ae945dfb9215638d444d0812727468f8_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

ae945dfb9215638d444d0812727468f8_JaffaCakes118
Size

2.1MB
MD5

ae945dfb9215638d444d0812727468f8
SHA1

b4ae39194325e96c444d91c98afb5b95a6be353f
SHA256

b7acec30fd67b2d21e58f195339390186ffff982defe60d130feb4c014ee5fe0
SHA512

412ac2f52ba2d73b23d7ead699469ef923b72ea073d4a0ac57b94f5f304b3c940a7cb0a7587c14e088513693576e777ee97609780bd176a336621b78e891c82c
SSDEEP

49152:4b+tzNhZ40ZTP1VoNEX9dSUTIY/t1yd4AbQrjokES1O87S2hTEA0GNoG0:4oB4+TroNEXqUTISTa13khEAk

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack002/UninstallIME.exe	upx

Unsigned PE 12 IoCs

Checks for missing Authenticode signature.

resource
unpack001/freewb5.exe
unpack002/$PLUGINSDIR/UserInfo.dll
unpack002/UninstallIME.exe
unpack003/out.upx
unpack002/freewb.dll
unpack002/freewb.ime
unpack002/plugin/QueryEx.plg
unpack002/plugin/command.plg
unpack002/plugin/date.plg
unpack002/plugin/queryex.plg
unpack002/registry.exe
unpack002/uninst.exe

NSIS installer 2 IoCs

installer

resource	yara_rule
static1/unpack001/freewb5.exe	nsis_installer_1
static1/unpack002/uninst.exe	nsis_installer_1

Files

ae945dfb9215638d444d0812727468f8_JaffaCakes118
.rar
freewb5.exe
.exe windows:4 windows x86 arch:x86

170729c4965736ee8f8f4d1bab77cf38

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetFileTime
CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetFileSize
GetModuleFileNameA
GetTickCount
GetCurrentProcess
CopyFileA
ExitProcess
lstrcpynA
GetCommandLineA
CloseHandle
GetTempPathA
GetUserDefaultLangID
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
CreateFileA
GetTempFileNameA
SetEndOfFile
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
lstrcpyA
lstrlenA
lstrcatA
GetSystemDirectoryA
lstrcmpiA
GetEnvironmentVariableA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
SetErrorMode
GetModuleHandleA
LoadLibraryA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
MulDiv
WriteFile
ReadFile
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetWindowsDirectoryA

user32

EndDialog
ScreenToClient
GetWindowRect
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
LoadCursorA
SetCursor
CheckDlgButton
GetAsyncKeyState
IsDlgButtonChecked
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
RegisterClassA
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxA
CharPrevA
wvsprintfA
DispatchMessageA
PeekMessageA
CreateDialogParamA
DestroyWindow
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
ShowWindow
wsprintfA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
OpenClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
SendMessageTimeoutA

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetMalloc
SHGetPathFromIDListA
SHBrowseForFolderA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 262KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 264KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 29KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/UserInfo.dll
.dll windows:4 windows x86 arch:x86

48cfa0ea7e353e4a7dd23572da8374ef

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetVersion
GetCurrentThread
GetCurrentProcess
GetLastError
GlobalFree
CloseHandle
lstrcpynA
GlobalAlloc

advapi32

OpenProcessToken
GetTokenInformation
AllocateAndInitializeSid
EqualSid
FreeSid
GetUserNameA
OpenThreadToken

Exports

Exports

GetAccountType
GetName

Sections

.text
Size: 1024B - Virtual size: 573B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 576B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 45B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 132B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
UninstallIME.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 36KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 17KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX2
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
background/2ring.bmp
background/IPurple_GB.BMP
background/goose2.bmp
background/gray_fade.bmp
background/leaf.bmp
convert.mb
freewb.bex
freewb.bin
freewb.dll
.dll windows:4 windows x86 arch:x86

f7f6dfa449de7de3a31b7342e4089d15

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetUnhandledExceptionFilter
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
IsBadWritePtr
IsBadCodePtr
SetStdHandle
CompareStringA
CompareStringW
SetEnvironmentVariableA
VirtualAlloc
VirtualFree
GetPrivateProfileStringA
HeapCreate
HeapDestroy
GetACP
HeapReAlloc
HeapSize
GetTimeZoneInformation
TerminateProcess
ExitProcess
RaiseException
GetCommandLineA
HeapAlloc
HeapFree
FindNextFileA
RtlUnwind
GetFileTime
GetFileAttributesA
GetOEMCP
GetCPInfo
GetProcessVersion
GlobalFlags
SetErrorMode
TlsGetValue
LocalReAlloc
TlsSetValue
EnterCriticalSection
GlobalReAlloc
LeaveCriticalSection
TlsFree
GlobalHandle
DeleteCriticalSection
TlsAlloc
InitializeCriticalSection
LocalAlloc
FileTimeToLocalFileTime
FileTimeToSystemTime
GlobalAlloc
lstrcmpA
GetCurrentThread
GetModuleFileNameA
GetFullPathNameA
lstrcpynA
GetVolumeInformationA
FindFirstFileA
FindClose
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
GetCurrentProcess
DuplicateHandle
GetLastError
FormatMessageA
LocalFree
MultiByteToWideChar
WideCharToMultiByte
lstrlenA
InterlockedIncrement
InterlockedDecrement
GlobalFree
GlobalLock
GlobalUnlock
SetLastError
LoadLibraryA
FreeLibrary
FindResourceA
LoadResource
LockResource
GetVersion
lstrcatA
GetCurrentThreadId
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
lstrcpyA
GetProcAddress
GetTickCount
lstrcmpiA
SetFilePointer
CloseHandle
CopyFileA
WriteFile
GetFileSize
ReadFile
CreateFileA
DeleteFileA
MulDiv
WritePrivateProfileStringA
GetPrivateProfileIntA
GetModuleHandleA
IsBadReadPtr

user32

SetCapture
SetParent
SetRect
WindowFromPoint
ReleaseCapture
LoadStringA
GetSysColorBrush
GetDesktopWindow
UnregisterClassA
InflateRect
RegisterClipboardFormatA
GetMessageA
TranslateMessage
ValidateRect
PostQuitMessage
CharUpperA
PtInRect
SetRectEmpty
DestroyMenu
ShowWindow
MoveWindow
IsDialogMessageA
EndDialog
GetActiveWindow
CreateDialogIndirectParamA
IsWindowEnabled
GrayStringA
DrawTextA
TabbedTextOutA
EndPaint
BeginPaint
GetWindowDC
ClientToScreen
GetMenuCheckMarkDimensions
GetMenuState
ModifyMenuA
SetMenuItemBitmaps
EnableMenuItem
GetNextDlgTabItem
SendDlgItemMessageA
GetDCEx
PeekMessageA
DispatchMessageA
SetActiveWindow
AdjustWindowRectEx
EqualRect
DeferWindowPos
BeginDeferWindowPos
EndDeferWindowPos
IsWindowVisible
GetTopWindow
MessageBoxA
GetCapture
WinHelpA
wsprintfA
GetClassInfoA
RegisterClassA
GetMenu
GetMenuItemCount
GetMenuItemID
TrackPopupMenu
GetDlgItem
GetWindowTextLengthA
GetWindowTextA
GetDlgCtrlID
DefWindowProcA
DestroyWindow
CreateWindowExA
SendMessageA
CheckMenuItem
GetSubMenu
GetCursorPos
LoadBitmapA
LoadMenuA
EnableWindow
LoadCursorA
ScreenToClient
GetWindowRect
InvalidateRect
ReleaseDC
FrameRect
FillRect
SetWindowsHookExA
CallNextHookEx
GetClassLongA
SetPropA
UnhookWindowsHookEx
GetPropA
CallWindowProcA
RemovePropA
GetMessageTime
GetMessagePos
GetLastActivePopup
GetForegroundWindow
SetForegroundWindow
GetWindow
SetWindowPos
PostThreadMessageA
MapWindowPoints
IntersectRect
IsIconic
GetWindowPlacement
GetSystemMetrics
IsChild
GetClassNameA
SetFocus
GetFocus
SystemParametersInfoA
CopyRect
GetSysColor
GetClientRect
GetDC
LoadImageA
SetTimer
KillTimer
RegisterWindowMessageA
LoadIconA
GetKeyState
PostMessageA
SetWindowTextA
UpdateWindow
GetParent
RedrawWindow
OffsetRect
SetCursor
IsWindow
LockWindowUpdate
SetWindowLongA
GetWindowLongA

gdi32

CreateRectRgn
CreatePatternBrush
RectVisible
ExtTextOutA
Escape
PatBlt
CreateRectRgnIndirect
StretchDIBits
GetCharWidthA
SetRectRgn
CombineRgn
GetTextMetricsA
SetTextAlign
IntersectClipRect
ExcludeClipRect
SelectClipRgn
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
RestoreDC
SetViewportExtEx
OffsetViewportOrgEx
SetStretchBltMode
PtVisible
DeleteDC
SaveDC
GetClipBox
CreatePen
Ellipse
Rectangle
GetStockObject
GetViewportOrgEx
SetViewportOrgEx
CreateFontIndirectA
CreateFontA
SetBkMode
GetTextExtentPoint32A
SetTextColor
TextOutA
CreateSolidBrush
CreateRoundRectRgn
StretchBlt
FillRgn
FrameRgn
GetDeviceCaps
CreateCompatibleDC
SelectObject
GetObjectA
DPtoLP
CreateBitmap
CreateCompatibleBitmap
GetMapMode
SetMapMode
BitBlt
SetBkColor
DeleteObject

comdlg32

FindTextA
ReplaceTextA
ChooseColorA
ChooseFontA
GetOpenFileNameA
GetFileTitleA

winspool.drv

DocumentPropertiesA
ClosePrinter
OpenPrinterA

advapi32

RegQueryValueExA
RegOpenKeyExA
RegCreateKeyExA
RegSetValueExA
RegCloseKey

shell32

ShellExecuteA

comctl32

ord17
ImageList_Destroy

oledlg

ord8

ole32

OleIsCurrentClipboard
OleFlushClipboard
CoRegisterMessageFilter
CoFreeUnusedLibraries
OleUninitialize
OleInitialize
CoRevokeClassObject

oleaut32

VarDateFromStr

Exports

Exports

CreateBig5
EditFile
GroupDeleteWord
Setup

Sections

.text
Size: 180KB - Virtual size: 178KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 32KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
freewb.htm
.html
freewb.ime
.dll windows:4 windows x86 arch:x86

08afe1a1ea22a4d7c059503ed1f240ac

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

imm32

ImmGetCompositionWindow
ImmSetStatusWindowPos
ImmCreateSoftKeyboard
ImmShowSoftKeyboard
ImmDestroySoftKeyboard
ImmGetIMEFileNameA
ImmSetOpenStatus
ImmGenerateMessage
ImmSetConversionStatus
ImmCreateIMCC
ImmReSizeIMCC
ImmDestroyIMCC
ImmLockIMCC
ImmUnlockIMCC
ImmLockIMC
ImmUnlockIMC

kernel32

GlobalAddAtomA
GetCurrentThreadId
Beep
DeleteFileA
SetEnvironmentVariableA
CompareStringW
CompareStringA
RaiseException
SetEndOfFile
GetTimeZoneInformation
FlushFileBuffers
SetStdHandle
LCMapStringW
LCMapStringA
RtlUnwind
InterlockedIncrement
InterlockedDecrement
GetEnvironmentStringsW
GetEnvironmentStrings
GetCurrentDirectoryA
FreeEnvironmentStringsW
FreeEnvironmentStringsA
GetModuleFileNameA
TlsGetValue
SetLastError
TlsFree
TlsAlloc
TlsSetValue
GetCurrentProcess
TerminateProcess
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
HeapReAlloc
VirtualAlloc
ExitProcess
DeleteCriticalSection
VirtualFree
HeapCreate
HeapDestroy
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
GetOEMCP
GetACP
GetCPInfo
GetStringTypeW
GetStringTypeA
MultiByteToWideChar
GetVersion
GetCommandLineA
FileTimeToLocalFileTime
FileTimeToSystemTime
FindClose
FindNextFileA
FindFirstFileA
GetFileAttributesA
HeapAlloc
HeapFree
SetCurrentDirectoryA
LoadLibraryA
FreeLibrary
SetFilePointer
UnmapViewOfFile
OpenFileMappingA
CreateFileMappingA
MapViewOfFile
CreateMutexA
GetLastError
ReleaseMutex
CreateFileA
GetFileSize
ReadFile
CloseHandle
WriteFile
GetPrivateProfileIntA
GetVersionExA
GetUserDefaultLangID
FindResourceA
LoadResource
LockResource
FreeResource
WritePrivateProfileStringA
GlobalAlloc
lstrcpyA
GlobalFree
GetLocalTime
MulDiv
lstrlenA
GetPrivateProfileStringA
GetModuleHandleA
GetProcAddress
GlobalLock
GlobalUnlock
WideCharToMultiByte

user32

GetSubMenu
InsertMenuA
CheckMenuItem
EnableMenuItem
TrackPopupMenu
GetMenu
EnableWindow
SetWindowTextA
DialogBoxParamA
LoadMenuA
IntersectRect
SetWindowPos
SetWindowRgn
EndDialog
GetWindowTextA
MessageBeep
SetFocus
RedrawWindow
DestroyWindow
GetDlgItem
ClientToScreen
GetWindowLongA
GetAsyncKeyState
CallNextHookEx
UnhookWindowsHookEx
SetWindowsHookExA
IsWindowVisible
IsIconic
IsClipboardFormatAvailable
GetClipboardData
FindWindowA
IsWindow
GetKeyboardLayoutList
ToAscii
GetActiveWindow
DrawTextA
GetWindowPlacement
GetKeyState
IsWindowEnabled
GetForegroundWindow
UnregisterClassA
DestroyIcon
GetClassInfoExA
RegisterClassExA
GetSystemMetrics
EnumWindows
LoadStringA
MessageBoxA
GetClassNameA
SystemParametersInfoA
GetDC
ReleaseDC
GetKeyboardState
GetFocus
DestroyMenu
wsprintfA
MapVirtualKeyA
GetClipboardOwner
OpenClipboard
LoadImageA
EmptyClipboard
SetClipboardData
CloseClipboard
keybd_event
BeginPaint
EndPaint
DefWindowProcA
KillTimer
SetTimer
LoadBitmapA
ReleaseCapture
GetCursorPos
ScreenToClient
PtInRect
LoadCursorA
SetCursor
PostMessageA
SetCapture
GetWindowRect
SendMessageA
GetWindow
CreateWindowExA
SetWindowLongA
ShowWindow
UpdateWindow

gdi32

CreateDCA
GetTextExtentPoint32A
GetCurrentObject
GetPixel
CombineRgn
GetStockObject
GetDeviceCaps
CreateFontA
GetTextExtentPointA
SetTextColor
CreateBrushIndirect
SelectObject
PatBlt
DeleteObject
CreateCompatibleDC
GetObjectA
BitBlt
SetStretchBltMode
StretchBlt
DeleteDC
CreateSolidBrush
CreateRectRgn
CreateRoundRectRgn
FrameRgn
CreatePen
MoveToEx
LineTo
SetBkMode
ExtTextOutA

comdlg32

GetSaveFileNameA
GetOpenFileNameA

advapi32

RegCreateKeyA
RegSetValueExA
RegCloseKey
RegQueryValueExA
RegOpenKeyExA

shell32

ShellExecuteA

winmm

PlaySoundA

Exports

Exports

CandWndProc
ImeConfigure
ImeConversionList
ImeDestroy
ImeEnumRegisterWord
ImeEscape
ImeGetRegisterWordStyle
ImeInquire
ImeProcessKey
ImeRegisterWord
ImeSelect
ImeSetActiveContext
ImeSetCompositionString
ImeToAsciiEx
ImeUnregisterWord
NotifyIME
StatusWndProc
UIWndProc

Sections

.text
Size: 268KB - Virtual size: 267KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 36KB - Virtual size: 105KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.mJDShar
Size: 28KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 24KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
freewb.ini
g2b.dat
mb/default/attach.mb
mb/default/freewb.dat
mb/default/freewb.mb
mb/default/freewbcht.mb
mb/default/quick.mb
mb/default/user.ini
plugin/QueryEx.plg
.dll windows:4 windows x86 arch:x86

03e732be8c5d5333a880229dcf859dcb

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mfc42

ord541
ord801
ord535
ord941
ord939
ord860
ord1158
ord4277
ord6883
ord858
ord4278
ord2763
ord6283
ord6282
ord5981
ord5572
ord940
ord2764
ord2818
ord6877
ord4202
ord2645
ord1200
ord926
ord2915
ord537
ord6136
ord3767
ord2652
ord1669
ord1168
ord3771
ord2864
ord6134
ord3874
ord6199
ord4220
ord2584
ord3654
ord2438
ord924
ord922
ord2642
ord5608
ord2863
ord1644
ord1146
ord3663
ord3619
ord3626
ord2414
ord2639
ord5655
ord6069
ord6067
ord6000
ord2117
ord1641
ord2859
ord823
ord4710
ord4299
ord6453
ord6270
ord955
ord1194
ord3564
ord397
ord699
ord2575
ord4396
ord4234
ord609
ord4275
ord3438
ord5860
ord912
ord500
ord2614
ord5606
ord4284
ord3797
ord2379
ord2754
ord2860
ord5875
ord3693
ord5788
ord3920
ord4133
ord4297
ord472
ord283
ord3571
ord640
ord2450
ord6172
ord5873
ord5785
ord1640
ord323
ord2567
ord4188
ord4274
ord6375
ord4486
ord2554
ord2512
ord5731
ord3922
ord1089
ord5199
ord2396
ord3346
ord5300
ord5302
ord2725
ord4079
ord4698
ord5307
ord5289
ord5714
ord3953
ord4622
ord3738
ord561
ord815
ord6438
ord6467
ord1176
ord1575
ord1577
ord1182
ord342
ord1243
ord1197
ord1570
ord1253
ord1255
ord1578
ord600
ord826
ord269
ord2302
ord800
ord324
ord529
ord556
ord567
ord540
ord641
ord796
ord809
ord656
ord781
ord3708
ord4424
ord4627
ord4080
ord3079
ord3825
ord3831
ord3830
ord3402
ord2976
ord3081
ord2985
ord3262
ord3136
ord4465
ord3259
ord3147
ord2982
ord5277
ord2124
ord2446
ord5261
ord1727
ord5065
ord3749
ord6376
ord2055
ord2648
ord4441
ord4837
ord3798
ord5290
ord4353
ord6374
ord5163
ord2385
ord5241
ord4407
ord1776
ord4078
ord6055
ord3610
ord3597
ord4425
ord5280
ord1775
ord6052
ord2514
ord4998
ord4853
ord4376
ord5265
ord3574
ord825
ord1116

msvcrt

malloc
_CxxThrowException
free
__CxxFrameHandler
atoi
atof
sprintf
fclose
fseek
fread
_access
fopen
strrchr
_mbscmp
_findclose
_findnext
_findfirst
_ftol
strlen
memcmp
memcpy
realloc
memset
strcmp
strcpy
_isctype
strncpy
strcat
toupper
tolower
strncmp
localtime
_EH_prolog
??1type_info@@UAE@XZ
__dllonexit
_onexit
_iob
_adjust_fdiv
_initterm

kernel32

LoadLibraryA
GetProcAddress
lstrcpynA
MulDiv
GetCurrentDirectoryA
SetCurrentDirectoryA
FreeLibrary
GetPrivateProfileIntA
GetPrivateProfileStringA
CreateFileA
SetFilePointer
ReadFile
CloseHandle
DeleteFileA
DeleteFileW
MultiByteToWideChar
GetVersionExA
GetFileAttributesA
GetFileAttributesW
CreateFileW
GetTempPathA
GetTempPathW
WideCharToMultiByte
WriteFile
GetLastError
FlushFileBuffers
SetEndOfFile
GetFileSize
UnlockFile
Sleep
LockFile
GetFullPathNameA
LockFileEx
GetFullPathNameW
GetSystemTime
GetSystemTimeAsFileTime
LocalFree
WritePrivateProfileStringA
LocalAlloc

user32

ClientToScreen
GetSysColorBrush
FillRect
FrameRect
DrawFocusRect
DrawEdge
DrawTextA
OffsetRect
SetRect
LoadBitmapA
GetSystemMetrics
DrawFrameControl
CopyRect
LoadCursorA
SetCursor
PtInRect
GetParent
IsWindow
DrawTextExA
InvalidateRect
EnableWindow
GetDlgCtrlID
LoadIconA
GetDC
ReleaseDC
GetClientRect
GetSysColor
GetWindowRect
SetWindowPos
LoadMenuA
GetSubMenu
DeleteMenu
AppendMenuA
GetMenuStringA
PostMessageA
SendMessageA

gdi32

LineTo
CreateDIBSection
CreateSolidBrush
DeleteDC
CreateCompatibleDC
CreateCompatibleBitmap
SelectPalette
RealizePalette
SelectObject
BitBlt
CreateBitmap
CreatePen
CreateFontIndirectA
SetTextColor
GetObjectA
DeleteObject
GetDeviceCaps
CreateFontA
MoveToEx

advapi32

RegOpenKeyExA
RegCloseKey
RegQueryValueExA

shell32

ShellExecuteA

comctl32

_TrackMouseEvent

Exports

Exports

FreewbProc
GetPlugInfo

Sections

.text
Size: 244KB - Virtual size: 243KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
plugin/command.plg
.dll windows:4 windows x86 arch:x86

d03ca480551d4a5e82df326a17feaa68

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

winmm

mixerClose
mixerGetControlDetailsA
mixerSetControlDetails
mixerGetNumDevs
mixerOpen
mixerGetDevCapsA
mixerGetLineInfoA
mixerGetLineControlsA
mciSendCommandA
mciGetDeviceIDA

mfc42

ord1182
ord342
ord1243
ord1197
ord4274
ord6375
ord4486
ord2554
ord2512
ord5731
ord3922
ord1089
ord5199
ord2396
ord3346
ord5300
ord5302
ord2725
ord4079
ord4698
ord5307
ord5289
ord5714
ord3953
ord2982
ord3147
ord3259
ord1577
ord3136
ord3262
ord2985
ord3081
ord2976
ord3830
ord3831
ord3825
ord3079
ord4080
ord4622
ord4424
ord3738
ord561
ord825
ord815
ord800
ord269
ord6877
ord860
ord540
ord1200
ord1578
ord6467
ord1168
ord1575
ord1176
ord1116
ord1255
ord1253
ord1570
ord826
ord4465
ord4171
ord600

msvcrt

_adjust_fdiv
??1type_info@@UAE@XZ
_initterm
free
_onexit
__dllonexit
??2@YAPAXI@Z
memset
_access
strlen
_EH_prolog
__CxxFrameHandler
strchr
strcpy
_strset
_stricmp
malloc

kernel32

LocalFree
LocalAlloc

user32

FindWindowA
SendMessageA

advapi32

RegOpenKeyExA
RegCloseKey
RegQueryValueExA

shell32

ShellExecuteA

Exports

Exports

FreewbProc
GetPlugInfo

Sections

.text
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 840B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 578B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
plugin/data/freewb.db
plugin/date.plg
.dll windows:4 windows x86 arch:x86

43d56c37aa19a600974f836bdc54fa2a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mfc42

ord2512
ord5731
ord3922
ord1089
ord5199
ord2396
ord3346
ord5300
ord5302
ord2725
ord4079
ord4698
ord5307
ord5289
ord5714
ord3953
ord2982
ord3147
ord3259
ord4465
ord3136
ord3262
ord2985
ord3081
ord2976
ord2554
ord3831
ord3825
ord3079
ord4080
ord4622
ord4424
ord3738
ord561
ord825
ord815
ord1116
ord1176
ord1575
ord1168
ord1577
ord1182
ord342
ord1243
ord1197
ord1570
ord1253
ord1255
ord6467
ord1578
ord600
ord4486
ord6375
ord3830
ord4274
ord269
ord826

msvcrt

??1type_info@@UAE@XZ
_adjust_fdiv
_initterm
_onexit
__dllonexit
??2@YAPAXI@Z
_EH_prolog
__CxxFrameHandler
malloc
strstr
strncpy
strncat
sprintf
free
_itoa

kernel32

LocalFree
GetLocalTime
LocalAlloc

Exports

Exports

FreewbProc
GetPlugInfo

Sections

.text
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 816B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 800B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
plugin/queryex.plg
.dll windows:4 windows x86 arch:x86

f23398e4c05c03a95366d0a38386af92

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mfc42

ord5302
ord2725
ord4079
ord4698
ord5307
ord5289
ord5714
ord3953
ord2982
ord3147
ord3259
ord4465
ord3136
ord3262
ord2985
ord3081
ord2976
ord3830
ord3831
ord3825
ord3079
ord4080
ord4622
ord4424
ord3738
ord5300
ord825
ord815
ord941
ord800
ord939
ord860
ord1158
ord537
ord1200
ord1575
ord1168
ord1577
ord1182
ord342
ord1243
ord1197
ord1570
ord1253
ord1255
ord6467
ord1578
ord600
ord826
ord269
ord3346
ord2396
ord5199
ord1089
ord1176
ord3922
ord5731
ord2512
ord2554
ord4486
ord6375
ord561
ord4274
ord1116

msvcrt

??1type_info@@UAE@XZ
_adjust_fdiv
malloc
_initterm
free
_onexit
__dllonexit
??2@YAPAXI@Z
_EH_prolog
__CxxFrameHandler
fopen
fread
fseek
strcat
fclose
strcpy
_access
strlen
sprintf
_strset

kernel32

SetFilePointer
GetPrivateProfileStringA
CreateFileA
LocalFree
CloseHandle
ReadFile
LocalAlloc

user32

MessageBoxA

advapi32

RegQueryValueExA
RegCloseKey
RegOpenKeyExA

Exports

Exports

FreewbProc
GetPlugInfo

Sections

.text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 824B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 594B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
registry.exe
.exe windows:4 windows x86 arch:x86

b3c56e49f70d84319ca30d3d04049934

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetStringTypeW
FlushFileBuffers
GetProcessHeap
HeapAlloc
GetModuleHandleA
GetProcAddress
HeapFree
GetStringTypeA
CreateMutexA
GetLastError
ReleaseMutex
CopyFileA
WinExec
DeleteFileA
GetSystemDirectoryA
GetCommandLineA
LCMapStringW
GetFileAttributesA
RtlUnwind
GetStartupInfoA
GetVersion
ExitProcess
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
HeapDestroy
HeapCreate
VirtualFree
WriteFile
VirtualAlloc
HeapReAlloc
SetFilePointer
GetCPInfo
GetACP
GetOEMCP
LoadLibraryA
SetStdHandle
MultiByteToWideChar
LCMapStringA
CloseHandle

user32

LoadIconA
RegisterClassA
MessageBoxA

advapi32

LookupAccountNameA
GetFileSecurityA
InitializeSecurityDescriptor
GetSecurityDescriptorDacl
GetAclInformation
GetLengthSid
InitializeAcl
AddAce
GetAce
EqualSid
AddAccessAllowedAce
SetSecurityDescriptorDacl
GetSecurityDescriptorControl
SetFileSecurityA
RegOpenKeyExA
RegCloseKey
RegCreateKeyA
RegSetValueExA
RegDeleteKeyA
RegQueryValueExA

imm32

ImmInstallIMEA

Sections

.text
Size: 20KB - Virtual size: 18KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
skin/IPurple.bmp
skin/IPurple.ini
skin/IPurple_button.bmp
skin/IPurple_ex.bmp
skin/argent.BMP
skin/argent.ini
skin/argent_button.bmp
skin/argent_ex.bmp
skin/classic.bmp
skin/classic_button.bmp
skin/sic.bmp
skin/sic.ini
skin/sic_button.bmp
skin/sic_ex.bmp
skin/win.ini
sound/back.wav
sound/chong.wav
sound/enter.wav
sound/kong.wav
sound/letter.wav
sound/space.wav
uninst.exe
.exe windows:4 windows x86 arch:x86

170729c4965736ee8f8f4d1bab77cf38

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetFileTime
CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetFileSize
GetModuleFileNameA
GetTickCount
GetCurrentProcess
CopyFileA
ExitProcess
lstrcpynA
GetCommandLineA
CloseHandle
GetTempPathA
GetUserDefaultLangID
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
CreateFileA
GetTempFileNameA
SetEndOfFile
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
lstrcpyA
lstrlenA
lstrcatA
GetSystemDirectoryA
lstrcmpiA
GetEnvironmentVariableA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
SetErrorMode
GetModuleHandleA
LoadLibraryA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
MulDiv
WriteFile
ReadFile
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetWindowsDirectoryA

user32

EndDialog
ScreenToClient
GetWindowRect
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
LoadCursorA
SetCursor
CheckDlgButton
GetAsyncKeyState
IsDlgButtonChecked
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
RegisterClassA
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxA
CharPrevA
wvsprintfA
DispatchMessageA
PeekMessageA
CreateDialogParamA
DestroyWindow
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
ShowWindow
wsprintfA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
OpenClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
SendMessageTimeoutA

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetMalloc
SHGetPathFromIDListA
SHBrowseForFolderA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 262KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 264KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 29KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

170729c4965736ee8f8f4d1bab77cf38

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 24KB - Virtual size: 23KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 3KB - Virtual size: 262KB

.ndata Size: - Virtual size: 264KB

.rsrc Size: 29KB - Virtual size: 32KB

48cfa0ea7e353e4a7dd23572da8374ef

Headers

File Characteristics

Imports

kernel32

advapi32

Exports

Exports

Sections

.text Size: 1024B - Virtual size: 573B

.rdata Size: 1024B - Virtual size: 576B

.data Size: 512B - Virtual size: 45B

.reloc Size: 512B - Virtual size: 132B

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 36KB

UPX1 Size: 17KB - Virtual size: 20KB

UPX2 Size: 512B - Virtual size: 4KB

Headers

File Characteristics

Sections

.text Size: 24KB - Virtual size: 24KB

.rdata Size: 3KB - Virtual size: 2KB

.data Size: 10KB - Virtual size: 15KB

f7f6dfa449de7de3a31b7342e4089d15

Headers

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

oledlg

ole32

oleaut32

Exports

Exports

Sections

.text Size: 180KB - Virtual size: 178KB

.rdata Size: 36KB - Virtual size: 35KB

.data Size: 12KB - Virtual size: 26KB

.idata Size: 12KB - Virtual size: 8KB

.rsrc Size: 28KB - Virtual size: 25KB

.reloc Size: 32KB - Virtual size: 30KB

08afe1a1ea22a4d7c059503ed1f240ac

Headers

File Characteristics

Imports

imm32

kernel32

user32

gdi32

.text
Size: 24KB - Virtual size: 23KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 3KB - Virtual size: 262KB

.ndata
Size: - Virtual size: 264KB

.rsrc
Size: 29KB - Virtual size: 32KB

.text
Size: 1024B - Virtual size: 573B

.rdata
Size: 1024B - Virtual size: 576B

.data
Size: 512B - Virtual size: 45B

.reloc
Size: 512B - Virtual size: 132B

UPX0
Size: - Virtual size: 36KB

UPX1
Size: 17KB - Virtual size: 20KB

UPX2
Size: 512B - Virtual size: 4KB

.text
Size: 24KB - Virtual size: 24KB

.rdata
Size: 3KB - Virtual size: 2KB

.data
Size: 10KB - Virtual size: 15KB

.text
Size: 180KB - Virtual size: 178KB

.rdata
Size: 36KB - Virtual size: 35KB

.data
Size: 12KB - Virtual size: 26KB

.idata
Size: 12KB - Virtual size: 8KB

.rsrc
Size: 28KB - Virtual size: 25KB

.reloc
Size: 32KB - Virtual size: 30KB

.text
Size: 268KB - Virtual size: 267KB

.rdata
Size: 16KB - Virtual size: 12KB

.data
Size: 36KB - Virtual size: 105KB

.mJDShar
Size: 28KB - Virtual size: 25KB

.rsrc
Size: 20KB - Virtual size: 19KB

.reloc
Size: 24KB - Virtual size: 22KB

.text
Size: 244KB - Virtual size: 243KB

.rdata
Size: 24KB - Virtual size: 22KB

.data
Size: 24KB - Virtual size: 28KB

.idata
Size: 8KB - Virtual size: 6KB

.rsrc
Size: 8KB - Virtual size: 5KB

.reloc
Size: 12KB - Virtual size: 8KB

.text
Size: 4KB - Virtual size: 2KB

.rdata
Size: 4KB - Virtual size: 2KB

.data
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 4KB - Virtual size: 840B

.reloc
Size: 4KB - Virtual size: 578B

.text
Size: 12KB - Virtual size: 8KB

.rdata
Size: 4KB - Virtual size: 1KB

.data
Size: 4KB - Virtual size: 5KB

.rsrc
Size: 4KB - Virtual size: 816B

.reloc
Size: 4KB - Virtual size: 800B