c8c61034e3557861f8d89002a83b905b_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

c8c61034e3557861f8d89002a83b905b_JaffaCakes118
Size

6.4MB
MD5

c8c61034e3557861f8d89002a83b905b
SHA1

ce3b7129475c0bc127581608a2306c7af126ca15
SHA256

d6073b651c6ffe84d22e5424bfdb79097af730cc89358f3a0f89eb1b22c414a7
SHA512

b85537bcb778ef8ae91089f0fd4a0e1832b35b24887499ad7f3fae14f993e6c432972c817e8b173f157dc1be9d639da54be10fc4587c73ed297824e5609d8419
SSDEEP

196608:tTCM9Lc3/t82F/pqhlYgcF1kI4sx/ChYX:tTG3l82nC2gcFcsxUYX

Score

7^/10

upx

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 1 IoCs

Detects file using ACProtect software.

resource	yara_rule
static1/unpack001/efsdll.dll	acprotect

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/efsdll.dll	upx
static1/unpack001/efskey.exe	upx

Unsigned PE 39 IoCs

Checks for missing Authenticode signature.

resource
unpack001/$PLUGINSDIR/InstallOptions.dll
unpack001/$PLUGINSDIR/StartMenu.dll
unpack001/$PLUGINSDIR/nsisdll.dll
unpack001/123key.exe
unpack001/acbtkey.exe
unpack001/actkey.exe
unpack001/ariskkey.dll
unpack001/ariskkey.exe
unpack001/bckey.exe
unpack001/bckupkey.exe
unpack001/efsdll.dll
unpack001/efskey.exe
unpack001/fmkey.exe
unpack001/iekey.exe
unpack001/lnkey.exe
unpack001/mailkey.exe
unpack001/moneykey.exe
unpack001/msgrkey.exe
unpack001/msvcr71.dll
unpack001/myobkey.exe
unpack001/nckey.exe
unpack001/oekey.exe
unpack001/offkey.exe
unpack001/onkey.exe
unpack001/orgkey.exe
unpack001/pdoxkey.exe
unpack001/peachkey.exe
unpack001/pk81.dll
unpack001/projkey.exe
unpack001/qbkey.exe
unpack001/qpkey.exe
unpack001/quickey.exe
unpack001/rarkey.exe
unpack001/scdkey.exe
unpack001/sqlkey.exe
unpack001/winkey.exe
unpack001/wpkey.exe
unpack001/wprokey.exe
unpack001/zipkey.exe

NSIS installer 1 IoCs

installer

resource	yara_rule
sample	nsis_installer_1

Files

c8c61034e3557861f8d89002a83b905b_JaffaCakes118
.exe windows:4 windows x86 arch:x86

18bc6fa81e19f21156316b1ae696ed6b

Code Sign

e0:9f:88:1b:1e:12:ac:c6:39:14:f1:f0:f5:6d:35:6a
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

22/08/2007, 00:00

Not After

21/08/2008, 23:59

Subject

CN=Passware\, Inc. Limited,O=Passware\, Inc. Limited,POSTALCODE=NA,STREET=30-38 Main Street+STREET=Suite 31 Don House,L=Gibraltar,ST=GI,C=GI

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

01:65:dd:b5:c1:26:1a:cc:00:46:ae:f3:76:7d:d0:80:f6:c3:d4:56
Signer

Actual PE Digest

01:65:dd:b5:c1:26:1a:cc:00:46:ae:f3:76:7d:d0:80:f6:c3:d4:56

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CloseHandle
SetFileTime
CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetFileSize
GetModuleFileNameA
GetTickCount
GetCurrentProcess
lstrcmpiA
ExitProcess
GetCommandLineA
GetWindowsDirectoryA
GetTempPathA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
CreateFileA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
lstrcmpA
GetEnvironmentVariableA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
SetErrorMode
GetModuleHandleA
LoadLibraryA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
MulDiv
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
CopyFileA

user32

ScreenToClient
GetWindowRect
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
EndDialog
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxA
CharPrevA
DispatchMessageA
PeekMessageA
CreateDialogParamA
DestroyWindow
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
RegisterClassA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
TrackPopupMenu
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ShowWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetMalloc
SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 108KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 40KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/InstallOptions.dll
.dll windows:4 windows x86 arch:x86

57354bdeea3dfae6e948101add87501a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetCurrentDirectoryA
GetCurrentDirectoryA
GetPrivateProfileIntA
GetModuleHandleA
lstrcmpiA
GetPrivateProfileStringA
lstrcatA
lstrcpynA
WritePrivateProfileStringA
lstrlenA
lstrcpyA
GlobalFree
MultiByteToWideChar
GlobalAlloc

user32

GetDlgCtrlID
GetClientRect
SetWindowRgn
MapWindowPoints
LoadImageA
SetWindowLongA
CreateWindowExA
MapDialogRect
SetWindowPos
GetWindowRect
CreateDialogParamA
ShowWindow
EnableWindow
GetDlgItem
DestroyIcon
DestroyWindow
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
PtInRect
LoadCursorA
SetCursor
DrawTextA
GetWindowLongA
DrawFocusRect
CallWindowProcA
PostMessageA
MessageBoxA
CharNextA
wsprintfA
GetWindowTextA
SetWindowTextA
SendMessageA
LoadIconA

gdi32

SetTextColor
GetObjectA
SelectObject
GetDIBits
CreateRectRgn
CombineRgn
DeleteObject
CreateCompatibleDC

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetDesktopFolder
SHGetMalloc
ShellExecuteA

comdlg32

GetOpenFileNameA
GetSaveFileNameA
CommDlgExtendedError

Exports

Exports

dialog
initDialog
show

Sections

.text
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 954B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/StartMenu.dll
.dll windows:4 windows x86 arch:x86

28d94e5199b88ad374b3cb2118e31a66

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrcpynA
GlobalAlloc
MulDiv
GetModuleHandleA
GlobalFree
FindClose
FindNextFileA
FindFirstFileA
lstrcmpiA
lstrcatA
lstrcpyA

user32

GetMessageA
IsDialogMessageA
PostMessageA
CallWindowProcA
TranslateMessage
CheckDlgButton
ShowWindow
LoadIconA
GetClientRect
MoveWindow
ScreenToClient
GetWindowRect
ReleaseDC
GetDC
EnableWindow
SetWindowTextA
SendMessageA
IsDlgButtonChecked
GetWindowTextA
DispatchMessageA
DestroyWindow
GetDlgItem
CreateDialogParamA
SetWindowLongA
wsprintfA
GetWindowLongA

gdi32

GetTextMetricsA
SelectObject

shell32

SHGetMalloc
SHGetSpecialFolderLocation
SHGetPathFromIDListA

Exports

Exports

Init
Select
Show

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 296B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 460B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/ioSpecial.ini
$PLUGINSDIR/modern-header.bmp
$PLUGINSDIR/modern-wizard.bmp
$PLUGINSDIR/nsisdll.dll
.dll windows:4 windows x86 arch:x86

7a1b2222bcad8848ee1e1190f24f1473

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetLastError
GlobalMemoryStatus
GetVersionExA
GetFullPathNameA
WideCharToMultiByte
MultiByteToWideChar
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
GetModuleHandleA
SetEndOfFile
RtlUnwind
RaiseException
GetCurrentThreadId
GetCommandLineA
ExitProcess
TerminateProcess
GetCurrentProcess
GetDriveTypeA
GetCurrentDirectoryA
GetSystemTimeAsFileTime
GetFileAttributesA
FindClose
FileTimeToSystemTime
FileTimeToLocalFileTime
FindFirstFileA
FlushFileBuffers
CloseHandle
SetFilePointer
SetStdHandle
GetFileType
SetLastError
HeapFree
HeapAlloc
GetStdHandle
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
UnhandledExceptionFilter
WriteFile
VirtualProtect
VirtualAlloc
GetSystemInfo
LCMapStringA
LCMapStringW
GetTimeZoneInformation
CompareStringA
CompareStringW
HeapReAlloc
HeapSize
ReadFile
IsBadReadPtr
IsBadWritePtr
IsBadCodePtr
GetACP
GetOEMCP
GetCPInfo
InterlockedExchange
GetLocaleInfoA
GetStringTypeA
GetStringTypeW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
CreateFileA
SetEnvironmentVariableA
GlobalAlloc
GlobalLock
GlobalUnlock
MulDiv
TlsAlloc
LoadLibraryA
GetProcAddress
TlsFree
FreeLibrary
SetUnhandledExceptionFilter
TlsGetValue
TlsSetValue
GetModuleFileNameA
VirtualQuery
GlobalFree
InterlockedDecrement
InterlockedIncrement
SetHandleCount
lstrcpyA

advapi32

RegEnumKeyExA
RegDeleteValueA
RegDeleteKeyA
RegQueryInfoKeyA
RegQueryValueExA
GetUserNameA
RegSetValueExA
RegOpenKeyExA
RegCloseKey
RegCreateKeyExA
RegEnumValueA
RegFlushKey

user32

GetDlgItemTextA
GetSysColor
EnableMenuItem
GetSystemMenu
SetWindowLongA
SystemParametersInfoA
DialogBoxIndirectParamA
GetWindowLongA
SetFocus
GetParent
GetDesktopWindow
GetWindowRect
CopyRect
SetCursor
SetWindowPos
GetClassInfoA
LoadCursorA
CreateCursor
UnregisterClassA
RegisterClassA
SendDlgItemMessageA
SetClipboardData
OpenClipboard
EmptyClipboard
CloseClipboard
GetKeyState
MessageBoxA
GetDC
ReleaseDC
EndDialog
OffsetRect
SendMessageA
GetDlgItem

gdi32

GetDeviceCaps
CreateSolidBrush
SetTextColor
SetBkMode
GetStockObject
GetObjectA
CreateFontIndirectA
SelectObject
DeleteObject
GetTextExtentPoint32A

shell32

ShellExecuteA

Exports

Exports

install
send_email

Sections

.text
Size: 156KB - Virtual size: 154KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 40KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/serial.ini
123key.exe
.exe windows:4 windows x86 arch:x86

a3eecdd6d0d99f707a43cc473fd4d066

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

InterlockedDecrement
InterlockedIncrement
GetModuleHandleA
GetStartupInfoA

pk81

ord12280
ord19748
ord15686
ord10282
ord4716
ord1708
ord12239
ord19151
ord3838
ord11500
ord20591
ord4865
ord7539
ord18340
ord20796
ord1546
ord4084
ord18584
ord14378
ord18980
ord2154
ord20745
ord10651
ord816
ord5335
ord6372
ord3362
ord10731
ord1523
ord12281
ord5636
ord11419
ord15917
ord8534
ord16359
ord1414
ord1374
ord5810
ord16690
ord14116
ord6998
ord20807
ord2823
ord14595
ord9697
ord17161
ord7798
ord7911
ord20005
ord4146
ord6070
ord13650
ord982
ord233
ord15824
ord9921
ord10247
ord19448
ord5998
ord2355
ord4773
ord232
ord2472
ord4150
ord15668
ord20003
ord21085
ord19111
ord8175
ord6069
ord15898
ord13716
ord15242
ord12967
ord4855
ord398
ord12445
ord19600
ord55
ord17156
ord2564
ord908
ord21143
ord15306
ord16648
ord11084
ord12325
ord21411
ord608
ord5230
ord15280
ord14873
ord4352
ord7253
ord10019
ord11171
ord10988
ord10993
ord3971
ord75
ord12067
ord20689
ord7720
ord7891
ord7074
ord4343
ord10373
ord21416
ord8307
ord18142
ord19201
ord15077
ord1296
ord20479
ord18829
ord3761
ord89

msvcr71

_controlfp
_onexit
__dllonexit
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_amsg_exit
_acmdln
exit
_cexit
_ismbblead
_XcptFilter
_exit
_c_exit
??1type_info@@UAE@XZ
_except_handler3
?terminate@@YAXXZ
??0exception@@QAE@ABV0@@Z
??1exception@@UAE@XZ
??0exception@@QAE@ABQBD@Z
?what@exception@@UBEPBDXZ
_callnewh
malloc
__CxxLongjmpUnwind
_setjmp3
memcmp
isprint
_purecall
strcpy
memcpy
_CxxThrowException
strlen
__CxxFrameHandler
??_V@YAXPAX@Z
??3@YAXPAX@Z

Sections

.text
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

CONST
Size: 4KB - Virtual size: 729B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

_TEXT
Size: 152KB - Virtual size: 148KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

xdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

text
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

_BSS
Size: - Virtual size: 1024B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_DATA
Size: 4KB - Virtual size: 506B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
acbtkey.exe
.exe windows:4 windows x86 arch:x86

eb3b216017233a42141b90480e041009

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

InterlockedIncrement
GetStartupInfoA
GetModuleHandleA
InterlockedDecrement

pk81

ord16690
ord14116
ord6998
ord20807
ord2823
ord7253
ord14873
ord10988
ord14595
ord2564
ord17156
ord55
ord19600
ord12445
ord398
ord5810
ord12280
ord19748
ord15686
ord4716
ord12239
ord19151
ord15414
ord13374
ord14771
ord3440
ord15401
ord11500
ord20591
ord4865
ord7539
ord18340
ord20796
ord1546
ord4084
ord18584
ord6417
ord9193
ord18980
ord12071
ord19793
ord9697
ord17161
ord7798
ord7911
ord20005
ord4146
ord6070
ord13650
ord13203
ord982
ord233
ord15824
ord4352
ord9921
ord10247
ord15077
ord19448
ord5998
ord2355
ord4773
ord17917
ord20863
ord20745
ord17597
ord816
ord2472
ord4150
ord15668
ord20003
ord21085
ord2668
ord19111
ord8175
ord6069
ord15898
ord13716
ord15242
ord12967
ord4855
ord20736
ord13738
ord13565
ord9166
ord8185
ord12691
ord16243
ord8364
ord6999
ord4509
ord14191
ord20479
ord15980
ord1974
ord6729
ord19091
ord5307
ord7219
ord17741
ord17943
ord19910
ord9658
ord2052
ord5101
ord18622
ord9606
ord1043
ord4989
ord20576
ord11468
ord5197
ord8907
ord1171
ord21204
ord873
ord17845
ord8018
ord4762
ord3428
ord12058
ord10899
ord9873
ord15306
ord527
ord20501
ord19562
ord19383
ord1562
ord13281
ord18515
ord19420
ord440
ord14593
ord6475
ord21253
ord16597
ord16543
ord13427
ord17317
ord12155
ord9693
ord335
ord9226
ord12032
ord4641
ord10993
ord3971
ord17654
ord9158
ord17410
ord16009
ord20536
ord19539
ord9056
ord12204
ord11955
ord10767
ord15006
ord7724
ord18631
ord4163
ord10618
ord18209
ord11047
ord2923
ord12800
ord7320
ord2357
ord5492
ord9335
ord12000
ord11912
ord10564
ord18378
ord14392
ord7247
ord14052
ord12735
ord920
ord183
ord18287
ord7076
ord11775
ord89
ord1414
ord16359
ord8534
ord15917
ord11419
ord5636
ord12281
ord1523
ord10731
ord3362
ord6372
ord5335
ord5230
ord10005
ord1475
ord13943
ord11004
ord16021
ord15280
ord21195
ord19799
ord4343
ord21416
ord7074
ord7891
ord10373
ord20370
ord7720
ord16544
ord12067
ord20689
ord466
ord17985
ord8307
ord18142
ord19201
ord11672
ord20362
ord147
ord6595
ord9747
ord6533
ord3761
ord13891

msvcr71

_controlfp
_onexit
__dllonexit
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_amsg_exit
_acmdln
exit
_cexit
_ismbblead
_XcptFilter
_exit
_c_exit
??1type_info@@UAE@XZ
_except_handler3
?terminate@@YAXXZ
??0exception@@QAE@ABV0@@Z
??1exception@@UAE@XZ
??0exception@@QAE@ABQBD@Z
?what@exception@@UBEPBDXZ
_callnewh
malloc
memmove
memcmp
memset
__CxxLongjmpUnwind
_setjmp3
memcpy
strchr
_CxxThrowException
strlen
strcmp
_purecall
__CxxFrameHandler
??_V@YAXPAX@Z
??3@YAXPAX@Z
_access

Sections

.text
Size: 132KB - Virtual size: 128KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

CONST
Size: 4KB - Virtual size: 530B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

_TEXT
Size: 68KB - Virtual size: 65KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

xdata
Size: 4KB - Virtual size: 972B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

text
Size: 4KB - Virtual size: 560B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 820B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_DATA
Size: 4KB - Virtual size: 116B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
actkey.exe
.exe windows:4 windows x86 arch:x86

2810bdd61d6774a83637b1c682610e26

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

InterlockedIncrement
InterlockedDecrement
GetModuleHandleA
GetStartupInfoA

advapi32

CloseServiceHandle
OpenSCManagerA
StartServiceA
QueryServiceStatus
OpenServiceA
ControlService

pk81

ord8401
ord20793
ord7834
ord9257
ord1011
ord4042
ord2156
ord17448
ord8389
ord10347
ord11319
ord18459
ord10099
ord16009
ord10993
ord4169
ord10005
ord8307
ord18392
ord13828
ord75
ord4604
ord3971
ord5714
ord11775
ord6508
ord11770
ord15306
ord6799
ord908
ord2564
ord17156
ord55
ord19600
ord12445
ord398
ord5810
ord12280
ord19748
ord15686
ord10282
ord4716
ord1708
ord12239
ord19151
ord3838
ord11500
ord20591
ord4865
ord7539
ord18340
ord20796
ord1546
ord4084
ord20689
ord14378
ord18980
ord2154
ord20745
ord13427
ord816
ord12627
ord10731
ord1523
ord12281
ord5636
ord11419
ord15917
ord8534
ord16359
ord1414
ord89
ord20479
ord16690
ord14116
ord6998
ord20807
ord2823
ord7253
ord14873
ord14595
ord8094
ord9697
ord17161
ord7798
ord7911
ord20005
ord4146
ord6070
ord13650
ord233
ord15824
ord2472
ord4150
ord20003
ord21085
ord19111
ord8175
ord6069
ord15898
ord13716
ord15242
ord12967
ord4855
ord9921
ord10247
ord15077
ord19448
ord5998
ord2355
ord20251
ord15132
ord6710
ord13070
ord11111
ord19555
ord6199
ord232
ord10019
ord3043
ord15668
ord9993
ord8425
ord15928
ord14593
ord11133
ord1035
ord12060
ord20569
ord18901
ord16544
ord1928
ord8005
ord14877
ord4352
ord982
ord16543
ord13396
ord13738
ord10988
ord11171
ord12000
ord5230
ord11004
ord7080
ord13945
ord16021
ord12067
ord3362
ord6372
ord5335
ord466
ord18142
ord19201
ord9785
ord4343
ord21416
ord7074
ord7891
ord10373
ord15280
ord1868
ord14534
ord18855
ord10651
ord7720
ord3761
ord18584

msvcr71

_controlfp
_onexit
__dllonexit
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_amsg_exit
_acmdln
exit
_cexit
_ismbblead
_XcptFilter
_exit
_c_exit
??1type_info@@UAE@XZ
_except_handler3
?terminate@@YAXXZ
??0exception@@QAE@ABV0@@Z
??1exception@@UAE@XZ
??0exception@@QAE@ABQBD@Z
?what@exception@@UBEPBDXZ
_callnewh
strcpy
setlocale
toupper
memmove
free
malloc
memset
strlen
_purecall
__CxxLongjmpUnwind
_setjmp3
memcpy
wcscmp
memcmp
strcmp
_CxxThrowException
__CxxFrameHandler
??_V@YAXPAX@Z
??3@YAXPAX@Z

Sections

.text
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

CONST
Size: 4KB - Virtual size: 582B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

_TEXT
Size: 160KB - Virtual size: 156KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

xdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

text
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_DATA
Size: 4KB - Virtual size: 140B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
ariskkey.dll
.dll windows:4 windows x86 arch:x86

b52d799c44c87a199ae8aec934147fc4

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetVersionExA
CloseHandle
MapViewOfFile
UnmapViewOfFile
OpenFileMappingA
MultiByteToWideChar
WaitForSingleObject
OpenEventA
SetEvent
CreateEventA
CreateFileMappingA
GetModuleHandleA
GetSystemInfo
VirtualProtect
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
LCMapStringW
LCMapStringA
GetStringTypeW
GetStringTypeA
GetCurrentThreadId
GetCommandLineA
ExitProcess
GetProcAddress
TerminateProcess
GetCurrentProcess
TlsAlloc
SetLastError
GetLastError
TlsFree
TlsSetValue
TlsGetValue
HeapFree
HeapAlloc
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
UnhandledExceptionFilter
WriteFile
LeaveCriticalSection
EnterCriticalSection
GetACP
GetOEMCP
GetCPInfo
VirtualAlloc
HeapReAlloc
InitializeCriticalSection
RtlUnwind
InterlockedExchange
VirtualQuery
LoadLibraryA
HeapSize
GetLocaleInfoA

user32

SetWindowsHookExA
CallNextHookEx
EnumChildWindows
PostMessageA
UnhookWindowsHookEx
RegisterWindowMessageA
GetClassNameW
GetWindowTextLengthW
GetWindowLongA
IsWindowVisible
GetClassNameA
GetWindowTextW
GetWindowTextA
GetWindow
GetParent

Exports

Exports

pk_assert_dll_version

Sections

.text
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

CONST
Size: 1024B - Virtual size: 549B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

_TEXT
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_DATA
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ariskkey.exe
.exe windows:4 windows x86 arch:x86

924f28d88acd59285a7261a06eb006b2

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

InterlockedDecrement
InterlockedIncrement
GetCurrentThreadId
GetStartupInfoA
LocalFree
GetModuleHandleA

user32

GetClassNameA
GetWindowTextLengthA
GetWindowTextW
GetWindowTextLengthW
GetKeyState
GetParent
EnumChildWindows
IsWindowVisible
EnumWindows
PostMessageA
SetActiveWindow
AttachThreadInput
GetWindowThreadProcessId
IsWindow
GetWindowTextA

ole32

OleInitialize
OleUninitialize
OleRun
CoCreateInstance

oleaut32

GetErrorInfo
VariantClear

ariskkey

ord25
ord11
ord19
ord33
ord41

pk81

ord4352
ord5004
ord11171
ord10988
ord13738
ord5230
ord18745
ord2010
ord5724
ord3232
ord18367
ord7253
ord14873
ord908
ord2564
ord17156
ord55
ord19600
ord12445
ord398
ord5810
ord12280
ord19748
ord16544
ord10282
ord4716
ord1708
ord12239
ord19151
ord3838
ord11500
ord20591
ord4865
ord18340
ord20796
ord1546
ord4084
ord18584
ord2154
ord18980
ord10651
ord626
ord14378
ord9697
ord17161
ord7798
ord7911
ord20005
ord4146
ord11480
ord13650
ord982
ord233
ord18378
ord10247
ord19448
ord5998
ord17306
ord3463
ord15824
ord9307
ord434
ord9127
ord20745
ord816
ord2472
ord4150
ord15668
ord20003
ord21085
ord19111
ord8175
ord6069
ord15898
ord13716
ord15242
ord12967
ord4855
ord7080
ord12058
ord1928
ord13945
ord16021
ord12067
ord20689
ord7720
ord3362
ord14116
ord5335
ord89
ord1414
ord6372
ord16359
ord466
ord17985
ord8307
ord18142
ord19201
ord3761
ord321
ord12651
ord14860
ord14595
ord4343
ord7074
ord7891
ord10373
ord18053
ord3971
ord19488
ord2823
ord20807
ord15917
ord11419
ord5636
ord6998
ord15280
ord16690
ord20479
ord8534
ord21416
ord12281
ord1523
ord10731
ord6070
ord11004
ord15686

msvcr71

strcmp
__CxxFrameHandler
strlen
_CxxThrowException
_controlfp
_onexit
__dllonexit
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
strncmp
_setjmp3
_amsg_exit
_acmdln
exit
_cexit
_ismbblead
_XcptFilter
_exit
_c_exit
??1type_info@@UAE@XZ
_except_handler3
?terminate@@YAXXZ
??0exception@@QAE@ABV0@@Z
??1exception@@UAE@XZ
??0exception@@QAE@ABQBD@Z
?what@exception@@UBEPBDXZ
_callnewh
malloc
_purecall
__CxxLongjmpUnwind
??3@YAXPAX@Z

Sections

.text
Size: 20KB - Virtual size: 18KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 376B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
bckey.exe
.exe windows:4 windows x86 arch:x86

b2fea1bc34152129ab34a45fd1d40dff

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

InterlockedDecrement
InterlockedIncrement
GetModuleHandleA
GetStartupInfoA

pk81

ord6729
ord19091
ord5307
ord7219
ord17741
ord17943
ord19910
ord9658
ord2052
ord5101
ord18622
ord1523
ord10731
ord12281
ord15280
ord5636
ord15917
ord11419
ord18142
ord6998
ord8534
ord16690
ord14116
ord20479
ord16359
ord1414
ord89
ord20807
ord2823
ord14595
ord13716
ord4150
ord6069
ord10899
ord9873
ord527
ord233
ord20501
ord15824
ord19562
ord15898
ord9921
ord10247
ord15077
ord19448
ord5998
ord2355
ord4773
ord17917
ord8307
ord7253
ord14873
ord2564
ord17156
ord55
ord19600
ord12445
ord398
ord9747
ord12280
ord19748
ord1974
ord4716
ord12239
ord19151
ord15414
ord13374
ord14771
ord3440
ord15401
ord11500
ord20591
ord4865
ord7539
ord18340
ord20796
ord1546
ord4084
ord18584
ord6417
ord9193
ord18980
ord12071
ord19793
ord9697
ord17161
ord7798
ord7911
ord20005
ord4146
ord6070
ord13650
ord13203
ord20863
ord20745
ord17597
ord816
ord2472
ord15668
ord20003
ord21085
ord2668
ord19111
ord8175
ord15242
ord12967
ord4855
ord10185
ord16731
ord2533
ord17985
ord8018
ord9606
ord11171
ord11151
ord15037
ord10331
ord20736
ord15980
ord13891
ord14191
ord4509
ord6999
ord8364
ord16243
ord3362
ord6372
ord5335
ord7720
ord982
ord12691
ord4343
ord21416
ord7074
ord7891
ord11004
ord8185
ord9166
ord5230
ord13565
ord13738
ord20370
ord6533
ord20689
ord19201
ord3428
ord17845
ord873
ord21204
ord1171
ord8907
ord5197
ord11468
ord20576
ord4989
ord7814
ord8974
ord10988
ord4352
ord16543
ord15686
ord10373
ord3761
ord5810

msvcr71

_controlfp
_onexit
__dllonexit
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_amsg_exit
_acmdln
exit
_cexit
_ismbblead
_XcptFilter
_exit
_c_exit
??1type_info@@UAE@XZ
_except_handler3
?terminate@@YAXXZ
??0exception@@QAE@ABV0@@Z
??1exception@@UAE@XZ
??0exception@@QAE@ABQBD@Z
?what@exception@@UBEPBDXZ
_callnewh
free
malloc
fopen
memcmp
__CxxLongjmpUnwind
_setjmp3
_purecall
strlen
memcpy
memset
_CxxThrowException
__CxxFrameHandler
??_V@YAXPAX@Z
??3@YAXPAX@Z

Sections

.text
Size: 84KB - Virtual size: 81KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

CONST
Size: 4KB - Virtual size: 335B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

_TEXT
Size: 56KB - Virtual size: 53KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

xdata
Size: 4KB - Virtual size: 708B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

text
Size: 4KB - Virtual size: 455B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 36KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_DATA
Size: 4KB - Virtual size: 59B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
bckupkey.exe
.exe windows:4 windows x86 arch:x86

b2a604b00aee433a0d1604f0daf2bb90

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

InterlockedDecrement
InterlockedIncrement
GetModuleHandleA
GetStartupInfoA

pk81

ord20591
ord4865
ord7539
ord18340
ord20796
ord1546
ord4084
ord18584
ord14378
ord18980
ord2154
ord20745
ord10651
ord816
ord5335
ord6372
ord3362
ord10731
ord1523
ord12281
ord5636
ord15280
ord11419
ord15917
ord8534
ord16359
ord1414
ord89
ord20479
ord16690
ord14116
ord6998
ord20807
ord18142
ord11500
ord14873
ord14595
ord9697
ord17161
ord7798
ord7911
ord20005
ord4146
ord6070
ord13650
ord982
ord233
ord15824
ord2472
ord4150
ord15668
ord20003
ord21085
ord19111
ord8175
ord6069
ord15898
ord13716
ord15242
ord12967
ord4855
ord9921
ord10247
ord19448
ord5998
ord2355
ord4773
ord232
ord3838
ord19151
ord12239
ord1708
ord4716
ord10282
ord15686
ord19748
ord12280
ord5810
ord398
ord12445
ord19600
ord55
ord17156
ord2564
ord908
ord4352
ord7891
ord7074
ord15077
ord15306
ord6799
ord4343
ord10373
ord21416
ord4604
ord12000
ord10019
ord11171
ord10988
ord10993
ord3971
ord75
ord12067
ord20689
ord7253
ord8307
ord3761
ord2823

msvcr71

_controlfp
_onexit
__dllonexit
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_amsg_exit
_acmdln
exit
_cexit
_ismbblead
_XcptFilter
_exit
_c_exit
??1type_info@@UAE@XZ
_except_handler3
?terminate@@YAXXZ
??0exception@@QAE@ABV0@@Z
??1exception@@UAE@XZ
??0exception@@QAE@ABQBD@Z
?what@exception@@UBEPBDXZ
_callnewh
malloc
__CxxLongjmpUnwind
_setjmp3
_purecall
memcpy
_CxxThrowException
strncmp
strcpy
__CxxFrameHandler
??_V@YAXPAX@Z
??3@YAXPAX@Z

Sections

.text
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

CONST
Size: 4KB - Virtual size: 550B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

_TEXT
Size: 112KB - Virtual size: 108KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

xdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

text
Size: 4KB - Virtual size: 672B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 184B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_DATA
Size: 4KB - Virtual size: 76B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
dict.txt
efsdll.dll
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

?GetFile@@YAHPADH0AAKAA_JH@Z
?GetFileWillBeLong@@YAHPAD@Z
?InitializeDll@@YAXPBD@Z
?SetParams@@YAHW4CSTYLE@@PAD@Z
?dll_breakflag@@3_NA
?lp_SetProgress@@3P6GXH@ZA

Sections

UPX0
Size: - Virtual size: 2.7MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 186KB - Virtual size: 188KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX2
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
efskey.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 280KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 157KB - Virtual size: 160KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 35KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
fmkey.exe
.exe windows:4 windows x86 arch:x86

8d669fdf092e4fa4b92fc0c3f9742106

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

InterlockedDecrement
InterlockedIncrement
GetSystemDefaultLCID
InterlockedExchange
GetModuleHandleA
GetStartupInfoA

user32

GetKeyState

pk81

ord17156
ord55
ord19600
ord12445
ord398
ord5810
ord12280
ord19748
ord15686
ord10282
ord4716
ord1708
ord12239
ord19151
ord3838
ord11500
ord20591
ord4865
ord7539
ord18340
ord20796
ord1546
ord4084
ord18584
ord14378
ord18980
ord2154
ord20745
ord10651
ord816
ord5335
ord6372
ord3362
ord10731
ord1523
ord12281
ord5636
ord11419
ord15917
ord8534
ord16359
ord1414
ord89
ord20479
ord16690
ord14116
ord6998
ord20807
ord2823
ord7253
ord14873
ord14595
ord9697
ord17161
ord7798
ord7911
ord20005
ord4146
ord6070
ord2564
ord982
ord233
ord908
ord15668
ord20003
ord2472
ord4150
ord21085
ord15242
ord19111
ord8175
ord6069
ord15898
ord13716
ord4855
ord9921
ord10247
ord15077
ord19448
ord5998
ord2355
ord4773
ord232
ord14593
ord6475
ord21253
ord9226
ord16597
ord13427
ord10005
ord2156
ord17448
ord8389
ord16717
ord16378
ord1617
ord2102
ord255
ord16544
ord3374
ord8306
ord2384
ord10365
ord7355
ord14943
ord4132
ord5694
ord19861
ord17182
ord21219
ord19937
ord11151
ord18507
ord8952
ord6242
ord2818
ord19720
ord6464
ord18546
ord1962
ord17004
ord4778
ord15858
ord17571
ord8696
ord14877
ord8005
ord20943
ord10331
ord16009
ord2923
ord15280
ord21258
ord15677
ord18053
ord6961
ord11171
ord18177
ord16543
ord14728
ord10993
ord10988
ord4352
ord6799
ord11004
ord4604
ord3387
ord3971
ord8974
ord11766
ord75
ord12067
ord20689
ord10185
ord2533
ord16731
ord8307
ord18142
ord19201
ord4343
ord21416
ord7074
ord7891
ord5230
ord10373
ord15824
ord3761
ord13650

msvcr71

_controlfp
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_amsg_exit
_acmdln
exit
_cexit
_ismbblead
_XcptFilter
_exit
_c_exit
_onexit
__dllonexit
??1type_info@@UAE@XZ
_except_handler3
?terminate@@YAXXZ
??0exception@@QAE@ABQBD@Z
?what@exception@@UBEPBDXZ
_callnewh
malloc
memset
__CxxLongjmpUnwind
_setjmp3
_purecall
??0exception@@QAE@ABV0@@Z
??0exception@@QAE@XZ
??1exception@@UAE@XZ
memcmp
memmove
strlen
_CxxThrowException
memcpy
__CxxFrameHandler
??_V@YAXPAX@Z
??3@YAXPAX@Z

Sections

.text
Size: 20KB - Virtual size: 18KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

CONST
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

_TEXT
Size: 352KB - Virtual size: 351KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

xdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

_BSS
Size: - Virtual size: 48B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 952B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_DATA
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

CRT
Size: 4KB - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
iekey.exe
.exe windows:4 windows x86 arch:x86

3537565d611c1cfb479d853450bb861b

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LoadLibraryA
GetProcAddress
FreeLibrary
InterlockedIncrement
InterlockedDecrement
lstrlenA
InitializeCriticalSection
GetStartupInfoA
GetModuleHandleA
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection

advapi32

RegOpenKeyExA
RegQueryValueExA
RegCloseKey

shell32

SHGetMalloc
SHGetSpecialFolderLocation
SHGetPathFromIDListA

pk81

ord18506
ord3107
ord5335
ord3362
ord10731
ord1523
ord12281
ord11419
ord15917
ord8534
ord16359
ord1414
ord89
ord20479
ord16690
ord14116
ord6998
ord20807
ord908
ord2564
ord17156
ord55
ord19600
ord12445
ord398
ord5810
ord12280
ord19748
ord15686
ord10282
ord4716
ord1708
ord12239
ord19151
ord3838
ord11500
ord20591
ord17704
ord18340
ord20796
ord1546
ord4084
ord18584
ord2154
ord18980
ord10651
ord626
ord14378
ord14595
ord9697
ord17161
ord7798
ord7911
ord20005
ord4146
ord6070
ord13650
ord20675
ord21265
ord15019
ord982
ord233
ord18378
ord3463
ord15824
ord20745
ord3232
ord816
ord2472
ord4150
ord15668
ord20003
ord21085
ord19111
ord8175
ord6069
ord15898
ord13716
ord15242
ord12967
ord4855
ord2923
ord19488
ord10005
ord9158
ord14605
ord5912
ord12312
ord19976
ord8884
ord14009
ord4399
ord15208
ord5105
ord6718
ord2602
ord2805
ord4650
ord3301
ord1479
ord9969
ord3971
ord15751
ord5714
ord5636
ord12722
ord12800
ord10099
ord10347
ord11319
ord18459
ord16717
ord8389
ord17448
ord2156
ord12904
ord7080
ord1475
ord17985
ord7038
ord8958
ord466
ord2823
ord1928
ord11004
ord16544
ord15762
ord10993
ord2791
ord13738
ord5230
ord17745
ord4157
ord4362
ord11775
ord16021
ord15132
ord11111
ord6710
ord16543
ord11171
ord15280
ord20251
ord19555
ord4352
ord4343
ord10373
ord21416
ord7891
ord7074
ord10988
ord7253
ord14873
ord19471
ord12058
ord12067
ord7720
ord12627
ord6372
ord8307
ord18142
ord19201
ord20689
ord3761
ord15257
ord19423
ord1143
ord4865

msvcr71

_read
_lseek
_controlfp
_onexit
__dllonexit
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_amsg_exit
_acmdln
exit
_cexit
_ismbblead
_XcptFilter
_exit
_c_exit
??1type_info@@UAE@XZ
?terminate@@YAXXZ
??0exception@@QAE@ABQBD@Z
?what@exception@@UBEPBDXZ
_except_handler3
_callnewh
??0exception@@QAE@XZ
??1exception@@UAE@XZ
??0exception@@QAE@ABV0@@Z
memmove
__CxxLongjmpUnwind
_setjmp3
memcmp
strcpy
_close
_purecall
malloc
free
memcpy
_CxxThrowException
strlen
strcmp
__CxxFrameHandler
??_V@YAXPAX@Z
??3@YAXPAX@Z
_open

Sections

.text
Size: 56KB - Virtual size: 54KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

CONST
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

_TEXT
Size: 904KB - Virtual size: 900KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

xdata
Size: 24KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

text
Size: 28KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

_BSS
Size: - Virtual size: 4B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_DATA
Size: 4KB - Virtual size: 894B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
lnkey.exe
.exe windows:4 windows x86 arch:x86

6602416a0ee70e48023ff33ec60c1a01

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

InterlockedDecrement
InterlockedIncrement
GetModuleHandleA
GetStartupInfoA

pk81

ord15824
ord13716
ord8307
ord2564
ord17156
ord55
ord19600
ord12445
ord398
ord5810
ord12280
ord19748
ord15686
ord4716
ord12239
ord19151
ord15414
ord13374
ord14771
ord3440
ord15401
ord11500
ord20591
ord4865
ord7539
ord18340
ord20796
ord1546
ord4084
ord18584
ord6417
ord9193
ord18980
ord12071
ord19793
ord9697
ord17161
ord7798
ord7911
ord20005
ord4146
ord6070
ord13650
ord13203
ord9921
ord10247
ord15077
ord19448
ord5998
ord2355
ord4773
ord232
ord20745
ord17597
ord816
ord2472
ord15668
ord7074
ord4343
ord20003
ord21085
ord2668
ord19111
ord8175
ord15242
ord12967
ord15898
ord20689
ord12067
ord11004
ord6533
ord9064
ord17174
ord7274
ord410
ord16120
ord20736
ord8018
ord9606
ord2056
ord9433
ord20370
ord7814
ord5036
ord4989
ord20576
ord11468
ord5197
ord8907
ord1171
ord21204
ord873
ord17845
ord3428
ord13738
ord13565
ord10373
ord5230
ord9166
ord8185
ord7891
ord12691
ord7720
ord16243
ord8364
ord6999
ord4509
ord14191
ord13891
ord15980
ord1974
ord6729
ord19091
ord5307
ord7219
ord17741
ord17943
ord19910
ord9658
ord2052
ord5101
ord18622
ord14593
ord6475
ord21253
ord9226
ord16543
ord13427
ord16597
ord18378
ord12000
ord14392
ord16021
ord6069
ord10899
ord527
ord19562
ord20501
ord9873
ord233
ord4150
ord15306
ord982
ord4352
ord14595
ord10988
ord14873
ord7253
ord75
ord2823
ord20807
ord6998
ord14116
ord16690
ord20479
ord89
ord1414
ord16359
ord18142
ord8534
ord21416
ord15917
ord11419
ord15280
ord5636
ord12281
ord1523
ord10731
ord3362
ord6372
ord19201
ord5335
ord3761
ord4855

msvcr71

_controlfp
_onexit
__dllonexit
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_amsg_exit
_acmdln
exit
_cexit
_ismbblead
_XcptFilter
_exit
_c_exit
??1type_info@@UAE@XZ
_except_handler3
?terminate@@YAXXZ
??0exception@@QAE@ABV0@@Z
??1exception@@UAE@XZ
??0exception@@QAE@ABQBD@Z
?what@exception@@UBEPBDXZ
_callnewh
malloc
memcpy
memcmp
memset
strlen
_CxxThrowException
__CxxLongjmpUnwind
_setjmp3
_purecall
__CxxFrameHandler
??3@YAXPAX@Z

Sections

.text
Size: 36KB - Virtual size: 33KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 468B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
mailkey.exe
.exe windows:4 windows x86 arch:x86

12d68ad93d1cf93357363ab53a6c7edc

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

InterlockedDecrement
InterlockedIncrement
GetModuleHandleA
GetStartupInfoA

pk81

ord1523
ord12281
ord5636
ord15280
ord11419
ord15917
ord21416
ord8534
ord18142
ord16359
ord1414
ord89
ord20479
ord16690
ord14116
ord6998
ord20807
ord2823
ord7253
ord14873
ord10988
ord14595
ord9697
ord17161
ord7798
ord7911
ord20005
ord4146
ord6070
ord13650
ord982
ord233
ord908
ord10731
ord2472
ord4150
ord15668
ord7074
ord4343
ord20003
ord21085
ord19111
ord8175
ord6069
ord15898
ord13716
ord15242
ord12967
ord4855
ord9921
ord10247
ord15077
ord19448
ord5998
ord2355
ord4773
ord232
ord20689
ord12067
ord75
ord16543
ord4604
ord10373
ord6508
ord6799
ord15306
ord11171
ord3362
ord6372
ord5335
ord8307
ord816
ord10651
ord20745
ord2154
ord18980
ord14378
ord18584
ord4084
ord1546
ord20796
ord18340
ord7539
ord4865
ord20591
ord11500
ord3838
ord19151
ord12239
ord1708
ord4716
ord10282
ord15686
ord19748
ord12280
ord5810
ord398
ord12445
ord19600
ord55
ord17156
ord4352
ord2564
ord3761
ord15824

msvcr71

_controlfp
_onexit
__dllonexit
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_amsg_exit
_acmdln
exit
_cexit
_ismbblead
_XcptFilter
_exit
_c_exit
??1type_info@@UAE@XZ
_except_handler3
?terminate@@YAXXZ
??0exception@@QAE@ABV0@@Z
??1exception@@UAE@XZ
??0exception@@QAE@ABQBD@Z
?what@exception@@UBEPBDXZ
_callnewh
malloc
strlen
_CxxThrowException
__CxxLongjmpUnwind
_setjmp3
_purecall
__CxxFrameHandler
??_V@YAXPAX@Z
??3@YAXPAX@Z

Sections

.text
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

CONST
Size: 512B - Virtual size: 263B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

_TEXT
Size: 54KB - Virtual size: 54KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

xdata
Size: 512B - Virtual size: 452B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

text
Size: 512B - Virtual size: 184B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 208B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_DATA
Size: 1024B - Virtual size: 844B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
moneykey.exe
.exe windows:4 windows x86 arch:x86

d9a4cbecf83e6ae2c2e2dd54b9c7bff1

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

InterlockedIncrement
InterlockedDecrement
GetModuleHandleA
GetStartupInfoA

advapi32

CryptDestroyHash
CryptGetHashParam
CryptDestroyKey
CryptAcquireContextA
CryptReleaseContext
CryptSetKeyParam
CryptDecrypt
CryptDeriveKey
CryptHashData
CryptCreateHash

pk81

ord6372
ord3362
ord16243
ord8364
ord6999
ord4509
ord14191
ord13891
ord15980
ord1974
ord6729
ord19091
ord5307
ord7219
ord10365
ord17943
ord19910
ord9658
ord2052
ord5101
ord18622
ord16731
ord2533
ord10185
ord18142
ord13945
ord1523
ord10731
ord12281
ord5636
ord15917
ord11419
ord6998
ord8534
ord16690
ord14116
ord20479
ord16359
ord1414
ord89
ord20807
ord2823
ord75
ord7253
ord10988
ord14873
ord14595
ord11171
ord4352
ord3387
ord10331
ord15037
ord19257
ord15865
ord20770
ord16543
ord15306
ord13716
ord4150
ord6069
ord10899
ord9873
ord527
ord20501
ord19562
ord15898
ord6508
ord6799
ord15077
ord3971
ord2923
ord10993
ord8974
ord9747
ord17149
ord2564
ord17156
ord55
ord19600
ord5335
ord398
ord5810
ord12280
ord19748
ord15686
ord4716
ord12239
ord19151
ord15414
ord13374
ord14771
ord3440
ord15401
ord11500
ord20591
ord4865
ord7539
ord18340
ord20796
ord1546
ord4084
ord18584
ord6417
ord9193
ord18980
ord12071
ord19793
ord9697
ord17161
ord7798
ord7911
ord20005
ord4146
ord6070
ord13650
ord13203
ord233
ord15824
ord9921
ord10247
ord19448
ord5998
ord2355
ord4773
ord232
ord20745
ord17597
ord816
ord2472
ord15668
ord20003
ord21085
ord2668
ord19111
ord8175
ord15242
ord12967
ord4855
ord11955
ord10767
ord15006
ord7724
ord14593
ord6475
ord21253
ord16597
ord13427
ord8018
ord18378
ord4604
ord14392
ord19042
ord16997
ord20907
ord15777
ord16121
ord17575
ord7720
ord982
ord12691
ord11004
ord3428
ord15280
ord8185
ord9166
ord5230
ord13565
ord17845
ord873
ord21204
ord1171
ord8907
ord5197
ord11468
ord20576
ord5662
ord5036
ord7814
ord20370
ord7584
ord4343
ord21416
ord7074
ord7891
ord10373
ord9606
ord20736
ord6533
ord16544
ord7080
ord12058
ord16021
ord1928
ord12067
ord20689
ord8307
ord17985
ord12445
ord19201
ord3761
ord5004

msvcr71

_controlfp
_onexit
__dllonexit
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_amsg_exit
_acmdln
exit
_cexit
_ismbblead
_XcptFilter
_exit
_c_exit
??1type_info@@UAE@XZ
_except_handler3
?terminate@@YAXXZ
??0exception@@QAE@ABV0@@Z
??1exception@@UAE@XZ
??0exception@@QAE@ABQBD@Z
?what@exception@@UBEPBDXZ
_callnewh
malloc
_wcsupr
memcmp
fopen
strcpy
__CxxLongjmpUnwind
_setjmp3
_CxxThrowException
memset
memcpy
_purecall
strlen
__CxxFrameHandler
??_V@YAXPAX@Z
??3@YAXPAX@Z

Sections

.text
Size: 84KB - Virtual size: 83KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

CONST
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

_TEXT
Size: 144KB - Virtual size: 140KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

xdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

text
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 352B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_DATA
Size: 4KB - Virtual size: 561B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
msgrkey.exe
.exe windows:4 windows x86 arch:x86

df976aaeda12de585eb1fdf9424163c1

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetVolumeInformationA
GetWindowsDirectoryA
InterlockedIncrement
GetLastError
GetCurrentThread
LoadLibraryA
GetProcAddress
InterlockedDecrement
GetCurrentProcess
FreeLibrary
GetModuleHandleA
GetStartupInfoA

advapi32

OpenProcessToken
GetTokenInformation
LookupAccountSidA
OpenThreadToken

pk81

ord14593
ord6475
ord21253
ord9226
ord16597
ord13427
ord7584
ord6718
ord7253
ord14873
ord19692
ord11171
ord15661
ord17985
ord9307
ord5335
ord6372
ord3362
ord7080
ord10731
ord1523
ord12281
ord5636
ord11419
ord15917
ord8534
ord16359
ord1414
ord89
ord20479
ord16690
ord14116
ord6998
ord20807
ord14595
ord908
ord2564
ord17156
ord55
ord19600
ord12445
ord398
ord5810
ord12280
ord19748
ord15686
ord10282
ord1708
ord12239
ord10373
ord3838
ord11500
ord20591
ord4865
ord7539
ord18340
ord10365
ord1546
ord4084
ord18584
ord2154
ord14378
ord18980
ord9697
ord17161
ord7798
ord7911
ord20005
ord4146
ord6070
ord13650
ord17704
ord4650
ord4716
ord9921
ord10247
ord15077
ord19448
ord5998
ord2355
ord4773
ord232
ord15668
ord20003
ord982
ord4150
ord233
ord9127
ord15824
ord6069
ord15898
ord13716
ord13738
ord5912
ord2805
ord20745
ord3232
ord10651
ord816
ord2472
ord21085
ord19111
ord8175
ord15242
ord12967
ord4855
ord15485
ord21018
ord12566
ord12058
ord5905
ord12722
ord16535
ord1928
ord5021
ord10005
ord12000
ord19201
ord10988
ord4352
ord16543
ord4169
ord5230
ord15751
ord9969
ord15208
ord1479
ord16021
ord10019
ord7314
ord8494
ord1223
ord16378
ord1617
ord8389
ord17448
ord2156
ord75
ord12904
ord11004
ord7720
ord16544
ord12067
ord20689
ord10993
ord3971
ord1084
ord2823
ord8307
ord18142
ord15280
ord4343
ord21416
ord7074
ord20796
ord7891
ord3761
ord19151

msvcr71

_controlfp
_onexit
__dllonexit
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_amsg_exit
_acmdln
exit
_cexit
_ismbblead
_XcptFilter
_exit
_c_exit
??1type_info@@UAE@XZ
_except_handler3
?terminate@@YAXXZ
??0exception@@QAE@ABV0@@Z
??1exception@@UAE@XZ
??0exception@@QAE@ABQBD@Z
?what@exception@@UBEPBDXZ
_callnewh
malloc
__CxxLongjmpUnwind
_setjmp3
strcmp
sqrt
sin
cos
tan
memcmp
memcpy
memset
_purecall
strlen
_CxxThrowException
__CxxFrameHandler
??_V@YAXPAX@Z
??3@YAXPAX@Z

Sections

.text
Size: 72KB - Virtual size: 71KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 500B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
msvcr71.dll
.dll windows:4 windows x86 arch:x86

7acc8c379c768a1ecd81ec502ff5f33e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

msvcr71.pdb

Imports

kernel32

GetModuleFileNameA
GetModuleFileNameW
ExitProcess
GetProcAddress
GetModuleHandleA
TerminateProcess
GetCurrentProcess
WriteFile
GetStdHandle
GetCurrentThreadId
GetCommandLineA
GetVersionExA
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
ExitThread
CloseHandle
GetLastError
ResumeThread
CreateThread
TlsAlloc
SetLastError
GetCurrentThread
TlsFree
TlsSetValue
TlsGetValue
FindNextFileA
FindFirstFileA
FindClose
FindNextFileW
FindFirstFileW
HeapAlloc
HeapFree
GetEnvironmentVariableA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
IsBadWritePtr
SetHandleCount
GetFileType
GetStartupInfoA
GetACP
GetOEMCP
GetCPInfo
LoadLibraryA
MultiByteToWideChar
GetCommandLineW
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
InitializeCriticalSection
RtlUnwind
UnhandledExceptionFilter
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
SetConsoleCtrlHandler
InterlockedExchange
VirtualQuery
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
SetEnvironmentVariableA
SetEnvironmentVariableW
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
IsValidCodePage
GetLocaleInfoW
GetTimeFormatA
GetDateFormatA
GetTimeZoneInformation
HeapSize
VirtualProtect
GetSystemInfo
FlushFileBuffers
SetFilePointer
SetStdHandle
CompareStringA
CompareStringW
Sleep
Beep
FileTimeToSystemTime
FileTimeToLocalFileTime
GetDiskFreeSpaceA
GetLogicalDrives
SetErrorMode
GetFileAttributesA
GetCurrentDirectoryA
SetCurrentDirectoryA
SetFileAttributesA
GetFullPathNameA
GetDriveTypeA
CreateDirectoryA
RemoveDirectoryA
DeleteFileA
GetFileAttributesW
GetCurrentDirectoryW
SetCurrentDirectoryW
SetFileAttributesW
GetFullPathNameW
CreateDirectoryW
DeleteFileW
MoveFileW
RemoveDirectoryW
GetDriveTypeW
MoveFileA
RaiseException
IsBadReadPtr
SetUnhandledExceptionFilter
IsBadCodePtr
GetExitCodeProcess
WaitForSingleObject
FreeLibrary
CreateProcessA
CreateProcessW
HeapValidate
HeapCompact
HeapWalk
ReadConsoleA
SetConsoleMode
GetConsoleMode
IsDBCSLeadByteEx
GetConsoleCP
ReadConsoleW
SetEndOfFile
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
DuplicateHandle
GetFileInformationByHandle
PeekNamedPipe
ReadConsoleInputA
PeekConsoleInputA
GetNumberOfConsoleInputEvents
ReadConsoleInputW
LockFile
UnlockFile
CreateFileA
CreatePipe
ReadFile
CreateFileW
SetFileTime
LocalFileTimeToFileTime
SystemTimeToFileTime
GetLocalTime
SetLocalTime

Exports

Exports

$I10_OUTPUT
??0__non_rtti_object@@QAE@ABV0@@Z
??0__non_rtti_object@@QAE@PBD@Z
??0bad_cast@@AAE@PBQBD@Z
??0bad_cast@@QAE@ABQBD@Z
??0bad_cast@@QAE@ABV0@@Z
??0bad_cast@@QAE@PBD@Z
??0bad_typeid@@QAE@ABV0@@Z
??0bad_typeid@@QAE@PBD@Z
??0exception@@QAE@ABQBD@Z
??0exception@@QAE@ABV0@@Z
??0exception@@QAE@XZ
??1__non_rtti_object@@UAE@XZ
??1bad_cast@@UAE@XZ
??1bad_typeid@@UAE@XZ
??1exception@@UAE@XZ
??1type_info@@UAE@XZ
??2@YAPAXI@Z
??3@YAXPAX@Z
??4__non_rtti_object@@QAEAAV0@ABV0@@Z
??4bad_cast@@QAEAAV0@ABV0@@Z
??4bad_typeid@@QAEAAV0@ABV0@@Z
??4exception@@QAEAAV0@ABV0@@Z
??8type_info@@QBEHABV0@@Z
??9type_info@@QBEHABV0@@Z
??_7__non_rtti_object@@6B@
??_7bad_cast@@6B@
??_7bad_typeid@@6B@
??_7exception@@6B@
??_Fbad_cast@@QAEXXZ
??_Fbad_typeid@@QAEXXZ
??_U@YAPAXI@Z
??_V@YAXPAX@Z
?_query_new_handler@@YAP6AHI@ZXZ
?_query_new_mode@@YAHXZ
?_set_new_handler@@YAP6AHI@ZP6AHI@Z@Z
?_set_new_mode@@YAHH@Z
?_set_se_translator@@YAP6AXIPAU_EXCEPTION_POINTERS@@@ZP6AXI0@Z@Z
?before@type_info@@QBEHABV1@@Z
?name@type_info@@QBEPBDXZ
?raw_name@type_info@@QBEPBDXZ
?set_new_handler@@YAP6AXXZP6AXXZ@Z
?set_terminate@@YAP6AXXZP6AXXZ@Z
?set_unexpected@@YAP6AXXZP6AXXZ@Z
?swprintf@@YAHPAGIPBGZZ
?swprintf@@YAHPA_WIPB_WZZ
?terminate@@YAXXZ
?unexpected@@YAXXZ
?vswprintf@@YAHPAGIPBGPAD@Z
?vswprintf@@YAHPA_WIPB_WPAD@Z
?what@exception@@UBEPBDXZ
_CIacos
_CIasin
_CIatan
_CIatan2
_CIcos
_CIcosh
_CIexp
_CIfmod
_CIlog
_CIlog10
_CIpow
_CIsin
_CIsinh
_CIsqrt
_CItan
_CItanh
_CRT_RTC_INIT
_CxxThrowException
_EH_prolog
_Getdays
_Getmonths
_Gettnames
_HUGE
_Strftime
_XcptFilter
__CppXcptFilter
__CxxCallUnwindDtor
__CxxCallUnwindVecDtor
__CxxDetectRethrow
__CxxExceptionFilter
__CxxFrameHandler
__CxxLongjmpUnwind
__CxxQueryExceptionSize
__CxxRegisterExceptionObject
__CxxUnregisterExceptionObject
__DestructExceptionObject
__RTCastToVoid
__RTDynamicCast
__RTtypeid
__STRINGTOLD
___lc_codepage_func
___lc_collate_cp_func
___lc_handle_func
___mb_cur_max_func
___setlc_active_func
___unguarded_readlc_active_add_func
__argc
__argv
__badioinfo
__buffer_overrun
__crtCompareStringA
__crtCompareStringW
__crtGetLocaleInfoW
__crtGetStringTypeW
__crtLCMapStringA
__crtLCMapStringW
__dllonexit
__doserrno
__fpecode
__getmainargs
__initenv
__iob_func
__isascii
__iscsym
__iscsymf
__lc_clike
__lc_codepage
__lc_collate_cp
__lc_handle
__lconv_init
__mb_cur_max
__p___argc
__p___argv
__p___initenv
__p___mb_cur_max
__p___wargv
__p___winitenv
__p__acmdln
__p__amblksiz
__p__commode
__p__daylight
__p__dstbias
__p__environ
__p__fileinfo
__p__fmode
__p__iob
__p__mbcasemap
__p__mbctype
__p__osver
__p__pctype
__p__pgmptr
__p__pwctype
__p__timezone
__p__tzname
__p__wcmdln
__p__wenviron
__p__winmajor
__p__winminor
__p__winver
__p__wpgmptr
__pctype_func
__pioinfo
__pwctype_func
__pxcptinfoptrs
__security_error_handler
__set_app_type
__set_buffer_overrun_handler
__setlc_active
__setusermatherr
__threadhandle
__threadid
__toascii
__unDName
__unDNameEx
__uncaught_exception
__unguarded_readlc_active
__wargv
__wcserror
__wgetmainargs
__winitenv
_abnormal_termination
_access
_acmdln
_adj_fdiv_m16i
_adj_fdiv_m32
_adj_fdiv_m32i
_adj_fdiv_m64
_adj_fdiv_r
_adj_fdivr_m16i
_adj_fdivr_m32
_adj_fdivr_m32i
_adj_fdivr_m64
_adj_fpatan
_adj_fprem
_adj_fprem1
_adj_fptan
_adjust_fdiv
_aexit_rtn
_aligned_free
_aligned_malloc
_aligned_offset_malloc
_aligned_offset_realloc
_aligned_realloc
_amsg_exit
_assert
_atodbl
_atoi64
_atoldbl
_beep
_beginthread
_beginthreadex
_c_exit
_cabs
_callnewh
_cexit
_cgets
_cgetws
_chdir
_chdrive
_chgsign
_chkesp
_chmod
_chsize
_clearfp
_close
_commit
_commode
_control87
_controlfp
_copysign
_cprintf
_cputs
_cputws
_creat
_cscanf
_ctime64
_cwait
_cwprintf
_cwscanf
_daylight
_dstbias
_dup
_dup2
_ecvt
_endthread
_endthreadex
_environ
_eof
_errno
_except_handler2
_except_handler3
_execl
_execle
_execlp
_execlpe
_execv
_execve
_execvp
_execvpe
_exit
_expand
_fcloseall
_fcvt
_fdopen
_fgetchar
_fgetwchar
_filbuf
_fileinfo
_filelength
_filelengthi64
_fileno
_findclose
_findfirst
_findfirst64
_findfirsti64
_findnext
_findnext64
_findnexti64
_finite
_flsbuf
_flushall
_fmode
_fpclass
_fpieee_flt
_fpreset
_fputchar
_fputwchar
_fsopen
_fstat
_fstat64
_fstati64
_ftime
_ftime64
_ftol
_fullpath
_futime
_futime64
_gcvt
_get_heap_handle
_get_osfhandle
_get_sbh_threshold
_getch
_getche
_getcwd
_getdcwd
_getdiskfree
_getdllprocaddr
_getdrive
_getdrives
_getmaxstdio
_getmbcp
_getpid
_getsystime
_getw
_getwch
_getwche
_getws
_global_unwind2
_gmtime64
_heapadd
_heapchk
_heapmin
_heapset
_heapused
_heapwalk
_hypot
_i64toa
_i64tow
_initterm
_inp
_inpd
_inpw
_iob
_isatty
_isctype
_ismbbalnum
_ismbbalpha
_ismbbgraph
_ismbbkalnum
_ismbbkana
_ismbbkprint
_ismbbkpunct
_ismbblead
_ismbbprint
_ismbbpunct
_ismbbtrail
_ismbcalnum
_ismbcalpha
_ismbcdigit
_ismbcgraph
_ismbchira
_ismbckata
_ismbcl0
_ismbcl1
_ismbcl2
_ismbclegal
_ismbclower
_ismbcprint
_ismbcpunct
_ismbcspace
_ismbcsymbol
_ismbcupper
_ismbslead
_ismbstrail
_isnan
_itoa
_itow
_j0
_j1
_jn
_kbhit
_lfind
_loaddll
_local_unwind2
_localtime64
_lock
_locking
_logb
_longjmpex
_lrotl
_lrotr
_lsearch
_lseek
_lseeki64
_ltoa
_ltow
_makepath
_mbbtombc
_mbbtype
_mbcasemap
_mbccpy
_mbcjistojms
_mbcjmstojis
_mbclen
_mbctohira
_mbctokata
_mbctolower
_mbctombb
_mbctoupper
_mbctype
_mbsbtype
_mbscat
_mbschr
_mbscmp
_mbscoll
_mbscpy
_mbscspn
_mbsdec
_mbsdup
_mbsicmp
_mbsicoll
_mbsinc
_mbslen
_mbslwr
_mbsnbcat
_mbsnbcmp
_mbsnbcnt
_mbsnbcoll
_mbsnbcpy
_mbsnbicmp
_mbsnbicoll
_mbsnbset
_mbsncat
_mbsnccnt
_mbsncmp
_mbsncoll
_mbsncpy
_mbsnextc
_mbsnicmp
_mbsnicoll
_mbsninc
_mbsnset
_mbspbrk
_mbsrchr
_mbsrev
_mbsset
_mbsspn
_mbsspnp
_mbsstr
_mbstok
_mbstrlen
_mbsupr
_memccpy
_memicmp
_mkdir
_mktemp
_mktime64
_msize
_nextafter
_onexit
_open
_open_osfhandle
_osplatform
_osver
_outp
_outpd
_outpw
_pclose
_pctype
_pgmptr
_pipe
_popen
_purecall
_putch
_putenv
_putw
_putwch
_putws
_pwctype
_read
_resetstkoflw
_rmdir
_rmtmp
_rotl
_rotr
_safe_fdiv
_safe_fdivr
_safe_fprem
_safe_fprem1
_scalb
_scprintf
_scwprintf
_searchenv
_seh_longjmp_unwind
_set_SSE2_enable
_set_error_mode
_set_purecall_handler
_set_sbh_threshold
_set_security_error_handler
_seterrormode
_setjmp
_setjmp3
_setmaxstdio
_setmbcp
_setmode
_setsystime
_sleep
_snprintf
_snscanf
_snwprintf
_snwscanf
_sopen
_spawnl
_spawnle
_spawnlp
_spawnlpe
_spawnv
_spawnve
_spawnvp

Sections

.text
Size: 228KB - Virtual size: 226KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 68KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 952B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
myobkey.exe
.exe windows:4 windows x86 arch:x86

3f7412be21a6ddd6b0da7c20b671299a

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

InterlockedDecrement
InterlockedIncrement
GetModuleHandleA
GetStartupInfoA

pk81

ord12445
ord398
ord5810
ord12280
ord19748
ord15686
ord10282
ord4716
ord1708
ord12239
ord19151
ord3838
ord11500
ord20591
ord4865
ord7539
ord18340
ord20796
ord1546
ord4084
ord18584
ord14378
ord18980
ord2154
ord20745
ord10651
ord816
ord5335
ord6372
ord3362
ord10731
ord1523
ord12281
ord11419
ord15917
ord8534
ord16359
ord1414
ord89
ord20479
ord18142
ord19600
ord6998
ord20807
ord2823
ord14595
ord9697
ord17161
ord7798
ord7911
ord20005
ord4146
ord6070
ord13650
ord982
ord233
ord15824
ord2472
ord4150
ord15668
ord20003
ord21085
ord19111
ord8175
ord6069
ord15898
ord13716
ord15242
ord12967
ord4855
ord9921
ord10247
ord15077
ord19448
ord5998
ord2355
ord4773
ord232
ord5230
ord14877
ord11770
ord2923
ord8005
ord55
ord17156
ord2564
ord908
ord5272
ord5636
ord16009
ord7891
ord7074
ord4343
ord21416
ord1617
ord16378
ord16717
ord8389
ord17448
ord2156
ord19201
ord17575
ord16648
ord10373
ord4604
ord16544
ord16543
ord15280
ord16021
ord12000
ord4352
ord10019
ord11171
ord10993
ord3971
ord14873
ord10988
ord7253
ord75
ord12067
ord20689
ord14116
ord8307
ord3761
ord16690

msvcr71

_controlfp
_onexit
__dllonexit
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_amsg_exit
_acmdln
exit
_cexit
_ismbblead
_XcptFilter
_exit
_c_exit
??1type_info@@UAE@XZ
_except_handler3
?terminate@@YAXXZ
??0exception@@QAE@ABV0@@Z
??1exception@@UAE@XZ
??0exception@@QAE@ABQBD@Z
?what@exception@@UBEPBDXZ
_callnewh
malloc
memcpy
__CxxLongjmpUnwind
_setjmp3
strlen
_CxxThrowException
_purecall
strcpy
memcmp
islower
__CxxFrameHandler
??_V@YAXPAX@Z
??3@YAXPAX@Z

Sections

.text
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

CONST
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

_TEXT
Size: 184KB - Virtual size: 181KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

xdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

text
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 192B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_DATA
Size: 4KB - Virtual size: 284B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
nckey.exe
.exe windows:4 windows x86 arch:x86

b24304837667a78a7e4aa1e60106fe25

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

rasapi32

RasEnumEntriesA

kernel32

GetProcAddress
GetStartupInfoA
InterlockedDecrement
FreeLibrary
InterlockedExchange
GetModuleHandleA
LoadLibraryA
InterlockedIncrement
GetPrivateProfileStringA

user32

PostMessageA

pk81

ord14605
ord18506
ord1143
ord6513
ord75
ord10120
ord18236
ord11766
ord15474
ord15837
ord20841
ord20785
ord14593
ord18012
ord2042
ord7220
ord13427
ord18185
ord5694
ord19720
ord8645
ord18177
ord18867
ord4352
ord10988
ord7720
ord20689
ord12067
ord16021
ord13945
ord12058
ord16544
ord11004
ord7253
ord14873
ord18053
ord16543
ord11171
ord13738
ord6372
ord5335
ord3362
ord1523
ord10731
ord12281
ord5636
ord15917
ord11419
ord6998
ord8534
ord16690
ord14116
ord20479
ord16359
ord1414
ord89
ord20807
ord2823
ord15280
ord2564
ord908
ord19151
ord12239
ord1708
ord4716
ord10282
ord15686
ord19748
ord12280
ord5810
ord398
ord14378
ord2154
ord12445
ord19600
ord55
ord17156
ord18584
ord4084
ord1546
ord20796
ord18340
ord7539
ord15257
ord20591
ord11500
ord3838
ord18980
ord9697
ord17161
ord7798
ord7911
ord20005
ord4146
ord6070
ord13650
ord2355
ord10247
ord5998
ord19448
ord232
ord15077
ord4773
ord9921
ord434
ord9307
ord233
ord15824
ord982
ord2791
ord3626
ord13385
ord816
ord10651
ord20745
ord3232
ord11321
ord13716
ord4150
ord6069
ord20003
ord19111
ord8175
ord21085
ord4855
ord2472
ord15242
ord12967
ord15668
ord15898
ord12572
ord2384
ord9010
ord15734
ord2185
ord10365
ord9108
ord12312
ord15677
ord14905
ord1962
ord8952
ord10295
ord12219
ord15702
ord2102
ord3374
ord18507
ord5230
ord7891
ord7074
ord4343
ord10373
ord8974
ord3387
ord19937
ord19201
ord10185
ord15357
ord16731
ord20480
ord3491
ord21416
ord8307
ord18142
ord3761
ord4865
ord7038
ord14595

msvcr71

_access
??_V@YAXPAX@Z
_controlfp
_onexit
__dllonexit
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_amsg_exit
_acmdln
exit
_cexit
_ismbblead
_XcptFilter
_exit
_c_exit
??1type_info@@UAE@XZ
_except_handler3
?terminate@@YAXXZ
??0exception@@QAE@ABV0@@Z
??1exception@@UAE@XZ
??0exception@@QAE@ABQBD@Z
?what@exception@@UBEPBDXZ
_callnewh
malloc
_setjmp3
__CxxLongjmpUnwind
strlen
memcpy
_purecall
_CxxThrowException
__CxxFrameHandler
??3@YAXPAX@Z

Sections

.text
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

CONST
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

_TEXT
Size: 292KB - Virtual size: 291KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

xdata
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

text
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 520B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_DATA
Size: 4KB - Virtual size: 654B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
oekey.exe
.exe windows:4 windows x86 arch:x86

90f85083f074dc736809ac75216a906b

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

InterlockedDecrement
InterlockedIncrement
GetModuleHandleA
GetStartupInfoA

user32

PostMessageA
GetKeyState

pk81

ord14116
ord10731
ord1523
ord12281
ord8534
ord20479
ord16690
ord6998
ord11419
ord15917
ord20807
ord7253
ord14873
ord908
ord2564
ord17156
ord55
ord19600
ord12445
ord398
ord5810
ord12280
ord19748
ord15686
ord10282
ord4716
ord1708
ord12239
ord19151
ord3838
ord11500
ord20591
ord4865
ord18340
ord20796
ord1546
ord4084
ord18584
ord2154
ord18980
ord10651
ord626
ord14378
ord89
ord9697
ord17161
ord1414
ord7911
ord20005
ord4146
ord6070
ord13650
ord15181
ord9307
ord434
ord4419
ord5724
ord20745
ord3232
ord816
ord2472
ord4150
ord233
ord15668
ord20003
ord21085
ord19111
ord8175
ord15824
ord6069
ord15898
ord13716
ord15242
ord12967
ord4855
ord18378
ord10247
ord16543
ord19448
ord5998
ord17306
ord3463
ord16021
ord18053
ord13738
ord19488
ord12067
ord12058
ord10888
ord5945
ord12815
ord1084
ord11775
ord16359
ord17654
ord16009
ord3107
ord2823
ord13146
ord7720
ord15257
ord18506
ord1143
ord19743
ord5714
ord14605
ord982
ord5636
ord15280
ord4352
ord5230
ord4399
ord11004
ord6422
ord6625
ord12800
ord10988
ord11171
ord4343
ord21416
ord7074
ord7891
ord10373
ord3362
ord6372
ord5335
ord17985
ord8307
ord18142
ord19201
ord20689
ord3761
ord7798
ord14595

msvcr71

??1type_info@@UAE@XZ
_controlfp
_onexit
__dllonexit
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_amsg_exit
_acmdln
exit
_cexit
_ismbblead
_XcptFilter
_exit
_c_exit
??3@YAXPAX@Z
_except_handler3
?terminate@@YAXXZ
??0exception@@QAE@ABV0@@Z
??1exception@@UAE@XZ
??0exception@@QAE@ABQBD@Z
?what@exception@@UBEPBDXZ
_callnewh
malloc
strlen
__CxxLongjmpUnwind
_setjmp3
memcpy
_purecall
strcpy
_CxxThrowException
strcmp
__CxxFrameHandler
??_V@YAXPAX@Z

Sections

.text
Size: 48KB - Virtual size: 44KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 428B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
offkey.exe
.exe windows:4 windows x86 arch:x86

c7a9b49b35c5fd25589c5461d289b08e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleHandleA
GetStartupInfoA
LoadLibraryA
GetProcAddress
FreeLibrary
InterlockedExchange
InterlockedIncrement
InterlockedDecrement

user32

PostMessageA

advapi32

CryptReleaseContext
CryptDeriveKey
CryptEncrypt
CryptDecrypt
CryptDestroyKey
CryptGetHashParam
CryptHashData
CryptDestroyHash
CryptCreateHash
CryptAcquireContextA

pk81

ord16121
ord10899
ord9873
ord527
ord20501
ord19562
ord15306
ord16543
ord8974
ord17149
ord17575
ord466
ord5230
ord2102
ord12000
ord18507
ord3374
ord13738
ord2823
ord10144
ord18053
ord5347
ord14261
ord2088
ord5519
ord16654
ord3636
ord6047
ord17715
ord10731
ord1523
ord12281
ord11419
ord15917
ord8534
ord16359
ord1414
ord89
ord20479
ord16690
ord14116
ord6998
ord20807
ord5793
ord14595
ord4604
ord10993
ord10019
ord6508
ord4150
ord233
ord15668
ord20003
ord6799
ord15824
ord6069
ord16888
ord13716
ord20581
ord11958
ord10406
ord17918
ord11601
ord7460
ord14392
ord18378
ord544
ord19488
ord2662
ord9044
ord2156
ord17448
ord8389
ord16717
ord18459
ord11319
ord10347
ord10099
ord6913
ord7156
ord12979
ord2458
ord8958
ord608
ord12325
ord21411
ord11084
ord1374
ord5272
ord8477
ord4846
ord14358
ord3640
ord3066
ord19937
ord20139
ord14820
ord9036
ord11912
ord4367
ord12185
ord20095
ord10241
ord11841
ord11157
ord14905
ord15762
ord1475
ord1084
ord9158
ord17745
ord17317
ord10427
ord5330
ord17493
ord2357
ord7320
ord1688
ord14593
ord6475
ord9226
ord16597
ord13427
ord19420
ord8094
ord19859
ord17182
ord19861
ord15677
ord20424
ord19383
ord21380
ord615
ord8647
ord5434
ord1959
ord7777
ord5948
ord6330
ord6731
ord8005
ord14877
ord1212
ord12478
ord16231
ord860
ord3985
ord13454
ord18328
ord9704
ord19706
ord5636
ord8641
ord11766
ord15077
ord5637
ord5252
ord3708
ord15898
ord16735
ord1249
ord18177
ord17122
ord973
ord4166
ord11366
ord10843
ord1617
ord16378
ord11955
ord7724
ord10767
ord15006
ord10005
ord7290
ord18627
ord5004
ord21219
ord12136
ord6806
ord4455
ord14888
ord21270
ord18829
ord4763
ord1296
ord1764
ord15777
ord17985
ord19743
ord14605
ord15257
ord18506
ord1143
ord10888
ord5945
ord12815
ord4399
ord13146
ord3107
ord20736
ord20370
ord7814
ord5036
ord5662
ord4989
ord20576
ord11468
ord5197
ord8907
ord1171
ord21204
ord873
ord17845
ord13565
ord9166
ord8185
ord3428
ord12691
ord16243
ord8364
ord6999
ord4509
ord14191
ord13891
ord15980
ord1974
ord6729
ord19091
ord5307
ord7219
ord10365
ord17943
ord19910
ord9658
ord2052
ord5101
ord18622
ord888
ord2570
ord769
ord2564
ord17156
ord55
ord19600
ord12445
ord398
ord5810
ord12280
ord19748
ord15686
ord4716
ord12239
ord19151
ord15414
ord13374
ord3440
ord15401
ord11500
ord20591
ord4865
ord7539
ord18340
ord20796
ord1546
ord4084
ord18584
ord6417
ord9193
ord20918
ord7808
ord2739
ord3339
ord4383
ord13170
ord18825
ord15455
ord4647
ord9921
ord4773
ord12071
ord19793
ord9697
ord17161
ord7798
ord7911
ord20005
ord4146
ord6070
ord13650
ord13203
ord18980
ord9307
ord434
ord14771
ord7582
ord515
ord5524
ord14460
ord10531
ord3232
ord20745
ord12358
ord17597
ord816
ord2472
ord21085
ord9029
ord2668
ord19111
ord8175
ord15242
ord12967
ord4855
ord2355
ord232
ord10247
ord19448
ord5998
ord3463
ord17306
ord19799
ord21253
ord9693
ord6595
ord147
ord20362
ord21195
ord11672
ord4428
ord19212
ord4359
ord9335
ord10331
ord982
ord20770
ord15865
ord19257
ord15037
ord3387
ord8018
ord16997
ord19042
ord9606
ord14873
ord7253
ord75
ord7080
ord3362
ord5335
ord6372
ord2533
ord16731
ord10185
ord7891
ord7074
ord4343
ord10373
ord21416
ord12250
ord15280
ord3971
ord4352
ord11171
ord10988
ord11004
ord16544
ord12058
ord1928
ord16021
ord13945
ord12067
ord7720
ord8307
ord18142
ord19201
ord4904
ord20794
ord4712
ord1631
ord12104
ord4060
ord9747
ord6533
ord20689
ord3761
ord11775
ord20907
ord6724

msvcr71

_controlfp
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_amsg_exit
_acmdln
exit
_cexit
_ismbblead
_XcptFilter
_exit
_c_exit
_onexit
__dllonexit
??1type_info@@UAE@XZ
_except_handler3
?terminate@@YAXXZ
??0exception@@QAE@ABV0@@Z
??1exception@@UAE@XZ
??0exception@@QAE@ABQBD@Z
?what@exception@@UBEPBDXZ
_callnewh
malloc
strchr
memmove
rand
strtoul
isxdigit
sprintf
_mktemp
_strupr
wcscmp
_stricmp
strcmp
memcmp
_setjmp3
__CxxLongjmpUnwind
fopen
_purecall
wcslen
memset
memcpy
_CxxThrowException
strcpy
strlen
__CxxFrameHandler
??_V@YAXPAX@Z
??3@YAXPAX@Z
_access

Sections

.text
Size: 160KB - Virtual size: 159KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

CONST
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

_TEXT
Size: 1.9MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

xdata
Size: 28KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

text
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

_BSS
Size: - Virtual size: 48B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 560KB - Virtual size: 557KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_DATA
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 32KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
onkey.exe
.exe windows:4 windows x86 arch:x86

cd4388ee135bf53b85846946d2b999dc

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

InterlockedIncrement
InterlockedDecrement
GetModuleHandleA
GetStartupInfoA

advapi32

CryptImportKey
CryptDeriveKey
CryptDestroyHash
CryptAcquireContextA
CryptReleaseContext
CryptDestroyKey
CryptDuplicateKey
CryptCreateHash
CryptHashData

pk81

ord9606
ord4352
ord8307
ord2564
ord17156
ord55
ord19600
ord12445
ord398
ord5810
ord12280
ord19748
ord15686
ord4716
ord12239
ord19151
ord15414
ord13374
ord14771
ord3440
ord15401
ord11500
ord20591
ord4865
ord7539
ord18340
ord20796
ord1546
ord4084
ord18584
ord6417
ord9193
ord18980
ord12071
ord19793
ord9697
ord17161
ord7798
ord7911
ord20005
ord4146
ord6070
ord13650
ord13203
ord9921
ord10247
ord15077
ord19448
ord5998
ord2355
ord4773
ord232
ord233
ord15824
ord20745
ord17597
ord816
ord2472
ord15668
ord7074
ord4343
ord20003
ord21085
ord9747
ord19111
ord8175
ord15242
ord12967
ord4855
ord15306
ord20689
ord12067
ord12058
ord7080
ord6533
ord20736
ord20370
ord7891
ord13565
ord9166
ord8185
ord16543
ord11171
ord7814
ord5036
ord5662
ord4989
ord20576
ord11468
ord5197
ord8907
ord1171
ord21204
ord873
ord17845
ord3428
ord11004
ord12691
ord7720
ord16243
ord8364
ord6999
ord4509
ord14191
ord13891
ord15980
ord1974
ord6729
ord19091
ord5307
ord7219
ord10365
ord17943
ord19910
ord9658
ord2052
ord5101
ord18622
ord75
ord2156
ord17448
ord8389
ord16717
ord18459
ord11319
ord10347
ord10099
ord10767
ord15006
ord7724
ord11955
ord16021
ord8594
ord8018
ord19899
ord4604
ord14392
ord18378
ord13716
ord15898
ord6069
ord5230
ord10373
ord10899
ord527
ord19562
ord20501
ord9873
ord4150
ord982
ord14595
ord10988
ord14873
ord7253
ord2823
ord20807
ord6998
ord14116
ord16690
ord20479
ord89
ord1414
ord16359
ord18142
ord8534
ord21416
ord15917
ord11419
ord15280
ord5636
ord12281
ord1523
ord10731
ord3362
ord6372
ord19201
ord5335
ord3761
ord2668

msvcr71

_controlfp
_onexit
__dllonexit
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_amsg_exit
_acmdln
exit
_cexit
_ismbblead
_XcptFilter
_exit
_c_exit
??1type_info@@UAE@XZ
_except_handler3
?terminate@@YAXXZ
??0exception@@QAE@ABV0@@Z
??1exception@@UAE@XZ
??0exception@@QAE@ABQBD@Z
?what@exception@@UBEPBDXZ
_callnewh
malloc
memmove
memcmp
memcpy
strlen
_CxxThrowException
__CxxLongjmpUnwind
_setjmp3
_purecall
__CxxFrameHandler
??_V@YAXPAX@Z
??3@YAXPAX@Z

Sections

.text
Size: 32KB - Virtual size: 29KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

CONST
Size: 4KB - Virtual size: 929B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

_TEXT
Size: 112KB - Virtual size: 111KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

xdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

text
Size: 4KB - Virtual size: 714B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 352B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_DATA
Size: 4KB - Virtual size: 186B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
orgkey.exe
.exe windows:4 windows x86 arch:x86

b620419fc8d7b2c6922b55423c27b1b6

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

InterlockedDecrement
InterlockedIncrement
GetModuleHandleA
GetStartupInfoA

pk81

ord4865
ord7539
ord18340
ord20796
ord1546
ord4084
ord18584
ord14378
ord18980
ord2154
ord20745
ord10651
ord816
ord5335
ord6372
ord3362
ord10731
ord1523
ord12281
ord5636
ord11419
ord15917
ord8534
ord18142
ord16359
ord1414
ord89
ord20479
ord16690
ord14116
ord6998
ord20807
ord2823
ord19201
ord20591
ord14595
ord9697
ord17161
ord7798
ord7911
ord20005
ord4146
ord6070
ord13650
ord982
ord233
ord15824
ord9921
ord10247
ord15077
ord19448
ord5998
ord2355
ord4773
ord232
ord2472
ord4150
ord15668
ord20003
ord21085
ord19111
ord8175
ord6069
ord15898
ord13716
ord15242
ord12967
ord4855
ord11500
ord3838
ord19151
ord12239
ord1708
ord4716
ord10282
ord15686
ord19748
ord12280
ord5810
ord398
ord12445
ord19600
ord55
ord17156
ord2564
ord908
ord15280
ord5230
ord17575
ord16648
ord7891
ord7074
ord4352
ord4343
ord10373
ord10993
ord21416
ord4604
ord10988
ord75
ord12067
ord20689
ord14873
ord8307
ord3761
ord7253

msvcr71

_controlfp
_onexit
__dllonexit
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_amsg_exit
_acmdln
exit
_cexit
_ismbblead
_XcptFilter
_exit
_c_exit
??1type_info@@UAE@XZ
_except_handler3
?terminate@@YAXXZ
??0exception@@QAE@ABV0@@Z
??1exception@@UAE@XZ
??0exception@@QAE@ABQBD@Z
?what@exception@@UBEPBDXZ
_callnewh
malloc
__CxxLongjmpUnwind
_setjmp3
memcpy
_CxxThrowException
_purecall
__CxxFrameHandler
??_V@YAXPAX@Z
??3@YAXPAX@Z

Sections

.text
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

CONST
Size: 1024B - Virtual size: 571B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

_TEXT
Size: 58KB - Virtual size: 57KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

xdata
Size: 1024B - Virtual size: 704B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

text
Size: 512B - Virtual size: 382B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_DATA
Size: 512B - Virtual size: 140B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
pdoxkey.exe
.exe windows:4 windows x86 arch:x86

c4e81303e2f9062cf2b58283bbe3cc92

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

InterlockedDecrement
InterlockedIncrement
GetModuleHandleA
GetStartupInfoA

pk81

ord10651
ord816
ord8307
ord5335
ord6372
ord3362
ord10731
ord1523
ord12281
ord5636
ord11419
ord15917
ord8534
ord18142
ord16359
ord1414
ord89
ord20479
ord16690
ord14116
ord6998
ord20807
ord2823
ord7253
ord14873
ord10988
ord14595
ord9697
ord17161
ord75
ord20745
ord20005
ord4146
ord6070
ord13650
ord982
ord233
ord15824
ord4352
ord2472
ord4150
ord15668
ord20003
ord21085
ord19111
ord8175
ord6069
ord15898
ord13716
ord15242
ord12967
ord4855
ord9921
ord10247
ord15077
ord19448
ord5998
ord2355
ord4773
ord232
ord2154
ord18980
ord14378
ord18584
ord4084
ord1546
ord20796
ord18340
ord7539
ord4865
ord20591
ord11500
ord3838
ord19151
ord12239
ord1708
ord4716
ord10282
ord15686
ord19748
ord12280
ord5810
ord398
ord12445
ord19600
ord55
ord17156
ord2564
ord908
ord15280
ord7891
ord7074
ord15306
ord6799
ord4343
ord10373
ord7911
ord21416
ord3761
ord7798

msvcr71

_controlfp
_onexit
__dllonexit
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_amsg_exit
_acmdln
exit
_cexit
_ismbblead
_XcptFilter
_exit
_c_exit
??1type_info@@UAE@XZ
_except_handler3
?terminate@@YAXXZ
??0exception@@QAE@ABV0@@Z
??1exception@@UAE@XZ
??0exception@@QAE@ABQBD@Z
?what@exception@@UBEPBDXZ
_callnewh
malloc
__CxxLongjmpUnwind
_setjmp3
_purecall
strcpy
memcpy
_CxxThrowException
strlen
__CxxFrameHandler
??_V@YAXPAX@Z
??3@YAXPAX@Z

Sections

.text
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

CONST
Size: 512B - Virtual size: 265B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

_TEXT
Size: 49KB - Virtual size: 49KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

xdata
Size: 512B - Virtual size: 400B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

text
Size: 512B - Virtual size: 238B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 952B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_DATA
Size: 512B - Virtual size: 74B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
peachkey.exe
.exe windows:4 windows x86 arch:x86

a862247499a038688ac7f60f5fe964cd

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

InterlockedDecrement
InterlockedIncrement
GetModuleHandleA
GetStartupInfoA

pk81

ord7539
ord18340
ord20796
ord1546
ord4084
ord18584
ord14378
ord18980
ord2154
ord20745
ord10651
ord816
ord5335
ord6372
ord3362
ord10731
ord1523
ord12281
ord5636
ord11419
ord15917
ord8534
ord16359
ord1414
ord89
ord20479
ord16690
ord14116
ord6998
ord20807
ord2823
ord7253
ord7720
ord4865
ord9697
ord17161
ord7798
ord7911
ord20005
ord4146
ord6070
ord13650
ord982
ord233
ord15824
ord10247
ord9921
ord15077
ord19448
ord5998
ord232
ord4773
ord2355
ord2472
ord4150
ord15668
ord20003
ord21085
ord15242
ord19111
ord8175
ord6069
ord15898
ord13716
ord4855
ord15306
ord20591
ord11500
ord3838
ord19151
ord12239
ord1708
ord4716
ord10282
ord15686
ord19748
ord12280
ord5810
ord398
ord12445
ord19600
ord55
ord17156
ord2564
ord908
ord8307
ord11171
ord18142
ord5230
ord15280
ord19201
ord4352
ord10988
ord16543
ord11004
ord16021
ord75
ord7891
ord7074
ord4343
ord10373
ord21416
ord12000
ord12067
ord14595
ord20689
ord3761
ord14873

msvcr71

_controlfp
_onexit
__dllonexit
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_amsg_exit
_acmdln
exit
_cexit
_ismbblead
_XcptFilter
_exit
_c_exit
??1type_info@@UAE@XZ
_except_handler3
?terminate@@YAXXZ
??0exception@@QAE@ABV0@@Z
??1exception@@UAE@XZ
??0exception@@QAE@ABQBD@Z
?what@exception@@UBEPBDXZ
_callnewh
malloc
_purecall
__CxxLongjmpUnwind
_setjmp3
memcmp
strlen
strcpy
strcmp
memcpy
_CxxThrowException
__CxxFrameHandler
??_V@YAXPAX@Z
??3@YAXPAX@Z

Sections

.text
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

CONST
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

_TEXT
Size: 332KB - Virtual size: 329KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

xdata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

text
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_DATA
Size: 4KB - Virtual size: 528B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
pk.chm
.chm
pk81.dll
.dll windows:4 windows x86 arch:x86

f4d5030e0b5e9241ff90a3d8665158f2

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CreateFileA
LocalAlloc
lstrlenA
DisableThreadLibraryCalls
GetCurrentDirectoryA
GetWindowsDirectoryA
GlobalFree
GetFullPathNameA
GlobalMemoryStatus
GlobalAlloc
GlobalLock
GlobalUnlock
SystemTimeToFileTime
SuspendThread
TerminateThread
TryEnterCriticalSection
WideCharToMultiByte
MulDiv
SetUnhandledExceptionFilter
GetModuleFileNameA
VirtualQuery
InterlockedExchangeAdd
GetCurrentThread
GetCurrentProcess
GetProcessTimes
GetThreadTimes
CreateThread
GetExitCodeThread
SetThreadPriority
FindResourceW
SetErrorMode
CreateEventA
GetLocalTime
SetEvent
SetEndOfFile
FormatMessageA
LocalFree
FindNextFileW
GetDriveTypeW
GetModuleFileNameW
SetFileAttributesW
GetFileAttributesExW
FindFirstFileW
FindClose
Sleep
GetCurrentThreadId
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
ReleaseMutex
WaitForSingleObject
CloseHandle
CreateMutexA
GetVersionExA
MultiByteToWideChar
TlsSetValue
TlsGetValue
TlsFree
TlsAlloc
GetTimeFormatW
GetDateFormatW
GetNumberFormatA
GetLocaleInfoA
InterlockedExchange
GetLastError
GetSystemTime
LoadResource
SizeofResource
LockResource
FindResourceA
LoadLibraryA
GetProcAddress
IsBadWritePtr
FreeLibrary
GetModuleHandleA
GetFileAttributesA
SetFileAttributesA
GetCurrentProcessId
SetLastError
CreateSemaphoreA
SignalObjectAndWait
ResetEvent
ReleaseSemaphore
ResumeThread
InterlockedIncrement
InterlockedDecrement

msvcr71

_onexit
__dllonexit
??1type_info@@UAE@XZ
__CppXcptFilter
_adjust_fdiv
_initterm
_except_handler3
?terminate@@YAXXZ
??0exception@@QAE@ABQBD@Z
?what@exception@@UBEPBDXZ
__uncaught_exception
_callnewh
srand
rand
strtod
strncmp
labs
clock
rename
_findfirst
_findnext
_findclose
remove
_chmod
_chdrive
time
_getdrive
_getcwd
_strnicmp
gmtime
sprintf
wcscoll
_wcslwr
_wcsupr
strtol
_strlwr
_strupr
strstr
_wputenv
wprintf
setlocale
?_set_new_mode@@YAHH@Z
?_set_new_handler@@YAP6AHI@ZP6AHI@Z@Z
_set_purecall_handler
?set_terminate@@YAP6AXXZP6AXXZ@Z
abort
wcsftime
abs
_get_osfhandle
_commit
fgetpos
_lseeki64
fsetpos
_vscwprintf
_vscprintf
iswdigit
_vsnwprintf
strerror
isdigit
_wrename
_getdrives
_wgetcwd
_wchdir
_wutime
_wchmod
_wstati64
_wrmdir
_wmkdir
_wcreat
_close
_waccess
_wremove
iswalpha
wcscspn
wcsspn
strcspn
strspn
_strcmpi
towupper
tolower
isspace
iswspace
getenv
_wstat
_wfopen
_errno
strncpy
realloc
fwrite
_vsnprintf
fputs
fputc
_snprintf
fflush
fprintf
_chsize
puts
_iob
vfprintf
fgets
free
malloc
wcstoul
strtoul
towlower
_wmktemp
_wgetenv
memchr
wcscmp
memcmp
_stricmp
sscanf
fseek
ftell
printf
wcschr
pow
_lrotr
_fpclass
_isnan
strtok
strftime
strncat
fgetc
isalnum
isalpha
iscntrl
isgraph
islower
ispunct
isupper
isxdigit
_CIfmod
floor
ceil
isprint
mblen
_CIpow
_atoi64
fabs
log
_creat
_mktemp
_rmdir
_chdir
_mkdir
_ftime
_fileno
_write
_read
_access
toupper
memset
mbstowcs
??0exception@@QAE@ABV0@@Z
??0exception@@QAE@XZ
??1exception@@UAE@XZ
strchr
strcpy
wcslen
memmove
exit
atoi
_stat
__CxxLongjmpUnwind
_setjmp3
memcpy
fopen
fread
fclose
_purecall
_CxxThrowException
localtime
_getpid
strlen
strcmp
__CxxFrameHandler
??_V@YAXPAX@Z
??3@YAXPAX@Z

comctl32

ImageList_Destroy
InitCommonControlsEx
ImageList_ReplaceIcon
ImageList_Create
ImageList_Draw
ImageList_GetIconSize
PropertySheetA

user32

FindWindowA
GetWindowThreadProcessId
LoadAcceleratorsA
MessageBoxA
SendMessageA
IsWindow
GetWindowRect
CreateWindowExA
SetRectEmpty
RegisterClassExA
LoadCursorA
UpdateWindow
ShowWindow
SystemParametersInfoA
SetClipboardData
CreateCursor
SetWindowPos
UnregisterClassA
SetFocus
GetDlgItemTextA
EnableMenuItem
GetSystemMenu
DialogBoxIndirectParamA
LoadStringA
MoveWindow
LoadIconA
GetDC
OpenClipboard
EmptyClipboard
CloseClipboard
GetKeyState
GetParent
GetDlgItem
GetWindowTextLengthA
GetWindowTextA
SetCursor
ScreenToClient
SendDlgItemMessageA
GetClassInfoA
RegisterClassA
DialogBoxParamA
EndDialog
SetDlgItemTextA
CreatePopupMenu
CreateMenu
DestroyMenu
RemoveMenu
FillRect
OffsetRect
TrackPopupMenuEx
GetSysColorBrush
InflateRect
GetSysColor
CopyRect
DrawEdge
EndPaint
DrawTextA
ReleaseDC
GetSystemMetrics
GetMenuItemCount
InsertMenuItemA
GetMenuItemInfoA
GetWindowLongA
PostQuitMessage
SetWindowLongA
DefWindowProcA
GetClientRect
LoadBitmapA
BeginPaint
ClientToScreen
GetDesktopWindow
SetMenu
PostMessageA
SetForegroundWindow
SetWindowTextA
CheckDlgButton
GetDlgItemInt
SetWindowsHookExA
UnhookWindowsHookEx
GetActiveWindow
CallNextHookEx
MessageBeep
KillTimer
SetTimer
SetDlgItemInt
EnableWindow
RegisterWindowMessageA
DispatchMessageA
TranslateMessage
SetRect
InvalidateRect
DestroyWindow
GetMessageA
TranslateAcceleratorA

gdi32

CreateSolidBrush
GetTextExtentPoint32A
GetStockObject
GetDeviceCaps
SetBkMode
CreateBitmap
PatBlt
DeleteObject
GetObjectA
DeleteDC
BitBlt
SelectObject
CreateCompatibleDC
CreateFontIndirectA
SetTextColor
SetBkColor

comdlg32

GetSaveFileNameA
GetOpenFileNameA

advapi32

RegFlushKey
RegGetKeySecurity
RegCreateKeyExA
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
RegSetKeySecurity
CryptDestroyKey
CryptAcquireContextA
CryptDestroyHash
RegEnumKeyExW
RegEnumValueW
RegCreateKeyExW
RegSetValueExW
RegQueryInfoKeyW
RegOpenKeyExW
RegDeleteKeyW
RegDeleteValueW
RegQueryValueExW
CryptEncrypt
CryptGetHashParam
RegCloseKey
RegOpenKeyExA
RegSetValueExA
RegQueryValueExA
RegQueryInfoKeyA
RegDeleteKeyA
RegDeleteValueA
RegEnumValueA
RegEnumKeyExA
CryptSetKeyParam
CryptDecrypt
CryptCreateHash
CryptHashData
CryptDeriveKey
CryptReleaseContext

shell32

SHGetSpecialFolderLocation
DragAcceptFiles
DragFinish
DragQueryFileA
SHGetMalloc
ShellExecuteA
SHGetSpecialFolderPathA
SHGetPathFromIDListA

ole32

CoUninitialize
OleUninitialize
OleInitialize
CoInitialize
CreateILockBytesOnHGlobal
CoTaskMemFree
CoCreateInstance
StgIsStorageFile
StgCreateDocfileOnILockBytes
StgCreateDocfile
StgOpenStorageOnILockBytes
StgOpenStorage
CLSIDFromString
ReleaseStgMedium
StgIsStorageILockBytes

oleaut32

GetErrorInfo
SafeArrayCreateVector
SafeArrayDestroyDescriptor
SafeArrayCreate
SafeArrayPutElement
VariantClear
SysAllocString
VariantInit
SysStringByteLen
SysAllocStringByteLen
SysFreeString

ws2_32

connect
accept
ntohl
ntohs
htons
setsockopt
bind
listen
shutdown
send
recv
getsockopt
ioctlsocket
socket
closesocket
WSAStartup
WSACleanup
htonl
WSAGetLastError
select
__WSAFDIsSet

Exports

Exports

pk_assert_dll_version

Sections

.text
Size: 2.0MB - Virtual size: 2.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

_TEXT
Size: 1024KB - Virtual size: 1022KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

CONST
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

xdata
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

text
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 684KB - Virtual size: 682KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 174KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_DATA
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 4KB - Virtual size: 525B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 144KB - Virtual size: 141KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 264KB - Virtual size: 261KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
projkey.exe
.exe windows:4 windows x86 arch:x86

a99fc4fbe5aa992a52b5dc91d4ee2a7f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

InterlockedDecrement
InterlockedIncrement
GetModuleHandleA
GetStartupInfoA

pk81

ord10282
ord4716
ord1708
ord12239
ord19151
ord3838
ord11500
ord20591
ord4865
ord7539
ord18340
ord20796
ord1546
ord4084
ord18584
ord14378
ord18980
ord2154
ord20745
ord10651
ord816
ord8307
ord5335
ord6372
ord3362
ord10731
ord1523
ord12281
ord5636
ord11419
ord15917
ord8534
ord16359
ord1414
ord89
ord20479
ord19201
ord15686
ord6998
ord20807
ord2823
ord7253
ord14873
ord14595
ord9697
ord17161
ord7798
ord7911
ord20005
ord4146
ord6070
ord13650
ord982
ord233
ord15824
ord2472
ord4150
ord15668
ord20003
ord21085
ord19111
ord8175
ord6069
ord15898
ord13716
ord15242
ord12967
ord4855
ord9921
ord10247
ord19448
ord5998
ord2355
ord4773
ord232
ord19748
ord12280
ord5810
ord398
ord12445
ord19600
ord55
ord17156
ord2564
ord908
ord15306
ord11601
ord17918
ord15280
ord10406
ord16021
ord4343
ord21416
ord7074
ord7891
ord10373
ord19976
ord15077
ord4604
ord21143
ord16648
ord4352
ord12000
ord10988
ord11171
ord11958
ord20581
ord75
ord7080
ord12058
ord12067
ord20689
ord14116
ord18142
ord3761
ord16690

msvcr71

_controlfp
_onexit
__dllonexit
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_amsg_exit
_acmdln
exit
_cexit
_ismbblead
_XcptFilter
_exit
_c_exit
??1type_info@@UAE@XZ
_except_handler3
?terminate@@YAXXZ
??0exception@@QAE@ABV0@@Z
??1exception@@UAE@XZ
??0exception@@QAE@ABQBD@Z
?what@exception@@UBEPBDXZ
_callnewh
malloc
__CxxLongjmpUnwind
_setjmp3
_purecall
_CxxThrowException
wcscmp
strcpy
memcmp
strlen
__CxxFrameHandler
??3@YAXPAX@Z

Sections

.text
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 268B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
qbkey.exe
.exe windows:4 windows x86 arch:x86

3086fa3dcb27e3071770ce29116b334e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

InterlockedDecrement
InterlockedIncrement
SetFileAttributesA
GetFileAttributesA
GetModuleHandleA
GetStartupInfoA

pk81

ord11419
ord15917
ord21416
ord8534
ord18142
ord16359
ord1414
ord89
ord20479
ord16690
ord14116
ord6998
ord20807
ord2823
ord7253
ord14873
ord10988
ord1223
ord8494
ord7314
ord14595
ord9697
ord17161
ord7798
ord7911
ord20005
ord4146
ord6070
ord13650
ord982
ord233
ord15824
ord4352
ord2472
ord4150
ord15668
ord7074
ord4343
ord20003
ord21085
ord19111
ord8175
ord6069
ord15898
ord13716
ord15242
ord12967
ord4855
ord10373
ord7891
ord5230
ord9921
ord10247
ord8307
ord19448
ord15280
ord2355
ord4773
ord232
ord19201
ord16543
ord12067
ord75
ord18367
ord3971
ord10993
ord11171
ord10019
ord16597
ord9226
ord21253
ord6475
ord14593
ord13427
ord11770
ord14877
ord16021
ord6508
ord6799
ord15306
ord7720
ord16544
ord2156
ord17448
ord8389
ord16717
ord18459
ord11319
ord10347
ord10099
ord12722
ord10005
ord13943
ord4604
ord16009
ord7205
ord18289
ord21063
ord12000
ord17985
ord466
ord19420
ord7195
ord1454
ord17317
ord8094
ord4846
ord4169
ord11775
ord9510
ord5636
ord12281
ord1523
ord10731
ord11004
ord20689
ord3362
ord6372
ord5335
ord816
ord10651
ord20745
ord2154
ord18980
ord14378
ord18584
ord4084
ord1546
ord20796
ord18340
ord7539
ord4865
ord20591
ord11500
ord3838
ord19151
ord12239
ord1708
ord4716
ord10282
ord15686
ord19748
ord12280
ord5810
ord398
ord12445
ord19600
ord55
ord17156
ord2564
ord5998
ord908
ord3761
ord15077

msvcr71

_controlfp
_onexit
__dllonexit
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_amsg_exit
_acmdln
exit
_cexit
_ismbblead
_XcptFilter
_exit
_c_exit
??1type_info@@UAE@XZ
_except_handler3
?terminate@@YAXXZ
??0exception@@QAE@ABV0@@Z
??1exception@@UAE@XZ
??0exception@@QAE@ABQBD@Z
?what@exception@@UBEPBDXZ
_callnewh
malloc
abs
strcmp
memcmp
strlen
strcpy
memcpy
_CxxThrowException
__CxxLongjmpUnwind
_setjmp3
_purecall
memset
__CxxFrameHandler
??_V@YAXPAX@Z
??3@YAXPAX@Z

Sections

.text
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

CONST
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

_TEXT
Size: 416KB - Virtual size: 414KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

xdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

text
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 304B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_DATA
Size: 4KB - Virtual size: 820B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
qpkey.exe
.exe windows:4 windows x86 arch:x86

0d1b4cf2e9e48a533da6dc51b2e102d3

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

InterlockedDecrement
InterlockedIncrement
GetModuleHandleA
GetStartupInfoA

pk81

ord11419
ord15917
ord21416
ord8534
ord18142
ord16359
ord1414
ord89
ord20479
ord16690
ord14116
ord6998
ord20807
ord2823
ord7253
ord14873
ord10988
ord14595
ord9697
ord17161
ord7798
ord7911
ord20005
ord4146
ord6070
ord13650
ord982
ord233
ord15824
ord9921
ord10247
ord15077
ord19448
ord5998
ord2355
ord4773
ord232
ord2472
ord908
ord15280
ord7074
ord4343
ord20003
ord21085
ord4352
ord19111
ord8175
ord6069
ord15898
ord13716
ord15242
ord12967
ord4855
ord19201
ord7720
ord20689
ord12067
ord12058
ord7080
ord75
ord20581
ord11958
ord11171
ord10019
ord11004
ord12000
ord11601
ord10406
ord17918
ord6799
ord15306
ord21143
ord3971
ord10993
ord10373
ord7891
ord16021
ord10005
ord4604
ord5636
ord12281
ord1523
ord10731
ord3362
ord6372
ord5335
ord8307
ord816
ord10651
ord20745
ord2154
ord18980
ord14378
ord18584
ord4084
ord1546
ord20796
ord18340
ord7539
ord4865
ord20591
ord11500
ord3838
ord19151
ord12239
ord1708
ord4716
ord10282
ord15686
ord19748
ord12280
ord5810
ord398
ord12445
ord19600
ord55
ord17156
ord15668
ord2564
ord3761
ord4150

msvcr71

_controlfp
_onexit
__dllonexit
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_amsg_exit
_acmdln
exit
_cexit
_ismbblead
_XcptFilter
_exit
_c_exit
??1type_info@@UAE@XZ
_except_handler3
?terminate@@YAXXZ
??0exception@@QAE@ABV0@@Z
??1exception@@UAE@XZ
??0exception@@QAE@ABQBD@Z
?what@exception@@UBEPBDXZ
_callnewh
malloc
memset
memcmp
wcscmp
_purecall
strcpy
strlen
_CxxThrowException
__CxxLongjmpUnwind
_setjmp3
__CxxFrameHandler
??_V@YAXPAX@Z
??3@YAXPAX@Z

Sections

.text
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

CONST
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

_TEXT
Size: 184KB - Virtual size: 182KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

xdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

text
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 200B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_DATA
Size: 4KB - Virtual size: 158B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
quickey.exe
.exe windows:4 windows x86 arch:x86

183cad0e2f00805bb8f6343a90396b5b

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

InterlockedDecrement
InterlockedIncrement
GetModuleHandleA
GetStartupInfoA

pk81

ord15280
ord13565
ord10373
ord5230
ord9166
ord8185
ord7891
ord7074
ord21416
ord4343
ord12691
ord982
ord7720
ord5335
ord6372
ord3362
ord16243
ord8364
ord6999
ord4509
ord14191
ord13891
ord15980
ord1974
ord6729
ord19091
ord5307
ord7219
ord17741
ord17943
ord19910
ord9658
ord2052
ord5101
ord18622
ord8307
ord12627
ord13268
ord1523
ord10731
ord12281
ord5636
ord15917
ord11419
ord18142
ord6998
ord8534
ord16690
ord14116
ord20479
ord16359
ord1414
ord89
ord20807
ord2823
ord75
ord14595
ord16021
ord12000
ord6799
ord15306
ord4352
ord10988
ord16543
ord4604
ord12019
ord13163
ord11770
ord14877
ord11111
ord7205
ord18289
ord21063
ord13716
ord4150
ord6069
ord10899
ord9873
ord15898
ord527
ord20501
ord19562
ord9747
ord13738
ord10993
ord8958
ord7195
ord8018
ord18378
ord14392
ord10005
ord12271
ord1928
ord10365
ord12735
ord920
ord183
ord18287
ord7253
ord14873
ord2564
ord17156
ord55
ord19600
ord12445
ord398
ord5810
ord12280
ord19748
ord15686
ord4716
ord12239
ord19151
ord15414
ord13374
ord14771
ord3440
ord15401
ord11500
ord20591
ord4865
ord7539
ord18340
ord20796
ord1546
ord4084
ord18584
ord6417
ord9193
ord18980
ord12071
ord19793
ord9697
ord17161
ord7798
ord7911
ord20005
ord4146
ord6070
ord13650
ord13203
ord233
ord15824
ord9921
ord10247
ord15077
ord19448
ord5998
ord2355
ord4773
ord232
ord20745
ord17597
ord816
ord2472
ord15668
ord20003
ord21085
ord19111
ord8175
ord15242
ord12967
ord4855
ord16544
ord6508
ord3428
ord17845
ord873
ord21204
ord1171
ord8907
ord5197
ord11468
ord20576
ord4989
ord5036
ord7814
ord20370
ord1733
ord16590
ord15826
ord20116
ord9606
ord20736
ord16120
ord410
ord7274
ord17174
ord9064
ord16378
ord1617
ord10099
ord18459
ord11319
ord10347
ord8389
ord17448
ord16717
ord2156
ord6533
ord11004
ord12067
ord20689
ord3971
ord19201
ord3761
ord9044

msvcr71

_controlfp
_onexit
__dllonexit
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_amsg_exit
_acmdln
exit
_cexit
_ismbblead
_XcptFilter
_exit
_c_exit
??1type_info@@UAE@XZ
_except_handler3
?terminate@@YAXXZ
??0exception@@QAE@ABV0@@Z
??1exception@@UAE@XZ
??0exception@@QAE@ABQBD@Z
?what@exception@@UBEPBDXZ
_callnewh
malloc
toupper
__CxxLongjmpUnwind
_setjmp3
_CxxThrowException
memcpy
memcmp
memset
_purecall
strlen
__CxxFrameHandler
??_V@YAXPAX@Z
??3@YAXPAX@Z

Sections

.text
Size: 72KB - Virtual size: 69KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

CONST
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

_TEXT
Size: 344KB - Virtual size: 343KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

xdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

text
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

_BSS
Size: - Virtual size: 128B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_DATA
Size: 4KB - Virtual size: 460B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
rarkey.exe
.exe windows:4 windows x86 arch:x86

27620f0fa5b0a644ff7674d698f2694c

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

InterlockedDecrement
InterlockedIncrement
GetModuleHandleA
GetStartupInfoA

pk81

ord3440
ord15401
ord11500
ord20591
ord4865
ord7539
ord18340
ord20796
ord1546
ord4084
ord18584
ord6417
ord9193
ord18980
ord12071
ord19793
ord9697
ord17161
ord7798
ord7911
ord20005
ord4146
ord6070
ord13650
ord13203
ord982
ord233
ord15824
ord9921
ord10247
ord15077
ord19448
ord5998
ord2355
ord4773
ord17917
ord20745
ord17597
ord816
ord2472
ord4150
ord15668
ord7074
ord4343
ord20003
ord21085
ord2668
ord19111
ord8175
ord6069
ord15898
ord13716
ord15242
ord12967
ord4855
ord20689
ord9873
ord20501
ord19562
ord527
ord10899
ord18378
ord9606
ord14392
ord8018
ord10373
ord5230
ord7891
ord7814
ord5036
ord5662
ord4989
ord20576
ord11468
ord5197
ord8907
ord1171
ord21204
ord873
ord3428
ord14771
ord12067
ord12058
ord7080
ord6533
ord20370
ord13565
ord9166
ord8185
ord11004
ord12691
ord7720
ord16243
ord8364
ord6999
ord4509
ord14191
ord13891
ord15980
ord1974
ord6729
ord19091
ord5307
ord7219
ord10365
ord17943
ord19910
ord9658
ord2052
ord5101
ord18622
ord20736
ord1024
ord5793
ord14593
ord6475
ord21253
ord16597
ord16543
ord13427
ord2156
ord16717
ord17448
ord8389
ord10347
ord11319
ord18459
ord10099
ord11955
ord7724
ord10767
ord15006
ord16021
ord8594
ord12155
ord16544
ord9693
ord9858
ord1212
ord12032
ord544
ord13945
ord15200
ord17317
ord9510
ord10005
ord18053
ord2080
ord19799
ord6595
ord147
ord20362
ord21195
ord11672
ord3971
ord4428
ord19212
ord4359
ord10993
ord9335
ord13374
ord15414
ord19151
ord12239
ord4716
ord15686
ord19748
ord12280
ord5810
ord398
ord12445
ord19600
ord55
ord17156
ord2564
ord4352
ord14595
ord10988
ord14873
ord7253
ord2823
ord20807
ord6998
ord14116
ord16690
ord20479
ord89
ord1414
ord16359
ord18142
ord8534
ord21416
ord15917
ord11419
ord15280
ord5636
ord12281
ord1523
ord10731
ord3362
ord6372
ord5335
ord19201
ord8307
ord3761
ord17845

msvcr71

_controlfp
_onexit
__dllonexit
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_amsg_exit
_acmdln
exit
_cexit
_ismbblead
_XcptFilter
_exit
_c_exit
??1type_info@@UAE@XZ
_except_handler3
?terminate@@YAXXZ
??0exception@@QAE@ABV0@@Z
??1exception@@UAE@XZ
??0exception@@QAE@ABQBD@Z
?what@exception@@UBEPBDXZ
_callnewh
strchr
strncpy
malloc
free
abs
memmove
memcmp
memset
memcpy
strlen
_CxxThrowException
__CxxLongjmpUnwind
_setjmp3
_purecall
__CxxFrameHandler
??_V@YAXPAX@Z
??3@YAXPAX@Z

Sections

.text
Size: 104KB - Virtual size: 101KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
scdkey.exe
.exe windows:4 windows x86 arch:x86

2c9af81451a61116ea66b8af96a6d6e7

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

InterlockedDecrement
InterlockedIncrement
WideCharToMultiByte
GetModuleHandleA
GetStartupInfoA

pk81

ord7539
ord18340
ord20796
ord1546
ord4084
ord18584
ord14378
ord18980
ord2154
ord20745
ord10651
ord816
ord5335
ord6372
ord3362
ord10731
ord1523
ord12281
ord5636
ord15280
ord11419
ord15917
ord8534
ord16359
ord1414
ord89
ord20479
ord16690
ord14116
ord6998
ord20807
ord2823
ord18142
ord4865
ord14595
ord9697
ord17161
ord7798
ord7911
ord20005
ord4146
ord6070
ord13650
ord982
ord233
ord15824
ord2472
ord4150
ord15668
ord20003
ord21085
ord19111
ord8175
ord6069
ord15898
ord13716
ord15242
ord12967
ord4855
ord9921
ord10247
ord15077
ord19448
ord5998
ord2355
ord4773
ord232
ord20591
ord11500
ord3838
ord19151
ord12239
ord1708
ord4716
ord10282
ord15686
ord19748
ord12280
ord5810
ord398
ord12445
ord19600
ord55
ord17156
ord2564
ord908
ord15306
ord6799
ord7891
ord7074
ord4343
ord21416
ord4352
ord10373
ord10993
ord4604
ord10988
ord16543
ord12000
ord3971
ord75
ord12067
ord20689
ord14873
ord8307
ord3761
ord7253

msvcr71

_controlfp
_onexit
__dllonexit
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_amsg_exit
_acmdln
exit
_cexit
_ismbblead
_XcptFilter
_exit
_c_exit
??1type_info@@UAE@XZ
_except_handler3
?terminate@@YAXXZ
??0exception@@QAE@ABV0@@Z
??1exception@@UAE@XZ
??0exception@@QAE@ABQBD@Z
?what@exception@@UBEPBDXZ
_callnewh
malloc
__CxxLongjmpUnwind
_setjmp3
_purecall
memcpy
_CxxThrowException
memcmp
strlen
__CxxFrameHandler
??_V@YAXPAX@Z
??3@YAXPAX@Z

Sections

.text
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

CONST
Size: 512B - Virtual size: 278B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

_TEXT
Size: 59KB - Virtual size: 58KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

xdata
Size: 1024B - Virtual size: 780B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

text
Size: 1024B - Virtual size: 546B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_DATA
Size: 512B - Virtual size: 138B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
sqlkey.exe
.exe windows:4 windows x86 arch:x86

849bd9e82513029fe97838ff0d11a25e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleHandleA
InterlockedIncrement
InterlockedDecrement
GetStartupInfoA

user32

PostMessageA

advapi32

QueryServiceStatus
OpenSCManagerA
CloseServiceHandle
OpenServiceA
StartServiceA
ControlService

pk81

ord13396
ord5905
ord19201
ord13828
ord18142
ord8307
ord12627
ord13945
ord10731
ord1523
ord12281
ord5636
ord11419
ord15917
ord8534
ord16359
ord1414
ord89
ord20479
ord16690
ord14116
ord6998
ord20807
ord2823
ord7253
ord14873
ord14595
ord8094
ord20251
ord15132
ord6710
ord13070
ord11111
ord19555
ord9921
ord6199
ord10247
ord15077
ord19448
ord5998
ord2355
ord4773
ord232
ord9307
ord434
ord13738
ord10099
ord233
ord9127
ord15824
ord908
ord18459
ord17156
ord55
ord19600
ord12445
ord398
ord5810
ord12280
ord19748
ord15686
ord10282
ord4716
ord1708
ord12239
ord19151
ord3838
ord11500
ord4865
ord7539
ord18340
ord20796
ord1546
ord4084
ord18584
ord14378
ord18980
ord2154
ord20745
ord3232
ord10651
ord816
ord9697
ord17161
ord7798
ord7911
ord20005
ord4146
ord6070
ord13650
ord20591
ord2472
ord4150
ord15668
ord20003
ord21085
ord19111
ord8175
ord6069
ord15898
ord13716
ord15242
ord12967
ord4855
ord11319
ord10347
ord8389
ord17448
ord2156
ord16544
ord11171
ord4352
ord982
ord14877
ord8005
ord15280
ord10988
ord16543
ord12000
ord3362
ord5335
ord6372
ord11791
ord12828
ord4042
ord11133
ord1035
ord5230
ord4343
ord21416
ord7074
ord7891
ord10373
ord12058
ord16021
ord11004
ord1928
ord12067
ord7080
ord20689
ord7720
ord2564
ord3761
ord13385

msvcr71

_controlfp
_onexit
__dllonexit
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_amsg_exit
_acmdln
exit
_cexit
_ismbblead
_XcptFilter
_exit
_c_exit
??1type_info@@UAE@XZ
_except_handler3
?terminate@@YAXXZ
??0exception@@QAE@ABV0@@Z
??1exception@@UAE@XZ
??0exception@@QAE@ABQBD@Z
?what@exception@@UBEPBDXZ
_callnewh
malloc
_purecall
_setjmp3
__CxxLongjmpUnwind
memcpy
wcscmp
_CxxThrowException
strlen
memcmp
__CxxFrameHandler
??_V@YAXPAX@Z
??3@YAXPAX@Z

Sections

.text
Size: 38KB - Virtual size: 37KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

CONST
Size: 512B - Virtual size: 362B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

_TEXT
Size: 49KB - Virtual size: 49KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

xdata
Size: 1024B - Virtual size: 632B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

text
Size: 512B - Virtual size: 350B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 320B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_DATA
Size: 512B - Virtual size: 142B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
un-kitd.exe.nsis
winkey.exe
.exe windows:4 windows x86 arch:x86

a88548783f70c3d140cac8758d447054

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

imagehlp

CheckSumMappedFile

kernel32

GetTimeZoneInformation
InterlockedDecrement
InterlockedIncrement
InterlockedExchange
CloseHandle
WaitForSingleObject
CreateProcessA
GetTempPathA
LockResource
LoadResource
SizeofResource
FindResourceA
GetModuleHandleA
GetDriveTypeA
GetLogicalDrives
DeviceIoControl
CreateFileA
GetDiskFreeSpaceA
SetErrorMode
FormatMessageA
GetLastError
FlushFileBuffers
GetProcAddress
LoadLibraryA
FreeLibrary
WriteFile
SetFilePointer
DefineDosDeviceA
EnterCriticalSection
LeaveCriticalSection
ResetEvent
CreateEventA
GetSystemTime
QueryPerformanceFrequency
InitializeCriticalSection
DeleteCriticalSection
GetStartupInfoA
MultiByteToWideChar
FindFirstFileA
WideCharToMultiByte
FindNextFileA
FileTimeToSystemTime
FileTimeToLocalFileTime
FindClose
ResumeThread
SetThreadPriority
Sleep
QueryPerformanceCounter
ReadFile
CreateFileW
GetFileSize
GlobalFree
GlobalAlloc
GetFullPathNameA
GetLocalTime
SetEvent
WaitForMultipleObjects

pk81

ord6475
ord9226
ord16597
ord13427
ord8958
ord9158
ord16030
ord4359
ord6332
ord15893
ord13370
ord9990
ord12627
ord6372
ord5335
ord1048
ord20481
ord3362
ord12904
ord13268
ord10731
ord1523
ord12281
ord15917
ord8534
ord16359
ord1414
ord89
ord20479
ord16690
ord14116
ord14593
ord20807
ord7253
ord14873
ord908
ord2564
ord17156
ord55
ord19600
ord12445
ord398
ord5810
ord12280
ord19748
ord15686
ord10282
ord4716
ord1708
ord12239
ord19151
ord3838
ord11500
ord20591
ord4865
ord18340
ord20796
ord1546
ord4084
ord18584
ord2154
ord18980
ord10651
ord626
ord14378
ord14595
ord9697
ord17161
ord7798
ord7911
ord20005
ord4146
ord6070
ord13650
ord21430
ord9127
ord10019
ord15880
ord9307
ord10474
ord9631
ord6843
ord982
ord13152
ord19488
ord14728
ord14905
ord19718
ord1479
ord20745
ord3232
ord11321
ord6718
ord9969
ord5912
ord816
ord2472
ord4150
ord233
ord15668
ord20003
ord21085
ord19111
ord8175
ord15824
ord6069
ord15898
ord13716
ord15242
ord12967
ord4855
ord15132
ord7540
ord15734
ord19369
ord4884
ord11111
ord13163
ord11472
ord12019
ord20251
ord19555
ord3640
ord15661
ord14009
ord4256
ord7239
ord9819
ord12058
ord16544
ord8799
ord1903
ord13828
ord1084
ord12162
ord5714
ord2923
ord12800
ord4377
ord12155
ord7038
ord16543
ord16021
ord11030
ord3971
ord4773
ord17299
ord9921
ord17686
ord11730
ord2823
ord14392
ord18378
ord9339
ord5636
ord7076
ord1825
ord16199
ord13165
ord20228
ord10993
ord20897
ord9917
ord6731
ord15280
ord6330
ord5230
ord14993
ord6567
ord11419
ord12067
ord20689
ord7720
ord4343
ord7074
ord7891
ord10373
ord466
ord17985
ord8307
ord18142
ord17317
ord18185
ord19420
ord5837
ord10988
ord4352
ord10331
ord20943
ord1453
ord6001
ord16897
ord1952
ord11528
ord10230
ord11157
ord20112
ord7504
ord9531
ord18474
ord11171
ord21416
ord11494
ord20139
ord20090
ord18628
ord15702
ord15677
ord6961
ord18236
ord16728
ord18177
ord8952
ord3387
ord19937
ord8974
ord11766
ord12219
ord19546
ord10120
ord18367
ord75
ord2533
ord16731
ord10185
ord19201
ord3761
ord6998

msvcr71

_strupr
_creat
_stat
_access
_stricmp
??_V@YAXPAX@Z
_controlfp
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_amsg_exit
_acmdln
exit
_cexit
_ismbblead
_XcptFilter
_exit
_c_exit
_onexit
__dllonexit
??1type_info@@UAE@XZ
_except_handler3
?terminate@@YAXXZ
??0exception@@QAE@ABQBD@Z
?what@exception@@UBEPBDXZ
_callnewh
clock
islower
isalpha
strspn
strrchr
strchr
_splitpath
time
_endthreadex
_beginthreadex
qsort
toupper
wcscmp
malloc
_ftol
ceil
fopen
fprintf
fclose
calloc
strncmp
free
wcscpy
wcslen
wcstombs
__CxxLongjmpUnwind
_setjmp3
memcmp
_close
remove
strcpy
sprintf
memset
strcmp
??0exception@@QAE@ABV0@@Z
??0exception@@QAE@XZ
??1exception@@UAE@XZ
_CxxThrowException
memmove
memcpy
strlen
_purecall
__CxxFrameHandler
??3@YAXPAX@Z

Sections

.text
Size: 168KB - Virtual size: 165KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 56KB - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 876KB - Virtual size: 874KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
wpkey.exe
.exe windows:4 windows x86 arch:x86

03513d087504e173a78c7e552f7a711e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

InterlockedDecrement
InterlockedIncrement
GetModuleHandleA
GetStartupInfoA

pk81

ord19151
ord3838
ord11500
ord20591
ord4865
ord7539
ord18340
ord20796
ord1546
ord4084
ord18584
ord14378
ord18980
ord2154
ord20745
ord10651
ord816
ord5335
ord6372
ord3362
ord10731
ord1523
ord12281
ord5636
ord11419
ord15917
ord8534
ord18142
ord16359
ord1414
ord89
ord20479
ord16690
ord14116
ord6998
ord20807
ord2823
ord7253
ord14873
ord10373
ord12239
ord17161
ord7798
ord7911
ord20005
ord4146
ord6070
ord13650
ord982
ord233
ord15824
ord2472
ord4150
ord15668
ord20003
ord21085
ord19111
ord8175
ord6593
ord12985
ord6069
ord15898
ord13716
ord15242
ord12967
ord4855
ord9921
ord10247
ord15077
ord19448
ord5998
ord2355
ord4773
ord232
ord12162
ord3249
ord8199
ord5175
ord9339
ord9917
ord11775
ord1708
ord4716
ord10282
ord15686
ord19748
ord12280
ord5810
ord398
ord12445
ord19600
ord55
ord17156
ord2564
ord908
ord14877
ord11770
ord11601
ord17918
ord10406
ord15306
ord11171
ord11958
ord20581
ord7080
ord12058
ord12067
ord20689
ord19201
ord15280
ord6799
ord10019
ord10993
ord8307
ord4352
ord6508
ord10988
ord16543
ord75
ord4343
ord21416
ord7074
ord7891
ord9697
ord5230
ord3761
ord14595

msvcr71

_controlfp
_onexit
__dllonexit
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_amsg_exit
_acmdln
exit
_cexit
_ismbblead
_XcptFilter
_exit
_c_exit
??1type_info@@UAE@XZ
_except_handler3
?terminate@@YAXXZ
??0exception@@QAE@ABV0@@Z
??1exception@@UAE@XZ
??0exception@@QAE@ABQBD@Z
?what@exception@@UBEPBDXZ
_callnewh
malloc
toupper
islower
__CxxLongjmpUnwind
_setjmp3
_purecall
memset
wcscmp
strlen
wcslen
memcmp
memmove
memcpy
_CxxThrowException
__CxxFrameHandler
??_V@YAXPAX@Z
??3@YAXPAX@Z

Sections

.text
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

CONST
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

_TEXT
Size: 664KB - Virtual size: 661KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

xdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

text
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

_BSS
Size: - Virtual size: 245B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_DATA
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

CRT
Size: 4KB - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
wprokey.exe
.exe windows:4 windows x86 arch:x86

24f3d924b6ffda5e547e8d81228c915f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

InterlockedDecrement
InterlockedIncrement
GetModuleHandleA
GetStartupInfoA

pk81

ord3838
ord11500
ord20591
ord4865
ord7539
ord18340
ord20796
ord1546
ord4084
ord18584
ord14378
ord18980
ord2154
ord20745
ord10651
ord816
ord8307
ord5335
ord6372
ord3362
ord10731
ord1523
ord12281
ord5636
ord15280
ord11419
ord15917
ord8534
ord18142
ord16359
ord1414
ord89
ord20479
ord16690
ord7720
ord19151
ord20807
ord2823
ord14595
ord9697
ord17161
ord7798
ord7911
ord20005
ord4146
ord6070
ord13650
ord982
ord233
ord15824
ord9921
ord10247
ord15077
ord19448
ord5998
ord2355
ord4773
ord232
ord2472
ord4150
ord15668
ord20003
ord21085
ord19111
ord8175
ord6069
ord15898
ord13716
ord15242
ord12967
ord4855
ord12239
ord1708
ord4716
ord10282
ord15686
ord19748
ord12280
ord5810
ord398
ord12445
ord19600
ord55
ord17156
ord2564
ord908
ord14873
ord7253
ord15306
ord16648
ord16021
ord10993
ord12000
ord75
ord10005
ord4604
ord10988
ord4352
ord16543
ord11004
ord4343
ord21416
ord7074
ord7891
ord10373
ord12067
ord6998
ord20689
ord3761
ord14116

msvcr71

_controlfp
_onexit
__dllonexit
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_amsg_exit
_acmdln
exit
_cexit
_ismbblead
_XcptFilter
_exit
_c_exit
??1type_info@@UAE@XZ
_except_handler3
?terminate@@YAXXZ
??0exception@@QAE@ABV0@@Z
??1exception@@UAE@XZ
??0exception@@QAE@ABQBD@Z
?what@exception@@UBEPBDXZ
_callnewh
malloc
__CxxLongjmpUnwind
_setjmp3
strlen
memcmp
_purecall
_CxxThrowException
__CxxFrameHandler
??_V@YAXPAX@Z
??3@YAXPAX@Z

Sections

.text
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

CONST
Size: 4KB - Virtual size: 717B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

_TEXT
Size: 108KB - Virtual size: 107KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

xdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

text
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 264B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_DATA
Size: 4KB - Virtual size: 150B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
zipkey.exe
.exe windows:4 windows x86 arch:x86

abe4cb6ac56af414d5811e421688934b

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

InterlockedDecrement
InterlockedIncrement
GetModuleHandleA
GetStartupInfoA

user32

EndDialog
SetWindowLongA
GetDlgItemTextA
SetDlgItemTextA
GetDlgItem
DialogBoxParamA
ShowWindow
EnableWindow

pk81

ord4509
ord14191
ord13891
ord15980
ord1974
ord6729
ord19091
ord5307
ord7219
ord982
ord5335
ord6372
ord3362
ord7814
ord5036
ord4989
ord21204
ord17845
ord3428
ord129
ord16930
ord1928
ord16021
ord11775
ord16089
ord16803
ord2402
ord10993
ord17741
ord17943
ord19910
ord9658
ord2052
ord5101
ord18622
ord18142
ord8307
ord1523
ord10731
ord12281
ord15280
ord5636
ord15917
ord11419
ord6998
ord8534
ord16690
ord14116
ord20479
ord16359
ord1414
ord89
ord20807
ord2823
ord14595
ord8616
ord2799
ord21195
ord20362
ord147
ord6595
ord11672
ord8958
ord13716
ord4150
ord6069
ord15898
ord6843
ord21430
ord10988
ord13828
ord20003
ord4352
ord15668
ord18378
ord3232
ord232
ord7598
ord4468
ord7038
ord10899
ord9873
ord527
ord20501
ord19562
ord17668
ord11171
ord11796
ord3919
ord18463
ord17317
ord21058
ord10880
ord4428
ord233
ord14392
ord15824
ord19799
ord9693
ord3971
ord19212
ord4359
ord9335
ord20591
ord2689
ord7253
ord14873
ord8596
ord2564
ord17156
ord55
ord19600
ord12445
ord398
ord5810
ord12280
ord19748
ord15686
ord4716
ord12239
ord19151
ord15414
ord13374
ord14771
ord6999
ord15401
ord16009
ord4865
ord7539
ord18340
ord20796
ord1546
ord4084
ord18584
ord6417
ord9193
ord12071
ord19793
ord9697
ord17161
ord7798
ord7911
ord20005
ord4146
ord6070
ord13650
ord13203
ord18980
ord9921
ord10247
ord15077
ord19448
ord5998
ord17306
ord4773
ord17917
ord20863
ord20745
ord17597
ord816
ord2472
ord21085
ord2668
ord19111
ord8175
ord15242
ord12967
ord4855
ord111
ord2849
ord9983
ord10483
ord10019
ord2400
ord14916
ord9127
ord21238
ord2578
ord9090
ord6496
ord17985
ord20271
ord9560
ord18367
ord11649
ord2923
ord8795
ord8801
ord1475
ord2975
ord15636
ord6465
ord142
ord3174
ord2616
ord10487
ord15762
ord4762
ord1043
ord8094
ord16771
ord17951
ord10448
ord19363
ord6593
ord12985
ord7076
ord11912
ord6199
ord5135
ord12348
ord7247
ord14052
ord5175
ord11641
ord11363
ord3249
ord10012
ord4846
ord20481
ord3640
ord15924
ord6799
ord3002
ord511
ord16875
ord19657
ord2695
ord5378
ord12800
ord966
ord9917
ord10005
ord6508
ord9339
ord12162
ord14943
ord1968
ord4608
ord1761
ord19805
ord20576
ord11468
ord5197
ord8907
ord1171
ord873
ord3463
ord19420
ord75
ord12000
ord11149
ord15511
ord4604
ord8364
ord16544
ord7720
ord16243
ord12691
ord544
ord8185
ord9166
ord13565
ord16597
ord5230
ord13738
ord9606
ord20370
ord20736
ord13427
ord16543
ord9226
ord21253
ord6475
ord14593
ord13972
ord4343
ord21416
ord7074
ord7891
ord10373
ord15020
ord8018
ord6533
ord11004
ord7080
ord12058
ord12067
ord20689
ord19201
ord14995
ord15856
ord10634
ord3287
ord949
ord9747
ord3761
ord11500
ord3440

msvcr71

_controlfp
??_V@YAXPAX@Z
__CxxFrameHandler
strlen
_CxxThrowException
_purecall
memset
memcpy
_onexit
__dllonexit
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_amsg_exit
_acmdln
exit
_cexit
_ismbblead
_XcptFilter
_exit
_c_exit
??1type_info@@UAE@XZ
_except_handler3
?terminate@@YAXXZ
??0exception@@QAE@ABV0@@Z
??1exception@@UAE@XZ
??0exception@@QAE@ABQBD@Z
?what@exception@@UBEPBDXZ
_callnewh
malloc
memcmp
strcmp
strchr
memmove
strtoul
__CxxLongjmpUnwind
_setjmp3
log
??3@YAXPAX@Z

Sections

.text
Size: 152KB - Virtual size: 149KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

CONST
Size: 4KB - Virtual size: 678B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

_TEXT
Size: 96KB - Virtual size: 95KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

xdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

_BSS
Size: - Virtual size: 4B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 40KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_DATA
Size: 4KB - Virtual size: 220B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

18bc6fa81e19f21156316b1ae696ed6b

Code Sign

e0:9f:88:1b:1e:12:ac:c6:39:14:f1:f0:f5:6d:35:6aCertificate

Extended Key Usages

Key Usages

01:65:dd:b5:c1:26:1a:cc:00:46:ae:f3:76:7d:d0:80:f6:c3:d4:56Signer

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 22KB - Virtual size: 22KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 1024B - Virtual size: 108KB

.ndata Size: - Virtual size: 40KB

.rsrc Size: 3KB - Virtual size: 3KB

57354bdeea3dfae6e948101add87501a

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

comdlg32

Exports

Exports

Sections

.text Size: 6KB - Virtual size: 6KB

.rdata Size: 2KB - Virtual size: 1KB

.data Size: 1KB - Virtual size: 9KB

.rsrc Size: 512B - Virtual size: 152B

.reloc Size: 1024B - Virtual size: 954B

28d94e5199b88ad374b3cb2118e31a66

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

Exports

Exports

Sections

.text Size: 2KB - Virtual size: 2KB

.rdata Size: 1KB - Virtual size: 1KB

.data Size: 512B - Virtual size: 5KB

.rsrc Size: 512B - Virtual size: 296B

.reloc Size: 512B - Virtual size: 460B

7a1b2222bcad8848ee1e1190f24f1473

Headers

File Characteristics

Imports

kernel32

advapi32

user32

gdi32

shell32

Exports

Exports

Sections

.text Size: 156KB - Virtual size: 154KB

.rdata Size: 40KB - Virtual size: 37KB

.data Size: 8KB - Virtual size: 12KB

.reloc Size: 20KB - Virtual size: 19KB

a3eecdd6d0d99f707a43cc473fd4d066

Headers

File Characteristics

e0:9f:88:1b:1e:12:ac:c6:39:14:f1:f0:f5:6d:35:6a
Certificate

01:65:dd:b5:c1:26:1a:cc:00:46:ae:f3:76:7d:d0:80:f6:c3:d4:56
Signer

.text
Size: 22KB - Virtual size: 22KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 1024B - Virtual size: 108KB

.ndata
Size: - Virtual size: 40KB

.rsrc
Size: 3KB - Virtual size: 3KB

.text
Size: 6KB - Virtual size: 6KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 1KB - Virtual size: 9KB

.rsrc
Size: 512B - Virtual size: 152B

.reloc
Size: 1024B - Virtual size: 954B

.text
Size: 2KB - Virtual size: 2KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: 512B - Virtual size: 5KB

.rsrc
Size: 512B - Virtual size: 296B

.reloc
Size: 512B - Virtual size: 460B

.text
Size: 156KB - Virtual size: 154KB

.rdata
Size: 40KB - Virtual size: 37KB

.data
Size: 8KB - Virtual size: 12KB

.reloc
Size: 20KB - Virtual size: 19KB

.text
Size: 8KB - Virtual size: 5KB

CONST
Size: 4KB - Virtual size: 729B

_TEXT
Size: 152KB - Virtual size: 148KB

xdata
Size: 4KB - Virtual size: 2KB

text
Size: 4KB - Virtual size: 2KB

_BSS
Size: - Virtual size: 1024B

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 4KB - Virtual size: 152B

_DATA
Size: 4KB - Virtual size: 506B

.rsrc
Size: 20KB - Virtual size: 19KB

.text
Size: 132KB - Virtual size: 128KB

CONST
Size: 4KB - Virtual size: 530B

_TEXT
Size: 68KB - Virtual size: 65KB

xdata
Size: 4KB - Virtual size: 972B

text
Size: 4KB - Virtual size: 560B

.rdata
Size: 28KB - Virtual size: 24KB

.data
Size: 4KB - Virtual size: 820B

_DATA
Size: 4KB - Virtual size: 116B

.rsrc
Size: 28KB - Virtual size: 27KB

.text
Size: 48KB - Virtual size: 47KB

CONST
Size: 4KB - Virtual size: 582B

_TEXT
Size: 160KB - Virtual size: 156KB

xdata
Size: 4KB - Virtual size: 3KB

text
Size: 8KB - Virtual size: 4KB

.rdata
Size: 16KB - Virtual size: 14KB

.data
Size: 4KB - Virtual size: 436B

_DATA
Size: 4KB - Virtual size: 140B

.rsrc
Size: 20KB - Virtual size: 19KB

.text
Size: 20KB - Virtual size: 19KB

CONST
Size: 1024B - Virtual size: 549B

_TEXT
Size: 11KB - Virtual size: 10KB

.rdata
Size: 6KB - Virtual size: 6KB

.data
Size: 2KB - Virtual size: 4KB

_DATA
Size: 512B - Virtual size: 16B

.reloc
Size: 4KB - Virtual size: 4KB