b2a2c9ab6fbd72869116540c46f544a3_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

b2a2c9ab6fbd72869116540c46f544a3_JaffaCakes118
Size

1.5MB
MD5

b2a2c9ab6fbd72869116540c46f544a3
SHA1

7fab7e361559b9cacaccf832ee6c3c0d59952e15
SHA256

6b9b707cf647c8e7f31a450ff2e1c58572153b4039d6dd8b1c1dc05a9c0f070f
SHA512

03c65b344a16a03bb0cc3e266509629493cd5dd92fa7308499c266aa51516b0fbcdd26c0cf1201e758c0048f5fac8c7ab6b9cfb0caba79311ad234bf433795c1
SSDEEP

24576:4wkw1x49NVbZUTNMtPJ70I2f7YoHj/WC3EbibHuKZ/Qj5LdtQBrcfsrVnYmrcAyZ:44SNVbZUTNMRJ70IIVj/WC0bUu6/Qim5

Score

3^/10

Malware Config

Signatures

Unsigned PE 6 IoCs

Checks for missing Authenticode signature.

resource
unpack001/IeEmbed.exe
unpack001/MozEmbed.exe
unpack001/jdic.dll
unpack001/niugoo.exe
unpack001/tray.dll
unpack001/牛股动态SuperView赢富决策系统2.2正式版.exe

Files

b2a2c9ab6fbd72869116540c46f544a3_JaffaCakes118
.rar
IeEmbed.exe
.exe windows:4 windows x86 arch:x86

39ce29b7cd419904fc6474fb67c40d2c

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

send
WSACleanup
closesocket
listen
bind
htons
setsockopt
ioctlsocket
socket
accept
__WSAFDIsSet
select
recv
WSAStartup

mfc42

ord825
ord823

msvcrt

_exit
_XcptFilter
exit
_acmdln
__getmainargs
_initterm
__setusermatherr
fopen
__p__commode
__p__fmode
__set_app_type
_controlfp
fclose
strncpy
_onexit
_except_handler3
strstr
_iob
fprintf
memset
sscanf
strchr
atoi
memcpy
strlen
strcpy
memcmp
wcslen
sprintf
??1type_info@@UAE@XZ
_EH_prolog
__CxxFrameHandler
__dllonexit
strcat
?terminate@@YAXXZ
_CxxThrowException
_itoa
_strdup
_adjust_fdiv

kernel32

GetLastError
GetStartupInfoA
GetCurrentThreadId
DeleteCriticalSection
HeapDestroy
InitializeCriticalSection
lstrcmpA
InterlockedDecrement
lstrlenA
MultiByteToWideChar
GetCommandLineA
CreateThread
GetModuleHandleA
FormatMessageA
LocalFree
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
EnterCriticalSection
LeaveCriticalSection
lstrlenW
GetCurrentProcess
FlushInstructionCache
WideCharToMultiByte
Sleep
InterlockedIncrement

user32

GetWindow
SetWindowLongA
SetWindowTextA
GetWindowTextA
GetWindowTextLengthA
GetWindowLongA
GetSysColor
ReleaseDC
GetDC
CallWindowProcA
EndPaint
FillRect
GetClientRect
BeginPaint
IsWindow
RedrawWindow
GetClassNameA
GetParent
RegisterWindowMessageA
CreateAcceleratorTableA
ReleaseCapture
SetCapture
InvalidateRect
InvalidateRgn
GetDlgItem
wsprintfA
TranslateMessage
DispatchMessageA
LoadCursorA
RegisterClassExA
DefWindowProcA
CreateWindowExA
SetRect
ShowWindow
UpdateWindow
SetFocus
DestroyWindow
GetClassInfoExA
GetDesktopWindow
SetWindowPos
PostMessageA
GetFocus
IsChild
SendMessageA
GetMessageA

gdi32

GetDeviceCaps
DeleteDC
BitBlt
SelectObject
GetStockObject
CreateCompatibleDC
CreateCompatibleBitmap
DeleteObject
CreateSolidBrush
GetObjectA

olepro32

ord253

ole32

CreateStreamOnHGlobal
CoUninitialize
CoInitialize
OleInitialize
OleUninitialize
CLSIDFromProgID
OleLockRunning
CoTaskMemAlloc
StringFromCLSID
CoTaskMemFree
CoCreateInstance
CLSIDFromString

oleaut32

SysFreeString
LoadRegTypeLi
SysStringLen
SafeArrayUnaccessData
SysAllocString
SysAllocStringLen
VariantInit
SafeArrayCreateVector
SafeArrayAccessData
DispCallFunc
VariantClear

Sections

.text
Size: 32KB - Virtual size: 29KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
MozEmbed.exe
.exe windows:4 windows x86 arch:x86

4da57a3de47cf9275e014fa768c1a1ef

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

accept
__WSAFDIsSet
select
recv
send
ioctlsocket
socket
setsockopt
htons
bind
listen
closesocket
WSACleanup
WSAStartup

nspr4

PR_CreateThread
PR_AtomicIncrement
PR_AtomicDecrement
PR_UnloadLibrary
PR_FindSymbol
PR_LoadLibraryWithFlags
PR_strtod

plc4

PL_strncpyz
PL_strncasecmp
PL_strcmp
PL_strncmp
PL_strcasecmp
PL_strdup
PL_strndup
PL_strfree

mfc42

ord818
ord4224
ord5484
ord2092
ord4145
ord5289
ord5220
ord296
ord5214
ord2621
ord617
ord561
ord815
ord3738
ord4622
ord5714
ord5307
ord1842
ord4242
ord2411
ord2023
ord4218
ord2578
ord4398
ord6740
ord2723
ord2390
ord3059
ord5100
ord5103
ord4467
ord4303
ord3350
ord5012
ord975
ord5472
ord3403
ord2879
ord2878
ord4151
ord4077
ord5237
ord5282
ord2649
ord1665
ord4436
ord6055
ord4078
ord1776
ord4407
ord5241
ord2385
ord5163
ord6374
ord4353
ord5290
ord3798
ord4837
ord4441
ord2648
ord2055
ord6376
ord3749
ord5065
ord1727
ord5261
ord2446
ord2124
ord5277
ord2982
ord3147
ord3259
ord4465
ord3136
ord3262
ord2985
ord3081
ord2976
ord3402
ord3830
ord3831
ord3825
ord3079
ord4080
ord4627
ord4424
ord3698
ord765
ord807
ord674
ord6491
ord567
ord554
ord366
ord825
ord6502
ord620
ord2864
ord6067
ord2108
ord3294
ord6000
ord6624
ord6565
ord6619
ord4163
ord6625
ord6612
ord4457
ord6215
ord1233
ord5252
ord5981
ord4427
ord4299
ord5030
ord4337
ord1168
ord2585
ord6154
ord2530
ord4365
ord4056
ord5471
ord4121
ord2389
ord5085
ord1709
ord1714
ord4404
ord5234
ord6369
ord5279
ord5258
ord2444
ord3722
ord529
ord796
ord4265
ord4759
ord6069
ord6199
ord800
ord2915
ord3874
ord540
ord4160
ord1574
ord6197
ord3870
ord4220
ord2584
ord3654
ord3663
ord2438
ord6270
ord2863
ord1644
ord1146
ord539
ord3742
ord1576
ord4275
ord2152
ord755
ord6172
ord5875
ord470
ord858
ord6379
ord2859
ord823
ord3317
ord6663
ord1200
ord641
ord3499
ord2515
ord355
ord5265
ord4376
ord4853
ord4998
ord2514
ord6052
ord1775
ord5280
ord4425
ord3597
ord860
ord324
ord2301
ord2370
ord4234
ord3092
ord2645
ord6334
ord4274
ord6375
ord4486
ord2554
ord2512
ord5731
ord3922
ord1089
ord5199
ord2396
ord3346
ord5300
ord5302
ord4079
ord4698

msvcrt

_initterm
_setmbcp
_strlwr
_strdup
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
__getmainargs
_acmdln
exit
_XcptFilter
_exit
?terminate@@YAXXZ
__CxxFrameHandler
_purecall
sprintf
strncmp
strstr
fgets
fwrite
fclose
free
malloc
atoi
fopen
strncpy
strrchr
strchr
sscanf
memmove
fprintf
memcpy
calloc
strcpy
strlen
memcmp
tolower
memchr
realloc
__dllonexit
_onexit
_except_handler3
_controlfp

kernel32

GetStartupInfoA
GetModuleHandleA
lstrlenW
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSection
GlobalAlloc
GlobalLock
GlobalUnlock
Sleep
CreateEventA
CloseHandle

user32

CheckMenuItem
GetMenu
MessageBoxA
TranslateMessage
GetWindowLongA
PeekMessageA
GetSysColorBrush
DrawTextA
GetSysColor
GetSystemMetrics
ClientToScreen
OpenClipboard
DispatchMessageA
EmptyClipboard
SetClipboardData
CloseClipboard
BringWindowToTop
LoadCursorA
IsRectEmpty
RegisterWindowMessageA
GetDC
ReleaseDC
GetMessageA
MsgWaitForMultipleObjects
AdjustWindowRectEx
GetClientRect
EnableWindow
LoadMenuA
GetDesktopWindow
SetMenu
SendMessageA
LoadImageA
GetParent
PtInRect
GetWindowRect
GetFocus
UpdateWindow
SetActiveWindow
GetActiveWindow
PostMessageA
GetCursorPos
AppendMenuA
GetSubMenu

gdi32

SelectObject
GetStockObject

advapi32

RegOpenKeyExA
RegQueryValueExA
RegEnumKeyExA
RegCloseKey

Exports

Exports

??0CBufDescriptor@@QAE@PADHIH@Z
??0CBufDescriptor@@QAE@PAGHIH@Z
??0CBufDescriptor@@QAE@PBDHIH@Z
??0CBufDescriptor@@QAE@PBGHIH@Z
??0NS_ConvertASCIItoUCS2@@QAE@ABV0@@Z
??0NS_ConvertASCIItoUCS2@@QAE@ABVnsACString@@@Z
??0NS_ConvertASCIItoUCS2@@QAE@ABVnsAFlatCString@@@Z
??0NS_ConvertASCIItoUCS2@@QAE@PBD@Z
??0NS_ConvertASCIItoUCS2@@QAE@PBDI@Z
??0NS_ConvertUCS2toUTF8@@QAE@ABV0@@Z
??0NS_ConvertUCS2toUTF8@@QAE@ABVnsAString@@@Z
??0NS_ConvertUCS2toUTF8@@QAE@PBG@Z
??0NS_ConvertUCS2toUTF8@@QAE@PBGI@Z
??0NS_ConvertUTF8toUCS2@@QAE@ABV0@@Z
??0NS_ConvertUTF8toUCS2@@QAE@ABVnsACString@@@Z
??0NS_ConvertUTF8toUCS2@@QAE@PBD@Z
??0NS_ConvertUTF8toUCS2@@QAE@PBDI@Z
??0NS_LossyConvertUCS2toASCII@@QAE@ABV0@@Z
??0NS_LossyConvertUCS2toASCII@@QAE@ABVnsAString@@@Z
??0NS_LossyConvertUCS2toASCII@@QAE@PBG@Z
??0NS_LossyConvertUCS2toASCII@@QAE@PBGI@Z
??0nsACString@@QAE@ABV0@@Z
??0nsACString@@QAE@XZ
??0nsACStringGenerator@@QAE@ABV0@@Z
??0nsACStringGenerator@@QAE@XZ
??0nsAFlatCString@@QAE@ABV0@@Z
??0nsAFlatCString@@QAE@XZ
??0nsAFlatString@@QAE@ABV0@@Z
??0nsAFlatString@@QAE@XZ
??0nsASingleFragmentCString@@QAE@ABV0@@Z
??0nsASingleFragmentCString@@QAE@XZ
??0nsASingleFragmentString@@QAE@ABV0@@Z
??0nsASingleFragmentString@@QAE@XZ
??0nsAString@@QAE@ABV0@@Z
??0nsAString@@QAE@XZ
??0nsAStringGenerator@@QAE@ABV0@@Z
??0nsAStringGenerator@@QAE@XZ
??0nsAutoString@@QAE@ABV0@@Z
??0nsAutoString@@QAE@ABVCBufDescriptor@@@Z
??0nsAutoString@@QAE@ABVnsAString@@@Z
??0nsAutoString@@QAE@ABVnsString@@@Z
??0nsAutoString@@QAE@G@Z
??0nsAutoString@@QAE@PBG@Z
??0nsAutoString@@QAE@PBGH@Z
??0nsAutoString@@QAE@XZ
??0nsCAutoString@@QAE@ABV0@@Z
??0nsCAutoString@@QAE@ABVCBufDescriptor@@@Z
??0nsCAutoString@@QAE@ABVnsACString@@@Z
??0nsCAutoString@@QAE@ABVnsCString@@@Z
??0nsCAutoString@@QAE@PBD@Z
??0nsCAutoString@@QAE@PBDH@Z
??0nsCAutoString@@QAE@XZ
??0nsCString@@QAE@ABV0@@Z
??0nsCString@@QAE@ABVnsACString@@@Z
??0nsCString@@QAE@PBD@Z
??0nsCString@@QAE@PBDH@Z
??0nsCString@@QAE@XZ
??0nsCStringComparator@@QAE@ABV0@@Z
??0nsCStringComparator@@QAE@XZ
??0nsCaseInsensitiveCStringComparator@@QAE@ABV0@@Z
??0nsCaseInsensitiveCStringComparator@@QAE@XZ
??0nsDefaultCStringComparator@@QAE@ABV0@@Z
??0nsDefaultCStringComparator@@QAE@XZ
??0nsDefaultStringComparator@@QAE@ABV0@@Z
??0nsDefaultStringComparator@@QAE@XZ
??0nsDependentCConcatenation@@QAE@ABV0@@Z
??0nsDependentCConcatenation@@QAE@ABV0@ABVnsACString@@@Z
??0nsDependentCConcatenation@@QAE@ABVnsACString@@0I@Z
??0nsDependentCString@@QAE@ABV0@@Z
??0nsDependentCString@@QAE@PBD0@Z
??0nsDependentCString@@QAE@PBD@Z
??0nsDependentCString@@QAE@PBDI@Z
??0nsDependentCSubstring@@QAE@ABV0@@Z
??0nsDependentCSubstring@@QAE@ABV?$nsReadingIterator@D@@0@Z
??0nsDependentCSubstring@@QAE@ABVnsACString@@II@Z
??0nsDependentConcatenation@@QAE@ABV0@@Z
??0nsDependentConcatenation@@QAE@ABV0@ABVnsAString@@@Z
??0nsDependentConcatenation@@QAE@ABVnsAString@@0I@Z
??0nsDependentSingleFragmentCSubstring@@QAE@ABV0@@Z
??0nsDependentSingleFragmentCSubstring@@QAE@ABVnsASingleFragmentCString@@II@Z
??0nsDependentSingleFragmentCSubstring@@QAE@PBD0@Z
??0nsDependentSingleFragmentSubstring@@QAE@ABV0@@Z
??0nsDependentSingleFragmentSubstring@@QAE@ABVnsASingleFragmentString@@II@Z
??0nsDependentSingleFragmentSubstring@@QAE@PBG0@Z
??0nsDependentString@@QAE@ABV0@@Z
??0nsDependentString@@QAE@PBG0@Z
??0nsDependentString@@QAE@PBG@Z
??0nsDependentString@@QAE@PBGI@Z
??0nsDependentSubstring@@QAE@ABV0@@Z
??0nsDependentSubstring@@QAE@ABV?$nsReadingIterator@G@@0@Z
??0nsDependentSubstring@@QAE@ABVnsAString@@II@Z
??0nsPromiseFlatCString@@IAE@ABVnsACString@@@Z
??0nsPromiseFlatCString@@IAE@XZ
??0nsPromiseFlatCString@@QAE@ABV0@@Z
??0nsPromiseFlatString@@IAE@ABVnsAString@@@Z
??0nsPromiseFlatString@@IAE@XZ
??0nsPromiseFlatString@@QAE@ABV0@@Z
??0nsSharableCString@@QAE@ABV0@@Z
??0nsSharableCString@@QAE@ABVnsACString@@@Z
??0nsSharableCString@@QAE@PBV?$nsSharedBufferHandle@D@@@Z
??0nsSharableCString@@QAE@XZ
??0nsSharableString@@QAE@ABV0@@Z
??0nsSharableString@@QAE@ABVnsAString@@@Z
??0nsSharableString@@QAE@PBV?$nsSharedBufferHandle@G@@@Z
??0nsSharableString@@QAE@XZ
??0nsString@@QAE@ABV0@@Z
??0nsString@@QAE@ABVnsAString@@@Z
??0nsString@@QAE@PBG@Z
??0nsString@@QAE@PBGH@Z
??0nsString@@QAE@XZ
??0nsStringComparator@@QAE@ABV0@@Z
??0nsStringComparator@@QAE@XZ
??0nsSubstituteCString@@QAE@ABV0@@Z
??0nsSubstituteCString@@QAE@ABVnsACString@@00@Z
??0nsSubstituteString@@QAE@ABV0@@Z
??0nsSubstituteString@@QAE@ABVnsAString@@00@Z
??0nsXPIDLCString@@QAE@ABV0@@Z
??0nsXPIDLCString@@QAE@XZ
??0nsXPIDLString@@QAE@ABV0@@Z
??0nsXPIDLString@@QAE@ABVnsAString@@@Z
??0nsXPIDLString@@QAE@XZ
??1NS_ConvertASCIItoUCS2@@UAE@XZ
??1NS_ConvertUCS2toUTF8@@UAE@XZ
??1NS_ConvertUTF8toUCS2@@UAE@XZ
??1NS_LossyConvertUCS2toASCII@@UAE@XZ
??1nsACString@@UAE@XZ
??1nsACStringGenerator@@UAE@XZ
??1nsAFlatCString@@UAE@XZ
??1nsAFlatString@@UAE@XZ
??1nsASingleFragmentCString@@UAE@XZ
??1nsASingleFragmentString@@UAE@XZ
??1nsAString@@UAE@XZ
??1nsAStringGenerator@@UAE@XZ
??1nsAutoString@@UAE@XZ
??1nsCAutoString@@UAE@XZ
??1nsCString@@UAE@XZ
??1nsDependentCConcatenation@@UAE@XZ
??1nsDependentCString@@UAE@XZ
??1nsDependentCSubstring@@UAE@XZ
??1nsDependentConcatenation@@UAE@XZ
??1nsDependentSingleFragmentCSubstring@@UAE@XZ
??1nsDependentSingleFragmentSubstring@@UAE@XZ
??1nsDependentString@@UAE@XZ
??1nsDependentSubstring@@UAE@XZ
??1nsPromiseFlatCString@@UAE@XZ
??1nsPromiseFlatString@@UAE@XZ
??1nsSharableCString@@UAE@XZ
??1nsSharableString@@UAE@XZ
??1nsString@@UAE@XZ
??1nsSubstituteCString@@UAE@XZ
??1nsSubstituteString@@UAE@XZ
??1nsXPIDLCString@@UAE@XZ
??1nsXPIDLString@@UAE@XZ
??4CBufDescriptor@@QAEAAV0@ABV0@@Z
??4NS_ConvertASCIItoUCS2@@QAEAAV0@ABV0@@Z
??4NS_ConvertUCS2toUTF8@@QAEAAV0@ABV0@@Z
??4NS_ConvertUTF8toUCS2@@QAEAAV0@ABV0@@Z
??4NS_LossyConvertUCS2toASCII@@QAEAAV0@ABV0@@Z
??4nsACString@@QAEAAV0@ABV0@@Z
??4nsACString@@QAEAAV0@D@Z
??4nsACString@@QAEAAV0@PBD@Z
??4nsACStringGenerator@@QAEAAV0@ABV0@@Z
??4nsAFlatCString@@QAEAAV0@ABV0@@Z
??4nsAFlatString@@QAEAAV0@ABV0@@Z
??4nsASingleFragmentCString@@QAEAAV0@ABV0@@Z
??4nsASingleFragmentString@@QAEAAV0@ABV0@@Z
??4nsAString@@QAEAAV0@ABV0@@Z
??4nsAString@@QAEAAV0@G@Z
??4nsAString@@QAEAAV0@PBG@Z
??4nsAStringGenerator@@QAEAAV0@ABV0@@Z
??4nsAutoString@@QAEAAV0@ABV0@@Z
??4nsAutoString@@QAEAAV0@ABVnsAString@@@Z
??4nsAutoString@@QAEAAV0@G@Z
??4nsAutoString@@QAEAAV0@PBG@Z
??4nsCAutoString@@QAEAAV0@ABV0@@Z
??4nsCAutoString@@QAEAAV0@ABVnsACString@@@Z
??4nsCAutoString@@QAEAAV0@D@Z
??4nsCAutoString@@QAEAAV0@PBD@Z
??4nsCRT@@QAEAAV0@ABV0@@Z
??4nsCString@@QAEAAV0@ABV0@@Z
??4nsCString@@QAEAAV0@ABVnsACString@@@Z
??4nsCString@@QAEAAV0@D@Z
??4nsCString@@QAEAAV0@PBD@Z
??4nsCStringComparator@@QAEAAV0@ABV0@@Z
??4nsCaseInsensitiveCStringComparator@@QAEAAV0@ABV0@@Z
??4nsDefaultCStringComparator@@QAEAAV0@ABV0@@Z
??4nsDefaultStringComparator@@QAEAAV0@ABV0@@Z
??4nsSharableCString@@QAEAAV0@ABV0@@Z
??4nsSharableCString@@QAEAAV0@ABVnsACString@@@Z
??4nsSharableString@@QAEAAV0@ABV0@@Z
??4nsSharableString@@QAEAAV0@ABVnsAString@@@Z
??4nsString@@QAEAAV0@ABV0@@Z
??4nsString@@QAEAAV0@ABVnsAString@@@Z
??4nsString@@QAEAAV0@G@Z
??4nsString@@QAEAAV0@PBG@Z
??4nsStringComparator@@QAEAAV0@ABV0@@Z
??4nsXPIDLCString@@QAEAAV0@ABV0@@Z
??4nsXPIDLCString@@QAEAAV0@ABVnsACString@@@Z
??4nsXPIDLString@@QAEAAV0@ABV0@@Z
??4nsXPIDLString@@QAEAAV0@ABVnsAString@@@Z
??AnsASingleFragmentCString@@QBEDI@Z
??AnsASingleFragmentString@@QBEGI@Z
??AnsXPIDLCString@@QBEDH@Z
??AnsXPIDLString@@QBEGH@Z
??BnsXPIDLCString@@QBEPBDXZ
??BnsXPIDLString@@QBEPBGXZ
??RnsCaseInsensitiveCStringComparator@@UBEHDD@Z
??RnsCaseInsensitiveCStringComparator@@UBEHPBD0I@Z
??RnsDefaultCStringComparator@@UBEHDD@Z
??RnsDefaultCStringComparator@@UBEHPBD0I@Z
??RnsDefaultStringComparator@@UBEHGG@Z
??RnsDefaultStringComparator@@UBEHPBG0I@Z
??RnsSubstituteCString@@UBEPADPAD@Z
??RnsSubstituteString@@UBEPAGPAG@Z
??YnsACString@@QAEAAV0@ABV0@@Z
??YnsACString@@QAEAAV0@D@Z
??YnsACString@@QAEAAV0@PBD@Z
??YnsAString@@QAEAAV0@ABV0@@Z
??YnsAString@@QAEAAV0@G@Z
??YnsAString@@QAEAAV0@PBG@Z
??_7NS_ConvertASCIItoUCS2@@6B@
??_7NS_ConvertUCS2toUTF8@@6B@
??_7NS_ConvertUTF8toUCS2@@6B@
??_7NS_LossyConvertUCS2toASCII@@6B@
??_7nsACString@@6B@
??_7nsACStringGenerator@@6B@
??_7nsAFlatCString@@6B@
??_7nsAFlatString@@6B@
??_7nsASingleFragmentCString@@6B@
??_7nsASingleFragmentString@@6B@
??_7nsAString@@6B@
??_7nsAStringGenerator@@6B@
??_7nsAutoString@@6B@
??_7nsCAutoString@@6B@
??_7nsCString@@6B@
??_7nsCStringComparator@@6B@
??_7nsCaseInsensitiveCStringComparator@@6B@
??_7nsDefaultCStringComparator@@6B@
??_7nsDefaultStringComparator@@6B@
??_7nsDependentCConcatenation@@6B@
??_7nsDependentCString@@6B@
??_7nsDependentCSubstring@@6B@
??_7nsDependentConcatenation@@6B@
??_7nsDependentSingleFragmentCSubstring@@6B@
??_7nsDependentSingleFragmentSubstring@@6B@
??_7nsDependentString@@6B@
??_7nsDependentSubstring@@6B@
??_7nsPromiseFlatCString@@6B@
??_7nsPromiseFlatString@@6B@
??_7nsSharableCString@@6B@
??_7nsSharableString@@6B@
??_7nsString@@6B@
??_7nsStringComparator@@6B@
??_7nsSubstituteCString@@6B@
??_7nsSubstituteString@@6B@
??_7nsXPIDLCString@@6B@
??_7nsXPIDLString@@6B@
?Adopt@nsCString@@QAEXPADH@Z
?Adopt@nsSharableCString@@QAEXPAD@Z
?Adopt@nsSharableString@@QAEXPAG@Z
?Adopt@nsString@@QAEXPAGH@Z
?Adopt@nsXPIDLCString@@QAEXPAD@Z
?Adopt@nsXPIDLString@@QAEXPAG@Z
?Append@NS_ConvertUCS2toUTF8@@IAEXPBGI@Z
?Append@nsACString@@QAEXABV1@@Z
?Append@nsACString@@QAEXD@Z
?Append@nsACString@@QAEXPBD@Z
?Append@nsACString@@QAEXPBDI@Z
?Append@nsAString@@QAEXABV1@@Z
?Append@nsAString@@QAEXG@Z
?Append@nsAString@@QAEXPBG@Z
?Append@nsAString@@QAEXPBGI@Z
?AppendFloat@nsCString@@QAEXN@Z
?AppendFloat@nsString@@QAEXN@Z
?AppendInt@nsCString@@QAEXHH@Z
?AppendInt@nsString@@QAEXHH@Z
?AppendUnicodeTo@@YAXABV?$nsReadingIterator@G@@0AAVnsAString@@@Z
?AppendWithConversion@nsCString@@QAEXABVnsAString@@@Z
?AppendWithConversion@nsCString@@QAEXABVnsString@@H@Z
?AppendWithConversion@nsCString@@QAEXPBGH@Z
?AppendWithConversion@nsString@@QAEXPBDH@Z
?Assign@nsACString@@QAEXABV1@@Z
?Assign@nsACString@@QAEXD@Z
?Assign@nsACString@@QAEXPBD@Z
?Assign@nsACString@@QAEXPBDI@Z
?Assign@nsAString@@QAEXABV1@@Z
?Assign@nsAString@@QAEXG@Z
?Assign@nsAString@@QAEXPBG@Z
?Assign@nsAString@@QAEXPBGI@Z
?AssignWithConversion@nsCString@@QAEXABVnsAString@@@Z
?AssignWithConversion@nsCString@@QAEXABVnsString@@@Z
?AssignWithConversion@nsCString@@QAEXPBGH@Z
?AssignWithConversion@nsString@@QAEXPBD@Z
?AssignWithConversion@nsString@@QAEXPBDH@Z
?BeginReading@nsACString@@QBEAAV?$nsReadingIterator@D@@AAV2@@Z
?BeginReading@nsASingleFragmentCString@@QBEAAPBDAAPBD@Z
?BeginReading@nsASingleFragmentCString@@QBEAAV?$nsReadingIterator@D@@AAV2@@Z
?BeginReading@nsASingleFragmentString@@QBEAAPBGAAPBG@Z
?BeginReading@nsASingleFragmentString@@QBEAAV?$nsReadingIterator@G@@AAV2@@Z
?BeginReading@nsAString@@QBEAAV?$nsReadingIterator@G@@AAV2@@Z
?BeginWriting@nsACString@@QAEAAV?$nsWritingIterator@D@@AAV2@@Z
?BeginWriting@nsASingleFragmentCString@@QAEAAPADAAPAD@Z
?BeginWriting@nsASingleFragmentCString@@QAEAAV?$nsWritingIterator@D@@AAV2@@Z
?BeginWriting@nsASingleFragmentString@@QAEAAPAGAAPAG@Z
?BeginWriting@nsASingleFragmentString@@QAEAAV?$nsWritingIterator@G@@AAV2@@Z
?BeginWriting@nsAString@@QAEAAV?$nsWritingIterator@G@@AAV2@@Z
?CaseInsensitiveFindInReadable@@YAHABVnsACString@@AAV?$nsReadingIterator@D@@1@Z
?CharAt@nsASingleFragmentCString@@QBEDI@Z
?CharAt@nsASingleFragmentString@@QBEGI@Z
?Compare@@YAHABVnsACString@@0ABVnsCStringComparator@@@Z
?Compare@@YAHABVnsAString@@0ABVnsStringComparator@@@Z
?Compare@nsCString@@QBEHPBDHH@Z
?CompareWithConversion@nsString@@QBEHPBDHH@Z
?CompressWhitespace@nsCString@@QAEXHH@Z
?CompressWhitespace@nsString@@QAEXHH@Z
?CopyASCIItoUCS2@@YAXABVnsACString@@AAVnsAString@@@Z
?CopyUCS2toASCII@@YAXABVnsAString@@AAVnsACString@@@Z
?CopyUnicodeTo@@YAPAGABVnsAString@@IPAGI@Z
?CopyUnicodeTo@@YAXABV?$nsReadingIterator@G@@0AAVnsAString@@@Z
?CountChar@nsACString@@QBEID@Z
?CountChar@nsAString@@QBEIG@Z
?CountCharInReadable@@YAIABVnsACString@@D@Z
?CountCharInReadable@@YAIABVnsAString@@G@Z
?CountMatches@nsSubstituteCString@@ABEXXZ
?CountMatches@nsSubstituteString@@ABEXXZ
?Cut@nsACString@@UAEXII@Z
?Cut@nsAString@@UAEXII@Z
?Distance@@YAIABV?$nsReadingIterator@D@@0@Z
?Distance@@YAIABV?$nsReadingIterator@G@@0@Z
?EndReading@nsACString@@QBEAAV?$nsReadingIterator@D@@AAV2@@Z
?EndReading@nsASingleFragmentCString@@QBEAAPBDAAPBD@Z
?EndReading@nsASingleFragmentCString@@QBEAAV?$nsReadingIterator@D@@AAV2@@Z
?EndReading@nsASingleFragmentString@@QBEAAPBGAAPBG@Z
?EndReading@nsASingleFragmentString@@QBEAAV?$nsReadingIterator@G@@AAV2@@Z
?EndReading@nsAString@@QBEAAV?$nsReadingIterator@G@@AAV2@@Z
?EndWriting@nsACString@@QAEAAV?$nsWritingIterator@D@@AAV2@@Z
?EndWriting@nsASingleFragmentCString@@QAEAAPADAAPAD@Z
?EndWriting@nsASingleFragmentCString@@QAEAAV?$nsWritingIterator@D@@AAV2@@Z
?EndWriting@nsASingleFragmentString@@QAEAAPAGAAPAG@Z
?EndWriting@nsASingleFragmentString@@QAEAAV?$nsWritingIterator@G@@AAV2@@Z
?EndWriting@nsAString@@QAEAAV?$nsWritingIterator@G@@AAV2@@Z
?Equals@nsACString@@QBEHABV1@ABVnsCStringComparator@@@Z
?Equals@nsACString@@QBEHPBDABVnsCStringComparator@@@Z
?Equals@nsAString@@QBEHABV1@ABVnsStringComparator@@@Z
?Equals@nsAString@@QBEHPBGABVnsStringComparator@@@Z
?EqualsIgnoreCase@nsCString@@QBEHPBDH@Z
?EqualsIgnoreCase@nsString@@QBEHPBDH@Z
?EqualsWithConversion@nsCString@@QBEHPBDHH@Z
?EqualsWithConversion@nsString@@QBEHPBDHH@Z
?Find@nsCString@@QBEHABV1@HHH@Z
?Find@nsCString@@QBEHPBDHHH@Z
?Find@nsString@@QBEHABVnsAFlatString@@HH@Z
?Find@nsString@@QBEHPBDHHH@Z
?Find@nsString@@QBEHPBGHH@Z
?FindChar@nsACString@@QBEHDI@Z
?FindChar@nsAString@@QBEHGI@Z
?FindChar@nsCString@@QBEHGHH@Z
?FindChar@nsString@@QBEHGHH@Z
?FindCharInReadable@@YAHDAAV?$nsReadingIterator@D@@ABV1@@Z
?FindCharInReadable@@YAHGAAV?$nsReadingIterator@G@@ABV1@@Z
?FindCharInSet@nsCString@@QBEHABV1@H@Z
?FindCharInSet@nsCString@@QBEHPBDH@Z
?FindCharInSet@nsString@@QBEHPBDH@Z
?FindCharInSet@nsString@@QBEHPBGH@Z
?FindInReadable@@YAHABVnsACString@@AAV?$nsReadingIterator@D@@1ABVnsCStringComparator@@@Z
?FindInReadable@@YAHABVnsAString@@AAV?$nsReadingIterator@G@@1ABVnsStringComparator@@@Z
?First@nsACString@@QBEDXZ
?First@nsAString@@QBEGXZ
?GetBufferHandle@nsACString@@UBEPBV?$nsBufferHandle@D@@XZ
?GetBufferHandle@nsAString@@UBEPBV?$nsBufferHandle@G@@XZ
?GetBufferHandle@nsDependentCString@@UBEPBV?$nsBufferHandle@D@@XZ
?GetBufferHandle@nsDependentSingleFragmentCSubstring@@UBEPBV?$nsBufferHandle@D@@XZ
?GetBufferHandle@nsDependentSingleFragmentSubstring@@UBEPBV?$nsBufferHandle@G@@XZ
?GetBufferHandle@nsDependentString@@UBEPBV?$nsBufferHandle@G@@XZ
?GetBufferHandle@nsPromiseFlatCString@@MBEPBV?$nsBufferHandle@D@@XZ
?GetBufferHandle@nsPromiseFlatString@@MBEPBV?$nsBufferHandle@G@@XZ
?GetCurrentStringFromFragment@nsDependentCConcatenation@@IBEHABU?$nsReadableFragment@D@@@Z
?GetCurrentStringFromFragment@nsDependentConcatenation@@IBEHABU?$nsReadableFragment@G@@@Z
?GetFlatBufferHandle@nsACString@@UBEPBV?$nsBufferHandle@D@@XZ
?GetFlatBufferHandle@nsAString@@UBEPBV?$nsBufferHandle@G@@XZ
?GetFlatBufferHandle@nsCString@@MBEPBV?$nsBufferHandle@D@@XZ
?GetFlatBufferHandle@nsDependentCString@@UBEPBV?$nsBufferHandle@D@@XZ
?GetFlatBufferHandle@nsDependentString@@UBEPBV?$nsBufferHandle@G@@XZ
?GetFlatBufferHandle@nsPromiseFlatCString@@MBEPBV?$nsBufferHandle@D@@XZ
?GetFlatBufferHandle@nsPromiseFlatString@@MBEPBV?$nsBufferHandle@G@@XZ
?GetFlatBufferHandle@nsString@@MBEPBV?$nsBufferHandle@G@@XZ
?GetFragmentIdentifierMask@nsDependentCConcatenation@@QBEIXZ
?GetFragmentIdentifierMask@nsDependentConcatenation@@QBEIXZ
?GetImplementationFlags@nsACString@@UBEIXZ
?GetImplementationFlags@nsAString@@UBEIXZ
?GetReadableFragment@nsASingleFragmentCString@@UBEPBDAAU?$nsReadableFragment@D@@W4nsFragmentRequest@@I@Z
?GetReadableFragment@nsASingleFragmentString@@UBEPBGAAU?$nsReadableFragment@G@@W4nsFragmentRequest@@I@Z
?GetReadableFragment@nsCString@@MBEPBDAAU?$nsReadableFragment@D@@W4nsFragmentRequest@@I@Z
?GetReadableFragment@nsDependentCConcatenation@@MBEPBDAAU?$nsReadableFragment@D@@W4nsFragmentRequest@@I@Z
?GetReadableFragment@nsDependentCSubstring@@MBEPBDAAU?$nsReadableFragment@D@@W4nsFragmentRequest@@I@Z
?GetReadableFragment@nsDependentConcatenation@@MBEPBGAAU?$nsReadableFragment@G@@W4nsFragmentRequest@@I@Z
?GetReadableFragment@nsDependentSubstring@@MBEPBGAAU?$nsReadableFragment@G@@W4nsFragmentRequest@@I@Z
?GetReadableFragment@nsPromiseFlatCString@@MBEPBDAAU?$nsReadableFragment@D@@W4nsFragmentRequest@@I@Z
?GetReadableFragment@nsPromiseFlatString@@MBEPBGAAU?$nsReadableFragment@G@@W4nsFragmentRequest@@I@Z
?GetReadableFragment@nsString@@MBEPBGAAU?$nsReadableFragment@G@@W4nsFragmentRequest@@I@Z
?GetSharedBufferHandle@nsACString@@UBEPBV?$nsSharedBufferHandle@D@@XZ
?GetSharedBufferHandle@nsAString@@UBEPBV?$nsSharedBufferHandle@G@@XZ
?GetSharedBufferHandle@nsPromiseFlatCString@@MBEPBV?$nsSharedBufferHandle@D@@XZ
?GetSharedBufferHandle@nsPromiseFlatString@@MBEPBV?$nsSharedBufferHandle@G@@XZ
?GetSharedBufferHandle@nsSharableCString@@MBEPBV?$nsSharedBufferHandle@D@@XZ
?GetSharedBufferHandle@nsSharableString@@MBEPBV?$nsSharedBufferHandle@G@@XZ
?GetSharedBufferHandle@nsXPIDLCString@@MBEPBV?$nsSharedBufferHandle@D@@XZ
?GetSharedBufferHandle@nsXPIDLString@@MBEPBV?$nsSharedBufferHandle@G@@XZ
?GetSharedEmptyBufferHandle@nsSharableCString@@KAPAV?$nsSharedBufferHandle@D@@XZ
?GetSharedEmptyBufferHandle@nsSharableString@@KAPAV?$nsSharedBufferHandle@G@@XZ
?GetSharedEmptyBufferHandle@nsXPIDLCString@@KAPAV?$nsSharedBufferHandle@D@@XZ
?GetSharedEmptyBufferHandle@nsXPIDLString@@KAPAV?$nsSharedBufferHandle@G@@XZ
?GetWritableFragment@nsASingleFragmentCString@@UAEPADAAU?$nsWritableFragment@D@@W4nsFragmentRequest@@I@Z
?GetWritableFragment@nsASingleFragmentString@@UAEPAGAAU?$nsWritableFragment@G@@W4nsFragmentRequest@@I@Z
?GetWritableFragment@nsCString@@MAEPADAAU?$nsWritableFragment@D@@W4nsFragmentRequest@@I@Z
?GetWritableFragment@nsDependentCConcatenation@@MAEPADAAU?$nsWritableFragment@D@@W4nsFragmentRequest@@I@Z
?GetWritableFragment@nsDependentCSubstring@@MAEPADAAU?$nsWritableFragment@D@@W4nsFragmentRequest@@I@Z
?GetWritableFragment@nsDependentConcatenation@@MAEPAGAAU?$nsWritableFragment@G@@W4nsFragmentRequest@@I@Z
?GetWritableFragment@nsDependentSubstring@@MAEPAGAAU?$nsWritableFragment@G@@W4nsFragmentRequest@@I@Z
?GetWritableFragment@nsSharableCString@@UAEPADAAU?$nsWritableFragment@D@@W4nsFragmentRequest@@I@Z
?GetWritableFragment@nsSharableString@@UAEPAGAAU?$nsWritableFragment@G@@W4nsFragmentRequest@@I@Z
?GetWritableFragment@nsString@@MAEPAGAAU?$nsWritableFragment@G@@W4nsFragmentRequest@@I@Z
?HashString@@YAIABVnsACString@@@Z
?HashString@@YAIABVnsAString@@@Z
?Init@NS_ConvertASCIItoUCS2@@IAEXPBDI@Z
?Init@NS_ConvertUTF8toUCS2@@IAEXABVnsACString@@@Z
?Insert@nsACString@@QAEXABV1@I@Z
?Insert@nsACString@@QAEXDI@Z
?Insert@nsACString@@QAEXPBDI@Z
?Insert@nsACString@@QAEXPBDII@Z
?Insert@nsAString@@QAEXABV1@I@Z
?Insert@nsAString@@QAEXGI@Z
?Insert@nsAString@@QAEXPBGI@Z
?Insert@nsAString@@QAEXPBGII@Z
?InsertWithConversion@nsString@@QAEXPBDIH@Z
?IsASCII@@YAHABVnsACString@@@Z
?IsASCII@@YAHABVnsAString@@@Z
?IsASCII@nsString@@QAEHPBG@Z
?IsDependentOn@nsACString@@QBEHABV1@@Z
?IsDependentOn@nsAString@@QBEHABV1@@Z
?IsDependentOn@nsSubstituteCString@@UBEHABVnsACString@@@Z
?IsDependentOn@nsSubstituteString@@UBEHABVnsAString@@@Z
?IsEmpty@nsACString@@QBEHXZ
?IsEmpty@nsAString@@QBEHXZ
?IsEmpty@nsCString@@QBEHXZ
?IsEmpty@nsDependentCString@@QBEHXZ
?IsEmpty@nsDependentString@@QBEHXZ
?IsEmpty@nsString@@QBEHXZ
?IsSpace@nsString@@SAHG@Z
?IsUTF8@@YAHABVnsACString@@@Z
?IsVoid@nsACString@@UBEHXZ
?IsVoid@nsAString@@UBEHXZ
?Last@nsACString@@QBEDXZ
?Last@nsAString@@QBEGXZ
?Left@nsCString@@QBEIAAVnsACString@@I@Z
?Left@nsString@@QBEIAAVnsAString@@I@Z
?Length@nsASingleFragmentCString@@UBEIXZ
?Length@nsASingleFragmentString@@UBEIXZ
?Length@nsCString@@UBEIXZ
?Length@nsDependentCConcatenation@@UBEIXZ
?Length@nsDependentCString@@UBEIXZ
?Length@nsDependentCSubstring@@UBEIXZ
?Length@nsDependentConcatenation@@UBEIXZ
?Length@nsDependentString@@UBEIXZ
?Length@nsDependentSubstring@@UBEIXZ
?Length@nsPromiseFlatCString@@UBEIXZ
?Length@nsPromiseFlatString@@UBEIXZ
?Length@nsString@@UBEIXZ
?Length@nsSubstituteCString@@UBEIXZ
?Length@nsSubstituteString@@UBEIXZ
?MaxLength@nsSubstituteCString@@UBEIXZ
?MaxLength@nsSubstituteString@@UBEIXZ
?Mid@nsCString@@QBEIAAVnsACString@@II@Z
?Mid@nsString@@QBEIAAVnsAString@@II@Z
?PrepareForUseAsOutParam@nsXPIDLCString@@IAEPAPADXZ
?PrepareForUseAsOutParam@nsXPIDLString@@IAEPAPAGXZ
?RFind@nsCString@@QBEHABV1@HHH@Z
?RFind@nsCString@@QBEHPBDHHH@Z
?RFind@nsString@@QBEHABVnsAFlatString@@HH@Z
?RFind@nsString@@QBEHPBDHHH@Z
?RFind@nsString@@QBEHPBGHH@Z
?RFindChar@nsCString@@QBEHGHH@Z
?RFindChar@nsString@@QBEHGHH@Z
?RFindCharInSet@nsCString@@QBEHABV1@H@Z
?RFindCharInSet@nsCString@@QBEHPBDH@Z
?RFindCharInSet@nsString@@QBEHPBGH@Z
?RFindInReadable@@YAHABVnsACString@@AAV?$nsReadingIterator@D@@1ABVnsCStringComparator@@@Z
?RFindInReadable@@YAHABVnsAString@@AAV?$nsReadingIterator@G@@1ABVnsStringComparator@@@Z
?Rebind@nsDependentCString@@QAEXPBD0@Z
?Rebind@nsDependentCString@@QAEXPBD@Z
?Rebind@nsDependentCString@@QAEXPBDI@Z
?Rebind@nsDependentSingleFragmentCSubstring@@QAEXABVnsASingleFragmentCString@@II@Z
?Rebind@nsDependentSingleFragmentCSubstring@@QAEXPBD0@Z
?Rebind@nsDependentSingleFragmentSubstring@@QAEXABVnsASingleFragmentString@@II@Z
?Rebind@nsDependentSingleFragmentSubstring@@QAEXPBG0@Z
?Rebind@nsDependentString@@QAEXPBG0@Z
?Rebind@nsDependentString@@QAEXPBG@Z
?Rebind@nsDependentString@@QAEXPBGI@Z
?Replace@nsACString@@QAEXIIABV1@@Z
?Replace@nsAString@@QAEXIIABV1@@Z

Sections

.text
Size: 104KB - Virtual size: 101KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 52KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
NiugooViewer.jar
.jar
jdic.dll
.dll windows:4 windows x86 arch:x86

fc4c7d9bd749d58d970fedfd418f9ada

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

WriteFile
GetCPInfo
CompareStringA
CompareStringW
GetACP
GetOEMCP
SetFilePointer
RtlUnwind
GetStringTypeA
GetStringTypeW
SetStdHandle
FlushFileBuffers
CloseHandle
LocalAlloc
LocalFree
GetEnvironmentStringsW
GlobalUnlock
GlobalHandle
GlobalLock
GlobalReAlloc
GlobalAlloc
LocalReAlloc
lstrcatA
lstrcpyA
lstrcpynA
GetModuleHandleA
GlobalDeleteAtom
GlobalFindAtomA
GlobalAddAtomA
lstrcmpiA
GlobalGetAtomNameA
GetProcessVersion
lstrcmpA
GlobalFlags
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
GetModuleFileNameA
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
GetLastError
TlsGetValue
SetLastError
TlsFree
TlsAlloc
TlsSetValue
GetCurrentThreadId
IsBadWritePtr
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
HeapSize
HeapReAlloc
LCMapStringW
LCMapStringA
HeapFree
SetEnvironmentVariableW
GetCurrentProcess
TerminateProcess
ExitProcess
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
GetVersion
GetCommandLineA
HeapAlloc
InterlockedIncrement
InterlockedDecrement
RaiseException
SetUnhandledExceptionFilter
IsBadReadPtr
IsBadCodePtr
lstrlenW
lstrlenA
GetCurrentDirectoryA
FreeLibrary
SetCurrentDirectoryA
WideCharToMultiByte
MultiByteToWideChar
ExpandEnvironmentStringsA
LoadLibraryA
GetProcAddress
GlobalFree
SetEnvironmentVariableA

advapi32

RegFlushKey
RegQueryValueExA
RegEnumValueA
RegQueryInfoKeyA
RegDeleteValueA
RegSetValueExA
RegOpenKeyA
RegDeleteKeyA
RegCreateKeyExA
RegOpenKeyExA
RegEnumKeyExA
RegCloseKey

shell32

ShellExecuteA

ole32

CoUninitialize
CoInitialize
CoCreateInstance

oleaut32

SysAllocString
VariantClear

shlwapi

AssocQueryStringA

comctl32

ord17

urlmon

FindMimeFromData

user32

EnableWindow
CopyRect
GetClientRect
AdjustWindowRectEx
SetFocus
GetSysColor
MapWindowPoints
PostMessageA
LoadIconA
SetWindowTextA
IsWindowEnabled
LoadCursorA
GetSysColorBrush
ReleaseDC
GetDC
GetClassNameA
PtInRect
ClientToScreen
LoadStringA
PostQuitMessage
DestroyMenu
TabbedTextOutA
DrawTextA
GrayStringA
GetClassInfoA
RegisterClassA
GetMenu
GetMenuItemCount
GetSubMenu
GetMenuItemID
GetDlgItem
GetWindowTextA
GetDlgCtrlID
DefWindowProcA
DestroyWindow
CreateWindowExA
GetClassLongA
SetPropA
GetPropA
CallWindowProcA
RemovePropA
GetMessageTime
GetMessagePos
GetLastActivePopup
GetForegroundWindow
SetForegroundWindow
GetWindow
GetWindowLongA
SetWindowLongA
SetWindowPos
RegisterWindowMessageA
SystemParametersInfoA
IsIconic
GetWindowRect
GetSystemMetrics
GetMenuCheckMarkDimensions
LoadBitmapA
GetMenuState
ModifyMenuA
SetMenuItemBitmaps
CheckMenuItem
EnableMenuItem
GetFocus
GetParent
GetNextDlgTabItem
UnhookWindowsHookEx
DispatchMessageA
SendMessageA
GetKeyState
CallNextHookEx
PeekMessageA
SetWindowsHookExA
GetTopWindow
MessageBoxA
WinHelpA
GetCapture
GetWindowPlacement

gdi32

SelectObject
RestoreDC
SaveDC
DeleteDC
DeleteObject
GetDeviceCaps
GetObjectA
SetBkColor
SetTextColor
GetStockObject
SetMapMode
SetViewportOrgEx
Escape
ExtTextOutA
GetClipBox
CreateBitmap
TextOutA
RectVisible
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
PtVisible

winspool.drv

OpenPrinterA
DocumentPropertiesA
ClosePrinter

Exports

Exports

_JNI_OnLoad@8
_Java_org_jdesktop_jdic_browser_WebBrowser_nativeGetWindow@12
_Java_org_jdesktop_jdic_browser_internal_WebBrowserUtil_nativeGetBrowserPath@8
_Java_org_jdesktop_jdic_browser_internal_WebBrowserUtil_nativeGetMozillaGreHome@8
_Java_org_jdesktop_jdic_browser_internal_WebBrowserUtil_nativeSetEnv@8
_Java_org_jdesktop_jdic_desktop_internal_impl_WinAPIWrapper_AssocQueryString@16
_Java_org_jdesktop_jdic_desktop_internal_impl_WinAPIWrapper_ExpandEnvironmentStrings@12
_Java_org_jdesktop_jdic_desktop_internal_impl_WinAPIWrapper_RegCloseKey@12
_Java_org_jdesktop_jdic_desktop_internal_impl_WinAPIWrapper_RegOpenKey@20
_Java_org_jdesktop_jdic_desktop_internal_impl_WinAPIWrapper_RegQueryValueEx@16
_Java_org_jdesktop_jdic_desktop_internal_impl_WinAPIWrapper_nativeBrowseURLInIE@16
_Java_org_jdesktop_jdic_desktop_internal_impl_WinAPIWrapper_openMapiMailer@32
_Java_org_jdesktop_jdic_desktop_internal_impl_WinAPIWrapper_resolveLinkFile@12
_Java_org_jdesktop_jdic_desktop_internal_impl_WinAPIWrapper_shellExecute@16
_Java_org_jdesktop_jdic_desktop_internal_impl_WinAPIWrapper_shutDown@8
_Java_org_jdesktop_jdic_filetypes_internal_WinRegistryWrapper_ExpandEnvironmentStrings@12
_Java_org_jdesktop_jdic_filetypes_internal_WinRegistryWrapper_FindMimeFromData@16
_Java_org_jdesktop_jdic_filetypes_internal_WinRegistryWrapper_RegCloseKey@12
_Java_org_jdesktop_jdic_filetypes_internal_WinRegistryWrapper_RegCreateKeyEx@16
_Java_org_jdesktop_jdic_filetypes_internal_WinRegistryWrapper_RegDeleteKey@16
_Java_org_jdesktop_jdic_filetypes_internal_WinRegistryWrapper_RegDeleteValue@16
_Java_org_jdesktop_jdic_filetypes_internal_WinRegistryWrapper_RegEnumKeyEx@20
_Java_org_jdesktop_jdic_filetypes_internal_WinRegistryWrapper_RegEnumValue@20
_Java_org_jdesktop_jdic_filetypes_internal_WinRegistryWrapper_RegFlushKey@12
_Java_org_jdesktop_jdic_filetypes_internal_WinRegistryWrapper_RegOpenKey@20
_Java_org_jdesktop_jdic_filetypes_internal_WinRegistryWrapper_RegQueryInfoKey@12
_Java_org_jdesktop_jdic_filetypes_internal_WinRegistryWrapper_RegQueryValueEx@16
_Java_org_jdesktop_jdic_filetypes_internal_WinRegistryWrapper_RegSetValueEx@20
_Java_org_jdesktop_jdic_init_InitUtility_getEnv@12
_Java_org_jdesktop_jdic_init_InitUtility_setEnv@16

Sections

.text
Size: 60KB - Virtual size: 57KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
jdic.jar
.jar
niugoo.exe
.exe windows:4 windows x86 arch:x86

fe27cada5b619f95e6751c4f6d8bd057

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_DEBUG_STRIPPED

Imports

advapi32

RegCloseKey
RegCreateKeyExA
RegEnumKeyExA
RegOpenKeyExA
RegQueryValueExA
RegSetValueExA

comctl32

InitCommonControls

gdi32

BitBlt
CreateCompatibleBitmap
CreateCompatibleDC
CreateFontIndirectA
DeleteDC
DeleteObject
GetBkMode
GetDeviceCaps
GetStockObject
SelectObject
SetBkMode
SetTextColor
TextOutA

kernel32

AllocConsole
AreFileApisANSI
CloseHandle
CreateDirectoryA
CreateFileA
CreateMutexA
CreateProcessA
CreateSemaphoreA
CreateThread
DeleteFileA
DuplicateHandle
EnterCriticalSection
ExitProcess
ExitThread
FindClose
FindFirstFileA
FindNextFileA
FreeEnvironmentStringsA
GetCommandLineA
GetCommandLineW
GetConsoleOutputCP
GetConsoleTitleA
GetCurrentProcess
GetCurrentProcessId
GetEnvironmentStrings
GetEnvironmentVariableA
GetExitCodeProcess
GetFileAttributesA
GetFullPathNameA
GetLastError
GetModuleFileNameA
GetModuleFileNameW
GetModuleHandleA
GetProcAddress
GetShortPathNameA
GetShortPathNameW
GetStartupInfoA
GetTempFileNameA
GetTempPathA
GetTickCount
GetVersionExA
GetWindowsDirectoryA
InitializeCriticalSection
InterlockedIncrement
LeaveCriticalSection
LoadLibraryA
MulDiv
MultiByteToWideChar
ReadFile
ReleaseMutex
RemoveDirectoryA
SearchPathA
SetConsoleTitleA
SetCurrentDirectoryA
SetEnvironmentVariableA
SetFilePointer
SetLastError
SetUnhandledExceptionFilter
Sleep
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
WaitForSingleObject
WideCharToMultiByte
WriteFile
lstrcpynA
lstrlenA

msvcrt

_close
_fileno
_fstat
_isatty
_lseek
_open
_read
_stricmp
_wcslwr
_write
_HUGE
__getmainargs
__mb_cur_max
__p__environ
__set_app_type
_assert
_cexit
_errno
_fileno
_fmode
_fpreset
_iob
_isctype
_itoa
_mkdir
_pctype
_putenv
_rmdir
_setmode
_strupr
_tempnam
abort
atexit
atoi
ctime
difftime
exit
fclose
fflush
fgets
fopen
fprintf
fread
free
fseek
fwprintf
fwrite
getc
getenv
malloc
memchr
memcpy
memmove
memset
mktime
printf
rand
remove
signal
sprintf
srand
strcat
strchr
strcmp
strcpy
strncmp
strncpy
strrchr
strstr
strtok
strtol
strtoul
swprintf
time
vfprintf
wcschr
wcscmp
wcscpy
wcslen
wcsncmp
wcsncpy

shell32

SHGetDesktopFolder
SHGetMalloc
SHGetPathFromIDListA

user32

BeginPaint
CreateWindowExA
DefWindowProcA
DispatchMessageA
DrawTextExA
EndPaint
EnumWindows
ExitWindowsEx
FillRect
FindWindowA
GetDesktopWindow
GetForegroundWindow
GetLastActivePopup
GetMessageA
GetWindowRect
GetWindowThreadProcessId
InvalidateRect
IsIconic
IsWindowVisible
LoadCursorA
LoadIconA
LoadImageA
MessageBoxA
MessageBoxW
PostQuitMessage
RegisterClassA
SetForegroundWindow
SetTimer
SetWindowPos
ShowWindow
TranslateMessage
UpdateWindow

Sections

.text
Size: 121KB - Virtual size: 121KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 49KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 133KB - Virtual size: 133KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
stockCodes.txt
tray.dll
.dll windows:4 windows x86 arch:x86

45567d4e9ba56687e59d1d1b72fcdc04

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetProcAddress
LoadLibraryA
GetStringTypeA
LCMapStringW
LCMapStringA
MultiByteToWideChar
GetOEMCP
GetACP
GetCPInfo
FreeLibrary
IsBadReadPtr
WriteFile
GetEnvironmentStringsW
GetEnvironmentStrings
WideCharToMultiByte
FreeEnvironmentStringsW
FreeEnvironmentStringsA
GetModuleFileNameA
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
GetCurrentProcess
OpenProcess
VirtualAllocEx
ReadProcessMemory
VirtualFreeEx
CloseHandle
IsBadCodePtr
lstrcpynA
TerminateProcess
IsBadWritePtr
HeapReAlloc
VirtualAlloc
RtlUnwind
RaiseException
HeapAlloc
HeapFree
GetCommandLineA
GetVersion
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
GetLastError
SetUnhandledExceptionFilter
HeapDestroy
HeapCreate
VirtualFree
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
ExitProcess
GetStringTypeW

user32

CreateWindowExA
GetMessageA
DispatchMessageA
TranslateMessage
DestroyIcon
CreateIconIndirect
GetWindowRect
SendMessageA
GetWindowThreadProcessId
MapWindowPoints
FindWindowA
EnumChildWindows
IsWindow
GetClassNameA
GetDesktopWindow
GetDC
ReleaseDC
RegisterWindowMessageA
GetCursorPos
DefWindowProcA
LoadCursorA
RegisterClassA

gdi32

CreateDIBSection
CreateDIBitmap
DeleteObject
GdiFlush
GetStockObject
CreateBitmap

shell32

Shell_NotifyIconA

ole32

CoInitialize

Exports

Exports

?JNU_GetEnv@@YGPAXPAUJavaVM_@@J@Z
_JNI_OnLoad@8
_Java_org_jdesktop_jdic_tray_internal_impl_DisplayThread_eventLoop@8
_Java_org_jdesktop_jdic_tray_internal_impl_DisplayThread_initTray@8
_Java_org_jdesktop_jdic_tray_internal_impl_WinTrayIconService_createIcon@24
_Java_org_jdesktop_jdic_tray_internal_impl_WinTrayIconService_createIconIndirect@36
_Java_org_jdesktop_jdic_tray_internal_impl_WinTrayIconService_deleteHIcon@16
_Java_org_jdesktop_jdic_tray_internal_impl_WinTrayIconService_getRectangleOnScreen@12
_Java_org_jdesktop_jdic_tray_internal_impl_WinTrayIconService_removeIcon@12
_Java_org_jdesktop_jdic_tray_internal_impl_WinTrayIconService_showBalloonMessage@32
_Java_org_jdesktop_jdic_tray_internal_impl_WinTrayIconService_updateNativeIcon@24

Sections

.text
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
安装使用说明/dde排名.jpg
.jpg
安装使用说明/个股资讯查询.jpg
.jpg
安装使用说明/个股页面说明.jpg
.jpg
安装使用说明/安装使用说明.txt
安装使用说明/新云软件.url
.url
安装使用说明/牛股晚报.jpg
.jpg
安装使用说明/牛股资讯.jpg
.jpg
牛股动态SuperView赢富决策系统2.2正式版.exe
.exe windows:4 windows x86 arch:x86

fe27cada5b619f95e6751c4f6d8bd057

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_DEBUG_STRIPPED

Imports

advapi32

RegCloseKey
RegCreateKeyExA
RegEnumKeyExA
RegOpenKeyExA
RegQueryValueExA
RegSetValueExA

comctl32

InitCommonControls

gdi32

BitBlt
CreateCompatibleBitmap
CreateCompatibleDC
CreateFontIndirectA
DeleteDC
DeleteObject
GetBkMode
GetDeviceCaps
GetStockObject
SelectObject
SetBkMode
SetTextColor
TextOutA

kernel32

AllocConsole
AreFileApisANSI
CloseHandle
CreateDirectoryA
CreateFileA
CreateMutexA
CreateProcessA
CreateSemaphoreA
CreateThread
DeleteFileA
DuplicateHandle
EnterCriticalSection
ExitProcess
ExitThread
FindClose
FindFirstFileA
FindNextFileA
FreeEnvironmentStringsA
GetCommandLineA
GetCommandLineW
GetConsoleOutputCP
GetConsoleTitleA
GetCurrentProcess
GetCurrentProcessId
GetEnvironmentStrings
GetEnvironmentVariableA
GetExitCodeProcess
GetFileAttributesA
GetFullPathNameA
GetLastError
GetModuleFileNameA
GetModuleFileNameW
GetModuleHandleA
GetProcAddress
GetShortPathNameA
GetShortPathNameW
GetStartupInfoA
GetTempFileNameA
GetTempPathA
GetTickCount
GetVersionExA
GetWindowsDirectoryA
InitializeCriticalSection
InterlockedIncrement
LeaveCriticalSection
LoadLibraryA
MulDiv
MultiByteToWideChar
ReadFile
ReleaseMutex
RemoveDirectoryA
SearchPathA
SetConsoleTitleA
SetCurrentDirectoryA
SetEnvironmentVariableA
SetFilePointer
SetLastError
SetUnhandledExceptionFilter
Sleep
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
WaitForSingleObject
WideCharToMultiByte
WriteFile
lstrcpynA
lstrlenA

msvcrt

_close
_fileno
_fstat
_isatty
_lseek
_open
_read
_stricmp
_wcslwr
_write
_HUGE
__getmainargs
__mb_cur_max
__p__environ
__set_app_type
_assert
_cexit
_errno
_fileno
_fmode
_fpreset
_iob
_isctype
_itoa
_mkdir
_pctype
_putenv
_rmdir
_setmode
_strupr
_tempnam
abort
atexit
atoi
ctime
difftime
exit
fclose
fflush
fgets
fopen
fprintf
fread
free
fseek
fwprintf
fwrite
getc
getenv
malloc
memchr
memcpy
memmove
memset
mktime
printf
rand
remove
signal
sprintf
srand
strcat
strchr
strcmp
strcpy
strncmp
strncpy
strrchr
strstr
strtok
strtol
strtoul
swprintf
time
vfprintf
wcschr
wcscmp
wcscpy
wcslen
wcsncmp
wcsncpy

shell32

SHGetDesktopFolder
SHGetMalloc
SHGetPathFromIDListA

user32

BeginPaint
CreateWindowExA
DefWindowProcA
DispatchMessageA
DrawTextExA
EndPaint
EnumWindows
ExitWindowsEx
FillRect
FindWindowA
GetDesktopWindow
GetForegroundWindow
GetLastActivePopup
GetMessageA
GetWindowRect
GetWindowThreadProcessId
InvalidateRect
IsIconic
IsWindowVisible
LoadCursorA
LoadIconA
LoadImageA
MessageBoxA
MessageBoxW
PostQuitMessage
RegisterClassA
SetForegroundWindow
SetTimer
SetWindowPos
ShowWindow
TranslateMessage
UpdateWindow

Sections

.text
Size: 121KB - Virtual size: 121KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 49KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 133KB - Virtual size: 133KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

39ce29b7cd419904fc6474fb67c40d2c

Headers

File Characteristics

Imports

ws2_32

mfc42

msvcrt

kernel32

user32

gdi32

olepro32

ole32

oleaut32

Sections

.text Size: 32KB - Virtual size: 29KB

.rdata Size: 8KB - Virtual size: 7KB

.data Size: 4KB - Virtual size: 2KB

.rsrc Size: 4KB - Virtual size: 1KB

4da57a3de47cf9275e014fa768c1a1ef

Headers

File Characteristics

Imports

ws2_32

nspr4

plc4

mfc42

msvcrt

kernel32

user32

gdi32

advapi32

Exports

Exports

Sections

.text Size: 104KB - Virtual size: 101KB

.rdata Size: 52KB - Virtual size: 51KB

.data Size: 4KB - Virtual size: 3KB

.rsrc Size: 20KB - Virtual size: 18KB

fc4c7d9bd749d58d970fedfd418f9ada

Headers

File Characteristics

Imports

kernel32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

urlmon

user32

gdi32

winspool.drv

Exports

Exports

Sections

.text Size: 60KB - Virtual size: 57KB

.rdata Size: 20KB - Virtual size: 16KB

.data Size: 8KB - Virtual size: 19KB

.rsrc Size: 4KB - Virtual size: 1024B

.reloc Size: 12KB - Virtual size: 9KB

fe27cada5b619f95e6751c4f6d8bd057

Headers

File Characteristics

Imports

advapi32

comctl32

gdi32

kernel32

msvcrt

shell32

user32

Sections

.text Size: 121KB - Virtual size: 121KB

.data Size: 4KB - Virtual size: 4KB

.text
Size: 32KB - Virtual size: 29KB

.rdata
Size: 8KB - Virtual size: 7KB

.data
Size: 4KB - Virtual size: 2KB

.rsrc
Size: 4KB - Virtual size: 1KB

.text
Size: 104KB - Virtual size: 101KB

.rdata
Size: 52KB - Virtual size: 51KB

.data
Size: 4KB - Virtual size: 3KB

.rsrc
Size: 20KB - Virtual size: 18KB

.text
Size: 60KB - Virtual size: 57KB

.rdata
Size: 20KB - Virtual size: 16KB

.data
Size: 8KB - Virtual size: 19KB

.rsrc
Size: 4KB - Virtual size: 1024B

.reloc
Size: 12KB - Virtual size: 9KB

.text
Size: 121KB - Virtual size: 121KB

.data
Size: 4KB - Virtual size: 4KB

.bss
Size: - Virtual size: 49KB

.idata
Size: 6KB - Virtual size: 5KB

.rsrc
Size: 133KB - Virtual size: 133KB

.text
Size: 20KB - Virtual size: 17KB

.rdata
Size: 8KB - Virtual size: 4KB

.data
Size: 4KB - Virtual size: 2KB

.rsrc
Size: 4KB - Virtual size: 1024B

.reloc
Size: 4KB - Virtual size: 1KB

.text
Size: 121KB - Virtual size: 121KB

.data
Size: 4KB - Virtual size: 4KB

.bss
Size: - Virtual size: 49KB

.idata
Size: 6KB - Virtual size: 5KB

.rsrc
Size: 133KB - Virtual size: 133KB