f76c48c2f726d4a5274f5ce63b9fb438c58312537706203849be17a389552c28

Sharing

Copy URL Twitter E-mail

General

Target

f76c48c2f726d4a5274f5ce63b9fb438c58312537706203849be17a389552c28
Size

621KB
MD5

5a3ab30f7d7e73514c3bf865f7309153
SHA1

c36456716f005a1a6f4e0a9e1866d782ddf1727f
SHA256

f76c48c2f726d4a5274f5ce63b9fb438c58312537706203849be17a389552c28
SHA512

a39ca37f9cf5691c279947404790328bdf0a98dfde771bdc1690bdb36c1c1e3486b03b502a3dc60c1d48f826f545d53c4f92ad7587facc79c476dda3319b1ff1
SSDEEP

12288:2qC4jm9QOZR3UhaU8N/y3hS1DWpCLnjnW3+heE6u8EYTdidlj:ov9QOZhUh9IKyDWpC3WD1REYIdt

Score

7^/10

upx

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 2 IoCs

Detects file using ACProtect software.

resource	yara_rule
static1/unpack001/lordpe_dlx/16Edit.DLL	acprotect
static1/unpack001/lordpe_dlx/LDS_Clients/CoolDump1.4/Genoep.dll	acprotect

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/lordpe_dlx/16Edit.DLL	upx
static1/unpack001/lordpe_dlx/Misc/PESnoop.exe	upx
static1/unpack001/lordpe_dlx/Misc/SoftSnoop/SoftSnoop.exe	upx

Unsigned PE 38 IoCs

Checks for missing Authenticode signature.

resource
unpack001/lordpe_dlx/16Edit.DLL
unpack002/out.upx
unpack001/lordpe_dlx/LDE/IntelliDump.LDE
unpack001/lordpe_dlx/LDS_Clients/CoolDump1.4/Cooldump.exe
unpack001/lordpe_dlx/LDS_Clients/CoolDump1.4/Genoep.dll
unpack001/lordpe_dlx/LordPE.EXE
unpack001/lordpe_dlx/LordPE_hh.EXE
unpack001/lordpe_dlx/LordPeFix.dll
unpack001/lordpe_dlx/LordPlug.dll
unpack001/lordpe_dlx/Misc/16Edit.exe
unpack001/lordpe_dlx/Misc/LordElf.exe
unpack001/lordpe_dlx/Misc/MetaPuck.exe
unpack001/lordpe_dlx/Misc/PESnoop.exe
unpack003/out.upx
unpack001/lordpe_dlx/Misc/RunKMD.exe
unpack001/lordpe_dlx/Misc/RunVxD.exe
unpack001/lordpe_dlx/Misc/SoftSnoop/APISnoop.dll
unpack001/lordpe_dlx/Misc/SoftSnoop/ForceLibrary.dll
unpack001/lordpe_dlx/Misc/SoftSnoop/Plugins/HelloWorld.dll
unpack001/lordpe_dlx/Misc/SoftSnoop/Plugins/MsgHook.dll
unpack001/lordpe_dlx/Misc/SoftSnoop/Plugins/PluginExp3.dll
unpack001/lordpe_dlx/Misc/SoftSnoop/Plugins/TestMe.exe
unpack001/lordpe_dlx/Misc/SoftSnoop/SoftSnoop.exe
unpack004/out.upx
unpack001/lordpe_dlx/Misc/yPER.exe
unpack001/lordpe_dlx/PROCS.DLL
unpack001/lordpe_dlx/PSAPI.DLL
unpack001/lordpe_dlx/REALIGN.DLL
unpack001/lordpe_dlx/SDK/LordPE/LDS/Examples/CallModMem.EXE
unpack001/lordpe_dlx/SDK/LordPE/LDS/Examples/LDSChat.exe
unpack001/lordpe_dlx/SDK/LordPE/LDS/Examples/LDS_DmpTst.exe
unpack001/lordpe_dlx/SDK/LordPE/LDS/Examples/LDS_LoadDump.exe
unpack001/lordpe_dlx/SDK/LordPE/LDS/Examples/LDS_TaskViewer.exe
unpack001/lordpe_dlx/SDK/LordPE/LDS/Examples/LDS_VerPid.exe
unpack001/lordpe_dlx/SDK/procsDLL/examples/UseProcs1.exe
unpack001/lordpe_dlx/SDK/procsDLL/examples/useprocs2.exe
unpack001/lordpe_dlx/TrapDll.exe
unpack001/lordpe_dlx/原版/LordPE.EXE

Files

f76c48c2f726d4a5274f5ce63b9fb438c58312537706203849be17a389552c28
.zip
lordpe_dlx/16Edit.DLL
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

HEEnterWindowLoop
HEEnterWindowLoopInNewThread
HESpecifySettings

Sections

UPX0
Size: - Virtual size: 32KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 14KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.text
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
lordpe_dlx/LDE/IntelliDump.LDE
.dll windows:4 windows x86 arch:x86

cd4f4f57932a96a8ea7047435b5053ea

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

VirtualQueryEx
CloseHandle
ReadProcessMemory
lstrcpyA
OpenProcess
DisableThreadLibraryCalls

user32

MessageBoxA
GetActiveWindow
wsprintfA

msvcrt

_adjust_fdiv
free
_initterm
malloc

Exports

Exports

DumpProcessRange
GetLDEName
ShowLDEInfo

Sections

.text
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 130B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
lordpe_dlx/LDE/LDELoad.log
lordpe_dlx/LDS_Clients/CoolDump1.4/Cooldump.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: - Virtual size: 52KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

DATA
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 871B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
lordpe_dlx/LDS_Clients/CoolDump1.4/File_id.diz
lordpe_dlx/LDS_Clients/CoolDump1.4/Genoep.dll
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

FindOEP

Sections

CODE
Size: - Virtual size: 12KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

DATA
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 278B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
lordpe_dlx/LDS_Clients/CoolDump1.4/Ug2002.nfo
lordpe_dlx/LordPE.EXE
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 93KB - Virtual size: 92KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 12KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 92KB - Virtual size: 91KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.Silvana
Size: 308B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
lordpe_dlx/LordPE.iNi
lordpe_dlx/LordPE_hh.EXE
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 93KB - Virtual size: 92KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 12KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 92KB - Virtual size: 91KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.Silvana
Size: 308B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
lordpe_dlx/LordPeFix.dll
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

Fix

Sections

CODE
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 9KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1024B - Virtual size: 850B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 68B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 904B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
lordpe_dlx/LordPlug.dll
.dll windows:4 windows x86 arch:x86

ecbe8a9f21bda1daaa0c3fcc852cd552

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
lstrlenA
GetCommandLineA
GetVersion
ExitProcess
TerminateProcess
GetCurrentProcess
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
GetLastError
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
GetModuleHandleA
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
HeapFree
WriteFile
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
HeapAlloc
GetCPInfo
GetACP
GetOEMCP
VirtualAlloc
HeapReAlloc
GetProcAddress
LoadLibraryA
RtlUnwind
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
InterlockedDecrement
InterlockedIncrement

user32

SetFocus
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
GetDlgItemTextA
GetDlgItem
SendMessageA
SetDlgItemTextA

Exports

Exports

GetNextitem
PopMenuCopy
Searchimport
SetCursortoItem

Sections

.text
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
lordpe_dlx/LordPlug.dll_src/LordPlug.cpp
.js
lordpe_dlx/LordPlug.dll_src/LordPlug.def
lordpe_dlx/LordPlug.dll_src/LordPlug.dsp
lordpe_dlx/LordPlug.dll_src/LordPlug.dsw
lordpe_dlx/Misc/16Edit.exe
.exe windows:4 windows x86 arch:x86

3915ab2aa57cdef4a874beac32a99f23

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleHandleA
ExitProcess

user32

MessageBoxA

comdlg32

GetOpenFileNameA

16edit

HESpecifySettings
HEEnterWindowLoop

msvcrt

__getmainargs
__CxxFrameHandler

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
lordpe_dlx/Misc/16Edit.tXt
.vbs
lordpe_dlx/Misc/LordElf.exe
.exe windows:4 windows x86 arch:x86

dbdc13e9fe4048ca29db8f14af5cf58b

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrcmpiA
CloseHandle
CreateFileMappingA
CreateFileA
lstrcmpA
UnmapViewOfFile
MapViewOfFile
SetConsoleTitleA

msvcrt

printf
_exit
_XcptFilter
_except_handler3
exit
__p___initenv
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_controlfp
_getch

Sections

.text
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
lordpe_dlx/Misc/LordElf.tXt
lordpe_dlx/Misc/MetaPuck.exe
.exe windows:4 windows x86 arch:x86

65076f412a3c0a389d46177e0a3683a8

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\VC7\projects\MetaPuck\Release\MetaPuck.pdb

Imports

comctl32

ImageList_Add
ImageList_Create
ImageList_Destroy
ord6
InitCommonControlsEx

kernel32

ReadFile
CloseHandle
CreateFileA
lstrcpyA
lstrcpynA
MultiByteToWideChar
WideCharToMultiByte
lstrlenW
GetSystemInfo
VirtualProtect
GetLocaleInfoA
LCMapStringW
LCMapStringA
GetCPInfo
GetOEMCP
GetACP
GetStringTypeW
GetStringTypeA
IsBadCodePtr
IsBadReadPtr
LoadLibraryA
GetFileType
SetHandleCount
WriteFile
GetLastError
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetStdHandle
SetUnhandledExceptionFilter
HeapSize
GetCurrentProcess
TerminateProcess
GetProcAddress
GetModuleFileNameA
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
IsBadWritePtr
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
GetVersionExA
GetCommandLineA
GetStartupInfoA
RaiseException
RtlUnwind
GetFileSize
lstrcatA
VirtualQuery
ExitProcess
HeapAlloc
HeapReAlloc
HeapFree
lstrlenA
GetModuleHandleA
GetEnvironmentStringsW

user32

LoadBitmapA
SendDlgItemMessageA
LoadIconA
EndDialog
SetTimer
SendMessageA
SetMenuItemInfoA
CheckDlgButton
SetDlgItemTextA
GetDlgItem
SetWindowLongA
IsDlgButtonChecked
GetDlgItemTextA
CharUpperA
GetClassInfoA
CallWindowProcA
GetDlgCtrlID
GetParent
MessageBoxA
LoadCursorA
DialogBoxParamA
RegisterClassA
GetSystemMetrics
CreateWindowExA
LoadMenuA
SetMenu
ShowWindow
UpdateWindow
LoadAcceleratorsA
GetMessageA
TranslateAcceleratorA
TranslateMessage
DispatchMessageA
DestroyAcceleratorTable
PostQuitMessage
DefWindowProcA
DestroyMenu
MoveWindow
GetWindowRect
GetClientRect
wsprintfA
wvsprintfA
KillTimer

gdi32

DeleteObject

comdlg32

GetSaveFileNameA
GetOpenFileNameA

shell32

DragFinish
DragAcceptFiles
DragQueryFileA

ole32

CoUninitialize
CoInitialize
CoCreateInstance

oleaut32

SysAllocString
VariantChangeType

msvcrt

__getmainargs

imagehlp

ImageNtHeader
ImageRvaToVa

Sections

.text
Size: 76KB - Virtual size: 72KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
lordpe_dlx/Misc/MetaPuck.tXt
lordpe_dlx/Misc/PESnoop.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 36KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 16KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 40KB - Virtual size: 38KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
lordpe_dlx/Misc/PESnoop.tXt
lordpe_dlx/Misc/RunKMD.exe
.exe windows:4 windows x86 arch:x86

7b700cb395c90c9431168f9449d5c73b

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrlenA
_lwrite
lstrcmpiA
lstrcpyA
ExitProcess
DeviceIoControl
CloseHandle
GetVersion
GetCommandLineA
lstrcpynA
CreateFileA

user32

wsprintfA

advapi32

StartServiceA
OpenServiceA
DeleteService
OpenSCManagerA
CreateServiceA
CloseServiceHandle
ControlService

msvcrt

_strnicmp
toupper

Sections

.text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
lordpe_dlx/Misc/RunKMD.tXt
lordpe_dlx/Misc/RunVxD.exe
.exe windows:4 windows x86 arch:x86

6d8a5c23ea76c87325f0ffaa3e930d27

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCommandLineA
lstrlenA
ExitProcess
DeviceIoControl
CloseHandle
CreateFileA
lstrcpyA
lstrcpynA
_lwrite

msvcrt

getchar
strncat
_stricmp
_strnicmp
toupper

Sections

.text
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
lordpe_dlx/Misc/RunVxD.tXt
lordpe_dlx/Misc/SoftSnoop/APISnoop.dll
.dll windows:4 windows x86 arch:x86

189541063a68896fdad9c98b6d5f6307

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

TlsFree
GlobalFree
GetProcAddress
TlsAlloc
TlsSetValue
GlobalAlloc
TlsGetValue
lstrcmpiA
VirtualProtect
GetModuleHandleA

user32

SendMessageA
MessageBoxA
FindWindowA

msvcrt

_except_handler3
free
_initterm
_strnicmp
strstr
_adjust_fdiv
malloc

Exports

Exports

RetTrapProc
TrappedApiCall

Sections

.text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 320B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
lordpe_dlx/Misc/SoftSnoop/ApiDef/Kernel32.ss
lordpe_dlx/Misc/SoftSnoop/ApiDef/SS.TXT
lordpe_dlx/Misc/SoftSnoop/ApiDef/User32.ss
lordpe_dlx/Misc/SoftSnoop/ForceLibrary.dll
.dll windows:4 windows x86 arch:x86

381e752d4cf0389f7eb35922ca5268a9

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetThreadContext
GetModuleHandleA
GetVersion
GlobalFree
ReadProcessMemory
GlobalAlloc
OpenProcess
CloseHandle
SetThreadContext
SuspendThread
Sleep
ResumeThread
WriteProcessMemory
VirtualProtectEx
GetProcAddress
GetExitCodeThread
WaitForSingleObject
CreateRemoteThread
LoadLibraryA

msvcrt

_initterm
malloc
_adjust_fdiv
_stricmp
free

Exports

Exports

ForceLibrary
ForceLibraryDBG
PerformCleanup
TrapEntry

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 478B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
lordpe_dlx/Misc/SoftSnoop/Plugins/HelloWorld.dll
.dll windows:4 windows x86 arch:x86

404e4d51a749c64c9e3db149fe6af736

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetModuleHandleA
GetProcAddress

msvcrt

_initterm
free
malloc
_adjust_fdiv

Exports

Exports

StartSSPlugin

Sections

.text
Size: 1024B - Virtual size: 847B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 82B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
lordpe_dlx/Misc/SoftSnoop/Plugins/MsgHook.dll
.dll windows:4 windows x86 arch:x86

ddaedee7bea36e496fe1dc768c43d7e8

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

user32

CheckDlgButton
DialogBoxParamA
EndDialog
IsDlgButtonChecked

kernel32

GetModuleHandleA
GetProcAddress
WriteProcessMemory
lstrcmpiA

Sections

.text
Size: 1024B - Virtual size: 980B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 760B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 78B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
lordpe_dlx/Misc/SoftSnoop/Plugins/PluginExp3.dll
.dll windows:1 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

StartSSPlugin

Sections

CODE
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 512B - Virtual size: 88B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 137B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 474B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 79B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 372B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
lordpe_dlx/Misc/SoftSnoop/Plugins/TestMe.exe
.exe windows:4 windows x86 arch:x86

98c88d882f01a3f6ac1e5f7dfd761624

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ExitProcess

user32

MessageBoxA

Sections

.text
Size: 512B - Virtual size: 38B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 162B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
lordpe_dlx/Misc/SoftSnoop/SoftSnoop.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 88KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 29KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Exports

Exports

GetSSApi

Sections

.text
Size: 46KB - Virtual size: 46KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
lordpe_dlx/Misc/SoftSnoop/SoftSnoop.tXt
lordpe_dlx/Misc/yPER.exe
.exe windows:4 windows x86 arch:x86

b74a6218943cbdab2ffd30749e228d8b

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

UnmapViewOfFile
lstrcmpiA
MapViewOfFile
CloseHandle
Sleep
CreateFileMappingA
GetFileSize
CreateFileA
lstrcpyA
SetFilePointer
SetEndOfFile

realign

ValidatePE
WipeReloc
RealignPE

imagehlp

ImageNtHeader

msvcrt

printf
__setusermatherr
_initterm
_exit
_XcptFilter
exit
__p___initenv
__getmainargs
_controlfp
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
lordpe_dlx/Misc/yPER.tXt
lordpe_dlx/PROCS.DLL
.dll windows:4 windows x86 arch:x86

671e5d05e30b558e7b4fab82758cac2b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrcmpiA
lstrcpynA
CloseHandle
OpenProcess
GetVersion
lstrcpyA
GetProcAddress
LoadLibraryA

msvcrt

_except_handler3
strstr
_strupr
free
_initterm
malloc
_adjust_fdiv

Exports

Exports

GetModuleHandleEx
GetModuleHandleList
GetModulePath
GetModuleSize
GetNumberOfModules
GetNumberOfProcesses
GetProcessBaseSize
GetProcessIDList
GetProcessPath
GetProcessPathID

Sections

.text
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 960B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 504B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
lordpe_dlx/PSAPI.DLL
.dll windows:5 windows x86 arch:x86

264476cbdcf6020ccd69c92bbd24050f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

ntdll

_stricmp
RtlUnwind
sprintf
atoi
NtStopProfile
RtlUnicodeToOemN
_chkstk
DbgPrint
NtCreateProfile
RtlMultiByteToUnicodeN
NtAllocateVirtualMemory
RtlAdjustPrivilege
NtSetIntervalProfile
NtStartProfile
NtQueryInformationProcess
NtWriteFile
NtSetInformationProcess
RtlNtStatusToDosError
NtQueryVirtualMemory
NtQuerySystemInformation

kernel32

LocalAlloc
MultiByteToWideChar
GetLastError
RaiseException
LoadLibraryA
FreeLibrary
GetProcAddress
InterlockedExchange
OpenFileMappingA
MapViewOfFile
DisableThreadLibraryCalls
CreateFileA
UnmapViewOfFile
GetProcessHeap
HeapAlloc
CloseHandle
lstrcpyA
GetProcessWorkingSetSize
lstrlenA
SetLastError
LocalFree
GetSystemInfo
ReadProcessMemory
WideCharToMultiByte
SetProcessWorkingSetSize

Exports

Exports

EmptyWorkingSet
EnumDeviceDrivers
EnumProcessModules
EnumProcesses
GetDeviceDriverBaseNameA
GetDeviceDriverBaseNameW
GetDeviceDriverFileNameA
GetDeviceDriverFileNameW
GetMappedFileNameA
GetMappedFileNameW
GetModuleBaseNameA
GetModuleBaseNameW
GetModuleFileNameExA
GetModuleFileNameExW
GetModuleInformation
GetProcessMemoryInfo
GetWsChanges
InitializeProcessForWsWatch
QueryWorkingSet

Sections

.text
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 936B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 828B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
lordpe_dlx/REALIGN.DLL
.dll windows:4 windows x86 arch:x86

843d4acd52668b581fd295da850eeceb

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

imagehlp

ImageRvaToVa
ImageNtHeader

kernel32

CloseHandle
DisableThreadLibraryCalls
SetEndOfFile
SetFilePointer
CreateFileA
GlobalFree
GlobalAlloc
LockResource
LoadResource
FindResourceA

msvcrt

malloc
_except_handler3
free
_initterm
div
_adjust_fdiv

Exports

Exports

ReBasePEImage
RealignPE
TruncateFile
ValidatePE
WipeReloc

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
lordpe_dlx/ReadMe.txt
lordpe_dlx/RunLDS.BAT
lordpe_dlx/SDK/16Edit/16Edit.cs
lordpe_dlx/SDK/16Edit/16Edit.def
lordpe_dlx/SDK/16Edit/16EditDll.INC
lordpe_dlx/SDK/16Edit/16EditDll.bas
lordpe_dlx/SDK/16Edit/16EditDll.h
lordpe_dlx/SDK/16Edit/APIs.tXt
lordpe_dlx/SDK/16Edit/B_16Edit.lib
lordpe_dlx/SDK/16Edit/HEditDll.pas
.js
lordpe_dlx/SDK/16Edit/MS_16Edit.lib
lordpe_dlx/SDK/16Edit/TOC.tXt
lordpe_dlx/SDK/LordPE/LDE/IntelliDump/IntelliDump.DEF
lordpe_dlx/SDK/LordPE/LDE/IntelliDump/IntelliDump.c
lordpe_dlx/SDK/LordPE/LDE/IntelliDump/IntelliDump.dsp
lordpe_dlx/SDK/LordPE/LDE/IntelliDump/IntelliDump.mak
lordpe_dlx/SDK/LordPE/LDE/LDE.tXt
lordpe_dlx/SDK/LordPE/LDS/Examples/ASM/LDS_LoadDump.bat
lordpe_dlx/SDK/LordPE/LDS/Examples/C/Plugin.c
lordpe_dlx/SDK/LordPE/LDS/Examples/C/Plugin.dsp
lordpe_dlx/SDK/LordPE/LDS/Examples/C/Plugin.mak
lordpe_dlx/SDK/LordPE/LDS/Examples/C/resource.h
lordpe_dlx/SDK/LordPE/LDS/Examples/C/rsrc.rc
lordpe_dlx/SDK/LordPE/LDS/Examples/CS/App.ico
lordpe_dlx/SDK/LordPE/LDS/Examples/CS/AssemblyInfo.cs
lordpe_dlx/SDK/LordPE/LDS/Examples/CS/Form1.cs
lordpe_dlx/SDK/LordPE/LDS/Examples/CS/Form1.resx
.vbs .xml polyglot
lordpe_dlx/SDK/LordPE/LDS/Examples/CS/LDSChat.csproj
lordpe_dlx/SDK/LordPE/LDS/Examples/CS/LDSChat.csproj.user
lordpe_dlx/SDK/LordPE/LDS/Examples/CS/LDSChat.sln
lordpe_dlx/SDK/LordPE/LDS/Examples/CallModMem.EXE
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 1004B - Virtual size: 1004B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 8B - Virtual size: 8B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 19B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
lordpe_dlx/SDK/LordPE/LDS/Examples/Delphi/FindLDSAndLaunch4Delphi.dpr
lordpe_dlx/SDK/LordPE/LDS/Examples/Delphi/LDS_DmpTst.dpr
lordpe_dlx/SDK/LordPE/LDS/Examples/Delphi/LDS_VerPid.dpr
lordpe_dlx/SDK/LordPE/LDS/Examples/LDSChat.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
lordpe_dlx/SDK/LordPE/LDS/Examples/LDS_DmpTst.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 1024B - Virtual size: 1004B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 2KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 8B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
lordpe_dlx/SDK/LordPE/LDS/Examples/LDS_LoadDump.exe
.exe windows:4 windows x86 arch:x86

37233ab54761e227db351e9a7c77f7d2

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CloseHandle
CreateProcessA
ExitProcess
GetCurrentProcessId
Sleep
SuspendThread
TerminateProcess
lstrcpynA

user32

FindWindowA
MessageBoxA
SendMessageA

advapi32

RegCloseKey
RegOpenKeyExA
RegQueryValueExA

shell32

ShellExecuteA

comdlg32

GetOpenFileNameA

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
lordpe_dlx/SDK/LordPE/LDS/Examples/LDS_TaskViewer.exe
.exe windows:4 windows x86 arch:x86

6b1649ca6b76d36e4f75bd013074d178

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrlenA
GetCurrentProcessId
GetModuleHandleA
ExitProcess

user32

SendMessageA
EndDialog
wsprintfA
GetDlgItem
DialogBoxParamA
FindWindowA
MessageBoxA

comctl32

InitCommonControlsEx

Sections

.text
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 304B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
lordpe_dlx/SDK/LordPE/LDS/Examples/LDS_VerPid.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 1024B - Virtual size: 1004B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 2KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 8B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
lordpe_dlx/SDK/LordPE/LDS/INC/LDS.INC
lordpe_dlx/SDK/LordPE/LDS/INC/LDS.bas
lordpe_dlx/SDK/LordPE/LDS/INC/LDS.cs
lordpe_dlx/SDK/LordPE/LDS/INC/LDS.h
lordpe_dlx/SDK/LordPE/LDS/INC/LDS.ni
lordpe_dlx/SDK/LordPE/LDS/INC/LDS.pas
lordpe_dlx/SDK/LordPE/LDS/LDS.tXt
lordpe_dlx/SDK/SoftSnoop/PluginExp1/PluginExp1.c
lordpe_dlx/SDK/SoftSnoop/PluginExp1/PluginExp1.def
lordpe_dlx/SDK/SoftSnoop/PluginExp1/PluginExp1.dsp
lordpe_dlx/SDK/SoftSnoop/PluginExp2/BUILD.BAT
lordpe_dlx/SDK/SoftSnoop/PluginExp2/BUILD.PIF
lordpe_dlx/SDK/SoftSnoop/PluginExp2/MsgHook.ASM
lordpe_dlx/SDK/SoftSnoop/PluginExp2/RESOURCE.INC
lordpe_dlx/SDK/SoftSnoop/PluginExp2/Rsrc.res
lordpe_dlx/SDK/SoftSnoop/PluginExp3/PluginExp3.dpr
lordpe_dlx/SDK/SoftSnoop/PluginExp3/RSRC.RES
lordpe_dlx/SDK/SoftSnoop/Plugins.tXt
lordpe_dlx/SDK/SoftSnoop/SSPlugin.INC
lordpe_dlx/SDK/SoftSnoop/SSPlugin.pas
.js
lordpe_dlx/SDK/SoftSnoop/SSplugin.h
lordpe_dlx/SDK/procsDLL/examples/EXP1Out.BAT
lordpe_dlx/SDK/procsDLL/examples/UseProcs1.exe
.exe windows:4 windows x86 arch:x86

65d36d8a9354e322365bcbf93be3d18c

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ExitProcess
GetStdHandle
ReadConsoleA
_lwrite
lstrlenA

user32

wsprintfA

procs

GetNumberOfProcesses
GetProcessIDList
GetProcessPath
GetProcessBaseSize
GetNumberOfModules
GetModuleHandleList
GetModulePath
GetModuleSize

Sections

.text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
lordpe_dlx/SDK/procsDLL/examples/useprocs1/CONSOLE.INC
lordpe_dlx/SDK/procsDLL/examples/useprocs1/MAKE.BAT
lordpe_dlx/SDK/procsDLL/examples/useprocs1/MAKE.PIF
lordpe_dlx/SDK/procsDLL/examples/useprocs1/UseProcs1.ASM
lordpe_dlx/SDK/procsDLL/examples/useprocs2.exe
.exe windows:4 windows x86 arch:x86

e2f259fab986c39d43d603ee27c60f81

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetStartupInfoA
GetModuleHandleA
GetModuleFileNameA

user32

wsprintfA
MessageBoxA

procs

GetModuleHandleEx
GetProcessPathID

msvcrt

_initterm
_adjust_fdiv
__p__commode
__setusermatherr
_exit
_XcptFilter
exit
_acmdln
__getmainargs
__p__fmode
_controlfp
__set_app_type
_except_handler3

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
lordpe_dlx/SDK/procsDLL/examples/useprocs2/USEPROCS.C
lordpe_dlx/SDK/procsDLL/examples/useprocs2/UseProcs2.dsw
lordpe_dlx/SDK/procsDLL/examples/useprocs2/useprocs2.dsp
lordpe_dlx/SDK/procsDLL/procs.INC
lordpe_dlx/SDK/procsDLL/procs.chm
.chm
lordpe_dlx/SDK/procsDLL/procs.h
lordpe_dlx/SDK/procsDLL/procs.lib
lordpe_dlx/SDK/realignDLL/Realign.h
lordpe_dlx/SDK/realignDLL/realign.lib
lordpe_dlx/Thief/PE Explorer.tXt
lordpe_dlx/Thief/TDS_Adjuster.jpg
.jpg
lordpe_dlx/TrapDll.exe
.exe windows:4 windows x86 arch:x86

2c66707ee126f64a912ba629873148d1

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ExitProcess
WriteFile
SetFilePointer
FreeLibrary
CreateFileA
CloseHandle
CreateFileMappingA
GetCurrentThread
MapViewOfFile
UnmapViewOfFile
GetCommandLineA
SetThreadPriority
LoadLibraryA
OutputDebugStringA

user32

MessageBoxA
wsprintfA

imagehlp

ImageRvaToVa
ImageNtHeader

msvcrt

strstr

Sections

.text
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
lordpe_dlx/URLs/.NET Framework.URL
lordpe_dlx/URLs/16Edit FX-package.url
lordpe_dlx/URLs/yoda's home.url
lordpe_dlx/docs/EndOfCommerce.tXt
lordpe_dlx/docs/History.tXt
lordpe_dlx/docs/LDE.tXt
lordpe_dlx/docs/LDS.tXt
lordpe_dlx/docs/License.tXt
lordpe_dlx/docs/LordPE.tXt
lordpe_dlx/docs/ToDo.tXt
lordpe_dlx/原版/LordPE.EXE
.exe windows:4 windows x86 arch:x86

af5a2557d1d5daaaf732f8a12ba06a54

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

gmtime
toupper
div
asctime
mktime
_timezone
_except_handler3
strncmp
sprintf
strchr
free
realloc
malloc
strstr

kernel32

lstrcpynA
lstrcatA
lstrlenA
CreateProcessA
WideCharToMultiByte
lstrlenW
GetVersion
GlobalUnlock
GlobalLock
GlobalAlloc
GetCurrentProcess
TerminateProcess
VirtualProtectEx
WriteFile
FindClose
FindNextFileA
LoadLibraryA
SetFilePointer
SetThreadPriority
VirtualFree
IsBadReadPtr
lstrcmpiA
ExitProcess
SetFileAttributesA
OutputDebugStringA
lstrcpyA
GetFileAttributesA
ResumeThread
GetCurrentThread
DeleteFileA
GetTempPathA
SetPriorityClass
VirtualQueryEx
lstrcmpA
GetPrivateProfileStructA
WritePrivateProfileStructA
GetCurrentDirectoryA
UnmapViewOfFile
MulDiv
GetStartupInfoA
CreatePipe
WaitForSingleObject
CopyFileA
MapViewOfFile
CreateFileMappingA
SetEndOfFile
WritePrivateProfileStringA
GetPrivateProfileStringA
VirtualUnlock
VirtualLock
GetModuleFileNameA
SetCurrentDirectoryA
GetFileSize
CloseHandle
OpenProcess
ReadProcessMemory
GetModuleHandleA
CreateFileA
GetProcAddress
WriteProcessMemory
GetCurrentProcessId
Sleep
ReadFile
GetPriorityClass
FindFirstFileA
VirtualAlloc
GetCommandLineA

user32

ShowWindow
SetMenuItemInfoA
AppendMenuA
CreatePopupMenu
SetWindowTextA
DestroyIcon
LoadIconA
InvalidateRect
CharLowerA
LoadBitmapA
SetDlgItemTextA
GetDlgItemTextA
GetSysColorBrush
DestroyCursor
SetClassLongA
LoadCursorA
GetParent
EnableWindow
GetWindowTextA
EnableMenuItem
IsIconic
MoveWindow
GetWindowDC
TrackPopupMenu
CheckMenuRadioItem
SetTimer
GetActiveWindow
GetClassInfoA
DialogBoxParamA
FindWindowA
SetForegroundWindow
CheckDlgButton
GetDlgItem
EndDialog
IsDlgButtonChecked
SendDlgItemMessageA
wvsprintfA
GetAsyncKeyState
SetClipboardData
GetWindowRect
SetWindowPos
SetWindowLongA
KillTimer
IsZoomed
DestroyMenu
IsWindowEnabled
CheckRadioButton
SetFocus
GetCursorPos
ScreenToClient
SendMessageA
GetClipboardData
CloseClipboard
CallWindowProcA
MessageBeep
wsprintfA
MessageBoxA
CharUpperA
OpenClipboard
EnumClipboardFormats
EmptyClipboard

gdi32

GetDeviceCaps
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject
DeleteObject

comdlg32

GetSaveFileNameA
GetOpenFileNameA

advapi32

RegCreateKeyExA
RegSetValueExA
LookupPrivilegeValueA
OpenProcessToken
RegDeleteKeyA
RegOpenKeyExA
AdjustTokenPrivileges
RegCloseKey

shell32

ShellExecuteA
SHGetFileInfoA
DragFinish
DragAcceptFiles
DragQueryFileA

comctl32

ImageList_Remove
InitCommonControlsEx
ImageList_Destroy
ImageList_Create
ImageList_Add
ImageList_ReplaceIcon

procs

GetProcessPathID
GetModuleHandleList
GetProcessIDList
GetProcessBaseSize
GetNumberOfModules
GetNumberOfProcesses
GetModuleSize
GetModulePath
GetProcessPath

realign

RealignPE
ReBasePEImage
WipeReloc

16edit

HEEnterWindowLoop
HESpecifySettings

imagehlp

BindImageEx
ImageRvaToVa
ImageRvaToSection
CheckSumMappedFile
ImageNtHeader

Sections

.text
Size: 93KB - Virtual size: 92KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 92KB - Virtual size: 91KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Headers

File Characteristics

Exports

Exports

Sections

UPX0 Size: - Virtual size: 32KB

UPX1 Size: 14KB - Virtual size: 16KB

.rsrc Size: 3KB - Virtual size: 4KB

Headers

File Characteristics

Sections

.text Size: 27KB - Virtual size: 26KB

.rsrc Size: 6KB - Virtual size: 6KB

.reloc Size: 1KB - Virtual size: 1KB

cd4f4f57932a96a8ea7047435b5053ea

Headers

File Characteristics

Imports

kernel32

user32

msvcrt

Exports

Exports

Sections

.text Size: 2KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 130B

Headers

File Characteristics

Sections

CODE Size: - Virtual size: 52KB

DATA Size: 24KB - Virtual size: 24KB

.rsrc Size: 871B - Virtual size: 4KB

Headers

File Characteristics

Exports

Exports

Sections

CODE Size: - Virtual size: 12KB

DATA Size: 2KB - Virtual size: 4KB

.rsrc Size: 278B - Virtual size: 4KB

Headers

File Characteristics

Sections

.text Size: 93KB - Virtual size: 92KB

.rdata Size: 6KB - Virtual size: 5KB

.data Size: 12KB - Virtual size: 14KB

.rsrc Size: 92KB - Virtual size: 91KB

.Silvana Size: 308B - Virtual size: 4KB

Headers

File Characteristics

Sections

.text Size: 93KB - Virtual size: 92KB

.rdata Size: 6KB - Virtual size: 5KB

.data Size: 12KB - Virtual size: 14KB

.rsrc Size: 92KB - Virtual size: 91KB

.Silvana Size: 308B - Virtual size: 4KB

Headers

File Characteristics

Exports

Exports

Sections

CODE Size: 12KB - Virtual size: 12KB

DATA Size: 2KB - Virtual size: 1KB

BSS Size: - Virtual size: 9KB

.idata Size: 1024B - Virtual size: 850B

.edata Size: 512B - Virtual size: 68B

.reloc Size: 1024B - Virtual size: 904B

.rsrc Size: 1KB - Virtual size: 1KB

ecbe8a9f21bda1daaa0c3fcc852cd552

Headers

File Characteristics

Imports

kernel32

user32

Exports

UPX0
Size: - Virtual size: 32KB

UPX1
Size: 14KB - Virtual size: 16KB

.rsrc
Size: 3KB - Virtual size: 4KB

.text
Size: 27KB - Virtual size: 26KB

.rsrc
Size: 6KB - Virtual size: 6KB

.reloc
Size: 1KB - Virtual size: 1KB

.text
Size: 2KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 130B

CODE
Size: - Virtual size: 52KB

DATA
Size: 24KB - Virtual size: 24KB

.rsrc
Size: 871B - Virtual size: 4KB

CODE
Size: - Virtual size: 12KB

DATA
Size: 2KB - Virtual size: 4KB

.rsrc
Size: 278B - Virtual size: 4KB

.text
Size: 93KB - Virtual size: 92KB

.rdata
Size: 6KB - Virtual size: 5KB

.data
Size: 12KB - Virtual size: 14KB

.rsrc
Size: 92KB - Virtual size: 91KB

.Silvana
Size: 308B - Virtual size: 4KB

.text
Size: 93KB - Virtual size: 92KB

.rdata
Size: 6KB - Virtual size: 5KB

.data
Size: 12KB - Virtual size: 14KB

.rsrc
Size: 92KB - Virtual size: 91KB

.Silvana
Size: 308B - Virtual size: 4KB

CODE
Size: 12KB - Virtual size: 12KB

DATA
Size: 2KB - Virtual size: 1KB

BSS
Size: - Virtual size: 9KB

.idata
Size: 1024B - Virtual size: 850B

.edata
Size: 512B - Virtual size: 68B

.reloc
Size: 1024B - Virtual size: 904B

.rsrc
Size: 1KB - Virtual size: 1KB

.text
Size: 20KB - Virtual size: 16KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 12KB - Virtual size: 12KB

.reloc
Size: 4KB - Virtual size: 3KB

.text
Size: 1KB - Virtual size: 1KB

.text
Size: 14KB - Virtual size: 13KB

.rsrc
Size: 2KB - Virtual size: 2KB

.text
Size: 76KB - Virtual size: 72KB

.rsrc
Size: 12KB - Virtual size: 10KB

UPX0
Size: - Virtual size: 36KB

UPX1
Size: 16KB - Virtual size: 20KB

.rsrc
Size: 3KB - Virtual size: 4KB

.text
Size: 40KB - Virtual size: 38KB

.rsrc
Size: 4KB - Virtual size: 2KB