43d854ff2dcc16e70b97ab4f80adaabb67118be92971e178b63c442954fecc11

Sharing

Copy URL Twitter E-mail

General

Target

43d854ff2dcc16e70b97ab4f80adaabb67118be92971e178b63c442954fecc11
Size

1.7MB
MD5

a49e51b6026706a0a2b3cec9455615b6
SHA1

824dd0d3ccadcf85c1f5e846fa7ec423088710bd
SHA256

43d854ff2dcc16e70b97ab4f80adaabb67118be92971e178b63c442954fecc11
SHA512

bf02e489baf7f1294b2faa6abd86209bdd2347b4ac9d279b7c267c9886fd0635dc4f9692fb51f8e9782405f79f9f7d4ae9496b2efae9491772eea8790ec69eca
SSDEEP

49152:U17/els3ehsd8Y8k2FWfyRSQzrjStkKr29tfOkftF1:W72lcysd8Y1wSQzKkKr29xOkfN

Score

3^/10

Malware Config

Signatures

Unsigned PE 4 IoCs

Checks for missing Authenticode signature.

resource
unpack001/paysys/engine.dll
unpack001/paysys/kg_paysys.exe
unpack001/paysys/libmysql.dll
unpack001/paysys/lua5.dll

Files

43d854ff2dcc16e70b97ab4f80adaabb67118be92971e178b63c442954fecc11
.zip
paysys/engine.dll
.dll windows:4 windows x86 arch:x86

e9352403fc03b7e19b37ad222ae71018

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

winmm

timeGetTime

ws2_32

inet_addr

lua5

luaopen_string
luaopen_table
luaopen_base
luaL_newstate
lua_setfenv
lua_gettable
lua_isstring
lua_isnumber
lua_setmetatable
lua_rawget
luaopen_math
luaL_newmetatable
lua_getfield
lua_setupvalue
lua_tointeger
lua_settable
lua_next
lua_pushvfstring
luaL_callmeta
lua_topointer
lua_typename
lua_gc
lua_iscfunction
lua_tocfunction
lua_pcall
lua_remove
lua_rawseti
lua_pushnil
lua_pushlstring
lua_pushboolean
lua_pushnumber
lua_rawgeti
lua_objlen
lua_toboolean
lua_tonumber
lua_insert
luaL_loadbuffer
lua_pushlightuserdata
lua_createtable
lua_pushstring
lua_pushcclosure
lua_getallocf
lua_settop
lua_tolstring
lua_call
lua_rawset
lua_close
lua_newstate
luaL_openlibs
lua_setfield
lua_checkstack
lua_touserdata
lua_gettop
lua_newuserdata
lua_type
lua_pushvalue
lua_pushinteger
lua_pushfstring

kernel32

CreateDirectoryA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
DisableThreadLibraryCalls
GetCurrentProcessId
GetSystemTimeAsFileTime
QueryPerformanceCounter
QueryPerformanceFrequency
Sleep
TerminateThread
WaitForSingleObject
ReleaseSemaphore
CloseHandle
CreateSemaphoreA
GetCurrentThreadId
SetLocalTime
GetTickCount
LoadLibraryA
GetProcAddress
FreeLibrary
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
FindFirstFileA
FindNextFileA
FindClose
GetFileAttributesA
InterlockedExchange
InterlockedCompareExchange

user32

DefWindowProcW
PeekMessageW
DispatchMessageW
PostMessageW
CreateWindowExW
LoadIconW
RegisterClassExW
DestroyWindow
PostQuitMessage
SetCursor
WaitMessage
PeekMessageA
TranslateMessage
DispatchMessageA
PostMessageA
CreateWindowExA
UpdateWindow
SetFocus
LoadIconA
LoadCursorA
RegisterClassA
DefWindowProcA
SendMessageA
GetSystemMetrics
GetKeyboardLayout
GetGUIThreadInfo
MessageBoxA

gdi32

GetStockObject

msvcr80

??3@YAXPAX@Z
fopen
memset
fclose
free
fread
_chdir
malloc
ftell
fseek
__CxxFrameHandler3
??2@YAPAXI@Z
strcpy
strcat
strrchr
strstr
memcmp
memmove
strchr
atoi
atof
strncpy
atol
strtok
_stricmp
_CxxThrowException
??0exception@std@@QAE@ABV01@@Z
??1exception@std@@UAE@XZ
??0exception@std@@QAE@XZ
_invalid_parameter_noinfo
??0exception@std@@QAE@ABQBD@Z
?what@exception@std@@UBEPBDXZ
_time32
strcmp
printf
_stat32
_utime32
rename
remove
sscanf
_mktime32
memchr
_localtime32
strncmp
vsprintf
strtoul
_wcsicmp
swscanf
wcstoul
_snprintf
puts
fputs
__iob_func
_vsnprintf
_localtime32_s
fprintf
strerror
_errno
isdigit
isspace
_beginthreadex
wcscat
wcsncpy
wcslen
realloc
??_V@YAXPAX@Z
??_U@YAPAXI@Z
_findclose
_findnext32
_findfirst32
memmove_s
_unlock
__dllonexit
_encode_pointer
_lock
_onexit
_decode_pointer
?terminate@@YAXXZ
_malloc_crt
_encoded_null
_initterm
_initterm_e
_amsg_exit
_adjust_fdiv
__CppXcptFilter
_crt_debugger_hook
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_except_handler4_common
__clean_type_info_names_internal
_purecall
strlen
sprintf
memcpy
_getcwd
_strlwr
_itoa
_close
_write
_open
_mkdir
_strnicmp
fwrite

msvcp80

??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z
?find_last_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIDI@Z
?find_first_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIDI@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIDI@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDI@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??$?MDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ

imm32

ImmSetConversionStatus
ImmGetConversionStatus
ImmGetDefaultIMEWnd
ImmSetOpenStatus
ImmGetOpenStatus
ImmGetContext
ImmSimulateHotKey
ImmIsIME
ImmSetCompositionWindow
ImmReleaseContext

Exports

Exports

??0KIme@@QAE@ABV0@@Z
??0KIme@@QAE@XZ
??0KImeBase@@QAE@ABV0@@Z
??0KImeBase@@QAE@XZ
??0KImeW@@QAE@ABV0@@Z
??0KImeW@@QAE@XZ
??0KJxScript@@QAE@H@Z
??0KJxScriptSet@@QAE@ABV0@@Z
??0KJxScriptSet@@QAE@H@Z
??0KLogFile@@QAE@ABV0@@Z
??0KLogFile@@QAE@XZ
??0KLunaBase@@QAE@ABV0@@Z
??0KLunaBase@@QAE@XZ
??0KMutex@@QAE@XZ
??0KObjCache@@QAE@XZ
??0KOccupyList@@QAE@XZ
??0KPackFilePartner@@QAE@XZ
??0KPolygon@@QAE@XZ
??0KScriptGroup@@QAE@PBD@Z
??0KThread@@QAE@XZ
??0KTimer@@QAE@XZ
??0KWin32App@@QAE@ABV0@@Z
??0KWin32App@@QAE@XZ
??0KWin32AppW@@QAE@ABV0@@Z
??0KWin32AppW@@QAE@XZ
??1KIme@@UAE@XZ
??1KImeBase@@UAE@XZ
??1KImeW@@UAE@XZ
??1KJxScript@@QAE@XZ
??1KJxScriptSet@@QAE@XZ
??1KLogFile@@UAE@XZ
??1KMutex@@QAE@XZ
??1KObjCache@@QAE@XZ
??1KOccupyList@@QAE@XZ
??1KPackFilePartner@@QAE@XZ
??1KScriptGroup@@QAE@XZ
??1KThread@@QAE@XZ
??4KIme@@QAEAAV0@ABV0@@Z
??4KImeBase@@QAEAAV0@ABV0@@Z
??4KImeW@@QAEAAV0@ABV0@@Z
??4KJxScriptSet@@QAEAAV0@ABV0@@Z
??4KLogFile@@QAEAAV0@ABV0@@Z
??4KLunaBase@@QAEAAV0@ABV0@@Z
??4KMutex@@QAEAAV0@ABV0@@Z
??4KObjCache@@QAEAAV0@ABV0@@Z
??4KOccupyList@@QAEAAV0@ABV0@@Z
??4KPackFilePartner@@QAEAAV0@ABV0@@Z
??4KPolygon@@QAEAAV0@ABV0@@Z
??4KSemaphore@@QAEAAV0@ABV0@@Z
??4KThread@@QAEAAV0@ABV0@@Z
??4KTimer@@QAEAAV0@ABV0@@Z
??4KWin32App@@QAEAAV0@ABV0@@Z
??4KWin32AppW@@QAEAAV0@ABV0@@Z
??_7KIme@@6B@
??_7KImeBase@@6B@
??_7KImeW@@6B@
??_7KLogFile@@6B@
??_7KLunaBase@@6B@
??_7KWin32App@@6B@
??_7KWin32AppW@@6B@
??_FKJxScript@@QAEXXZ
??_FKScriptGroup@@QAEXXZ
?ActionForAllObj@KObjCache@@QAEXP6AHPAX0@Z0@Z
?AddElem@KPackFilePartner@@QAE_NAAUPACKPARTNER_ELEM_INFO@1@@Z
?AddPointToVertex@KPolygon@@QAEHHH@Z
?CallGlobalFunction@KJxScript@@QAAHPBDH0ZZ
?CallGlobalFunctionV@KJxScript@@QAEHPBDH0PAD@Z
?CallTableFunction@KJxScript@@QAAHPBD0H0ZZ
?CallTableFunctionV@KJxScript@@QAEHPBD0H0PAD@Z
?CanBeFree@KObjCache@@AAEHPAX@Z
?CheckBalance@KObjCache@@AAEXXZ
?CheckList@KJxScript@@QAEHHPBD@Z
?Clear@KPackFilePartner@@QAEXXZ
?Clear@KPolygon@@QAEXXZ
?Clear@KScriptGroup@@QAEXHH@Z
?ClearAll@KJxScriptSet@@QAEXXZ
?ClearScriptTempTable@KLunaBase@@KAHPAUlua_State@@PBDH@Z
?CloseIME@KImeBase@@QAEXXZ
?CloseLogFile@KLogFile@@AAEHXZ
?CopyStack@KJxScript@@QAEHAAV1@HH@Z
?Create@KThread@@QAEHP6AXPAX@Z0@Z
?DebugLogRecord@KLogFile@@QAEXW4LOG_RECORD_REMIND_LEVEL@@PBDH@Z
?DebugLogRecordVar@KLogFile@@QAAXW4LOG_RECORD_REMIND_LEVEL@@PBDZZ
?DeleteElemInPak@KPackFilePartner@@QAE_NI@Z
?Destroy@KThread@@QAEHXZ
?DisableLanguageChange@KImeBase@@QAEXXZ
?DoBuffer@KJxScript@@QAEHPBD0@Z
?DoCall@KJxScript@@QAEHHH@Z
?DoFile@KJxScript@@QAEHPBDH@Z
?EnableLanguageChange@KImeBase@@QAEXXZ
?Execute@KJxScript@@QAAHHPBDZZ
?Exit@KJxScript@@QAEXXZ
?ExpandSpace@KObjCache@@AAE_NXZ
?FindElem@KPackFilePartner@@AAE_NIAAI@Z
?FindFile@KJxScriptSet@@QAEPBDK@Z
?FindObj@KObjCache@@AAEHIH@Z
?FinishLogFile@KLogFile@@QAEHXZ
?ForEach@KJxScriptSet@@QAEXP6AHPAVKJxScript@@PBD@Z@Z
?Free@KOccupyList@@QAEXH@Z
?FreeAll@KOccupyList@@QAEXXZ
?FreeAllObj@KObjCache@@QAEXXZ
?FreeObj@KObjCache@@QAEXPBD@Z
?GameLoop@KWin32App@@MAEHXZ
?GameLoop@KWin32AppW@@MAEHXZ
?GenID@KJxScriptSet@@AAEKPBD@Z
?GenerateMsgHoverMsg@KWin32App@@AAEXXZ
?GenerateMsgHoverMsg@KWin32AppW@@AAEXXZ
?GetAllocMemSize@KJxScript@@QBEIXZ
?GetAllocTimes@KJxScript@@QBEIXZ
?GetBlockMaxSize@KJxScript@@QBEIXZ
?GetBool@KJxScript@@QAEHH@Z
?GetCObj@KLunaBase@@SAPAV1@PAUlua_State@@H@Z
?GetCenterPos@KPolygon@@QAEXPAH0@Z
?GetElapse@KTimer@@QAEIXZ
?GetElapseFrequency@KTimer@@QAEIXZ
?GetElapseMicrosecond@KTimer@@QAEIXZ
?GetElemCount@KPackFilePartner@@QAEHXZ
?GetElemInfo@KPackFilePartner@@QAE_NIAAUPACKPARTNER_ELEM_INFO@1@@Z
?GetElemInfoByIndex@KPackFilePartner@@QBEHHAAUPACKPARTNER_ELEM_INFO@1@@Z
?GetElemInfoByIndex@KPackFilePartner@@QBEPBUPACKPARTNER_ELEM_INFO@1@H@Z
?GetFPS@KTimer@@QAEHPAH@Z
?GetFileCount@KScriptGroup@@QBEKXZ
?GetFirstFree@KOccupyList@@QAEHH@Z
?GetFirstScript@KJxScriptSet@@QAEPAVKJxScript@@XZ
?GetFreeMemSize@KJxScript@@QBEIXZ
?GetGlobal@KJxScript@@QAEHPBD@Z
?GetGlobalF@KJxScript@@QAEHPBD@Z
?GetIndexVertex@KPolygon@@QAEHHPAH0@Z
?GetInstance@KIme@@SAPAV1@XZ
?GetInstance@KImeW@@SAPAV1@XZ
?GetInt@KJxScript@@QAEHH@Z
?GetInterval@KTimer@@QAEIXZ
?GetLStr@KJxScript@@QAEPBDHAAH@Z
?GetLeftVertex@KPolygon@@QAEHXZ
?GetLuaData@KLunaBase@@CAPBUKLuaData@1@PAUlua_State@@H@Z
?GetLuaState@KJxScript@@QAEPAUlua_State@@XZ
?GetMainHWnd@KIme@@UAEPAUHWND__@@XZ
?GetMainHWnd@KImeW@@UAEPAUHWND__@@XZ
?GetMainWnd@KWin32App@@SAPAUHWND__@@XZ
?GetMainWnd@KWin32AppW@@SAPAUHWND__@@XZ
?GetMemSize@KJxScript@@QBEIXZ
?GetNearVertex@KPolygon@@QAEHHH@Z
?GetNext@KOccupyList@@QBEHH@Z
?GetNextScript@KJxScriptSet@@QAEPAVKJxScript@@H@Z
?GetNum@KJxScript@@QAENH@Z
?GetObj@KJxScript@@QAEPAVKLunaBase@@H@Z
?GetObj@KObjCache@@QAEPAXPBDAAIAAH@Z
?GetObjLen@KJxScript@@QAEHH@Z
?GetOccupyCount@KOccupyList@@QBEHXZ
?GetPolygonPtr@KPolygon@@QAEPAUTPolygon@@XZ
?GetPrev@KOccupyList@@QBEHH@Z
?GetRightVertex@KPolygon@@QAEHXZ
?GetScript@KJxScriptSet@@QAEPAVKJxScript@@K@Z
?GetScript@KJxScriptSet@@QAEPAVKJxScript@@PBD@Z
?GetScript@KScriptGroup@@QAEPAVKJxScript@@XZ
?GetScriptCount@KJxScriptSet@@QAEIXZ
?GetScriptTempTable@KLunaBase@@KAHPAUlua_State@@PBDH@Z
?GetStr@KJxScript@@QAEPBDH@Z
?GetTableField@KJxScript@@QAEHHPBD@Z
?GetTableIndex@KJxScript@@QAEHHH@Z
?GetThis@KJxScript@@SAPAV1@PAUlua_State@@@Z
?GetThis@KScriptGroup@@SAPAV1@AAVKJxScript@@@Z
?GetTopIndex@KJxScript@@QAEHXZ
?GetType@KJxScript@@QAE?AW4KE_DATA_TYPE@1@H@Z
?GetUser@KJxScript@@QAEPAXH@Z
?GetVertexNumber@KPolygon@@QAEHXZ
?HandleInput@KWin32App@@MAEHIIJ@Z
?HandleInput@KWin32AppW@@MAEHIIJ@Z
?Init@KJxScript@@QAEHH@Z
?Init@KObjCache@@QAEXP6AHPBDPAPAX@ZP6AHPAX3@Z4@Z
?Init@KOccupyList@@QAE_NH@Z
?Init@KPackFilePartner@@QAE_NXZ
?Init@KSemaphore@@QAEHI@Z
?Init@KWin32App@@UAEHPAUHINSTANCE__@@PBDH@Z
?Init@KWin32AppW@@UAEHPAUHINSTANCE__@@PB_WH@Z
?InitClass@KWin32App@@MAEHPAUHINSTANCE__@@@Z
?InitClass@KWin32AppW@@MAEHPAUHINSTANCE__@@@Z
?InitWindow@KWin32App@@MAEHPAUHINSTANCE__@@@Z
?InitWindow@KWin32AppW@@MAEHPAUHINSTANCE__@@@Z
?InitialLogFile@KLogFile@@QAEHPBD0I@Z
?IsBool@KJxScript@@QAEHH@Z
?IsFunction@KJxScript@@QAEHH@Z
?IsIme@KImeBase@@QAEHXZ
?IsLUser@KJxScript@@QAEHH@Z
?IsNil@KJxScript@@QAEHH@Z
?IsNone@KJxScript@@QAEHH@Z
?IsNumber@KJxScript@@QAEHH@Z
?IsOccupy@KOccupyList@@QAEHH@Z
?IsPartnerMatch@KPackFilePartner@@QAE_NHII@Z
?IsPointInPolygon@KPolygon@@QAEHHH@Z
?IsString@KJxScript@@QAEHH@Z
?IsTable@KJxScript@@QAEHH@Z
?IsThread@KJxScript@@QAEHH@Z
?IsUser@KJxScript@@QAEHH@Z
?KGLogInit@@YAHABU_KGLOG_PARAM@@PAX@Z
?KGLogPrintf@@YAHW4KGLOG_PRIORITY@@QBDZZ
?KGLogSetPriorityMask@@YAHH@Z
?KGLogUnInit@@YAHPAX@Z
?KGThread_Sleep@@YAHI@Z
?KG_CreateGUID@@YAHPAU_GUID@@@Z
?KG_EDStringToMD5String@@YAHQADQBD@Z
?KG_GetTickCount@@YAKXZ
?KG_stime@@YAHPAJ@Z
?Load@KPackFilePartner@@QAE_NPBDH@Z
?LoadAllScript@KScriptGroup@@QAEHXZ
?LoadBuffer2Value@KJxScript@@QAEHPBEH@Z
?LoadBuffer@KJxScript@@QAEHPAEKPBD@Z
?LoadBuffer@KJxScript@@QAEHPBD0@Z
?LoadScript@KJxScriptSet@@QAE?AUSCRIPT_SET_RESULT@@PBDH@Z
?LoadScript@KScriptGroup@@QAEHPBDH@Z
?LoadScriptInDirectory@KJxScriptSet@@QAE?AUSCRIPT_SET_RESULT@@PBDH@Z
?LoadScriptInDirectory@KScriptGroup@@QAEHPBD@Z
?LoadScriptInPackPartnerFile@KJxScriptSet@@QAE?AUSCRIPT_SET_RESULT@@PBDH@Z
?Lock@KMutex@@QAEHXZ
?LogRecord@KLogFile@@QAEXW4LOG_RECORD_REMIND_LEVEL@@PBDH@Z
?LogRecordVar@KLogFile@@QAAXW4LOG_RECORD_REMIND_LEVEL@@PBDZZ
?LoopVertex@KPolygon@@QAEXH@Z
?MoveStack@KJxScript@@QAEHH@Z
?MsgProc@KWin32App@@QAEJPAUHWND__@@IIJ@Z
?MsgProc@KWin32AppW@@QAEJPAUHWND__@@IIJ@Z
?Occupy@KOccupyList@@QAEXH@Z
?OccupyAll@KOccupyList@@QAEXXZ
?OpenIME@KImeBase@@QAEXXZ
?OutPutErrMsgF@KJxScript@@QAAHPBDZZ
?OutPutErrMsgF@KJxScript@@SAHPAUlua_State@@PBDZZ
?OutPutErrMsgV@KJxScript@@QAEHPBDPAD@Z
?OutPutErrMsgV@KJxScript@@SAHPAUlua_State@@PBDPAD@Z
?Passed@KTimer@@QAEHH@Z
?PopStack@KJxScript@@QAEHH@Z
?Post@KSemaphore@@QAEHXZ
?PrepareLogFile@KLogFile@@AAEHXZ
?PushBool@KJxScript@@QAEHH@Z
?PushFromStack@KJxScript@@QAEHH@Z
?PushLString@KJxScript@@QAEHPBDH@Z
?PushList@KJxScript@@QAAHPBDZZ
?PushListV@KJxScript@@QAEHPBDPAD@Z
?PushNull@KJxScript@@QAEHXZ
?PushNumber@KJxScript@@QAEHN@Z
?PushObj@KJxScript@@QAEHPBVKLunaBase@@@Z
?PushPointer@KJxScript@@QAEHPBX@Z
?PushString@KJxScript@@QAEHPBD@Z
?PushStringF@KJxScript@@QAAHPBDZZ
?PushTable@KJxScript@@QAEHXZ
?QueryState@KLogFile@@QAEHXZ
?ReadList@KJxScript@@QAAHHPBDZZ
?RegisterGlobalFunction@KJxScript@@QAEHPBDP6AHPAUlua_State@@@Z@Z
?RegisterTableFunctions@KJxScript@@QAEHPBDPBUKSCRIPT_FUNCTION@@K@Z
?RegisterTableFunctions@KJxScript@@QAEHPBDQBUTScriptFunc@@K@Z
?ReleaseAllFreeMemory@KJxScript@@SAHXZ
?ReloadAllScript@KJxScriptSet@@QAEHH@Z
?ReloadScript@KJxScriptSet@@QAE?AUSCRIPT_SET_RESULT@@PBD@Z
?RemoveFromStack@KJxScript@@QAEHH@Z
?RemoveIndexVertex@KPolygon@@QAEHH@Z
?ResetIme@KImeBase@@QAEXXZ
?Run@KWin32App@@UAEXXZ
?Run@KWin32AppW@@UAEXXZ
?SafeCallBegin@KJxScript@@QAEHAAH@Z
?SafeCallEnd@KJxScript@@QAEHH@Z
?Save@KPackFilePartner@@QAE_NPBDII@Z
?SaveValue2Buffer@KJxScript@@QAEHPAEHH@Z
?SetBalanceParam@KObjCache@@QAEXHI@Z
?SetCanUseUnpackFile@KScriptGroup@@QAEHH@Z
?SetCaretPos@KImeBase@@QAEXHH@Z
?SetGlobalName@KJxScript@@QAEHPBD@Z
?SetMouseHoverTime@KWin32App@@QAEXI@Z
?SetMouseHoverTime@KWin32AppW@@QAEXI@Z
?SetOutFormat@KJxScript@@SAXPBD0@Z
?SetOutFun@KJxScript@@SAXP6AHPBDZZ@Z
?SetPackPartnerFile@KScriptGroup@@SAHPBD@Z
?SetPreLoadCallBack@KJxScriptSet@@QAEXP6AHPAVKJxScript@@PBD@Z@Z
?SetTableField@KJxScript@@QAEHPBD@Z
?SetTableIndex@KJxScript@@QAEHH@Z
?SetTopIndex@KJxScript@@QAEHH@Z
?SetVirtualLoadMode@KJxScriptSet@@QAEXH@Z
?ShiftVertex@KPolygon@@QAEHHH@Z
?ShowMouse@KWin32App@@UAEXH@Z
?ShowMouse@KWin32AppW@@UAEXH@Z
?Start@KTimer@@QAEXXZ
?StateNotifyUi@KLogFile@@QAEXXZ
?Stop@KTimer@@QAEXXZ
?Terminate@KThread@@QAEHK@Z
?ThreadFunction@KThread@@QAEXXZ
?TurnOff@KImeBase@@QAEXXZ
?TurnOn@KImeBase@@QAEXXZ
?UnInit@KOccupyList@@QAEXXZ
?UnInit@KSemaphore@@QAEXXZ
?Unlock@KMutex@@QAEHXZ
?Wait@KSemaphore@@QAEHXZ
?WndMsg@KImeBase@@QAEHPAUHWND__@@IIJ@Z
?_Alloc_Fun@KJxScript@@CAPAXPAX0II@Z
?_CheckRet@KJxScript@@AAEHH@Z
?_CopyStack@KJxScript@@IAEHPAUlua_State@@H@Z
?_DoCall@KJxScript@@IAEHHH@Z
?_DoScript@KScriptGroup@@AAEHPBD@Z
?_Execute@KJxScript@@IAEHHHPBDPAD@Z
?_LoadBuffer2Table@KJxScript@@IAEHPBEH@Z
?_LoadBuffer2Value@KJxScript@@IAEHPBEH@Z
?_LoadFile@KJxScript@@IAEHPBDH@Z
?_LoadScript@KScriptGroup@@AAEHPBD@Z
?_LoadScriptInDirectory@KJxScriptSet@@AAE?AUSCRIPT_SET_RESULT@@PBDH@Z
?_LoadScriptInDirectory@KScriptGroup@@AAEHPBD@Z
?_LuaDispatcher@KLunaBase@@KAHPAUlua_State@@PBD@Z
?_LuaDoScript@KScriptGroup@@CAHAAVKJxScript@@@Z
?_LuaError@KJxScript@@CAHPAUlua_State@@@Z
?_LuaFunction@KJxScript@@CAHPAUlua_State@@@Z
?_LuaGetDataInfo@KLunaBase@@KAHPAUlua_State@@PBD@Z
?_LuaInclude@KScriptGroup@@CAHAAVKJxScript@@@Z
?_LuaIndex@KLunaBase@@KAHPAUlua_State@@PBDP6AH0@Z@Z
?_LuaNewIndex@KLunaBase@@KAHPAUlua_State@@PBD@Z
?_LuaPrint@KJxScript@@CAHPAUlua_State@@@Z
?_LuaTostring@KLunaBase@@KAHPAUlua_State@@PBD@Z
?_PushCObj@KLunaBase@@IBEHPAUlua_State@@PBDH@Z
?_PushList@KJxScript@@IAEHPBDPAD@Z
?_PushOne@KJxScript@@IAEHAAPBDAAPAD@Z
?_ReadList@KJxScript@@IAEHHPBDPAD@Z
?_ReadOne@KJxScript@@IAEHHAAPBDAAPAD@Z
?_Register@KLunaBase@@KAHPAUlua_State@@PBDPAUKLuaData@1@P6AH0@Z333@Z
?_ReloadScript@KJxScriptSet@@AAE?AUSCRIPT_SET_RESULT@@I@Z
?_SaveTable2Buffer@KJxScript@@IAEHPAEH@Z
?_SaveValue2Buffer@KJxScript@@IAEHPAEH@Z
?gGetIPAddressList@@YAHPAUKADAPTER_MACADDRESS@@PAKAAK012KK@Z
?gGetMacAndIPAddress@@YAHPAEPAK01IH@Z
?g_LoadStartArgument@@YAPAVIIniFile@@HQAPADPBD@Z
?g_OpenCombinatorialIniFile@@YAPAVIIniFile@@PAV1@0@Z
?g_OpenFile@@YA_NPAPAVIIniFile@@PBDHH@Z
?g_OpenFile@@YA_NPAPAVITabFile@@PBDHH@Z
?g_OpenIniFileFromArguments@@YAPAVIIniFile@@HQAPAD@Z
?ms_pOutFun@KJxScript@@2P6AHPBDZZA
?ms_pSelf@KIme@@0PAV1@A
?ms_pSelf@KImeW@@0PAV1@A
?ms_szOutEnd@KJxScript@@2PBDB
?ms_szOutSplit@KJxScript@@2PBDB
CD_LCU_C
CD_LCU_D
CD_LCU_I
CreatePackFileShell
EDOneTimePad_Decipher
EDOneTimePad_Encipher
GetCtrlHandle
GetCtrlHandleByStr
KSG_StringGetInt
KSG_StringSkipSymbol
Misc_CRC32
RegisterInlineCtrl
RemoveInlineWndCtrl
TAdviseEngine
TClearSpecialCtrlInEncodedText
TEncodeText
TEncodeTextAndPickCtrl
TFilterEncodedText
TFindSpecialCtrlInEncodedText
TGetEncodeStringLineHeadPos
TGetEncodedTextEffectCtrls
TGetEncodedTextLineCount
TGetEncodedTextOutputLenPos
TGetLimitLenEncodedString
TGetLimitLenString
TGetSecondVisibleCharacterThisLine
TIsCharacterNotAlowAtLineHead
TLocalizationInitialize
TLocalizationTerminate
TRemoveCtrlInEncodedText
TSplitEncodedString
TSplitString
TUnAdviseEngine
_g_GetColorValue
_g_GetColorValueW
g_AssertFailed
g_ChangeFileExt
g_ClearPackageFiles
g_CreateFile
g_CreateIniFile
g_CreateLuaScriptEx
g_CreatePath
g_CreateTabFile
g_DebugLog
g_ExtractFileName
g_ExtractFilePath
g_FileNameHash
g_FindColorName
g_FindColorNameW
g_GetColorTable
g_GetColorTableCount
g_GetColorTableCountW
g_GetColorTableW
g_GetFilePath
g_GetFilePathFromFullPath
g_GetFullPath
g_GetHalfPath
g_GetPackPath
g_GetRandomSeed
g_GetRelativePath
g_GetRootPath
g_IsFileExist
g_LoadPackageFiles
g_MessageBox
g_OpenFile
g_OpenIniFile
g_OpenTabFile
g_Random
g_RandomSeed
g_SetColorTable
g_SetColorTableW
g_SetDefaultColorTable
g_SetDefaultColorTableW
g_SetFilePath
g_SetFindFileMode
g_SetRootPath
g_StrCaseCmp
g_StrCat
g_StrCatLen
g_StrCmp
g_StrCmpLen
g_StrCpy
g_StrCpyLen
g_StrEnd
g_StrLen
g_StrLower
g_StrNCaseCmp
g_StrRep
g_StrUpper
g_StringHash
g_StringLowerHash
g_UnitePathAndName

Sections

.text
Size: 216KB - Virtual size: 212KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 44KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
paysys/jxsf8_paysys.ini
paysys/kg_paysys.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Exports

Exports

??4_Init_locks@std@@QAEAAV01@ABV01@@Z

Sections

EPE0
Size: - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

EPE1
Size: 544KB - Virtual size: 542KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 784B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
paysys/libmysql.dll
.dll windows:4 windows x86 arch:x86

ec4f602dd416ba0b2965525aa408b594

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

f:\build\mysql-5.0.51b-winbuild\mysql-community-debug-5.0.51b-build\libmysql\Debug\libmysql.pdb

Imports

kernel32

CreateFileA
UnmapViewOfFile
WaitForSingleObject
SetEvent
MapViewOfFile
OpenFileMappingA
OpenEventA
GetModuleFileNameA
GetWindowsDirectoryA
GetSystemDirectoryA
GetProcAddress
GetModuleHandleA
Sleep
InitializeCriticalSection
DeleteCriticalSection
InterlockedIncrement
GetTempFileNameA
GetTempPathA
GetFileAttributesExA
SetEndOfFile
SetFilePointer
GetLastError
MoveFileA
GetTickCount
TlsAlloc
TlsFree
GetSystemTimeAsFileTime
TlsSetValue
TlsGetValue
CreateEventA
ResetEvent
WaitForMultipleObjects
SetThreadPriority
ReadFile
WriteFile
FindClose
FindNextFileA
FindFirstFileA
QueryPerformanceCounter
QueryPerformanceFrequency
GetCurrentThreadId
PeekNamedPipe
GetFileInformationByHandle
WaitNamedPipeA
SetNamedPipeHandleState
CloseHandle
GetLocaleInfoA
EnterCriticalSection
DeleteFileA
LeaveCriticalSection
SetCurrentDirectoryA
GetDriveTypeA
GetFullPathNameA
GetCurrentDirectoryA
GetLocaleInfoW
LCMapStringW
LCMapStringA
SetEnvironmentVariableA
CompareStringW
CompareStringA
GetOEMCP
GetACP
FreeLibrary
GetProcessHeap
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
InterlockedExchange
VirtualFree
HeapCreate
HeapDestroy
ExitProcess
TerminateProcess
GetCurrentProcess
ReadConsoleInputA
SetConsoleMode
GetConsoleMode
PeekConsoleInputA
GetNumberOfConsoleInputEvents
WriteConsoleA
SetConsoleCtrlHandler
GetFileAttributesA
SetStdHandle
GetFileType
WideCharToMultiByte
GetTimeZoneInformation
FileTimeToSystemTime
FileTimeToLocalFileTime
IsBadWritePtr
IsBadReadPtr
HeapValidate
ResumeThread
CreateThread
ExitThread
RtlUnwind
GetCommandLineA
GetVersionExA
DebugBreak
RaiseException
LoadLibraryA
GetCurrentProcessId
SetLastError
GetCurrentThread
FatalAppExitA
GetStdHandle
InterlockedDecrement
OutputDebugStringA
SetHandleCount
GetStartupInfoA
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
UnhandledExceptionFilter
FlushFileBuffers
GetTimeFormatA
GetDateFormatA
GetCPInfo
MultiByteToWideChar
GetStringTypeA
GetStringTypeW
IsValidLocale
IsValidCodePage
EnumSystemLocalesA
GetUserDefaultLCID
HeapAlloc
HeapReAlloc
HeapFree
SetEnvironmentVariableW

user32

MessageBoxA

advapi32

CryptReleaseContext
CryptAcquireContextA
RegOpenKeyExA
RegEnumValueA
RegCloseKey
CryptGenRandom

wsock32

shutdown
closesocket
setsockopt
send
recv
inet_ntoa
select
__WSAFDIsSet
inet_addr
getpeername
WSACleanup
gethostbyname
getservbyname
ntohs
socket
ioctlsocket
htons
WSAGetLastError
connect
WSASetLastError
WSAStartup

Exports

Exports

_dig_vec_lower
_dig_vec_upper
bmove_upp
client_errors
delete_dynamic
free_defaults
get_defaults_options
getopt_compare_strings
getopt_ull_limit_value
handle_options
init_dynamic_array
insert_dynamic
int2str
is_prefix
list_add
list_delete
load_defaults
modify_defaults_file
my_end
my_getopt_print_errors
my_init
my_malloc
my_memdup
my_no_flags_free
my_path
my_print_help
my_print_variables
my_realloc
my_strdup
myodbc_remove_escape
mysql_affected_rows
mysql_autocommit
mysql_change_user
mysql_character_set_name
mysql_close
mysql_commit
mysql_data_seek
mysql_debug
mysql_disable_reads_from_master
mysql_disable_rpl_parse
mysql_dump_debug_info
mysql_embedded
mysql_enable_reads_from_master
mysql_enable_rpl_parse
mysql_eof
mysql_errno
mysql_error
mysql_escape_string
mysql_fetch_field
mysql_fetch_field_direct
mysql_fetch_fields
mysql_fetch_lengths
mysql_fetch_row
mysql_field_count
mysql_field_seek
mysql_field_tell
mysql_free_result
mysql_get_character_set_info
mysql_get_client_info
mysql_get_client_version
mysql_get_host_info
mysql_get_parameters
mysql_get_proto_info
mysql_get_server_info
mysql_get_server_version
mysql_get_ssl_cipher
mysql_hex_string
mysql_info
mysql_init
mysql_insert_id
mysql_kill
mysql_list_dbs
mysql_list_fields
mysql_list_processes
mysql_list_tables
mysql_master_query
mysql_more_results
mysql_next_result
mysql_num_fields
mysql_num_rows
mysql_odbc_escape_string
mysql_options
mysql_ping
mysql_query
mysql_read_query_result
mysql_real_connect
mysql_real_escape_string
mysql_real_query
mysql_refresh
mysql_rollback
mysql_row_seek
mysql_row_tell
mysql_rpl_parse_enabled
mysql_rpl_probe
mysql_rpl_query_type
mysql_select_db
mysql_send_query
mysql_server_end
mysql_server_init
mysql_set_character_set
mysql_set_local_infile_default
mysql_set_local_infile_handler
mysql_set_server_option
mysql_shutdown
mysql_slave_query
mysql_sqlstate
mysql_ssl_set
mysql_stat
mysql_stmt_affected_rows
mysql_stmt_attr_get
mysql_stmt_attr_set
mysql_stmt_bind_param
mysql_stmt_bind_result
mysql_stmt_close
mysql_stmt_data_seek
mysql_stmt_errno
mysql_stmt_error
mysql_stmt_execute
mysql_stmt_fetch
mysql_stmt_fetch_column
mysql_stmt_field_count
mysql_stmt_free_result
mysql_stmt_init
mysql_stmt_insert_id
mysql_stmt_num_rows
mysql_stmt_param_count
mysql_stmt_param_metadata
mysql_stmt_prepare
mysql_stmt_reset
mysql_stmt_result_metadata
mysql_stmt_row_seek
mysql_stmt_row_tell
mysql_stmt_send_long_data
mysql_stmt_sqlstate
mysql_stmt_store_result
mysql_store_result
mysql_thread_end
mysql_thread_id
mysql_thread_init
mysql_thread_safe
mysql_use_result
mysql_warning_count
set_dynamic
strcend
strcont
strdup_root
strfill
strinstr
strmake
strmov
strxmov

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 124KB - Virtual size: 121KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 48KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
paysys/lua5.dll
.dll windows:4 windows x86 arch:x86

8d818a223962bddb604ebddd869be3ed

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

E:\head_to_domain\DevEnv\Lua5.1.4\Release\Lua5.pdb

Imports

kernel32

GetModuleFileNameA
FreeLibrary
GetLastError
GetProcAddress
LoadLibraryA
FormatMessageA
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
DisableThreadLibraryCalls
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
InterlockedCompareExchange
Sleep
InterlockedExchange
GetSystemTimeAsFileTime

msvcr80

fclose
getc
fputs
strtoul
isspace
fgets
longjmp
exit
fscanf
tmpfile
_pclose
fflush
_popen
setvbuf
fwrite
ftell
fseek
clearerr
localeconv
isalnum
isalpha
isdigit
iscntrl
ceil
modf
ldexp
rand
srand
frexp
_HUGE
strrchr
getenv
strtod
sprintf
strncat
realloc
strcspn
clock
strftime
setlocale
_localtime64
_difftime64
_time64
rename
_mktime64
_gmtime64
tmpnam
system
remove
toupper
islower
strpbrk
isxdigit
memchr
ispunct
tolower
isupper
strcoll
_encode_pointer
_malloc_crt
_encoded_null
_decode_pointer
_initterm
_initterm_e
_amsg_exit
_adjust_fdiv
__CppXcptFilter
_crt_debugger_hook
__clean_type_info_names_internal
_unlock
__dllonexit
_lock
_onexit
_except_handler4_common
freopen
ferror
fprintf
fread
fopen
_errno
strchr
__iob_func
strstr
ungetc
strerror
free
feof
strncpy
_setjmp3
_CIpow
floor
memcpy
_CIexp
_CIlog10
_CIlog
_CIsqrt
_CIfmod
_CIatan2
_CIatan
_CIacos
_CIasin
_CItanh
_CItan
_CIcosh
_CIcos
_CIsinh
_CIsin

Exports

Exports

luaL_addlstring
luaL_addstring
luaL_addvalue
luaL_argerror
luaL_buffinit
luaL_callmeta
luaL_checkany
luaL_checkinteger
luaL_checklstring
luaL_checknumber
luaL_checkoption
luaL_checkstack
luaL_checktype
luaL_checkudata
luaL_error
luaL_findtable
luaL_getmetafield
luaL_gsub
luaL_loadbuffer
luaL_loadfile
luaL_loadstring
luaL_newmetatable
luaL_newstate
luaL_openlib
luaL_openlibs
luaL_optinteger
luaL_optlstring
luaL_optnumber
luaL_prepbuffer
luaL_pushresult
luaL_ref
luaL_register
luaL_typerror
luaL_unref
luaL_where
lua_atpanic
lua_call
lua_checkstack
lua_close
lua_concat
lua_cpcall
lua_createtable
lua_dump
lua_equal
lua_error
lua_gc
lua_getallocf
lua_getfenv
lua_getfield
lua_gethook
lua_gethookcount
lua_gethookmask
lua_getinfo
lua_getlocal
lua_getmetatable
lua_getstack
lua_gettable
lua_gettop
lua_getupvalue
lua_insert
lua_iscfunction
lua_isnumber
lua_isstring
lua_isuserdata
lua_lessthan
lua_load
lua_newstate
lua_newthread
lua_newuserdata
lua_next
lua_objlen
lua_pcall
lua_pushboolean
lua_pushcclosure
lua_pushfstring
lua_pushinteger
lua_pushlightuserdata
lua_pushlstring
lua_pushnil
lua_pushnumber
lua_pushstring
lua_pushthread
lua_pushvalue
lua_pushvfstring
lua_rawequal
lua_rawget
lua_rawgeti
lua_rawset
lua_rawseti
lua_remove
lua_replace
lua_resume
lua_setallocf
lua_setfenv
lua_setfield
lua_sethook
lua_setlevel
lua_setlocal
lua_setmetatable
lua_settable
lua_settop
lua_setupvalue
lua_status
lua_toboolean
lua_tocfunction
lua_tointeger
lua_tolstring
lua_tonumber
lua_topointer
lua_tothread
lua_touserdata
lua_type
lua_typename
lua_xmove
lua_yield
luaopen_base
luaopen_debug
luaopen_io
luaopen_math
luaopen_os
luaopen_package
luaopen_string
luaopen_table

Sections

.text
Size: 128KB - Virtual size: 124KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 908B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 432B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e9352403fc03b7e19b37ad222ae71018

Headers

File Characteristics

Imports

winmm

ws2_32

lua5

kernel32

user32

gdi32

msvcr80

msvcp80

imm32

Exports

Exports

Sections

.text Size: 216KB - Virtual size: 212KB

.rdata Size: 44KB - Virtual size: 42KB

.data Size: 4KB - Virtual size: 10KB

.rsrc Size: 4KB - Virtual size: 1KB

.reloc Size: 12KB - Virtual size: 9KB

Headers

File Characteristics

Exports

Exports

Sections

EPE0 Size: - Virtual size: 80KB

EPE1 Size: 544KB - Virtual size: 542KB

.rsrc Size: 4KB - Virtual size: 784B

ec4f602dd416ba0b2965525aa408b594

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

wsock32

Exports

Exports

Sections

.text Size: 1.1MB - Virtual size: 1.1MB

.rdata Size: 124KB - Virtual size: 121KB

.data Size: 1.3MB - Virtual size: 1.3MB

.idata Size: 8KB - Virtual size: 4KB

.reloc Size: 48KB - Virtual size: 46KB

8d818a223962bddb604ebddd869be3ed

Headers

File Characteristics

PDB Paths

Imports

kernel32

msvcr80

Exports

Exports

Sections

.text Size: 128KB - Virtual size: 124KB

.rdata Size: 16KB - Virtual size: 15KB

.data Size: 4KB - Virtual size: 908B

.rsrc Size: 4KB - Virtual size: 432B

.reloc Size: 8KB - Virtual size: 5KB

.text
Size: 216KB - Virtual size: 212KB

.rdata
Size: 44KB - Virtual size: 42KB

.data
Size: 4KB - Virtual size: 10KB

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 12KB - Virtual size: 9KB

EPE0
Size: - Virtual size: 80KB

EPE1
Size: 544KB - Virtual size: 542KB

.rsrc
Size: 4KB - Virtual size: 784B

.text
Size: 1.1MB - Virtual size: 1.1MB

.rdata
Size: 124KB - Virtual size: 121KB

.data
Size: 1.3MB - Virtual size: 1.3MB

.idata
Size: 8KB - Virtual size: 4KB

.reloc
Size: 48KB - Virtual size: 46KB

.text
Size: 128KB - Virtual size: 124KB

.rdata
Size: 16KB - Virtual size: 15KB

.data
Size: 4KB - Virtual size: 908B

.rsrc
Size: 4KB - Virtual size: 432B

.reloc
Size: 8KB - Virtual size: 5KB