a8e5029303a339dab6e010fa9eb005e8_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

a8e5029303a339dab6e010fa9eb005e8_JaffaCakes118
Size

10.9MB
MD5

a8e5029303a339dab6e010fa9eb005e8
SHA1

dcd18a9b0130d9dce9341bee05bd799afcba19f6
SHA256

0ff226f33131f38145b601114b29ff13b0f1ad8db7712ab60c0329ea78a5b5e4
SHA512

af8f3a71489287ea39adec06f31b338199b933c582bb79b5141d9fd042c19e8ca92413b02abd5f6cca9c249feaf74f120e324d3e1c0d8e0b1e48a457bd5bfcb4
SSDEEP

196608:zDvFWa9wZ/XvAfIGZSmC6WC5ry2PLIsqHEjlKVcxqf5p1i0A12TCOz9wXrTT2:zT/aZ/XvAgafCfCBy2PL4kjMCxqRpFks

Score

7^/10

aspackv2

Malware Config

Signatures

ASPack v2.12-2.42 1 IoCs

Detects executables packed with ASPack v2.12-2.42

aspackv2

resource	yara_rule
static1/unpack001/Reg.dll	aspack_v212_v242

Unsigned PE 6 IoCs

Checks for missing Authenticode signature.

resource
unpack001/MBXXGL.exe
unpack001/Msado15.dll
unpack001/Msjro.dll
unpack001/Pinyin.dll
unpack001/Reg.dll
unpack001/mfc42.dll

Files

a8e5029303a339dab6e010fa9eb005e8_JaffaCakes118
.rar
AUTORUN.INF
DATA.TAG
MBXXGL.exe
.exe windows:4 windows x86 arch:x86

1f08f56a95d02265818e7c2471d7f74d

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42

ord4080
ord4627
ord4425
ord3079
ord3597
ord800
ord801
ord641
ord860
ord540
ord541
ord324
ord825
ord2299
ord6640
ord2370
ord2362
ord2302
ord4234
ord6334
ord6199
ord858
ord3092
ord4710
ord2864
ord941
ord5981
ord4129
ord4853
ord924
ord4224
ord535
ord922
ord923
ord926
ord2818
ord823
ord4278
ord6282
ord859
ord537
ord939
ord1832
ord3663
ord6055
ord1776
ord4396
ord5290
ord4424
ord3574
ord3619
ord609
ord567
ord3626
ord2414
ord4275
ord2860
ord4284
ord3874
ord5875
ord2859
ord6197
ord1146
ord2379
ord1641
ord2243
ord3402
ord2135
ord818
ord5575
ord2642
ord2688
ord2820
ord3811
ord640
ord4160
ord1640
ord2246
ord3078
ord3067
ord482
ord323
ord3693
ord4133
ord4297
ord5788
ord551
ord5710
ord2763
ord2358
ord665
ord1979
ord5442
ord6385
ord5186
ord354
ord693
ord1200
ord4000
ord3303
ord6883
ord654
ord812
ord5862
ord5858
ord5861
ord559
ord341
ord4125
ord2582
ord4402
ord3370
ord3640
ord6907
ord3318
ord6010
ord3337
ord3317
ord2575
ord798
ord1997
ord5465
ord5194
ord533
ord4033
ord433
ord3398
ord3733
ord810
ord686
ord384
ord6008
ord2862
ord1168
ord2096
ord3287
ord1949
ord4034
ord1842
ord4242
ord2723
ord2390
ord3059
ord5100
ord5103
ord4467
ord4303
ord3350
ord5012
ord975
ord5472
ord3403
ord2879
ord2878
ord4151
ord4077
ord5237
ord5282
ord2649
ord1665
ord4436
ord4427
ord796
ord674
ord529
ord366
ord6069
ord6067
ord2494
ord2627
ord2626
ord6000
ord2117
ord3831
ord3825
ord4457
ord5252
ord804
ord616
ord793
ord656
ord6828
ord4724
ord3719
ord2985
ord3081
ord829
ord2366
ord6874
ord6215
ord2086
ord4615
ord4612
ord4610
ord4274
ord6375
ord4486
ord2554
ord2512
ord5731
ord3922
ord1089
ord5199
ord2396
ord3346
ord5300
ord5302
ord4079
ord4698
ord5307
ord5714
ord4622
ord3738
ord815
ord561
ord2863
ord617
ord5265
ord5214
ord296
ord986
ord520
ord4159
ord6117
ord2621
ord1134
ord2725
ord5289
ord1825
ord4238
ord4696
ord3058
ord3065
ord6336
ord2510
ord2542
ord5243
ord5740
ord1746
ord5577
ord3172
ord5653
ord4420
ord4953
ord4858
ord2399
ord4387
ord3454
ord3198
ord6080
ord6175
ord4623
ord4426
ord338
ord652
ord4823
ord4614
ord4613
ord1945
ord4273
ord4589
ord4899
ord5076
ord4341
ord4349
ord4723
ord4890
ord4531
ord4545
ord4543
ord4526
ord4529
ord4524
ord4964
ord4961
ord4108
ord5240
ord3748
ord1726
ord4432
ord3571
ord3573
ord813
ord560
ord5260
ord2535
ord6407
ord5583
ord3790
ord1175
ord1768
ord755
ord5785
ord470
ord4204
ord1771
ord6366
ord2413
ord2024
ord4219
ord2581
ord4401
ord3639
ord692
ord3803
ord6876
ord2567
ord2754
ord6021
ord2411
ord2023
ord4218
ord2578
ord4398
ord3582
ord2587
ord4406
ord3394
ord3729
ord6785
ord4271
ord3295
ord6154
ord2530
ord4366
ord4056
ord5471
ord4121
ord2389
ord5086
ord1710
ord1715
ord5234
ord6369
ord5279
ord5064
ord5248
ord2444
ord3730
ord554
ord807
ord4268
ord2452
ord2453
ord4220
ord2584
ord3654
ord2438
ord6270
ord6605
ord1644
ord5440
ord6383
ord5450
ord6394
ord3830
ord2976
ord6625
ord3262
ord5261
ord1727
ord5065
ord3749
ord6376
ord2055
ord2648
ord4441
ord4837
ord3798
ord5280
ord4353
ord6374
ord5163
ord2385
ord5241
ord4407
ord1775
ord4078
ord6052
ord2514
ord4998
ord4376
ord3136
ord4465
ord3259
ord3147
ord2982
ord5277
ord2124
ord2446
ord3610
ord2811
ord4163
ord5301
ord1576

msvcrt

_acmdln
exit
_XcptFilter
__setusermatherr
_initterm
wcslen
_setmbcp
_mbsicmp
__dllonexit
_mbscmp
__CxxFrameHandler
_CxxThrowException
atoi
div
atof
_ftol
??1type_info@@UAE@XZ
_controlfp
_onexit
_exit
__getmainargs
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3

kernel32

FreeLibrary
LoadLibraryA
GetProcAddress
LocalFree
FormatMessageA
lstrlenA
LocalAlloc
InterlockedDecrement
GetModuleHandleA
GetStartupInfoA
GetLastError
MultiByteToWideChar
WideCharToMultiByte

user32

LoadBitmapA
UpdateWindow
GetMenu
GetClientRect
EnableWindow
DestroyCursor
SendMessageA
KillTimer
SetCursor
ClientToScreen
ReleaseDC
LoadImageA
WindowFromPoint
InvalidateRect
PostMessageA
SetTimer
LoadMenuA
GetDC
GetSubMenu
EnableMenuItem
LoadIconA
GetSysColor
OffsetRect
FillRect
DrawStateA
CopyRect
InflateRect
DrawFocusRect
GetWindowLongA
wsprintfA
GetParent

gdi32

GetObjectA
BitBlt
SetBkColor
CreateCompatibleBitmap
SelectObject
CreateCompatibleDC
CreateFontIndirectA
GetStockObject
DeleteDC
StartPage
GetDeviceCaps
StartDocA
Rectangle
CreatePen
CreatePatternBrush
DeleteObject
EndPage
EndDoc

comctl32

ImageList_AddMasked
ImageList_ReplaceIcon
_TrackMouseEvent

ole32

CoInitialize
CoCreateInstance
OleRun
CoUninitialize

oleaut32

SysAllocString
SysFreeString
VariantCopy
VariantChangeType
VariantInit
VariantClear
GetErrorInfo

winmm

PlaySoundA
sndPlaySoundA

Sections

.text
Size: 708KB - Virtual size: 707KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 112KB - Virtual size: 110KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4.5MB - Virtual size: 4.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Msado15.dll
.dll regsvr32 windows:4 windows x86 arch:x86

52048b87d17893d5a4adbf0bc40478fd

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

kernel32

lstrcmpiA
GetModuleFileNameA
WaitForSingleObject
lstrcpyA
lstrcatA
lstrlenA
GetVersionExW
LCMapStringA
LCMapStringW
GetCurrentProcessId
CompareStringA
DeleteFileA
QueryPerformanceCounter
lstrlenW
TlsFree
WideCharToMultiByte
TlsAlloc
HeapFree
HeapCreate
GetModuleHandleA
GetSystemInfo
HeapDestroy
HeapAlloc
SetLastError
LoadLibraryA
GetLastError
GetTempFileNameA
CompareStringW
GetProcAddress
FreeLibrary
GetUserDefaultLCID
Sleep
MultiByteToWideChar
GetCurrentThreadId
CloseHandle
CreateThread
TlsSetValue
InterlockedExchange
TlsGetValue
EnterCriticalSection
DeleteCriticalSection
LeaveCriticalSection
DisableThreadLibraryCalls
IsDBCSLeadByte
InterlockedDecrement
InitializeCriticalSection
InterlockedIncrement

user32

GetDesktopWindow
GetWindow
IsWindowVisible
GetWindowThreadProcessId
GetWindowLongA
DestroyWindow
CharNextA
MessageBoxA
MsgWaitForMultipleObjects
TranslateMessage
PeekMessageA
LoadStringA
PostMessageA
DispatchMessageA
CreateWindowExA
GetActiveWindow
DefWindowProcA
RegisterClassExA

advapi32

RegDeleteKeyA
RegSetValueExA
RegQueryValueExA
RegEnumKeyExA
RegCreateKeyExA
RegCloseKey
RegOpenKeyExA

ole32

CoInitialize
CoCreateFreeThreadedMarshaler
CoTaskMemFree
CoTaskMemAlloc
CreateFileMoniker
CreateBindCtx
StringFromCLSID
CreateStreamOnHGlobal
CoReleaseMarshalData
CoMarshalInterface
CoUnmarshalInterface
CoTaskMemRealloc
CoUninitialize
CoCreateInstance

oleaut32

SysAllocStringLen
VariantClear
SafeArrayUnlock
SafeArrayLock
VariantChangeType
SafeArrayDestroy
SafeArrayRedim
SafeArrayPutElement
SysAllocStringByteLen
SysStringLen
SysAllocString
CreateErrorInfo
RegisterTypeLi
LoadTypeLi
OaBuildVersion
SysReAllocStringLen
SafeArrayCopy
SafeArrayCreate
SysFreeString
VariantInit
GetErrorInfo
SetErrorInfo
LoadRegTypeLi
SafeArrayGetElement
SysStringByteLen

msvcrt

fwrite
_adjust_fdiv
_initterm
sprintf
fread
rename
_access
fopen
strncmp
fseek
_wcsnicmp
wcsncmp
_ultow
_wtol
memmove
strcat
_strnicmp
_HUGE
strchr
strtod
strcmp
malloc
realloc
fclose
iswspace
abs
strlen
iswalpha
iswalnum
free
wcslen
wcscat
_wcsicmp
memcpy
wcsncpy
wcscpy
wcschr
memset
swprintf
_ftol
memcmp
_purecall

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
RNIGetCompatibleVersion
com_ms_wfc_data_Field_getBoolean
com_ms_wfc_data_Field_getByte
com_ms_wfc_data_Field_getBytes
com_ms_wfc_data_Field_getDataTimestamp
com_ms_wfc_data_Field_getDouble
com_ms_wfc_data_Field_getFloat
com_ms_wfc_data_Field_getInt
com_ms_wfc_data_Field_getLong
com_ms_wfc_data_Field_getShort
com_ms_wfc_data_Field_getString
com_ms_wfc_data_Field_isNull
com_ms_wfc_data_Field_loadMsjava
com_ms_wfc_data_Field_setDataDate

Sections

.text
Size: 224KB - Virtual size: 224KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 52KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Msdatgrd.ocx
.dll regsvr32 windows:4 windows x86 arch:x86

876294974e137decb1d3a02e0db7e3b1

Code Sign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

kernel32

lstrcmpA
CompareStringW
GetVersionExA
IsDBCSLeadByte
LoadResource
CompareStringA
FindResourceA
HeapReAlloc
LockResource
lstrcmpiA
lstrcpyA
GetLocaleInfoA
GetWindowsDirectoryA
lstrcpynA
GetModuleFileNameA
lstrcatA
DisableThreadLibraryCalls
GetFileAttributesA
GetVersion
GetLastError
InterlockedIncrement
InterlockedDecrement
GlobalUnlock
IsBadWritePtr
MultiByteToWideChar
InitializeCriticalSection
LeaveCriticalSection
DeleteCriticalSection
FreeLibrary
HeapFree
WideCharToMultiByte
lstrlenW
LoadLibraryA
EnterCriticalSection
HeapAlloc
GetProcessHeap
lstrlenA
GetProcAddress

user32

GetDesktopWindow
GetCapture
EndDialog
SetCursor
UnregisterClassA
ReleaseCapture
GetDlgItem
GetDCEx
WaitMessage
DefWindowProcA
GetWindow
GetActiveWindow
GetParent
EqualRect
SetWindowRgn
ShowWindow
SetParent
EndPaint
IsDialogMessageA
GetNextDlgTabItem
IsWindowEnabled
BeginPaint
EnableMenuItem
PeekMessageW
PostMessageW
RegisterWindowMessageA
KillTimer
SetTimer
wsprintfA
PeekMessageA
GetMessageA
PostQuitMessage
InvalidateRect
SetDlgItemTextA
TranslateMessage
CharNextA
IsWindowVisible
GetFocus
IsChild
GetDlgItemInt
SetDlgItemInt
GetWindowTextLengthA
SendDlgItemMessageA
EnableWindow
GetDlgItemTextA
IsDlgButtonChecked
LoadMenuA
GetSubMenu
DestroyMenu
CheckDlgButton
TrackPopupMenu
GetScrollInfo
ScrollWindowEx
ShowScrollBar
DrawFrameControl
SetScrollInfo
EnableScrollBar
IntersectRect
DrawTextA
DrawTextW
WindowFromDC
DrawTextExW
SetRect
FillRect
InflateRect
OffsetRect
GetDC
DrawTextExA
UpdateWindow
GetWindowRect
GetClientRect
ReleaseDC
CreateDialogIndirectParamA
DialogBoxParamA
PostMessageA
PtInRect
WinHelpA
GetAsyncKeyState
DispatchMessageA
GetKeyState
CreateWindowExW
SetWindowLongW
RedrawWindow
SendMessageW
ClientToScreen
ScreenToClient
CallWindowProcW
CallWindowProcA
MoveWindow
CreateWindowExA
SetWindowLongA
SetWindowPos
LoadBitmapA
RegisterClipboardFormatA
OpenClipboard
GetClipboardData
CloseClipboard
EmptyClipboard
SetClipboardData
MessageBoxA
SetFocus
MessageBeep
GetKeyboardLayout
GetWindowLongA
SendMessageA
GetSysColor
LoadCursorA
RegisterClassA
DestroyWindow
GetSystemMetrics
LoadStringA
GetMessagePos
EnumClipboardFormats
SetCapture

ole32

OleSaveToStream
CreateOleAdviseHolder
CoTaskMemAlloc
CoCreateInstance
OleLoadFromStream
CoTaskMemFree
CreateStreamOnHGlobal
GetHGlobalFromStream

advapi32

RegEnumKeyExA
RegQueryValueA
RegOpenKeyA
RegQueryValueExA
RegDeleteValueA
RegDeleteKeyA
RegOpenKeyExA
RegCreateKeyExA
RegSetValueExA
RegCloseKey

oleaut32

SafeArrayCreateVector
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayGetDim
SafeArrayUnaccessData
CreateErrorInfo
SafeArrayAccessData
OleCreatePropertyFrame
LoadTypeLibEx
SetErrorInfo
LoadTypeLi
RegisterTypeLi
UnRegisterTypeLi
OleCreatePictureIndirect
OleTranslateColor
VariantChangeTypeEx
SysAllocStringByteLen
LoadRegTypeLi
OleCreateFontIndirect
VarR4FromStr
VarBstrFromR4
VariantChangeType
VariantCopy
VariantClear
GetErrorInfo
VariantInit
SysStringLen
SysAllocStringLen
SysStringByteLen
SysFreeString
SysAllocString

gdi32

GetTextExtentPoint32W
ExtTextOutW
CreatePen
ExtTextOutA
CreateDCA
SetROP2
SetWindowExtEx
SetViewportExtEx
SetViewportOrgEx
GetWindowExtEx
GetViewportExtEx
LPtoDP
DeleteObject
CreateSolidBrush
GetTextExtentPoint32A
SetTextColor
DeleteDC
SetBkColor
CloseEnhMetaFile
GetDeviceCaps
CreateEnhMetaFileA
BitBlt
DeleteEnhMetaFile
GetObjectA
SetMapMode
DPtoLP
SelectClipRgn
GetWindowOrgEx
CreateRectRgnIndirect
Rectangle
IntersectClipRect
SetWindowOrgEx
PatBlt
SetTextAlign
GetDIBits
StretchDIBits
GetClipBox
CreateBitmap
GetSystemPaletteEntries
SelectObject
GetStockObject
CreateCompatibleDC
GetMapMode

Exports

Exports

DLLGetDocumentation
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 166KB - Virtual size: 166KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 67KB - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Msdatlst.ocx
.dll regsvr32 windows:4 windows x86 arch:x86

7d47a9ba1751cbe1e7774b194e0360b5

Code Sign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

kernel32

CompareStringW
CompareStringA
GetVersionExA
GlobalSize
GlobalLock
GlobalUnlock
GlobalAlloc
GlobalFree
FindResourceA
LoadResource
LockResource
GetLastError
lstrcmpiA
GetProcAddress
GetLocaleInfoA
LoadLibraryA
GetWindowsDirectoryA
GetModuleFileNameA
GetFileAttributesA
GetVersion
DisableThreadLibraryCalls
MulDiv
InterlockedDecrement
InterlockedIncrement
MultiByteToWideChar
lstrcmpA
IsBadWritePtr
GetProcessHeap
lstrcpynA
HeapReAlloc
EnterCriticalSection
DeleteCriticalSection
FreeLibrary
HeapFree
WideCharToMultiByte
lstrlenW
LeaveCriticalSection
GetTickCount
HeapAlloc
lstrlenA
lstrcpyA
lstrcatA
InitializeCriticalSection
IsDBCSLeadByte

user32

RegisterClipboardFormatA
SetCursorPos
CreateDialogIndirectParamA
MapWindowPoints
GetClipboardFormatNameA
PeekMessageW
PostMessageW
RegisterWindowMessageA
MessageBoxA
GetNextDlgTabItem
SetCursor
GetWindowLongA
CreateWindowExA
EnableWindow
IsDialogMessageA
IsWindowEnabled
IsWindowVisible
ShowScrollBar
MoveWindow
GetKeyState
DefWindowProcA
EndDialog
PeekMessageA
SetRect
FrameRect
GetClassInfoA
GetDlgItem
IsDlgButtonChecked
SendDlgItemMessageA
CheckDlgButton
GetActiveWindow
DialogBoxParamA
GetCursorPos
SetWindowLongA
SetWindowRgn
WinHelpA
ShowWindow
GetParent
IntersectRect
EqualRect
GetWindowTextLengthA
GetWindow
GetWindowTextA
IsChild
DispatchMessageA
IsWindow
GetClientRect
CallNextHookEx
GetWindowThreadProcessId
EndPaint
UnhookWindowsHookEx
BeginPaint
SetFocus
ClientToScreen
CallWindowProcA
PtInRect
InvalidateRect
LoadBitmapA
SetWindowPos
SetParent
SetWindowTextA
DestroyWindow
GetWindowRect
ScreenToClient
GetScrollInfo
TranslateMessage
SetScrollInfo
MessageBeep
ReleaseCapture
GetAsyncKeyState
PostMessageA
SetCapture
SendMessageA
ScrollDC
DrawFocusRect
GetCapture
SetRectEmpty
UpdateWindow
DrawEdge
InflateRect
IsRectEmpty
WindowFromDC
DrawFrameControl
GetFocus
OffsetRect
FillRect
GetSysColor
LoadCursorA
RegisterClassA
GetDC
ReleaseDC
GetSystemMetrics
LoadStringA
UnregisterClassA
wsprintfA
SetWindowsHookExA
CharNextA

ole32

ReleaseStgMedium
DoDragDrop
RegisterDragDrop
RevokeDragDrop
CreateOleAdviseHolder
CoTaskMemAlloc
CoTaskMemRealloc
CoTaskMemFree
OleSaveToStream
OleLoadFromStream
CoCreateInstance

advapi32

RegEnumKeyExA
RegQueryValueA
RegOpenKeyA
RegQueryValueExA
RegDeleteValueA
RegDeleteKeyA
RegOpenKeyExA
RegCreateKeyExA
RegSetValueExA
RegCloseKey

oleaut32

SafeArrayGetElement
VariantCopyInd
SafeArrayPutElement
SetErrorInfo
LoadRegTypeLi
CreateErrorInfo
LoadTypeLibEx
UnRegisterTypeLi
OleCreatePropertyFrame
RegisterTypeLi
SafeArrayCopy
LoadTypeLi
VariantChangeType
SafeArrayCreate
SafeArrayDestroy
OleLoadPicture
SafeArrayGetLBound
SafeArrayRedim
SafeArrayAccessData
SafeArrayUnaccessData
SafeArrayGetUBound
VariantCopy
OleCreatePictureIndirect
SafeArrayGetDim
OleTranslateColor
SysStringLen
SysAllocStringLen
SysAllocStringByteLen
VariantInit
VariantClear
SysFreeString
SysAllocString
OleCreateFontIndirect
GetErrorInfo

gdi32

CopyEnhMetaFileA
CreateDCA
SetWindowOrgEx
SetViewportExtEx
SetMapMode
CopyMetaFileA
CreateCompatibleBitmap
StretchBlt
GetNearestColor
CreatePalette
GetBitmapBits
CreateDIBitmap
SelectPalette
RealizePalette
GetDIBits
GetPaletteEntries
GetStockObject
CreateBitmap
GetTextMetricsA
SetBkColor
SetTextColor
SelectObject
ExtTextOutA
GetTextExtentPoint32A
GetDeviceCaps
DeleteObject
CreateSolidBrush
SetBkMode
PatBlt
IntersectClipRect
DeleteDC
BitBlt
CreateCompatibleDC
SetViewportOrgEx
SetWindowExtEx
CreateRectRgnIndirect
GetObjectA
LPtoDP
GetWindowExtEx
GetViewportExtEx

Exports

Exports

DLLGetDocumentation
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 149KB - Virtual size: 148KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 56KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Msjro.dll
.dll regsvr32 windows:4 windows x86 arch:x86

3485e81aee4355d0f52c2e4e86e14ea3

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

oleaut32

SysStringLen
SetErrorInfo
LoadRegTypeLi
VariantClear
VarI4FromStr
LoadTypeLi
CreateErrorInfo
RegisterTypeLi
OaBuildVersion
SysFreeString
VariantInit
SysAllocStringLen
SysAllocString
GetErrorInfo

kernel32

GetProcAddress
SetLastError
HeapAlloc
HeapCreate
GetLastError
HeapDestroy
GetModuleHandleA
InterlockedExchange
TlsSetValue
GetCurrentThreadId
GetSystemInfo
TlsGetValue
TlsAlloc
lstrlenA
lstrcmpiA
lstrcpynA
lstrlenW
FreeLibrary
SizeofResource
LoadResource
FindResourceA
LeaveCriticalSection
MultiByteToWideChar
WideCharToMultiByte
GetModuleFileNameA
lstrcpyA
lstrcatA
LoadLibraryA
IsDBCSLeadByte
GetVersionExW
LCMapStringA
LCMapStringW
GetUserDefaultLCID
CompareStringA
CompareStringW
InterlockedDecrement
InterlockedIncrement
InitializeCriticalSection
EnterCriticalSection
DeleteCriticalSection
LoadLibraryExA
DisableThreadLibraryCalls
HeapFree
TlsFree

user32

CharNextA
LoadStringA
PostMessageA

advapi32

RegDeleteValueA
RegOpenKeyExA
RegSetValueExA
RegCreateKeyExA
RegQueryValueExA
RegEnumKeyExA
RegCloseKey
RegQueryInfoKeyA
RegDeleteKeyA

ole32

CoTaskMemRealloc
CoTaskMemAlloc
CreateBindCtx
CreateFileMoniker
CoCreateInstance
CoTaskMemFree
CoCreateFreeThreadedMarshaler

msvcrt

wcscat
wcschr
wcslen
_wtol
memcpy
wcscpy
_wcsicmp
_wcsnicmp
memmove
strcat
free
malloc
realloc
wcscmp
_purecall
memcmp
wcsncmp
strlen
swprintf
_initterm
_adjust_fdiv
_ftol
sprintf
memset

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 43KB - Virtual size: 43KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Pinyin.dll
.dll windows:1 windows x86 arch:x86

741e621183c22251b8ccebf3718c4a9f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

crtdll

_fdopen

Exports

Exports

GetPinYin
GetPinYinLeader

Sections

.text
Size: 25KB - Virtual size: 56KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Reg.dll
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Exports

Exports

@@Dllfunc_unit@Finalize
@@Dllfunc_unit@Initialize
CreateSerialNumber
Des
GetCPUID
GetMD5Str
ReadPhysicalDrive
___CPPdebugHook

Sections

.text
Size: 261KB - Virtual size: 656KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 14KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 21KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.aspack
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
SETUP.EXE
SETUP.INI
XXGL.mdb
_INST32I.EX_
_ISDEL.EXE
_setup.dll
_sys1.cab
_user1.cab
andxj.wav
data1.cab
lang.dat
layout.bin
mbxxgl.chm
.chm
mfc42.dll
.dll regsvr32 windows:4 windows x86 arch:x86

1557eebc6134cee9eb9d0583a2b40341

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

_initterm
?terminate@@YAXXZ
_except_handler3
_adjust_fdiv
_onexit
__dllonexit
??1type_info@@UAE@XZ
_mbsnbicmp
wcsncpy
wcscpy
_ltoa
_ultoa
swprintf
_itoa
modf
ceil
fabs
floor
labs
_ftol
_splitpath
_fullpath
atol
__p___argc
_EH_prolog
__p___argv
_beginthreadex
_endthreadex
_strdup
_mbsdec
_expand
strtod
strtol
strtoul
abs
calloc
_msize
_purecall
strftime
_mbctype
localtime
gmtime
time
_ismbcspace
atoi
_ismbcdigit
_mbsnbcmp
sprintf
strlen
_mbclen
vsprintf
_mbsrchr
_mbscspn
_mbsspn
_mbsstr
_mbsrev
_mbslwr
_mbsupr
_mbspbrk
_mbschr
wcslen
_mbscmp
realloc
fclose
fflush
fseek
ftell
fgets
fputs
fwrite
fread
clearerr
_open_osfhandle
_fdopen
__doserrno
_get_osfhandle
memset
_mbsinc
abort
free
malloc
memcmp
memmove
memcpy
_CxxThrowException
mktime
__CxxFrameHandler

kernel32

FindClose
FindFirstFileA
lstrcpyA
MultiByteToWideChar
GetFullPathNameA
GetStringTypeExA
GetThreadLocale
lstrcmpiA
GetShortPathNameA
GetModuleFileNameA
GlobalSize
GlobalLock
GlobalAlloc
GlobalReAlloc
GlobalUnlock
GlobalFree
GetFileAttributesA
GetFileSize
GetFileTime
LocalFileTimeToFileTime
SystemTimeToFileTime
SetFileTime
SetFileAttributesA
InterlockedIncrement
InterlockedDecrement
WideCharToMultiByte
LocalFree
FormatMessageA
FileTimeToSystemTime
FileTimeToLocalFileTime
GetCPInfo
GetOEMCP
LocalAlloc
InitializeCriticalSection
TlsAlloc
DeleteCriticalSection
GlobalHandle
TlsFree
LeaveCriticalSection
EnterCriticalSection
TlsSetValue
LocalReAlloc
TlsGetValue
WaitForSingleObject
CreateSemaphoreA
DeleteFileA
LoadLibraryA
ReleaseMutex
InterlockedExchange
WaitForMultipleObjects
GetModuleHandleA
GlobalDeleteAtom
GlobalFindAtomA
GlobalAddAtomA
GlobalGetAtomNameA
GetCurrentThreadId
lstrcatA
GetVersion
LockResource
LoadResource
FindResourceA
FreeLibrary
MulDiv
GetProfileIntA
VirtualProtect
FindResourceExA
SizeofResource
GetProcessVersion
GlobalFlags
GetTempFileNameA
GetDiskFreeSpaceA
LocalUnlock
LocalLock
GetTempPathA
SearchPathA
SetEvent
ResumeThread
SetThreadPriority
SuspendThread
GetCurrentThread
SetErrorMode
GetPrivateProfileIntA
GetPrivateProfileStringA
WritePrivateProfileStringA
GetCurrentDirectoryA
FindNextFileA
GetTickCount
lstrlenW
CopyFileA
lstrcpyW
GetUserDefaultLCID
IsDBCSLeadByte
GetSystemDirectoryA
GetProcAddress
UnlockFile
MoveFileA
SetEndOfFile
FlushFileBuffers
LockFile
CloseHandle
ReadFile
SetFilePointer
WriteFile
DuplicateHandle
CreateFileA
GetCurrentProcess
lstrlenA
lstrcmpA
OutputDebugStringA
IsBadStringPtrA
IsBadReadPtr
IsBadWritePtr
GetLastError
IsBadStringPtrW
lstrcpynA
ReleaseSemaphore
SetLastError
CreateMutexA
GetVolumeInformationA
CreateEventA
RaiseException

gdi32

TextOutA
GetPolyFillMode
EnumFontFamiliesA
GetPixel
CreatePalette
GetPaletteEntries
RealizePalette
OffsetRgn
SetBrushOrgEx
CreateMetaFileA
CopyMetaFileA
LPtoDP
SetAbortProc
StartPage
EndPage
EndDoc
AbortDoc
DPtoLP
CombineRgn
SetRectRgn
GetMapMode
CreateDIBPatternBrushPt
CreateHatchBrush
ExtCreatePen
PlayMetaFile
EnumMetaFile
GetObjectType
PlayMetaFileRecord
ExtSelectClipRgn
SelectClipPath
CreateRectRgn
GetClipRgn
PolyBezierTo
SetColorAdjustment
PolylineTo
PolyDraw
SetArcDirection
ArcTo
SetMapperFlags
SetTextCharacterExtra
SetTextJustification
SetTextAlign
LineTo
OffsetClipRgn
ExcludeClipRect
SelectClipRgn
OffsetWindowOrgEx
SetStretchBltMode
SetROP2
SetPolyFillMode
SetBkMode
SelectPalette
StartDocA
EnumFontFamiliesExA
CreateDCA
CreateRectRgnIndirect
Rectangle
UnrealizeObject
PatBlt
CreateBitmap
CreatePatternBrush
CreatePen
CloseMetaFile
DeleteMetaFile
RectVisible
PtVisible
IntersectClipRect
GetViewportOrgEx
GetWindowOrgEx
SetWindowOrgEx
GetDeviceCaps
Escape
GetCurrentPositionEx
MoveToEx
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SetMapMode
GetTextFaceA
GetWindowExtEx
GetViewportExtEx
GetROP2
GetBkMode
GetTextAlign
GetNearestColor
GetBkColor
GetTextColor
SaveDC
GetStockObject
RestoreDC
GetCharWidthA
DeleteObject
CreateFontA
StretchDIBits
DeleteDC
CreateCompatibleBitmap
GetTextExtentPoint32A
ExtTextOutA
CreateSolidBrush
BitBlt
CreateFontIndirectA
CreateCompatibleDC
GetTextMetricsA
GetObjectA
SelectObject
SetTextColor
GetClipBox
SetBkColor
GetStretchBltMode

user32

SetCapture
CharToOemA
OemToCharA
UnhookWindowsHookEx
MsgWaitForMultipleObjects
GetWindowRect
GetWindowPlacement
IsIconic
SystemParametersInfoA
IntersectRect
OffsetRect
RegisterWindowMessageA
SetWindowPos
SetWindowLongA
GetWindowLongA
GetWindow
SendMessageA
SetForegroundWindow
GetForegroundWindow
GetLastActivePopup
GetMessagePos
GetMessageTime
RemovePropA
CallWindowProcA
GetPropA
SetPropA
GetClassLongA
CallNextHookEx
SetWindowsHookExA
CreateWindowExA
DestroyWindow
DefWindowProcA
GetKeyState
GetDlgCtrlID
GetWindowTextA
GetWindowTextLengthA
GetDlgItem
SetWindowPlacement
TrackPopupMenu
GetMenuItemID
GetSubMenu
GetMenuItemCount
GetMenu
RegisterClassA
GetClassInfoA
WinHelpA
GetCapture
GetParent
IsChild
MessageBoxA
GetTopWindow
SetScrollPos
GetScrollPos
SetScrollRange
GetScrollRange
ShowScrollBar
SetScrollInfo
GetScrollInfo
ScrollWindow
IsWindowVisible
EnableWindow
EndDeferWindowPos
CopyRect
BeginDeferWindowPos
GetClientRect
DeferWindowPos
EqualRect
ScreenToClient
AdjustWindowRectEx
SetFocus
IsWindow
SetActiveWindow
GetFocus
DispatchMessageA
PeekMessageA
GetSysColor
MapWindowPoints
SendDlgItemMessageA
UpdateWindow
PostMessageA
LoadIconA
SetRectEmpty
LoadAcceleratorsA
TranslateAcceleratorA
ReleaseCapture
SetCursor
IsWindowEnabled
GetDesktopWindow
ShowWindow
GetActiveWindow
DestroyMenu
LoadMenuA
SetMenu
ReuseDDElParam
UnpackDDElParam
InvalidateRect
BringWindowToTop
LoadCursorA
GetSystemMetrics
WaitMessage
GetCursorPos
GetWindowThreadProcessId
WindowFromPoint
ClientToScreen
TranslateMessage
GetMessageA
DefFrameProcA
TranslateMDISysAccel
DrawMenuBar
DefMDIChildProcA
RedrawWindow
LoadBitmapA
InflateRect
PtInRect
ReleaseDC
InvertRect
GetWindowDC
FillRect
SetTimer
KillTimer
SetRect
GetDC
IsZoomed
SetParent
IsRectEmpty
AppendMenuA
DeleteMenu
GetSystemMenu
GetDCEx
LockWindowUpdate
GetTabbedTextExtentA
DrawTextA
GrayStringA
UnionRect
DrawFocusRect
CreateDialogIndirectParamA
EndDialog
GetNextDlgTabItem
wvsprintfA
GetAsyncKeyState
MapDialogRect
GetDialogBaseUnits
BeginPaint
EndPaint
TabbedTextOutA
GetSysColorBrush
GetClassNameA
SetWindowTextA
CheckDlgButton
CheckRadioButton
GetDlgItemInt
GetDlgItemTextA
SetDlgItemInt
SetDlgItemTextA
IsDlgButtonChecked
ScrollWindowEx
IsDialogMessageA
MoveWindow
EnableMenuItem
CheckMenuItem
SetMenuItemBitmaps
ModifyMenuA
GetMenuState
GetMenuCheckMarkDimensions
DestroyIcon
SetCursorPos
DestroyCursor
FindWindowA
IsClipboardFormatAvailable
MessageBeep
RemoveMenu
ValidateRect
PostQuitMessage
UnregisterClassA
ShowOwnedPopups
InsertMenuA
GetMenuStringA
RegisterClipboardFormatA
CopyAcceleratorTableA
InSendMessage
PostThreadMessageA
CreateMenu
WindowFromDC
CountClipboardFormats
SetWindowContextHelpId
CharNextA
GetNextDlgGroupItem
ClipCursor
DrawEdge
EnumChildWindows
InvalidateRgn
FrameRect
LoadStringA
CharUpperA
wsprintfA

Exports

Exports

?classCCachedDataPathProperty@CCachedDataPathProperty@@2UCRuntimeClass@@B
?classCDataPathProperty@CDataPathProperty@@2UCRuntimeClass@@B
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 616KB - Virtual size: 613KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 212KB - Virtual size: 209KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 32KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 44KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 60KB - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
os.dat
setup.bmp
setup.ins
setup.lid
skb.wav
下载说明.htm
.html .js polyglot

Sharing

General

Malware Config

Signatures

Files

1f08f56a95d02265818e7c2471d7f74d

Headers

File Characteristics

Imports

mfc42

msvcrt

kernel32

user32

gdi32

comctl32

ole32

oleaut32

winmm

Sections

.text Size: 708KB - Virtual size: 707KB

.rdata Size: 112KB - Virtual size: 110KB

.data Size: 16KB - Virtual size: 13KB

.rsrc Size: 4.5MB - Virtual size: 4.5MB

52048b87d17893d5a4adbf0bc40478fd

Headers

File Characteristics

Imports

kernel32

user32

advapi32

ole32

oleaut32

msvcrt

Exports

Exports

Sections

.text Size: 224KB - Virtual size: 224KB

.rdata Size: 32KB - Virtual size: 32KB

.data Size: 6KB - Virtual size: 5KB

.rsrc Size: 52KB - Virtual size: 51KB

.reloc Size: 15KB - Virtual size: 15KB

876294974e137decb1d3a02e0db7e3b1

Code Sign

Signer

Headers

File Characteristics

Imports

kernel32

user32

ole32

advapi32

oleaut32

gdi32

Exports

Exports

Sections

.text Size: 166KB - Virtual size: 166KB

.data Size: 5KB - Virtual size: 5KB

.rsrc Size: 67KB - Virtual size: 66KB

.reloc Size: 10KB - Virtual size: 9KB

7d47a9ba1751cbe1e7774b194e0360b5

Code Sign

Signer

Headers

File Characteristics

Imports

kernel32

user32

ole32

advapi32

oleaut32

gdi32

Exports

Exports

Sections

.text Size: 149KB - Virtual size: 148KB

.data Size: 4KB - Virtual size: 4KB

.rsrc Size: 56KB - Virtual size: 55KB

.reloc Size: 11KB - Virtual size: 11KB

3485e81aee4355d0f52c2e4e86e14ea3

.text
Size: 708KB - Virtual size: 707KB

.rdata
Size: 112KB - Virtual size: 110KB

.data
Size: 16KB - Virtual size: 13KB

.rsrc
Size: 4.5MB - Virtual size: 4.5MB

.text
Size: 224KB - Virtual size: 224KB

.rdata
Size: 32KB - Virtual size: 32KB

.data
Size: 6KB - Virtual size: 5KB

.rsrc
Size: 52KB - Virtual size: 51KB

.reloc
Size: 15KB - Virtual size: 15KB

.text
Size: 166KB - Virtual size: 166KB

.data
Size: 5KB - Virtual size: 5KB

.rsrc
Size: 67KB - Virtual size: 66KB

.reloc
Size: 10KB - Virtual size: 9KB

.text
Size: 149KB - Virtual size: 148KB

.data
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 56KB - Virtual size: 55KB

.reloc
Size: 11KB - Virtual size: 11KB

.text
Size: 43KB - Virtual size: 43KB

.rdata
Size: 15KB - Virtual size: 14KB

.data
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 10KB - Virtual size: 10KB

.reloc
Size: 5KB - Virtual size: 4KB

.text
Size: 25KB - Virtual size: 56KB

.rsrc
Size: 4KB - Virtual size: 4KB

.reloc
Size: 512B - Virtual size: 512B

.text
Size: 261KB - Virtual size: 656KB

.data
Size: 14KB - Virtual size: 88KB

.tls
Size: 512B - Virtual size: 4KB

.idata
Size: 3KB - Virtual size: 12KB

.edata
Size: 512B - Virtual size: 4KB

.rsrc
Size: 5KB - Virtual size: 16KB

.reloc
Size: 21KB - Virtual size: 36KB

.aspack
Size: 4KB - Virtual size: 8KB

.adata
Size: - Virtual size: 4KB

.text
Size: 616KB - Virtual size: 613KB

.rdata
Size: 212KB - Virtual size: 209KB

.data
Size: 32KB - Virtual size: 29KB

.rsrc
Size: 44KB - Virtual size: 40KB

.reloc
Size: 60KB - Virtual size: 59KB