8ba26b852ecfba9382e00e374007ab44_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

8ba26b852ecfba9382e00e374007ab44_JaffaCakes118
Size

2.1MB
MD5

8ba26b852ecfba9382e00e374007ab44
SHA1

a582cf3cfa4283e4bc9a459e1b1e58402357132a
SHA256

ebdaa610b6030b9c2c57b580ab735efc47688be585510d81244c2fed57ddd84f
SHA512

76b8a7107a91a6f26904b72097047b926d305c4add732665f8dec43d9a94b3dfda7aab5191cab867cafa057de7d96fa6a11391855d6e5df30eceb9b83f17da40
SSDEEP

49152:SyYDzvJANicgiEVRZOX+7Qgfl9HJ2l4B+JWptJEZXc1:HNicg3VRaUQgfl9HJy++Jw1

Score

3^/10

Malware Config

Signatures

Unsigned PE 13 IoCs

Checks for missing Authenticode signature.

resource
unpack001/BatnBall.exe
unpack001/MP3 Player.exe
unpack001/MoneyMath.exe
unpack001/Phone.dll
unpack001/samp99.exe
unpack001/vbFTP.exe
unpack001/俄罗斯方块.exe
unpack001/学生信息管理系统.exe
unpack001/屏幕保护程序.scr
unpack001/电子邮件.exe
unpack001/画图程序.exe
unpack001/网络IP电话.exe
unpack001/资源管理器.exe

Files

8ba26b852ecfba9382e00e374007ab44_JaffaCakes118
.rar
04-7-25.txt
1-1.GIF
1-3.GIF
10-1.BMP
10-1.GIF
10-2.BMP
10-3.GIF
11-1.GIF
11-3.GIF
12-1.GIF
12-3.GIF
13-1.GIF
13-3.GIF
14-1.GIF
14-3.GIF
15-1.GIF
15-3.GIF
16-1.GIF
16-3.GIF
17-1.GIF
17-3.GIF
18-1.BMP
18-1.GIF
18-2.BMP
18-3.BMP
18-3.GIF
19-1.GIF
19-3.GIF
2-1.BMP
2-1.GIF
2-2.BMP
2-3.GIF
20-1.GIF
20-3.GIF
21-1.GIF
21-3.GIF
22-1.GIF
22-3.GIF
23-1.GIF
23-3.GIF
24-1.GIF
24-3.GIF
25-1.GIF
25-3.GIF
26-1.GIF
26-3.GIF
27-1.GIF
27-3.GIF
28-1.GIF
28-3.GIF
29-1.GIF
29-3.GIF
3-1.GIF
3-3.GIF
30-1.GIF
30-3.GIF
31-1.GIF
31-3.GIF
32-1.GIF
32-3.GIF
33-1.GIF
33-3.GIF
34-1.GIF
34-3.GIF
35-1.GIF
35-3.GIF
36-1.GIF
36-3.GIF
37-1.GIF
37-3.GIF
38-1.GIF
38-3.GIF
39-1.GIF
39-3.GIF
4-1.GIF
4-3.GIF
40-1.GIF
40-3.GIF
41-1.GIF
41-3.GIF
42-1.GIF
42-3.GIF
43-1.GIF
43-3.GIF
44-1.GIF
44-3.GIF
45-1.GIF
45-3.GIF
46-1.GIF
46-3.GIF
47-1.GIF
47-3.GIF
48-1.GIF
48-3.GIF
49-1.GIF
49-3.GIF
5-1.GIF
5-3.GIF
50-1.GIF
50-3.GIF
51-1.GIF
51-3.GIF
52-1.GIF
52-3.GIF
53-1.GIF
53-3.GIF
54-1.GIF
54-3.GIF
55-1.GIF
55-3.GIF
56-1.GIF
56-3.GIF
57-1.GIF
57-3.GIF
58-1.GIF
58-3.GIF
59-1.GIF
59-3.GIF
6-1.GIF
6-3.GIF
60-1.GIF
60-3.GIF
61-1.GIF
61-3.GIF
62-1.GIF
62-3.GIF
63-1.GIF
63-3.GIF
64-1.GIF
64-3.GIF
65-1.GIF
65-3.GIF
66-1.GIF
66-3.GIF
67-1.GIF
67-3.GIF
68-1.GIF
68-3.GIF
69-1.GIF
69-3.GIF
7-1.GIF
7-3.GIF
70-1.GIF
70-3.GIF
71-1.GIF
71-3.GIF
72-1.GIF
72-3.GIF
73-1.GIF
73-3.GIF
74-1.GIF
74-3.GIF
75-1.GIF
75-3.GIF
76-1.GIF
76-3.GIF
77-1.GIF
77-3.GIF
78-1.GIF
78-3.GIF
79-1.GIF
79-3.GIF
8-1.BMP
8-1.GIF
8-2.BMP
8-3.BMP
8-3.GIF
80-1.GIF
80-3.GIF
81-1.GIF
81-3.GIF
82-1.GIF
82-3.GIF
83-1.GIF
83-3.GIF
84-1.GIF
84-3.GIF
85-1.GIF
85-3.GIF
9-1.GIF
9-3.GIF
AUDIO.ICO
AttrForm.frm
.vbs
AttrForm1.frm
.vbs
AttrForm1.frx
BatnBall.exe
.exe windows:4 windows x86 arch:x86

6a94b0d8c9267820f9bf10fe7498ffd1

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

__vbaVarTstGt
_CIcos
_adj_fptan
__vbaVarMove
__vbaFreeVar
__vbaFreeVarList
_adj_fdiv_m64
__vbaFreeObjList
_adj_fprem1
__vbaStrCat
__vbaSetSystemError
__vbaHresultCheckObj
_adj_fdiv_m32
ord593
__vbaObjSet
_adj_fdiv_m16i
_adj_fdivr_m16i
__vbaFpR4
__vbaFpR8
_CIsin
__vbaChkstk
EVENT_SINK_AddRef
__vbaGenerateBoundsError
__vbaVarTstEq
__vbaI2I4
DllFunctionCall
_adj_fpatan
EVENT_SINK_Release
_CIsqrt
EVENT_SINK_QueryInterface
__vbaExceptHandler
__vbaStrToUnicode
_adj_fprem
_adj_fdivr_m64
__vbaFPException
__vbaStrVarVal
__vbaVarCat
ord534
_CIlog
__vbaErrorOverflow
__vbaNew2
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaFreeStrList
_adj_fdivr_m32
_adj_fdiv_r
ord100
__vbaI4Var
__vbaStrToAnsi
ord613
__vbaFpI2
__vbaR8IntI2
_CIatan
__vbaStrMove
__vbaR8IntI4
ord619
_allmul
_CItan
__vbaFPInt
_CIexp
__vbaFreeStr
__vbaFreeObj

Sections

.text
Size: 44KB - Virtual size: 40KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
BatnBall.vbp
BatnBall.vbw
Batnball.frm
.vbs
Batnball.frx
Bounce.wav
Bounce2.wav
CLOSED.BMP
Circle.cls
.vbs
Controlfrm.frm
.vbs
Controlfrm.frx
DRAWING1.DRW
DataE.DCA
DataE.Dsr
DataE.dsx
DataEnvironment1.DCA
DataEnvironment1.Dsr
DataReport1.DCA
DataReport1.Dsr
DataReport1.dsx
Duzi.bmp
Explorer.vbp
Explorer.vbw
FORFRM.log
FileView.frm
.vbs
FileView.frx
ForFrm.frm
.vbs
ForFrm.frx
Forfm.frm
Forfm.frx
Form1.frm
.vbs
Form1.frx
Form2.frm
.vbs
Form2.frx
Frmabout.frm
.vbs
Frmabout.frx
Frmadd.frm
.vbs
Frmadd.frx
Frmhelp.frx
Frmlr.frm
.vbs
Frmlr.frx
Frmlr.log
GRAPH02.ICO
GRZB.vbw
GRZBHELP.HLP
Genmidi.txt
HOUSE.DRW
Help.gif
.gif
Help0.gif
.gif
LEAF.BMP
Library.mdb
Line.cls
.vbs
MAILPRJ.VBP
MAILPRJ.VBW
MEDIAP.ICO
MODULE.BAS
MP3 Player.DEP
MP3 Player.exe
.exe windows:4 windows x86 arch:x86

4a5bcd945cd6067b87fcf24f55abd354

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

_CIcos
_adj_fptan
__vbaFreeVar
__vbaLateIdCall
__vbaStrVarMove
__vbaEnd
_adj_fdiv_m64
_adj_fprem1
_adj_fdiv_m32
__vbaObjSet
_adj_fdiv_m16i
_adj_fdivr_m16i
_CIsin
__vbaChkstk
EVENT_SINK_AddRef
_adj_fpatan
__vbaLateIdCallLd
EVENT_SINK_Release
_CIsqrt
EVENT_SINK_QueryInterface
__vbaExceptHandler
_adj_fprem
_adj_fdivr_m64
__vbaFPException
_CIlog
_adj_fdiv_m32i
_adj_fdivr_m32i
_adj_fdivr_m32
_adj_fdiv_r
ord100
_CIatan
__vbaStrMove
_allmul
__vbaLateIdSt
_CItan
_CIexp
__vbaFreeObj
__vbaFreeStr

Sections

.text
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
MP3 Player.frm
MP3 Player.frx
MP3 Player.vbp
MP3 Player.vbw
MSSCCPRJ.SCC
MailLst.frm
.vbs
MailOptFrm.frm
Main.frm
.vbs
Main.frx
MainLibrary.frm
.vbs
MainLibrary.frx
Manage.frm
.vbs
Manage.frx
Manage.vbp
Manage.vbw
MenuBar.frm
.vbs
MidiOut.bas
.vbs
Module1.bas
MoneyMath.exe
.exe windows:4 windows x86 arch:x86

837655ef755f1e7d7337e0aa9215a136

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

__vbaVarSub
__vbaVarTstGt
__vbaStrI2
_CIcos
_adj_fptan
__vbaVarMove
__vbaVarVargNofree
__vbaFreeVar
__vbaStrVarMove
__vbaLenBstr
__vbaFreeVarList
_adj_fdiv_m64
__vbaFreeObjList
ord516
_adj_fprem1
__vbaStrCat
__vbaVarCmpNe
ord660
__vbaSetSystemError
__vbaHresultCheckObj
__vbaLenVar
_adj_fdiv_m32
__vbaVarForInit
__vbaVarPow
__vbaExitProc
__vbaObjSet
__vbaOnError
ord595
_adj_fdiv_m16i
_adj_fdivr_m16i
ord520
ord522
__vbaFpR8
__vbaVarTstLt
__vbaBoolVarNull
_CIsin
ord524
ord631
ord632
__vbaVarCmpGt
__vbaVargVarMove
__vbaChkstk
EVENT_SINK_AddRef
__vbaGenerateBoundsError
__vbaStrCmp
__vbaVarTstEq
__vbaI2I4
DllFunctionCall
__vbaVarOr
_adj_fpatan
__vbaLateIdCallLd
__vbaStrR8
EVENT_SINK_Release
_CIsqrt
__vbaVarAnd
EVENT_SINK_QueryInterface
__vbaVarMul
__vbaExceptHandler
_adj_fprem
_adj_fdivr_m64
__vbaVarDiv
__vbaFPException
__vbaUbound
__vbaStrVarVal
__vbaVarCat
_CIlog
__vbaErrorOverflow
__vbaNew2
__vbaR8Str
__vbaInStr
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaStrCopy
__vbaFreeStrList
__vbaVarCmpLt
_adj_fdivr_m32
_adj_fdiv_r
ord100
__vbaVarTstNe
__vbaI4Var
__vbaVarAdd
__vbaVarDup
__vbaFpI2
__vbaFpI4
__vbaVarCopy
_CIatan
__vbaStrMove
_allmul
__vbaLateIdSt
_CItan
__vbaVarForNext
_CIexp
__vbaFreeObj
__vbaFreeStr
ord581

Sections

.text
Size: 60KB - Virtual size: 58KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
MoneyMath.frm
.vbs
MoneyMath.frx
MsgView.frm
.vbs
MsgView.frx
NET08.ICO
NewMsg.frm
.vbs
NewMsg.frx
OPEN.BMP
Object.cls
.vbs
OutPutType.vbp
OutPutType.vbw
Phone.dll
.dll windows:4 windows x86 arch:x86

91f57c5b59516e2c3d8063dce71debab

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

winmm

waveInReset
waveOutWrite
waveOutPrepareHeader
waveOutReset
waveInClose
waveInStart
waveInAddBuffer
waveInStop
waveOutUnprepareHeader
waveInOpen
waveInPrepareHeader
waveOutClose
waveInUnprepareHeader
waveOutOpen

kernel32

GetModuleHandleA
GlobalFindAtomA
GlobalAddAtomA
GlobalGetAtomNameA
GlobalFlags
WritePrivateProfileStringA
GetProcessVersion
GetCPInfo
GetOEMCP
RtlUnwind
GetCommandLineA
HeapAlloc
HeapFree
ExitProcess
TerminateProcess
RaiseException
HeapSize
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
LCMapStringA
LCMapStringW
SetUnhandledExceptionFilter
GetStringTypeA
GetStringTypeW
IsBadReadPtr
IsBadCodePtr
LoadLibraryA
GetProcAddress
WriteFile
GetLastError
GetCurrentProcess
lstrcpyA
GetVersion
lstrcpynA
TlsGetValue
lstrcatA
SetErrorMode
EnterCriticalSection
LocalReAlloc
TlsSetValue
TlsFree
GlobalReAlloc
LeaveCriticalSection
GlobalFree
GlobalHandle
GlobalUnlock
InitializeCriticalSection
DeleteCriticalSection
TlsAlloc
LocalFree
LocalAlloc
CloseHandle
GlobalAlloc
GetModuleFileNameA
GlobalLock
lstrcmpiA
GlobalDeleteAtom
lstrcmpA
MultiByteToWideChar
GetCurrentThread
GetCurrentThreadId
InterlockedDecrement
WideCharToMultiByte
lstrlenA
FreeLibrary
SetLastError
HeapReAlloc
GetACP

user32

LoadCursorA
GetMenuItemID
GetSubMenu
GetMenuItemCount
GetMenu
RegisterClassA
GetClassInfoA
WinHelpA
GetCapture
GetTopWindow
CopyRect
GetClientRect
AdjustWindowRectEx
SetFocus
GetSysColor
MapWindowPoints
LoadIconA
ClientToScreen
GetDC
ReleaseDC
TabbedTextOutA
DrawTextA
GrayStringA
SetWindowTextA
ShowWindow
LoadStringA
GetClassNameA
PtInRect
GetDlgItem
GetSysColorBrush
DestroyMenu
GetWindowTextA
GetDlgCtrlID
DefWindowProcA
DestroyWindow
CreateWindowExA
GetClassLongA
SetPropA
GetPropA
CallWindowProcA
RemovePropA
GetMessageTime
GetMessagePos
GetForegroundWindow
SetForegroundWindow
GetWindow
SetWindowLongA
SetWindowPos
RegisterWindowMessageA
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetWindowRect
GetSystemMetrics
wsprintfA
UnregisterClassA
UnhookWindowsHookEx
GetMenuCheckMarkDimensions
LoadBitmapA
GetMenuState
ModifyMenuA
SetMenuItemBitmaps
CheckMenuItem
EnableMenuItem
GetMessageA
TranslateMessage
GetActiveWindow
ValidateRect
IsWindowVisible
GetCursorPos
SetWindowsHookExA
GetParent
GetLastActivePopup
IsWindowEnabled
GetWindowLongA
MessageBoxA
SetCursor
SendMessageA
PostQuitMessage
EnableWindow
PeekMessageA
DispatchMessageA
PostMessageA
GetNextDlgTabItem
GetFocus
CallNextHookEx
GetKeyState

gdi32

ExtTextOutA
RectVisible
PtVisible
SetBkColor
GetObjectA
SetTextColor
SaveDC
DeleteDC
SelectObject
GetStockObject
RestoreDC
SetMapMode
OffsetViewportOrgEx
SetViewportOrgEx
ScaleViewportExtEx
SetViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
GetClipBox
TextOutA
Escape
DeleteObject
GetDeviceCaps
CreateBitmap

winspool.drv

OpenPrinterA
DocumentPropertiesA
ClosePrinter

advapi32

RegCloseKey
RegCreateKeyExA
RegSetValueExA
RegOpenKeyExA

comctl32

ord17

wsock32

WSAStartup
htons
shutdown
WSACleanup
htonl
WSASetLastError
WSAGetLastError
inet_addr
ntohs
accept
ioctlsocket
bind
WSAAsyncSelect
inet_ntoa
closesocket
gethostbyname
recv
send
connect
socket
recvfrom
sendto

Exports

Exports

ClosePhone
StartPhone

Sections

.text
Size: 52KB - Virtual size: 51KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Pl33_1.frm
.vbs
Pl33_1.frx
Play33.vbp
Play33.vbw
Project.vbp
Project.vbw
Project1.vbp
Project1.vbw
ROOT.BMP
Rectangle.cls
.vbs
Register.frm
.vbs
Register.frx
Showfrm.frm
Showfrm.frx
TEXT.FRM
Tetris.Res
UpV.ico
UpV0.ico
VBFTPJR.VBP
VBFTPJR.VBW
VBMail.frm
.vbs
WININET.Bas
Winmine.ico
Winmine.vbp
blown.bmp
button.bmp
buttons.bmp
close.gif
.gif
close0.gif
.gif
coords.cls
custdlg.frm
downv.ico
downv0.ico
first.cur
flag.bmp
fmVBFTPJR.frm
.vbs
fmVBFTPJR.frx
frmBandR.frm
.vbs
frmBandR.frx
frmForm.frm
.vbs
frmForm.frx
frmOutPutType.frm
.vbs
frmclock.frm
.vbs
frmclock.frx
frmfirst.frm
.vbs
frmfirst.frx
frmhelp.frm
frmip.frm
.vbs
frmip.frx
frmlogin.frm
.vbs
frmlogin.frx
frmmain.frm
.vbs
frmmain.frx
frmpass.frm
.vbs
frmpass.frx
frmxb.frm
.vbs
frmxb.frx
frmxb.log
frmyear.frm
frmyear.frx
frmyear.log
frmyzj.frx
goback.ico
goback0.ico
gofront.ico
gofront0.ico
grzb.vbp
haap.txt
instruct.frm
main.bas
.vbs
main.ico
mainpic.psd
mdlFile.bas
mdlMain.bas
mdlVar.bas
.vbs
mine.bmp
moddata.bas
modsnd.bas
msg.wav
my.ini
ok.pas
open.ico
open0.ico
openblk.bmp
password.frm
.vbs
pause.ico
play.ico
play0.ico
pressed.bmp
qs-down.bmp
qs-up.bmp
samp99.exe
.exe windows:4 windows x86 arch:x86

3c4a2e7d88b17c51549a601c0a8d9584

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

_CIcos
_adj_fptan
__vbaFreeVar
__vbaLateIdCall
__vbaLenBstr
__vbaStrVarMove
__vbaFreeVarList
_adj_fdiv_m64
__vbaFreeObjList
_adj_fprem1
__vbaStrCat
__vbaWriteFile
__vbaHresultCheckObj
_adj_fdiv_m32
__vbaExitProc
__vbaObjSet
__vbaOnError
ord595
_adj_fdiv_m16i
ord303
__vbaObjSetAddref
_adj_fdivr_m16i
__vbaBoolVar
ord309
_CIsin
__vbaChkstk
__vbaFileClose
EVENT_SINK_AddRef
__vbaStrCmp
__vbaCastObjVar
_adj_fpatan
__vbaR4Var
__vbaLateIdCallLd
EVENT_SINK_Release
_CIsqrt
EVENT_SINK_QueryInterface
__vbaExceptHandler
__vbaInputFile
_adj_fprem
_adj_fdivr_m64
__vbaFPException
__vbaStrVarVal
ord536
_CIlog
__vbaErrorOverflow
__vbaFileOpen
__vbaNew2
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaStrCopy
__vbaFreeStrList
_adj_fdivr_m32
_adj_fdiv_r
ord100
__vbaVarAdd
ord612
_CIatan
__vbaStrMove
_allmul
__vbaLateIdSt
_CItan
_CIexp
__vbaFreeObj
__vbaFreeStr

Sections

.text
Size: 36KB - Virtual size: 34KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
superplay.vbp
superplay.vbw
test.gif
.gif
udp.vbp
udp.vbw
vbFTP.exe
.exe windows:4 windows x86 arch:x86

51c93dca6334f1e2432be5d72a343988

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

__vbaVarSub
_CIcos
_adj_fptan
__vbaVarMove
__vbaStrI4
__vbaFreeVar
__vbaLenBstr
__vbaStrVarMove
__vbaFreeVarList
_adj_fdiv_m64
__vbaFreeObjList
_adj_fprem1
__vbaRecAnsiToUni
__vbaStrCat
__vbaLsetFixstr
__vbaSetSystemError
__vbaHresultCheckObj
_adj_fdiv_m32
__vbaExitProc
__vbaObjSet
ord595
__vbaOnError
_adj_fdiv_m16i
__vbaObjSetAddref
_adj_fdivr_m16i
__vbaStrFixstr
_CIsin
ord632
__vbaChkstk
EVENT_SINK_AddRef
__vbaStrCmp
__vbaVarTstEq
__vbaI2I4
DllFunctionCall
__vbaCastObjVar
_adj_fpatan
__vbaLateIdCallLd
__vbaRecUniToAnsi
EVENT_SINK_Release
_CIsqrt
__vbaObjIs
EVENT_SINK_QueryInterface
__vbaExceptHandler
__vbaStrToUnicode
_adj_fprem
_adj_fdivr_m64
ord607
__vbaFPException
__vbaInStrVar
__vbaI2Var
_CIlog
__vbaErrorOverflow
__vbaNew2
__vbaInStr
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaStrCopy
__vbaFreeStrList
_adj_fdivr_m32
_adj_fdiv_r
ord685
ord100
__vbaI4Var
__vbaVarDup
__vbaStrToAnsi
ord617
_CIatan
__vbaCastObj
__vbaStrMove
ord619
_allmul
__vbaLateIdSt
_CItan
_CIexp
__vbaFreeObj
__vbaFreeStr

Sections

.text
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
wait.cur
web.frm
.vbs
web.frx
web.vbp
web.vbw
winmine.cls
.vbs
winmine.frm
winmine.frx
winmine.vbw
wrong.bmp
ygsnian.txt
zb.mdb
下载说明.htm
.html .js polyglot
俄罗斯方块.exe
.exe windows:4 windows x86 arch:x86

9a48839246ae07edc90db967593729bb

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

MethCallEngine
ord593
ord594
ord595
ord598
EVENT_SINK_AddRef
DllFunctionCall
EVENT_SINK_Release
EVENT_SINK_QueryInterface
__vbaExceptHandler
ord537
ord100
ord613

Sections

.text
Size: 28KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 68KB - Virtual size: 65KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
学生信息管理系统.exe
.exe windows:4 windows x86 arch:x86

dcab4858ee98cabcf4fced07167588be

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

EVENT_SINK_GetIDsOfNames
__vbaStrI2
_CIcos
_adj_fptan
__vbaVarMove
__vbaStrI4
__vbaFreeVar
__vbaStrVarMove
__vbaLateIdCall
__vbaEnd
__vbaFreeVarList
_adj_fdiv_m64
EVENT_SINK_Invoke
__vbaFreeObjList
__vbaStrErrVarCopy
_adj_fprem1
__vbaStrCat
ord553
__vbaHresultCheckObj
_adj_fdiv_m32
Zombie_GetTypeInfo
__vbaVarForInit
__vbaExitProc
__vbaOnError
ord595
__vbaObjSet
_adj_fdiv_m16i
__vbaObjSetAddref
_adj_fdivr_m16i
__vbaBoolVarNull
_CIsin
__vbaChkstk
EVENT_SINK_AddRef
__vbaStrCmp
__vbaVarTstEq
__vbaObjVar
ord561
__vbaI2I4
__vbaVarOr
__vbaVarLateMemSt
__vbaCastObjVar
_adj_fpatan
__vbaR4Var
__vbaLateIdCallLd
Zombie_GetTypeInfoCount
EVENT_SINK_Release
__vbaNew
_CIsqrt
EVENT_SINK_QueryInterface
__vbaExceptHandler
_adj_fprem
_adj_fdivr_m64
__vbaFPException
__vbaStrVarVal
__vbaVarCat
__vbaDateVar
__vbaI2Var
ord537
_CIlog
__vbaErrorOverflow
__vbaVarLateMemCallLdRf
__vbaNew2
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaVarSetObj
__vbaStrCopy
__vbaFreeStrList
_adj_fdivr_m32
_adj_fdiv_r
ord100
__vbaI4Var
__vbaVarCmpEq
ord610
__vbaLateMemCall
__vbaVarAdd
__vbaFreeVarg
__vbaVarDup
__vbaVarLateMemCallLd
__vbaVarCopy
_CIatan
__vbaCastObj
__vbaI2ErrVar
__vbaStrMove
__vbaStrVarCopy
_allmul
__vbaLateIdSt
ord545
_CItan
ord546
__vbaVarForNext
_CIexp
__vbaFreeObj
__vbaFreeStr

Sections

.text
Size: 164KB - Virtual size: 163KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
屏幕保护程序.scr
.exe windows:4 windows x86 arch:x86

851cab16707c20156ca16ceece8598e0

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

ord582
__vbaVarTstGt
__vbaVarSub
ord690
ord583
_CIcos
_adj_fptan
__vbaVarMove
__vbaFreeVar
ord588
__vbaFreeVarList
__vbaEnd
_adj_fdiv_m64
_adj_fprem1
__vbaHresultCheckObj
_adj_fdiv_m32
ord593
ord300
__vbaObjSet
_adj_fdiv_m16i
_adj_fdivr_m16i
ord304
ord598
ord306
__vbaFpR8
_CIsin
__vbaChkstk
EVENT_SINK_AddRef
__vbaGenerateBoundsError
__vbaStrCmp
ord670
_adj_fpatan
EVENT_SINK_Release
_CIsqrt
ord310
EVENT_SINK_QueryInterface
__vbaExceptHandler
ord312
_adj_fprem
_adj_fdivr_m64
__vbaFPException
__vbaInStrVar
__vbaStrVarVal
_CIlog
__vbaErrorOverflow
__vbaNew2
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaFreeStrList
_adj_fdivr_m32
__vbaR8Var
_adj_fdiv_r
ord100
__vbaI4Var
ord689
__vbaVarAdd
ord613
__vbaFpI2
__vbaFpI4
_CIatan
__vbaStrMove
_allmul
_CItan
__vbaFPInt
_CIexp
__vbaFreeObj
__vbaFreeStr
ord581

Sections

.text
Size: 40KB - Virtual size: 37KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
工程1.vbp
工程1.vbw
电子邮件.exe
.exe windows:4 windows x86 arch:x86

781ed234f7bf6ad8df61b662ee606477

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

__vbaVarSub
__vbaStrI2
_CIcos
_adj_fptan
__vbaStrI4
__vbaVarMove
__vbaFreeVar
__vbaStrVarMove
__vbaLateIdCall
__vbaEnd
__vbaFreeVarList
_adj_fdiv_m64
__vbaFreeObjList
_adj_fprem1
ord519
__vbaI2Abs
__vbaStrCat
__vbaSetSystemError
__vbaHresultCheckObj
__vbaLenVar
_adj_fdiv_m32
__vbaLateMemSt
__vbaExitProc
__vbaVarForInit
__vbaObjSet
__vbaOnError
ord595
_adj_fdiv_m16i
__vbaObjSetAddref
_adj_fdivr_m16i
__vbaFpR4
__vbaBoolVar
__vbaVarTstLt
__vbaBoolVarNull
__vbaFpR8
_CIsin
ord631
__vbaChkstk
EVENT_SINK_AddRef
__vbaStrCmp
__vbaVarTstEq
__vbaObjVar
__vbaI2I4
__vbaPrintObj
DllFunctionCall
__vbaVarLateMemSt
__vbaCastObjVar
_adj_fpatan
__vbaR4Var
__vbaLateIdCallLd
EVENT_SINK_Release
ord600
_CIsqrt
EVENT_SINK_QueryInterface
__vbaExceptHandler
__vbaStrToUnicode
ord606
_adj_fprem
_adj_fdivr_m64
ord608
__vbaFPException
__vbaInStrVar
__vbaStrVarVal
__vbaCheckType
__vbaI2Var
ord536
ord537
_CIlog
__vbaErrorOverflow
__vbaNew2
__vbaInStr
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaStrCopy
__vbaFreeStrList
__vbaVarNot
_adj_fdivr_m32
__vbaR8Var
_adj_fdiv_r
ord685
ord100
__vbaVarTstNe
__vbaI4Var
ord611
__vbaLateMemCall
__vbaVarAdd
__vbaVarDup
__vbaStrToAnsi
__vbaFpI2
__vbaCheckTypeVar
__vbaFpI4
ord616
__vbaVarCopy
__vbaVarLateMemCallLd
__vbaUnkVar
__vbaLateMemCallLd
ord617
_CIatan
__vbaStrMove
__vbaCastObj
ord540
__vbaStrVarCopy
ord541
ord650
_allmul
__vbaLateIdSt
ord651
ord652
_CItan
__vbaVarForNext
_CIexp
__vbaMidStmtBstr
__vbaFreeStr
__vbaFreeObj
ord581

Sections

.text
Size: 112KB - Virtual size: 111KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
画图程序.exe
.exe windows:4 windows x86 arch:x86

ed4f94f0e4d077093c6157e9ca9cd115

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

_CIcos
_adj_fptan
__vbaVarMove
__vbaFreeVar
__vbaLateIdCall
__vbaStrVarMove
__vbaLenBstr
__vbaFreeVarList
_adj_fdiv_m64
__vbaFreeObjList
_adj_fprem1
__vbaForEachCollAd
__vbaStrCat
__vbaWriteFile
__vbaHresultCheckObj
_adj_fdiv_m32
__vbaVarXor
__vbaLateMemSt
__vbaI4Abs
__vbaOnError
ord595
__vbaObjSet
_adj_fdiv_m16i
__vbaObjSetAddref
_adj_fdivr_m16i
__vbaFpR4
__vbaFpR8
__vbaBoolVarNull
_CIsin
__vbaVarCmpGt
__vbaChkstk
__vbaFileClose
EVENT_SINK_AddRef
__vbaStrCmp
__vbaVarTstEq
__vbaObjVar
__vbaI2I4
__vbaCastObjVar
_adj_fpatan
__vbaR4Var
__vbaLateIdCallLd
EVENT_SINK_Release
__vbaNew
_CIsqrt
__vbaVarAnd
EVENT_SINK_QueryInterface
__vbaExceptHandler
__vbaInputFile
_adj_fprem
_adj_fdivr_m64
__vbaFPException
ord537
_CIlog
__vbaErrorOverflow
__vbaFileOpen
__vbaNew2
ord648
ord571
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaStrCopy
__vbaFreeStrList
_adj_fdivr_m32
__vbaPowerR8
_adj_fdiv_r
ord100
__vbaI4Var
__vbaLateMemCall
__vbaVarDup
ord614
__vbaVarLateMemCallLd
__vbaLateMemCallLd
_CIatan
__vbaStrMove
__vbaCastObj
__vbaR8IntI4
_allmul
__vbaLateIdSt
_CItan
__vbaNextEachCollAd
__vbaFPInt
_CIexp
__vbaFreeObj
__vbaFreeStr

Sections

.text
Size: 72KB - Virtual size: 69KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
网络IP电话.exe
.exe windows:4 windows x86 arch:x86

0f4357bcede22d601b93bfe4c164a583

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

_CIcos
_adj_fptan
__vbaFreeVar
__vbaLenBstr
__vbaLateIdCall
__vbaStrVarMove
__vbaFreeVarList
_adj_fdiv_m64
__vbaFreeObjList
_adj_fprem1
__vbaStrCat
__vbaSetSystemError
__vbaHresultCheckObj
_adj_fdiv_m32
__vbaObjSet
ord595
_adj_fdiv_m16i
__vbaObjSetAddref
_adj_fdivr_m16i
_CIsin
__vbaChkstk
EVENT_SINK_AddRef
DllFunctionCall
_adj_fpatan
__vbaLateIdCallLd
EVENT_SINK_Release
_CIsqrt
EVENT_SINK_QueryInterface
__vbaExceptHandler
_adj_fprem
_adj_fdivr_m64
ord530
__vbaFPException
ord533
_CIlog
__vbaNew2
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaStrCopy
__vbaFreeStrList
_adj_fdivr_m32
_adj_fdiv_r
ord100
__vbaVarDup
__vbaStrToAnsi
ord617
_CIatan
__vbaStrMove
_allmul
__vbaLateIdSt
_CItan
_CIexp
__vbaFreeStr
__vbaFreeObj

Sections

.text
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
说明文件.txt
资源管理器.exe
.exe windows:4 windows x86 arch:x86

121761738c249086d131fc974fe8cb14

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

__vbaStrI2
_CIcos
_adj_fptan
__vbaVarMove
__vbaFreeVar
__vbaStrVarMove
__vbaLenBstr
__vbaLateIdCall
__vbaFreeVarList
__vbaEnd
_adj_fdiv_m64
__vbaFreeObjList
__vbaStrErrVarCopy
_adj_fprem1
ord518
__vbaStrCat
__vbaVarCmpNe
ord660
__vbaSetSystemError
__vbaStrDate
__vbaHresultCheckObj
_adj_fdiv_m32
__vbaAryDestruct
__vbaForEachCollObj
__vbaExitProc
__vbaObjSet
ord595
__vbaOnError
_adj_fdiv_m16i
__vbaObjSetAddref
_adj_fdivr_m16i
__vbaFpR4
__vbaForEachCollVar
__vbaBoolVar
ord520
__vbaBoolVarNull
__vbaVarTstLt
_CIsin
__vbaNextEachCollObj
__vbaChkstk
EVENT_SINK_AddRef
__vbaGenerateBoundsError
ord528
__vbaStrCmp
__vbaAryConstruct2
__vbaVarTstEq
__vbaNextEachCollVar
__vbaI2I4
DllFunctionCall
__vbaCastObjVar
__vbaRedimPreserve
_adj_fpatan
__vbaR4Var
__vbaLateIdCallLd
__vbaRedim
EVENT_SINK_Release
_CIsqrt
__vbaVarAnd
EVENT_SINK_QueryInterface
__vbaExceptHandler
__vbaStrToUnicode
_adj_fprem
_adj_fdivr_m64
__vbaLateIdStAd
__vbaVarDiv
ord608
ord716
__vbaFPException
__vbaStrCompVar
__vbaUbound
__vbaVarCat
ord535
_CIlog
__vbaErrorOverflow
__vbaNew2
__vbaVarLateMemCallLdRf
__vbaInStr
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaStrCopy
__vbaVarSetObj
__vbaFreeStrList
_adj_fdivr_m32
_adj_fdiv_r
ord100
__vbaVarTstNe
__vbaI4Var
__vbaAryLock
__vbaVarAdd
__vbaVarDup
__vbaStrToAnsi
__vbaVerifyVarObj
__vbaVarLateMemCallLd
ord617
__vbaVarSetObjAddref
_CIatan
__vbaCastObj
__vbaStrMove
ord619
_allmul
__vbaLateIdSt
_CItan
__vbaAryUnlock
_CIexp
__vbaFreeObj
__vbaFreeStr

Sections

.text
Size: 140KB - Virtual size: 137KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6a94b0d8c9267820f9bf10fe7498ffd1

Headers

File Characteristics

Imports

msvbvm60

Sections

.text Size: 44KB - Virtual size: 40KB

.data Size: 4KB - Virtual size: 2KB

.rsrc Size: 4KB - Virtual size: 1KB

4a5bcd945cd6067b87fcf24f55abd354

Headers

File Characteristics

Imports

msvbvm60

Sections

.text Size: 8KB - Virtual size: 7KB

.data Size: 4KB - Virtual size: 2KB

.rsrc Size: 4KB - Virtual size: 1KB

837655ef755f1e7d7337e0aa9215a136

Headers

File Characteristics

Imports

msvbvm60

Sections

.text Size: 60KB - Virtual size: 58KB

.data Size: 4KB - Virtual size: 2KB

.rsrc Size: 4KB - Virtual size: 1KB

91f57c5b59516e2c3d8063dce71debab

Headers

File Characteristics

Imports

winmm

kernel32

user32

gdi32

winspool.drv

advapi32

comctl32

wsock32

Exports

Exports

Sections

.text Size: 52KB - Virtual size: 51KB

.rdata Size: 20KB - Virtual size: 16KB

.data Size: 4KB - Virtual size: 30KB

.rsrc Size: 8KB - Virtual size: 7KB

.reloc Size: 12KB - Virtual size: 9KB

3c4a2e7d88b17c51549a601c0a8d9584

Headers

File Characteristics

Imports

msvbvm60

Sections

.text Size: 36KB - Virtual size: 34KB

.data Size: 4KB - Virtual size: 2KB

.rsrc Size: 4KB - Virtual size: 2KB

51c93dca6334f1e2432be5d72a343988

Headers

File Characteristics

Imports

msvbvm60

Sections

.text Size: 36KB - Virtual size: 35KB

.data Size: 4KB - Virtual size: 2KB

.rsrc Size: 4KB - Virtual size: 1KB

9a48839246ae07edc90db967593729bb

Headers

File Characteristics

Imports

msvbvm60

Sections

.text Size: 28KB - Virtual size: 25KB

.data Size: - Virtual size: 2KB

.rsrc Size: 68KB - Virtual size: 65KB

dcab4858ee98cabcf4fced07167588be

.text
Size: 44KB - Virtual size: 40KB

.data
Size: 4KB - Virtual size: 2KB

.rsrc
Size: 4KB - Virtual size: 1KB

.text
Size: 8KB - Virtual size: 7KB

.data
Size: 4KB - Virtual size: 2KB

.rsrc
Size: 4KB - Virtual size: 1KB

.text
Size: 60KB - Virtual size: 58KB

.data
Size: 4KB - Virtual size: 2KB

.rsrc
Size: 4KB - Virtual size: 1KB

.text
Size: 52KB - Virtual size: 51KB

.rdata
Size: 20KB - Virtual size: 16KB

.data
Size: 4KB - Virtual size: 30KB

.rsrc
Size: 8KB - Virtual size: 7KB

.reloc
Size: 12KB - Virtual size: 9KB

.text
Size: 36KB - Virtual size: 34KB

.data
Size: 4KB - Virtual size: 2KB

.rsrc
Size: 4KB - Virtual size: 2KB

.text
Size: 36KB - Virtual size: 35KB

.data
Size: 4KB - Virtual size: 2KB

.rsrc
Size: 4KB - Virtual size: 1KB

.text
Size: 28KB - Virtual size: 25KB

.data
Size: - Virtual size: 2KB

.rsrc
Size: 68KB - Virtual size: 65KB

.text
Size: 164KB - Virtual size: 163KB

.data
Size: 4KB - Virtual size: 10KB

.rsrc
Size: 4KB - Virtual size: 2KB

.text
Size: 40KB - Virtual size: 37KB

.data
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 4KB - Virtual size: 2KB

.text
Size: 112KB - Virtual size: 111KB

.data
Size: 4KB - Virtual size: 10KB

.rsrc
Size: 4KB - Virtual size: 2KB

.text
Size: 72KB - Virtual size: 69KB

.data
Size: 4KB - Virtual size: 3KB

.rsrc
Size: 4KB - Virtual size: 2KB

.text
Size: 16KB - Virtual size: 14KB

.data
Size: 4KB - Virtual size: 2KB

.rsrc
Size: 4KB - Virtual size: 2KB

.text
Size: 140KB - Virtual size: 137KB

.data
Size: 4KB - Virtual size: 2KB

.rsrc
Size: 4KB - Virtual size: 2KB