord3066
ord18450
ord19178
ord20421
ord1854
ord5297
ord2392
ord7600
ord8953
ord13151
ord17381
ord10828
ord3506
ord19945
ord10917
ord18182
ord3469
ord19511
ord4618
ord13656
ord19819
ord2892
ord20543
ord940
ord19213
ord9448
ord16347
ord8486
ord448
ord19149
ord6511
ord425
ord19235
ord9996
ord3852
ord18216
ord1442
ord6540
ord6844
ord4974
ord7485
ord11450
ord17578
ord13709
ord6963
ord1545
ord9025
ord3716
ord13965

msvcr71

_controlfp
_onexit
__dllonexit
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_amsg_exit
_acmdln
exit
_cexit
_ismbblead
_XcptFilter
_exit
_c_exit
??1type_info@@UAE@XZ
_except_handler3
?terminate@@YAXXZ
??0exception@@QAE@ABV0@@Z
??1exception@@UAE@XZ
??0exception@@QAE@ABQBD@Z
?what@exception@@UBEPBDXZ
_callnewh
malloc
_wcsupr
fopen
memcmp
__CxxLongjmpUnwind
_setjmp3
_CxxThrowException
memset
memcpy
_purecall
strlen
__CxxFrameHandler
??_V@YAXPAX@Z
??3@YAXPAX@Z

Sections

.text
Size: 84KB - Virtual size: 83KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

CONST
Size: 4KB - Virtual size: 985B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

_TEXT
Size: 108KB - Virtual size: 107KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

xdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

text
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 352B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_DATA
Size: 4KB - Virtual size: 561B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
msgrkey.exe
.exe windows:4 windows x86 arch:x86

590a5293ee8dbff4d3509fbc07956466

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetVolumeInformationA
GetWindowsDirectoryA
InterlockedIncrement
GetLastError
GetCurrentThread
LoadLibraryA
GetProcAddress
InterlockedDecrement
GetCurrentProcess
FreeLibrary
GetModuleHandleA
GetStartupInfoA

advapi32

OpenProcessToken
GetTokenInformation
LookupAccountSidA
OpenThreadToken

pk80

ord10893
ord4587
ord13596
ord18971
ord1655
ord621
ord8486
ord5163
ord7150
ord15827
ord19577
ord1854
ord9647
ord6963
ord15171
ord19385
ord3803
ord12897
ord6540
ord20557
ord6025
ord6079
ord17448
ord2746
ord19664
ord12203
ord4193
ord2451
ord301
ord2006
ord13097
ord15637
ord5419
ord18036
ord14775
ord3583
ord9843
ord3631
ord198
ord13272
ord6688
ord1545
ord1557
ord6074
ord12572
ord18818
ord18847
ord19301
ord19235
ord11586
ord14606
ord3030
ord17192
ord18546
ord8301
ord8320
ord7083
ord6085
ord15604
ord9413
ord8316
ord13938
ord10872
ord16529
ord3659
ord9377
ord18152
ord14798
ord15865
ord2595
ord11165
ord5853
ord1172
ord18025
ord17446
ord18698
ord16652
ord17403
ord2292
ord9064
ord9903
ord920
ord7504
ord13279
ord2392
ord16361
ord5488
ord14486
ord1551
ord15201
ord19597
ord11423
ord7413
ord8677
ord8819
ord12446
ord20254
ord3210
ord7960
ord11728
ord11440
ord10794
ord7270
ord11920
ord18504
ord7870
ord10282
ord546
ord6844
ord1901
ord7691
ord1415
ord7485
ord19153
ord17745
ord9421
ord9025
ord7034
ord16604
ord2995
ord15465
ord19945
ord19078
ord15107
ord6367
ord12362
ord4974
ord4258
ord7356
ord10834
ord4825
ord808
ord16538
ord11605
ord12779
ord8923
ord521
ord13903
ord8953
ord14696
ord1442
ord11450
ord17578
ord9253
ord15124
ord4298
ord3440
ord13709
ord14149
ord17381
ord448
ord19149
ord6511
ord11162
ord425
ord3716
ord5915

msvcr71

_controlfp
_onexit
__dllonexit
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_amsg_exit
_acmdln
exit
_cexit
_ismbblead
_XcptFilter
_exit
_c_exit
_except_handler3
?terminate@@YAXXZ
??1type_info@@UAE@XZ
??0exception@@QAE@ABV0@@Z
??1exception@@UAE@XZ
??0exception@@QAE@ABQBD@Z
?what@exception@@UBEPBDXZ
_callnewh
malloc
__CxxLongjmpUnwind
_setjmp3
strcmp
sqrt
sin
cos
tan
memcmp
memcpy
memset
_purecall
strlen
??_V@YAXPAX@Z
_CxxThrowException
__CxxFrameHandler
??3@YAXPAX@Z

Sections

.text
Size: 72KB - Virtual size: 71KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 500B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
msvcr71.dll
.dll windows:4 windows x86 arch:x86

7acc8c379c768a1ecd81ec502ff5f33e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

msvcr71.pdb

Imports

kernel32

GetModuleFileNameA
GetModuleFileNameW
ExitProcess
GetProcAddress
GetModuleHandleA
TerminateProcess
GetCurrentProcess
WriteFile
GetStdHandle
GetCurrentThreadId
GetCommandLineA
GetVersionExA
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
ExitThread
CloseHandle
GetLastError
ResumeThread
CreateThread
TlsAlloc
SetLastError
GetCurrentThread
TlsFree
TlsSetValue
TlsGetValue
FindNextFileA
FindFirstFileA
FindClose
FindNextFileW
FindFirstFileW
HeapAlloc
HeapFree
GetEnvironmentVariableA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
IsBadWritePtr
SetHandleCount
GetFileType
GetStartupInfoA
GetACP
GetOEMCP
GetCPInfo
LoadLibraryA
MultiByteToWideChar
GetCommandLineW
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
InitializeCriticalSection
RtlUnwind
UnhandledExceptionFilter
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
SetConsoleCtrlHandler
InterlockedExchange
VirtualQuery
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
SetEnvironmentVariableA
SetEnvironmentVariableW
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
IsValidCodePage
GetLocaleInfoW
GetTimeFormatA
GetDateFormatA
GetTimeZoneInformation
HeapSize
VirtualProtect
GetSystemInfo
FlushFileBuffers
SetFilePointer
SetStdHandle
CompareStringA
CompareStringW
Sleep
Beep
FileTimeToSystemTime
FileTimeToLocalFileTime
GetDiskFreeSpaceA
GetLogicalDrives
SetErrorMode
GetFileAttributesA
GetCurrentDirectoryA
SetCurrentDirectoryA
SetFileAttributesA
GetFullPathNameA
GetDriveTypeA
CreateDirectoryA
RemoveDirectoryA
DeleteFileA
GetFileAttributesW
GetCurrentDirectoryW
SetCurrentDirectoryW
SetFileAttributesW
GetFullPathNameW
CreateDirectoryW
DeleteFileW
MoveFileW
RemoveDirectoryW
GetDriveTypeW
MoveFileA
RaiseException
IsBadReadPtr
SetUnhandledExceptionFilter
IsBadCodePtr
GetExitCodeProcess
WaitForSingleObject
FreeLibrary
CreateProcessA
CreateProcessW
HeapValidate
HeapCompact
HeapWalk
ReadConsoleA
SetConsoleMode
GetConsoleMode
IsDBCSLeadByteEx
GetConsoleCP
ReadConsoleW
SetEndOfFile
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
DuplicateHandle
GetFileInformationByHandle
PeekNamedPipe
ReadConsoleInputA
PeekConsoleInputA
GetNumberOfConsoleInputEvents
ReadConsoleInputW
LockFile
UnlockFile
CreateFileA
CreatePipe
ReadFile
CreateFileW
SetFileTime
LocalFileTimeToFileTime
SystemTimeToFileTime
GetLocalTime
SetLocalTime

Exports

Exports

$I10_OUTPUT
??0__non_rtti_object@@QAE@ABV0@@Z
??0__non_rtti_object@@QAE@PBD@Z
??0bad_cast@@AAE@PBQBD@Z
??0bad_cast@@QAE@ABQBD@Z
??0bad_cast@@QAE@ABV0@@Z
??0bad_cast@@QAE@PBD@Z
??0bad_typeid@@QAE@ABV0@@Z
??0bad_typeid@@QAE@PBD@Z
??0exception@@QAE@ABQBD@Z
??0exception@@QAE@ABV0@@Z
??0exception@@QAE@XZ
??1__non_rtti_object@@UAE@XZ
??1bad_cast@@UAE@XZ
??1bad_typeid@@UAE@XZ
??1exception@@UAE@XZ
??1type_info@@UAE@XZ
??2@YAPAXI@Z
??3@YAXPAX@Z
??4__non_rtti_object@@QAEAAV0@ABV0@@Z
??4bad_cast@@QAEAAV0@ABV0@@Z
??4bad_typeid@@QAEAAV0@ABV0@@Z
??4exception@@QAEAAV0@ABV0@@Z
??8type_info@@QBEHABV0@@Z
??9type_info@@QBEHABV0@@Z
??_7__non_rtti_object@@6B@
??_7bad_cast@@6B@
??_7bad_typeid@@6B@
??_7exception@@6B@
??_Fbad_cast@@QAEXXZ
??_Fbad_typeid@@QAEXXZ
??_U@YAPAXI@Z
??_V@YAXPAX@Z
?_query_new_handler@@YAP6AHI@ZXZ
?_query_new_mode@@YAHXZ
?_set_new_handler@@YAP6AHI@ZP6AHI@Z@Z
?_set_new_mode@@YAHH@Z
?_set_se_translator@@YAP6AXIPAU_EXCEPTION_POINTERS@@@ZP6AXI0@Z@Z
?before@type_info@@QBEHABV1@@Z
?name@type_info@@QBEPBDXZ
?raw_name@type_info@@QBEPBDXZ
?set_new_handler@@YAP6AXXZP6AXXZ@Z
?set_terminate@@YAP6AXXZP6AXXZ@Z
?set_unexpected@@YAP6AXXZP6AXXZ@Z
?swprintf@@YAHPAGIPBGZZ
?swprintf@@YAHPA_WIPB_WZZ
?terminate@@YAXXZ
?unexpected@@YAXXZ
?vswprintf@@YAHPAGIPBGPAD@Z
?vswprintf@@YAHPA_WIPB_WPAD@Z
?what@exception@@UBEPBDXZ
_CIacos
_CIasin
_CIatan
_CIatan2
_CIcos
_CIcosh
_CIexp
_CIfmod
_CIlog
_CIlog10
_CIpow
_CIsin
_CIsinh
_CIsqrt
_CItan
_CItanh
_CRT_RTC_INIT
_CxxThrowException
_EH_prolog
_Getdays
_Getmonths
_Gettnames
_HUGE
_Strftime
_XcptFilter
__CppXcptFilter
__CxxCallUnwindDtor
__CxxCallUnwindVecDtor
__CxxDetectRethrow
__CxxExceptionFilter
__CxxFrameHandler
__CxxLongjmpUnwind
__CxxQueryExceptionSize
__CxxRegisterExceptionObject
__CxxUnregisterExceptionObject
__DestructExceptionObject
__RTCastToVoid
__RTDynamicCast
__RTtypeid
__STRINGTOLD
___lc_codepage_func
___lc_collate_cp_func
___lc_handle_func
___mb_cur_max_func
___setlc_active_func
___unguarded_readlc_active_add_func
__argc
__argv
__badioinfo
__buffer_overrun
__crtCompareStringA
__crtCompareStringW
__crtGetLocaleInfoW
__crtGetStringTypeW
__crtLCMapStringA
__crtLCMapStringW
__dllonexit
__doserrno
__fpecode
__getmainargs
__initenv
__iob_func
__isascii
__iscsym
__iscsymf
__lc_clike
__lc_codepage
__lc_collate_cp
__lc_handle
__lconv_init
__mb_cur_max
__p___argc
__p___argv
__p___initenv
__p___mb_cur_max
__p___wargv
__p___winitenv
__p__acmdln
__p__amblksiz
__p__commode
__p__daylight
__p__dstbias
__p__environ
__p__fileinfo
__p__fmode
__p__iob
__p__mbcasemap
__p__mbctype
__p__osver
__p__pctype
__p__pgmptr
__p__pwctype
__p__timezone
__p__tzname
__p__wcmdln
__p__wenviron
__p__winmajor
__p__winminor
__p__winver
__p__wpgmptr
__pctype_func
__pioinfo
__pwctype_func
__pxcptinfoptrs
__security_error_handler
__set_app_type
__set_buffer_overrun_handler
__setlc_active
__setusermatherr
__threadhandle
__threadid
__toascii
__unDName
__unDNameEx
__uncaught_exception
__unguarded_readlc_active
__wargv
__wcserror
__wgetmainargs
__winitenv
_abnormal_termination
_access
_acmdln
_adj_fdiv_m16i
_adj_fdiv_m32
_adj_fdiv_m32i
_adj_fdiv_m64
_adj_fdiv_r
_adj_fdivr_m16i
_adj_fdivr_m32
_adj_fdivr_m32i
_adj_fdivr_m64
_adj_fpatan
_adj_fprem
_adj_fprem1
_adj_fptan
_adjust_fdiv
_aexit_rtn
_aligned_free
_aligned_malloc
_aligned_offset_malloc
_aligned_offset_realloc
_aligned_realloc
_amsg_exit
_assert
_atodbl
_atoi64
_atoldbl
_beep
_beginthread
_beginthreadex
_c_exit
_cabs
_callnewh
_cexit
_cgets
_cgetws
_chdir
_chdrive
_chgsign
_chkesp
_chmod
_chsize
_clearfp
_close
_commit
_commode
_control87
_controlfp
_copysign
_cprintf
_cputs
_cputws
_creat
_cscanf
_ctime64
_cwait
_cwprintf
_cwscanf
_daylight
_dstbias
_dup
_dup2
_ecvt
_endthread
_endthreadex
_environ
_eof
_errno
_except_handler2
_except_handler3
_execl
_execle
_execlp
_execlpe
_execv
_execve
_execvp
_execvpe
_exit
_expand
_fcloseall
_fcvt
_fdopen
_fgetchar
_fgetwchar
_filbuf
_fileinfo
_filelength
_filelengthi64
_fileno
_findclose
_findfirst
_findfirst64
_findfirsti64
_findnext
_findnext64
_findnexti64
_finite
_flsbuf
_flushall
_fmode
_fpclass
_fpieee_flt
_fpreset
_fputchar
_fputwchar
_fsopen
_fstat
_fstat64
_fstati64
_ftime
_ftime64
_ftol
_fullpath
_futime
_futime64
_gcvt
_get_heap_handle
_get_osfhandle
_get_sbh_threshold
_getch
_getche
_getcwd
_getdcwd
_getdiskfree
_getdllprocaddr
_getdrive
_getdrives
_getmaxstdio
_getmbcp
_getpid
_getsystime
_getw
_getwch
_getwche
_getws
_global_unwind2
_gmtime64
_heapadd
_heapchk
_heapmin
_heapset
_heapused
_heapwalk
_hypot
_i64toa
_i64tow
_initterm
_inp
_inpd
_inpw
_iob
_isatty
_isctype
_ismbbalnum
_ismbbalpha
_ismbbgraph
_ismbbkalnum
_ismbbkana
_ismbbkprint
_ismbbkpunct
_ismbblead
_ismbbprint
_ismbbpunct
_ismbbtrail
_ismbcalnum
_ismbcalpha
_ismbcdigit
_ismbcgraph
_ismbchira
_ismbckata
_ismbcl0
_ismbcl1
_ismbcl2
_ismbclegal
_ismbclower
_ismbcprint
_ismbcpunct
_ismbcspace
_ismbcsymbol
_ismbcupper
_ismbslead
_ismbstrail
_isnan
_itoa
_itow
_j0
_j1
_jn
_kbhit
_lfind
_loaddll
_local_unwind2
_localtime64
_lock
_locking
_logb
_longjmpex
_lrotl
_lrotr
_lsearch
_lseek
_lseeki64
_ltoa
_ltow
_makepath
_mbbtombc
_mbbtype
_mbcasemap
_mbccpy
_mbcjistojms
_mbcjmstojis
_mbclen
_mbctohira
_mbctokata
_mbctolower
_mbctombb
_mbctoupper
_mbctype
_mbsbtype
_mbscat
_mbschr
_mbscmp
_mbscoll
_mbscpy
_mbscspn
_mbsdec
_mbsdup
_mbsicmp
_mbsicoll
_mbsinc
_mbslen
_mbslwr
_mbsnbcat
_mbsnbcmp
_mbsnbcnt
_mbsnbcoll
_mbsnbcpy
_mbsnbicmp
_mbsnbicoll
_mbsnbset
_mbsncat
_mbsnccnt
_mbsncmp
_mbsncoll
_mbsncpy
_mbsnextc
_mbsnicmp
_mbsnicoll
_mbsninc
_mbsnset
_mbspbrk
_mbsrchr
_mbsrev
_mbsset
_mbsspn
_mbsspnp
_mbsstr
_mbstok
_mbstrlen
_mbsupr
_memccpy
_memicmp
_mkdir
_mktemp
_mktime64
_msize
_nextafter
_onexit
_open
_open_osfhandle
_osplatform
_osver
_outp
_outpd
_outpw
_pclose
_pctype
_pgmptr
_pipe
_popen
_purecall
_putch
_putenv
_putw
_putwch
_putws
_pwctype
_read
_resetstkoflw
_rmdir
_rmtmp
_rotl
_rotr
_safe_fdiv
_safe_fdivr
_safe_fprem
_safe_fprem1
_scalb
_scprintf
_scwprintf
_searchenv
_seh_longjmp_unwind
_set_SSE2_enable
_set_error_mode
_set_purecall_handler
_set_sbh_threshold
_set_security_error_handler
_seterrormode
_setjmp
_setjmp3
_setmaxstdio
_setmbcp
_setmode
_setsystime
_sleep
_snprintf
_snscanf
_snwprintf
_snwscanf
_sopen
_spawnl
_spawnle
_spawnlp
_spawnlpe
_spawnv
_spawnve
_spawnvp

Sections

.text
Size: 228KB - Virtual size: 226KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 68KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 952B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
myobkey.exe
.exe windows:4 windows x86 arch:x86

3aa2084f5eabe82750338f0678e13b56

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

InterlockedDecrement
InterlockedIncrement
GetModuleHandleA
GetStartupInfoA

pk80

ord198
ord13272
ord6688
ord1545
ord1557
ord6074
ord12572
ord18818
ord18847
ord18025
ord19301
ord5915
ord11586
ord14606
ord3030
ord17192
ord18546
ord8301
ord8320
ord11162
ord6085
ord15604
ord9413
ord13938
ord10872
ord8316
ord20254
ord3210
ord19385
ord3803
ord12897
ord20557
ord6025
ord6079
ord2746
ord19664
ord12203
ord4193
ord2451
ord301
ord2006
ord13097
ord14149
ord3631
ord18036
ord3440
ord14775
ord16529
ord3659
ord9377
ord18152
ord14798
ord15865
ord2595
ord11165
ord2392
ord5488
ord1551
ord7960
ord16361
ord7504
ord13279
ord11728
ord11440
ord10794
ord15201
ord19597
ord11423
ord7270
ord11920
ord18504
ord17446
ord18698
ord16652
ord17403
ord2292
ord9064
ord9903
ord920
ord19945
ord15845
ord4117
ord2779
ord1391
ord6078
ord1854
ord2030
ord9843
ord3583
ord20141
ord17448
ord17381
ord6275
ord425
ord6511
ord448
ord19149
ord16538
ord808
ord3041
ord11605
ord12779
ord8923
ord9025
ord5297
ord1806
ord2621
ord1442
ord4974
ord9421
ord18474
ord19235
ord10534
ord2995
ord16604
ord4258
ord9253
ord15124
ord15827
ord7034
ord7150
ord521
ord11450
ord17578
ord5419
ord13709
ord3716
ord15637

msvcr71

_controlfp
_onexit
__dllonexit
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_amsg_exit
_acmdln
exit
_cexit
_ismbblead
_XcptFilter
_exit
_c_exit
??1type_info@@UAE@XZ
_except_handler3
?terminate@@YAXXZ
??0exception@@QAE@ABV0@@Z
??1exception@@UAE@XZ
??0exception@@QAE@ABQBD@Z
?what@exception@@UBEPBDXZ
_callnewh
malloc
memcpy
__CxxLongjmpUnwind
_setjmp3
strlen
_CxxThrowException
_purecall
memcmp
islower
??_V@YAXPAX@Z
__CxxFrameHandler
??3@YAXPAX@Z

Sections

.text
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

CONST
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

_TEXT
Size: 140KB - Virtual size: 139KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

xdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

text
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 192B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_DATA
Size: 4KB - Virtual size: 284B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
nckey.exe
.exe windows:4 windows x86 arch:x86

2444c429380e1fdd78ed9a6b3bfa108f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

rasapi32

RasEnumEntriesA

kernel32

GetProcAddress
GetStartupInfoA
InterlockedDecrement
FreeLibrary
InterlockedExchange
GetModuleHandleA
LoadLibraryA
InterlockedIncrement
GetEnvironmentVariableA
GetPrivateProfileStringA

user32

PostMessageA

pk80

ord6122
ord521
ord6469
ord16938
ord18091
ord246
ord12234
ord4924
ord10893
ord17816
ord4641
ord19327
ord621
ord3917
ord490
ord16069
ord14415
ord16604
ord7034
ord17578
ord4974
ord6728
ord7150
ord15827
ord2536
ord6180
ord2995
ord1854
ord7413
ord3803
ord19385
ord12897
ord11450
ord6025
ord20557
ord6079
ord17448
ord19664
ord2746
ord5419
ord12203
ord13097
ord15637
ord2006
ord4193
ord2451
ord301
ord18036
ord3440
ord14775
ord9843
ord3583
ord11586
ord9085
ord19301
ord18025
ord18847
ord18818
ord12572
ord6074
ord1557
ord1545
ord13938
ord8316
ord6688
ord13272
ord198
ord3631
ord9413
ord15604
ord6085
ord11162
ord8320
ord8301
ord18546
ord17192
ord3030
ord14606
ord5664
ord16529
ord3659
ord9377
ord18152
ord14798
ord15865
ord2595
ord11165
ord9903
ord17446
ord9064
ord18698
ord2292
ord17403
ord920
ord16652
ord1704
ord15171
ord5488
ord1551
ord2392
ord4216
ord4094
ord13806
ord20244
ord3210
ord20254
ord12446
ord2384
ord11423
ord16361
ord15201
ord13279
ord11440
ord10794
ord11728
ord18504
ord7960
ord7270
ord11920
ord7504
ord19597
ord14830
ord17292
ord6356
ord17381
ord17637
ord1508
ord9170
ord14066
ord13473
ord11021
ord7083
ord7594
ord13841
ord10713
ord934
ord8112
ord7188
ord15387
ord12110
ord9087
ord19945
ord425
ord6511
ord448
ord19235
ord13919
ord5480
ord11961
ord9025
ord16736
ord13387
ord19149
ord13709
ord14149
ord3716
ord10872
ord4537
ord5915

msvcr71

_access
??_V@YAXPAX@Z
_controlfp
_onexit
__dllonexit
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_amsg_exit
_acmdln
exit
_cexit
_ismbblead
_XcptFilter
_exit
_c_exit
??1type_info@@UAE@XZ
_except_handler3
?terminate@@YAXXZ
??0exception@@QAE@ABV0@@Z
??1exception@@UAE@XZ
??0exception@@QAE@ABQBD@Z
?what@exception@@UBEPBDXZ
_callnewh
malloc
_setjmp3
__CxxLongjmpUnwind
memcpy
_purecall
_CxxThrowException
__CxxFrameHandler
??3@YAXPAX@Z

Sections

.text
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

CONST
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

_TEXT
Size: 264KB - Virtual size: 260KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

xdata
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

text
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 424B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_DATA
Size: 4KB - Virtual size: 654B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
oekey.exe
.exe windows:4 windows x86 arch:x86

6666c6f432c73086f1f3e676a4c2a093

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

InterlockedDecrement
InterlockedIncrement
GetModuleHandleA
GetStartupInfoA

user32

PostMessageA
GetKeyState

pk80

ord301
ord15637
ord20557
ord6025
ord6079
ord12203
ord2006
ord13097
ord5419
ord2746
ord19664
ord18036
ord7150
ord15827
ord3583
ord9843
ord3631
ord198
ord13272
ord6688
ord1545
ord1557
ord6074
ord12572
ord18818
ord18847
ord18025
ord19301
ord5915
ord11586
ord14606
ord3030
ord17192
ord18546
ord8320
ord11162
ord6085
ord15604
ord9413
ord8316
ord10872
ord20254
ord2476
ord2451
ord14775
ord16529
ord4193
ord9377
ord18152
ord14798
ord15865
ord2595
ord11165
ord17000
ord15171
ord1704
ord16856
ord14040
ord12446
ord3210
ord7960
ord16361
ord5488
ord7504
ord13279
ord11728
ord11440
ord10794
ord1551
ord15201
ord19597
ord11423
ord7270
ord11920
ord18504
ord8516
ord18698
ord2995
ord17403
ord2292
ord4749
ord2758
ord7413
ord4974
ord2536
ord15610
ord11450
ord6844
ord16781
ord2093
ord19109
ord4298
ord8882
ord14149
ord5619
ord6275
ord11957
ord3440
ord9282
ord14696
ord17292
ord9085
ord4537
ord13839
ord19624
ord14830
ord2392
ord7034
ord16604
ord17448
ord1854
ord17381
ord19945
ord16515
ord8953
ord3983
ord4798
ord19985
ord448
ord19149
ord6511
ord425
ord19235
ord12897
ord3803
ord19385
ord6963
ord13709
ord9025
ord17578
ord3716
ord3659
ord13938

msvcr71

_c_exit
_controlfp
_onexit
__dllonexit
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_amsg_exit
_acmdln
exit
_cexit
_ismbblead
_XcptFilter
_exit
??3@YAXPAX@Z
??1type_info@@UAE@XZ
_except_handler3
?terminate@@YAXXZ
??0exception@@QAE@ABV0@@Z
??1exception@@UAE@XZ
??0exception@@QAE@ABQBD@Z
?what@exception@@UBEPBDXZ
_callnewh
malloc
strlen
__CxxLongjmpUnwind
_setjmp3
memcpy
_purecall
_CxxThrowException
strcmp
__CxxFrameHandler
??_V@YAXPAX@Z

Sections

.text
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 428B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
offkey.exe
.exe windows:4 windows x86 arch:x86

9b6c8733f052ff01c3bbb0e5fcac65b3

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleHandleA
GetStartupInfoA
LoadLibraryA
GetProcAddress
FreeLibrary
InterlockedExchange
InterlockedIncrement
InterlockedDecrement

user32

PostMessageA

advapi32

CryptReleaseContext
CryptDeriveKey
CryptEncrypt
CryptDecrypt
CryptDestroyKey
CryptGetHashParam
CryptHashData
CryptDestroyHash
CryptCreateHash
CryptAcquireContextA

pk80

ord13709
ord19456
ord8953
ord19945
ord8112
ord9421
ord9087
ord12110
ord7413
ord3440
ord18292
ord2536
ord19634
ord13509
ord8078
ord408
ord10585
ord13849
ord2510
ord5893
ord20557
ord6025
ord6079
ord2746
ord19664
ord12203
ord4193
ord2451
ord301
ord2006
ord13097
ord15637
ord5419
ord18036
ord1470
ord14775
ord2621
ord4258
ord4358
ord16361
ord5488
ord7504
ord13279
ord5457
ord1551
ord15201
ord15870
ord11423
ord17165
ord4812
ord19351
ord6687
ord3437
ord6713
ord1815
ord8516
ord2168
ord15610
ord19407
ord6958
ord7843
ord19012
ord10762
ord8923
ord12779
ord11605
ord3041
ord8878
ord2382
ord19110
ord19399
ord12087
ord6794
ord2196
ord9470
ord2418
ord16700
ord20311
ord1524
ord12144
ord20141
ord11958
ord18474
ord1063
ord13867
ord11961
ord12731
ord2345
ord11803
ord15647
ord14157
ord2092
ord20000
ord5671
ord15208
ord20383
ord4377
ord10483
ord15387
ord4083
ord17163
ord10534
ord11759
ord19119
ord19849
ord4298
ord14592
ord18582
ord5018
ord14202
ord20358
ord4079
ord9068
ord3308
ord6554
ord10893
ord4587
ord18971
ord1655
ord621
ord6562
ord12407
ord2117
ord8561
ord14861
ord16552
ord17745
ord20359
ord18250
ord2447
ord4853
ord115
ord7588
ord12673
ord19821
ord2101
ord16652
ord3650
ord5200
ord10201
ord15845
ord4771
ord20142
ord262
ord3395
ord8758
ord10455
ord8276
ord17850
ord13707
ord12076
ord12649
ord4094
ord834
ord20022
ord14151
ord19597
ord2132
ord4918
ord13919
ord7682
ord11359
ord17364
ord3550
ord10060
ord15896
ord3829
ord15920
ord14109
ord9029
ord13473
ord5447
ord13770
ord19879
ord7958
ord402
ord3528
ord3796
ord471
ord16538
ord808
ord7656
ord13276
ord8233
ord16370
ord2568
ord6275
ord7083
ord16213
ord19084
ord19569
ord5474
ord19656
ord18458
ord16640
ord351
ord5297
ord2511
ord15207
ord8882
ord6963
ord13839
ord14830
ord17292
ord9085
ord4537
ord16781
ord2093
ord19109
ord16515
ord9282
ord11957
ord3852
ord16347
ord9448
ord19213
ord940
ord11462
ord20543
ord2892
ord19819
ord13656
ord4618
ord19511
ord3469
ord18182
ord10917
ord3506
ord10828
ord13151
ord7600
ord294
ord5262
ord6231
ord17202
ord20393
ord15221
ord16626
ord5908
ord14819
ord11369
ord9984
ord1115
ord6818
ord3817
ord1602
ord6633
ord19474
ord16078
ord3526
ord3017
ord9843
ord3631
ord198
ord13272
ord6688
ord1545
ord1557
ord6074
ord12572
ord18818
ord18025
ord5915
ord11586
ord17841
ord8531
ord13216
ord17808
ord3030
ord17192
ord18546
ord8301
ord8320
ord11162
ord6085
ord15604
ord9413
ord3958
ord14716
ord18478
ord10556
ord15848
ord16710
ord9373
ord10326
ord18010
ord17726
ord17446
ord9903
ord5236
ord14011
ord16529
ord3659
ord9377
ord18152
ord14798
ord15865
ord2595
ord11165
ord9467
ord10872
ord15171
ord1704
ord15463
ord8470
ord11864
ord420
ord9223
ord19820
ord9428
ord13020
ord2608
ord12446
ord6361
ord5422
ord3210
ord7960
ord11728
ord8543
ord10288
ord11440
ord10794
ord7270
ord11920
ord18504
ord9064
ord920
ord18698
ord17403
ord2292
ord2758
ord4749
ord14023
ord13596
ord16516
ord4680
ord4709
ord16304
ord6427
ord6609
ord19032
ord11808
ord16634
ord15268
ord17381
ord2995
ord17233
ord731
ord1854
ord2030
ord20421
ord19178
ord13141
ord16845
ord2084
ord18450
ord16604
ord17448
ord2392
ord13230
ord14233
ord4992
ord16467
ord9744
ord19033
ord5480
ord17674
ord3066
ord11147
ord9996
ord15827
ord7034
ord7150
ord521
ord6540
ord14696
ord12897
ord19385
ord3803
ord425
ord6511
ord448
ord19235
ord19149
ord5965
ord9253
ord15124
ord1442
ord6844
ord7485
ord4974
ord6728
ord11450
ord14149
ord9025
ord18078
ord18216
ord17578
ord3716
ord5118
ord13965
ord4177

msvcr71

_controlfp
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_amsg_exit
_acmdln
exit
_cexit
_ismbblead
_XcptFilter
_exit
_c_exit
_onexit
__dllonexit
??1type_info@@UAE@XZ
_except_handler3
?terminate@@YAXXZ
??0exception@@QAE@ABV0@@Z
??1exception@@UAE@XZ
??0exception@@QAE@ABQBD@Z
?what@exception@@UBEPBDXZ
_callnewh
malloc
strchr
isdigit
isupper
memmove
strtoul
isxdigit
sprintf
rand
srand
_mktemp
_strupr
wcscmp
_stricmp
strcmp
memcmp
_setjmp3
__CxxLongjmpUnwind
fopen
_purecall
wcslen
memset
memcpy
_CxxThrowException
strlen
__CxxFrameHandler
??_V@YAXPAX@Z
??3@YAXPAX@Z
_access

Sections

.text
Size: 156KB - Virtual size: 155KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

CONST
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

_TEXT
Size: 908KB - Virtual size: 905KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

xdata
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

text
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

_BSS
Size: - Virtual size: 48B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 560KB - Virtual size: 556KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1000B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_DATA
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 32KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
onkey.exe
.exe windows:4 windows x86 arch:x86

324d1986d39c15f16ea0cf9320766200

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

InterlockedIncrement
InterlockedDecrement
GetModuleHandleA
GetStartupInfoA

advapi32

CryptImportKey
CryptDeriveKey
CryptDestroyHash
CryptAcquireContextA
CryptReleaseContext
CryptDestroyKey
CryptDuplicateKey
CryptCreateHash
CryptHashData

pk80

ord9996
ord16604
ord13709
ord9843
ord3631
ord198
ord13272
ord6688
ord1545
ord1557
ord6074
ord12572
ord18818
ord18025
ord5915
ord11586
ord17841
ord8531
ord15463
ord13216
ord17808
ord3030
ord17192
ord18546
ord8301
ord8320
ord11162
ord6085
ord15604
ord9413
ord3958
ord14716
ord10872
ord5236
ord14011
ord16529
ord3659
ord9377
ord18152
ord14798
ord15865
ord2595
ord11165
ord9467
ord17446
ord18698
ord16652
ord17403
ord2292
ord9064
ord9903
ord920
ord5488
ord1551
ord5422
ord3210
ord7960
ord7504
ord6511
ord448
ord13279
ord11728
ord18078
ord11440
ord10794
ord7270
ord11920
ord18504
ord2030
ord17578
ord11450
ord6844
ord6540
ord18216
ord3852
ord16347
ord425
ord10917
ord3506
ord10828
ord2995
ord1854
ord9448
ord19213
ord940
ord11462
ord20543
ord2892
ord19819
ord13656
ord4618
ord19511
ord3469
ord18182
ord13151
ord8953
ord7600
ord14696
ord294
ord5262
ord6231
ord17202
ord20393
ord15221
ord16626
ord5908
ord14819
ord11369
ord9984
ord1115
ord7083
ord6818
ord3817
ord1602
ord6633
ord19474
ord16078
ord521
ord8923
ord12779
ord11605
ord3041
ord8878
ord2382
ord19110
ord19399
ord8233
ord16370
ord13276
ord7656
ord4974
ord12447
ord17674
ord14375
ord2621
ord1815
ord8516
ord11423
ord19597
ord15201
ord19945
ord19235
ord731
ord2084
ord13141
ord16845
ord17233
ord16361
ord2392
ord14775
ord7034
ord15827
ord7150
ord3440
ord18036
ord5419
ord15637
ord13097
ord2006
ord301
ord2451
ord4193
ord14149
ord12203
ord19149
ord19664
ord2746
ord17381
ord17448
ord6079
ord6025
ord20557
ord12897
ord3803
ord9025
ord19385
ord3716
ord10288

msvcr71

_controlfp
_onexit
__dllonexit
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_amsg_exit
_acmdln
exit
_cexit
_ismbblead
_XcptFilter
_exit
_c_exit
??1type_info@@UAE@XZ
_except_handler3
?terminate@@YAXXZ
??0exception@@QAE@ABV0@@Z
??1exception@@UAE@XZ
??0exception@@QAE@ABQBD@Z
?what@exception@@UBEPBDXZ
_callnewh
malloc
memmove
memcmp
memcpy
strlen
_CxxThrowException
__CxxLongjmpUnwind
_setjmp3
_purecall
__CxxFrameHandler
??_V@YAXPAX@Z
??3@YAXPAX@Z

Sections

.text
Size: 32KB - Virtual size: 29KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

CONST
Size: 4KB - Virtual size: 893B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

_TEXT
Size: 88KB - Virtual size: 84KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

xdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

text
Size: 4KB - Virtual size: 630B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 352B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_DATA
Size: 4KB - Virtual size: 186B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
orgkey.exe
.exe windows:4 windows x86 arch:x86

36955c89c05357e24da1410306f29d20

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

InterlockedDecrement
InterlockedIncrement
GetModuleHandleA
GetStartupInfoA

pk80

ord8301
ord8320
ord11162
ord6085
ord15604
ord9413
ord13938
ord10872
ord8316
ord20254
ord3210
ord19385
ord3803
ord12897
ord20557
ord6025
ord6079
ord17448
ord2746
ord19664
ord12203
ord14149
ord4193
ord2451
ord301
ord2006
ord13097
ord15637
ord5419
ord18036
ord3440
ord7150
ord9025
ord18546
ord16529
ord3659
ord9377
ord18152
ord14798
ord15865
ord2595
ord11165
ord2392
ord5488
ord1551
ord17446
ord18698
ord16652
ord17403
ord2292
ord9064
ord9903
ord920
ord7960
ord16361
ord7504
ord13279
ord11728
ord11440
ord10794
ord15201
ord19597
ord11423
ord7270
ord11920
ord18504
ord17192
ord3030
ord14606
ord11586
ord5915
ord19301
ord18025
ord18847
ord18818
ord12572
ord6074
ord1557
ord1545
ord6688
ord13272
ord198
ord3631
ord9843
ord3583
ord19945
ord5297
ord1806
ord425
ord6511
ord16604
ord448
ord19235
ord17381
ord19149
ord2621
ord7034
ord521
ord11450
ord17578
ord14775
ord13709
ord3716
ord15827

msvcr71

_controlfp
_onexit
__dllonexit
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_amsg_exit
_acmdln
exit
_cexit
_ismbblead
_XcptFilter
_exit
_c_exit
??1type_info@@UAE@XZ
_except_handler3
?terminate@@YAXXZ
??0exception@@QAE@ABV0@@Z
??1exception@@UAE@XZ
??0exception@@QAE@ABQBD@Z
?what@exception@@UBEPBDXZ
_callnewh
malloc
__CxxLongjmpUnwind
_setjmp3
memcpy
_CxxThrowException
_purecall
??_V@YAXPAX@Z
__CxxFrameHandler
??3@YAXPAX@Z

Sections

.text
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

CONST
Size: 1024B - Virtual size: 537B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

_TEXT
Size: 44KB - Virtual size: 44KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

xdata
Size: 1024B - Virtual size: 608B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

text
Size: 512B - Virtual size: 338B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_DATA
Size: 512B - Virtual size: 140B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
pdoxkey.exe
.exe windows:4 windows x86 arch:x86

9a25d538bfe2eb0df60ef30e22557bce

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

InterlockedDecrement
InterlockedIncrement
GetModuleHandleA
GetStartupInfoA

pk80

ord8320
ord11162
ord6085
ord15604
ord9413
ord13938
ord10872
ord8316
ord20254
ord3210
ord19385
ord3803
ord12897
ord20557
ord6025
ord6079
ord2746
ord19664
ord12203
ord4193
ord2451
ord301
ord2006
ord13097
ord15637
ord5419
ord18036
ord3440
ord7150
ord15827
ord7034
ord521
ord8301
ord3659
ord9377
ord18152
ord14798
ord15865
ord2595
ord11165
ord2392
ord5488
ord1551
ord16604
ord7960
ord16361
ord7504
ord13279
ord11728
ord11440
ord10794
ord15201
ord19597
ord11423
ord7270
ord11920
ord18504
ord17446
ord18698
ord16652
ord17403
ord2292
ord9064
ord9903
ord920
ord18546
ord17192
ord3030
ord14606
ord11586
ord5915
ord19301
ord18025
ord18847
ord18818
ord12572
ord6074
ord1557
ord1545
ord6688
ord13272
ord198
ord3631
ord9843
ord3583
ord17381
ord6958
ord14803
ord4765
ord17448
ord9253
ord7843
ord13709
ord14149
ord425
ord6511
ord6640
ord2030
ord5457
ord448
ord19235
ord16529
ord19149
ord3716
ord14775

msvcr71

_controlfp
_onexit
__dllonexit
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_amsg_exit
_acmdln
exit
_cexit
_ismbblead
_XcptFilter
_exit
_c_exit
??1type_info@@UAE@XZ
_except_handler3
?terminate@@YAXXZ
??0exception@@QAE@ABV0@@Z
??1exception@@UAE@XZ
??0exception@@QAE@ABQBD@Z
?what@exception@@UBEPBDXZ
_callnewh
malloc
__CxxLongjmpUnwind
_setjmp3
_purecall
strcpy
memcpy
_CxxThrowException
strlen
??_V@YAXPAX@Z
__CxxFrameHandler
??3@YAXPAX@Z

Sections

.text
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

CONST
Size: 512B - Virtual size: 245B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

_TEXT
Size: 35KB - Virtual size: 35KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

xdata
Size: 512B - Virtual size: 312B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

text
Size: 512B - Virtual size: 202B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 952B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_DATA
Size: 512B - Virtual size: 74B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
peachkey.exe
.exe windows:4 windows x86 arch:x86

131ccc5f947831f17ea373d1f2de8641

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

InterlockedDecrement
InterlockedIncrement
GetModuleHandleA
GetStartupInfoA

pk80

ord18546
ord8301
ord8320
ord11162
ord6085
ord15604
ord9413
ord13938
ord10872
ord8316
ord20254
ord3210
ord19385
ord3803
ord12897
ord20557
ord6025
ord6079
ord17448
ord2746
ord19664
ord12203
ord14149
ord4193
ord2451
ord301
ord2006
ord13097
ord15637
ord5419
ord18036
ord3440
ord7150
ord14696
ord17192
ord16529
ord3659
ord9377
ord18152
ord14798
ord15865
ord2595
ord11165
ord2392
ord5488
ord1551
ord18698
ord17446
ord16652
ord17403
ord2292
ord920
ord9903
ord9064
ord7960
ord16361
ord7504
ord13279
ord11728
ord7270
ord11440
ord10794
ord15201
ord19597
ord11423
ord18504
ord2030
ord1854
ord3030
ord14606
ord11586
ord5915
ord19301
ord18025
ord18847
ord18818
ord12572
ord6074
ord1557
ord1545
ord6688
ord13272
ord198
ord3631
ord9843
ord3583
ord9253
ord15124
ord13709
ord19945
ord17381
ord9025
ord2995
ord16604
ord7034
ord8953
ord4974
ord521
ord425
ord6511
ord448
ord19235
ord19149
ord9421
ord11450
ord14775
ord17578
ord3716
ord15827

msvcr71

_controlfp
_onexit
__dllonexit
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_amsg_exit
_acmdln
exit
_cexit
_ismbblead
_XcptFilter
_exit
_c_exit
??1type_info@@UAE@XZ
_except_handler3
?terminate@@YAXXZ
??0exception@@QAE@ABV0@@Z
??1exception@@UAE@XZ
??0exception@@QAE@ABQBD@Z
?what@exception@@UBEPBDXZ
_callnewh
malloc
_purecall
__CxxLongjmpUnwind
_setjmp3
memcmp
strlen
strcmp
memcpy
_CxxThrowException
??_V@YAXPAX@Z
__CxxFrameHandler
??3@YAXPAX@Z

Sections

.text
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

CONST
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

_TEXT
Size: 276KB - Virtual size: 275KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

xdata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

text
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_DATA
Size: 4KB - Virtual size: 528B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
pk.chm
.chm
pk80.dll
.dll windows:4 windows x86 arch:x86

03ec0b396636fc50248b65487feca2c6

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CreateFileA
LocalAlloc
lstrlenA
DisableThreadLibraryCalls
GetCurrentDirectoryA
GetWindowsDirectoryA
GlobalFree
GetFullPathNameA
GlobalMemoryStatus
SystemTimeToFileTime
GlobalLock
GlobalUnlock
ResumeThread
GetCurrentThread
SuspendThread
TerminateThread
TryEnterCriticalSection
WideCharToMultiByte
MulDiv
SetUnhandledExceptionFilter
VirtualQuery
InterlockedExchangeAdd
CreateEventA
ResetEvent
SetEvent
CreateThread
GetExitCodeThread
SetThreadPriority
FindResourceW
FormatMessageA
LocalFree
GetModuleFileNameW
SetFileAttributesW
GetFileAttributesExW
SetErrorMode
SetEndOfFile
FindFirstFileW
FindNextFileW
FindClose
GetDriveTypeW
GetSystemDirectoryA
Sleep
GetCurrentThreadId
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
ReleaseMutex
WaitForSingleObject
CloseHandle
CreateMutexA
GetVersionExA
MultiByteToWideChar
GetModuleFileNameA
TlsSetValue
TlsGetValue
TlsFree
TlsAlloc
SetLastError
InterlockedExchange
GetLastError
GetSystemTime
LoadResource
SizeofResource
LockResource
FindResourceA
LoadLibraryA
GetProcAddress
IsBadWritePtr
FreeLibrary
GetModuleHandleA
GetFileAttributesA
SetFileAttributesA
GetCurrentProcessId
InterlockedIncrement
GetLocalTime
CreateSemaphoreA
SignalObjectAndWait
ReleaseSemaphore
GlobalAlloc
InterlockedDecrement

msvcr71

_onexit
__dllonexit
??1type_info@@UAE@XZ
__CppXcptFilter
_adjust_fdiv
_initterm
_strcmpi
??3@YAXPAX@Z
??_V@YAXPAX@Z
__CxxFrameHandler
strcmp
strlen
_getpid
localtime
_CxxThrowException
_purecall
fclose
fread
fopen
memcpy
_setjmp3
__CxxLongjmpUnwind
_stat
atoi
exit
memmove
wcslen
strcpy
strchr
??1exception@@UAE@XZ
??0exception@@QAE@XZ
_except_handler3
?terminate@@YAXXZ
??0exception@@QAE@ABQBD@Z
?what@exception@@UBEPBDXZ
?_set_new_handler@@YAP6AHI@ZP6AHI@Z@Z
__uncaught_exception
_callnewh
abort
srand
rand
strtod
labs
clock
rename
_findfirst
_findnext
_findclose
remove
_chmod
_chdrive
time
_getdrive
_getcwd
_strnicmp
gmtime
wcscoll
_wcslwr
_wcsupr
_set_purecall_handler
_strlwr
_strupr
strstr
wcscspn
wcsspn
strcspn
strspn
_wputenv
wprintf
wcsftime
_vscwprintf
_vscprintf
iswdigit
_vsnwprintf
strerror
_wchdir
_wgetcwd
_wchmod
_wstati64
_wrmdir
_wmkdir
_wcreat
_close
_waccess
_wremove
iswalpha
_commit
_get_osfhandle
_getdrives
_wrename
_wutime
isdigit
_lseeki64
fgetpos
fsetpos
towupper
tolower
isspace
iswspace
strncmp
strtol
sprintf
strtoul
calloc
floor
??0exception@@QAE@ABV0@@Z
mbstowcs
memset
toupper
sscanf
_stricmp
memcmp
wcscmp
fseek
ftell
wcschr
pow
_lrotr
strtok
strftime
strncat
fgetc
isalnum
isalpha
iscntrl
isgraph
islower
ispunct
isupper
isxdigit
ceil
mblen
_atoi64
fabs
log
_creat
_mktemp
_rmdir
_chdir
_mkdir
_ftime
_fileno
_write
_open
_read
_access
memchr
_wgetenv
_wmktemp
towlower
fgets
vfprintf
_iob
puts
fprintf
fflush
_snprintf
fputc
fputs
_vsnprintf
printf
fwrite
getenv
strncpy
_errno
_wfopen
_wstat
_isnan
_fpclass
_CIpow
_chsize
_CIfmod
isprint
malloc
realloc
free

comctl32

InitCommonControlsEx
ImageList_GetIconSize
ImageList_Draw
ImageList_Create
ImageList_ReplaceIcon
ImageList_Destroy
PropertySheetA

ws2_32

shutdown
setsockopt
ntohl
accept
inet_addr
WSAGetLastError
gethostbyname
inet_ntoa
htonl
getservbyname
htons
gethostbyaddr
getservbyport
ntohs
WSACleanup
closesocket
select
send
recv
getsockopt
__WSAFDIsSet
connect
getsockname
bind
listen
WSAStartup
socket
ioctlsocket

user32

EndDialog
SetDlgItemTextA
CreatePopupMenu
CreateMenu
DestroyMenu
RemoveMenu
FillRect
CheckDlgButton
GetDlgItemInt
SetWindowsHookExA
OffsetRect
DialogBoxParamA
GetSysColorBrush
InflateRect
GetSysColor
CopyRect
DrawEdge
GetDC
GetParent
ReleaseDC
GetSystemMetrics
GetMenuItemCount
RegisterClassA
GetClassInfoA
SendDlgItemMessageA
ScreenToClient
GetDlgItem
GetWindowTextA
GetWindowTextLengthA
TrackPopupMenuEx
UnhookWindowsHookEx
GetActiveWindow
CallNextHookEx
MessageBeep
KillTimer
SetTimer
SetDlgItemInt
EnableWindow
MoveWindow
SystemParametersInfoA
SetRectEmpty
GetWindowThreadProcessId
FindWindowA
LoadIconA
LoadAcceleratorsA
MessageBoxA
GetKeyState
DialogBoxIndirectParamA
GetSystemMenu
EnableMenuItem
GetDlgItemTextA
SetFocus
UnregisterClassA
SetWindowPos
CreateCursor
SetClipboardData
OpenClipboard
EmptyClipboard
DrawTextA
CloseClipboard
InsertMenuItemA
GetMenuItemInfoA
GetWindowLongA
PostQuitMessage
SetWindowLongA
DefWindowProcA
GetClientRect
SetRect
InvalidateRect
DestroyWindow
GetMessageA
TranslateAcceleratorA
TranslateMessage
DispatchMessageA
RegisterWindowMessageA
SetWindowTextA
SetForegroundWindow
PostMessageA
SetMenu
GetDesktopWindow
ClientToScreen
BeginPaint
EndPaint
LoadBitmapA
ShowWindow
UpdateWindow
LoadCursorA
RegisterClassExA
LoadStringA
CreateWindowExA
GetWindowRect
IsWindow
SendMessageA
SetCursor

gdi32

PatBlt
GetObjectA
GetDeviceCaps
CreateSolidBrush
GetTextExtentPoint32A
GetStockObject
SetBkMode
CreateBitmap
DeleteObject
SetBkColor
SetTextColor
CreateFontIndirectA
CreateCompatibleDC
SelectObject
BitBlt
DeleteDC

comdlg32

GetOpenFileNameA
GetSaveFileNameA

advapi32

RegGetKeySecurity
RegOpenKeyExA
RegEnumKeyExW
RegEnumValueW
RegCreateKeyExW
RegSetValueExW
RegQueryInfoKeyW
RegOpenKeyExW
RegDeleteKeyW
RegDeleteValueW
RegQueryValueExW
CryptEncrypt
CryptGetHashParam
CryptDecrypt
CryptCreateHash
CryptHashData
CryptDeriveKey
CryptSetKeyParam
CryptDestroyHash
CryptAcquireContextA
CryptDestroyKey
CryptReleaseContext
RegCloseKey
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
RegSetKeySecurity
RegSetValueExA
RegQueryValueExA
RegQueryInfoKeyA
RegDeleteKeyA
RegDeleteValueA
RegFlushKey
RegCreateKeyExA
RegEnumValueA
RegEnumKeyExA

shell32

DragFinish
SHGetMalloc
DragQueryFileA
DragAcceptFiles
SHGetSpecialFolderLocation
SHGetPathFromIDListA
ShellExecuteA

ole32

CLSIDFromString
StgIsStorageFile
StgIsStorageILockBytes
CoTaskMemFree
CreateILockBytesOnHGlobal
StgOpenStorage
StgOpenStorageOnILockBytes
StgCreateDocfile
StgCreateDocfileOnILockBytes
CoInitialize
OleInitialize
OleUninitialize
CoUninitialize
CoCreateInstance
ReleaseStgMedium

oleaut32

GetErrorInfo
SafeArrayCreateVector
SafeArrayDestroyDescriptor
SafeArrayCreate
SafeArrayPutElement
VariantClear
SysAllocString
VariantInit
SysStringByteLen
SysAllocStringByteLen
SysFreeString

Exports

Exports

pk_assert_dll_version

Sections

.text
Size: 2.4MB - Virtual size: 2.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

_TEXT
Size: 520KB - Virtual size: 517KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

CONST
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

xdata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

text
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 728KB - Virtual size: 727KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 177KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_DATA
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 4KB - Virtual size: 525B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 136KB - Virtual size: 132KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 228KB - Virtual size: 227KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
projkey.exe
.exe windows:4 windows x86 arch:x86

07870c49dd2c6c156f7b1c67ba752abf

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

InterlockedDecrement
InterlockedIncrement
GetModuleHandleA
GetStartupInfoA

pk80

ord11586
ord14606
ord3030
ord17192
ord18546
ord8301
ord8320
ord11162
ord6085
ord15604
ord9413
ord13938
ord10872
ord8316
ord20254
ord3210
ord13709
ord19385
ord3803
ord12897
ord20557
ord6025
ord6079
ord17448
ord2746
ord19664
ord12203
ord14149
ord4193
ord2451
ord301
ord2006
ord13097
ord15637
ord5419
ord9025
ord5915
ord7150
ord15827
ord7034
ord14775
ord16604
ord16529
ord3659
ord9377
ord18152
ord14798
ord15865
ord2595
ord11165
ord2392
ord5488
ord1551
ord7960
ord16361
ord7504
ord13279
ord11728
ord11440
ord10794
ord15201
ord19597
ord11423
ord7270
ord11920
ord18504
ord17446
ord18698
ord17403
ord2292
ord9064
ord9903
ord920
ord19301
ord18025
ord18847
ord18818
ord12572
ord6074
ord1557
ord1545
ord6688
ord13272
ord198
ord3631
ord9843
ord3583
ord2030
ord3437
ord6687
ord19351
ord4974
ord19407
ord9421
ord16652
ord2621
ord448
ord19149
ord6511
ord425
ord19235
ord17381
ord6640
ord1806
ord4812
ord17165
ord521
ord6540
ord6844
ord11450
ord3440
ord17578
ord3716
ord18036

msvcr71

_controlfp
_onexit
__dllonexit
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_amsg_exit
_acmdln
exit
_cexit
_ismbblead
_XcptFilter
_exit
_c_exit
??1type_info@@UAE@XZ
_except_handler3
?terminate@@YAXXZ
??0exception@@QAE@ABV0@@Z
??1exception@@UAE@XZ
??0exception@@QAE@ABQBD@Z
?what@exception@@UBEPBDXZ
_callnewh
malloc
__CxxLongjmpUnwind
_setjmp3
_purecall
wcscmp
memcpy
_CxxThrowException
memcmp
strlen
??_V@YAXPAX@Z
__CxxFrameHandler
??3@YAXPAX@Z

Sections

.text
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 300B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
qbkey.exe
.exe windows:4 windows x86 arch:x86

735fd907e6fb7860d175d83fe17659bb

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

InterlockedDecrement
InterlockedIncrement
SetFileAttributesA
GetFileAttributesA
GetModuleHandleA
GetStartupInfoA

pk80

ord17381
ord2746
ord19664
ord19149
ord12203
ord14149
ord4193
ord2451
ord301
ord2006
ord13097
ord15637
ord5419
ord18036
ord3440
ord7150
ord15827
ord7034
ord4825
ord10834
ord7356
ord14775
ord16529
ord3659
ord9377
ord18152
ord14798
ord15865
ord2595
ord11165
ord2392
ord5488
ord1551
ord16604
ord7960
ord16361
ord7504
ord6511
ord448
ord13279
ord11728
ord11440
ord10794
ord15201
ord19597
ord11423
ord7270
ord11920
ord18504
ord19235
ord425
ord19945
ord17446
ord18698
ord13709
ord17403
ord17448
ord9064
ord9903
ord920
ord9025
ord2995
ord11450
ord521
ord2611
ord15124
ord9253
ord4258
ord1655
ord18971
ord13596
ord4587
ord10893
ord621
ord4117
ord15845
ord4974
ord4358
ord5457
ord2030
ord10534
ord18474
ord1854
ord14696
ord1442
ord20141
ord1470
ord8923
ord12779
ord11605
ord3041
ord8878
ord2382
ord19110
ord19399
ord7691
ord17745
ord12091
ord2621
ord6275
ord6958
ord7843
ord19012
ord9421
ord6963
ord4083
ord6906
ord5778
ord5018
ord15465
ord8882
ord12939
ord6079
ord6025
ord20557
ord8953
ord17578
ord12897
ord3803
ord19385
ord3210
ord20254
ord8316
ord10872
ord13938
ord9413
ord15604
ord6085
ord11162
ord8320
ord8301
ord18546
ord17192
ord3030
ord14606
ord11586
ord5915
ord19301
ord18025
ord18847
ord18818
ord12572
ord6074
ord1557
ord1545
ord6688
ord13272
ord198
ord3631
ord9843
ord2292
ord3583
ord3716
ord16652

msvcr71

_controlfp
_onexit
__dllonexit
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_amsg_exit
_acmdln
exit
_cexit
_ismbblead
_XcptFilter
_exit
_c_exit
??1type_info@@UAE@XZ
_except_handler3
?terminate@@YAXXZ
??0exception@@QAE@ABV0@@Z
??1exception@@UAE@XZ
??0exception@@QAE@ABQBD@Z
?what@exception@@UBEPBDXZ
_callnewh
malloc
abs
memcmp
strlen
memcpy
_CxxThrowException
__CxxLongjmpUnwind
_setjmp3
_purecall
memset
??_V@YAXPAX@Z
__CxxFrameHandler
??3@YAXPAX@Z

Sections

.text
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

CONST
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

_TEXT
Size: 336KB - Virtual size: 335KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

xdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

text
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 304B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_DATA
Size: 4KB - Virtual size: 780B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
qpkey.exe
.exe windows:4 windows x86 arch:x86

54591c83a06b6a6ad8d758b2e4e2e64d

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

InterlockedDecrement
InterlockedIncrement
GetModuleHandleA
GetStartupInfoA

pk80

ord2746
ord19664
ord19149
ord12203
ord14149
ord4193
ord2451
ord301
ord2006
ord13097
ord15637
ord5419
ord18036
ord3440
ord7150
ord15827
ord7034
ord14775
ord16529
ord3659
ord9377
ord18152
ord14798
ord15865
ord2595
ord11165
ord2392
ord5488
ord1551
ord17446
ord18698
ord16652
ord17403
ord2292
ord9064
ord9903
ord920
ord7960
ord3583
ord17381
ord6511
ord448
ord13279
ord11728
ord16604
ord11440
ord10794
ord15201
ord19597
ord11423
ord7270
ord11920
ord18504
ord9025
ord14696
ord17578
ord11450
ord6844
ord6540
ord521
ord17165
ord4812
ord4258
ord8953
ord9421
ord15124
ord3437
ord19351
ord6687
ord5457
ord2030
ord6640
ord9253
ord19235
ord425
ord4974
ord17745
ord2621
ord17448
ord6079
ord6025
ord20557
ord12897
ord3803
ord19385
ord13709
ord3210
ord20254
ord8316
ord10872
ord13938
ord9413
ord15604
ord6085
ord11162
ord8320
ord8301
ord18546
ord17192
ord3030
ord14606
ord11586
ord5915
ord19301
ord18025
ord18847
ord18818
ord12572
ord6074
ord1557
ord1545
ord6688
ord13272
ord198
ord3631
ord7504
ord9843
ord3716
ord16361

msvcr71

_controlfp
_onexit
__dllonexit
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_amsg_exit
_acmdln
exit
_cexit
_ismbblead
_XcptFilter
_exit
_c_exit
??1type_info@@UAE@XZ
_except_handler3
?terminate@@YAXXZ
??0exception@@QAE@ABV0@@Z
??1exception@@UAE@XZ
??0exception@@QAE@ABQBD@Z
?what@exception@@UBEPBDXZ
_callnewh
malloc
memset
memcmp
wcscmp
_purecall
strlen
_CxxThrowException
__CxxLongjmpUnwind
_setjmp3
??_V@YAXPAX@Z
__CxxFrameHandler
??3@YAXPAX@Z

Sections

.text
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

CONST
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

_TEXT
Size: 148KB - Virtual size: 145KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

xdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

text
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 200B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_DATA
Size: 4KB - Virtual size: 158B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
quickey.exe
.exe windows:4 windows x86 arch:x86

e5b45897302ee5c774f8ebbfc892ee41

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

InterlockedDecrement
InterlockedIncrement
GetModuleHandleA
GetStartupInfoA

pk80

ord7413
ord17381
ord10917
ord19235
ord19945
ord3506
ord10828
ord425
ord6511
ord19149
ord448
ord7600
ord2392
ord14696
ord19385
ord3803
ord12897
ord294
ord5262
ord6231
ord17202
ord20393
ord15221
ord16626
ord5908
ord14819
ord11369
ord9984
ord1115
ord6000
ord6818
ord3817
ord1602
ord6633
ord19474
ord16078
ord13709
ord3011
ord9719
ord6025
ord20557
ord6079
ord17448
ord19664
ord2746
ord14149
ord5419
ord12203
ord13097
ord15637
ord2006
ord4193
ord2451
ord301
ord18036
ord3440
ord20141
ord521
ord14775
ord4974
ord9421
ord5457
ord2030
ord16604
ord7034
ord2995
ord2621
ord1815
ord8516
ord13059
ord19741
ord1643
ord6958
ord7843
ord19012
ord18474
ord2084
ord16845
ord13141
ord11423
ord16361
ord18078
ord13151
ord731
ord17233
ord15124
ord9253
ord11759
ord6906
ord17674
ord17745
ord6049
ord7485
ord7083
ord7739
ord4397
ord3976
ord7791
ord7150
ord15827
ord9843
ord3631
ord198
ord13272
ord6688
ord1545
ord1557
ord6074
ord12572
ord18818
ord18025
ord5915
ord11586
ord17841
ord8531
ord15463
ord13216
ord17808
ord3030
ord17192
ord18546
ord8301
ord8320
ord11162
ord6085
ord15604
ord9413
ord3958
ord14716
ord10872
ord5236
ord14011
ord16529
ord3659
ord9377
ord18152
ord14798
ord15865
ord2595
ord11165
ord9467
ord5488
ord1551
ord17446
ord18698
ord16652
ord17403
ord2292
ord9064
ord9903
ord920
ord5422
ord3210
ord7960
ord7504
ord13279
ord11728
ord11440
ord10794
ord7270
ord11920
ord18504
ord1442
ord4358
ord18182
ord3469
ord19511
ord4618
ord13656
ord19819
ord2892
ord20543
ord11462
ord19213
ord9448
ord16347
ord19890
ord5466
ord13282
ord15321
ord9996
ord3852
ord19610
ord9338
ord2285
ord3701
ord16236
ord808
ord16538
ord19399
ord8878
ord2382
ord19110
ord11605
ord12779
ord3041
ord8923
ord18216
ord8953
ord11450
ord17578
ord19597
ord9025
ord3716
ord15201

msvcr71

_controlfp
_onexit
__dllonexit
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_amsg_exit
_acmdln
exit
_cexit
_ismbblead
_XcptFilter
_exit
_c_exit
??1type_info@@UAE@XZ
_except_handler3
?terminate@@YAXXZ
??0exception@@QAE@ABV0@@Z
??1exception@@UAE@XZ
??0exception@@QAE@ABQBD@Z
?what@exception@@UBEPBDXZ
_callnewh
malloc
__CxxLongjmpUnwind
_setjmp3
_CxxThrowException
memcpy
memcmp
memset
_purecall
strlen
__CxxFrameHandler
??_V@YAXPAX@Z
??3@YAXPAX@Z

Sections

.text
Size: 72KB - Virtual size: 69KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

CONST
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

_TEXT
Size: 276KB - Virtual size: 275KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

xdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

text
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

_BSS
Size: - Virtual size: 128B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_DATA
Size: 4KB - Virtual size: 460B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
rarkey.exe
.exe windows:4 windows x86 arch:x86

6cec22a55e074bebdbc971025d2abb85

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

InterlockedDecrement
InterlockedIncrement
GetModuleHandleA
GetStartupInfoA

pk80

ord13216
ord17808
ord3030
ord17192
ord18546
ord8301
ord8320
ord11162
ord6085
ord15604
ord9413
ord3958
ord14716
ord10872
ord5236
ord14011
ord16529
ord3659
ord9377
ord18152
ord14798
ord15865
ord2595
ord11165
ord9467
ord2392
ord5488
ord1551
ord17446
ord18698
ord16652
ord17403
ord2292
ord9064
ord9903
ord6680
ord5422
ord3210
ord7960
ord16361
ord7504
ord6511
ord448
ord13279
ord11728
ord10288
ord11440
ord10794
ord15201
ord19597
ord11423
ord7270
ord11920
ord18504
ord17578
ord17233
ord16845
ord13141
ord2084
ord731
ord8516
ord9996
ord1815
ord17674
ord19235
ord19945
ord425
ord9448
ord19213
ord940
ord11462
ord20543
ord2892
ord19819
ord13656
ord4618
ord19511
ord3469
ord18182
ord15463
ord11450
ord6844
ord6540
ord18216
ord16347
ord10917
ord3506
ord10828
ord8953
ord7600
ord14696
ord294
ord5262
ord6231
ord17202
ord20393
ord15221
ord16626
ord5908
ord14819
ord11369
ord9984
ord1115
ord7083
ord6818
ord3817
ord1602
ord6633
ord19474
ord16078
ord3852
ord3423
ord1470
ord10893
ord4587
ord13596
ord1655
ord2995
ord621
ord8923
ord3041
ord12779
ord11605
ord19110
ord2382
ord8878
ord19399
ord7656
ord13276
ord8233
ord16370
ord4974
ord12447
ord5545
ord1442
ord16516
ord17163
ord4771
ord5068
ord2168
ord6728
ord17478
ord5018
ord12939
ord17745
ord2536
ord8045
ord14023
ord4680
ord4709
ord16304
ord6427
ord6609
ord15124
ord19032
ord11808
ord16634
ord9253
ord15268
ord8531
ord17841
ord11586
ord5915
ord18025
ord18818
ord12572
ord6074
ord1557
ord1545
ord6688
ord13272
ord198
ord3631
ord9843
ord16604
ord14775
ord7034
ord15827
ord7150
ord3440
ord18036
ord5419
ord15637
ord13097
ord2006
ord301
ord2451
ord4193
ord14149
ord12203
ord19149
ord19664
ord2746
ord17381
ord17448
ord6079
ord6025
ord20557
ord12897
ord3803
ord19385
ord9025
ord13709
ord3716
ord13151

msvcr71

_controlfp
_onexit
__dllonexit
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_amsg_exit
_acmdln
exit
_cexit
_ismbblead
_XcptFilter
_exit
_c_exit
??1type_info@@UAE@XZ
_except_handler3
?terminate@@YAXXZ
??0exception@@QAE@ABV0@@Z
??1exception@@UAE@XZ
??0exception@@QAE@ABQBD@Z
?what@exception@@UBEPBDXZ
_callnewh
strchr
strncpy
malloc
free
abs
memmove
memcmp
memset
memcpy
strlen
_CxxThrowException
__CxxLongjmpUnwind
_setjmp3
_purecall
__CxxFrameHandler
??_V@YAXPAX@Z
??3@YAXPAX@Z

Sections

.text
Size: 104KB - Virtual size: 101KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
scdkey.exe
.exe windows:4 windows x86 arch:x86

be1a582eabc3cdc7e200785c35b26674

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

InterlockedDecrement
InterlockedIncrement
WideCharToMultiByte
GetModuleHandleA
GetStartupInfoA

pk80

ord18546
ord8301
ord8320
ord11162
ord6085
ord15604
ord9413
ord13938
ord10872
ord8316
ord20254
ord3210
ord19385
ord3803
ord12897
ord20557
ord6025
ord6079
ord17448
ord2746
ord19664
ord12203
ord4193
ord2451
ord301
ord2006
ord13097
ord15637
ord5419
ord18036
ord3440
ord14149
ord15827
ord17192
ord16529
ord3659
ord9377
ord18152
ord14798
ord15865
ord2595
ord11165
ord2392
ord5488
ord1551
ord7960
ord16361
ord7504
ord13279
ord11728
ord11440
ord10794
ord15201
ord19597
ord11423
ord7270
ord11920
ord18504
ord17446
ord18698
ord16652
ord17403
ord2292
ord9064
ord9903
ord920
ord3030
ord14606
ord11586
ord5915
ord19301
ord18025
ord18847
ord18818
ord12572
ord6074
ord1557
ord1545
ord6688
ord13272
ord198
ord3631
ord9843
ord3583
ord2030
ord5457
ord425
ord6511
ord448
ord19149
ord9421
ord16604
ord19235
ord17381
ord15124
ord2621
ord7034
ord2995
ord521
ord11450
ord17578
ord14775
ord13709
ord3716
ord7150

msvcr71

_controlfp
_onexit
__dllonexit
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_amsg_exit
_acmdln
exit
_cexit
_ismbblead
_XcptFilter
_exit
_c_exit
??1type_info@@UAE@XZ
_except_handler3
?terminate@@YAXXZ
??0exception@@QAE@ABV0@@Z
??1exception@@UAE@XZ
??0exception@@QAE@ABQBD@Z
?what@exception@@UBEPBDXZ
_callnewh
malloc
__CxxLongjmpUnwind
_setjmp3
_purecall
memcmp
_CxxThrowException
strlen
??_V@YAXPAX@Z
__CxxFrameHandler
??3@YAXPAX@Z

Sections

.text
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

CONST
Size: 512B - Virtual size: 273B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

_TEXT
Size: 46KB - Virtual size: 46KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

xdata
Size: 1024B - Virtual size: 708B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

text
Size: 1024B - Virtual size: 530B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_DATA
Size: 512B - Virtual size: 138B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
sqlkey.exe
.exe windows:4 windows x86 arch:x86

345f3670b12de62c2890bb001ec59b2c

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetStartupInfoA
InterlockedIncrement
InterlockedDecrement
GetModuleHandleA

user32

PostMessageA

advapi32

QueryServiceStatus
OpenSCManagerA
CloseServiceHandle
OpenServiceA
StartServiceA
ControlService

pk80

ord1901
ord9025
ord15673
ord13709
ord3011
ord6728
ord20557
ord6025
ord6079
ord17448
ord2746
ord19664
ord12203
ord14149
ord4193
ord2451
ord301
ord2006
ord13097
ord15637
ord5419
ord18036
ord3440
ord7150
ord15827
ord1470
ord14775
ord10534
ord10893
ord18823
ord8823
ord39
ord7504
ord621
ord15885
ord6334
ord10353
ord2953
ord1643
ord6382
ord17446
ord3143
ord18698
ord16652
ord17403
ord2292
ord9064
ord9903
ord920
ord15171
ord1704
ord18474
ord8878
ord12369
ord7413
ord20244
ord3583
ord9843
ord3631
ord198
ord13272
ord6688
ord1545
ord1557
ord6074
ord12572
ord18818
ord18847
ord18025
ord19301
ord5915
ord11586
ord14606
ord3030
ord18546
ord8301
ord8320
ord20252
ord6085
ord15604
ord9413
ord13938
ord10872
ord8316
ord12446
ord20254
ord3210
ord16529
ord3659
ord9377
ord18152
ord14798
ord15865
ord2595
ord11165
ord17192
ord8516
ord17254
ord18108
ord3977
ord1815
ord5488
ord14486
ord1551
ord7960
ord16361
ord13279
ord11728
ord11440
ord10794
ord15201
ord19597
ord11423
ord7270
ord11920
ord18504
ord2382
ord19110
ord11605
ord12779
ord8923
ord1442
ord1854
ord16604
ord2392
ord15845
ord10201
ord17381
ord7034
ord2995
ord9421
ord12897
ord19385
ord3803
ord4212
ord8104
ord15436
ord1726
ord4080
ord19945
ord448
ord19149
ord6511
ord425
ord19235
ord6844
ord4974
ord8953
ord7485
ord11450
ord6540
ord17578
ord14696
ord3716
ord11162
ord19399
ord4624

msvcr71

_controlfp
_onexit
__dllonexit
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_amsg_exit
_acmdln
exit
_cexit
_ismbblead
_XcptFilter
_exit
_c_exit
??1type_info@@UAE@XZ
_except_handler3
?terminate@@YAXXZ
??0exception@@QAE@ABV0@@Z
??1exception@@UAE@XZ
??0exception@@QAE@ABQBD@Z
?what@exception@@UBEPBDXZ
_callnewh
malloc
_purecall
_setjmp3
__CxxLongjmpUnwind
memcpy
wcscmp
_CxxThrowException
strlen
memcmp
__CxxFrameHandler
??_V@YAXPAX@Z
??3@YAXPAX@Z
_access

Sections

.text
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

CONST
Size: 512B - Virtual size: 318B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

_TEXT
Size: 38KB - Virtual size: 37KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

xdata
Size: 1024B - Virtual size: 536B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

text
Size: 512B - Virtual size: 282B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 384B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_DATA
Size: 512B - Virtual size: 142B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
un-kit_ent.exe.nsis
winkey.exe
.exe windows:4 windows x86 arch:x86

4421ca74ac20496bc3aa5f3080e6caf0

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

imagehlp

CheckSumMappedFile

kernel32

GlobalAlloc
InterlockedDecrement
InterlockedIncrement
CloseHandle
WaitForSingleObject
CreateProcessA
GetTempPathA
LockResource
LoadResource
SizeofResource
FindResourceA
GetModuleHandleA
GetDriveTypeA
GetLogicalDrives
DeviceIoControl
CreateFileA
GetDiskFreeSpaceA
SetErrorMode
FormatMessageA
GetLastError
FlushFileBuffers
GetProcAddress
LoadLibraryA
FreeLibrary
WriteFile
SetFilePointer
DefineDosDeviceA
GetTimeZoneInformation
MultiByteToWideChar
GlobalFree
GetStartupInfoA
ReadFile
GetFileSize
FindFirstFileA
FileTimeToSystemTime
FileTimeToLocalFileTime
FindNextFileA
FindClose
GetFullPathNameA
GetLocalTime
CreateEventA
ResumeThread
SetThreadPriority
SetEvent
InitializeCriticalSection
DeleteCriticalSection
WaitForMultipleObjects
LeaveCriticalSection
ResetEvent
EnterCriticalSection

pk80

ord12897
ord13903
ord9719
ord20557
ord6025
ord6079
ord19664
ord12203
ord4193
ord2451
ord301
ord2006
ord13097
ord15637
ord5419
ord18036
ord2611
ord7150
ord15827
ord3583
ord9843
ord3631
ord19319
ord13272
ord6688
ord1545
ord1557
ord6074
ord12572
ord18818
ord18847
ord18025
ord19301
ord5915
ord11586
ord14606
ord3030
ord17192
ord18546
ord8320
ord11162
ord6085
ord15604
ord9413
ord8316
ord10872
ord20254
ord2476
ord13938
ord14775
ord16529
ord3659
ord9377
ord18152
ord14798
ord15865
ord2595
ord11165
ord20385
ord14486
ord19537
ord15171
ord14931
ord4089
ord5612
ord12533
ord18779
ord2392
ord15885
ord6334
ord18628
ord1643
ord19741
ord2917
ord6382
ord9299
ord13059
ord12362
ord12446
ord2384
ord5163
ord15107
ord8677
ord15610
ord3210
ord13867
ord7960
ord16361
ord5488
ord7504
ord13279
ord11728
ord11440
ord10794
ord1551
ord15201
ord19597
ord11423
ord7270
ord11920
ord18504
ord16985
ord6844
ord1442
ord4132
ord19385
ord3803
ord3011
ord10856
ord10134
ord19584
ord8370
ord16634
ord16472
ord4298
ord14592
ord11759
ord621
ord1655
ord18971
ord4587
ord10893
ord13255
ord9703
ord5585
ord19624
ord11222
ord19985
ord12369
ord18132
ord5545
ord2995
ord4974
ord15124
ord9903
ord673
ord17446
ord5765
ord3944
ord1854
ord3440
ord1815
ord4083
ord8516
ord15275
ord7034
ord16604
ord17448
ord3540
ord3273
ord155
ord9348
ord8297
ord9253
ord9076
ord2720
ord5200
ord17381
ord3650
ord19945
ord10590
ord4475
ord2746
ord11450
ord17578
ord14696
ord448
ord19149
ord6511
ord425
ord19235
ord19456
ord6963
ord13709
ord14149
ord9025
ord3716
ord198

msvcr71

_stricmp
_creat
_access
_strupr
__CxxFrameHandler
_controlfp
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_amsg_exit
_acmdln
exit
_cexit
_ismbblead
_XcptFilter
_exit
_c_exit
_onexit
__dllonexit
??1type_info@@UAE@XZ
_except_handler3
?terminate@@YAXXZ
??0exception@@QAE@ABV0@@Z
??1exception@@UAE@XZ
??0exception@@QAE@ABQBD@Z
?what@exception@@UBEPBDXZ
_callnewh
malloc
_endthreadex
_beginthreadex
clock
islower
wcslen
isalpha
strspn
fprintf
fopen
fclose
strrchr
toupper
qsort
strchr
_splitpath
__CxxLongjmpUnwind
_setjmp3
memcmp
_close
remove
_purecall
strcpy
sprintf
memset
memcpy
strlen
_CxxThrowException
strcmp
??_V@YAXPAX@Z
??3@YAXPAX@Z

Sections

.text
Size: 84KB - Virtual size: 82KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 52KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 872KB - Virtual size: 870KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
wpkey.exe
.exe windows:4 windows x86 arch:x86

ec284d5c125af273fe66840406d6ac16

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

InterlockedDecrement
InterlockedIncrement
GetModuleHandleA
GetStartupInfoA

pk80

ord11586
ord14606
ord3030
ord17192
ord18546
ord8301
ord8320
ord11162
ord6085
ord15604
ord9413
ord13938
ord10872
ord8316
ord20254
ord3210
ord19385
ord3803
ord12897
ord20557
ord6025
ord6079
ord17448
ord2746
ord19664
ord12203
ord14149
ord4193
ord2451
ord301
ord2006
ord13097
ord15637
ord5419
ord18036
ord3440
ord7150
ord15827
ord14775
ord19235
ord5915
ord9377
ord18152
ord14798
ord15865
ord2595
ord11165
ord2392
ord5488
ord1551
ord7960
ord16361
ord7504
ord13279
ord11728
ord11440
ord10794
ord12412
ord13260
ord15201
ord19597
ord11423
ord7270
ord11920
ord18504
ord17446
ord18698
ord16652
ord17403
ord2292
ord9064
ord9903
ord920
ord5585
ord11264
ord14898
ord15748
ord1854
ord15275
ord2720
ord8882
ord19301
ord18025
ord18847
ord18818
ord12572
ord6074
ord1557
ord1545
ord6688
ord13272
ord198
ord3631
ord9843
ord3583
ord15845
ord4117
ord3437
ord6687
ord19351
ord2030
ord4812
ord17165
ord6540
ord6844
ord11450
ord17578
ord9025
ord17381
ord5457
ord4258
ord9253
ord15124
ord13709
ord16604
ord4358
ord7034
ord2995
ord521
ord448
ord19149
ord6511
ord425
ord3659
ord19945
ord3716
ord16529

msvcr71

_controlfp
_onexit
__dllonexit
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_amsg_exit
_acmdln
exit
_cexit
_ismbblead
_XcptFilter
_exit
_c_exit
??1type_info@@UAE@XZ
_except_handler3
?terminate@@YAXXZ
??0exception@@QAE@ABV0@@Z
??1exception@@UAE@XZ
??0exception@@QAE@ABQBD@Z
?what@exception@@UBEPBDXZ
_callnewh
malloc
toupper
islower
__CxxLongjmpUnwind
_setjmp3
_purecall
memset
wcscmp
strlen
wcslen
memcmp
memmove
memcpy
_CxxThrowException
??_V@YAXPAX@Z
__CxxFrameHandler
??3@YAXPAX@Z

Sections

.text
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

CONST
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

_TEXT
Size: 492KB - Virtual size: 491KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

xdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

text
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

_BSS
Size: - Virtual size: 245B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_DATA
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

CRT
Size: 4KB - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
wprokey.exe
.exe windows:4 windows x86 arch:x86

2397cc40ac7f7929a7a84bbc402c4c42

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

InterlockedDecrement
InterlockedIncrement
GetModuleHandleA
GetStartupInfoA

pk80

ord14606
ord3030
ord17192
ord18546
ord8301
ord8320
ord11162
ord6085
ord15604
ord9413
ord13938
ord10872
ord8316
ord20254
ord3210
ord13709
ord19385
ord3803
ord12897
ord20557
ord6025
ord6079
ord17448
ord2746
ord19664
ord12203
ord14149
ord4193
ord2451
ord301
ord2006
ord13097
ord15637
ord14696
ord11586
ord3440
ord14775
ord16529
ord3659
ord9377
ord18152
ord14798
ord15865
ord2595
ord11165
ord2392
ord5488
ord1551
ord17446
ord18698
ord16652
ord17403
ord2292
ord9064
ord9903
ord920
ord7960
ord16361
ord7504
ord13279
ord11728
ord11440
ord10794
ord15201
ord19597
ord11423
ord7270
ord11920
ord18504
ord5915
ord19301
ord18025
ord18847
ord18818
ord12572
ord6074
ord1557
ord1545
ord6688
ord13272
ord198
ord3631
ord9843
ord3583
ord15827
ord7150
ord2030
ord1806
ord4974
ord17381
ord9421
ord521
ord17745
ord2621
ord7034
ord16604
ord2995
ord8953
ord448
ord19149
ord6511
ord425
ord19235
ord11450
ord18036
ord17578
ord3716
ord5419

msvcr71

_controlfp
_onexit
__dllonexit
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_amsg_exit
_acmdln
exit
_cexit
_ismbblead
_XcptFilter
_exit
_c_exit
??1type_info@@UAE@XZ
_except_handler3
?terminate@@YAXXZ
??0exception@@QAE@ABV0@@Z
??1exception@@UAE@XZ
??0exception@@QAE@ABQBD@Z
?what@exception@@UBEPBDXZ
_callnewh
malloc
__CxxLongjmpUnwind
_setjmp3
strlen
memcmp
_purecall
_CxxThrowException
??_V@YAXPAX@Z
__CxxFrameHandler
??3@YAXPAX@Z

Sections

.text
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

CONST
Size: 1024B - Virtual size: 665B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

_TEXT
Size: 80KB - Virtual size: 79KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

xdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

text
Size: 1024B - Virtual size: 962B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 264B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_DATA
Size: 512B - Virtual size: 150B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
zipkey.exe
.exe windows:4 windows x86 arch:x86

08d1477a65a587c45d2a04d219adda38

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

InterlockedDecrement
InterlockedIncrement
GetModuleHandleA
GetStartupInfoA

user32

EndDialog
SetWindowLongA
GetDlgItemTextA
SetDlgItemTextA
GetDlgItem
DialogBoxParamA
ShowWindow
EnableWindow

pk80

ord17202
ord20393
ord15221
ord16626
ord5908
ord14819
ord11369
ord9984
ord1115
ord2392
ord19385
ord3803
ord12897
ord9448
ord19213
ord11462
ord19511
ord18182
ord13151
ord13764
ord12502
ord7485
ord4974
ord8882
ord6300
ord5922
ord9230
ord9253
ord6000
ord6818
ord3817
ord1602
ord6633
ord19474
ord16078
ord14149
ord13709
ord6025
ord20557
ord6079
ord17381
ord17448
ord19664
ord2746
ord5419
ord12203
ord13097
ord15637
ord2006
ord4193
ord2451
ord301
ord18036
ord3440
ord14775
ord12537
ord10760
ord6427
ord16304
ord4709
ord4680
ord6609
ord11759
ord11423
ord16361
ord15201
ord19597
ord5612
ord20385
ord7034
ord15673
ord13279
ord16604
ord7504
ord8516
ord920
ord12446
ord8523
ord17043
ord2084
ord16845
ord13141
ord5679
ord6356
ord731
ord17233
ord1854
ord4237
ord14927
ord8891
ord5018
ord18995
ord15021
ord19032
ord5488
ord1815
ord1551
ord14023
ord16516
ord15124
ord11808
ord16634
ord15268
ord17192
ord10374
ord7150
ord15827
ord19189
ord9843
ord3631
ord198
ord13272
ord6688
ord1545
ord1557
ord6074
ord12572
ord18818
ord18025
ord5915
ord11586
ord17841
ord8531
ord6231
ord13216
ord6275
ord3030
ord18546
ord8301
ord8320
ord11162
ord6085
ord15604
ord9413
ord3958
ord14716
ord5236
ord14011
ord16529
ord3659
ord9377
ord18152
ord14798
ord15865
ord2595
ord11165
ord9467
ord10872
ord17446
ord18698
ord16652
ord17403
ord2292
ord4749
ord9903
ord6680
ord6933
ord5422
ord3210
ord7960
ord11728
ord10288
ord11440
ord10794
ord7270
ord11920
ord18504
ord426
ord10914
ord17673
ord5187
ord4258
ord9224
ord16001
ord14486
ord19640
ord135
ord14355
ord5228
ord6963
ord15950
ord75
ord2611
ord3622
ord11222
ord13240
ord13258
ord19849
ord11433
ord18616
ord4174
ord564
ord12221
ord10083
ord18188
ord4116
ord20114
ord12312
ord10534
ord4140
ord6848
ord19498
ord12903
ord3540
ord2092
ord3143
ord13770
ord12826
ord13049
ord12412
ord13260
ord14745
ord7124
ord12659
ord15748
ord3587
ord3964
ord11264
ord17798
ord18474
ord19319
ord13867
ord19693
ord5457
ord4993
ord2015
ord2655
ord13500
ord10392
ord20491
ord19985
ord3798
ord2720
ord17745
ord4358
ord15275
ord5585
ord16112
ord7615
ord17560
ord6872
ord2154
ord20543
ord2892
ord19819
ord13656
ord4618
ord3469
ord2758
ord20141
ord521
ord9421
ord1768
ord17628
ord7083
ord9920
ord5262
ord1442
ord14696
ord294
ord7600
ord2168
ord10828
ord3506
ord10917
ord1655
ord19945
ord7413
ord9996
ord16347
ord3852
ord621
ord2995
ord18971
ord13596
ord4587
ord10893
ord12402
ord448
ord19149
ord6511
ord425
ord19235
ord19148
ord17674
ord18216
ord8953
ord6540
ord6844
ord11450
ord17578
ord9025
ord16319
ord13966
ord6069
ord12637
ord3691
ord18078
ord3716
ord17808
ord15463

msvcr71

_controlfp
??_V@YAXPAX@Z
__CxxFrameHandler
strlen
_CxxThrowException
_purecall
memset
memcpy
_onexit
__dllonexit
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_amsg_exit
_acmdln
exit
_cexit
_ismbblead
_XcptFilter
_exit
_c_exit
??1type_info@@UAE@XZ
_except_handler3
?terminate@@YAXXZ
??0exception@@QAE@ABV0@@Z
??1exception@@UAE@XZ
??0exception@@QAE@ABQBD@Z
?what@exception@@UBEPBDXZ
_callnewh
malloc
memcmp
strcmp
strchr
memmove
strtoul
__CxxLongjmpUnwind
_setjmp3
log
??3@YAXPAX@Z

Sections

.text
Size: 156KB - Virtual size: 154KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

CONST
Size: 4KB - Virtual size: 658B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

_TEXT
Size: 84KB - Virtual size: 81KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

xdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

_BSS
Size: - Virtual size: 4B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 40KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_DATA
Size: 4KB - Virtual size: 220B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

18bc6fa81e19f21156316b1ae696ed6b

Code Sign

17:3f:ef:6b:b6:3a:24:cb:b1:77:7c:06:81:11:df:82Certificate

Extended Key Usages

Key Usages

1f:e4:9a:0e:a7:ca:a5:78:2c:70:66:41:b8:86:52:c4:ad:fe:cc:08Signer

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 22KB - Virtual size: 22KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 1024B - Virtual size: 108KB

.ndata Size: - Virtual size: 40KB

.rsrc Size: 3KB - Virtual size: 3KB

57354bdeea3dfae6e948101add87501a

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

comdlg32

Exports

Exports

Sections

.text Size: 6KB - Virtual size: 6KB

.rdata Size: 2KB - Virtual size: 1KB

.data Size: 1KB - Virtual size: 9KB

.rsrc Size: 512B - Virtual size: 152B

.reloc Size: 1024B - Virtual size: 954B

28d94e5199b88ad374b3cb2118e31a66

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

Exports

Exports

Sections

.text Size: 2KB - Virtual size: 2KB

.rdata Size: 1KB - Virtual size: 1KB

.data Size: 512B - Virtual size: 5KB

.rsrc Size: 512B - Virtual size: 296B

.reloc Size: 512B - Virtual size: 460B

7a1b2222bcad8848ee1e1190f24f1473

Headers

File Characteristics

Imports

kernel32

advapi32

user32

gdi32

shell32

Exports

Exports

Sections

.text Size: 156KB - Virtual size: 154KB

.rdata Size: 40KB - Virtual size: 37KB

.data Size: 8KB - Virtual size: 12KB

.reloc Size: 20KB - Virtual size: 19KB

21408485e9c4d3dfa193286ce8b8fc5b

Headers

File Characteristics

17:3f:ef:6b:b6:3a:24:cb:b1:77:7c:06:81:11:df:82
Certificate

1f:e4:9a:0e:a7:ca:a5:78:2c:70:66:41:b8:86:52:c4:ad:fe:cc:08
Signer

.text
Size: 22KB - Virtual size: 22KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 1024B - Virtual size: 108KB

.ndata
Size: - Virtual size: 40KB

.rsrc
Size: 3KB - Virtual size: 3KB

.text
Size: 6KB - Virtual size: 6KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 1KB - Virtual size: 9KB

.rsrc
Size: 512B - Virtual size: 152B

.reloc
Size: 1024B - Virtual size: 954B

.text
Size: 2KB - Virtual size: 2KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: 512B - Virtual size: 5KB

.rsrc
Size: 512B - Virtual size: 296B

.reloc
Size: 512B - Virtual size: 460B

.text
Size: 156KB - Virtual size: 154KB

.rdata
Size: 40KB - Virtual size: 37KB

.data
Size: 8KB - Virtual size: 12KB

.reloc
Size: 20KB - Virtual size: 19KB

.text
Size: 8KB - Virtual size: 5KB

CONST
Size: 4KB - Virtual size: 677B

_TEXT
Size: 124KB - Virtual size: 121KB

xdata
Size: 4KB - Virtual size: 2KB

text
Size: 4KB - Virtual size: 2KB

_BSS
Size: - Virtual size: 1024B

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 4KB - Virtual size: 152B

_DATA
Size: 4KB - Virtual size: 506B

.rsrc
Size: 20KB - Virtual size: 19KB

.text
Size: 132KB - Virtual size: 128KB

CONST
Size: 4KB - Virtual size: 602B

_TEXT
Size: 60KB - Virtual size: 57KB

xdata
Size: 4KB - Virtual size: 1KB

text
Size: 4KB - Virtual size: 714B

.rdata
Size: 28KB - Virtual size: 24KB

.data
Size: 4KB - Virtual size: 788B

_DATA
Size: 4KB - Virtual size: 112B

.rsrc
Size: 28KB - Virtual size: 27KB

.text
Size: 52KB - Virtual size: 50KB

CONST
Size: 4KB - Virtual size: 546B

_TEXT
Size: 132KB - Virtual size: 129KB

xdata
Size: 4KB - Virtual size: 3KB

text
Size: 8KB - Virtual size: 4KB

.rdata
Size: 16KB - Virtual size: 14KB

.data
Size: 4KB - Virtual size: 436B

_DATA
Size: 4KB - Virtual size: 140B

.rsrc
Size: 20KB - Virtual size: 19KB

.text
Size: 20KB - Virtual size: 19KB

CONST
Size: 1024B - Virtual size: 549B

_TEXT
Size: 11KB - Virtual size: 10KB

.rdata
Size: 6KB - Virtual size: 6KB

.data
Size: 2KB - Virtual size: 4KB

_DATA
Size: 512B - Virtual size: 16B

.reloc
Size: 4KB - Virtual size: 4KB