c7c2ab919eaf93344baadea9b32f5035_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

c7c2ab919eaf93344baadea9b32f5035_JaffaCakes118
Size

611KB
MD5

c7c2ab919eaf93344baadea9b32f5035
SHA1

15eeabac91f6b3d15db730d468b866d449d31083
SHA256

e67e8435fa8bc51cce6cccb44665764930fa6e8c7e6b095acd3b891d9d2b7a17
SHA512

77ec4b498840043318a35bc7ed8d036b49798ae5ad0be9532e8763748ad5f3172c47bfcd3b3ae7c336dc43b0b6645362743993d6b47b923b847f3d50dda6e072
SSDEEP

12288:evmxP1OD3cfbcKTROTXA2vAwylppgW6XYdIcPVLEX4WhgRqW:evmvTcdM2vAwypMoEoWhgRqW

Score

3^/10

Malware Config

Signatures

Unsigned PE 5 IoCs

Checks for missing Authenticode signature.

resource
unpack001/$PLUGINSDIR/System.dll
unpack001/$PLUGINSDIR/nsDialogs.dll
unpack001/plugins/Plugin.dll
unpack001/plugins/sqlite3.dll
unpack001/smilebar.dll

NSIS installer 2 IoCs

installer

resource	yara_rule
sample	nsis_installer_1
sample	nsis_installer_2

Files

c7c2ab919eaf93344baadea9b32f5035_JaffaCakes118
.exe windows:4 windows x86 arch:x86

7fa974366048f9c551ef45714595665e

Code Sign

01
Certificate

Issuer

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Not Before

30/05/2000, 10:48

Not After

30/05/2020, 10:48

Subject

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4b
Certificate

Issuer

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Not Before

07/06/2005, 08:09

Not After

30/05/2020, 10:48

Subject

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bb
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

24/08/2011, 00:00

Not After

30/05/2020, 10:48

Subject

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

47:bd:72:80:22:f3:66:fa:e2:10:7a:9f:19:07:30:9c
Certificate

Issuer

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

15/03/2012, 00:00

Not After

15/03/2013, 23:59

Subject

CN=Vladimir Melnichenok,O=Vladimir Melnichenok,POSTALCODE=186220,STREET=21 A Komsomolskay Str\,.,L=Kondopoga city\,,ST=Karelia,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:90:81:a1:e2:aa:24:bb:5f:18:42:57:fc:73:b2:13:f2:a3:b8:46
Signer

Actual PE Digest

04:90:81:a1:e2:aa:24:bb:5f:18:42:57:fc:73:b2:13:f2:a3:b8:46

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetTickCount
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
GetWindowsDirectoryA
SetFileTime
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
CreateFileA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
GetVersion
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
MulDiv
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetTempPathA

user32

EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
RegisterClassA
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
DestroyWindow
CreateDialogParamA
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
OpenClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ShowWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 151KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 100KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 29KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:4 windows x86 arch:x86

2017f2acbdaa42ab3e4adeb8b4c37e7b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalFree
GlobalSize
GetLastError
lstrcpyA
lstrcpynA
FreeLibrary
lstrcatA
GetProcAddress
LoadLibraryA
GetModuleHandleA
MultiByteToWideChar
lstrlenA
WideCharToMultiByte
VirtualAlloc
VirtualProtect

user32

wsprintfA

ole32

StringFromGUID2
CLSIDFromString

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 784B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 100B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 520B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/nsDialogs.dll
.dll windows:4 windows x86 arch:x86

1e2884056e655f2b7bc5a904e352fc80

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrcpyA
GetFileAttributesA
lstrcmpiA
MulDiv
lstrlenA
HeapFree
GetCurrentDirectoryA
HeapAlloc
HeapReAlloc
GlobalFree
lstrcpynA
GlobalAlloc
GetProcessHeap
SetCurrentDirectoryA

user32

GetPropA
DestroyWindow
CallWindowProcA
SetCursor
LoadCursorA
RemovePropA
CharPrevA
GetWindowLongA
DrawTextA
GetWindowTextA
GetDlgItem
SetWindowLongA
SetWindowPos
CreateDialogParamA
MapWindowPoints
GetWindowRect
SetPropA
CreateWindowExA
IsWindow
SetTimer
KillTimer
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
ShowWindow
wsprintfA
MapDialogRect
GetClientRect
CharNextA
SendMessageA
DrawFocusRect

gdi32

SetTextColor

shell32

SHBrowseForFolderA
SHGetPathFromIDListA

comdlg32

GetSaveFileNameA
GetOpenFileNameA
CommDlgExtendedError

ole32

CoTaskMemFree

Exports

Exports

Create
CreateControl
CreateItem
CreateTimer
GetUserData
KillTimer
OnBack
OnChange
OnClick
OnNotify
SelectFileDialog
SelectFolderDialog
SetRTL
SetUserData
Show

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 572B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Scripts/vk.js
.js
SmileBarUpdater.exe
.exe windows:4 windows x86 arch:x86

2e0f132ad46eb9d115ccb52523424d9b

Code Sign

01
Certificate

Issuer

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Not Before

30/05/2000, 10:48

Not After

30/05/2020, 10:48

Subject

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4b
Certificate

Issuer

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Not Before

07/06/2005, 08:09

Not After

30/05/2020, 10:48

Subject

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bb
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

24/08/2011, 00:00

Not After

30/05/2020, 10:48

Subject

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

47:bd:72:80:22:f3:66:fa:e2:10:7a:9f:19:07:30:9c
Certificate

Issuer

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

15/03/2012, 00:00

Not After

15/03/2013, 23:59

Subject

CN=Vladimir Melnichenok,O=Vladimir Melnichenok,POSTALCODE=186220,STREET=21 A Komsomolskay Str\,.,L=Kondopoga city\,,ST=Karelia,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

83:80:66:d1:72:25:4e:fd:9f:d3:fa:47:59:a5:4c:09:37:24:e8:4a
Signer

Actual PE Digest

83:80:66:d1:72:25:4e:fd:9f:d3:fa:47:59:a5:4c:09:37:24:e8:4a

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\Projects\Smilebar\SmileBarUpdater\Release\SmileBarUpdater.pdb

Imports

kernel32

CloseHandle
WriteFile
FindResourceW
ReadFile
LockResource
LoadResource
FindResourceExW
CreateProcessW
GetFileSize
CreateFileW
SizeofResource
Sleep
UnhandledExceptionFilter
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
IsDebuggerPresent
GetCurrentProcess
TerminateProcess
GetStartupInfoW
InterlockedCompareExchange
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
RaiseException
GetProcessHeap
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
HeapDestroy
GetVersionExA
SetUnhandledExceptionFilter
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange

advapi32

RegOpenKeyExW
RegCloseKey
RegQueryValueExW

wininet

InternetOpenUrlW
InternetSetOptionW
InternetCloseHandle
InternetSetFilePointer
InternetReadFile
InternetOpenW

msvcr80

__p__fmode
_encode_pointer
__set_app_type
_unlock
__dllonexit
_lock
_onexit
_decode_pointer
_except_handler4_common
_crt_debugger_hook
?terminate@@YAXXZ
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_invoke_watson
_controlfp_s
__p__commode
_adjust_fdiv
__setusermatherr
_configthreadlocale
_initterm
_wcmdln
exit
_XcptFilter
_exit
_cexit
__wgetmainargs
_amsg_exit
memset
memmove_s
memcpy_s
free
malloc
realloc
??3@YAXPAX@Z
_CxxThrowException
_initterm_e
__CxxFrameHandler3

user32

UnregisterClassA

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 428B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
chrome/ChromeFastDial.crx
.zip
blank.html
.html
manifest.json
chrome/ChromeSmilebar.crx
.zip
.svn/dir-prop-base
.svn/entries
.svn/text-base/manifest.json.svn-base
.svn/text-base/script.js.svn-base
.js
ChromeSmilebar.crx
.zip
manifest.json
script.js
.js
ChromeSmilebar.pem
manifest.json
script.js
.js
firefox/profile/extensions/{5BAD51C3-CABF-4B5F-ADFB-643BAC9C9420}/chrome.manifest
firefox/profile/extensions/{5BAD51C3-CABF-4B5F-ADFB-643BAC9C9420}/chrome/content/guard.xul
.js .xml polyglot
firefox/profile/extensions/{5BAD51C3-CABF-4B5F-ADFB-643BAC9C9420}/chrome/content/processn.js
.js
firefox/profile/extensions/{5BAD51C3-CABF-4B5F-ADFB-643BAC9C9420}/chrome/content/style.xul
firefox/profile/extensions/{5BAD51C3-CABF-4B5F-ADFB-643BAC9C9420}/install.rdf
.xml
firefox/profile/extensions/{E7D6915F-BC3C-4e8a-BC44-B23337E71521}/chrome.manifest
firefox/profile/extensions/{E7D6915F-BC3C-4e8a-BC44-B23337E71521}/chrome/content/smiletoolbar.js
.js
firefox/profile/extensions/{E7D6915F-BC3C-4e8a-BC44-B23337E71521}/chrome/content/smiletoolbar.xul
firefox/profile/extensions/{E7D6915F-BC3C-4e8a-BC44-B23337E71521}/chrome/content/vk.js
.js
firefox/profile/extensions/{E7D6915F-BC3C-4e8a-BC44-B23337E71521}/chrome/skin/avatary.png
.png
firefox/profile/extensions/{E7D6915F-BC3C-4e8a-BC44-B23337E71521}/chrome/skin/company.gif
.gif
firefox/profile/extensions/{E7D6915F-BC3C-4e8a-BC44-B23337E71521}/chrome/skin/fun.png
.png
firefox/profile/extensions/{E7D6915F-BC3C-4e8a-BC44-B23337E71521}/chrome/skin/fun/bash.png
.png
firefox/profile/extensions/{E7D6915F-BC3C-4e8a-BC44-B23337E71521}/chrome/skin/fun/best_video.png
.png
firefox/profile/extensions/{E7D6915F-BC3C-4e8a-BC44-B23337E71521}/chrome/skin/fun/cards.png
.png
firefox/profile/extensions/{E7D6915F-BC3C-4e8a-BC44-B23337E71521}/chrome/skin/fun/city.png
.png
firefox/profile/extensions/{E7D6915F-BC3C-4e8a-BC44-B23337E71521}/chrome/skin/fun/draw.png
.png
firefox/profile/extensions/{E7D6915F-BC3C-4e8a-BC44-B23337E71521}/chrome/skin/fun/games.png
.png
firefox/profile/extensions/{E7D6915F-BC3C-4e8a-BC44-B23337E71521}/chrome/skin/fun/goro.png
.png
firefox/profile/extensions/{E7D6915F-BC3C-4e8a-BC44-B23337E71521}/chrome/skin/fun/humor.png
.png
firefox/profile/extensions/{E7D6915F-BC3C-4e8a-BC44-B23337E71521}/chrome/skin/fun/movies.png
.png
firefox/profile/extensions/{E7D6915F-BC3C-4e8a-BC44-B23337E71521}/chrome/skin/fun/photo_effects.png
.png
firefox/profile/extensions/{E7D6915F-BC3C-4e8a-BC44-B23337E71521}/chrome/skin/fun/photos.png
.png
firefox/profile/extensions/{E7D6915F-BC3C-4e8a-BC44-B23337E71521}/chrome/skin/fun/tests.png
.png
firefox/profile/extensions/{E7D6915F-BC3C-4e8a-BC44-B23337E71521}/chrome/skin/games.png
.png
firefox/profile/extensions/{E7D6915F-BC3C-4e8a-BC44-B23337E71521}/chrome/skin/games/fermer.png
firefox/profile/extensions/{E7D6915F-BC3C-4e8a-BC44-B23337E71521}/chrome/skin/games/gladiator.png
firefox/profile/extensions/{E7D6915F-BC3C-4e8a-BC44-B23337E71521}/chrome/skin/games/lords.png
.png
firefox/profile/extensions/{E7D6915F-BC3C-4e8a-BC44-B23337E71521}/chrome/skin/games/nostale.png
.png
firefox/profile/extensions/{E7D6915F-BC3C-4e8a-BC44-B23337E71521}/chrome/skin/games/pirates.png
.png
firefox/profile/extensions/{E7D6915F-BC3C-4e8a-BC44-B23337E71521}/chrome/skin/games/travian.png
firefox/profile/extensions/{E7D6915F-BC3C-4e8a-BC44-B23337E71521}/chrome/skin/gripper.png
.png
firefox/profile/extensions/{E7D6915F-BC3C-4e8a-BC44-B23337E71521}/chrome/skin/logo.png
.png
firefox/profile/extensions/{E7D6915F-BC3C-4e8a-BC44-B23337E71521}/chrome/skin/love.png
.png
firefox/profile/extensions/{E7D6915F-BC3C-4e8a-BC44-B23337E71521}/chrome/skin/love/bed.png
.png
firefox/profile/extensions/{E7D6915F-BC3C-4e8a-BC44-B23337E71521}/chrome/skin/love/blog.png
.png
firefox/profile/extensions/{E7D6915F-BC3C-4e8a-BC44-B23337E71521}/chrome/skin/love/chat.png
.png
firefox/profile/extensions/{E7D6915F-BC3C-4e8a-BC44-B23337E71521}/chrome/skin/love/photo.png
.png
firefox/profile/extensions/{E7D6915F-BC3C-4e8a-BC44-B23337E71521}/chrome/skin/love/planet.png
.png
firefox/profile/extensions/{E7D6915F-BC3C-4e8a-BC44-B23337E71521}/chrome/skin/love/video.png
.png
firefox/profile/extensions/{E7D6915F-BC3C-4e8a-BC44-B23337E71521}/chrome/skin/notificator.jpg
.jpg
firefox/profile/extensions/{E7D6915F-BC3C-4e8a-BC44-B23337E71521}/chrome/skin/savefrom.png
.png
firefox/profile/extensions/{E7D6915F-BC3C-4e8a-BC44-B23337E71521}/chrome/skin/search.png
.png
firefox/profile/extensions/{E7D6915F-BC3C-4e8a-BC44-B23337E71521}/chrome/skin/smilebar.css
firefox/profile/extensions/{E7D6915F-BC3C-4e8a-BC44-B23337E71521}/chrome/skin/sms.png
.png
firefox/profile/extensions/{E7D6915F-BC3C-4e8a-BC44-B23337E71521}/chrome/skin/sms/beeline.png
.png
firefox/profile/extensions/{E7D6915F-BC3C-4e8a-BC44-B23337E71521}/chrome/skin/sms/megafon.png
.png
firefox/profile/extensions/{E7D6915F-BC3C-4e8a-BC44-B23337E71521}/chrome/skin/sms/mts.png
.png
firefox/profile/extensions/{E7D6915F-BC3C-4e8a-BC44-B23337E71521}/chrome/skin/sms/tele2.png
.png
firefox/profile/extensions/{E7D6915F-BC3C-4e8a-BC44-B23337E71521}/chrome/skin/status.png
.png
firefox/profile/extensions/{E7D6915F-BC3C-4e8a-BC44-B23337E71521}/install.rdf
.xml
firefox/yandex_custom.xml
opera/UserJS/vk.user.js
.js
opera/http%3A%2F%2Fyandex.ru%2Ffavicon.png
.png
opera/search.ini
opera/yandex.ru.idx
plugins/Plugin.dll
.dll windows:4 windows x86 arch:x86

c42c0ccdecc38b68d7f2c45610ca8b04

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

shlwapi

PathFileExistsW

kernel32

VirtualFree
CreateFileA
lstrlenA
InterlockedIncrement
InterlockedDecrement
WriteFile
Sleep
ReadFile
OutputDebugStringA
CloseHandle
DebugBreak
Process32First
OpenProcess
WideCharToMultiByte
TerminateProcess
MultiByteToWideChar
GetLongPathNameW
Process32Next
CreateToolhelp32Snapshot
GlobalFree
lstrcpyA
SetEndOfFile
FlushFileBuffers
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
HeapSize
GetLocaleInfoA
LCMapStringW
LCMapStringA
GetConsoleMode
GetConsoleCP
GetLastError
HeapFree
HeapAlloc
HeapReAlloc
DeleteCriticalSection
GetCurrentThreadId
GetCommandLineA
GetVersionExA
GetProcessHeap
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapDestroy
HeapCreate
LeaveCriticalSection
EnterCriticalSection
VirtualAlloc
GetProcAddress
GetModuleHandleA
ExitProcess
GetStdHandle
GetModuleFileNameA
GetCPInfo
GetACP
GetOEMCP
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetStringTypeA
GetStringTypeW
SetHandleCount
GetFileType
GetStartupInfoA
RtlUnwind
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
RaiseException
InitializeCriticalSection
LoadLibraryA
SetFilePointer

user32

CharNextA

shell32

SHGetSpecialFolderPathW

sqlite3

sqlite3_open16
sqlite3_column_int
sqlite3_step
sqlite3_close
sqlite3_prepare

wininet

InternetSetOptionA
InternetReadFile
InternetSetFilePointer
InternetOpenA
InternetCloseHandle
InternetOpenUrlA

Exports

Exports

FileAnsiToUtf8
FileUtf8ToAnsi
InstallChromeSearch
KillProcessByName
LightUserAdd

Sections

.text
Size: 56KB - Virtual size: 54KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
plugins/sqlite3.dll
.dll windows:4 windows x86 arch:x86

ae203af973724c4f20d47874300ff971

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_DLL

Imports

kernel32

AreFileApisANSI
CloseHandle
CreateFileA
CreateFileW
DeleteCriticalSection
DeleteFileA
DeleteFileW
EnterCriticalSection
FlushFileBuffers
FormatMessageA
FormatMessageW
FreeLibrary
GetCurrentProcessId
GetCurrentThreadId
GetDiskFreeSpaceA
GetDiskFreeSpaceW
GetFileAttributesA
GetFileAttributesW
GetFileSize
GetFullPathNameA
GetFullPathNameW
GetLastError
GetProcAddress
GetSystemTime
GetSystemTimeAsFileTime
GetTempPathA
GetTempPathW
GetTickCount
GetVersionExA
InitializeCriticalSection
InterlockedCompareExchange
LeaveCriticalSection
LoadLibraryA
LoadLibraryW
LocalFree
LockFile
LockFileEx
MultiByteToWideChar
QueryPerformanceCounter
ReadFile
SetEndOfFile
SetFilePointer
Sleep
UnlockFile
WideCharToMultiByte
WriteFile

msvcrt

atoi
free
isalnum
isspace
localtime
malloc
memcpy
memmove
memset
qsort
realloc
strcmp
strncmp
tolower

Exports

Exports

sqlite3_aggregate_context
sqlite3_aggregate_count
sqlite3_auto_extension
sqlite3_backup_finish
sqlite3_backup_init
sqlite3_backup_pagecount
sqlite3_backup_remaining
sqlite3_backup_step
sqlite3_bind_blob
sqlite3_bind_double
sqlite3_bind_int
sqlite3_bind_int64
sqlite3_bind_null
sqlite3_bind_parameter_count
sqlite3_bind_parameter_index
sqlite3_bind_parameter_name
sqlite3_bind_text
sqlite3_bind_text16
sqlite3_bind_value
sqlite3_bind_zeroblob
sqlite3_blob_bytes
sqlite3_blob_close
sqlite3_blob_open
sqlite3_blob_read
sqlite3_blob_write
sqlite3_busy_handler
sqlite3_busy_timeout
sqlite3_changes
sqlite3_clear_bindings
sqlite3_close
sqlite3_collation_needed
sqlite3_collation_needed16
sqlite3_column_blob
sqlite3_column_bytes
sqlite3_column_bytes16
sqlite3_column_count
sqlite3_column_database_name
sqlite3_column_database_name16
sqlite3_column_decltype
sqlite3_column_decltype16
sqlite3_column_double
sqlite3_column_int
sqlite3_column_int64
sqlite3_column_name
sqlite3_column_name16
sqlite3_column_origin_name
sqlite3_column_origin_name16
sqlite3_column_table_name
sqlite3_column_table_name16
sqlite3_column_text
sqlite3_column_text16
sqlite3_column_type
sqlite3_column_value
sqlite3_commit_hook
sqlite3_compileoption_get
sqlite3_compileoption_used
sqlite3_complete
sqlite3_complete16
sqlite3_config
sqlite3_context_db_handle
sqlite3_create_collation
sqlite3_create_collation16
sqlite3_create_collation_v2
sqlite3_create_function
sqlite3_create_function16
sqlite3_create_module
sqlite3_create_module_v2
sqlite3_data_count
sqlite3_db_config
sqlite3_db_handle
sqlite3_db_mutex
sqlite3_db_status
sqlite3_declare_vtab
sqlite3_enable_load_extension
sqlite3_enable_shared_cache
sqlite3_errcode
sqlite3_errmsg
sqlite3_errmsg16
sqlite3_exec
sqlite3_expired
sqlite3_extended_errcode
sqlite3_extended_result_codes
sqlite3_file_control
sqlite3_finalize
sqlite3_free
sqlite3_free_table
sqlite3_get_autocommit
sqlite3_get_auxdata
sqlite3_get_table
sqlite3_global_recover
sqlite3_initialize
sqlite3_interrupt
sqlite3_last_insert_rowid
sqlite3_libversion
sqlite3_libversion_number
sqlite3_limit
sqlite3_load_extension
sqlite3_log
sqlite3_malloc
sqlite3_memory_alarm
sqlite3_memory_highwater
sqlite3_memory_used
sqlite3_mprintf
sqlite3_mutex_alloc
sqlite3_mutex_enter
sqlite3_mutex_free
sqlite3_mutex_leave
sqlite3_mutex_try
sqlite3_next_stmt
sqlite3_open
sqlite3_open16
sqlite3_open_v2
sqlite3_os_end
sqlite3_os_init
sqlite3_overload_function
sqlite3_prepare
sqlite3_prepare16
sqlite3_prepare16_v2
sqlite3_prepare_v2
sqlite3_profile
sqlite3_progress_handler
sqlite3_randomness
sqlite3_realloc
sqlite3_release_memory
sqlite3_reset
sqlite3_reset_auto_extension
sqlite3_result_blob
sqlite3_result_double
sqlite3_result_error
sqlite3_result_error16
sqlite3_result_error_code
sqlite3_result_error_nomem
sqlite3_result_error_toobig
sqlite3_result_int
sqlite3_result_int64
sqlite3_result_null
sqlite3_result_text
sqlite3_result_text16
sqlite3_result_text16be
sqlite3_result_text16le
sqlite3_result_value
sqlite3_result_zeroblob
sqlite3_rollback_hook
sqlite3_set_authorizer
sqlite3_set_auxdata
sqlite3_shutdown
sqlite3_sleep
sqlite3_snprintf
sqlite3_soft_heap_limit
sqlite3_sourceid
sqlite3_sql
sqlite3_status
sqlite3_step
sqlite3_stmt_status
sqlite3_strnicmp
sqlite3_table_column_metadata
sqlite3_test_control
sqlite3_thread_cleanup
sqlite3_threadsafe
sqlite3_total_changes
sqlite3_trace
sqlite3_transfer_bindings
sqlite3_update_hook
sqlite3_user_data
sqlite3_value_blob
sqlite3_value_bytes
sqlite3_value_bytes16
sqlite3_value_double
sqlite3_value_int
sqlite3_value_int64
sqlite3_value_numeric_type
sqlite3_value_text
sqlite3_value_text16
sqlite3_value_text16be
sqlite3_value_text16le
sqlite3_value_type
sqlite3_version
sqlite3_vfs_find
sqlite3_vfs_register
sqlite3_vfs_unregister
sqlite3_vmprintf
sqlite3_win32_mbcs_to_utf8

Sections

.text
Size: 393KB - Virtual size: 392KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 720B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.stab
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.stabstr
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
smilebar.dll
.dll regsvr32 windows:4 windows x86 arch:x86

8079e0d557db495f359806815d2b4b7b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

ReleaseMutex
CreateMutexW
InitializeCriticalSection
DeleteCriticalSection
lstrcmpiW
FreeLibrary
SizeofResource
LoadLibraryExW
GetModuleHandleW
DisableThreadLibraryCalls
SetEnvironmentVariableA
CompareStringW
CompareStringA
SetEndOfFile
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
CreateFileA
FlushFileBuffers
SetStdHandle
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
GetConsoleMode
GetConsoleCP
SetFilePointer
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
CreateFileW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
SetHandleCount
GetModuleFileNameA
GetStdHandle
GetTimeZoneInformation
WideCharToMultiByte
HeapCreate
HeapDestroy
ExitProcess
HeapSize
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetModuleHandleA
GetOEMCP
GetCPInfo
GetCommandLineA
GetSystemTimeAsFileTime
HeapReAlloc
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
RtlUnwind
LocalFree
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
GetVersionExA
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
LoadLibraryA
GetProcAddress
HeapAlloc
GetProcessHeap
HeapFree
InterlockedCompareExchange
ReadFile
CloseHandle
WriteFile
Sleep
LoadResource
LockResource
GlobalHandle
GlobalFree
MulDiv
lstrcmpW
GetLastError
FindResourceW
GlobalAlloc
InterlockedDecrement
GetModuleFileNameW
FindFirstFileW
FindNextFileW
SetLastError
GetCurrentThreadId
GetVersionExW
GetCurrentProcess
FlushInstructionCache
LeaveCriticalSection
EnterCriticalSection
RaiseException
InterlockedIncrement
GlobalLock
GlobalUnlock
OutputDebugStringW
DebugBreak
lstrlenA
MultiByteToWideChar
lstrlenW
GetEnvironmentStringsW

user32

GetWindowTextW
SetWindowTextW
SendMessageW
UnregisterClassA
GetWindowTextLengthW
SetWindowPos
GetClientRect
LoadStringW
CallWindowProcW
SetWindowLongW
GetWindowLongW
DefWindowProcW
CharNextW
DispatchMessageW
TranslateMessage
GetKeyState
SetWindowTextA
GetFocus
CharLowerW
CreateDialogIndirectParamW
RegisterWindowMessageW
CreateAcceleratorTableW
DestroyAcceleratorTable
GetDesktopWindow
BeginPaint
EndPaint
FillRect
ReleaseCapture
GetClassNameW
GetDlgItem
IsChild
SetCapture
RedrawWindow
InvalidateRgn
InvalidateRect
ScreenToClient
CheckDlgButton
SetWindowContextHelpId
ShowWindow
MapDialogRect
GetWindowRect
IsWindow
GetActiveWindow
GetSysColor
InflateRect
TrackPopupMenuEx
PostMessageW
RegisterClassExW
ReleaseDC
GetDC
SystemParametersInfoW
LoadIconW
GetSubMenu
LoadMenuW
CreateWindowExW
LoadCursorW
GetClassInfoExW
GetParent
SetFocus
KillTimer
SetTimer
MapWindowPoints
ClientToScreen
MoveWindow
DestroyWindow
DestroyIcon
DrawTextW
DrawIconEx
InsertMenuItemW
CreatePopupMenu
GetMenuItemInfoW
GetMenuItemCount
DestroyMenu
FindWindowExW
GetWindow

gdi32

GetDeviceCaps
BitBlt
CreateCompatibleBitmap
DeleteDC
GetObjectW
GetStockObject
DeleteObject
SetBkColor
ExtTextOutW
SetTextColor
SetBkMode
CreateFontIndirectW
GetTextMetricsW
GetTextExtentPoint32W
SelectObject
CreateSolidBrush
CreateCompatibleDC

advapi32

RegDeleteValueW
RegCloseKey
RegCreateKeyExW
RegOpenKeyExW
RegSetValueExW
RegQueryInfoKeyW
RegQueryValueExW
RegDeleteKeyW
RegEnumKeyExW
RegEnumValueW

ole32

ReleaseStgMedium
RegisterDragDrop
CoCreateInstance
StringFromGUID2
CoTaskMemFree
CoTaskMemRealloc
OleUninitialize
OleInitialize
CreateStreamOnHGlobal
CoTaskMemAlloc
CLSIDFromString
CLSIDFromProgID
CoGetClassObject
OleLockRunning

oleaut32

DispCallFunc
VarUI4FromStr
RegisterTypeLi
UnRegisterTypeLi
LoadTypeLi
LoadRegTypeLi
SysFreeString
SysAllocString
VariantInit
VariantClear
SysAllocStringByteLen
SysStringByteLen
SysStringLen
SysAllocStringLen
OleCreateFontIndirect

shlwapi

PathRemoveFileSpecW

comctl32

ImageList_Destroy
ImageList_Create
ImageList_GetIconSize
ImageList_GetIcon
ImageList_ReplaceIcon

wininet

InternetOpenW
InternetSetOptionW
InternetOpenUrlW
InternetCloseHandle
InternetSetFilePointer
InternetReadFile

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 164KB - Virtual size: 160KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 68KB - Virtual size: 65KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
uninstall.exe.nsis

Sharing

General

Malware Config

Signatures

Files

7fa974366048f9c551ef45714595665e

Code Sign

01Certificate

Key Usages

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4bCertificate

Key Usages

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bbCertificate

Extended Key Usages

Key Usages

47:bd:72:80:22:f3:66:fa:e2:10:7a:9f:19:07:30:9cCertificate

Extended Key Usages

Key Usages

04:90:81:a1:e2:aa:24:bb:5f:18:42:57:fc:73:b2:13:f2:a3:b8:46Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 23KB - Virtual size: 23KB

.rdata Size: 5KB - Virtual size: 4KB

.data Size: 1024B - Virtual size: 151KB

.ndata Size: - Virtual size: 100KB

.rsrc Size: 29KB - Virtual size: 29KB

2017f2acbdaa42ab3e4adeb8b4c37e7b

Headers

File Characteristics

Imports

kernel32

user32

ole32

Exports

Exports

Sections

.text Size: 7KB - Virtual size: 7KB

.rdata Size: 1024B - Virtual size: 784B

.data Size: 512B - Virtual size: 100B

.reloc Size: 1024B - Virtual size: 520B

1e2884056e655f2b7bc5a904e352fc80

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

comdlg32

ole32

Exports

Exports

Sections

.text Size: 4KB - Virtual size: 4KB

.rdata Size: 2KB - Virtual size: 1KB

.data Size: 512B - Virtual size: 4KB

.rsrc Size: 512B - Virtual size: 152B

.reloc Size: 1024B - Virtual size: 572B

2e0f132ad46eb9d115ccb52523424d9b

Code Sign

01Certificate

Key Usages

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4bCertificate

Key Usages

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bbCertificate

Extended Key Usages

Key Usages

47:bd:72:80:22:f3:66:fa:e2:10:7a:9f:19:07:30:9cCertificate

Extended Key Usages

Key Usages

01
Certificate

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4b
Certificate

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bb
Certificate

47:bd:72:80:22:f3:66:fa:e2:10:7a:9f:19:07:30:9c
Certificate

04:90:81:a1:e2:aa:24:bb:5f:18:42:57:fc:73:b2:13:f2:a3:b8:46
Signer

.text
Size: 23KB - Virtual size: 23KB

.rdata
Size: 5KB - Virtual size: 4KB

.data
Size: 1024B - Virtual size: 151KB

.ndata
Size: - Virtual size: 100KB

.rsrc
Size: 29KB - Virtual size: 29KB

.text
Size: 7KB - Virtual size: 7KB

.rdata
Size: 1024B - Virtual size: 784B

.data
Size: 512B - Virtual size: 100B

.reloc
Size: 1024B - Virtual size: 520B

.text
Size: 4KB - Virtual size: 4KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 512B - Virtual size: 4KB

.rsrc
Size: 512B - Virtual size: 152B

.reloc
Size: 1024B - Virtual size: 572B

01
Certificate

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4b
Certificate

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bb
Certificate

47:bd:72:80:22:f3:66:fa:e2:10:7a:9f:19:07:30:9c
Certificate

83:80:66:d1:72:25:4e:fd:9f:d3:fa:47:59:a5:4c:09:37:24:e8:4a
Signer

.text
Size: 7KB - Virtual size: 7KB

.rdata
Size: 3KB - Virtual size: 3KB

.data
Size: 512B - Virtual size: 1KB

.rsrc
Size: 512B - Virtual size: 428B

.text
Size: 56KB - Virtual size: 54KB

.rdata
Size: 16KB - Virtual size: 12KB

.data
Size: 8KB - Virtual size: 39KB

.rsrc
Size: 4KB - Virtual size: 176B

.reloc
Size: 8KB - Virtual size: 6KB

.text
Size: 393KB - Virtual size: 392KB

.data
Size: 3KB - Virtual size: 3KB

.bss
Size: - Virtual size: 720B

.edata
Size: 6KB - Virtual size: 5KB

.idata
Size: 2KB - Virtual size: 1KB

.reloc
Size: 8KB - Virtual size: 8KB

.stab
Size: 6KB - Virtual size: 6KB

.stabstr
Size: 5KB - Virtual size: 5KB

.text
Size: 164KB - Virtual size: 160KB

.rdata
Size: 48KB - Virtual size: 47KB

.data
Size: 12KB - Virtual size: 19KB

.rsrc
Size: 68KB - Virtual size: 65KB