c83297dbf1ba68ed0a0aabb097f44a21_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

c83297dbf1ba68ed0a0aabb097f44a21_JaffaCakes118
Size

4.4MB
MD5

c83297dbf1ba68ed0a0aabb097f44a21
SHA1

648471b3350c626042f7193e94a9703aef160ad9
SHA256

58ddd43d7482bfd5ab7eda9afd302504881cee315445214e8b04400a83eae9ae
SHA512

d03c8e75df5cb59c15a7c346a4d01ecc43cbd1ef2a4d0fbf705b78c90c5495bc9dec2cf30aa1285bd981a4c2840f2c04c91a299c6c168fd8fe9439935d816ff3
SSDEEP

98304:ZXXvJZ+hGmt+Pfd0cup5GH0BL7LGAx54/tXzv8T+Ajpo0v1WXfGAuByKD:ZX/P+hGw+PKcI0H8LGAUZ7M+Ajpo0v4Q

Score

3^/10

Malware Config

Signatures

Unsigned PE 10 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Netdove_ACC_HOM/AVTalk.exe
unpack001/Netdove_ACC_HOM/KBOARD.exe
unpack001/Netdove_ACC_HOM/NRegOCX.exe
unpack001/Netdove_ACC_HOM/Netdove.exe
unpack001/Netdove_ACC_HOM/SendMail.exe
unpack001/Netdove_ACC_HOM/SetUp_PWD.dll
unpack001/Netdove_ACC_HOM/Setup.exe
unpack001/Netdove_ACC_HOM/Uninstall.exe
unpack001/Netdove_ACC_HOM/qtintf70.dll
unpack001/Netdove_ACC_HOM/连珠游戏.exe

Files

c83297dbf1ba68ed0a0aabb097f44a21_JaffaCakes118
.rar
Netdove_ACC_HOM/AVTalk.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 559KB - Virtual size: 559KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 3KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 16B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 38KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Netdove_ACC_HOM/KBOARD.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 754KB - Virtual size: 753KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 3KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 16B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 56KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 768KB - Virtual size: 768KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Netdove_ACC_HOM/Lage/ENDLAGE.INI
Netdove_ACC_HOM/Lage/PNDLAGE.INI
Netdove_ACC_HOM/Lage/TNDLAGE.INI
Netdove_ACC_HOM/Lrecord.dat
Netdove_ACC_HOM/NRegOCX.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 330KB - Virtual size: 330KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 2KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 16B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Netdove_ACC_HOM/Netdove.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 2.0MB - Virtual size: 2.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 30KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 5KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 64B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 135KB - Virtual size: 134KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 596KB - Virtual size: 596KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Netdove_ACC_HOM/Netdove.ini
Netdove_ACC_HOM/PLAGE.INI
Netdove_ACC_HOM/Records.dat
Netdove_ACC_HOM/Res/BALLS/B1/B1.BMP
Netdove_ACC_HOM/Res/BALLS/B1/Thumbs.db
Netdove_ACC_HOM/Res/BALLS/B2/B2.BMP
Netdove_ACC_HOM/Res/BALLS/B2/Thumbs.db
Netdove_ACC_HOM/Res/BALLS/B3/B3.BMP
Netdove_ACC_HOM/Res/BALLS/B3/Thumbs.db
Netdove_ACC_HOM/Res/BALLS/B4/B4.BMP
Netdove_ACC_HOM/Res/BALLS/B4/Thumbs.db
Netdove_ACC_HOM/Res/BALLS/B5/B5.BMP
Netdove_ACC_HOM/Res/BALLS/B5/Thumbs.db
Netdove_ACC_HOM/Res/BALLS/B6/B6.BMP
Netdove_ACC_HOM/Res/BALLS/B6/Thumbs.db
Netdove_ACC_HOM/Res/BALLS/BALLSH.BMP
Netdove_ACC_HOM/Res/BALLS/DISB1.BMP
Netdove_ACC_HOM/Res/BALLS/DISB2.BMP
Netdove_ACC_HOM/Res/BALLS/DISB3.BMP
Netdove_ACC_HOM/Res/BALLS/DISB4.BMP
Netdove_ACC_HOM/Res/BALLS/Thumbs.db
Netdove_ACC_HOM/Res/Comm.avi
Netdove_ACC_HOM/Res/NUMBERS/N0.BMP
Netdove_ACC_HOM/Res/NUMBERS/N1.BMP
Netdove_ACC_HOM/Res/NUMBERS/N2.BMP
Netdove_ACC_HOM/Res/NUMBERS/N3.BMP
Netdove_ACC_HOM/Res/NUMBERS/N4.BMP
Netdove_ACC_HOM/Res/NUMBERS/N5.BMP
Netdove_ACC_HOM/Res/NUMBERS/N6.BMP
Netdove_ACC_HOM/Res/NUMBERS/N7.BMP
Netdove_ACC_HOM/Res/NUMBERS/N8.BMP
Netdove_ACC_HOM/Res/NUMBERS/N9.BMP
Netdove_ACC_HOM/Res/NUMBERS/Thumbs.db
Netdove_ACC_HOM/Res/TILES/TILE3.BMP
Netdove_ACC_HOM/Res/TILES/Thumbs.db
Netdove_ACC_HOM/Res/Thumbs.db
Netdove_ACC_HOM/Res/cool.avi
Netdove_ACC_HOM/SendMail.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 964KB - Virtual size: 963KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 16B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 71KB - Virtual size: 71KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 78KB - Virtual size: 78KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Netdove_ACC_HOM/SetUp_PWD.dll
.dll regsvr32 windows:4 windows x86 arch:x86

63aaf98fa84ac04fb19d90fce41ae7e5

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LockResource
LoadResource
FindResourceA
GetWindowsDirectoryA
DisableThreadLibraryCalls
GetVersionExA
Sleep
WaitForSingleObject
CreateProcessA
SetFileTime
GetFileTime
GetModuleFileNameA
CompareFileTime
FreeLibrary
GetProcAddress
LoadLibraryA
SizeofResource
GetSystemInfo
HeapCreate
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
HeapDestroy
DeleteCriticalSection
lstrcpyA
MultiByteToWideChar
lstrlenA
lstrcatA
WideCharToMultiByte
lstrlenW
HeapFree
GetSystemDirectoryA
CreateFileA
WriteFile
HeapAlloc
CloseHandle

user32

MessageBoxA
CharNextA
LoadCursorA
SetCursor

advapi32

RegCloseKey
RegCreateKeyExA
RegOpenKeyExA
RegSetValueExA

ole32

CoCreateInstance

oleaut32

SysAllocString
SysFreeString
RegisterTypeLi
LoadTypeLi

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 408KB - Virtual size: 404KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Netdove_ACC_HOM/Setup.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 848KB - Virtual size: 848KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 3KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 16B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 60KB - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 798KB - Virtual size: 798KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Netdove_ACC_HOM/Setup.ini
Netdove_ACC_HOM/Skin/LE4-BLACKC.skn
Netdove_ACC_HOM/Skin/LE4-DEFAULT.skn
Netdove_ACC_HOM/Skin/Longhorn Style-BLUE.skn
Netdove_ACC_HOM/Skin/VistaXP-VISTAXPB2.skn
Netdove_ACC_HOM/Skin/iTunes.skn
Netdove_ACC_HOM/Skin/luna-BLUE.skn
Netdove_ACC_HOM/Skin/luna-HOMESTEAD.skn
Netdove_ACC_HOM/Skin/luna-METALLIC.skn
Netdove_ACC_HOM/Skin/macos.skn
Netdove_ACC_HOM/Skin/mxskin24.skn
Netdove_ACC_HOM/Skin/mxskin26.skn
Netdove_ACC_HOM/Skin/mxskin28.skn
Netdove_ACC_HOM/Skin/skin0000.skn
Netdove_ACC_HOM/URLsRec.dat
Netdove_ACC_HOM/Uninstall.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 653KB - Virtual size: 653KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 3KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 16B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 43KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 58KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Netdove_ACC_HOM/mdb/Netdove.mdb
Netdove_ACC_HOM/qtintf70.dll
.dll windows:4 windows x86 arch:x86

a462a8ea5d21858d5a940280a75737bb

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

advapi32

RegCloseKey
RegOpenKeyExA
RegQueryValueExA

kernel32

CloseHandle
CreateDirectoryA
CreateDirectoryW
CreateFileA
CreateFileW
DeleteFileA
DeleteFileW
EnterCriticalSection
ExitProcess
FileTimeToLocalFileTime
FileTimeToSystemTime
FindClose
FindFirstFileA
FindFirstFileW
FindNextFileA
FindNextFileW
FreeEnvironmentStringsA
GetACP
GetCPInfo
GetCurrentDirectoryA
GetCurrentDirectoryW
GetCurrentThreadId
GetDateFormatA
GetDriveTypeA
GetDriveTypeW
GetEnvironmentStrings
GetFileAttributesA
GetFileAttributesW
GetFileSize
GetFileTime
GetFileType
GetFullPathNameA
GetFullPathNameW
GetLastError
GetLocalTime
GetLocaleInfoA
GetLogicalDrives
GetModuleFileNameA
GetModuleHandleA
GetModuleHandleW
GetOEMCP
GetProcAddress
GetProcessHeap
GetStartupInfoA
GetStdHandle
GetStringTypeA
GetStringTypeW
GetSystemDefaultLangID
GetTickCount
GetTimeZoneInformation
GetUserDefaultLCID
GetVersion
GetVersionExA
GlobalAlloc
GlobalFree
GlobalLock
GlobalMemoryStatus
GlobalSize
GlobalUnlock
HeapAlloc
HeapFree
IsValidLocale
LCMapStringA
LCMapStringW
LeaveCriticalSection
LoadLibraryA
MoveFileA
MoveFileW
MultiByteToWideChar
OutputDebugStringA
RaiseException
ReadFile
RemoveDirectoryA
RemoveDirectoryW
RtlUnwind
SetConsoleCtrlHandler
SetCurrentDirectoryA
SetCurrentDirectoryW
SetEnvironmentVariableA
SetEnvironmentVariableW
SetErrorMode
SetFilePointer
SetHandleCount
SetLastError
SetThreadLocale
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
UnhandledExceptionFilter
VirtualAlloc
VirtualFree
WideCharToMultiByte
WriteFile

wsock32

WSAAsyncSelect

comdlg32

PrintDlgA
PrintDlgW

gdi32

AbortDoc
Arc
BeginPath
BitBlt
Chord
CombineRgn
CreateBitmap
CreateCompatibleBitmap
CreateCompatibleDC
CreateDIBitmap
CreateEllipticRgn
CreateFontIndirectA
CreateFontIndirectW
CreateHatchBrush
CreatePalette
CreatePatternBrush
CreatePen
CreatePolygonRgn
CreateRectRgn
CreateSolidBrush
DeleteDC
DeleteObject
Ellipse
EndDoc
EndPage
EndPath
EnumFontFamiliesExA
EnumFontFamiliesW
EqualRgn
ExtCreatePen
ExtCreateRegion
FillPath
GdiFlush
GetCharABCWidthsA
GetCharABCWidthsFloatW
GetCharABCWidthsW
GetCurrentPositionEx
GetDIBits
GetDeviceCaps
GetNearestPaletteIndex
GetObjectA
GetObjectW
GetPaletteEntries
GetRegionData
GetRgnBox
GetStockObject
GetSystemPaletteEntries
GetTextExtentPoint32W
GetTextFaceA
GetTextFaceW
GetTextMetricsA
GetTextMetricsW
GetWindowExtEx
LineTo
MaskBlt
ModifyWorldTransform
MoveToEx
OffsetRgn
OffsetViewportOrgEx
PatBlt
Pie
PolyBezier
Polygon
Polyline
PtInRegion
RealizePalette
RectInRegion
Rectangle
ResizePalette
RoundRect
SelectClipRgn
SelectObject
SelectPalette
SetBkColor
SetBkMode
SetBrushOrgEx
SetDIBitsToDevice
SetGraphicsMode
SetPaletteEntries
SetPixelV
SetPolyFillMode
SetROP2
SetStretchBltMode
SetTextAlign
SetTextColor
SetWindowOrgEx
SetWorldTransform
StartDocA
StartDocW
StartPage
StretchBlt
StretchDIBits
TextOutW
UnrealizeObject
UpdateColors

shell32

ExtractIconExA

user32

BeginPaint
CallNextHookEx
ChangeClipboardChain
ChildWindowFromPoint
ClientToScreen
CloseClipboard
CreateCaret
CreateCursor
CreateIconIndirect
CreateWindowExA
DefWindowProcA
DefWindowProcW
DestroyCursor
DestroyIcon
DestroyWindow
DispatchMessageA
DispatchMessageW
DrawFocusRect
DrawIconEx
EmptyClipboard
EnableMenuItem
EndPaint
EnumClipboardFormats
EnumThreadWindows
GetCaretBlinkTime
GetClientRect
GetClipboardData
GetCursorPos
GetDC
GetDesktopWindow
GetDoubleClickTime
GetKeyState
GetMessageA
GetMessageW
GetSystemMenu
GetSystemMetrics
GetUpdateRgn
GetWindowDC
GetWindowLongA
GetWindowRect
HideCaret
InvalidateRect
IsIconic
IsWindowVisible
IsZoomed
KillTimer
LoadCursorA
LoadCursorW
LoadIconA
LoadIconW
MapVirtualKeyA
MapVirtualKeyW
MessageBeep
MessageBoxA
MoveWindow
OpenClipboard
PeekMessageA
PeekMessageW
PostMessageW
RegisterClassA
RegisterClassW
RegisterClipboardFormatA
RegisterWindowMessageA
RegisterWindowMessageW
ReleaseCapture
ReleaseDC
ScreenToClient
ScrollWindow
SendMessageA
SendMessageW
SetCapture
SetCaretBlinkTime
SetCaretPos
SetClipboardData
SetClipboardViewer
SetCursor
SetCursorPos
SetDoubleClickTime
SetForegroundWindow
SetParent
SetRect
SetTimer
SetWindowLongA
SetWindowPos
SetWindowRgn
SetWindowTextA
SetWindowTextW
SetWindowsHookExA
ShowWindow
SystemParametersInfoA
SystemParametersInfoW
TrackPopupMenuEx
TranslateMessage
UnhookWindowsHookEx
UnregisterClassA
UnregisterClassW
UpdateWindow
ValidateRgn
WindowFromPoint
wsprintfA
GetSysColor

imm32

ImmGetContext
ImmReleaseContext
ImmSetCompositionFontA
ImmSetCompositionFontW
ImmSetCompositionWindow

ole32

CoGetMalloc
CoLockObjectExternal
DoDragDrop
OleInitialize
OleUninitialize
RegisterDragDrop
ReleaseStgMedium
RevokeDragDrop

Exports

Exports

_QApp_created
_QApplication_activeModalWidget
_QApplication_activePopupWidget
_QApplication_activeWindow
_QApplication_allWidgets
_QApplication_argc
_QApplication_argv
_QApplication_beep
_QApplication_clipboard
_QApplication_closeAllWindows
_QApplication_closingDown
_QApplication_colorSpec
_QApplication_commitData
_QApplication_create
_QApplication_cursorFlashTime
_QApplication_defaultCodec
_QApplication_desktop
_QApplication_desktopSettingsAware
_QApplication_destroy
_QApplication_doubleClickInterval
_QApplication_enter_loop
_QApplication_exec
_QApplication_exit
_QApplication_exit_loop
_QApplication_flushX
_QApplication_focusWidget
_QApplication_font
_QApplication_fontMetrics
_QApplication_globalStrut
_QApplication_hasGlobalMouseTracking
_QApplication_hook_create
_QApplication_hook_destroy
_QApplication_hook_hook_aboutToQuit
_QApplication_hook_hook_guiThreadAwake
_QApplication_hook_hook_lastWindowClosed
_QApplication_installTranslator
_QApplication_isEffectEnabled
_QApplication_isSessionRestored
_QApplication_loopLevel
_QApplication_mainWidget
_QApplication_notify
_QApplication_overrideCursor
_QApplication_palette
_QApplication_polish
_QApplication_postEvent
_QApplication_processEvents
_QApplication_processEvents2
_QApplication_processOneEvent
_QApplication_quit
_QApplication_removePostedEvents
_QApplication_removeTranslator
_QApplication_restoreOverrideCursor
_QApplication_saveState
_QApplication_sendEvent
_QApplication_sendPostedEvents
_QApplication_sendPostedEvents2
_QApplication_sessionId
_QApplication_setColorSpec
_QApplication_setCursorFlashTime
_QApplication_setDefaultCodec
_QApplication_setDesktopSettingsAware
_QApplication_setDoubleClickInterval
_QApplication_setEffectEnabled
_QApplication_setFont
_QApplication_setGlobalMouseTracking
_QApplication_setGlobalStrut
_QApplication_setMainWidget
_QApplication_setOverrideCursor
_QApplication_setPalette
_QApplication_setStartDragDistance
_QApplication_setStartDragTime
_QApplication_setStyle
_QApplication_setWheelScrollLines
_QApplication_setWinStyleHighlightColor
_QApplication_startDragDistance
_QApplication_startDragTime
_QApplication_startingUp
_QApplication_style
_QApplication_syncX
_QApplication_topLevelWidgets
_QApplication_translate
_QApplication_translate2
_QApplication_wakeUpGuiThread
_QApplication_wheelScrollLines
_QApplication_widgetAt
_QApplication_widgetAt2
_QApplication_winEventFilter
_QApplication_winFocus
_QApplication_winMouseButtonUp
_QApplication_winStyleHighlightColor
_QApplication_winVersion
_QBitmap_create
_QBitmap_create2
_QBitmap_create3
_QBitmap_create4
_QBitmap_create5
_QBitmap_create6
_QBitmap_create7
_QBitmap_destroy
_QBitmap_from_QPixmap
_QBitmap_xForm
_QBrush_color
_QBrush_create
_QBrush_create2
_QBrush_create3
_QBrush_create4
_QBrush_create5
_QBrush_destroy
_QBrush_hook_create
_QBrush_hook_destroy
_QBrush_pixmap
_QBrush_setColor
_QBrush_setPixmap
_QBrush_setStyle
_QBrush_style
_QButtonGroup_count
_QButtonGroup_create
_QButtonGroup_create2
_QButtonGroup_create3
_QButtonGroup_create4
_QButtonGroup_destroy
_QButtonGroup_find
_QButtonGroup_hook_create
_QButtonGroup_hook_destroy
_QButtonGroup_hook_hook_clicked
_QButtonGroup_hook_hook_pressed
_QButtonGroup_hook_hook_released
_QButtonGroup_id
_QButtonGroup_insert
_QButtonGroup_isExclusive
_QButtonGroup_isRadioButtonExclusive
_QButtonGroup_moveFocus
_QButtonGroup_remove
_QButtonGroup_selected
_QButtonGroup_setButton
_QButtonGroup_setExclusive
_QButtonGroup_setRadioButtonExclusive
_QButton_accel
_QButton_animateClick
_QButton_autoRepeat
_QButton_autoResize
_QButton_create
_QButton_destroy
_QButton_focusNextPrevChild
_QButton_group
_QButton_hook_create
_QButton_hook_destroy
_QButton_hook_hook_clicked
_QButton_hook_hook_pressed
_QButton_hook_hook_released
_QButton_hook_hook_stateChanged
_QButton_hook_hook_toggled
_QButton_isDown
_QButton_isExclusiveToggle
_QButton_isOn
_QButton_isToggleButton
_QButton_pixmap
_QButton_setAccel
_QButton_setAutoRepeat
_QButton_setAutoResize
_QButton_setDown
_QButton_setPixmap
_QButton_setText
_QButton_state
_QButton_text
_QButton_toggle
_QButton_toggleType
_QByteArray_create
_QByteArray_destroy
_QCheckBox_create
_QCheckBox_create2
_QCheckBox_destroy
_QCheckBox_hook_create
_QCheckBox_hook_destroy
_QCheckBox_isChecked
_QCheckBox_isTristate
_QCheckBox_setChecked
_QCheckBox_setNoChange
_QCheckBox_setTristate
_QCheckBox_sizeHint
_QCheckBox_sizePolicy
_QCheckListItem_create
_QCheckListItem_create2
_QCheckListItem_create3
_QCheckListItem_create4
_QCheckListItem_create5
_QCheckListItem_destroy
_QCheckListItem_hook_create
_QCheckListItem_hook_destroy
_QCheckListItem_isEnabled
_QCheckListItem_isOn
_QCheckListItem_paintCell
_QCheckListItem_paintFocus
_QCheckListItem_setEnabled
_QCheckListItem_setOn
_QCheckListItem_setup
_QCheckListItem_text
_QCheckListItem_text2
_QCheckListItem_type
_QCheckListItem_width
_QChildEvent_child
_QChildEvent_create
_QChildEvent_destroy
_QChildEvent_hook_create
_QChildEvent_hook_destroy
_QChildEvent_inserted
_QChildEvent_removed
_QClipboard_clear
_QClipboard_data
_QClipboard_hook_create
_QClipboard_hook_destroy
_QClipboard_hook_hook_dataChanged
_QClipboard_image
_QClipboard_pixmap
_QClipboard_setData
_QClipboard_setImage
_QClipboard_setPixmap
_QClipboard_setText
_QClipboard_text
_QClipboard_text2
_QCloseEvent_accept
_QCloseEvent_create
_QCloseEvent_destroy
_QCloseEvent_hook_create
_QCloseEvent_hook_destroy
_QCloseEvent_ignore
_QCloseEvent_isAccepted
_QClxApplication_create
_QClxApplication_destroy
_QClxApplication_setWndProcHook
_QClxBitBtn_create
_QClxBitBtn_destroy
_QClxCheckListItem_create
_QClxCheckListItem_create2
_QClxCheckListItem_destroy
_QClxDesign_setDesignOptions
_QClxDragObject_addFormat
_QClxDragObject_create
_QClxDragObject_destroy
_QClxDragObject_encodedData
_QClxDragObject_format
_QClxDragObject_provides
_QClxDrawUtil_DrawItem
_QClxDrawUtil_DrawPlainRect
_QClxDrawUtil_DrawPlainRect2
_QClxDrawUtil_DrawShadeLine
_QClxDrawUtil_DrawShadeLine2
_QClxDrawUtil_DrawShadePanel
_QClxDrawUtil_DrawShadePanel2
_QClxDrawUtil_DrawShadeRect
_QClxDrawUtil_DrawShadeRect2
_QClxDrawUtil_DrawWinButton
_QClxDrawUtil_DrawWinButton2
_QClxDrawUtil_DrawWinPanel
_QClxDrawUtil_DrawWinPanel2
_QClxDrawUtil_FadeEffect
_QClxDrawUtil_ScrollEffect
_QClxIODevice_create
_QClxIODevice_destroy
_QClxIODevice_hook_progress
_QClxIconViewHooks_create
_QClxIconViewHooks_destroy
_QClxIconViewHooks_hook_PaintFocus
_QClxIconViewHooks_hook_PaintItem
_QClxIconViewHooks_hook_change
_QClxIconViewHooks_hook_changing
_QClxIconViewHooks_hook_destroyed
_QClxIconViewHooks_hook_setSelected
_QClxIconViewItem_ClxRef
_QClxIconViewItem_create
_QClxIconViewItem_create2
_QClxIconViewItem_destroy
_QClxIconViewItem_paintItem
_QClxLineEdit_alignment
_QClxLineEdit_autoSelect
_QClxLineEdit_backspace
_QClxLineEdit_canRedo
_QClxLineEdit_canUndo
_QClxLineEdit_clear
_QClxLineEdit_clearSelection
_QClxLineEdit_clearValidator
_QClxLineEdit_copy
_QClxLineEdit_create
_QClxLineEdit_create2
_QClxLineEdit_cursorLeft
_QClxLineEdit_cursorPosition
_QClxLineEdit_cursorRight
_QClxLineEdit_cursorWordBackward
_QClxLineEdit_cursorWordForward
_QClxLineEdit_cut
_QClxLineEdit_del
_QClxLineEdit_deselect
_QClxLineEdit_destroy
_QClxLineEdit_displayText
_QClxLineEdit_doSetSelection
_QClxLineEdit_echoMode
_QClxLineEdit_edited
_QClxLineEdit_end
_QClxLineEdit_frame
_QClxLineEdit_hasMarkedText
_QClxLineEdit_hideSelection
_QClxLineEdit_home
_QClxLineEdit_hook_create
_QClxLineEdit_hook_destroy
_QClxLineEdit_hook_hook_returnPressed
_QClxLineEdit_hook_hook_textChanged
_QClxLineEdit_insert
_QClxLineEdit_isReadOnly
_QClxLineEdit_keyReleaseEvent
_QClxLineEdit_markedText
_QClxLineEdit_maxLength
_QClxLineEdit_minimumSizeHint
_QClxLineEdit_paste
_QClxLineEdit_redo
_QClxLineEdit_resetSelection
_QClxLineEdit_selLen
_QClxLineEdit_selStart
_QClxLineEdit_selectAll
_QClxLineEdit_setAlignment
_QClxLineEdit_setAutoSelect
_QClxLineEdit_setCursorPosition
_QClxLineEdit_setEchoMode
_QClxLineEdit_setEdited
_QClxLineEdit_setEnabled
_QClxLineEdit_setFont
_QClxLineEdit_setFrame
_QClxLineEdit_setHideSelection
_QClxLineEdit_setMarkedText
_QClxLineEdit_setMaxLength
_QClxLineEdit_setPalette
_QClxLineEdit_setReadOnly
_QClxLineEdit_setSelStart
_QClxLineEdit_setSelection
_QClxLineEdit_setText
_QClxLineEdit_setValidator
_QClxLineEdit_sizeHint
_QClxLineEdit_sizePolicy
_QClxLineEdit_text
_QClxLineEdit_undo
_QClxLineEdit_updateSelection
_QClxLineEdit_validateAndSet
_QClxLineEdit_validator
_QClxListBoxHooks_create
_QClxListBoxHooks_destroy
_QClxListBoxHooks_hook_measure
_QClxListBoxHooks_hook_paint
_QClxListBoxItem_create
_QClxListBoxItem_destroy
_QClxListBoxItem_getData
_QClxListBoxItem_height
_QClxListBoxItem_setCustomHighlighting
_QClxListBoxItem_setData
_QClxListBoxItem_width
_QClxListViewHooks_create
_QClxListViewHooks_destroy
_QClxListViewHooks_hook_PaintBranches
_QClxListViewHooks_hook_PaintCell
_QClxListViewHooks_hook_change
_QClxListViewHooks_hook_changing
_QClxListViewHooks_hook_checked
_QClxListViewHooks_hook_destroyed
_QClxListViewHooks_hook_expanded
_QClxListViewHooks_hook_expanding
_QClxListViewHooks_hook_setSelected
_QClxListViewItem_ClxRef
_QClxListViewItem_create
_QClxListViewItem_create2
_QClxListViewItem_destroy
_QClxListViewItem_paintBranches
_QClxListViewItem_paintCell
_QClxMimeSourceFactory_create
_QClxMimeSourceFactory_data
_QClxMimeSourceFactory_destroy
_QClxMimeSourceFactory_setDataCallBack
_QClxMimeSource_addFormat
_QClxMimeSource_create
_QClxMimeSource_create2
_QClxMimeSource_destroy
_QClxMimeSource_encodedData
_QClxMimeSource_format
_QClxMimeSource_provides
_QClxObjectMap_add
_QClxObjectMap_find
_QClxObjectMap_findClxObject
_QClxObjectMap_remove
_QClxObjectMap_setAddCallback
_QClxObjectMap_setRemoveCallback
_QClxSlider_create
_QClxSlider_destroy
_QClxSlider_drawTicks
_QClxSpinBox_create
_QClxSpinBox_create2
_QClxSpinBox_destroy
_QClxSpinBox_downButton
_QClxSpinBox_editor
_QClxSpinBox_upButton
_QClxStyleHooks_create
_QClxStyleHooks_destroy
_QClxStyleHooks_hook_StyleDestroyed
_QClxStyleHooks_hook_bevelButtonRect
_QClxStyleHooks_hook_buttonRect
_QClxStyleHooks_hook_comboButtonFocusRect
_QClxStyleHooks_hook_comboButtonRect
_QClxStyleHooks_hook_drawArrow
_QClxStyleHooks_hook_drawBevelButton
_QClxStyleHooks_hook_drawButton
_QClxStyleHooks_hook_drawButtonMask
_QClxStyleHooks_hook_drawCheckMark
_QClxStyleHooks_hook_drawComboButton
_QClxStyleHooks_hook_drawComboButtonMask
_QClxStyleHooks_hook_drawExclusiveIndicator
_QClxStyleHooks_hook_drawExclusiveIndicatorMask
_QClxStyleHooks_hook_drawFocusRect
_QClxStyleHooks_hook_drawIndicator
_QClxStyleHooks_hook_drawIndicatorMask
_QClxStyleHooks_hook_drawItem
_QClxStyleHooks_hook_drawPanel
_QClxStyleHooks_hook_drawPopupMenuItem
_QClxStyleHooks_hook_drawPopupPanel
_QClxStyleHooks_hook_drawPushButton
_QClxStyleHooks_hook_drawPushButtonLabel
_QClxStyleHooks_hook_drawRect
_QClxStyleHooks_hook_drawRectStrong
_QClxStyleHooks_hook_drawScrollBarControls
_QClxStyleHooks_hook_drawSeparator
_QClxStyleHooks_hook_drawSlider
_QClxStyleHooks_hook_drawSliderGroove
_QClxStyleHooks_hook_drawSliderGrooveMask
_QClxStyleHooks_hook_drawSliderMask
_QClxStyleHooks_hook_drawSplitter
_QClxStyleHooks_hook_drawTab
_QClxStyleHooks_hook_drawTabMask
_QClxStyleHooks_hook_drawToolButton
_QClxStyleHooks_hook_drawToolButton2
_QClxStyleHooks_hook_extraPopupMenuItemWidth
_QClxStyleHooks_hook_itemRect
_QClxStyleHooks_hook_polish
_QClxStyleHooks_hook_polish2
_QClxStyleHooks_hook_polish3
_QClxStyleHooks_hook_polishPopupMenu
_QClxStyleHooks_hook_popupMenuItemHeight
_QClxStyleHooks_hook_popupSubmenuIndicatorWidth
_QClxStyleHooks_hook_pushButtonContentsRect
_QClxStyleHooks_hook_scrollBarMetrics
_QClxStyleHooks_hook_tabbarMetrics
_QClxStyleHooks_hook_toolButtonRect
_QClxStyleHooks_hook_unPolish
_QClxStyleHooks_hook_unPolish2
_QClxStyle_buttonShift
_QClxStyle_create
_QClxStyle_create2
_QClxStyle_defaultFrameWidth
_QClxStyle_destroy
_QClxStyle_exclusiveIndicatorSize
_QClxStyle_indicatorSize
_QClxStyle_init
_QClxStyle_maximumSliderDragDistance
_QClxStyle_refresh
_QClxStyle_scrollBarExtent
_QClxStyle_scrollBarMetrics
_QClxStyle_setButtonShift
_QClxStyle_setDefaultFrameWidth
_QClxStyle_setExclusiveIndicatorSize
_QClxStyle_setIndicatorSize
_QClxStyle_setMaximumSliderDragDistance
_QClxStyle_setScrollBarExtent
_QClxStyle_setSliderLength
_QClxStyle_setSplitterWidth
_QClxStyle_sliderLength
_QClxStyle_splitterWidth
_QClxStyle_tabbarMetrics
_QClxWidget_MaxWidgetSize
_QColorDialog_customColor
_QColorDialog_customCount
_QColorDialog_getColor
_QColorDialog_getRgba
_QColorDialog_hook_create
_QColorDialog_hook_destroy
_QColorDialog_setCustomColor
_QColorDrag_canDecode
_QColorDrag_create
_QColorDrag_create2
_QColorDrag_decode
_QColorDrag_destroy
_QColorDrag_hook_create
_QColorDrag_hook_destroy
_QColorDrag_setColor
_QColorGroup_background
_QColorGroup_base
_QColorGroup_brightText
_QColorGroup_brush
_QColorGroup_button
_QColorGroup_buttonText
_QColorGroup_color
_QColorGroup_create
_QColorGroup_create2
_QColorGroup_create3
_QColorGroup_create4
_QColorGroup_dark
_QColorGroup_destroy

Sections

.text
Size: 2.5MB - Virtual size: 2.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.edata
Size: 109KB - Virtual size: 112KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 147KB - Virtual size: 148KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Netdove_ACC_HOM/安装说明.txt
Netdove_ACC_HOM/新云软件.url
.url
Netdove_ACC_HOM/版本说明.txt
Netdove_ACC_HOM/连珠游戏.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 426KB - Virtual size: 426KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 37KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 16B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 31KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Headers

File Characteristics

Sections

CODE Size: 559KB - Virtual size: 559KB

DATA Size: 9KB - Virtual size: 9KB

BSS Size: - Virtual size: 3KB

.idata Size: 10KB - Virtual size: 9KB

.tls Size: - Virtual size: 16B

.rdata Size: 512B - Virtual size: 24B

.reloc Size: 38KB - Virtual size: 38KB

.rsrc Size: 36KB - Virtual size: 36KB

Headers

File Characteristics

Sections

CODE Size: 754KB - Virtual size: 753KB

DATA Size: 12KB - Virtual size: 12KB

BSS Size: - Virtual size: 3KB

.idata Size: 10KB - Virtual size: 9KB

.tls Size: - Virtual size: 16B

.rdata Size: 512B - Virtual size: 24B

.reloc Size: 56KB - Virtual size: 55KB

.rsrc Size: 768KB - Virtual size: 768KB

Headers

File Characteristics

Sections

CODE Size: 330KB - Virtual size: 330KB

DATA Size: 4KB - Virtual size: 4KB

BSS Size: - Virtual size: 2KB

.idata Size: 8KB - Virtual size: 8KB

.tls Size: - Virtual size: 16B

.rdata Size: 512B - Virtual size: 24B

.reloc Size: 24KB - Virtual size: 23KB

.rsrc Size: 21KB - Virtual size: 21KB

Headers

File Characteristics

Sections

CODE Size: 2.0MB - Virtual size: 2.0MB

DATA Size: 30KB - Virtual size: 29KB

BSS Size: - Virtual size: 5KB

.idata Size: 23KB - Virtual size: 23KB

.tls Size: - Virtual size: 64B

.rdata Size: 512B - Virtual size: 24B

.reloc Size: 135KB - Virtual size: 134KB

.rsrc Size: 596KB - Virtual size: 596KB

Headers

File Characteristics

Sections

CODE Size: 964KB - Virtual size: 963KB

DATA Size: 12KB - Virtual size: 11KB

BSS Size: - Virtual size: 4KB

.idata Size: 10KB - Virtual size: 9KB

.tls Size: - Virtual size: 16B

.rdata Size: 512B - Virtual size: 24B

.reloc Size: 71KB - Virtual size: 71KB

.rsrc Size: 78KB - Virtual size: 78KB

63aaf98fa84ac04fb19d90fce41ae7e5

Headers

File Characteristics

Imports

kernel32

user32

advapi32

ole32

oleaut32

Exports

Exports

Sections

.text Size: 12KB - Virtual size: 9KB

.rdata Size: 4KB - Virtual size: 1KB

.data Size: 4KB - Virtual size: 1KB

.rsrc Size: 408KB - Virtual size: 404KB

.reloc Size: 4KB - Virtual size: 1KB

Headers

File Characteristics

Sections

CODE
Size: 559KB - Virtual size: 559KB

DATA
Size: 9KB - Virtual size: 9KB

BSS
Size: - Virtual size: 3KB

.idata
Size: 10KB - Virtual size: 9KB

.tls
Size: - Virtual size: 16B

.rdata
Size: 512B - Virtual size: 24B

.reloc
Size: 38KB - Virtual size: 38KB

.rsrc
Size: 36KB - Virtual size: 36KB

CODE
Size: 754KB - Virtual size: 753KB

DATA
Size: 12KB - Virtual size: 12KB

BSS
Size: - Virtual size: 3KB

.idata
Size: 10KB - Virtual size: 9KB

.tls
Size: - Virtual size: 16B

.rdata
Size: 512B - Virtual size: 24B

.reloc
Size: 56KB - Virtual size: 55KB

.rsrc
Size: 768KB - Virtual size: 768KB

CODE
Size: 330KB - Virtual size: 330KB

DATA
Size: 4KB - Virtual size: 4KB

BSS
Size: - Virtual size: 2KB

.idata
Size: 8KB - Virtual size: 8KB

.tls
Size: - Virtual size: 16B

.rdata
Size: 512B - Virtual size: 24B

.reloc
Size: 24KB - Virtual size: 23KB

.rsrc
Size: 21KB - Virtual size: 21KB

CODE
Size: 2.0MB - Virtual size: 2.0MB

DATA
Size: 30KB - Virtual size: 29KB

BSS
Size: - Virtual size: 5KB

.idata
Size: 23KB - Virtual size: 23KB

.tls
Size: - Virtual size: 64B

.rdata
Size: 512B - Virtual size: 24B

.reloc
Size: 135KB - Virtual size: 134KB

.rsrc
Size: 596KB - Virtual size: 596KB

CODE
Size: 964KB - Virtual size: 963KB

DATA
Size: 12KB - Virtual size: 11KB

BSS
Size: - Virtual size: 4KB

.idata
Size: 10KB - Virtual size: 9KB

.tls
Size: - Virtual size: 16B

.rdata
Size: 512B - Virtual size: 24B

.reloc
Size: 71KB - Virtual size: 71KB

.rsrc
Size: 78KB - Virtual size: 78KB

.text
Size: 12KB - Virtual size: 9KB

.rdata
Size: 4KB - Virtual size: 1KB

.data
Size: 4KB - Virtual size: 1KB

.rsrc
Size: 408KB - Virtual size: 404KB

.reloc
Size: 4KB - Virtual size: 1KB

CODE
Size: 848KB - Virtual size: 848KB

DATA
Size: 8KB - Virtual size: 8KB

BSS
Size: - Virtual size: 3KB

.idata
Size: 10KB - Virtual size: 10KB

.tls
Size: - Virtual size: 16B

.rdata
Size: 512B - Virtual size: 24B

.reloc
Size: 60KB - Virtual size: 59KB

.rsrc
Size: 798KB - Virtual size: 798KB

CODE
Size: 653KB - Virtual size: 653KB

DATA
Size: 10KB - Virtual size: 9KB

BSS
Size: - Virtual size: 3KB

.idata
Size: 9KB - Virtual size: 9KB

.tls
Size: - Virtual size: 16B

.rdata
Size: 512B - Virtual size: 24B

.reloc
Size: 43KB - Virtual size: 43KB

.rsrc
Size: 58KB - Virtual size: 58KB

.text
Size: 2.5MB - Virtual size: 2.5MB

.data
Size: 1.2MB - Virtual size: 1.2MB

.tls
Size: 512B - Virtual size: 4KB

.idata
Size: 8KB - Virtual size: 8KB

.edata
Size: 109KB - Virtual size: 112KB

.rsrc
Size: 1KB - Virtual size: 4KB

.reloc
Size: 147KB - Virtual size: 148KB

CODE
Size: 426KB - Virtual size: 426KB

DATA
Size: 5KB - Virtual size: 4KB

BSS
Size: - Virtual size: 37KB

.idata
Size: 9KB - Virtual size: 9KB

.tls
Size: - Virtual size: 16B

.rdata
Size: 512B - Virtual size: 24B

.reloc
Size: 31KB - Virtual size: 31KB

.rsrc
Size: 28KB - Virtual size: 28KB