8d492323fbc513ce4dcf2a120ae9e8d5_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

8d492323fbc513ce4dcf2a120ae9e8d5_JaffaCakes118
Size

657KB
MD5

8d492323fbc513ce4dcf2a120ae9e8d5
SHA1

2510f2008fba4b2d241a5f7fbbea7eb75a580756
SHA256

d8a8766cc328ba90bed6a3e9565c30581ff5b15944fe21680d283a5bef86f8e0
SHA512

614de8c011170a3df00b9c2562e0a5c6a630f0d2a9f150844e05f2bb7e74fca04588e252ebc52f48aa7fe27ea09b29b9101ae805d500f586219ea4d111b312b5
SSDEEP

12288:OlMZ7s6ysHYJvCYQ+hh1dpYAgz8vgcLvVzc0/Et:OlMZ7dyeYL17gz29vVzcgEt

Score

3^/10

Malware Config

Signatures

Unsigned PE 9 IoCs

Checks for missing Authenticode signature.

resource
8d492323fbc513ce4dcf2a120ae9e8d5_JaffaCakes118
unpack001/$PLUGINSDIR/nsDialogs.dll
unpack001/Uninstall.exe
unpack001/components/FFHst.dll
unpack001/components/uninstall.exe
unpack001/escorTlbr.dll
unpack001/escort.dll
unpack001/escortApp.dll
unpack001/escortEng.dll

NSIS installer 6 IoCs

installer

resource	yara_rule
sample	nsis_installer_1
sample	nsis_installer_2
static1/unpack001/Uninstall.exe	nsis_installer_1
static1/unpack001/Uninstall.exe	nsis_installer_2
static1/unpack001/components/uninstall.exe	nsis_installer_1
static1/unpack001/components/uninstall.exe	nsis_installer_2

Files

8d492323fbc513ce4dcf2a120ae9e8d5_JaffaCakes118
.exe windows:4 windows x86 arch:x86

7fa974366048f9c551ef45714595665e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetTickCount
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
GetWindowsDirectoryA
SetFileTime
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
CreateFileA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
GetVersion
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
MulDiv
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetTempPathA

user32

EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
RegisterClassA
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
DestroyWindow
CreateDialogParamA
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
OpenClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ShowWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 151KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 64KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/modern-header.bmp
$PLUGINSDIR/nsDialogs.dll
.dll windows:4 windows x86 arch:x86

c193ea402999ea8ce8faa9fef22de03d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrcpyA
lstrcmpiA
MulDiv
lstrlenA
HeapFree
GetCurrentDirectoryA
HeapAlloc
HeapReAlloc
GlobalFree
lstrcpynA
GlobalAlloc
GetProcessHeap
SetCurrentDirectoryA

user32

GetPropA
DestroyWindow
CallWindowProcA
DrawFocusRect
CharPrevA
DrawTextA
GetWindowTextA
GetDlgItem
SetWindowLongA
SetWindowPos
CreateDialogParamA
MapWindowPoints
GetWindowRect
SetPropA
CreateWindowExA
IsWindow
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
ShowWindow
wsprintfA
MapDialogRect
GetClientRect
CharNextA
SendMessageA
GetWindowLongA

gdi32

SetTextColor

shell32

SHBrowseForFolderA
SHGetPathFromIDListA

comdlg32

GetSaveFileNameA
GetOpenFileNameA
CommDlgExtendedError

ole32

CoTaskMemFree

Exports

Exports

Create
CreateControl
CreateItem
GetUserData
OnBack
OnChange
OnClick
OnNotify
SelectFileDialog
SelectFolderDialog
SetRTL
SetUserData
Show

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 220B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 440B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Uninstall.exe
.exe windows:4 windows x86 arch:x86

7fa974366048f9c551ef45714595665e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetTickCount
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
GetWindowsDirectoryA
SetFileTime
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
CreateFileA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
GetVersion
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
MulDiv
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetTempPathA

user32

EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
RegisterClassA
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
DestroyWindow
CreateDialogParamA
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
OpenClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ShowWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 151KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 64KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/modern-header.bmp
chrome.manifest
components/FFHst.dll
.dll windows:4 windows x86 arch:x86

ebb85736a631e601557e361c9a07cfa3

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

xpcom

NS_CStringContainerInit
NS_StringCopy
NS_CStringContainerInit2
NS_StringContainerFinish
NS_StringContainerInit
NS_StringGetData
NS_StringContainerInit2
NS_CStringGetMutableData
NS_CStringGetData
NS_StringGetMutableData
NS_UTF16ToCString
NS_CStringSetDataRange
NS_StringSetDataRange
NS_CStringCopy
NS_CStringContainerFinish
NS_CStringCloneData
NS_CStringToUTF16
NS_Alloc
NS_GetServiceManager
NS_GetComponentManager
NS_GetMemoryManager
NS_StringSetData

kernel32

GetProcAddress
CreateThread
SetThreadPriority
ResumeThread
Sleep
InterlockedExchange
GetACP
GetLocaleInfoA
GetThreadLocale
GetVersionExA
GetLastError
MultiByteToWideChar
lstrlenA
RaiseException
InitializeCriticalSection
DeleteCriticalSection
TerminateThread
WaitForMultipleObjects
CreateEventA
CreateMutexA
CreateSemaphoreA
PulseEvent
ResetEvent
SetEvent
ReleaseMutex
ReleaseSemaphore
WaitForSingleObject
InterlockedDecrement
FileTimeToSystemTime
FindResourceExA
FindResourceA
LoadResource
LockResource
SizeofResource
SetEnvironmentVariableA
CompareStringW
CompareStringA
GetLocaleInfoW
GetSystemInfo
VirtualProtect
GetTimeZoneInformation
SetConsoleCtrlHandler
LCMapStringW
LCMapStringA
GetStringTypeW
GetStringTypeA
IsValidCodePage
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
GetDateFormatA
GetTimeFormatA
FlushFileBuffers
SetFilePointer
GetCPInfo
EnterCriticalSection
LeaveCriticalSection
LocalFree
lstrlenW
HeapFree
ExitProcess
RtlUnwind
HeapAlloc
GetCurrentThreadId
GetCommandLineA
DuplicateHandle
GetCurrentProcess
HeapReAlloc
HeapDestroy
HeapCreate
VirtualFree
FatalAppExitA
VirtualAlloc
IsBadWritePtr
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
GetModuleFileNameA
SetUnhandledExceptionFilter
TlsAlloc
SetLastError
GetCurrentThread
TlsFree
TlsSetValue
TlsGetValue
GetProcessHeap
GetModuleHandleA
VirtualQuery
TerminateProcess
HeapSize
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
UnhandledExceptionFilter
WriteFile
CloseHandle
SetStdHandle
LoadLibraryA
IsBadReadPtr
IsBadCodePtr
GetOEMCP

user32

DispatchMessageA
TranslateMessage
PeekMessageA
MsgWaitForMultipleObjects
GetMessageA
PostThreadMessageA
UnregisterClassA

ole32

GetRunningObjectTable
StringFromGUID2
CreateItemMoniker
OleRun
CLSIDFromString
CLSIDFromProgID
CoCreateInstance

oleaut32

VariantInit
VariantChangeType
SetErrorInfo
CreateErrorInfo
VarBstrCat
SysAllocStringLen
VariantCopy
BstrFromVector
SysAllocString
SysFreeString
SysStringLen
SysAllocStringByteLen
SysStringByteLen
VariantClear
VarBstrCmp
DispCallFunc
GetErrorInfo

nspr4

PR_AtomicDecrement
PR_AtomicIncrement
PR_sscanf

shlwapi

UrlCanonicalizeA
StrStrW
StrToIntExA

Exports

Exports

NSGetModule

Sections

.text
Size: 200KB - Virtual size: 197KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 288B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
components/FFHst.xpt
components/uninstall.exe
.exe windows:4 windows x86 arch:x86

7fa974366048f9c551ef45714595665e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetTickCount
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
GetWindowsDirectoryA
SetFileTime
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
CreateFileA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
GetVersion
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
MulDiv
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetTempPathA

user32

EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
RegisterClassA
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
DestroyWindow
CreateDialogParamA
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
OpenClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ShowWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 151KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 64KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/modern-header.bmp
escorTlbr.dll
.dll regsvr32 windows:4 windows x86 arch:x86

0605cf8ffcde4c1c6deeccf96fa42266

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\dvlp\bin\rcfr\escorTlbr.pdb

Imports

sensapi

IsNetworkAlive

kernel32

GetProcessHeap
lstrlenA
lstrcmpiA
lstrlenW
lstrcpyA
GetModuleHandleA
GetModuleFileNameA
GetCurrentThreadId
InterlockedIncrement
InterlockedDecrement
lstrcpynA
IsDBCSLeadByte
lstrcatA
HeapFree
GlobalUnlock
GlobalLock
GlobalAlloc
MulDiv
lstrcmpA
GlobalFree
GetProcAddress
LoadLibraryA
GetLastError
HeapAlloc
IsBadWritePtr
VirtualFree
HeapCreate
TlsGetValue
TlsSetValue
TlsFree
SetLastError
TlsAlloc
GetCPInfo
GetOEMCP
GetCommandLineA
CreateMutexA
ReleaseMutex
WaitForSingleObject
CloseHandle
FlushFileBuffers
SetStdHandle
GetCurrentProcess
FlushInstructionCache
FindResourceExA
FindResourceA
LoadResource
LockResource
SizeofResource
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
RaiseException
WideCharToMultiByte
MultiByteToWideChar
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
SetFilePointer
IsBadCodePtr
IsBadReadPtr
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
WriteFile
UnhandledExceptionFilter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
VirtualQuery
GetSystemInfo
VirtualAlloc
VirtualProtect
GetSystemTimeAsFileTime
RtlUnwind
ExitProcess
LocalFree
HeapSize
HeapReAlloc
HeapDestroy
GetTickCount
GetCurrentProcessId
SetUnhandledExceptionFilter
TerminateProcess
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
QueryPerformanceCounter

user32

UnregisterClassA
CharNextA
GetClientRect
LoadCursorA
GetWindowRect
ScreenToClient
CopyRect
CreateAcceleratorTableA
GetClassNameA
SetWindowPos
RedrawWindow
GetDlgItem
SetFocus
GetFocus
IsChild
GetWindow
DestroyAcceleratorTable
wsprintfA
EndPaint
GetDesktopWindow
InvalidateRgn
InvalidateRect
ReleaseDC
GetDC
FillRect
SetCapture
ReleaseCapture
GetSysColor
RegisterWindowMessageA
GetWindowTextLengthA
GetWindowTextA
PeekMessageA
DispatchMessageA
TranslateMessage
MsgWaitForMultipleObjects
GetClassInfoExA
SendMessageA
RegisterClassExA
ShowWindow
SetWindowLongA
SetWindowTextA
GetCursorPos
GetParent
CallWindowProcA
GetWindowLongA
DefWindowProcA
DestroyWindow
IsWindow
CreateWindowExA
BeginPaint

gdi32

CreateSolidBrush
GetStockObject
GetObjectA
GetDeviceCaps
BitBlt
CreateCompatibleDC
CreateCompatibleBitmap
DeleteDC
SelectObject
DeleteObject
SetViewportOrgEx

advapi32

RegQueryInfoKeyA
RegDeleteValueA
RegEnumKeyExA
RegSetValueExA
RegOpenKeyExA
RegCreateKeyExA
RegCloseKey
RegDeleteKeyA

shell32

SHGetFileInfoA

ole32

CoTaskMemFree
StringFromCLSID
OleRun
CoCreateInstance
StringFromGUID2
CreateStreamOnHGlobal
OleUninitialize
CoTaskMemAlloc
OleLockRunning
CoGetClassObject
CLSIDFromProgID
CLSIDFromString
GetRunningObjectTable
OleInitialize
CreateItemMoniker

oleaut32

OleCreateFontIndirect
DispCallFunc
SysAllocStringLen
RegisterTypeLi
UnRegisterTypeLi
VariantInit
SysStringByteLen
SysAllocStringByteLen
SysAllocString
SysStringLen
LoadTypeLi
LoadRegTypeLi
VarUI4FromStr
VariantClear
SysFreeString

shlwapi

PathFindExtensionA

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllMain
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 104KB - Virtual size: 100KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 24KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
escort.dll
.dll regsvr32 windows:4 windows x86 arch:x86

4a7a110d832edf9867d8c44b6b0971db

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\dvlp\bin\rcfr\escort.pdb

Imports

sensapi

IsNetworkAlive

kernel32

MultiByteToWideChar
lstrlenA
SizeofResource
LockResource
LoadResource
FindResourceA
FindResourceExA
WideCharToMultiByte
lstrlenW
EnterCriticalSection
LeaveCriticalSection
lstrcmpiA
lstrcpynA
lstrcpyA
GetModuleFileNameA
lstrcatA
IsDBCSLeadByte
InterlockedIncrement
InterlockedDecrement
FreeLibrary
LoadLibraryExA
GetModuleHandleA
FlushInstructionCache
GetCurrentProcess
HeapFree
GetProcessHeap
HeapAlloc
lstrcpyW
GetCurrentThreadId
GetTickCount
GetEnvironmentVariableA
GetProcAddress
DeleteCriticalSection
CloseHandle
FlushFileBuffers
SetStdHandle
GetStringTypeW
GetStringTypeA
SetFilePointer
IsBadCodePtr
WriteFile
UnhandledExceptionFilter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
InitializeCriticalSection
GetLastError
RaiseException
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
LoadLibraryA
FreeEnvironmentStringsA
CreateMutexA
ReleaseMutex
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
LCMapStringW
LCMapStringA
GetCPInfo
GetOEMCP
TerminateProcess
IsBadWritePtr
VirtualFree
HeapCreate
SetUnhandledExceptionFilter
GetCurrentProcessId
QueryPerformanceCounter
TlsGetValue
TlsSetValue
TlsFree
SetLastError
TlsAlloc
IsBadReadPtr
GetCommandLineA
GetSystemTimeAsFileTime
VirtualQuery
WaitForSingleObject
HeapDestroy
HeapReAlloc
HeapSize
LocalFree
RtlUnwind
ExitProcess
VirtualProtect
VirtualAlloc
GetSystemInfo

user32

UnregisterClassA
CharNextA
GetWindowRect
GetParent
SetWindowLongA
GetClientRect
ShowWindow
GetClassInfoExA
wsprintfA
LoadCursorA
MoveWindow
CharLowerBuffA
PeekMessageA
DispatchMessageA
TranslateMessage
MsgWaitForMultipleObjects
SetWindowsHookExA
CallNextHookEx
DefWindowProcA
RegisterClassExA
CreateWindowExA
GetWindowLongA
UnhookWindowsHookEx
FindWindowExA
EnumChildWindows
GetClassNameA
GetWindowTextA
EnumWindows
GetWindowTextW
GetWindowThreadProcessId
SendMessageA
SetWindowPos
IsWindow
CallWindowProcA

advapi32

RegEnumKeyExA
RegQueryInfoKeyA
RegSetValueExA
RegOpenKeyExA
RegDeleteValueA
RegDeleteKeyA
RegCreateKeyExA
RegCloseKey

shell32

SHGetFileInfoA

ole32

CreateItemMoniker
CoCreateGuid
CoTaskMemAlloc
CoTaskMemFree
CoTaskMemRealloc
StringFromGUID2
CoCreateInstance
StringFromCLSID
OleRun
CLSIDFromString
GetRunningObjectTable
CLSIDFromProgID

oleaut32

VariantClear
SysAllocStringLen
VarBstrCmp
DispCallFunc
SysStringByteLen
SysAllocStringByteLen
VariantInit
LoadRegTypeLi
SysStringLen
VarUI4FromStr
RegisterTypeLi
UnRegisterTypeLi
LoadTypeLi
SysFreeString
SysAllocString

shlwapi

PathFindExtensionA
SHDeleteValueA
SHDeleteKeyA

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllMain
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 148KB - Virtual size: 144KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
escortApp.dll
.dll regsvr32 windows:4 windows x86 arch:x86

fc36586142ac5059e693ceeac0337778

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\dvlp\bin\rcfr\escortApp.pdb

Imports

iphlpapi

GetAdaptersInfo

kernel32

WideCharToMultiByte
RaiseException
GetLastError
InitializeCriticalSection
DeleteCriticalSection
SizeofResource
LockResource
LoadResource
FindResourceA
FindResourceExA
lstrlenA
lstrcmpiA
lstrlenW
lstrcpyA
GetModuleHandleA
GetModuleFileNameA
LeaveCriticalSection
InterlockedIncrement
EnterCriticalSection
InterlockedDecrement
lstrcpynA
IsDBCSLeadByte
lstrcatA
CompareStringA
CompareStringW
GetEnvironmentVariableA
GetCurrentThreadId
FreeLibrary
GetProcAddress
LoadLibraryA
GetDateFormatA
FileTimeToSystemTime
Sleep
GetVolumeInformationA
CloseHandle
ResumeThread
WaitForSingleObject
MultiByteToWideChar
CreateThread
GetTickCount
ReleaseMutex
SetEvent
ResetEvent
CreateMutexA
CreateEventA
CreateFileA
ReadFile
WriteFile
SetFilePointer
GetFileSize
SetEnvironmentVariableA
FileTimeToLocalFileTime
GetFileTime
CreateProcessA
CreateDirectoryA
FlushFileBuffers
SetStdHandle
IsBadCodePtr
GetStringTypeW
GetStringTypeA
GetTimeZoneInformation
LCMapStringW
LCMapStringA
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
VirtualProtect
VirtualAlloc
GetSystemInfo
UnhandledExceptionFilter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
GetCurrentProcess
TerminateProcess
SetUnhandledExceptionFilter
GetCurrentProcessId
QueryPerformanceCounter
IsBadWritePtr
RtlUnwind
ExitProcess
LocalFree
GetProcessHeap
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
HeapDestroy
GetCommandLineA
GetTimeFormatA
IsBadReadPtr
GetSystemTimeAsFileTime
GetOEMCP
GetCPInfo
TlsAlloc
SetLastError
TlsFree
TlsSetValue
TlsGetValue
HeapCreate
VirtualFree
VirtualQuery

user32

CharNextA
SetTimer
KillTimer
GetParent
MsgWaitForMultipleObjects
TranslateMessage
DispatchMessageA
PeekMessageA

advapi32

RegQueryValueExA
RegQueryInfoKeyA
RegEnumKeyExA
RegSetValueExA
RegOpenKeyExA
RegCreateKeyExA
RegCloseKey
RegDeleteKeyA

shell32

SHGetFolderPathA
ord165
SHGetFileInfoA

ole32

OleRun
StringFromCLSID
CoCreateGuid
CoCreateInstance
CLSIDFromProgID
CLSIDFromString
StringFromGUID2
CoUninitialize
CoInitialize
CoTaskMemFree

oleaut32

SafeArrayCopy
SafeArrayUnlock
SafeArrayLock
SafeArrayGetDim
SafeArrayGetUBound
SafeArrayGetLBound
VarCmp
BstrFromVector
VarBstrCat
VarBstrCmp
RegisterTypeLi
UnRegisterTypeLi
LoadRegTypeLi
LoadTypeLi
VariantChangeType
VarUI4FromStr
VariantCopy
VariantClear
VariantInit
SysStringByteLen
SysAllocStringByteLen
SysStringLen
SysFreeString
SysAllocString
SysAllocStringLen
GetErrorInfo
SafeArrayDestroy

shlwapi

PathIsURLW
PathAppendA
PathFindNextComponentA
UrlCanonicalizeA
StrToIntExA
StrStrW
PathFindExtensionA
SHSetValueA
SHGetValueA

urlmon

CreateURLMoniker

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllMain
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 208KB - Virtual size: 204KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 40KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 24KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
escortEng.dll
.dll regsvr32 windows:4 windows x86 arch:x86

5f0716facde1e29567d90efd8470f257

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\dvlp\bin\rcfr\escortEng.pdb

Imports

kernel32

lstrcmpiA
GetModuleHandleA
lstrcpynA
IsDBCSLeadByte
CompareStringA
CompareStringW
GetEnvironmentVariableA
SizeofResource
LockResource
LoadResource
FindResourceA
FindResourceExA
CloseHandle
WaitForSingleObject
FlushInstructionCache
GetCurrentProcess
HeapAlloc
GetProcessHeap
GetCurrentThreadId
CreateThread
HeapFree
GetTickCount
FreeLibrary
GetProcAddress
LoadLibraryA
GlobalUnlock
GlobalLock
GlobalAlloc
MulDiv
lstrcmpA
GetDateFormatA
FileTimeToSystemTime
Sleep
ReleaseMutex
SetEvent
ResetEvent
CreateMutexA
CreateEventA
SetEnvironmentVariableA
FileTimeToLocalFileTime
CreateFileA
WriteFile
GetFileTime
MapViewOfFile
CreateFileMappingA
OpenFileMappingA
GetFileSize
UnmapViewOfFile
ReadFile
SetFilePointer
SetFileTime
SystemTimeToFileTime
GetSystemTime
InterlockedDecrement
DeleteFileA
HeapDestroy
HeapReAlloc
HeapSize
LocalFree
ExitProcess
RtlUnwind
VirtualProtect
VirtualAlloc
InterlockedIncrement
lstrcatA
lstrcpyA
GetLastError
WideCharToMultiByte
GetTempFileNameA
GetTempPathA
CreateDirectoryA
FindFirstFileA
FindNextFileA
FindClose
FlushFileBuffers
SetStdHandle
GetLocaleInfoW
IsBadCodePtr
IsBadReadPtr
IsValidCodePage
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
GetStringTypeW
GetStringTypeA
GetTimeZoneInformation
UnhandledExceptionFilter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
GetOEMCP
TerminateProcess
SetUnhandledExceptionFilter
IsBadWritePtr
VirtualFree
HeapCreate
TlsGetValue
TlsSetValue
TlsFree
SetLastError
TlsAlloc
GetCurrentProcessId
QueryPerformanceCounter
GetCPInfo
LCMapStringW
LCMapStringA
GetSystemTimeAsFileTime
GetTimeFormatA
GetCommandLineA
VirtualQuery
GetSystemInfo
lstrlenW
EnterCriticalSection
GetModuleFileNameA
lstrlenA
MultiByteToWideChar
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSection
RaiseException
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
MoveFileExA

user32

UnregisterClassA
CharNextA
SetWindowLongA
PostMessageA
GetClassInfoExA
wsprintfA
LoadCursorA
CreateWindowExA
RegisterClassExA
DestroyWindow
IsWindow
DefWindowProcA
GetWindowLongA
CallWindowProcA
SendMessageTimeoutA
RegisterWindowMessageA
MsgWaitForMultipleObjects
PeekMessageA
TranslateMessage
DispatchMessageA
SystemParametersInfoA
FindWindowExA
EnumChildWindows
GetWindowThreadProcessId
EnumWindows
ScreenToClient
CreateAcceleratorTableA
GetClassNameA
SetWindowPos
RedrawWindow
GetDlgItem
SetFocus
GetFocus
IsChild
GetWindow
DestroyAcceleratorTable
BeginPaint
EndPaint
GetDesktopWindow
InvalidateRgn
InvalidateRect
ReleaseDC
GetDC
GetClientRect
FillRect
SetCapture
ReleaseCapture
GetSysColor
GetWindowTextLengthA
GetWindowTextA
SetWindowTextA
AnimateWindow
GetCursorPos
OffsetRect
SendMessageA
GetParent
IsWindowVisible
ShowWindow
GetWindowRect
MoveWindow

gdi32

GetDeviceCaps
GetObjectA
CreateCompatibleBitmap
DeleteDC
SelectObject
DeleteObject
GetStockObject
CreateSolidBrush
OffsetViewportOrgEx
BitBlt
CreateCompatibleDC

advapi32

RegOpenKeyExA
RegCloseKey
RegDeleteKeyA
RegQueryValueExA
RegEnumKeyExA
RegSetValueExA
RegCreateKeyExA
RegQueryInfoKeyA

shell32

SHGetFileInfoA

ole32

StringFromCLSID
OleRun
CoCreateInstance
CLSIDFromString
CoCreateGuid
CreateStreamOnHGlobal
CLSIDFromProgID
CoTaskMemFree
StringFromGUID2
CoInitialize
CoUninitialize
CreateItemMoniker
OleInitialize
OleUninitialize
CoTaskMemAlloc
OleLockRunning
CoGetClassObject
GetRunningObjectTable

oleaut32

SysStringLen
SafeArrayCreate
SafeArrayCopy
GetErrorInfo
SafeArrayDestroy
SafeArrayUnlock
SafeArrayLock
SafeArrayGetDim
SafeArrayGetUBound
SafeArrayGetLBound
VarBstrCat
VariantCopy
OleCreateFontIndirect
DispCallFunc
VariantClear
SysAllocStringLen
VariantInit
VarUI4FromStr
VarBstrCmp
SysStringByteLen
SysAllocStringByteLen
SysFreeString
LoadRegTypeLi
LoadTypeLi
SysAllocString
UnRegisterTypeLi
RegisterTypeLi

shlwapi

PathFileExistsW
PathFindFileNameA
StrToIntExA
PathRenameExtensionA
SHSetValueA
PathFindExtensionA
StrCmpIW

urlmon

CoInternetParseUrl

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllMain
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 264KB - Virtual size: 261KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 52KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
install.rdf
.xml

Sharing

General

Malware Config

Signatures

Files

7fa974366048f9c551ef45714595665e

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 23KB - Virtual size: 22KB

.rdata Size: 5KB - Virtual size: 4KB

.data Size: 1024B - Virtual size: 151KB

.ndata Size: - Virtual size: 64KB

.rsrc Size: 17KB - Virtual size: 16KB

c193ea402999ea8ce8faa9fef22de03d

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

comdlg32

ole32

Exports

Exports

Sections

.text Size: 3KB - Virtual size: 3KB

.rdata Size: 2KB - Virtual size: 1KB

.data Size: 512B - Virtual size: 220B

.rsrc Size: 512B - Virtual size: 152B

.reloc Size: 512B - Virtual size: 440B

7fa974366048f9c551ef45714595665e

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 23KB - Virtual size: 22KB

.rdata Size: 5KB - Virtual size: 4KB

.data Size: 1024B - Virtual size: 151KB

.ndata Size: - Virtual size: 64KB

.rsrc Size: 17KB - Virtual size: 16KB

ebb85736a631e601557e361c9a07cfa3

Headers

File Characteristics

Imports

xpcom

kernel32

user32

ole32

oleaut32

nspr4

shlwapi

Exports

Exports

Sections

.text Size: 200KB - Virtual size: 197KB

.rdata Size: 32KB - Virtual size: 28KB

.data Size: 12KB - Virtual size: 17KB

.idata Size: 8KB - Virtual size: 5KB

.rsrc Size: 4KB - Virtual size: 288B

.reloc Size: 12KB - Virtual size: 9KB

7fa974366048f9c551ef45714595665e

.text
Size: 23KB - Virtual size: 22KB

.rdata
Size: 5KB - Virtual size: 4KB

.data
Size: 1024B - Virtual size: 151KB

.ndata
Size: - Virtual size: 64KB

.rsrc
Size: 17KB - Virtual size: 16KB

.text
Size: 3KB - Virtual size: 3KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 512B - Virtual size: 220B

.rsrc
Size: 512B - Virtual size: 152B

.reloc
Size: 512B - Virtual size: 440B

.text
Size: 23KB - Virtual size: 22KB

.rdata
Size: 5KB - Virtual size: 4KB

.data
Size: 1024B - Virtual size: 151KB

.ndata
Size: - Virtual size: 64KB

.rsrc
Size: 17KB - Virtual size: 16KB

.text
Size: 200KB - Virtual size: 197KB

.rdata
Size: 32KB - Virtual size: 28KB

.data
Size: 12KB - Virtual size: 17KB

.idata
Size: 8KB - Virtual size: 5KB

.rsrc
Size: 4KB - Virtual size: 288B

.reloc
Size: 12KB - Virtual size: 9KB

.text
Size: 23KB - Virtual size: 22KB

.rdata
Size: 5KB - Virtual size: 4KB

.data
Size: 1024B - Virtual size: 151KB

.ndata
Size: - Virtual size: 64KB

.rsrc
Size: 17KB - Virtual size: 16KB

.text
Size: 104KB - Virtual size: 100KB

.rdata
Size: 24KB - Virtual size: 20KB

.data
Size: 8KB - Virtual size: 14KB

.rsrc
Size: 4KB - Virtual size: 3KB

.reloc
Size: 24KB - Virtual size: 22KB

.text
Size: 148KB - Virtual size: 144KB

.rdata
Size: 28KB - Virtual size: 25KB

.data
Size: 8KB - Virtual size: 15KB

.rsrc
Size: 4KB - Virtual size: 3KB

.reloc
Size: 24KB - Virtual size: 23KB