c761e401cc8a8ca1877289b8418a77e5_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

c761e401cc8a8ca1877289b8418a77e5_JaffaCakes118
Size

5.2MB
MD5

c761e401cc8a8ca1877289b8418a77e5
SHA1

3b6604981ffa7c32fdaaa481f1ae21b6d1b902d4
SHA256

eb4cb3dbb26c1c9071ef278f4a1ac29ba73f1f07a8ff9154d6fa12c565fd026a
SHA512

e05cda310594117b656c4544db9beb84a36c3aa3b079a3f69574179bbc5990e999d7e7ace03941f6c9804962ae27a418942f7de06c98e8623ee8221aa080a115
SSDEEP

98304:2tuCBNfInSsWdMGlZhj8yRvdRwA1E8mL12RjPnqJWWxhPNpfUgWSxwQm:ScWd5bqWPFSH18qxhU7Qm

Score

3^/10

Malware Config

Signatures

Unsigned PE 14 IoCs

Checks for missing Authenticode signature.

resource
c761e401cc8a8ca1877289b8418a77e5_JaffaCakes118
unpack001/$PLUGINSDIR/InstallOptions.dll
unpack001/$PLUGINSDIR/NSISdl.dll
unpack001/$PLUGINSDIR/System.dll
unpack001/$PLUGINSDIR/blowfish.dll
unpack001/$PLUGINSDIR/locate.dll
unpack001/$PLUGINSDIR/xml.dll
unpack001/Fairy_Ape.exe
unpack001/Fairy_Ape/RICHED20.DLL
unpack001/LAScriptX.dll
unpack001/comx.dll
unpack001/libs.dll
unpack001/net.dll
unpack001/uninst.exe

NSIS installer 4 IoCs

installer

resource	yara_rule
sample	nsis_installer_1
sample	nsis_installer_2
static1/unpack001/uninst.exe	nsis_installer_1
static1/unpack001/uninst.exe	nsis_installer_2

Files

c761e401cc8a8ca1877289b8418a77e5_JaffaCakes118
.exe windows:4 windows x86 arch:x86

099c0646ea7282d232219f8807883be0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetTickCount
CreateFileA
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
SetFileTime
GetTempPathA
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
GetVersion
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
MulDiv
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetWindowsDirectoryA

user32

EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
RegisterClassA
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
DestroyWindow
CreateDialogParamA
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
OpenClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ShowWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 80KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/InstallOptions.dll
.dll windows:4 windows x86 arch:x86

b1cd0d78f652ce5fc63f0879371af012

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetCurrentDirectoryA
GetCurrentDirectoryA
MultiByteToWideChar
GetPrivateProfileIntA
GlobalLock
GetModuleHandleA
lstrcmpiA
GetPrivateProfileStringA
lstrcatA
lstrcpynA
WritePrivateProfileStringA
lstrlenA
lstrcpyA
GlobalFree
GlobalUnlock
GlobalAlloc

user32

MapWindowPoints
GetDlgCtrlID
CloseClipboard
GetClipboardData
OpenClipboard
PtInRect
SetWindowRgn
LoadIconA
LoadImageA
SetWindowLongA
CreateWindowExA
MapDialogRect
SetWindowPos
GetWindowRect
CreateDialogParamA
ShowWindow
EnableMenuItem
GetSystemMenu
EnableWindow
GetDlgItem
DestroyIcon
DestroyWindow
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
LoadCursorA
SetCursor
DrawTextA
GetWindowLongA
DrawFocusRect
CallWindowProcA
PostMessageA
MessageBoxA
CharNextA
wsprintfA
GetWindowTextA
SetWindowTextA
SendMessageA
GetClientRect

gdi32

SetTextColor
CreateCompatibleDC
GetObjectA
GetDIBits
CreateRectRgn
CombineRgn
DeleteObject
SelectObject

shell32

SHBrowseForFolderA
SHGetDesktopFolder
SHGetPathFromIDListA
ShellExecuteA

comdlg32

GetOpenFileNameA
GetSaveFileNameA
CommDlgExtendedError

ole32

CoTaskMemFree

Exports

Exports

dialog
initDialog
show

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/NSISdl.dll
.dll windows:4 windows x86 arch:x86

9cce555dd3ff1b6c7dc92d64c794c51a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

WaitForSingleObject
lstrcpynA
lstrlenA
lstrcatA
GlobalAlloc
GlobalFree
CloseHandle
GetTickCount
DeleteFileA
Sleep
WriteFile
CreateFileA
lstrcmpiA
lstrcpyA
MulDiv
CreateThread

user32

CharPrevA
SetWindowLongA
RegisterWindowMessageA
CallWindowProcA
DestroyWindow
EnableWindow
GetWindowLongA
CreateWindowExA
GetWindowRect
GetClientRect
ShowWindow
IsWindowVisible
GetFocus
GetDlgItem
FindWindowExA
SetWindowTextA
SendMessageA
wsprintfA
SetDlgItemTextA

advapi32

RegQueryValueExA
RegOpenKeyExA
RegCloseKey

ws2_32

gethostbyname
inet_addr
ioctlsocket
htons
socket
closesocket
shutdown
connect
__WSAFDIsSet
select
recv
WSAGetLastError
send
WSACleanup
WSAStartup

Exports

Exports

download
download_quiet

Sections

.text
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 836B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:4 windows x86 arch:x86

2017f2acbdaa42ab3e4adeb8b4c37e7b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalFree
GlobalSize
GetLastError
lstrcpyA
lstrcpynA
FreeLibrary
lstrcatA
GetProcAddress
LoadLibraryA
GetModuleHandleA
MultiByteToWideChar
lstrlenA
WideCharToMultiByte
VirtualAlloc
VirtualProtect

user32

wsprintfA

ole32

StringFromGUID2
CLSIDFromString

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 784B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 100B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 520B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/blowfish.dll
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

Decrypt
Encrypt

Sections

CODE
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 1KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1024B - Virtual size: 906B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 89B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 880B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/ioSpecial.ini
$PLUGINSDIR/locate.dll
.dll windows:4 windows x86 arch:x86

7f8181c74f882a780c7cd485241e8b51

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalFree
MultiByteToWideChar
lstrlenW
lstrlenA
GetWindowsDirectoryW
WideCharToMultiByte
CompareFileTime
FindNextFileA
FindNextFileW
FileTimeToSystemTime
RemoveDirectoryA
RemoveDirectoryW
FindFirstFileA
FindFirstFileW
FindClose
SystemTimeToFileTime
FileTimeToLocalFileTime

user32

SetWindowTextA
SetWindowTextW
GetDlgItem
FindWindowExA
MessageBoxW

Exports

Exports

_Close
_Find
_GetSize
_Open
_RMDirEmpty
_Unload

Sections

.text
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 848B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/modern-header.bmp
$PLUGINSDIR/modern-wizard.bmp
$PLUGINSDIR/xml.dll
.dll windows:4 windows x86 arch:x86

b5ed5b3a951d4443ce56e5453702d536

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalFree
lstrcpynA
lstrcmpA
lstrcmpiA
lstrcpyA
RtlUnwind
GetModuleFileNameA
RaiseException
GetCommandLineA
GetVersionExA
HeapFree
HeapAlloc
HeapReAlloc
ExitProcess
GetProcAddress
GetModuleHandleA
TerminateProcess
GetCurrentProcess
HeapSize
GetLastError
LoadLibraryA
ReadFile
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
SetFilePointer
CloseHandle
LCMapStringA
WideCharToMultiByte
MultiByteToWideChar
LCMapStringW
SetUnhandledExceptionFilter
HeapDestroy
HeapCreate
VirtualFree
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
UnhandledExceptionFilter
WriteFile
VirtualAlloc
IsBadWritePtr
IsBadReadPtr
IsBadCodePtr
GetStringTypeA
GetStringTypeW
GetACP
GetOEMCP
GetCPInfo
FlushFileBuffers
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
CreateFileA
VirtualProtect
GetSystemInfo
VirtualQuery
SetStdHandle
GetLocaleInfoA
InterlockedExchange
SetEndOfFile

Exports

Exports

_CloneNode
_Coordinate
_CreateNode
_CreateText
_CurrentAttribute
_DeclarationEncoding
_DeclarationStandalone
_DeclarationVersion
_ElementPath
_FindCloseElement
_FindNextElement
_FirstAttribute
_FirstChild
_FirstChildElement
_FreeNode
_GetAttribute
_GetNodeValue
_GetText
_GotoHandle
_GotoPath
_InsertAfterNode
_InsertBeforeNode
_InsertEndChild
_IsCDATA
_LastAttribute
_LastChild
_LoadFile
_NextAttribute
_NextSibling
_NextSiblingElement
_NoChildren
_NodeHandle
_NodeType
_Parent
_PreviousAttribute
_PreviousSibling
_RemoveAllChild
_RemoveAttribute
_RemoveNode
_ReplaceNode
_RootElement
_SaveFile
_SetAttribute
_SetAttributeName
_SetAttributeValue
_SetCDATA
_SetCondenseWhiteSpace
_SetEncoding
_SetNodeValue
_SetText
_Unload
_XPathAttribute
_XPathNode
_XPathString

Sections

.text
Size: 89KB - Virtual size: 89KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Fairy_Ape.exe
.exe windows:5 windows x86 arch:x86

12dcd6b1b2493cd24e743b199d755ed7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\模拟精灵\新的模拟精灵\Release\Fairy_Ape.pdb

Imports

kernel32

GetSystemTimeAsFileTime
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapFree
SetEnvironmentVariableA
VirtualProtect
VirtualAlloc
VirtualQuery
GetStartupInfoA
HeapReAlloc
RtlUnwind
GetTimeFormatA
GetDateFormatA
CreateProcessA
SetStdHandle
GetFileType
ExitThread
CreateThread
HeapSize
GetACP
IsValidCodePage
GetTimeZoneInformation
LCMapStringA
LCMapStringW
SetErrorMode
InitializeCriticalSectionAndSpinCount
GetStringTypeA
GetStringTypeW
HeapCreate
VirtualFree
GetConsoleCP
GetConsoleMode
SetHandleCount
GetDriveTypeA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
CompareStringW
EnumSystemLocalesA
IsValidLocale
CreatePipe
GetExitCodeProcess
GetLocaleInfoW
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetFileSizeEx
GetOEMCP
GetCPInfo
GlobalFlags
GetModuleHandleW
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
ReadFile
MoveFileA
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
GlobalHandle
GlobalReAlloc
TlsGetValue
LocalAlloc
WritePrivateProfileStringA
GetCurrentThread
ConvertDefaultLocale
EnumResourceLanguagesA
InterlockedExchange
lstrcmpA
GetThreadLocale
RaiseException
SuspendThread
SetThreadPriority
FindFirstFileA
FileTimeToLocalFileTime
FindNextFileA
FindClose
GetModuleFileNameW
FileTimeToSystemTime
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
CompareStringA
lstrcmpW
MulDiv
DeviceIoControl
GlobalSize
ResumeThread
DuplicateHandle
GetExitCodeThread
SetFileTime
GetFileTime
GlobalMemoryStatus
SetSystemPowerState
GetCurrentProcess
TerminateProcess
GetTempPathA
GetSystemDirectoryA
GlobalUnlock
GetVolumeInformationA
Process32Next
Process32First
CreateToolhelp32Snapshot
VirtualQueryEx
GetSystemInfo
WriteProcessMemory
VirtualProtectEx
ReadProcessMemory
OpenProcess
GetFullPathNameA
GetLocaleInfoA
GetUserDefaultLCID
FreeResource
WriteFile
OutputDebugStringA
InterlockedDecrement
InterlockedIncrement
SetConsoleTitleA
AllocConsole
GetCurrentProcessId
FreeConsole
WinExec
lstrcatA
lstrcpyA
MapViewOfFile
CreateFileMappingA
CreateFileA
UnmapViewOfFile
GetVersion
GetProcessHeap
HeapAlloc
GetModuleHandleA
SetCurrentDirectoryA
GetCurrentDirectoryA
LeaveCriticalSection
EnterCriticalSection
GetVersionExA
DeleteFileA
FreeLibrary
GetProcAddress
CloseHandle
CreateEventA
DeleteCriticalSection
GetCurrentThreadId
InitializeCriticalSection
CreateMutexA
GetCommandLineA
LoadLibraryA
lstrcpynA
ResetEvent
TerminateThread
WaitForSingleObject
SetEvent
lstrlenW
MultiByteToWideChar
GlobalFree
GlobalLock
GlobalAlloc
SetFileAttributesA
GetWindowsDirectoryA
CreateDirectoryA
GetFileAttributesA
GetModuleFileNameA
ExitProcess
LocalFree
FormatMessageA
GetLastError
GetTickCount
Sleep
lstrlenA
SetLastError
FindResourceA
LoadResource
LockResource
SizeofResource
GetStdHandle
WideCharToMultiByte

user32

SendDlgItemMessageA
GetMenuState
SetWindowTextA
GetMenuStringA
GetMenu
SendMessageTimeoutA
ExitWindowsEx
SetFocus
IsWindowEnabled
GetCursor
SendInput
GetMenuItemID
GetMenuItemCount
PostThreadMessageA
ModifyMenuA
UnionRect
IsCharAlphaA
DrawFrameControl
DrawTextA
MessageBeep
SetClipboardData
EmptyClipboard
SetActiveWindow
EnumWindows
DrawEdge
SetMenuDefaultItem
CloseClipboard
GetClipboardData
OpenClipboard
DrawIconEx
SetWindowRgn
EqualRect
KillTimer
SetTimer
SetRect
SetScrollRange
IsRectEmpty
SetRectEmpty
GetDialogBaseUnits
FrameRect
LoadImageA
CreateIconIndirect
GetIconInfo
GetSysColor
DrawStateA
OffsetRect
DrawFocusRect
InflateRect
TrackPopupMenuEx
GetNextDlgTabItem
DestroyIcon
DestroyMenu
DestroyCursor
SystemParametersInfoA
GetClassNameA
ChildWindowFromPointEx
GetDlgItem
GetKeyboardLayoutList
LoadKeyboardLayoutA
GetKeyboardLayout
GetCaretPos
OpenIcon
GetDoubleClickTime
GetForegroundWindow
AttachThreadInput
GetWindowTextA
GetWindowThreadProcessId
BringWindowToTop
SetCursorPos
GetKeyState
GetScrollRange
GetScrollPos
SetScrollPos
ValidateRect
SetCapture
ClientToScreen
ReleaseCapture
PtInRect
ShowWindow
FindWindowA
LockWindowUpdate
DeleteMenu
AppendMenuA
GetSystemMenu
DispatchMessageA
TranslateMessage
GetMessageA
GetLastActivePopup
GetPropA
GetDesktopWindow
SetForegroundWindow
GetDlgCtrlID
TrackPopupMenu
LoadCursorA
SetCursor
EnableMenuItem
GetSubMenu
LoadMenuA
GetWindow
CopyRect
RegisterWindowMessageA
SetWindowsHookExA
UnhookWindowsHookEx
GetFocus
GetKeyNameTextA
MapVirtualKeyA
CallNextHookEx
RegisterHotKey
InvalidateRgn
DrawTextExA
CopyAcceleratorTableA
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
UnregisterHotKey
GetParent
FindWindowExA
DrawIcon
RemovePropA
ScreenToClient
GetCursorPos
SetWindowLongA
GetWindowLongA
SetPropA
LoadIconA
SetWindowPos
IsIconic
IsZoomed
GetSystemMetrics
GetWindowDC
RedrawWindow
IsWindowVisible
IsWindow
PostQuitMessage
PeekMessageA
ReleaseDC
GetDC
GetClientRect
InvalidateRect
GetActiveWindow
FillRect
PostMessageA
GetNextDlgGroupItem
RegisterClipboardFormatA
CharNextA
UnregisterClassA
SendMessageA
GetWindowRect
EnableWindow
MessageBoxA
GetSysColorBrush
CharUpperA
SetWindowContextHelpId
GetAsyncKeyState
MapDialogRect
LoadBitmapA
CheckMenuItem
WinHelpA
IsChild
GetCapture
GetClassLongA
BeginDeferWindowPos
EndDeferWindowPos
GetTopWindow
GetMessageTime
GetMessagePos
MapWindowPoints
SetMenu
UpdateWindow
CreateWindowExA
GetClassInfoExA
GetClassInfoA
RegisterClassA
AdjustWindowRectEx
DeferWindowPos
GetScrollInfo
SetScrollInfo
DefWindowProcA
CallWindowProcA
IntersectRect
GetWindowPlacement
EndPaint
BeginPaint
GrayStringA
TabbedTextOutA
CreateDialogIndirectParamA
DestroyWindow
EndDialog
GetWindowTextLengthA
MoveWindow
IsDialogMessageA
WindowFromPoint

gdi32

StretchDIBits
RealizePalette
SetBkMode
GetDIBits
SetWinMetaFileBits
SelectPalette
SetEnhMetaFileBits
PlayEnhMetaFile
GetEnhMetaFilePaletteEntries
CreatePalette
GetEnhMetaFileHeader
DeleteEnhMetaFile
SaveDC
RestoreDC
SetMapMode
ExcludeClipRect
IntersectClipRect
LineTo
MoveToEx
SelectClipRgn
SetStretchBltMode
GetWindowExtEx
PtVisible
TextOutA
Escape
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowOrgEx
SetWindowExtEx
ScaleWindowExtEx
GetRgnBox
GetCharWidthA
CreateFontA
DPtoLP
GetTextColor
RectVisible
GetClipBox
ExtSelectClipRgn
ExtTextOutA
GetBkColor
CreateRectRgnIndirect
CreatePen
GetMapMode
CreateFontIndirectA
CombineRgn
CreateRectRgn
CreatePolygonRgn
CreateRoundRectRgn
FrameRgn
FillRgn
GetTextExtentPoint32A
SetPixel
DeleteDC
SetTextColor
SetBkColor
SelectObject
CreateBitmap
BitBlt
CreateCompatibleBitmap
CreateCompatibleDC
DeleteObject
GetDeviceCaps
GetPixel
EnumFontFamiliesExA
GetObjectA
PatBlt
GetViewportExtEx
CreateSolidBrush
GetStockObject

comdlg32

GetFileTitleA

winspool.drv

DocumentPropertiesA
ClosePrinter
OpenPrinterA

advapi32

CloseServiceHandle
RegSetValueExA
RegCloseKey
RegOpenKeyA
RegEnumKeyA
CreateServiceA
DeleteService
ControlService
OpenSCManagerA
OpenServiceA
RegCreateKeyExA
StartServiceA
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
RegQueryValueA
RegNotifyChangeKeyValue
RegEnumValueA
RegEnumKeyExA
RegDeleteKeyA
RegQueryValueExA
RegOpenKeyExA
RegDeleteValueA

shell32

ShellExecuteExA
Shell_NotifyIconA
SHGetPathFromIDListA
SHGetMalloc
SHGetDesktopFolder
SHBrowseForFolderA
ShellExecuteA

comctl32

_TrackMouseEvent
ord17
ImageList_Draw

shlwapi

PathFindExtensionA
PathFindFileNameA
UrlUnescapeA
PathStripToRootA
PathRemoveFileSpecW
PathIsUNCA

oledlg

ord8

ole32

CoRegisterMessageFilter
CreateStreamOnHGlobal
CoInitialize
CoCreateInstance
CoInitializeEx
CoUninitialize
CoTaskMemFree
CoTaskMemAlloc
CoGetClassObject
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
CLSIDFromString
CLSIDFromProgID
OleUninitialize
CoFreeUnusedLibraries
OleInitialize
CoRevokeClassObject
OleIsCurrentClipboard
OleFlushClipboard

oleaut32

VariantClear
SystemTimeToVariantTime
VariantTimeToSystemTime
SysAllocString
SafeArrayCreateVector
SafeArrayAccessData
SafeArrayDestroy
SafeArrayUnaccessData
SysAllocStringLen
VarDateFromStr
VariantInit
VariantCopyInd
VariantChangeType
SysStringLen
SysAllocStringByteLen
VariantCopy
DispCallFunc
LoadRegTypeLi
SafeArrayGetElemsize
SafeArrayCreate
OleCreateFontIndirect
SysFreeString

winmm

PlaySoundA

wininet

InternetOpenUrlA
InternetWriteFile
InternetSetFilePointer
InternetSetStatusCallback
InternetGetLastResponseInfoA
InternetConnectA
InternetQueryDataAvailable
InternetSetOptionExA
InternetQueryOptionA
InternetCanonicalizeUrlA
InternetSetOptionA
InternetCloseHandle
InternetReadFile
HttpQueryInfoA
HttpSendRequestA
HttpOpenRequestA
InternetOpenA
InternetCrackUrlA

Exports

Exports

_GetPhysLong@8
_GetPortVal@12
_InitializeWinIo@0
_InstallWinIoDriver@8
_MapPhysToLin@12
_RemoveWinIoDriver@0
_SetPhysLong@8
_SetPortVal@12
_ShutdownWinIo@0
_UnmapPhysicalMemory@8

Sections

.text
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 48KB - Virtual size: 121KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 803KB - Virtual size: 802KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Fairy_Ape/Ape.history
Fairy_Ape/Fairy.config
Fairy_Ape/Fairy.work
.js .xml polyglot
Fairy_Ape/Language/CHS.xml
.js .xml polyglot
Fairy_Ape/Language/CHSsyntax.txt
.js
Fairy_Ape/RICHED20.DLL
.dll windows:5 windows x86 arch:x86

b273fadc4482676e5c978e88480e0b9e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

InterlockedExchange
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetUserDefaultLCID
GetProfileIntA
FindAtomW
GetModuleFileNameW
GetModuleFileNameA
LoadLibraryW
LoadLibraryA
GetProfileSectionW
GetProfileSectionA
CompareStringW
CompareStringA
CreateFileW
CreateFileA
GetStringTypeExW
GetStringTypeExA
GetModuleHandleA
LocalReAlloc
LocalAlloc
GetACP
lstrcmpiW
GetVersionExA
MulDiv
GlobalUnlock
GlobalHandle
GlobalLock
GlobalSize
GlobalReAlloc
GlobalFlags
GlobalFree
GlobalAlloc
GetThreadLocale
IsValidCodePage
SetFilePointer
CloseHandle
WriteFile
ReadFile
GetLastError
IsBadWritePtr
GetCurrentThreadId
FindAtomA
GetSystemDefaultLangID
DeleteCriticalSection
InitializeCriticalSection
DisableThreadLibraryCalls
FormatMessageA
lstrlenA
lstrcmpiA
LocalFree
GetLocaleInfoW
GetProcAddress
FreeLibrary
RaiseException
IsBadReadPtr
GetTickCount
Sleep
LocalLock
WideCharToMultiByte
MultiByteToWideChar
GetSystemDefaultLCID
LeaveCriticalSection
EnterCriticalSection

advapi32

RegQueryValueExA
RegCloseKey
RegOpenKeyExA

user32

IsChild
IsWindowEnabled
GetCapture
GetCaretPos
IsClipboardFormatAvailable
SetClipboardData
CloseClipboard
EmptyClipboard
OpenClipboard
GetClipboardOwner
GetClipboardData
CharUpperW
MessageBoxA
UnregisterClassA
ShowScrollBar
EnableScrollBar
wvsprintfA
DefWindowProcA
DefWindowProcW
GetWindowLongA
GetWindowLongW
GetClassLongA
GetClassLongW
LoadBitmapA
LoadBitmapW
LoadCursorA
LoadCursorW
SetWindowLongA
SetWindowLongW
PostMessageA
PostMessageW
PeekMessageA
PeekMessageW
RegisterWindowMessageA
PostQuitMessage
MessageBoxW
GetKeyboardLayout
SendMessageA
FindWindowA
SystemParametersInfoA
GetKeyboardLayoutList
CharLowerA
CharLowerBuffW
CharUpperA
CharUpperBuffW
SendMessageW
UnregisterClassW
RegisterClassA
RegisterClassW
GetDoubleClickTime
GetForegroundWindow
WindowFromPoint
SystemParametersInfoW
GetDesktopWindow
IsWindow
GetWindow
SetScrollInfo
SetForegroundWindow
ScrollWindowEx
SetTimer
SetCaretPos
ShowCaret
HideCaret
CreateCaret
SetScrollPos
SetScrollRange
IsWindowVisible
MapWindowPoints
GetDlgItem
GetFocus
IsIconic
DestroyCaret
SetFocus
WindowFromDC
DestroyMenu
MessageBeep
RegisterClipboardFormatA
GetParent
TrackPopupMenu
SetCapture
GetAsyncKeyState
ReleaseCapture
GetMessageTime
GetMessagePos
IntersectRect
OffsetRect
InvertRect
CopyRect
ActivateKeyboardLayout
IsWindowUnicode
EnableWindow
GetDC
ReleaseDC
CreateWindowExW
CreateWindowExA
SetParent
ClientToScreen
MoveWindow
BeginPaint
FillRect
EndPaint
InflateRect
ShowWindow
InvalidateRect
SetWindowPos
UpdateWindow
GetClientRect
DrawFocusRect
GetCursorPos
ScreenToClient
GetWindowRect
PtInRect
GetKeyState
GetSysColor
DrawFrameControl
GetSystemMetrics
SetCursor
GetCursor
DestroyWindow
KillTimer

gdi32

SetBkMode
RestoreDC
SaveDC
RealizePalette
SelectPalette
SelectObject
GetCurrentObject
Rectangle
GetStockObject
SetROP2
CreateDIBSection
DeleteDC
StretchBlt
CreateCompatibleDC
DeleteObject
SetTextAlign
GetDeviceCaps
ExtTextOutW
GetPixel
SetWindowExtEx
SetWindowOrgEx
BitBlt
LineTo
MoveToEx
CreatePen
DeleteMetaFile
GetTextCharsetInfo
GetOutlineTextMetricsA
TranslateCharsetInfo
GetBkMode
DPtoLP
PatBlt
SetMapMode
CreateCompatibleBitmap
ExtTextOutA
CreateSolidBrush
SetMetaFileBitsEx
CreateBitmap
GetMetaFileBitsEx
SetViewportOrgEx
EnumMetaFile
CloseMetaFile
CreateMetaFileA
CreatePatternBrush
Escape
GetObjectType
CreatePalette
GetMapMode
LPtoDP
EnumFontFamiliesExW
GetCharWidthW
GetCharWidthA
CreateFontIndirectA
CreateFontIndirectW
GetObjectW
GetTextMetricsA
GetTextMetricsW
CreateICA
CreateICW
GetTextFaceA
GetTextFaceW
SetBkColor
SetTextColor
GetObjectA
IntersectClipRect

Exports

Exports

CreateTextServices
IID_IRichEditOle
IID_IRichEditOleCallback
IID_ITextHost
IID_ITextHost2
IID_ITextServices
REExtendedRegisterClass
RichEdit10ANSIWndProc
RichEditANSIWndProc

Sections

.text
Size: 363KB - Virtual size: 363KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 30KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Fairy_Ape/hotkey.bin
Fairy_Ape/import/std.LAS
.js
Fairy_Ape/task.bin
LAScriptX.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mscoree

_CorDllMain

Sections

.text
Size: 48KB - Virtual size: 46KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 880B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Visual LAScript.rar
.rar
Visual LAScript/code.htm
.html .js polyglot
Visual LAScript/images/bar/build.gif
.gif
Visual LAScript/images/bar/code.gif
.gif
Visual LAScript/images/bar/las.gif
.gif
Visual LAScript/images/bar/new.gif
.gif
Visual LAScript/images/bar/open.gif
.gif
Visual LAScript/images/bar/play.gif
.gif
Visual LAScript/images/bar/save.gif
.gif
Visual LAScript/images/bar/splash.jpg
.jpg
Visual LAScript/images/bar/split.gif
.gif
Visual LAScript/images/bar/split2.gif
.gif
Visual LAScript/images/lbar/bt.gif
.gif
Visual LAScript/images/lbar/ck.gif
.gif
Visual LAScript/images/lbar/combo.gif
.gif
Visual LAScript/images/lbar/frm.gif
.gif
Visual LAScript/images/lbar/img.gif
.gif
Visual LAScript/images/lbar/lb.gif
.gif
Visual LAScript/images/lbar/list.gif
.gif
Visual LAScript/images/lbar/numud.gif
.gif
Visual LAScript/images/lbar/rd.gif
.gif
Visual LAScript/images/lbar/sel.gif
.gif
Visual LAScript/images/lbar/tx.gif
.gif
Visual LAScript/images/main/btClose.gif
.gif
Visual LAScript/images/main/drop.gif
.gif
Visual LAScript/images/main/drop_hit.gif
.gif
Visual LAScript/images/main/hdl.gif
.gif
Visual LAScript/images/main/hdl_dis.gif
.gif
Visual LAScript/images/main/head_bg.gif
.gif
Visual LAScript/images/main/ico_form.gif
.gif
Visual LAScript/images/main/more.gif
.gif
Visual LAScript/images/main/more_hit.gif
.gif
Visual LAScript/mu.js
.js
Visual LAScript/sel.htm
.html .js polyglot
Visual LAScript/ss.js
.js
Visual LAScript/vl.fap
.js .xml polyglot
Visual LAScript/webform.htm
.html .js polyglot
comx.dll
.dll windows:4 windows x86 arch:x86

5a762cec206374f4f0fdaa86673629e7

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\模拟精灵\新的模拟精灵\模拟精灵插件开发\comx\comx\Release\comx.pdb

Imports

kernel32

SetEndOfFile
SetStdHandle
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetLocaleInfoW
SetFilePointer
WaitForSingleObject
GetExitCodeProcess
CreatePipe
GetStringTypeW
GetProcAddress
IsValidCodePage
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
CreateFileA
GetFileAttributesA
LCMapStringW
LCMapStringA
GetTimeZoneInformation
CompareStringW
CompareStringA
LoadLibraryA
FreeLibrary
LocalFree
GetLastError
MultiByteToWideChar
FormatMessageA
WideCharToMultiByte
lstrcpyW
DebugBreak
FatalAppExitA
lstrlenW
IsBadWritePtr
GetCurrentDirectoryA
GetStringTypeA
GetModuleFileNameA
InitializeCriticalSection
ReadFile
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
SetHandleCount
HeapSize
Sleep
FlushFileBuffers
GetConsoleMode
GetConsoleCP
GetStdHandle
WriteFile
VirtualAlloc
DeleteCriticalSection
VirtualFree
HeapCreate
HeapDestroy
SetLastError
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetOEMCP
GetACP
GetCPInfo
RaiseException
IsDebuggerPresent
TerminateProcess
SetEnvironmentVariableA
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
DuplicateHandle
CreateProcessA
CloseHandle
HeapFree
HeapAlloc
GetCurrentThreadId
GetCommandLineA
GetVersionExA
GetProcessHeap
EnterCriticalSection
LeaveCriticalSection
HeapReAlloc
GetModuleHandleA
ExitProcess
RtlUnwind
GetSystemTimeAsFileTime
DeleteFileA
MoveFileA
GetTimeFormatA
GetDateFormatA
InterlockedIncrement
InterlockedDecrement

user32

GetClientRect
TranslateMessage
WinHelpA
GetMessageA
RegisterClassA
CallWindowProcA
MapWindowPoints
IsWindowVisible
EqualRect
GetActiveWindow
ShowWindow
SetWindowPos
DefWindowProcA
CreateWindowExA
GetWindowLongA
MessageBoxA
IntersectRect
SetWindowRgn
GetWindowRect
wsprintfA
OffsetRect
SetFocus
DispatchMessageA

gdi32

SetViewportOrgEx
SetWindowExtEx
DeleteObject
CreateRectRgnIndirect
SetMapMode
SetViewportExtEx
SetWindowOrgEx

advapi32

RegQueryValueA
RegOpenKeyExA
RegCreateKeyExA
RegEnumKeyExA
RegQueryValueExA
RegSetValueExA
RegCloseKey

ole32

StringFromCLSID
OleInitialize
OleUninitialize
CoTaskMemFree
CoCreateInstance
CreateBindCtx
MkParseDisplayName
CLSIDFromProgID
CLSIDFromString
CoRevokeClassObject
CoRegisterClassObject
StringFromIID
CoLockObjectExternal
CoTaskMemAlloc
CreateOleAdviseHolder
OleRegGetUserType
ProgIDFromCLSID

oleaut32

SafeArrayUnaccessData
GetActiveObject
SysAllocString
DispGetIDsOfNames
SafeArrayPutElement
SafeArrayGetElement
VariantChangeType
SafeArrayGetDim
SystemTimeToVariantTime
SafeArrayCreate
SafeArrayDestroy
VariantCopy
SafeArrayAccessData
VariantTimeToSystemTime
SafeArrayCreateVector
VariantCopyInd
LHashValOfNameSys
VariantInit
VariantClear
SysStringLen
LoadRegTypeLi
SysFreeString
UnRegisterTypeLi
LoadTypeLibEx

shlwapi

SHDeleteKeyA

Exports

Exports

DllGetClassObject
comx_IDispatch2comx
comx_detectAutomation
lasimport_comx

Sections

.text
Size: 328KB - Virtual size: 325KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 100KB - Virtual size: 98KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
encode.txt
fap.chm
.chm
fapi.chm
.chm
libs.dll
.dll windows:4 windows x86 arch:x86

4e8653f69e7a6522710ccd382de38426

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\模拟精灵\新的模拟精灵\模拟精灵插件开发\libs\Release\libs.pdb

Imports

wininet

DeleteUrlCacheEntry
FindFirstUrlCacheEntryA
FindNextUrlCacheEntryA
InternetSetOptionA

shlwapi

SHDeleteKeyA
PathFindExtensionA
PathFindFileNameA

kernel32

GetCPInfo
GetOEMCP
VirtualAlloc
HeapReAlloc
GetSystemTimeAsFileTime
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetTimeFormatA
GetDateFormatA
ExitThread
CreateThread
GetCommandLineA
ExitProcess
RtlUnwind
RaiseException
HeapSize
HeapCreate
VirtualFree
GetStdHandle
GetACP
LCMapStringA
LCMapStringW
SetHandleCount
GetFileType
GetStartupInfoA
GetTimeZoneInformation
GetConsoleCP
GetConsoleMode
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetStringTypeA
GetStringTypeW
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
IsValidCodePage
GetLocaleInfoW
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetEnvironmentVariableA
SetEndOfFile
FlushFileBuffers
ReadFile
InterlockedIncrement
WritePrivateProfileStringA
GetThreadLocale
GlobalFlags
GlobalGetAtomNameA
GlobalFindAtomA
lstrcmpW
SetErrorMode
TlsFree
DeleteCriticalSection
LocalReAlloc
TlsSetValue
TlsAlloc
InitializeCriticalSection
GlobalHandle
GlobalReAlloc
EnterCriticalSection
TlsGetValue
LeaveCriticalSection
LocalAlloc
InterlockedDecrement
GetModuleFileNameW
GlobalFree
GlobalUnlock
FormatMessageA
LocalFree
GlobalAddAtomA
GetCurrentProcessId
SetLastError
GetCurrentThread
GetCurrentThreadId
ConvertDefaultLocale
GetModuleFileNameA
EnumResourceLanguagesA
GetLocaleInfoA
LoadLibraryA
GlobalLock
lstrcmpA
GlobalAlloc
FreeLibrary
GlobalDeleteAtom
GetModuleHandleA
GetProcAddress
ResetEvent
CreateEventA
Sleep
SetEvent
WaitForSingleObject
CloseHandle
GetVersionExA
FindNextFileA
FindClose
SetFileAttributesA
FindFirstFileA
WriteFile
GetCurrentProcess
HeapAlloc
SetFilePointer
GetFileSize
CreateFileA
DeleteFileA
GetVersion
CompareStringA
LockResource
RemoveDirectoryA
GetLastError
InterlockedExchange
MultiByteToWideChar
CompareStringW
GetFileAttributesA
SizeofResource
WideCharToMultiByte
GetWindowsDirectoryA
GetProcessHeap
HeapFree
LoadResource
lstrlenA
FindResourceA
HeapDestroy

user32

DestroyMenu
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
LoadCursorA
GetDC
ReleaseDC
GetSysColorBrush
ClientToScreen
ShowWindow
SetWindowTextA
RegisterWindowMessageA
LoadIconA
WinHelpA
GetCapture
GetClassLongA
GetClassNameA
SetPropA
GetPropA
RemovePropA
IsWindow
GetWindowTextA
GetForegroundWindow
GetDlgItem
GetTopWindow
DestroyWindow
GetMessageTime
GetMessagePos
MapWindowPoints
SetForegroundWindow
GetClientRect
GetMenu
CreateWindowExA
GetClassInfoExA
GetClassInfoA
RegisterClassA
GetSysColor
AdjustWindowRectEx
CopyRect
PtInRect
GetDlgCtrlID
DefWindowProcA
CallWindowProcA
SetWindowLongA
SetWindowPos
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetWindowRect
GetSystemMetrics
GetWindow
UnregisterClassA
UnhookWindowsHookEx
GetMenuItemID
GetMenuItemCount
GetSubMenu
SetWindowsHookExA
CallNextHookEx
GetActiveWindow
IsWindowVisible
GetKeyState
GetCursorPos
ValidateRect
GetWindowThreadProcessId
GetWindowLongA
GetLastActivePopup
IsWindowEnabled
EnableWindow
MessageBoxA
SetCursor
PostMessageA
PostQuitMessage
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapA
GetFocus
GetParent
SendMessageA
ModifyMenuA
GetMenuState
EnableMenuItem
CheckMenuItem
GetMessageA
MsgWaitForMultipleObjects
TranslateMessage
PeekMessageA
DispatchMessageA

gdi32

ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
Escape
ExtTextOutA
GetStockObject
DeleteDC
ScaleWindowExtEx
SetWindowExtEx
GetClipBox
SetTextColor
SetBkColor
DeleteObject
SaveDC
RestoreDC
TextOutA
RectVisible
PtVisible
SetMapMode
CreateBitmap
GetDeviceCaps

winspool.drv

DocumentPropertiesA
OpenPrinterA
ClosePrinter

advapi32

RegSetValueExA
RegCreateKeyExA
RegQueryValueA
RegOpenKeyA
RegDeleteKeyA
RegQueryValueExA
RegCloseKey
RegEnumKeyA
GetLengthSid
AddAce
RegSetKeySecurity
FreeSid
AllocateAndInitializeSid
InitializeAcl
RegQueryInfoKeyA
RegGetKeySecurity
RegOpenKeyExA
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
CopySid
GetTokenInformation
GetSidSubAuthorityCount
GetSidSubAuthority
OpenProcessToken
GetSidIdentifierAuthority
GetUserNameA

shell32

SHEmptyRecycleBinA
SHGetSpecialFolderPathA

ole32

CoCreateInstance

oleaut32

VariantClear
VariantChangeType
VariantInit

ws2_32

WSAEnumNetworkEvents
WSAEventSelect
inet_addr
WSACleanup
WSACreateEvent
gethostbyaddr
WSAWaitForMultipleEvents
gethostname
connect
WSAStartup
WSACloseEvent
shutdown
htons
recv
send
gethostbyname
closesocket
socket

Exports

Exports

lasimport_bigint
lasimport_clean
lasimport_email
lasimport_md5
lasimport_pop3

Sections

.text
Size: 320KB - Virtual size: 318KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 72KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 28KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
net.dll
.dll windows:4 windows x86 arch:x86

61e09027d5c345c5b0cd7de24f866ec3

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mscoree

CorBindToRuntimeEx

oleaut32

VariantClear
SafeArrayCreateVector
SafeArrayAccessData
SafeArrayDestroy
VariantInit
SysAllocString
SysFreeString
SafeArrayUnaccessData

kernel32

TlsSetValue
SetEnvironmentVariableA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetEndOfFile
GetLocaleInfoW
SetStdHandle
GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
CompareStringW
InterlockedDecrement
FreeResource
CloseHandle
WriteFile
SizeofResource
CreateFileA
LockResource
LoadResource
FindResourceA
GetFileAttributesA
GetModuleFileNameA
GetModuleHandleA
LoadLibraryA
FormatMessageA
GetLastError
GetProcAddress
FreeLibrary
MultiByteToWideChar
lstrlenA
WideCharToMultiByte
LocalFree
RtlUnwind
RaiseException
EnterCriticalSection
LeaveCriticalSection
HeapReAlloc
HeapAlloc
HeapFree
ExitProcess
CreateProcessA
DuplicateHandle
GetCurrentProcess
DeleteFileA
MoveFileA
GetSystemTimeAsFileTime
GetTimeFormatA
GetDateFormatA
InterlockedIncrement
GetCurrentThreadId
GetCommandLineA
GetVersionExA
GetProcessHeap
TlsGetValue
TlsAlloc
TlsFree
SetLastError
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
Sleep
HeapSize
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
ReadFile
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
GetCPInfo
GetACP
GetOEMCP
InitializeCriticalSection
CreatePipe
GetExitCodeProcess
WaitForSingleObject
GetCurrentProcessId
GetConsoleCP
GetConsoleMode
SetFilePointer
FlushFileBuffers
GetTimeZoneInformation
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
IsValidCodePage
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW
CompareStringA

Exports

Exports

lasimport_net
luaL_addlstring
luaL_addstring
luaL_addvalue
luaL_argerror
luaL_buffinit
luaL_callmeta
luaL_checkany
luaL_checkinteger
luaL_checklstring
luaL_checkmetatable
luaL_checknumber
luaL_checkoption
luaL_checkstack
luaL_checktype
luaL_checkudata
luaL_error
luaL_findtable
luaL_getmetafield
luaL_gsub
luaL_loadbuffer
luaL_loadfile
luaL_loadstring
luaL_newmetatable
luaL_newstate
luaL_openlib
luaL_openlibs
luaL_optinteger
luaL_optlstring
luaL_optnumber
luaL_prepbuffer
luaL_pushresult
luaL_ref
luaL_register
luaL_typerror
luaL_unref
luaL_where
lua_atpanic
lua_call
lua_checkstack
lua_close
lua_concat
lua_cpcall
lua_createtable
lua_dump
lua_equal
lua_error
lua_findfile
lua_gc
lua_getallocf
lua_getfenv
lua_getfield
lua_gethook
lua_gethookcount
lua_gethookmask
lua_getinfo
lua_getlocal
lua_getmetatable
lua_getstack
lua_gettable
lua_gettop
lua_getupvalue
lua_insert
lua_iscfunction
lua_isnumber
lua_isstring
lua_isuserdata
lua_lessthan
lua_load
lua_newstate
lua_newthread
lua_newuserdata
lua_next
lua_objlen
lua_pcall
lua_pushboolean
lua_pushcclosure
lua_pushfstring
lua_pushinteger
lua_pushlightuserdata
lua_pushlstring
lua_pushnil
lua_pushnumber
lua_pushstdcallcfunction
lua_pushstring
lua_pushthread
lua_pushvalue
lua_pushvfstring
lua_rawequal
lua_rawget
lua_rawgeti
lua_rawset
lua_rawseti
lua_remove
lua_replace
lua_resume
lua_safetostring
lua_setallocf
lua_setfenv
lua_setfield
lua_sethook
lua_setlocal
lua_setmetatable
lua_settable
lua_settop
lua_setupvalue
lua_status
lua_toboolean
lua_tocfunction
lua_tointeger
lua_tolstring
lua_tonumber
lua_topointer
lua_tothread
lua_touserdata
lua_type
lua_typename
lua_xmove
lua_yield
luanet_checkudata
luanet_gettag
luanet_newudata
luanet_rawnetobj
luanet_tonetobject
luaopen_base
luaopen_debug
luaopen_io
luaopen_luanet
luaopen_math
luaopen_os
luaopen_package
luaopen_string
luaopen_table

Sections

.text
Size: 268KB - Virtual size: 265KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 72KB - Virtual size: 71KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 64KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
uninst.exe
.exe windows:4 windows x86 arch:x86

099c0646ea7282d232219f8807883be0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetTickCount
CreateFileA
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
SetFileTime
GetTempPathA
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
GetVersion
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
MulDiv
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetWindowsDirectoryA

user32

EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
RegisterClassA
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
DestroyWindow
CreateDialogParamA
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
OpenClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ShowWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 80KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/modern-header.bmp
ű/fs.las
.js
ű/inet.las

Sharing

General

Malware Config

Signatures

Files

099c0646ea7282d232219f8807883be0

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 23KB - Virtual size: 22KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 1024B - Virtual size: 107KB

.ndata Size: - Virtual size: 80KB

.rsrc Size: 3KB - Virtual size: 3KB

b1cd0d78f652ce5fc63f0879371af012

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

comdlg32

ole32

Exports

Exports

Sections

.text Size: 7KB - Virtual size: 6KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 2KB - Virtual size: 10KB

.rsrc Size: 512B - Virtual size: 152B

.reloc Size: 1KB - Virtual size: 1KB

9cce555dd3ff1b6c7dc92d64c794c51a

Headers

File Characteristics

Imports

kernel32

user32

advapi32

ws2_32

Exports

Exports

Sections

.text Size: 9KB - Virtual size: 9KB

.rdata Size: 1KB - Virtual size: 1KB

.data Size: 1KB - Virtual size: 25KB

.reloc Size: 1024B - Virtual size: 836B

2017f2acbdaa42ab3e4adeb8b4c37e7b

Headers

File Characteristics

Imports

kernel32

user32

ole32

Exports

Exports

Sections

.text Size: 7KB - Virtual size: 7KB

.rdata Size: 1024B - Virtual size: 784B

.data Size: 512B - Virtual size: 100B

.reloc Size: 1024B - Virtual size: 520B

Headers

File Characteristics

Exports

Exports

Sections

CODE Size: 13KB - Virtual size: 13KB

DATA Size: 4KB - Virtual size: 4KB

BSS Size: - Virtual size: 1KB

.idata Size: 1024B - Virtual size: 906B

.text
Size: 23KB - Virtual size: 22KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 1024B - Virtual size: 107KB

.ndata
Size: - Virtual size: 80KB

.rsrc
Size: 3KB - Virtual size: 3KB

.text
Size: 7KB - Virtual size: 6KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 2KB - Virtual size: 10KB

.rsrc
Size: 512B - Virtual size: 152B

.reloc
Size: 1KB - Virtual size: 1KB

.text
Size: 9KB - Virtual size: 9KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: 1KB - Virtual size: 25KB

.reloc
Size: 1024B - Virtual size: 836B

.text
Size: 7KB - Virtual size: 7KB

.rdata
Size: 1024B - Virtual size: 784B

.data
Size: 512B - Virtual size: 100B

.reloc
Size: 1024B - Virtual size: 520B

CODE
Size: 13KB - Virtual size: 13KB

DATA
Size: 4KB - Virtual size: 4KB

BSS
Size: - Virtual size: 1KB

.idata
Size: 1024B - Virtual size: 906B

.edata
Size: 512B - Virtual size: 89B

.reloc
Size: 1024B - Virtual size: 880B

.rsrc
Size: 512B - Virtual size: 512B

.text
Size: 13KB - Virtual size: 13KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: 512B - Virtual size: 6KB

.reloc
Size: 1024B - Virtual size: 848B

.text
Size: 89KB - Virtual size: 89KB

.rdata
Size: 16KB - Virtual size: 15KB

.data
Size: 4KB - Virtual size: 11KB

.reloc
Size: 7KB - Virtual size: 7KB

.text
Size: 1.8MB - Virtual size: 1.8MB

.rdata
Size: 1.1MB - Virtual size: 1.1MB

.data
Size: 48KB - Virtual size: 121KB

.rsrc
Size: 803KB - Virtual size: 802KB

.text
Size: 363KB - Virtual size: 363KB