ZippedFiles[.]rar

Sharing

Copy URL Twitter E-mail

General

Target

ZippedFiles.rar
Size

792KB
MD5

a7ebf9674f8b9ef7c968da99ae7041b0
SHA1

71c753ce498cc8c59fcc80e5b40dd8b6783bdbbf
SHA256

57841842cc5914ee69d63d4841648235112c859a16e1539d30e985ed4efd79d7
SHA512

ae04cb0c223017a1126894baec6a8300fc58d3d91f5c966dbefbf6295eb1f0c5f9dbc319cf3ce7047b39045ae08f737440ac30c814572d1a9f229b407f019f46
SSDEEP

24576:uN2vZRkIHmR5J5E0AUALupS/YC8ZSl+yz:uN2vbkQ0LYupS/YCWSwyz

Score

3^/10

Malware Config

Signatures

Unsigned PE 17 IoCs

Checks for missing Authenticode signature.

resource
unpack001/2011 自動練功眾多私服天堂 3.3c-3.5c 皆可以使用。/lpk.dll
unpack001/2011 自動練功眾多私服天堂 3.3c-3.5c 皆可以使用。/plugin/Bkgnd.dll
unpack001/2011 自動練功眾多私服天堂 3.3c-3.5c 皆可以使用。/plugin/BkgndColor.dll
unpack001/2011 自動練功眾多私服天堂 3.3c-3.5c 皆可以使用。/plugin/Color.dll
unpack001/2011 自動練功眾多私服天堂 3.3c-3.5c 皆可以使用。/plugin/Console.dll
unpack001/2011 自動練功眾多私服天堂 3.3c-3.5c 皆可以使用。/plugin/Encrypt.dll
unpack001/2011 自動練功眾多私服天堂 3.3c-3.5c 皆可以使用。/plugin/File.dll
unpack001/2011 自動練功眾多私服天堂 3.3c-3.5c 皆可以使用。/plugin/GetSysInfo.dll
unpack001/2011 自動練功眾多私服天堂 3.3c-3.5c 皆可以使用。/plugin/Media.dll
unpack001/2011 自動練功眾多私服天堂 3.3c-3.5c 皆可以使用。/plugin/Memory.dll
unpack001/2011 自動練功眾多私服天堂 3.3c-3.5c 皆可以使用。/plugin/Msg.dll
unpack001/2011 自動練功眾多私服天堂 3.3c-3.5c 皆可以使用。/plugin/Net.dll
unpack001/2011 自動練功眾多私服天堂 3.3c-3.5c 皆可以使用。/plugin/Office.dll
unpack001/2011 自動練功眾多私服天堂 3.3c-3.5c 皆可以使用。/plugin/Pic.dll
unpack001/2011 自動練功眾多私服天堂 3.3c-3.5c 皆可以使用。/plugin/Sys.dll
unpack001/2011 自動練功眾多私服天堂 3.3c-3.5c 皆可以使用。/plugin/Web.dll
unpack001/2011 自動練功眾多私服天堂 3.3c-3.5c 皆可以使用。/plugin/Window.dll

Files

ZippedFiles.rar
.rar
2011 自動練功眾多私服天堂 3.3c-3.5c 皆可以使用。/cfgdll.dll
.dll windows:4 windows x86 arch:x86

3d5f56d94d940d17985002ac8d7d1179

Code Sign

42:ce:8a:30:d3:56:02:f8:41:18:6c:6e:20:53:19:04
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

25/04/2007, 00:00

Not After

09/07/2019, 18:40

Subject

CN=WoSign Code Signing Authority,O=WoSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning
ExtKeyUsageClientAuth

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

44:be:0c:8b:50:00:24:b4:11:d3:36:2d:e0:b3:5f:1b
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

09/07/1999, 18:31

Not After

09/07/2019, 18:40

Subject

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

03:b3:e8:07:89:fe:e6:ab:e9:3d:d9:72:81:7e:53:f8
Certificate

Issuer

CN=WoSign Code Signing Authority,O=WoSign\, Inc.,C=US

Not Before

13/01/2010, 00:00

Not After

13/01/2011, 23:59

Subject

CN=Fuzhou TianxiaChuangshi Digital Co.\,Ltd.,OU=Class 3 - for Microsoft Authenticode Signing,O=Fuzhou TianxiaChuangshi Digital Co.\,Ltd.,L=Fuzhou,ST=Fujian,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageDigitalSignature

43:73:c5:9c:4f:32:a9:e5:b5:d3:de:f1:26:9a:12:0d
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

30/04/2007, 00:00

Not After

29/04/2012, 23:59

Subject

CN=WoSign Time Stamping Signer,O=WoSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

MapViewOfFile
OpenFileMappingA
CreateFileMappingA
CloseHandle
UnmapViewOfFile
GetCurrentProcessId
CreateEventA
PulseEvent
OpenEventA
WaitForSingleObject
CompareStringW
CompareStringA
RtlUnwind
GetStringTypeW
GetStringTypeA
GetTimeZoneInformation
GetSystemTime
GetLocalTime
GetCommandLineA
GetVersion
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
GetLastError
ExitProcess
TerminateProcess
GetCurrentProcess
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
HeapFree
WriteFile
HeapAlloc
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetCPInfo
GetACP
GetOEMCP
VirtualAlloc
HeapReAlloc
GetProcAddress
LoadLibraryA
MultiByteToWideChar
LCMapStringA
LCMapStringW
SetEnvironmentVariableA

user32

UnhookWindowsHookEx
SetWindowsHookExA
CallNextHookEx
PostMessageA

Sections

.text
Size: 20KB - Virtual size: 18KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
2011 自動練功眾多私服天堂 3.3c-3.5c 皆可以使用。/lpk.dll
.dll windows:5 windows x86 arch:x86

00c5fd00087020a0645079ce30f4148b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

ExitProcess
GetProcAddress
RtlMoveMemory
LoadLibraryW
lstrcatW
GetSystemDirectoryW
FreeLibrary
lstrcpynA
LockResource
LoadResource
SizeofResource
FindResourceW
CreateProcessW
RtlZeroMemory
CloseHandle
WriteFile
CreateFileW
GetTempFileNameW
GetTempPathW
GetLastError
CreateMutexA
lstrcmpiW
GetModuleFileNameW
GetExitCodeProcess
TerminateProcess
WaitForSingleObject
GetCurrentThreadId
GetFileAttributesW
lstrcpyW
GetTickCount
GetLogicalDrives
FindNextFileW
SetFileAttributesW
CopyFileW
FindClose
FindFirstFileW
WaitForMultipleObjects
TerminateThread
ResumeThread
SetThreadPriority
CreateThread
SetEvent
CreateEventW
DisableThreadLibraryCalls

user32

wsprintfW

shell32

ord64
ord92

shlwapi

SHRegGetValueW
PathFindExtensionW
PathFindFileNameW
PathAppendW
PathRemoveFileSpecW
StrStrIW

Exports

Exports

LpkDllInitialize
LpkDrawTextEx
LpkEditControl
LpkExtTextOut
LpkGetCharacterPlacement
LpkGetTextExtentExPoint
LpkInitialize
LpkPSMTextOut
LpkTabbedTextOut
LpkUseGDIWidthCache
ftsWordBreak

Sections

.text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 672B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 38KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 494B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
2011 自動練功眾多私服天堂 3.3c-3.5c 皆可以使用。/plugin/Bkgnd.dll
.dll regsvr32 windows:4 windows x86 arch:x86

a1b166c7ea6aa81ca8ab7c57a607026f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mfc42

ord561
ord815
ord5500
ord1132
ord1131
ord941
ord6354
ord823
ord860
ord535
ord3738
ord3081
ord3262
ord5714
ord5289
ord5307
ord4698
ord4079
ord5302
ord5300
ord3346
ord2396
ord5199
ord1089
ord3922
ord5731
ord2512
ord2554
ord2915
ord825
ord537
ord540
ord2818
ord4204
ord1601
ord800
ord743
ord446
ord2486
ord4226
ord4486
ord6375
ord4274
ord4003
ord4622
ord1223
ord290
ord2623
ord1206
ord614
ord269
ord826
ord600
ord1578
ord6467
ord1255
ord1253
ord1570
ord1197
ord1243
ord342
ord1182
ord1577
ord1168
ord1575
ord1176
ord1116
ord6877
ord940
ord939
ord859
ord1799
ord2982
ord3147
ord3259
ord4465
ord3136
ord2985
ord2976
ord3830
ord3831
ord3825
ord3079
ord4080
ord4424

msvcrt

__CxxFrameHandler
strtol
_ftol
malloc
wcstombs
strchr
strrchr
sprintf
free
sscanf
__dllonexit
_onexit
_initterm
_adjust_fdiv
??1type_info@@UAE@XZ

kernel32

LocalAlloc
LocalFree
Sleep
GlobalFree
IsDBCSLeadByte
IsDebuggerPresent
GetModuleFileNameA
GetPrivateProfileStringA
WritePrivateProfileStringA
GlobalAlloc
GlobalLock
GlobalUnlock
LoadLibraryA
GetProcAddress
FreeLibrary
OutputDebugStringA

user32

IsRectEmpty
GetWindowDC
GetWindowRect
ClientToScreen
GetDC
ReleaseDC
PostMessageA
MapVirtualKeyA
SendMessageA
GetGUIThreadInfo
GetWindowThreadProcessId
GetForegroundWindow

gdi32

RealizePalette
DeleteDC
DeleteObject
CreateDCA
CreateCompatibleDC
SelectPalette
SelectObject
BitBlt
GetObjectA
GetDIBits
GetStockObject
CreateCompatibleBitmap

advapi32

RegSetValueExA
RegCloseKey
RegOpenKeyA

ole32

StringFromCLSID
CoTaskMemFree

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer

Sections

.text
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
2011 自動練功眾多私服天堂 3.3c-3.5c 皆可以使用。/plugin/BkgndColor.dll
.dll regsvr32 windows:4 windows x86 arch:x86

0b501e04791adaf9382223e7d946167b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mfc42

ord3081
ord3738
ord561
ord815
ord5714
ord5289
ord5307
ord4698
ord4079
ord2725
ord5302
ord5300
ord5500
ord1132
ord1131
ord6354
ord540
ord860
ord1601
ord800
ord743
ord446
ord2486
ord3262
ord600
ord1243
ord1176
ord1168
ord1578
ord6467
ord1255
ord1253
ord1570
ord1197
ord342
ord1182
ord1577
ord1575
ord1116
ord269
ord826
ord6877
ord940
ord939
ord859
ord535
ord1799
ord2982
ord3147
ord3259
ord4465
ord3136
ord2985
ord2976
ord3830
ord3831
ord3825
ord3079
ord4080
ord4424
ord614
ord1206
ord2623
ord290
ord1223
ord4622
ord4003
ord4274
ord6375
ord4486
ord2554
ord2512
ord5731
ord3922
ord1089
ord5199
ord2396
ord3346
ord4226

msvcrt

_ftol
sprintf
strtol
__CxxFrameHandler
??3@YAXPAX@Z
??2@YAPAXI@Z
strchr
??1type_info@@UAE@XZ
_adjust_fdiv
malloc
_initterm
free
_onexit
__dllonexit
_EH_prolog
atoi
strrchr

kernel32

WritePrivateProfileStringA
IsDebuggerPresent
IsBadWritePtr
IsBadCodePtr
GetEnvironmentVariableA
GetPrivateProfileStringA
LocalAlloc
LocalFree
OutputDebugStringA
GlobalAlloc
GlobalFree
GlobalUnlock
GlobalLock
GetModuleFileNameA

user32

PrintWindow
GetWindowDC
GetWindowRect
IsRectEmpty
GetDC
ClientToScreen
ReleaseDC

gdi32

CreateDCA
GetObjectA
GetStockObject
SelectPalette
RealizePalette
GetDIBits
DeleteObject
BitBlt
DeleteDC
SelectObject
CreateCompatibleBitmap
CreateCompatibleDC

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer

Sections

.text
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.sxdata
Size: 4KB - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
2011 自動練功眾多私服天堂 3.3c-3.5c 皆可以使用。/plugin/Color.dll
.dll regsvr32 windows:4 windows x86 arch:x86

432602c50f547201afb8b62d3c154c2f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mfc42

ord2450
ord6354
ord941
ord1131
ord1132
ord5500
ord815
ord561
ord3738
ord2405
ord825
ord2414
ord640
ord860
ord4278
ord858
ord3663
ord3626
ord6928
ord323
ord1640
ord1641
ord3081
ord3262
ord5714
ord5289
ord5307
ord4698
ord4079
ord5302
ord5300
ord3346
ord2396
ord5199
ord1089
ord3922
ord5731
ord2512
ord2554
ord4486
ord6375
ord4274
ord3571
ord2818
ord4204
ord1601
ord540
ord537
ord2915
ord800
ord465
ord743
ord446
ord2486
ord823
ord4226
ord4003
ord4622
ord1223
ord290
ord2623
ord1206
ord614
ord4424
ord4080
ord3079
ord3825
ord3831
ord3830
ord269
ord826
ord600
ord1578
ord6467
ord1255
ord1253
ord1570
ord1197
ord1243
ord342
ord1182
ord1577
ord1168
ord1575
ord1176
ord1116
ord6877
ord940
ord939
ord859
ord535
ord1799
ord2982
ord3147
ord3259
ord4465
ord3136
ord2985
ord2976

msvcrt

strtol
__CxxFrameHandler
sprintf
sscanf
_ftol
atol
_mbscmp
free
wcstombs
strchr
strrchr
__dllonexit
_onexit
_initterm
_adjust_fdiv
??1type_info@@UAE@XZ
malloc

kernel32

LocalAlloc
LocalFree
WritePrivateProfileStringA
IsDebuggerPresent
GetModuleFileNameA
GetPrivateProfileStringA

user32

GetSystemMetrics
GetDC
ReleaseDC

gdi32

CreateDCA
CreateCompatibleDC
SelectObject
BitBlt
GetObjectA
GetDIBits
CreateCompatibleBitmap

oleaut32

VariantClear

advapi32

RegSetValueExA
RegCloseKey
RegOpenKeyA

ole32

StringFromCLSID
CoTaskMemFree

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer

Sections

.text
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
2011 自動練功眾多私服天堂 3.3c-3.5c 皆可以使用。/plugin/Console.dll
.dll regsvr32 windows:4 windows x86 arch:x86

3ee25517d80f50b3dc6c3077fe84ed0f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mfc42

ord2915
ord1131
ord537
ord6354
ord540
ord2818
ord1601
ord800
ord743
ord446
ord2486
ord941
ord4226
ord1132
ord5500
ord269
ord826
ord600
ord1578
ord6467
ord1255
ord1253
ord1570
ord1197
ord1243
ord342
ord1182
ord1577
ord1168
ord1575
ord1176
ord1116
ord860
ord6877
ord940
ord939
ord859
ord535
ord1799
ord2982
ord3147
ord3259
ord4465
ord3136
ord2985
ord2976
ord3830
ord3831
ord3825
ord3079
ord4080
ord4424
ord614
ord1206
ord2623
ord290
ord1223
ord4622
ord4003
ord4274
ord6375
ord4486
ord2554
ord2512
ord5731
ord3922
ord1089
ord5199
ord2396
ord3346
ord5300
ord5302
ord4079
ord4698
ord5307
ord5289
ord5714
ord3262
ord3081
ord3738
ord561
ord815

msvcrt

free
__CxxFrameHandler
??1type_info@@UAE@XZ
??3@YAXPAX@Z
_adjust_fdiv
malloc
strrchr
wcstombs
_initterm
_EH_prolog
_onexit
__dllonexit
??2@YAPAXI@Z
strchr

kernel32

AllocConsole
WriteFile
SetConsoleCtrlHandler
GetModuleHandleA
ReadConsoleInputA
LocalFree
GetStdHandle
ReadFile
IsDebuggerPresent
GetModuleFileNameA
GetPrivateProfileStringA
WritePrivateProfileStringA
GetProcAddress
FreeConsole
LocalAlloc

user32

SetForegroundWindow

advapi32

RegCloseKey
RegOpenKeyA
RegSetValueExA

ole32

StringFromCLSID
CoTaskMemFree

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer

Sections

.text
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 964B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
2011 自動練功眾多私服天堂 3.3c-3.5c 皆可以使用。/plugin/Encrypt.dll
.dll regsvr32 windows:4 windows x86 arch:x86

142837ed94ddbf154f04f47094070bfe

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mfc42

ord668
ord2770
ord356
ord537
ord800
ord1601
ord540
ord825
ord860
ord4204
ord743
ord6354
ord941
ord2915
ord1131
ord1132
ord446
ord2486
ord4226
ord5500
ord815
ord561
ord3738
ord3081
ord3262
ord5714
ord5289
ord5307
ord4698
ord4079
ord5302
ord5300
ord3346
ord2396
ord5199
ord1089
ord3922
ord5731
ord2512
ord2554
ord4486
ord6375
ord4274
ord4003
ord4622
ord1223
ord269
ord826
ord600
ord1578
ord6467
ord1255
ord1253
ord1570
ord1197
ord1243
ord342
ord1182
ord1577
ord1168
ord1575
ord1176
ord1116
ord6877
ord940
ord939
ord859
ord535
ord1799
ord2982
ord3147
ord3259
ord4465
ord3136
ord2985
ord2976
ord3830
ord3831
ord3825
ord3079
ord4080
ord4424
ord614
ord1206
ord2623
ord290

msvcrt

??1type_info@@UAE@XZ
_adjust_fdiv
malloc
_initterm
strrchr
strchr
wcstombs
free
_onexit
__dllonexit
??2@YAPAXI@Z
_EH_prolog
fclose
__CxxFrameHandler
_mbscmp

kernel32

WritePrivateProfileStringA
IsDebuggerPresent
LocalFree
LocalAlloc
GetModuleFileNameA
GetPrivateProfileStringA

msvcp60

?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?_Xlen@std@@YAXXZ
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
?read@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@PADH@Z
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAD0@Z
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAD00@Z
?_Stinit@?1??_Init@?$basic_filebuf@DU?$char_traits@D@std@@@std@@IAEXPAU_iobuf@@W4_Initfl@23@@Z@4HA
?clear@ios_base@std@@QAEXH_N@Z
??_8?$basic_ifstream@DU?$char_traits@D@std@@@std@@7B@
??0ios_base@std@@IAE@XZ
??_7?$basic_ios@DU?$char_traits@D@std@@@std@@6B@
??_7?$basic_istream@DU?$char_traits@D@std@@@std@@6B@
?init@?$basic_ios@DU?$char_traits@D@std@@@std@@IAEXPAV?$basic_streambuf@DU?$char_traits@D@std@@@2@_N@Z
??0?$basic_filebuf@DU?$char_traits@D@std@@@std@@QAE@PAU_iobuf@@@Z
??_7?$basic_ifstream@DU?$char_traits@D@std@@@std@@6B@
?open@?$basic_filebuf@DU?$char_traits@D@std@@@std@@QAEPAV12@PBDH@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
??1?$basic_filebuf@DU?$char_traits@D@std@@@std@@UAE@XZ
??1ios_base@std@@UAE@XZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UAE@XZ
??_D?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAEXXZ
?_Grow@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAE_NI_N@Z
?_Eos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXI@Z
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ

advapi32

RegSetValueExA
RegCloseKey
RegOpenKeyA

ole32

StringFromCLSID
CoTaskMemFree

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer

Sections

.text
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
2011 自動練功眾多私服天堂 3.3c-3.5c 皆可以使用。/plugin/File.dll
.dll regsvr32 windows:4 windows x86 arch:x86

a10a0592e6925a16bb3205010b141edd

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mfc42

ord533
ord6407
ord2818
ord4278
ord536
ord858
ord535
ord2915
ord6662
ord5194
ord5465
ord924
ord939
ord1997
ord798
ord6354
ord941
ord1131
ord1132
ord5500
ord815
ord561
ord3738
ord3081
ord3262
ord354
ord5186
ord3318
ord1979
ord665
ord3790
ord6153
ord537
ord940
ord540
ord823
ord825
ord860
ord1601
ord800
ord743
ord446
ord2486
ord4226
ord5714
ord5289
ord5307
ord4698
ord4079
ord5302
ord269
ord826
ord600
ord1578
ord6467
ord1255
ord1253
ord1570
ord1197
ord1243
ord342
ord1182
ord1577
ord1168
ord1575
ord1176
ord1116
ord6877
ord859
ord1799
ord2982
ord3147
ord3259
ord4465
ord3136
ord2985
ord2976
ord3830
ord3831
ord3825
ord3079
ord4080
ord4424
ord614
ord1206
ord2623
ord290
ord1223
ord4622
ord4003
ord4274
ord6375
ord4486
ord2554
ord2512
ord5731
ord3922
ord1089
ord5199
ord2396
ord3346
ord5300

msvcrt

_tzset
atoi
sscanf
__CxxFrameHandler
_mkdir
??1type_info@@UAE@XZ
_adjust_fdiv
malloc
_initterm
free
_onexit
__dllonexit
wcstombs
_timezone
strrchr
strchr
rename

kernel32

CloseHandle
CreateFileA
WriteFile
ReadFile
SetFilePointer
SystemTimeToFileTime
OpenFile
SetFileTime
MoveFileA
DeleteFileA
GetFileAttributesA
CopyFileA
GetPrivateProfileStringA
WritePrivateProfileStringA
GetModuleFileNameA
IsDebuggerPresent
LocalFree
LocalAlloc
_lclose

comdlg32

GetOpenFileNameA

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHFileOperationA

advapi32

RegSetValueExA
RegCloseKey
RegOpenKeyA

ole32

StringFromCLSID
CoTaskMemFree

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer

Sections

.text
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
2011 自動練功眾多私服天堂 3.3c-3.5c 皆可以使用。/plugin/GetSysInfo.dll
.dll regsvr32 windows:4 windows x86 arch:x86

c7e26a54a63442c678a21968d23a3416

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mfc42

ord540
ord2818
ord6354
ord1131
ord1132
ord5500
ord815
ord1601
ord800
ord743
ord446
ord2486
ord561
ord3738
ord3081
ord3262
ord5714
ord269
ord826
ord600
ord1578
ord6467
ord1255
ord1253
ord1570
ord1197
ord1243
ord342
ord1182
ord1577
ord1168
ord1575
ord1176
ord1116
ord860
ord6877
ord940
ord939
ord859
ord535
ord1799
ord2982
ord3147
ord3259
ord4465
ord3136
ord2985
ord2976
ord3830
ord3831
ord3825
ord3079
ord4080
ord4424
ord614
ord1206
ord2623
ord290
ord1223
ord4622
ord4003
ord4274
ord6375
ord4486
ord2554
ord2512
ord5731
ord3922
ord1089
ord5199
ord2396
ord3346
ord5300
ord5302
ord2725
ord4079
ord4698
ord5307
ord5289
ord4226

msvcrt

__CxxFrameHandler
??2@YAPAXI@Z
__dllonexit
_onexit
??1type_info@@UAE@XZ
??3@YAXPAX@Z
_adjust_fdiv
malloc
atoi
strrchr
strchr
_initterm
free

kernel32

GetModuleFileNameA
LocalAlloc
LocalFree
GetVolumeInformationA
GetLocalTime
GetVersion
WritePrivateProfileStringA
GetPrivateProfileStringA
IsDebuggerPresent
GetEnvironmentVariableA
IsBadCodePtr
IsBadWritePtr

user32

EnumDisplaySettingsA
GetSystemMetrics

winmm

timeGetTime

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer

Sections

.text
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 868B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
2011 自動練功眾多私服天堂 3.3c-3.5c 皆可以使用。/plugin/Media.dll
.dll regsvr32 windows:4 windows x86 arch:x86

d0ac6d747a715e3cb21eb09d21768c34

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

winmm

mixerGetLineInfoA
mixerSetControlDetails
mixerGetControlDetailsA
mixerGetLineControlsA
mixerClose
mixerGetNumDevs
waveOutOpen
mixerGetID
waveOutClose
mixerOpen
mciSendStringA

mfc42

ord2486
ord446
ord743
ord941
ord2818
ord2915
ord860
ord800
ord4129
ord4226
ord540
ord825
ord823
ord815
ord561
ord3738
ord3081
ord3262
ord5714
ord5289
ord5307
ord4698
ord4079
ord5302
ord5300
ord5500
ord1132
ord1131
ord6354
ord537
ord3346
ord2396
ord5199
ord1089
ord3922
ord5731
ord2512
ord2554
ord4486
ord6375
ord269
ord826
ord600
ord1578
ord6467
ord1255
ord1253
ord1570
ord1197
ord1243
ord342
ord1182
ord1577
ord1168
ord1575
ord4274
ord1116
ord6877
ord940
ord939
ord859
ord535
ord1799
ord2982
ord3147
ord3259
ord4465
ord3136
ord2985
ord2976
ord3830
ord3831
ord3825
ord3079
ord4080
ord4424
ord614
ord1206
ord2623
ord290
ord1223
ord4622
ord1601
ord4003
ord1176

msvcrt

wcstombs
strchr
strrchr
atol
_mbscmp
__CxxFrameHandler
free
malloc
_EH_prolog
__dllonexit
??1type_info@@UAE@XZ
_adjust_fdiv
_initterm
_onexit

kernel32

IsDebuggerPresent
GetModuleFileNameA
GetPrivateProfileStringA
WritePrivateProfileStringA
LocalAlloc
LocalFree
GetShortPathNameA
Beep

user32

CallWindowProcA
GetCursorPos
SetWindowLongA
GetWindowLongA
DestroyWindow
ShowWindow
CreateWindowExA
DefWindowProcA
RegisterClassExA

advapi32

RegOpenKeyA
RegSetValueExA
RegCloseKey

ole32

StringFromCLSID
CoTaskMemFree

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer

Sections

.text
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
2011 自動練功眾多私服天堂 3.3c-3.5c 皆可以使用。/plugin/Memory.dll
.dll regsvr32 windows:4 windows x86 arch:x86

c3c438dad13b10295645a7f949773ce9

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mfc42

ord1131
ord1132
ord5500
ord941
ord537
ord4204
ord2915
ord540
ord860
ord1601
ord800
ord743
ord446
ord2486
ord6354
ord4226
ord815
ord561
ord3738
ord3081
ord269
ord826
ord600
ord1578
ord6467
ord1255
ord1253
ord1570
ord1197
ord1243
ord342
ord1182
ord1577
ord1168
ord1575
ord1176
ord1116
ord6877
ord940
ord939
ord859
ord535
ord1799
ord2982
ord3147
ord3259
ord4465
ord3136
ord2985
ord2976
ord3830
ord3831
ord3825
ord3079
ord4080
ord4424
ord614
ord1206
ord2623
ord290
ord1223
ord4622
ord4003
ord4274
ord6375
ord4486
ord2554
ord2512
ord5731
ord3922
ord1089
ord5199
ord2396
ord3346
ord5300
ord5302
ord4079
ord4698
ord5307
ord5289
ord5714
ord3262

msvcrt

wcstombs
__CxxFrameHandler
free
malloc
??1type_info@@UAE@XZ
??3@YAXPAX@Z
_adjust_fdiv
_initterm
_onexit
strrchr
strchr
strtol
__dllonexit
??2@YAPAXI@Z
_EH_prolog
sprintf

kernel32

OutputDebugStringA
ReadProcessMemory
GetExitCodeProcess
WideCharToMultiByte
GetPriorityClass
GetCurrentProcess
OpenProcess
lstrlenA
LocalFree
TerminateProcess
IsDebuggerPresent
GetModuleFileNameA
GetPrivateProfileStringA
WritePrivateProfileStringA
LocalAlloc
SetPriorityClass
CloseHandle

user32

IsWindow
wsprintfA
GetWindowThreadProcessId

advapi32

RegCloseKey
RegOpenKeyA
RegSetValueExA

ole32

StringFromCLSID
CoTaskMemFree

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer

Sections

.text
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
2011 自動練功眾多私服天堂 3.3c-3.5c 皆可以使用。/plugin/Msg.dll
.dll regsvr32 windows:4 windows x86 arch:x86

09dd12b48e57257f44c64eda19ad9b33

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mfc42

ord690
ord1567
ord5207
ord268
ord389
ord922
ord4204
ord2818
ord860
ord940
ord743
ord4203
ord825
ord446
ord859
ord2486
ord4226
ord6354
ord2915
ord1131
ord1132
ord5500
ord815
ord561
ord3738
ord3081
ord823
ord858
ord536
ord941
ord939
ord540
ord535
ord3262
ord5714
ord5289
ord5307
ord4698
ord800
ord537
ord269
ord826
ord600
ord1578
ord6467
ord1255
ord1253
ord1570
ord1197
ord1243
ord342
ord1182
ord1577
ord1168
ord1575
ord1176
ord1116
ord6877
ord1799
ord2982
ord3147
ord3259
ord4465
ord3136
ord2985
ord2976
ord3830
ord3831
ord3825
ord3079
ord4080
ord4424
ord614
ord1206
ord2623
ord290
ord1223
ord4622
ord1601
ord4003
ord4274
ord6375
ord4486
ord2554
ord2512
ord5731
ord3922
ord1089
ord5199
ord2396
ord3346
ord5300
ord5302
ord4079

msvcrt

strrchr
__CxxFrameHandler
_ftol
strtoul
_mbscmp
_adjust_fdiv
malloc
_initterm
free
??1type_info@@UAE@XZ
_onexit
__dllonexit
_EH_prolog
rand
strchr
wcstombs
sprintf
srand
floor

kernel32

GetModuleFileNameA
LocalAlloc
LocalFree
GetTickCount
WritePrivateProfileStringA
GetPrivateProfileStringA
IsDebuggerPresent

user32

DrawTextA
GetDC
InvalidateRect
ReleaseDC

gdi32

SetTextColor

advapi32

RegCloseKey
RegOpenKeyA
RegSetValueExA

ole32

StringFromCLSID
CoTaskMemFree

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer

Sections

.text
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
2011 自動練功眾多私服天堂 3.3c-3.5c 皆可以使用。/plugin/Net.dll
.dll regsvr32 windows:4 windows x86 arch:x86

f31db322725c89acdcdc646dbdcd3bb6

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvbvm60

_CIcos
_adj_fptan
__vbaVarMove
__vbaVarVargNofree
__vbaFreeVar
__vbaLenBstr
__vbaGosubReturn
__vbaStrVarMove
__vbaAptOffset
__vbaFreeVarList
_adj_fdiv_m64
__vbaFreeObjList
__vbaStrErrVarCopy
_adj_fprem1
__vbaStrCat
__vbaSetSystemError
__vbaHresultCheckObj
_adj_fdiv_m32
__vbaAryDestruct
_adj_fdiv_m16i
_adj_fdivr_m16i
_CIsin
__vbaChkstk
__vbaGosubFree
EVENT_SINK_AddRef
__vbaGenerateBoundsError
__vbaStrCmp
__vbaI2I4
DllFunctionCall
_adj_fpatan
__vbaRedim
EVENT_SINK_Release
_CIsqrt
EVENT_SINK_QueryInterface
__vbaExceptHandler
ord712
__vbaStrToUnicode
_adj_fprem
_adj_fdivr_m64
ord607
__vbaFPException
__vbaStrVarVal
__vbaVarCat
_CIlog
__vbaErrorOverflow
__vbaNew2
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaStrCopy
__vbaFreeStrList
_adj_fdivr_m32
_adj_fdiv_r
ord101
ord102
ord103
ord104
ord105
__vbaAryLock
__vbaStrComp
__vbaStrToAnsi
__vbaVarCopy
_CIatan
__vbaStrMove
__vbaStrVarCopy
_allmul
_CItan
__vbaAryUnlock
_CIexp
__vbaFreeStr

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 924B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
2011 自動練功眾多私服天堂 3.3c-3.5c 皆可以使用。/plugin/Office.dll
.dll regsvr32 windows:4 windows x86 arch:x86

a407438b8c4a71fae32a332f8c5a817e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvbvm60

_CIcos
_adj_fptan
__vbaVarMove
__vbaVarVargNofree
__vbaFreeVar
__vbaAptOffset
__vbaLenBstr
__vbaGosubReturn
__vbaStrVarMove
__vbaFreeVarList
_adj_fdiv_m64
__vbaFreeObjList
__vbaStrErrVarCopy
_adj_fprem1
__vbaStrCat
__vbaSetSystemError
__vbaHresultCheckObj
_adj_fdiv_m32
__vbaExitProc
__vbaObjSet
__vbaOnError
_adj_fdiv_m16i
__vbaObjSetAddref
_adj_fdivr_m16i
__vbaVargVar
_CIsin
__vbaChkstk
__vbaGosubFree
EVENT_SINK_AddRef
__vbaStrCmp
DllFunctionCall
__vbaCastObjVar
_adj_fpatan
__vbaLateIdCallLd
EVENT_SINK_Release
_CIsqrt
__vbaLateIdCallSt
EVENT_SINK_QueryInterface
__vbaExceptHandler
ord712
__vbaStrToUnicode
_adj_fprem
_adj_fdivr_m64
ord607
ord716
__vbaFPException
__vbaStrVarVal
__vbaVarCat
ord645
_CIlog
__vbaNew2
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaStrCopy
__vbaFreeStrList
_adj_fdivr_m32
_adj_fdiv_r
ord101
ord102
ord103
ord104
ord105
__vbaStrToAnsi
__vbaStrComp
__vbaVarCopy
_CIatan
__vbaStrMove
__vbaCastObj
__vbaStrVarCopy
_allmul
_CItan
_CIexp
__vbaFreeObj
__vbaFreeStr
__vbaI4ErrVar

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 932B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
2011 自動練功眾多私服天堂 3.3c-3.5c 皆可以使用。/plugin/Pic.dll
.dll regsvr32 windows:4 windows x86 arch:x86

b377f6b374b9ab1be4ef44751e683227

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mfc42

ord3081
ord3738
ord561
ord815
ord5500
ord1132
ord1131
ord941
ord6354
ord3262
ord5714
ord5289
ord5307
ord4698
ord4079
ord5302
ord5300
ord3346
ord2396
ord5199
ord1089
ord3922
ord5731
ord2512
ord2554
ord4486
ord6375
ord4274
ord4003
ord860
ord1601
ord5710
ord924
ord540
ord537
ord2915
ord800
ord825
ord743
ord446
ord2486
ord4622
ord1223
ord290
ord2623
ord1206
ord4226
ord614
ord4424
ord4080
ord3079
ord3825
ord269
ord826
ord600
ord1578
ord6467
ord1255
ord1253
ord1570
ord1197
ord1243
ord342
ord1182
ord1577
ord1168
ord1575
ord1176
ord1116
ord6877
ord940
ord939
ord859
ord535
ord1799
ord2982
ord3147
ord3259
ord4465
ord3136
ord2985
ord2976
ord3830
ord3831

msvcrt

__CxxFrameHandler
_mbscmp
free
wcscmp
wcstombs
strchr
strrchr
_EH_prolog
??2@YAPAXI@Z
__dllonexit
_onexit
_initterm
_adjust_fdiv
??1type_info@@UAE@XZ
malloc

kernel32

CloseHandle
IsDebuggerPresent
GetModuleFileNameA
GetPrivateProfileStringA
WritePrivateProfileStringA
LocalAlloc
LocalFree
CreateFileA
WriteFile
MultiByteToWideChar
InitializeCriticalSection
DeleteFileA
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
DeleteCriticalSection

user32

IsRectEmpty
GetDC
ReleaseDC

gdi32

GetObjectA
GetStockObject
SelectPalette
RealizePalette
GetDIBits
CreateDCA
CreateCompatibleBitmap
SelectObject
DeleteDC
BitBlt
GetDeviceCaps
CreateCompatibleDC

gdiplus

GdiplusShutdown
GdiplusStartup
GdipGetImageEncoders
GdipGetImageEncodersSize
GdipDisposeImage
GdipLoadImageFromFile
GdipFree
GdipAlloc
GdipCloneImage
GdipSaveImageToFile

advapi32

RegOpenKeyA
RegCloseKey
RegSetValueExA

ole32

StringFromCLSID
CoTaskMemFree

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer

Sections

.text
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
2011 自動練功眾多私服天堂 3.3c-3.5c 皆可以使用。/plugin/Sys.dll
.dll regsvr32 windows:4 windows x86 arch:x86

9419f7087c43c5b7efc4c2cdac3723bb

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

winmm

timeGetTime

mfc42

ord5302
ord4079
ord4698
ord5307
ord5289
ord5714
ord3262
ord3081
ord3738
ord561
ord815
ord5300
ord3346
ord2396
ord5199
ord1089
ord3922
ord5500
ord2512
ord2554
ord4486
ord6375
ord4274
ord4003
ord4622
ord1223
ord290
ord2623
ord1206
ord614
ord4424
ord4080
ord3079
ord3825
ord3831
ord3830
ord2976
ord2985
ord2915
ord1601
ord1168
ord537
ord540
ord2818
ord823
ord825
ord3136
ord1158
ord860
ord6663
ord941
ord743
ord446
ord2486
ord4226
ord4465
ord1132
ord1131
ord5731
ord800
ord3259
ord3147
ord2982
ord6354
ord269
ord826
ord600
ord1578
ord6467
ord1255
ord1253
ord1570
ord1197
ord1243
ord342
ord1182
ord1577
ord1575
ord1176
ord1116
ord6877
ord940
ord939
ord859
ord535
ord1799

msvcrt

strrchr
strchr
wcstombs
__CxxFrameHandler
free
malloc
_EH_prolog
__dllonexit
_onexit
_initterm
_adjust_fdiv
??1type_info@@UAE@XZ

kernel32

WritePrivateProfileStringA
GetModuleFileNameA
IsDebuggerPresent
GetPrivateProfileStringA
LocalAlloc
LocalFree
GetLocalTime
GetVolumeInformationA
GetVersionExA
GetCurrentProcess
GlobalUnlock
GlobalLock
GlobalAlloc
GlobalSize
GetCurrentDirectoryA
GetTempPathA
GetWindowsDirectoryA
GetSystemDirectoryA

user32

GetClipboardData
EmptyClipboard
OpenClipboard
SetClipboardData
CloseClipboard
ExitWindowsEx
ChangeDisplaySettingsA

gdi32

CreateDCA
GetDeviceCaps
DeleteDC

advapi32

OpenProcessToken
RegCloseKey
RegSetValueExA
RegOpenKeyA
RegQueryValueExA
LookupPrivilegeValueA
AdjustTokenPrivileges
RegOpenKeyExA

ole32

StringFromCLSID
CoTaskMemFree

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer

Sections

.text
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
2011 自動練功眾多私服天堂 3.3c-3.5c 皆可以使用。/plugin/Web.dll
.dll regsvr32 windows:4 windows x86 arch:x86

3bda4e16faafbd5c4a3fdaf434f98b0a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

wininet

FindFirstUrlCacheEntryA
FindNextUrlCacheEntryA
DeleteUrlCacheEntry

shlwapi

SHDeleteKeyA

mfc42

ord5714
ord3262
ord5307
ord3081
ord4079
ord5302
ord3738
ord561
ord815
ord5500
ord1132
ord1131
ord5572
ord2919
ord1601
ord537
ord2818
ord2915
ord4204
ord540
ord860
ord941
ord800
ord940
ord823
ord743
ord446
ord2486
ord4226
ord825
ord6354
ord5300
ord3346
ord4698
ord5289
ord2396
ord5199
ord1089
ord3922
ord5731
ord269
ord826
ord600
ord2512
ord6467
ord1255
ord1253
ord1570
ord1197
ord1243
ord342
ord1182
ord1577
ord1168
ord1575
ord1176
ord1116
ord6877
ord939
ord859
ord535
ord1799
ord2982
ord3147
ord3259
ord4465
ord3136
ord2985
ord2976
ord3830
ord3831
ord3825
ord3079
ord4080
ord4424
ord614
ord1206
ord2623
ord290
ord1223
ord4622
ord4003
ord4274
ord6375
ord4486
ord2554
ord1578

msvcrt

wcstombs
strchr
_mbsicmp
_mbscmp
__CxxFrameHandler
strrchr
??1type_info@@UAE@XZ
_adjust_fdiv
malloc
_initterm
free
_onexit
__dllonexit

kernel32

WritePrivateProfileStringA
LocalAlloc
LocalFree
lstrlenW
WideCharToMultiByte
lstrlenA
MultiByteToWideChar
CreateToolhelp32Snapshot
Process32First
Process32Next
GetModuleFileNameA
CreateProcessA
CreateEventA
WaitForSingleObject
CreateFileA
GetFileSize
SetFilePointer
WriteFile
CloseHandle
FindFirstFileA
GetFileAttributesA
SetFileAttributesA
RemoveDirectoryA
DeleteFileA
FindNextFileA
FindClose
IsDebuggerPresent
GetPrivateProfileStringA

shell32

SHGetSpecialFolderPathA

ole32

CoCreateInstance
CoTaskMemFree
StringFromCLSID

oleaut32

VariantClear
VariantCopy
SysAllocString

advapi32

RegSetValueExA
RegCloseKey
RegOpenKeyA

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer

Sections

.text
Size: 24KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
2011 自動練功眾多私服天堂 3.3c-3.5c 皆可以使用。/plugin/Window.dll
.dll regsvr32 windows:4 windows x86 arch:x86

893c7528170b94ff6bcdcb8bb8bf6e0d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mfc42

ord815
ord5500
ord1132
ord1131
ord941
ord6354
ord825
ord2915
ord537
ord535
ord823
ord561
ord3738
ord3081
ord3262
ord5714
ord5289
ord5307
ord4698
ord4079
ord5302
ord5300
ord3346
ord2396
ord5199
ord1089
ord3922
ord5731
ord2512
ord2554
ord4486
ord6375
ord4274
ord4003
ord4622
ord1223
ord290
ord2623
ord1206
ord860
ord539
ord540
ord2818
ord2764
ord4226
ord922
ord858
ord800
ord1601
ord743
ord446
ord2486
ord614
ord4424
ord4080
ord3079
ord3825
ord3831
ord3830
ord2976
ord2985
ord3136
ord4465
ord269
ord826
ord600
ord1578
ord6467
ord1255
ord1253
ord1570
ord1197
ord1243
ord342
ord1182
ord1577
ord1168
ord1575
ord1176
ord1116
ord6877
ord940
ord939
ord859
ord1799
ord2982
ord3147
ord3259

msvcrt

sprintf
__CxxFrameHandler
_mbscmp
__dllonexit
free
malloc
sscanf
wcstombs
_onexit
_initterm
_adjust_fdiv
??1type_info@@UAE@XZ
strchr
strrchr

kernel32

LocalAlloc
LocalFree
Sleep
IsDBCSLeadByte
IsDebuggerPresent
GetModuleFileNameA
GetPrivateProfileStringA
WritePrivateProfileStringA
GetCurrentThreadId
CreateToolhelp32Snapshot
Module32First
CloseHandle

user32

SetWindowTextA
AttachThreadInput
GetGUIThreadInfo
GetClientRect
GetWindowThreadProcessId
SetWindowPos
GetWindowRect
MoveWindow
ShowWindow
PostMessageA
IsWindow
GetWindowLongA
EnumWindows
GetWindowTextA
GetCursorPos
WindowFromPoint
GetForegroundWindow
FindWindowExA
FindWindowA
MapVirtualKeyA
SendMessageA
GetClassNameA
SetForegroundWindow

advapi32

RegSetValueExA
RegCloseKey
RegOpenKeyA

ole32

StringFromCLSID
CoTaskMemFree

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer

Sections

.text
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
2011 自動練功眾多私服天堂 3.3c-3.5c 皆可以使用。/uservar.ini
2011 自動練功眾多私服天堂 3.3c-3.5c 皆可以使用。/自動20110328.exe
.exe windows:4 windows x86 arch:x86

4373ed2b6465040a03465fd4dc45c533

Code Sign

42:ce:8a:30:d3:56:02:f8:41:18:6c:6e:20:53:19:04
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

25/04/2007, 00:00

Not After

09/07/2019, 18:40

Subject

CN=WoSign Code Signing Authority,O=WoSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning
ExtKeyUsageClientAuth

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

44:be:0c:8b:50:00:24:b4:11:d3:36:2d:e0:b3:5f:1b
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

09/07/1999, 18:31

Not After

09/07/2019, 18:40

Subject

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

03:b3:e8:07:89:fe:e6:ab:e9:3d:d9:72:81:7e:53:f8
Certificate

Issuer

CN=WoSign Code Signing Authority,O=WoSign\, Inc.,C=US

Not Before

13/01/2010, 00:00

Not After

13/01/2011, 23:59

Subject

CN=Fuzhou TianxiaChuangshi Digital Co.\,Ltd.,OU=Class 3 - for Microsoft Authenticode Signing,O=Fuzhou TianxiaChuangshi Digital Co.\,Ltd.,L=Fuzhou,ST=Fujian,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageDigitalSignature

43:73:c5:9c:4f:32:a9:e5:b5:d3:de:f1:26:9a:12:0d
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

30/04/2007, 00:00

Not After

29/04/2012, 23:59

Subject

CN=WoSign Time Stamping Signer,O=WoSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42

ord6189
ord6021
ord6172
ord5873
ord5789
ord5794
ord5678
ord5736
ord5579
ord5571
ord6061
ord5864
ord3596
ord640
ord6194
ord1640
ord323
ord2405
ord5785
ord1175
ord2096
ord2408
ord5860
ord807
ord2920
ord2012
ord2120
ord554
ord4163
ord1644
ord1146
ord5572
ord2919
ord940
ord941
ord5787
ord4133
ord4297
ord1621
ord4202
ord5856
ord536
ord2452
ord2753
ord1195
ord472
ord5161
ord5162
ord5160
ord4905
ord4742
ord4976
ord4948
ord4358
ord4377
ord4854
ord5287
ord4835
ord491
ord1907
ord4258
ord489
ord768
ord283
ord4478
ord4267
ord2450
ord1908
ord4406
ord3729
ord1690
ord2528
ord5288
ord4439
ord2054
ord4431
ord771
ord804
ord4259
ord4284
ord4715
ord2370
ord6334
ord2575
ord4396
ord3574
ord609
ord801
ord2862
ord3996
ord1168
ord1199
ord3302
ord2817
ord5829
ord3726
ord541
ord2065
ord3716
ord790
ord2301
ord2358
ord6111
ord926
ord2642
ord3610
ord2411
ord2023
ord4218
ord2578
ord4398
ord3582
ord616
ord656
ord4299
ord859
ord809
ord556
ord5053
ord4774
ord5981
ord6270
ord613
ord289
ord2122
ord6358
ord1088
ord6449
ord2727
ord6467
ord2730
ord2729
ord6197
ord6380
ord3698
ord765
ord2086
ord6153
ord5645
ord5583
ord6385
ord2393
ord3790
ord6283
ord6282
ord2784
ord4278
ord3089
ord2860
ord3797
ord1200
ord6883
ord1802
ord1934
ord1935
ord6662
ord4673
ord4274
ord6375
ord4486
ord2554
ord2512
ord5731
ord3922
ord1089
ord5199
ord2396
ord3346
ord5300
ord5302
ord2725
ord4079
ord4698
ord5307
ord5289
ord5714
ord4622
ord3738
ord561
ord815
ord4046
ord2145
ord2144
ord6225
ord5231
ord5247
ord2132
ord4601
ord2621
ord1205
ord1134
ord824
ord5435
ord1683
ord1673
ord2628
ord5980
ord2641
ord4122
ord6214
ord6196
ord4298
ord5948
ord3088
ord3875
ord3872
ord3871
ord6198
ord4286
ord4283
ord3137
ord3796
ord5719
ord6092
ord3524
ord4032
ord6095
ord4035
ord2549
ord2433
ord3353
ord3579
ord426
ord726
ord826
ord2820
ord498
ord755
ord470
ord5637
ord5849
ord3475
ord4287
ord2109
ord1008
ord6928
ord4476
ord284
ord6453
ord1997
ord6407
ord798
ord5194
ord533
ord6143
ord4400
ord3630
ord3706
ord5786
ord3370
ord2582
ord4402
ord3640
ord693
ord682
ord4243
ord6907
ord5861
ord3998
ord6007
ord3286
ord6675
ord6888
ord4242
ord5030
ord2244
ord4457
ord4981
ord4499
ord1949
ord4034
ord6215
ord800
ord2764
ord539
ord4275
ord6055
ord4078
ord1776
ord4407
ord5241
ord2385
ord5163
ord6374
ord4353
ord3798
ord4837
ord4441
ord2648
ord2055
ord6376
ord3749
ord5065
ord4330
ord1727
ord5261
ord2446
ord5277
ord2982
ord3147
ord3259
ord4465
ord3136
ord3262
ord2985
ord3081
ord2976
ord3830
ord3831
ord3825
ord3079
ord4080
ord4627
ord4424
ord3742
ord3663
ord818
ord2124
ord2864
ord540
ord567
ord1988
ord465
ord857
ord4204
ord5953
ord4694
ord5148
ord3138
ord683
ord2243
ord3226
ord3631
ord1233
ord6186
ord5756
ord6192
ord5759
ord2971
ord3619
ord1641
ord2614
ord5788
ord2567
ord2414
ord4277
ord5875
ord3626
ord3693
ord3573
ord3571
ord2859
ord5606
ord2863
ord4083
ord6142
ord2438
ord3654
ord2584
ord4220
ord1862
ord500
ord3701
ord772
ord1574
ord1099
ord686
ord384
ord4160
ord2302
ord795
ord3721
ord6394
ord6383
ord5440
ord5450
ord2379
ord3301
ord6663
ord6930
ord5710
ord4129
ord6927
ord2777
ord6569
ord4853
ord4710
ord3092
ord6242
ord6696
ord6905
ord3874
ord4234
ord324
ord542
ord3597
ord4425
ord403
ord1969
ord2454
ord3939
ord404
ord1176
ord1243
ord1578
ord600
ord269
ord1576
ord273
ord603
ord703
ord2136
ord3005
ord3528
ord2765
ord1085
ord2726
ord817
ord565
ord5715
ord4699
ord5303
ord1948
ord559
ord5610
ord5862
ord6144
ord812
ord5834
ord2044
ord1572
ord844
ord2448
ord4189
ord1158
ord521
ord4167
ord913
ord6307
ord700
ord413
ord398
ord711
ord462
ord1770
ord861
ord6929
ord1601
ord5500
ord6354
ord1106
ord743
ord446
ord4003
ord2486
ord4226
ord290
ord2623
ord614
ord1799
ord5620
ord5280
ord1775
ord6052
ord4998
ord4376
ord5265
ord353
ord6010
ord2514
ord802
ord641
ord2763
ord5683
ord6648
ord1768
ord4467
ord2135
ord366
ord2092
ord674
ord3623
ord4427
ord3369
ord5252
ord4436
ord1665
ord2649
ord5282
ord5237
ord4077
ord4151
ord2878
ord2879
ord3403
ord5472
ord975
ord5012
ord3350
ord715

msvcrt

fclose
fputc
atoi
rand
_mbscmp
time
_mbsnbcpy
srand
__CxxFrameHandler
fgetc
_itoa
_strnicmp
_getch
fseek
fopen
fgets
_controlfp
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_XcptFilter
_exit
?terminate@@YAXXZ
??1type_info@@UAE@XZ
_onexit
__dllonexit
_stricmp
qsort
_mbsicmp
_mbstok
fprintf
printf
_tempnam
isxdigit
calloc
wcsstr
_wcslwr
mbstowcs
strrchr
islower
strncmp
isupper
??8type_info@@QBEHABV0@@Z
_setmbcp
_CxxThrowException
??0exception@@QAE@ABQBD@Z
??1exception@@UAE@XZ
??0exception@@QAE@ABV0@@Z
_mbsnbicmp
_mbspbrk
_ismbcspace
tolower
_mbschr
isspace
_except_handler3
strncpy
_purecall
fwrite
_splitpath
isprint
toupper
sscanf
_mbsstr
strstr
strchr
isalpha
isdigit
sprintf
atol
memmove
_ftol
wcslen
wcscpy
malloc
ftell
rewind
fread
free

kernel32

InterlockedCompareExchange
GetUserDefaultLCID
InterlockedExchange
LCMapStringA
SetFileTime
LocalFileTimeToFileTime
GetCurrentDirectoryA
GetStringTypeExA
LocalFree
GetLocalTime
SystemTimeToFileTime
GetCurrentThreadId
CopyFileA
IsDebuggerPresent
SetEvent
ResumeThread
SuspendThread
Beep
ResetEvent
VirtualProtect
OutputDebugStringA
ReadProcessMemory
GetACP
InterlockedDecrement
InterlockedIncrement
GlobalFree
ReadFile
GlobalAlloc
GetFileSize
LocalAlloc
FormatMessageA
PulseEvent
OpenEventA
WideCharToMultiByte
GetCurrentThread
SetEnvironmentVariableA
IsDBCSLeadByte
SetLastError
QueryPerformanceCounter
QueryPerformanceFrequency
VirtualQuery
GetSystemInfo
VirtualFree
GlobalUnlock
GlobalLock
GlobalSize
GlobalReAlloc
SetUnhandledExceptionFilter
Module32Next
Module32First
CreateToolhelp32Snapshot
SleepEx
TerminateThread
FileTimeToSystemTime
SetFilePointer
GetFileInformationByHandle
GetModuleFileNameA
GetStartupInfoA
OpenProcess
VirtualProtectEx
GetCurrentProcessId
MoveFileA
OpenMutexA
CreateFileMappingA
OpenFileMappingA
MapViewOfFile
UnmapViewOfFile
GetFileAttributesA
SizeofResource
SetCurrentDirectoryA
MultiByteToWideChar
GetSystemDirectoryA
GetPrivateProfileStringA
GetModuleHandleA
GetTempFileNameA
GetProcAddress
CreateFileA
DeviceIoControl
CompareStringA
lstrcatA
WinExec
lstrcpyA
GetWindowsDirectoryA
LoadLibraryA
FreeLibrary
lstrcpynA
GetProcessHeap
HeapAlloc
HeapFree
CreateThread
GetExitCodeThread
GetLastError
CreateEventA
CloseHandle
Sleep
GetCurrentProcess
SetPriorityClass
WritePrivateProfileStringA
GetPrivateProfileIntA
lstrcmpiA
FindResourceA
LoadResource
LockResource
GetCPInfo
lstrlenW
lstrlenA
GetVersion
GetVersionExA
CreateProcessA
WaitForSingleObject
GetTempPathA
CreateDirectoryA
DeleteFileA
IsBadReadPtr
SetFileAttributesA
MoveFileExA
GetTickCount
WriteFile

user32

CopyRect
GetSysColor
SystemParametersInfoA
DestroyIcon
RegisterWindowMessageA
IsRectEmpty
GetFocus
UpdateWindow
LockWindowUpdate
BringWindowToTop
DefWindowProcA
GetClassInfoA
DrawFrameControl
ShowScrollBar
MapVirtualKeyA
SetCursorPos
ClipCursor
GetWindowThreadProcessId
GetForegroundWindow
GetAsyncKeyState
GetWindowDC
GetGUIThreadInfo
SendInput
RegisterHotKey
UnregisterHotKey
CallNextHookEx
UnhookWindowsHookEx
SetWindowsHookExA
keybd_event
CheckMenuItem
GetCapture
GetKeyState
CloseClipboard
SetClipboardData
FillRect
OpenClipboard
EnumDisplaySettingsA
UnregisterClassA
DispatchMessageA
SetRect
GetMessageA
CreateWindowExA
RegisterClassA
PostThreadMessageA
ShowWindow
EnumWindows
IsWindowVisible
LoadStringA
DrawIconEx
ReleaseDC
DrawTextA
GetDC
GetSystemMetrics
AppendMenuA
GetMenuItemCount
ModifyMenuA
GetMenuState
GetMenuItemID
CreatePopupMenu
CreateMenu
GetMenuStringA
GetSysColorBrush
LoadBitmapA
GetSubMenu
TabbedTextOutA
GrayStringA
PostQuitMessage
EmptyClipboard
DestroyCursor
IsWindow
EnableWindow
PostMessageA
SetTimer
DrawEdge
GetWindowLongA
KillTimer
RedrawWindow
GetParent
GetWindowRect
IsMenu
GetNextDlgTabItem
SetCursor
GetMenuItemInfoA
SendMessageA
GetClientRect
TranslateMessage
GetDesktopWindow
GetCursorPos
ScreenToClient
IsIconic
DrawIcon
LoadIconA
LoadMenuA
LoadCursorA
CopyIcon
SetWindowLongA
PtInRect
ReleaseCapture
SetCapture
wsprintfA
SetForegroundWindow
SetActiveWindow
LoadImageA
GetIconInfo
DrawStateA
FrameRect
InflateRect
OffsetRect
DrawFocusRect
ClientToScreen
WindowFromPoint
GetActiveWindow
InvalidateRect

gdi32

CreateBitmap
GetObjectA
GetPixel
SetBkColor
CreateDIBSection
SelectObject
BitBlt
DeleteObject
SetTextColor
PatBlt
GetStockObject
Escape
Rectangle
ExtTextOutA
TextOutA
RectVisible
PtVisible
SetPixel
DeleteDC
Ellipse
GetTextExtentPoint32A
GetTextExtentPoint32W
CreateCompatibleBitmap
CreateCompatibleDC
CreateFontIndirectA
CreateSolidBrush
CreatePen
GetBkMode
CreateRectRgnIndirect
GetCurrentObject
SetDIBits
GetDIBits
CreateDCA
CreateRectRgn
GetDeviceCaps
GetBkColor

advapi32

RegSetValueExA
RegDeleteKeyA
RegCreateKeyA
RegOpenKeyA
CloseServiceHandle
CreateServiceA
OpenSCManagerA
DeleteService
OpenServiceA
StartServiceA
ControlService
RegQueryValueA
RegDeleteValueA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
RegCreateKeyExA

shell32

SHGetSpecialFolderPathA
ShellExecuteA
Shell_NotifyIconA
ShellExecuteExA

comctl32

ImageList_GetImageCount
ImageList_GetBkColor
ImageList_GetImageInfo
_TrackMouseEvent
ImageList_ReplaceIcon
ImageList_AddMasked
ImageList_GetIcon
ImageList_Draw
ImageList_SetBkColor

ole32

CoCreateInstance
CoInitialize
ProgIDFromCLSID
CoUninitialize
OleRun
StgOpenStorage

oleaut32

GetErrorInfo
VariantCopy
SysAllocStringByteLen
SysAllocStringLen
SysFreeString
VariantInit
SysAllocString
SysStringLen
LoadTypeLi
VariantClear

urlmon

URLDownloadToFileA

msvcp60

?_Grow@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAE_NI_N@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
??_7out_of_range@std@@6B@
??1out_of_range@std@@UAE@XZ
??0out_of_range@std@@QAE@ABV01@@Z
??0logic_error@std@@QAE@ABV01@@Z
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
??0_Lockit@std@@QAE@XZ
??1_Lockit@std@@QAE@XZ
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??1_Winit@std@@QAE@XZ
??0_Winit@std@@QAE@XZ
??1Init@ios_base@std@@QAE@XZ
??0Init@ios_base@std@@QAE@XZ
?_Xlen@std@@YAXXZ
?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@II@Z
?_Eos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXI@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
??9std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z
?_Split@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXXZ
?_Xran@std@@YAXXZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
?compare@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEHPBD@Z
??9std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
??8std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
?compare@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEHIIPBDI@Z
?what@logic_error@std@@UBEPBDXZ
??0logic_error@std@@QAE@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@1@@Z
??_7logic_error@std@@6B@
?replace@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PAD0PBD1@Z
?end@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEPADXZ
?_Freeze@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXXZ
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBD0@Z
??Mstd@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??1runtime_error@std@@UAE@XZ
??0runtime_error@std@@QAE@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@1@@Z
??_7runtime_error@std@@6B@
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ID@Z
??8std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??A?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAADI@Z
??0runtime_error@std@@QAE@ABV01@@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ID@Z
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z
??Ostd@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??Nstd@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
?insert@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@IID@Z
??A?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEABDI@Z
?_Doraise@runtime_error@std@@MBEXXZ
?what@runtime_error@std@@UBEPBDXZ
??1logic_error@std@@UAE@XZ
??0bad_exception@std@@QAE@ABV01@@Z
??1bad_exception@std@@UAE@XZ
??_7bad_exception@std@@6B@
??8std@@YA_NPBDABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@@Z

shlwapi

SHDeleteKeyA

ws2_32

htonl
WSAGetLastError
setsockopt
WSASocketA
closesocket
WSAWaitForMultipleEvents
WSAEventSelect
shutdown
WSARecv
WSAEnumNetworkEvents
WSASend
WSAConnect
inet_ntoa
gethostbyname
htons
ntohl
ntohs
inet_addr

psapi

EnumProcessModules

imagehlp

MakeSureDirectoryPathExists

wininet

InternetSetOptionA

winmm

timeGetTime
PlaySoundA

Exports

Exports

?interfaceMap@CCustomControlSite@@1UAFX_INTERFACEMAP@@B

Sections

.text
Size: 492KB - Virtual size: 490KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 424KB - Virtual size: 420KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1012KB - Virtual size: 1008KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
2011 自動練功眾多私服天堂 3.3c-3.5c 皆可以使用。/自動20110328.ini

Sharing

General

Malware Config

Signatures

Files

3d5f56d94d940d17985002ac8d7d1179

Code Sign

42:ce:8a:30:d3:56:02:f8:41:18:6c:6e:20:53:19:04Certificate

Extended Key Usages

Key Usages

44:be:0c:8b:50:00:24:b4:11:d3:36:2d:e0:b3:5f:1bCertificate

Extended Key Usages

Key Usages

03:b3:e8:07:89:fe:e6:ab:e9:3d:d9:72:81:7e:53:f8Certificate

Extended Key Usages

Key Usages

43:73:c5:9c:4f:32:a9:e5:b5:d3:de:f1:26:9a:12:0dCertificate

Extended Key Usages

Key Usages

Signer

Headers

File Characteristics

Imports

kernel32

user32

Sections

.text Size: 20KB - Virtual size: 18KB

.rdata Size: 4KB - Virtual size: 2KB

.data Size: 4KB - Virtual size: 3KB

.rsrc Size: 4KB - Virtual size: 2KB

.reloc Size: 4KB - Virtual size: 1KB

00c5fd00087020a0645079ce30f4148b

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

shell32

shlwapi

Exports

Exports

Sections

.text Size: 3KB - Virtual size: 2KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: - Virtual size: 672B

.rsrc Size: 38KB - Virtual size: 38KB

.reloc Size: 512B - Virtual size: 494B

a1b166c7ea6aa81ca8ab7c57a607026f

Headers

File Characteristics

Imports

mfc42

msvcrt

kernel32

user32

gdi32

advapi32

ole32

Exports

Exports

Sections

.text Size: 12KB - Virtual size: 9KB

.rdata Size: 8KB - Virtual size: 4KB

.data Size: 4KB - Virtual size: 7KB

.rsrc Size: 8KB - Virtual size: 4KB

.reloc Size: 4KB - Virtual size: 2KB

0b501e04791adaf9382223e7d946167b

Headers

File Characteristics

Imports

mfc42

msvcrt

kernel32

user32

gdi32

Exports

Exports

Sections

.text Size: 8KB - Virtual size: 6KB

42:ce:8a:30:d3:56:02:f8:41:18:6c:6e:20:53:19:04
Certificate

44:be:0c:8b:50:00:24:b4:11:d3:36:2d:e0:b3:5f:1b
Certificate

03:b3:e8:07:89:fe:e6:ab:e9:3d:d9:72:81:7e:53:f8
Certificate

43:73:c5:9c:4f:32:a9:e5:b5:d3:de:f1:26:9a:12:0d
Certificate

.text
Size: 20KB - Virtual size: 18KB

.rdata
Size: 4KB - Virtual size: 2KB

.data
Size: 4KB - Virtual size: 3KB

.rsrc
Size: 4KB - Virtual size: 2KB

.reloc
Size: 4KB - Virtual size: 1KB

.text
Size: 3KB - Virtual size: 2KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: - Virtual size: 672B

.rsrc
Size: 38KB - Virtual size: 38KB

.reloc
Size: 512B - Virtual size: 494B

.text
Size: 12KB - Virtual size: 9KB

.rdata
Size: 8KB - Virtual size: 4KB

.data
Size: 4KB - Virtual size: 7KB

.rsrc
Size: 8KB - Virtual size: 4KB

.reloc
Size: 4KB - Virtual size: 2KB

.text
Size: 8KB - Virtual size: 6KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 4KB - Virtual size: 5KB

.sxdata
Size: 4KB - Virtual size: 4B

.rsrc
Size: 4KB - Virtual size: 2KB

.reloc
Size: 4KB - Virtual size: 1KB

.text
Size: 12KB - Virtual size: 11KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 4KB - Virtual size: 6KB

.rsrc
Size: 4KB - Virtual size: 3KB

.reloc
Size: 4KB - Virtual size: 1KB

.text
Size: 8KB - Virtual size: 4KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 4KB - Virtual size: 5KB

.rsrc
Size: 4KB - Virtual size: 2KB

.reloc
Size: 4KB - Virtual size: 964B

.text
Size: 12KB - Virtual size: 9KB

.rdata
Size: 8KB - Virtual size: 4KB

.data
Size: 4KB - Virtual size: 5KB

.rsrc
Size: 4KB - Virtual size: 2KB

.reloc
Size: 4KB - Virtual size: 1KB