729f7fff1e692527b5accca79b91581f_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

729f7fff1e692527b5accca79b91581f_JaffaCakes118
Size

1.8MB
MD5

729f7fff1e692527b5accca79b91581f
SHA1

c29a043f4c2ada7fe7837180b2f09783568cd2bb
SHA256

d158f39f03d9c529ec554a47ef6e5a959025f3cde602ffd6f06b2b682cc19976
SHA512

6af326c7a82927a89d04f653857259ef9d9ee87d8402997410288df9d4227644c7f76eeb640675a5e59d940f6abb92c4c498128bcd52b5354ab156e89fe3ab29
SSDEEP

24576:KGqWn78DugqnoYuzkMMFrG6jXcbEXpRzD4Qo06dc3wWg6goFcUNYg+TRJ1ko+fZD:ZT78PcVuotjXcb4pi2ccgW1rqRJ1k5

Score

3^/10

Malware Config

Signatures

Unsigned PE 7 IoCs

Checks for missing Authenticode signature.

resource
unpack001/HB_Cedt370_ljh.EXE
unpack001/cedt370r.exe
unpack002/NEWShellExt.dll
unpack002/cedt.exe
unpack002/launch.exe
unpack002/notepad.exe
unpack002/uninstall.exe

NSIS installer 2 IoCs

installer

resource	yara_rule
static1/unpack001/cedt370r.exe	nsis_installer_1
static1/unpack002/uninstall.exe	nsis_installer_1

Files

729f7fff1e692527b5accca79b91581f_JaffaCakes118
.rar
HB_Cedt370_ljh.EXE
.exe windows:4 windows x86 arch:x86

e41c25ab7824b3df73334188c40518ae

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP

Imports

kernel32

lstrcpyA
GetCommandLineA
SetErrorMode
lstrlenA
MulDiv
GetTempFileNameA
GetWindowsDirectoryA
GetModuleFileNameA
GetModuleHandleA
FormatMessageA
lstrcatA
GetLastError
_lwrite
_llseek
GlobalUnlock
_lopen
GlobalAlloc
GlobalFree
_lclose
_lcreat
LoadLibraryA
GetProcAddress
FreeLibrary
OpenFile
GetVersionExA
GetCurrentProcess
WinExec
ExitProcess
_lread
LocalFree
GetTempPathA
GlobalLock

user32

GetDC
BeginPaint
EndPaint
InvalidateRect
PostQuitMessage
SendMessageA
DefWindowProcA
GetClientRect
CreateWindowExA
DrawTextA
ReleaseDC
ShowWindow
SetWindowPos
UpdateWindow
SetTimer
LoadIconA
wsprintfA
MessageBoxA
ExitWindowsEx
RegisterClassA
LoadCursorA

gdi32

DeleteObject
GetStockObject
GetDeviceCaps
PatBlt
CreateSolidBrush
TextOutA
SetTextColor
SetBkMode
SelectObject
StretchDIBits
CreateFontA
RealizePalette
SelectPalette
CreatePalette

advapi32

OpenProcessToken
AdjustTokenPrivileges
LookupPrivilegeValueA

Exports

Exports

_MainWndProc@16
_StubFileWrite@12

Sections

.text
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
cedt370r.exe
.exe windows:4 windows x86 arch:x86

dae718ca7c0da2949ad685c2d593ec7a

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

comctl32

ImageList_AddMasked
ord17
ImageList_Destroy
ImageList_Create

kernel32

FindNextFileA
DeleteFileA
FindFirstFileA
CloseHandle
SetFileTime
GetFileAttributesA
CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
lstrcatA
SetCurrentDirectoryA
CreateDirectoryA
SetFileAttributesA
Sleep
GetFileSize
GetModuleFileNameA
GetTickCount
CopyFileA
ExitProcess
lstrcpynA
GetCommandLineA
lstrcmpiA
GetTempPathA
GetUserDefaultLangID
GetDiskFreeSpaceA
GetVersion
GlobalUnlock
GlobalLock
GlobalAlloc
CreateThread
CreateProcessA
RemoveDirectoryA
CreateFileA
GetTempFileNameA
SetEndOfFile
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
lstrcpyA
lstrlenA
GetSystemDirectoryA
MulDiv
FindClose
SetFilePointer
ReadFile
WriteFile
GetPrivateProfileStringA
GetEnvironmentVariableA
ExpandEnvironmentStringsA
GlobalFree
WritePrivateProfileStringA
WaitForSingleObject
GetExitCodeProcess
SetErrorMode
GetModuleHandleA
LoadLibraryA
GetProcAddress
FreeLibrary
MultiByteToWideChar
GetCurrentProcess
GetWindowsDirectoryA

user32

CharNextA
DialogBoxParamA
GetClassInfoA
CreateWindowExA
SystemParametersInfoA
RegisterClassA
EndDialog
ScreenToClient
GetWindowRect
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
LoadCursorA
SetCursor
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxA
CharPrevA
CreateDialogParamA
DestroyWindow
SetTimer
SetWindowTextA
SetForegroundWindow
ShowWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
PeekMessageA
DispatchMessageA
PostQuitMessage
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ExitWindowsEx

gdi32

GetDeviceCaps
CreateFontIndirectA
DeleteObject
CreateBrushIndirect
CreateFontA
SetBkMode
SetTextColor
SetBkColor
SelectObject

advapi32

RegEnumValueA
RegEnumKeyA
RegQueryValueExA
RegSetValueExA
RegDeleteKeyA
RegOpenKeyExA
RegDeleteValueA
RegCreateKeyA
RegCloseKey

shell32

ShellExecuteA
SHBrowseForFolderA
SHGetPathFromIDListA
SHGetMalloc
SHGetSpecialFolderLocation
SHFileOperationA

ole32

OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 151KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 32KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 19KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/modern-header.bmp
NEWShellExt.dll
.dll regsvr32 windows:4 windows x86 arch:x86

9b789b0051ea4c7ac3d092719e95a89f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mfc42

ord4424
ord3831
ord3825
ord3079
ord4080
ord3353
ord3830
ord614
ord1206
ord290
ord825
ord1223
ord4622
ord2727
ord2730
ord2729
ord1085
ord5601
ord800
ord858
ord4278
ord535
ord860
ord537
ord542
ord6467
ord3081
ord6375
ord2985
ord2976
ord2512
ord5731
ord3922
ord1089
ord5199
ord2396
ord3346
ord5300
ord5302
ord4079
ord4698
ord5307
ord5289
ord5714
ord823
ord3738
ord561
ord815
ord5500
ord1200
ord1132
ord1131
ord6354
ord1226
ord4465
ord3259
ord3147
ord2982
ord4003
ord743
ord446
ord1799
ord4486
ord3136
ord2554
ord802
ord4274
ord3262
ord1570
ord1253
ord1197
ord1176
ord1575
ord1168
ord1577
ord1182
ord342
ord1578
ord600
ord1255
ord269
ord1243
ord1116
ord826

msvcrt

??1type_info@@UAE@XZ
_onexit
__CxxFrameHandler
_adjust_fdiv
__dllonexit
malloc
free
_initterm
_EH_prolog
sprintf

kernel32

lstrcpynA
LocalAlloc
LocalFree
CreateProcessA
lstrcpynW

user32

GetMenuItemCount
GetMenuState
InsertMenuA

advapi32

RegCloseKey
RegQueryValueExA
RegOpenKeyExA

shell32

DragQueryFileA

ole32

ReleaseStgMedium

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 990B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
cedt.dic
cedt.exe
.exe windows:4 windows x86 arch:x86

8ca62a4a159d45e701c3e108f81d56f0

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

imm32

ImmGetContext
ImmGetCompositionStringA
ImmReleaseContext

mfc42

ord2515
ord355
ord3499
ord537
ord4277
ord2514
ord641
ord2004
ord939
ord5981
ord5199
ord941
ord2818
ord5130
ord3663
ord686
ord2841
ord2448
ord609
ord616
ord692
ord804
ord683
ord810
ord795
ord656
ord693
ord2044
ord2107
ord5450
ord5834
ord6394
ord5440
ord6383
ord6403
ord3522
ord4160
ord6209
ord2652
ord4202
ord6877
ord1669
ord1168
ord668
ord3181
ord4058
ord2781
ord2770
ord356
ord665
ord603
ord1979
ord1969
ord2784
ord5461
ord273
ord5186
ord354
ord1825
ord4238
ord4696
ord3058
ord3065
ord6336
ord2510
ord2542
ord5243
ord1746
ord5577
ord3172
ord5653
ord4420
ord2399
ord4387
ord3454
ord3198
ord6175
ord4623
ord4426
ord652
ord338
ord3790
ord2614
ord5651
ord3127
ord3616
ord6329
ord350
ord3903
ord3318
ord353
ord6779
ord6648
ord4129
ord6778
ord536
ord1147
ord2820
ord2764
ord4204
ord3495
ord2393
ord5442
ord5773
ord6385
ord538
ord4614
ord4613
ord1945
ord4273
ord323
ord640
ord3571
ord4589
ord5076
ord4341
ord4349
ord4890
ord4531
ord4545
ord4964
ord4961
ord4108
ord6055
ord4078
ord1776
ord4407
ord5240
ord2385
ord5289
ord3452
ord4353
ord3798
ord4837
ord4441
ord2648
ord2055
ord6374
ord3748
ord5065
ord1726
ord5260
ord2446
ord2124
ord5277
ord4627
ord4432
ord813
ord439
ord560
ord3626
ord2414
ord736
ord5875
ord6021
ord4216
ord613
ord5785
ord1641
ord1640
ord2405
ord289
ord2864
ord6195
ord4723
ord6128
ord6129
ord3752
ord5495
ord4464
ord2379
ord4220
ord2584
ord3654
ord2438
ord6270
ord2863
ord1644
ord729
ord2504
ord1706
ord430
ord3619
ord4524
ord4042
ord4529
ord4526
ord4543
ord3216
ord5290
ord5829
ord3726
ord398
ord5710
ord6282
ord6283
ord913
ord4189
ord6143
ord5608
ord5789
ord2713
ord6172
ord2753
ord5782
ord4133
ord4297
ord5788
ord472
ord5787
ord283
ord940
ord2244
ord3811
ord2535
ord6663
ord1858
ord4245
ord5101
ord2101
ord2723
ord2390
ord3059
ord5100
ord5104
ord4303
ord3351
ord5012
ord976
ord5472
ord3403
ord2879
ord2878
ord4152
ord4077
ord5237
ord2382
ord5283
ord2649
ord1665
ord4436
ord3749
ord1727
ord5254
ord2445
ord4427
ord401
ord674
ord3481
ord4040
ord2115
ord4458
ord4500
ord4772
ord3396
ord3731
ord2411
ord2023
ord4218
ord2578
ord4398
ord5163
ord6376
ord6154
ord2530
ord4364
ord4056
ord5471
ord4121
ord2389
ord5234
ord6369
ord5248
ord2444
ord3583
ord2587
ord4406
ord3447
ord3196
ord5241
ord5261
ord3398
ord3733
ord808
ord567
ord384
ord2453
ord4454
ord4497
ord6785
ord2860
ord2862
ord2097
ord2119
ord4287
ord2123
ord2080
ord2121
ord4299
ord1642
ord5279
ord3303
ord3317
ord3914
ord4000
ord6883
ord6008
ord3290
ord3297
ord3870
ord6662
ord5594
ord3287
ord1859
ord4246
ord3869
ord2127
ord2391
ord5102
ord4468
ord3350
ord975
ord2880
ord4153
ord2383
ord4437
ord5255
ord4428
ord807
ord554
ord402
ord6068
ord6199
ord2494
ord2627
ord2626
ord6000
ord2117
ord4163
ord6625
ord4457
ord6069
ord2884
ord6337
ord3797
ord6402
ord3521
ord5032
ord4413
ord3081
ord5284
ord5082
ord6053
ord3598
ord642
ord327
ord4235
ord3092
ord3874
ord5683
ord2087
ord3610
ord1771
ord6366
ord2413
ord2024
ord4219
ord2581
ord4401
ord3639
ord2089
ord2099
ord2116
ord3803
ord2859
ord690
ord5201
ord3215
ord389
ord676
ord3319
ord3178
ord2782
ord2771
ord369
ord3015
ord5922
ord1247
ord6232
ord6230
ord6148
ord2568
ord6268
ord6271
ord3225
ord3257
ord3912
ord2544
ord2543
ord2511
ord978
ord1731
ord5851
ord2883
ord2398
ord2418
ord6226
ord2429
ord2250
ord4732
ord4541
ord5477
ord2259
ord4836
ord4440
ord3720
ord527
ord794
ord4264
ord6224
ord2585
ord4365
ord5085
ord1709
ord1714
ord4404
ord5258
ord3722
ord796
ord529
ord4265
ord3294
ord3485
ord2754
ord4872
ord5856
ord2801
ord6404
ord524
ord2029
ord2077
ord523
ord3780
ord3721
ord809
ord556
ord1929
ord4275
ord1088
ord2122
ord6358
ord6880
ord5572
ord2915
ord926
ord6876
ord755
ord5873
ord2566
ord470
ord298
ord620
ord4230
ord6335
ord1233
ord5871
ord2997
ord6197
ord3089
ord4076
ord2567
ord2681
ord3220
ord2919
ord4023
ord2575
ord4396
ord3574
ord5265
ord4376
ord4853
ord4998
ord6052
ord1775
ord5280
ord4425
ord3597
ord324
ord2302
ord4234
ord4710
ord2301
ord2362
ord2364
ord2370
ord2358
ord2642
ord2582
ord4402
ord3370

msvcrt

strstr
_CIacos
_CIasin
_mbsstr
memmove
_mbscspn
_CItanh
_CIpow
_ftol
ceil
floor
_mbschr
_mbsnbcpy
_mbsnbcmp
_mbsspn
tolower
isupper
strncmp
__dllonexit
_onexit
_except_handler3
?terminate@@YAXXZ
??1type_info@@UAE@XZ
_exit
_XcptFilter
exit
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
_CIsinh
_CIcosh
_setmbcp
modf
__CxxFrameHandler
__p___argc
strncpy
__p___argv
_mbscmp
atoi
atol
_mbsicmp
strchr
isprint
isspace
isdigit
isxdigit
_strnicmp
isalpha
_strlwr
atof
_stricmp
strtok
__set_app_type
wcslen
_controlfp
getenv
isalnum
sprintf
toupper
localtime
time
_CIfmod

kernel32

GetCurrentDirectoryA
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
SetCurrentDirectoryA
IsDBCSLeadByte
CopyFileA
MultiByteToWideChar
lstrlenA
WideCharToMultiByte
lstrcpyA
GlobalUnlock
GlobalLock
GlobalAlloc
TerminateProcess
CreateProcessA
CloseHandle
DuplicateHandle
CreatePipe
GetCurrentProcess
ReadFile
PeekNamedPipe
WriteFile
GetExitCodeProcess
MulDiv
WinExec
GlobalSize
GetVolumeInformationA
GetDriveTypeA
GetLogicalDriveStringsA
FreeLibrary
LoadLibraryA
GetWindowsDirectoryA
lstrcatA
GetShortPathNameA
FindClose
FindFirstFileA
CreateDirectoryA
CreateFileA
GetEnvironmentVariableA
GetProcAddress
GetModuleHandleA
GetStartupInfoA
GetFileAttributesA
InitializeCriticalSection

user32

SetTimer
GetFocus
CopyIcon
InflateRect
GetDCEx
IsWindow
GetSysColor
GetDC
ReleaseDC
GetWindowRect
GetMenuItemID
ModifyMenuA
LoadMenuA
LockWindowUpdate
RedrawWindow
DispatchMessageA
GetKeyState
GetClipboardData
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
CopyRect
InvertRect
WinHelpA
MessageBeep
EnableWindow
PtInRect
KillTimer
ReleaseCapture
GetWindowDC
SetRectEmpty
OffsetRect
GetMenuItemCount
TranslateMessage
SetCapture
GetWindowLongA
GetMenuStringA
GetSubMenu
ClientToScreen
GetCursorPos
ScreenToClient
SetCursor
DestroyCaret
CreateCaret
SetCaretPos
GetParent
HideCaret
GetClientRect
ShowCaret
MapVirtualKeyA
GetKeyNameTextA
SendMessageA
InvalidateRect
IsWindowVisible
PostMessageA
IsIconic
OpenIcon
SetForegroundWindow
ShowOwnedPopups
GetSystemMetrics
PostThreadMessageA
LoadCursorA
UpdateWindow
InsertMenuA
DeleteMenu
GetMenu

gdi32

GetTextMetricsA
PatBlt
Polygon
BitBlt
SetPixelV
CreateSolidBrush
Arc
SelectObject
GetTextExtentPoint32A
TextOutA
CreateCompatibleDC
CreateCompatibleBitmap
GetObjectA
CreateFontIndirectA
GetDeviceCaps
GetStockObject

advapi32

RegDeleteKeyA
RegCreateKeyExA
RegDeleteValueA
RegQueryValueExA
RegOpenKeyExA
RegQueryValueA
RegCloseKey
RegEnumKeyExA
RegSetValueExA

shell32

SHGetPathFromIDListA
SHGetMalloc
SHFileOperationA
ShellExecuteA
SHBrowseForFolderA
SHGetFileInfoA

comctl32

ImageList_GetIcon

msvcirt

??_Dofstream@@QAEXXZ
??1ios@@UAE@XZ
??1ofstream@@UAE@XZ
?close@ofstream@@QAEXXZ
?endl@@YAAAVostream@@AAV1@@Z
??6ostream@@QAEAAV0@PBD@Z
??0ofstream@@QAE@PBDHH@Z
?openprot@filebuf@@2HB
??_Difstream@@QAEXXZ
??1ifstream@@UAE@XZ
?close@ifstream@@QAEXXZ
?unlock@ios@@QAAXXZ
_mtlock
?get@istream@@IAEAAV1@PADHH@Z
??0ifstream@@QAE@PBDHH@Z
?write@ostream@@QAEAAV1@PBDH@Z
?read@istream@@QAEAAV1@PADH@Z
?peek@istream@@QAEHXZ
_mtunlock
??_Distrstream@@QAEXXZ
??1istrstream@@UAE@XZ
??5istream@@QAEAAV0@PAD@Z
?eatwhite@istream@@QAEXXZ
??0istrstream@@QAE@PAD@Z
?tellg@istream@@QAEJXZ

wsock32

listen
WSAGetLastError

Sections

.text
Size: 432KB - Virtual size: 428KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 76KB - Virtual size: 74KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 736KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Shared
Size: 4KB - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 108KB - Virtual size: 104KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
cedttype.ico
docs/calculator.html
.html
docs/cmdline.html
.html
docs/commands.html
.html
docs/howtos.html
.html
docs/images/pref_association.gif
.gif
docs/images/pref_backup.gif
.gif
docs/images/pref_colors.gif
.gif
docs/images/pref_file.gif
.gif
docs/images/pref_filters.gif
.gif
docs/images/pref_fonts.gif
.gif
docs/images/pref_general.gif
.gif
docs/images/pref_macros.gif
.gif
docs/images/pref_print_options.gif
.gif
docs/images/pref_syntax.gif
.gif
docs/images/pref_tools.gif
.gif
docs/images/pref_user_tools.gif
.gif
docs/images/pref_word_wrap.gif
.gif
docs/index.html
.html
docs/preferences.html
.html
docs/style.css
docs/syntaxfile.html
.html
docs/tips.html
.html
launch.exe
.exe windows:4 windows x86 arch:x86

5c71aa8ca732163de5ea591c39a93aec

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCommandLineA
GetModuleHandleA

mfc42

ord815
ord561
ord800
ord941
ord537
ord1575

msvcrt

_initterm
__setusermatherr
_getch
exit
_onexit
__p__fmode
__set_app_type
_except_handler3
_controlfp
_XcptFilter
_exit
system
__dllonexit
__CxxFrameHandler
_adjust_fdiv
_errno
__p__commode
__p___initenv
__getmainargs

msvcp60

??1Init@ios_base@std@@QAE@XZ
??0Init@ios_base@std@@QAE@XZ
??0_Winit@std@@QAE@XZ
??6std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@PBD@Z
?endl@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@1@AAV21@@Z
?cerr@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?flush@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@1@AAV21@@Z
??1_Winit@std@@QAE@XZ
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A

Sections

.text
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 628B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
license.txt
link/extension.4gl
link/extension.a30
link/extension.a51
link/extension.a74
link/extension.abp
link/extension.ada
link/extension.adb
link/extension.ado
link/extension.ads
link/extension.ai
link/extension.as
link/extension.as2
link/extension.asa
link/extension.ash
link/extension.asl
link/extension.asm
link/extension.asn
link/extension.asp
link/extension.au3
link/extension.aut
link/extension.avp
link/extension.awk
link/extension.b
link/extension.baroc
link/extension.bas
link/extension.bash
link/extension.bat
link/extension.bdf
link/extension.bdh
link/extension.brp
link/extension.bsh
link/extension.c
link/extension.c++
link/extension.cc
link/extension.cds
link/extension.cfm
link/extension.cg
link/extension.cgi
link/extension.ch
link/extension.chf
link/extension.chl
link/extension.chs
link/extension.ci
link/extension.cisco
link/extension.cl
link/extension.clisp
link/extension.cln
link/extension.cls
link/extension.cmd
link/extension.cob
link/extension.conf
link/extension.cpp
link/extension.cs
link/extension.csl
link/extension.css
link/extension.cxx
link/extension.d
link/extension.dat
link/extension.dd
link/extension.def
link/extension.dg
link/extension.dmi
link/extension.dmo
link/extension.dms
link/extension.do
link/extension.dpk
link/extension.dpr
link/extension.dsp
link/extension.dtml
link/extension.dxl
link/extension.e
link/extension.edf
link/extension.edif
link/extension.edn
link/extension.edo
link/extension.el
link/extension.esp
link/extension.ew
link/extension.ex
link/extension.exp
link/extension.ext
link/extension.exw
link/extension.f
link/extension.f77
link/extension.f90
link/extension.f95
link/extension.fasm
link/extension.fmt
link/extension.for
link/extension.form
link/extension.frm
link/extension.ftn
link/extension.gc
link/extension.gui
link/extension.h
link/extension.h++
link/extension.hh
link/extension.hla
link/extension.hlsl
link/extension.hpp
link/extension.hs
link/extension.hti
link/extension.htm
link/extension.html
link/extension.htp
link/extension.htt
link/extension.hxx
link/extension.idl
link/extension.il
link/extension.inc
link/extension.inf
link/extension.ini
link/extension.jal
link/extension.jav
link/extension.java
link/extension.jbase
link/extension.jhtml
link/extension.js
link/extension.jsp
link/extension.key
link/extension.kix
link/extension.ksh
link/extension.l
link/extension.lgo
link/extension.lib
link/extension.limbo
link/extension.lingo
link/extension.lisp
link/extension.lng
link/extension.lsp
link/extension.lss
link/extension.ltp
link/extension.lua
link/extension.m
link/extension.mac
link/extension.mak
link/extension.maki
link/extension.maple
link/extension.mc
link/extension.mcr
link/extension.mdl
link/extension.mdx
link/extension.mel
link/extension.mf
link/extension.midl
link/extension.mips
link/extension.ml
link/extension.mli
link/extension.mod
link/extension.mp
link/extension.ms
link/extension.msc
link/extension.msf
link/extension.mso
link/extension.mv
link/extension.nasm
link/extension.nc
link/extension.nsi
link/extension.objc
link/extension.opr
link/extension.p
link/extension.pas
link/extension.paw
link/extension.pb
link/extension.pc
link/extension.pde
link/extension.perl
link/extension.pew
link/extension.phd
link/extension.php
link/extension.php3
link/extension.php4
link/extension.phtml
link/extension.pkg
link/extension.pl
link/extension.pm
link/extension.pml
link/extension.pmlfnc
link/extension.pmlfrm
link/extension.pmlobj
link/extension.poc
link/extension.pod
link/extension.pov
link/extension.prg
link/extension.prj
link/extension.proc
link/extension.ps
link/extension.psl
link/extension.py
link/extension.python
link/extension.r
link/extension.rb
link/extension.rc
link/extension.rex
link/extension.rexx
link/extension.rls
link/extension.rpt
link/extension.rte
link/extension.ruby
link/extension.rul
link/extension.run
link/extension.rwx
link/extension.rx
link/extension.s
link/extension.sas
link/extension.sci
link/extension.script
link/extension.sh
link/extension.shtm
link/extension.shtml
link/extension.sl
link/extension.sma
link/extension.spc
link/extension.sps
link/extension.sql
link/extension.sqr
link/extension.src
link/extension.sty
link/extension.tcl
link/extension.tdf
link/extension.tdy
link/extension.tea
link/extension.tex
link/extension.tlc
link/extension.tpc
link/extension.tpl
link/extension.tsl
link/extension.ttl
link/extension.uc
link/extension.v
link/extension.vb
link/extension.vbp
link/extension.vbs
link/extension.vhd
link/extension.vhdl
link/extension.vho
link/extension.vo
link/extension.vqm
link/extension.vsc
link/extension.vw
link/extension.vxml
link/extension.w
link/extension.wbt
link/extension.wish
link/extension.wks
link/extension.wml
link/extension.wrl
link/extension.xlg
link/extension.xml
link/extension.xsd
link/extension.xsl
link/extension.xslt
link/extension.xul
link/extension.z80
link/extension.zsh
link/firstline.arbvp
link/firstline.bash
link/firstline.chill
link/firstline.expect
link/firstline.gui4cli
link/firstline.hlsl
link/firstline.ksh
link/firstline.perl
link/firstline.python
link/firstline.rebol
link/pathname.html
link/pathname.make
notepad.exe
.exe windows:4 windows x86 arch:x86

649cec703f9305847ab6395279a4d3c2

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42

ord5302
ord2725
ord4079
ord5300
ord4698
ord5307
ord5289
ord2396
ord3346
ord2982
ord3259
ord4465
ord3136
ord3262
ord2985
ord3081
ord2976
ord5714
ord3147
ord3825
ord3079
ord5199
ord4622
ord4424
ord3738
ord561
ord825
ord815
ord858
ord4673
ord537
ord800
ord1200
ord540
ord860
ord1089
ord3922
ord5731
ord2512
ord2554
ord4486
ord6375
ord4274
ord4080
ord3830
ord3831
ord4278
ord1576
ord1168

msvcrt

_except_handler3
__set_app_type
__p__fmode
_adjust_fdiv
__setusermatherr
_initterm
_controlfp
__getmainargs
exit
_XcptFilter
_exit
_onexit
__dllonexit
__CxxFrameHandler
sprintf
_setmbcp
__p__commode
_acmdln

kernel32

GetModuleHandleA
CreateProcessA
GetStartupInfoA

advapi32

RegCloseKey
RegQueryValueExA
RegOpenKeyExA

Sections

.text
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 388B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 928B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
readme.txt
schemes/schemes.txt
spec/68000-asm.key
spec/68000-asm.spc
spec/69r000-asm.key
spec/69r000-asm.spc
spec/8051-asm.key
spec/8051-asm.spc
spec/abap.key
spec/abap.spc
spec/actionscript.key
spec/actionscript.spc
spec/ada.key
spec/ada.spc
spec/admb.key
spec/admb.spc
spec/altera-tdf.key
spec/altera-tdf.spc
spec/amada-nc.key
spec/amada-nc.spc
spec/ampl.key
spec/ampl.spc
spec/ansys-apdl.key
spec/ansys-apdl.spc
spec/apache-conf.key
spec/apache-conf.spc
spec/apic-gis.key
spec/apic-gis.spc
spec/arbvp10.key
spec/arbvp10.spc
spec/asn1.key
spec/asn1.spc
spec/asp.key
.vbs
spec/asp.spc
spec/autoit.key
.vbs
spec/autoit.spc
spec/autolisp.key
.vbs
spec/autolisp.spc
spec/awk.key
spec/awk.spc
spec/baan-4gl.key
spec/baan-4gl.spc
spec/bash.key
spec/bash.spc
spec/basic.key
.vbs
spec/basic.spc
spec/batch.key
.vbs
spec/batch.spc
spec/cedt-project.key
spec/cedt-project.spc
spec/ch.key
spec/ch.spc
spec/chill.key
spec/chill.spc
spec/cisco.key
spec/cisco.spc
spec/citect.key
spec/citect.spc
spec/clipper.key
spec/clipper.spc
spec/cobol.key
spec/cobol.spc
spec/coldfusion.key
.vbs
spec/coldfusion.spc
spec/corba-idl.key
spec/corba-idl.spc
spec/cplusplus.key
spec/cplusplus.spc
spec/csharp.key
spec/csharp.spc
spec/csl.key
spec/csl.spc
spec/css.key
spec/css.spc
spec/d.key
spec/d.spc
spec/dataflex.key
spec/dataflex.spc
spec/directx-fx.key
spec/directx-fx.spc
spec/directx-mesh.key
spec/directx-mesh.spc
spec/dmis.key
spec/dmis.spc
spec/doors-dxl.key
.vbs
spec/doors-dxl.spc
spec/dsp-asm.key
spec/dsp-asm.spc
spec/dspic-asm.key
spec/dspic-asm.spc
spec/dtml.key
spec/dtml.spc
spec/dynamicc.key
.vbs
spec/dynamicc.spc
spec/edif.key
spec/edif.spc
spec/eiffel.key
spec/eiffel.spc
spec/escapade.key
spec/escapade.spc
spec/euphoria.key
spec/euphoria.spc
spec/expect.key
spec/expect.spc
spec/extbatch.key
spec/extbatch.spc
spec/fivewin.key
spec/fivewin.spc
spec/flat-asm.key
spec/flat-asm.spc
spec/flexpde.key
spec/flexpde.spc
spec/form.key
spec/form.spc
spec/fortran77.key
spec/fortran77.spc
spec/fortran90.key
.vbs
spec/fortran90.spc
spec/gnu-asm.key
spec/gnu-asm.spc
spec/gui4cli.key
spec/gui4cli.spc
spec/haskell.key
spec/haskell.spc
spec/hla.key
spec/hla.spc
spec/hlsl.key
spec/hlsl.spc
spec/html.key
spec/html.spc
spec/htp.key
spec/htp.spc
spec/inform.key
spec/inform.spc
spec/informix-4gl.key
.vbs
spec/informix-4gl.spc
spec/ini.key
spec/ini.spc
spec/installshield.key
.vbs
spec/installshield.spc
spec/jal.key
spec/jal.spc
spec/java.key
spec/java.spc
spec/javascript.key
.js
spec/javascript.spc
spec/jbase.key
spec/jbase.spc
spec/jsp.key
spec/jsp.spc
spec/keywords.key
spec/keywords.spc
spec/kixtart.key
.vbs
spec/kixtart.spc
spec/korn-shell.key
spec/korn-shell.spc
spec/langspec.key
spec/langspec.spc
spec/latex.key
spec/latex.spc
spec/lc2-asm.key
spec/lc2-asm.spc
spec/limbo.key
spec/limbo.spc
spec/lingo.key
.vbs
spec/lingo.spc
spec/lisp.key
spec/lisp.spc
spec/lotusscript.key
.vbs
spec/lotusscript.spc
spec/lua.key
spec/lua.spc
spec/makefile.key
spec/makefile.spc
spec/makiscript.key
spec/makiscript.spc
spec/maple.key
spec/maple.spc
spec/matlab.key
spec/matlab.spc
spec/matrixx-tpl.key
spec/matrixx-tpl.spc
spec/matrixx.key
spec/matrixx.spc
spec/maxima.key
spec/maxima.spc
spec/maxscript.key
spec/maxscript.spc
spec/mdl.key
spec/mdl.spc
spec/mdx.key
spec/mdx.spc
spec/mel.key
spec/mel.spc
spec/metafont.key
spec/metafont.spc
spec/metapost.key
spec/metapost.spc
spec/midl.key
spec/midl.spc
spec/mips.key
.vbs
spec/mips.spc
spec/mirc.key
.vbs
spec/mirc.spc
spec/mit-a30.key
spec/mit-a30.spc
spec/mit-a74.key
spec/mit-a74.spc
spec/mit-asm.key
spec/mit-asm.spc
spec/mobilec.key
spec/mobilec.spc
spec/modula-2.key
spec/modula-2.spc
spec/msw-logo.key
spec/msw-logo.spc
spec/mv-basic.key
spec/mv-basic.spc
spec/mysql.key
.vbs
spec/mysql.spc
spec/netwide-asm.key
spec/netwide-asm.spc
spec/nsis.key
spec/nsis.spc
spec/nvidia-cg.key
spec/nvidia-cg.spc
spec/objective-c.key
spec/objective-c.spc
spec/ocaml.key
spec/ocaml.spc
spec/octave.key
spec/octave.spc
spec/openroad.key
spec/openroad.spc
spec/osdd.key
spec/osdd.spc
spec/pascal.key
spec/pascal.spc
spec/pawl.key
.vbs
spec/pawl.spc
spec/pdms-pml.key
spec/pdms-pml.spc
spec/peoplesoft-sqr.key
spec/peoplesoft-sqr.spc
spec/perl.key
spec/perl.spc
spec/philips-hdl.key
spec/philips-hdl.spc
spec/php.key
spec/php.spc
spec/pic-asm.key
spec/pic-asm.spc
spec/plsql.key
.vbs
spec/plsql.spc
spec/pocoscript.key
spec/pocoscript.spc
spec/pod.key
spec/pod.spc
spec/postscript.key
spec/postscript.spc
spec/pov-ray.key
spec/pov-ray.spc
spec/proc.key
spec/proc.spc
spec/progress-4gl.key
spec/progress-4gl.spc
spec/prolog.key
spec/prolog.spc
spec/psl.key
spec/psl.spc
spec/purebasic.key
.vbs
spec/purebasic.spc
spec/python.key
spec/python.spc
spec/r.key
spec/r.spc
spec/rapidq-basic.key
spec/rapidq-basic.spc
spec/rebol.key
spec/rebol.spc
spec/renderman.key
spec/renderman.spc
spec/rexx.key
spec/rexx.spc
spec/rsi-idl.key
spec/rsi-idl.spc
spec/rtcw-script.key
spec/rtcw-script.spc
spec/rtcw-script.txt
spec/rte.key
spec/rte.spc
spec/rtpi.key
spec/rtpi.spc
spec/ruby.key
spec/ruby.spc
spec/rwx.key
spec/rwx.spc
spec/sas.key
spec/sas.spc
spec/scilab.key
spec/scilab.spc
spec/silkperformer.key
spec/silkperformer.spc
spec/siod.key
spec/siod.spc
spec/skill.key
.vbs
spec/skill.spc
spec/small.key
spec/small.spc
spec/spss.key
spec/spss.spc
spec/stata.key
.vbs
spec/stata.spc
spec/tads.key
spec/tads.spc
spec/tcltk.key
spec/tcltk.spc
spec/tea.key
spec/tea.spc
spec/teradata-sql.key
spec/teradata-sql.spc
spec/teraterm.key
spec/teraterm.spc
spec/tidy-conf.key
spec/tidy-conf.spc
spec/tivoli-baroc.key
spec/tivoli-baroc.spc
spec/tivoli-class.key
spec/tivoli-class.spc
spec/tivoli-logfile.key
spec/tivoli-logfile.spc
spec/tivoli-rules.key
spec/tivoli-rules.spc
spec/tlc.key
spec/tlc.spc
spec/tms320c6x-asm.key
spec/tms320c6x-asm.spc
spec/tsql.key
spec/tsql.spc
spec/unrealscript.key
spec/unrealscript.spc
spec/vbscript.key
.vbs
spec/vbscript.spc
spec/verilog.key
spec/verilog.spc
spec/vhdl.key
spec/vhdl.spc
spec/virtools-script.key
.vbs
spec/virtools-script.spc
spec/visualbasic.key
spec/visualbasic.spc
spec/vrml.key
spec/vrml.spc
spec/vxml.key
spec/vxml.spc
spec/winbatch.key
spec/winbatch.spc
spec/winres-script.key
spec/winres-script.spc
spec/winrunner-tsl.key
spec/winrunner-tsl.spc
spec/wml.key
spec/wml.spc
spec/x86-asm.key
spec/x86-asm.spc
spec/xml.key
spec/xml.spc
spec/xsd.key
spec/xsd.spc
spec/xsl.key
spec/xsl.spc
spec/xslt.key
spec/xslt.spc
spec/xul.key
spec/xul.spc
spec/yabasic.key
.vbs
spec/yabasic.spc
spec/z80-asm.key
.vbs
spec/z80-asm.spc
spec/zzt.key
spec/zzt.spc
template/hello world applet.java
template/hello world document.html
template/hello world document.tex
template/hello world document.wml
.xml
template/hello world program.ada
template/hello world program.c
template/hello world program.cpp
template/hello world program.for
template/hello world program.java
template/hello world program.pl
.pl .sh linux
template/hello world program.psl
template/hello world program.src
tools/tools.txt
uninstall.exe
.exe windows:4 windows x86 arch:x86

dae718ca7c0da2949ad685c2d593ec7a

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

comctl32

ImageList_AddMasked
ord17
ImageList_Destroy
ImageList_Create

kernel32

FindNextFileA
DeleteFileA
FindFirstFileA
CloseHandle
SetFileTime
GetFileAttributesA
CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
lstrcatA
SetCurrentDirectoryA
CreateDirectoryA
SetFileAttributesA
Sleep
GetFileSize
GetModuleFileNameA
GetTickCount
CopyFileA
ExitProcess
lstrcpynA
GetCommandLineA
lstrcmpiA
GetTempPathA
GetUserDefaultLangID
GetDiskFreeSpaceA
GetVersion
GlobalUnlock
GlobalLock
GlobalAlloc
CreateThread
CreateProcessA
RemoveDirectoryA
CreateFileA
GetTempFileNameA
SetEndOfFile
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
lstrcpyA
lstrlenA
GetSystemDirectoryA
MulDiv
FindClose
SetFilePointer
ReadFile
WriteFile
GetPrivateProfileStringA
GetEnvironmentVariableA
ExpandEnvironmentStringsA
GlobalFree
WritePrivateProfileStringA
WaitForSingleObject
GetExitCodeProcess
SetErrorMode
GetModuleHandleA
LoadLibraryA
GetProcAddress
FreeLibrary
MultiByteToWideChar
GetCurrentProcess
GetWindowsDirectoryA

user32

CharNextA
DialogBoxParamA
GetClassInfoA
CreateWindowExA
SystemParametersInfoA
RegisterClassA
EndDialog
ScreenToClient
GetWindowRect
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
LoadCursorA
SetCursor
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxA
CharPrevA
CreateDialogParamA
DestroyWindow
SetTimer
SetWindowTextA
SetForegroundWindow
ShowWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
PeekMessageA
DispatchMessageA
PostQuitMessage
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ExitWindowsEx

gdi32

GetDeviceCaps
CreateFontIndirectA
DeleteObject
CreateBrushIndirect
CreateFontA
SetBkMode
SetTextColor
SetBkColor
SelectObject

advapi32

RegEnumValueA
RegEnumKeyA
RegQueryValueExA
RegSetValueExA
RegDeleteKeyA
RegOpenKeyExA
RegDeleteValueA
RegCreateKeyA
RegCloseKey

shell32

ShellExecuteA
SHBrowseForFolderA
SHGetPathFromIDListA
SHGetMalloc
SHGetSpecialFolderLocation
SHFileOperationA

ole32

OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 151KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 32KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 19KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/modern-header.bmp
user.dic
下载说明.htm
.html .js polyglot
汉化说明.txt

Sharing

General

Malware Config

Signatures

Files

e41c25ab7824b3df73334188c40518ae

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

Exports

Exports

Sections

.text Size: 8KB - Virtual size: 8KB

.rdata Size: 2KB - Virtual size: 1KB

.data Size: 1024B - Virtual size: 1KB

.rsrc Size: 2KB - Virtual size: 1KB

dae718ca7c0da2949ad685c2d593ec7a

Headers

File Characteristics

Imports

comctl32

kernel32

user32

gdi32

advapi32

shell32

ole32

version

Sections

.text Size: 23KB - Virtual size: 22KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 1024B - Virtual size: 151KB

.ndata Size: - Virtual size: 32KB

.rsrc Size: 19KB - Virtual size: 20KB

9b789b0051ea4c7ac3d092719e95a89f

Headers

File Characteristics

Imports

mfc42

msvcrt

kernel32

user32

advapi32

shell32

ole32

Exports

Exports

Sections

.text Size: 8KB - Virtual size: 4KB

.rdata Size: 4KB - Virtual size: 2KB

.data Size: 4KB - Virtual size: 4KB

.rsrc Size: 4KB - Virtual size: 16B

.reloc Size: 4KB - Virtual size: 990B

8ca62a4a159d45e701c3e108f81d56f0

Headers

File Characteristics

Imports

imm32

mfc42

msvcrt

kernel32

user32

gdi32

advapi32

shell32

comctl32

msvcirt

wsock32

Sections

.text Size: 432KB - Virtual size: 428KB

.rdata Size: 76KB - Virtual size: 74KB

.data Size: 12KB - Virtual size: 736KB

Shared Size: 4KB - Virtual size: 4B

.rsrc Size: 108KB - Virtual size: 104KB

5c71aa8ca732163de5ea591c39a93aec

Headers

.text
Size: 8KB - Virtual size: 8KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 1024B - Virtual size: 1KB

.rsrc
Size: 2KB - Virtual size: 1KB

.text
Size: 23KB - Virtual size: 22KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 1024B - Virtual size: 151KB

.ndata
Size: - Virtual size: 32KB

.rsrc
Size: 19KB - Virtual size: 20KB

.text
Size: 8KB - Virtual size: 4KB

.rdata
Size: 4KB - Virtual size: 2KB

.data
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 4KB - Virtual size: 16B

.reloc
Size: 4KB - Virtual size: 990B

.text
Size: 432KB - Virtual size: 428KB

.rdata
Size: 76KB - Virtual size: 74KB

.data
Size: 12KB - Virtual size: 736KB

Shared
Size: 4KB - Virtual size: 4B

.rsrc
Size: 108KB - Virtual size: 104KB

.text
Size: 4KB - Virtual size: 1KB

.rdata
Size: 4KB - Virtual size: 1KB

.data
Size: 4KB - Virtual size: 628B

.rsrc
Size: 4KB - Virtual size: 16B

.text
Size: 4KB - Virtual size: 1KB

.rdata
Size: 4KB - Virtual size: 1KB

.data
Size: 4KB - Virtual size: 388B

.rsrc
Size: 4KB - Virtual size: 928B

.text
Size: 23KB - Virtual size: 22KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 1024B - Virtual size: 151KB

.ndata
Size: - Virtual size: 32KB

.rsrc
Size: 19KB - Virtual size: 20KB