29a-6[.]zip | Triage

Sharing

Copy URL Twitter E-mail

General

Target

29a-6.zip
Size

4.3MB
MD5

db50de49f37d920968a278683bd073b0
SHA1

b43d44c8d5f3e15d35c1724e915c0f3b3d4cfe6d
SHA256

89ab8ee25b99f448e23f00fe6eafe7daed51da8a1d4ffbf2322d1825742ce608
SHA512

9cc649751ac8cfa77d5302884f4b79b18241a9e2ff91b2aec72bd14846146cb4c82cdf2306392a6ada3036e268eafbf4bb831d01ca9eac7750c8006b6d201cf3
SSDEEP

98304:0FEDdT5CC5b8SzWrH7C/g+zY7bmmpqudLz8Pjh3oLtuI+:0FvjGKjdgjB8wI+

Score

3^/10

Malware Config

Signatures

Unsigned PE 12 IoCs

Checks for missing Authenticode signature.

resource
unpack001/29A-6.EXE
unpack005/universe.EXE
unpack005/utils/bin2inc.EXE
unpack005/utils/cryptkey.EXE
unpack005/utils/encr.exe
unpack005/utils/telock51/telock51.EXE
unpack006/WINUX.EXE
unpack007/NOTEPAD.EXE
unpack008/MLINK32.EXE
unpack009/NOTEPAD.EXE
unpack001/Config/SECRET.DLL
unpack001/XAUDIO.DLL

Files

29a-6.zip
.zip
29A-6.EXE
.exe windows:4 windows x86 arch:x86

e2c53d427eaa3fd5a9071ee2782c70f3

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

xaudio

player_delete
control_message_send
control_win32_params_to_message
player_new
xaudio_get_version
player_new_ext

kernel32

OpenFile
CloseHandle
VirtualAlloc
VirtualFree
ReadFile
lstrcpyA
GetPrivateProfileStringA
WritePrivateProfileStringA
LoadLibraryA
GetCurrentDirectoryA
FreeLibrary
GetProcAddress
GetPrivateProfileIntA
GetTickCount
GetVersionExA
Sleep
CreateFileA
GetFileSize
GetCurrentThreadId
GetStringTypeW
GetStringTypeA
LCMapStringA
MultiByteToWideChar
GetOEMCP
GetACP
GetCPInfo
SetFilePointer
GetLastError
IsBadCodePtr
IsBadReadPtr
WriteFile
GetFileType
GetStdHandle
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
WideCharToMultiByte
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsBadWritePtr
HeapReAlloc
LCMapStringW
HeapDestroy
GetEnvironmentVariableA
FlushFileBuffers
SetUnhandledExceptionFilter
ExitProcess
GetModuleFileNameA
GetCommandLineA
GetStartupInfoA
GetVersion
HeapAlloc
HeapFree
GetModuleHandleA
RtlUnwind
SetStdHandle
RaiseException
HeapCreate

user32

InvalidateRect
MessageBoxA
GetWindowLongA
SetWindowLongA
DefWindowProcA
UnregisterClassA
CreateWindowExA
RegisterClassA
GetMessageA
DestroyWindow
DispatchMessageA
LoadCursorA
TranslateMessage
PeekMessageA
UpdateWindow
LoadIconA
ShowWindow
GetWindowPlacement
DrawIcon
EndDialog
GetDlgItemTextA
GetUpdateRect
SetWindowTextA
SetWindowPos
GetSystemMenu
AppendMenuA
CallWindowProcA
LoadImageA
GetDC
ReleaseDC
IsWindowVisible
BringWindowToTop
BeginPaint
GetClientRect
EndPaint
PostQuitMessage
SendMessageA
EnableWindow
SetFocus
DialogBoxParamA
SystemParametersInfoA

gdi32

CreateSolidBrush
DeleteDC
DeleteObject
CreateHalftonePalette
CreatePalette
GetDIBColorTable
SelectObject
CreateCompatibleDC
GetObjectA
BitBlt
StretchBlt
RealizePalette
SelectPalette
GetDeviceCaps
CreateCompatibleBitmap
GetClipBox
CreateFontIndirectA

comctl32

ImageList_Create
ImageList_SetBkColor
ImageList_ReplaceIcon
ord17

shell32

Shell_NotifyIconA
ShellExecuteA

Sections

.text
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
29A-6.IDX
Articles/29A-6.001
Articles/29A-6.002
Articles/29A-6.003
Articles/29A-6.004
Articles/29A-6.005
Articles/29A-6.006
Articles/29A-6.007
.vbs
Articles/29A-6.008
Articles/29A-6.009
Articles/29A-6.010
Articles/29A-6.011
Articles/29A-6.012
Articles/29A-6.013
.js
Articles/29A-6.014
.vbs
Articles/29A-6.015
Articles/29A-6.016
Articles/29A-6.017
Articles/29A-6.018
Articles/29A-6.019
.vbs
Articles/29A-6.021
Articles/29A-6.022
.js
Articles/29A-6.023
Articles/29A-6.024
Articles/29A-6.025
Binaries/Anonymous/HASHES.RAR
.rar
gost_hash.inc
gosthash.asm
haval.asm
ihash-pl-src.rar
.rar
base/ihash.c
base/make.bat
plugins-eng.fmt
plugins-rus.fmt
plugins/GOSTHASH/gosthash-pl.c
plugins/GOSTHASH/gosthash-pl.def
plugins/GOSTHASH/gosthash.asm
plugins/GOSTHASH/makeall.bat
plugins/HAVAL/haval-pl.c
plugins/HAVAL/haval-pl.def
plugins/HAVAL/haval.asm
plugins/HAVAL/makeall.bat
plugins/MD2/makeall.bat
plugins/MD2/md2-pl.c
plugins/MD2/md2-pl.def
plugins/MD2/md2hash.asm
plugins/MD4/makeall.bat
plugins/MD4/md4-pl.c
plugins/MD4/md4-pl.def
plugins/MD4/md4hash.asm
plugins/MD5/makeall.bat
plugins/MD5/md5-pl.c
plugins/MD5/md5-pl.def
plugins/MD5/md5hash.asm
plugins/RIPEMD/makeall.bat
plugins/RIPEMD/ripemd128.asm
plugins/RIPEMD/ripemd160.asm
plugins/RIPEMD/rmd128-pl.c
plugins/RIPEMD/rmd128.def
plugins/RIPEMD/rmd160-pl.c
plugins/RIPEMD/rmd160.def
plugins/SHA/makeall.bat
plugins/SHA/sha160.asm
plugins/SHA/sha160_pl.def
plugins/SHA/sha235.c
plugins/SHA/sha235.h
plugins/SHA/sha235_plugin.c
plugins/SHA/sha235_plugin.h
plugins/SHA/sha235_test.c
plugins/SHA/sha256_pl.def
plugins/SHA/sha384_pl.def
plugins/SHA/sha512_pl.def
md2_hash.inc
md2hash.asm
md4_hash.inc
md4hash.asm
md5_hash.inc
md5hash.asm
ripemd-128.inc
ripemd128.asm
ripemd160.asm
sha160.asm
sha160.inc
shf_hash.inc
shfhash.asm
Binaries/Anonymous/MWORM.ZIP
Binaries/Benny/DOB.ZIP
Binaries/Benny/DOTNET.ZIP
Binaries/Benny/KETAMINE.ZIP
Binaries/Benny/NEXT.ZIP
.zip
NEXT.RES
Binaries/Benny/UNIVERSE.RAR
.rar
compile.bat
dll/dllz.def
dll/feedback.DLL
dll/feedback.asm
dll/mail.DLL
dll/mail.asm
dll/mirc.DLL
dll/mirc.asm
dll/payload.DLL
dll/payload.asm
dll/rar.DLL
dll/rar.asm
dll/universe.b64
key.inc
key_pp.inc
universe.EXE
.exe windows:1 windows x86 arch:x86

5b50c62fb0f4364c2d15e846bc2ba9a3

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

GetProcAddress
GetModuleHandleA
LoadLibraryA
ExitProcess
VirtualAlloc
VirtualFree
CreateMutexA

user32

MessageBoxA

Sections

UnIvErSe
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UnIvErSe
Size: 512B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UnIvErSe
Size: 1024B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UnIvErSe
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
universe.asm
universe.def
universe.res
universe.txt
useful.inc
utils/bin2inc.EXE
.exe windows:1 windows x86 arch:x86

489df1680b4077e756545d3eb62b6a82

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

CreateFileA
ExitProcess
GetCommandLineA
GetFileSize
ReadFile
WriteFile
CloseHandle

Sections

CODE
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

DATA
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
utils/bin2inc.asm
utils/crypt.key
utils/crypt_pp.key
utils/cryptkey.EXE
.exe windows:1 windows x86 arch:x86

ce772902500f931adf43710a80932780

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

advapi32

CryptExportKey
CryptGetUserKey
CryptGenKey
CryptAcquireContextA

kernel32

CreateFileA
ExitProcess
CloseHandle
WriteFile

Sections

CODE
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

DATA
Size: - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
utils/cryptkey.asm
utils/encr.asm
utils/encr.exe
.exe windows:1 windows x86 arch:x86

d44bf7e9ca908ce1cac83460a15f3ebb

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

MapViewOfFile
GetFileSize
UnmapViewOfFile
CloseHandle
CreateFileA
CreateFileMappingA
ExitProcess
GetCommandLineA

advapi32

CryptImportKey
CryptEncrypt
CryptGetUserKey
CryptAcquireContextA

Sections

CODE
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

DATA
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
utils/telock51/ReadMe.txt
utils/telock51/file_id.diz
utils/telock51/telock.ini
utils/telock51/telock51.EXE
.exe windows:1 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

.upx
Size: - Virtual size: 60KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.upx
Size: 25KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
win32api.inc
Binaries/Benny/WINUX.ZIP
.zip
WINUX.EXE
.exe windows:1 windows x86 arch:x86

f9ade0aa18f660a34a4fa23392e21838

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

ExitProcess

Sections

CODE
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

DATA
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Binaries/Bumblebee/BEEFREE.ZIP
.zip
NOTEPAD.EXE
.exe windows:4 windows x86 arch:x86

62cf9425408854bd87e995a446c180b9

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

shell32

ShellExecuteA
DragAcceptFiles
ShellAboutA
SHGetSpecialFolderPathA
DragQueryFileA
DragFinish

kernel32

DeleteFileA
_lcreat
_lopen
_lwrite
LocalUnlock
_llseek
LocalFree
LocalAlloc
_lclose
GlobalAlloc
GetLocalTime
GetTimeFormatA
GetDateFormatA
lstrcmpiA
GetStartupInfoA
GetModuleHandleA
ExitProcess
lstrcpynA
LocalLock
LocalReAlloc
GetProfileStringA
RtlMoveMemory
lstrlenA
FindClose
lstrcmpA
FindFirstFileA
CreateFileA
lstrcatA
GetLastError
GetLocaleInfoA
MulDiv
lstrcpyA
GlobalUnlock
GlobalFree
GetCommandLineA
_lread
GlobalLock

user32

wsprintfA
CloseClipboard
IsClipboardFormatAvailable
OpenClipboard
GetMenu
LoadStringA
LoadAcceleratorsA
GetSystemMenu
RegisterWindowMessageA
SetWindowLongA
CreateWindowExA
LoadCursorA
RegisterClassExA
GetSystemMetrics
UpdateWindow
CharPrevA
GetClientRect
PeekMessageA
SetDlgItemTextA
TabbedTextOutA
CreateDialogParamA
EnableWindow
GetWindowTextA
SendDlgItemMessageA
GetDlgCtrlID
ChildWindowFromPoint
ScreenToClient
GetCursorPos
GetDlgItemTextA
GetSubMenu
CheckMenuItem
CharNextA
IsDialogMessageA
TranslateAcceleratorA
TranslateMessage
PostQuitMessage
IsIconic
DestroyWindow
MessageBeep
MessageBoxA
DefWindowProcA
EnableMenuItem
GetLastActivePopup
ShowWindow
EndDialog
SetForegroundWindow
WinHelpA
LoadIconA
GetDC
ReleaseDC
SetCursor
SendMessageA
GetFocus
PostMessageA
SetFocus
InvalidateRect
MoveWindow
DispatchMessageA
GetMessageA
SetWindowTextA

gdi32

GetStockObject
GetObjectA
GetDeviceCaps
SelectObject
DeleteObject
AbortDoc
EndDoc
DeleteDC
StartPage
StartDocA
EndPage
GetTextExtentPointA
CreateFontA
SetAbortProc
SetBkMode
SetMapMode
GetTextMetricsA
SetWindowExtEx
SetViewportExtEx
LPtoDP
CreateDCA
GetTextCharset
CreateFontIndirectA

comdlg32

GetOpenFileNameA
ChooseFontA
FindTextA
PageSetupDlgA
GetSaveFileNameA
CommDlgExtendedError
GetFileTitleA

advapi32

RegSetValueExA
RegQueryValueExA
RegCloseKey
RegOpenKeyA
RegCreateKeyA

Sections

.text
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Binaries/Bumblebee/BRSHWORM.ZIP
Binaries/Bumblebee/DOCWORM.ZIP
Binaries/Bumblebee/LILDEVIL.ZIP
.zip
MLINK32.EXE
.exe windows:1 windows x86 arch:x86

c3b0cb340b9064d5b99a6b8117a59195

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

CloseHandle
CreateFileA
DeleteFileA
EnterCriticalSection
ExitProcess
FreeLibrary
GetACP
GetCPInfo
GetCommandLineA
GetCurrentThreadId
GetDateFormatA
GetEnvironmentStrings
GetFileAttributesA
GetFileType
GetLastError
GetLocalTime
GetModuleFileNameA
GetModuleHandleA
GetPrivateProfileStringA
GetProcAddress
GetStartupInfoA
GetStdHandle
GetStringTypeW
GetVersion
GetVersionExA
GlobalMemoryStatus
InitializeCriticalSection
LeaveCriticalSection
LoadLibraryA
LocalAlloc
LocalFree
MultiByteToWideChar
RaiseException
ReadFile
RtlUnwind
SetConsoleCtrlHandler
SetErrorMode
SetFilePointer
SetHandleCount
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
UnhandledExceptionFilter
VirtualAlloc
VirtualFree
WideCharToMultiByte
WinExec
WriteFile
WritePrivateProfileStringA

comdlg32

GetOpenFileNameA

gdi32

GetStockObject

user32

BeginPaint
BringWindowToTop
CheckDlgButton
CreateWindowExA
DdeAccessData
DdeClientTransaction
DdeConnect
DdeCreateDataHandle
DdeCreateStringHandleA
DdeDisconnect
DdeFreeDataHandle
DdeFreeStringHandle
DdeInitializeA
DdeUnaccessData
DdeUninitialize
DefWindowProcA
DestroyIcon
DestroyWindow
DialogBoxParamA
DispatchMessageA
DrawIcon
EndDialog
EndPaint
EnumThreadWindows
FindWindowA
GetDesktopWindow
GetDlgItem
GetMessageA
GetWindowRect
IsDlgButtonChecked
LoadCursorA
LoadIconA
MessageBeep
MessageBoxA
PostMessageA
PostQuitMessage
RegisterClassA
SendDlgItemMessageA
SetFocus
SetWindowPos
SetWindowTextA
ShowWindow
TranslateMessage
UnregisterClassA
UpdateWindow
wsprintfA

Exports

Exports

@__lockDebuggerData$qv
@__unlockDebuggerData$qv
DDECallback
FileHook
MainWndProc
__DebuggerHookData
__GetExceptDLLinfo
___CPPdebugHook

Sections

.text
Size: 47KB - Virtual size: 48KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.edata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 144KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Binaries/Bumblebee/MINIR3B.ZIP
.zip
NOTEPAD.EXE
.exe windows:4 windows x86 arch:x86

62cf9425408854bd87e995a446c180b9

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

shell32

ShellExecuteA
DragAcceptFiles
ShellAboutA
SHGetSpecialFolderPathA
DragQueryFileA
DragFinish

kernel32

DeleteFileA
_lcreat
_lopen
_lwrite
LocalUnlock
_llseek
LocalFree
LocalAlloc
_lclose
GlobalAlloc
GetLocalTime
GetTimeFormatA
GetDateFormatA
lstrcmpiA
GetStartupInfoA
GetModuleHandleA
ExitProcess
lstrcpynA
LocalLock
LocalReAlloc
GetProfileStringA
RtlMoveMemory
lstrlenA
FindClose
lstrcmpA
FindFirstFileA
CreateFileA
lstrcatA
GetLastError
GetLocaleInfoA
MulDiv
lstrcpyA
GlobalUnlock
GlobalFree
GetCommandLineA
_lread
GlobalLock

user32

wsprintfA
CloseClipboard
IsClipboardFormatAvailable
OpenClipboard
GetMenu
LoadStringA
LoadAcceleratorsA
GetSystemMenu
RegisterWindowMessageA
SetWindowLongA
CreateWindowExA
LoadCursorA
RegisterClassExA
GetSystemMetrics
UpdateWindow
CharPrevA
GetClientRect
PeekMessageA
SetDlgItemTextA
TabbedTextOutA
CreateDialogParamA
EnableWindow
GetWindowTextA
SendDlgItemMessageA
GetDlgCtrlID
ChildWindowFromPoint
ScreenToClient
GetCursorPos
GetDlgItemTextA
GetSubMenu
CheckMenuItem
CharNextA
IsDialogMessageA
TranslateAcceleratorA
TranslateMessage
PostQuitMessage
IsIconic
DestroyWindow
MessageBeep
MessageBoxA
DefWindowProcA
EnableMenuItem
GetLastActivePopup
ShowWindow
EndDialog
SetForegroundWindow
WinHelpA
LoadIconA
GetDC
ReleaseDC
SetCursor
SendMessageA
GetFocus
PostMessageA
SetFocus
InvalidateRect
MoveWindow
DispatchMessageA
GetMessageA
SetWindowTextA

gdi32

GetStockObject
GetObjectA
GetDeviceCaps
SelectObject
DeleteObject
AbortDoc
EndDoc
DeleteDC
StartPage
StartDocA
EndPage
GetTextExtentPointA
CreateFontA
SetAbortProc
SetBkMode
SetMapMode
GetTextMetricsA
SetWindowExtEx
SetViewportExtEx
LPtoDP
CreateDCA
GetTextCharset
CreateFontIndirectA

comdlg32

GetOpenFileNameA
ChooseFontA
FindTextA
PageSetupDlgA
GetSaveFileNameA
CommDlgExtendedError
GetFileTitleA

advapi32

RegSetValueExA
RegQueryValueExA
RegCloseKey
RegOpenKeyA
RegCreateKeyA

Sections

.text
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Binaries/Bumblebee/SOLARIS.ZIP
.zip
Binaries/DoxtorL/P-ADIC19.ZIP
Binaries/GWI/EXAMPLES.ZIP
Binaries/GriYo/Yello Fever.ZIP
Binaries/Ivan/VAMPIRO.ZIP
Binaries/LiteSys/PLEXAR.ZIP
Binaries/LiteSys/RUDRA.ZIP
Binaries/Mental Driller/METAPHOR.ZIP
Binaries/NBK/AVEXP.ZIP
.zip
Binaries/NBK/BINLADEN.ZIP
Binaries/Necr0mancer/SOCIETY.ZIP
.zip
Binaries/PETERS/HUNTING.ZIP
.zip
Binaries/Pavel/A.ZIP
Binaries/Pavel/ELFWRSEC.ZIP
.zip
Binaries/PetiK/MALOTEYA.ZIP
Binaries/RTC/SONIA.ZIP
Binaries/Radix16/grifin.zip
Binaries/Ratter/JOSS.ZIP
Binaries/Ratter/TAICHI.ZIP
.zip
Binaries/Rohitab/BLACKBAT.ZIP
Binaries/Roy/CHTHON.ZIP
Binaries/Roy/EFISHNC.ZIP
Binaries/Roy/GEMINI.ZIP
Binaries/Roy/OU812.ZIP
Binaries/Roy/SHRUG.ZIP
.zip
Binaries/Siilex/VC.ZIP
.zip
Binaries/Spanska/OPENGL.ZIP
.zip
Binaries/Spanska/SPRITES.ZIP
.zip
Binaries/Vecna/LEXO32.ZIP
.zip
Binaries/Vecna/MUAZZIN.ZIP
.zip
Binaries/Vecna/RAMONES.RAR
.rar
Binaries/WhiteHead/CGAGF.ZIP
.zip
Binaries/Z0MBiE/ADE202.ZIP
.zip
Binaries/Z0MBiE/AVP4SRU.ZIP
.zip
Binaries/Z0MBiE/EXAMPLO.ZIP
Binaries/Z0MBiE/IISLOG.ZIP
Binaries/Z0MBiE/INFISO.ZIP
Binaries/Z0MBiE/INMEM.ZIP
.zip
Binaries/Z0MBiE/KME552.ZIP
.zip
Binaries/Z0MBiE/MISTFALL.ZIP
.zip
Binaries/Z0MBiE/PGN2B30.RAR
.rar
Binaries/Z0MBiE/TFTPSERV.ZIP
Binaries/Z0MBiE/WSOCKLOG.ZIP
.zip
Binaries/Z0MBiE/Z10D.ZIP
.zip
Binaries/Z0MBiE/ZFTP.ZIP
.zip
Binaries/Zert/EXAMPLES.ZIP
Binaries/ZhugeJin/LIME-GEN.ZIP
Config/BG.BMP
Config/MUSIC.MP3
Config/SDATA.29A
Config/SECRET.DLL
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

SecretAreaClose
SecretAreaDraw
SecretAreaInit
SecretAreaKey
SecretAreaTick

Sections

Size: 15KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 2KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 45KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Config/reader.ini
Editorial/29A-6.001
Editorial/29A-6.002
Editorial/29A-6.003
Editorial/29A-6.004
Editorial/29A-6.005
Editorial/29A-6.006
Editorial/29A-6.007
Editorial/29A-6.008
Editorial/29A-6.009
Editorial/29A-6.010
.js
Editorial/29A-6.011
Editorial/29A-6.012
FILE_ID.DIZ
Utilities/29A-6.001
.vbs
Utilities/29A-6.002
Utilities/29A-6.003
Utilities/29A-6.004
.vbs
Utilities/29A-6.005
Utilities/29A-6.006
.js
Utilities/29A-6.007
Utilities/29A-6.008
Utilities/29A-6.009
Utilities/29A-6.010
Utilities/29A-6.011
Utilities/29A-6.012
Utilities/29A-6.013
Utilities/29A-6.014
Utilities/29A-6.015
.vbs
Utilities/29A-6.016
Utilities/29A-6.017
Utilities/29A-6.018
Utilities/29A-6.019
Viruses/Misc/29A-6.001
Viruses/Misc/29A-6.003
Viruses/Misc/29A-6.004
Viruses/Misc/29A-6.005
Viruses/Misc/29A-6.006
Viruses/Misc/29A-6.007
Viruses/Misc/29A-6.008
Viruses/Misc/29A-6.009
.vbs
Viruses/Misc/29A-6.010
Viruses/Misc/29A-6.011
Viruses/Misc/29A-6.012
.vbs
Viruses/Misc/29A-6.013
Viruses/Misc/29A-6.014
Viruses/Win32/29A-6.001
.vbs
Viruses/Win32/29A-6.002
Viruses/Win32/29A-6.003
Viruses/Win32/29A-6.004
Viruses/Win32/29A-6.006
Viruses/Win32/29A-6.007
Viruses/Win32/29A-6.008
.vbs
Viruses/Win32/29A-6.009
Viruses/Win32/29A-6.010
Viruses/Win32/29A-6.011
Viruses/Win32/29A-6.012
Viruses/Win32/29A-6.013
Viruses/Win32/29A-6.014
.vbs
Viruses/Win32/29A-6.015
Viruses/Win32/29A-6.016
Viruses/Win32/29A-6.017
Viruses/Win32/29A-6.018
Viruses/Win9x/29A-6.001
Viruses/Win9x/29A-6.002
Viruses/Win9x/29A-6.003
Viruses/Win9x/29A-6.004
Viruses/Win9x/29A-6.005
Viruses/Win9x/29A-6.006
Viruses/Win9x/29A-6.007
Viruses/WinNT/29A-6.001
.vbs
Viruses/WinNT/29A-6.002
.vbs
Viruses/WinNT/29A-6.003
Viruses/WinNT/29A-6.004
XAUDIO.DLL
.dll windows:4 windows x86 arch:x86

fabdab54ef4d4a6befc9aa0ff00b2460

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LCMapStringA
SetThreadPriority
CloseHandle
WaitForSingleObject
GetCurrentThreadId
GetCurrentThread
CreateEventA
SetEvent
GetModuleHandleA
GetThreadPriority
GetExitCodeThread
CreateThread
LoadLibraryA
GetProcAddress
GetCommandLineA
GetVersion
HeapFree
HeapAlloc
GetLastError
TlsSetValue
ExitThread
EnterCriticalSection
LeaveCriticalSection
GetTimeZoneInformation
GetSystemTimeAsFileTime
ExitProcess
TerminateProcess
GetCurrentProcess
TlsAlloc
TlsFree
SetLastError
TlsGetValue
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
WriteFile
VirtualAlloc
HeapReAlloc
InitializeCriticalSection
RtlUnwind
UnhandledExceptionFilter
ReadFile
SetFilePointer
InterlockedDecrement
InterlockedIncrement
GetCPInfo
GetACP
GetOEMCP
CreateFileA
FlushFileBuffers
SetStdHandle
MultiByteToWideChar
Sleep
LCMapStringW
GetStringTypeA
GetStringTypeW
SetEndOfFile
CompareStringA
CompareStringW
SetEnvironmentVariableA
FileTimeToLocalFileTime
GetFileInformationByHandle
FileTimeToSystemTime
PeekNamedPipe

user32

SetWindowLongA
CreateWindowExA
RegisterClassA
PostThreadMessageA
DestroyWindow
PostMessageA
DispatchMessageA
TranslateMessage
GetMessageA
MsgWaitForMultipleObjects
PeekMessageA
UnregisterClassA
DefWindowProcA
GetWindowLongA

winmm

waveOutGetVolume
waveOutUnprepareHeader
waveOutReset
waveOutSetPlaybackRate
waveOutRestart
mixerGetLineControlsA
mixerGetLineInfoA
mixerClose
waveOutGetNumDevs
mixerOpen
mixerSetControlDetails
waveOutSetVolume
mixerGetDevCapsA
mixerGetControlDetailsA
waveOutWrite
waveOutPrepareHeader
waveOutGetPosition
waveOutGetDevCapsA
waveOutOpen
waveOutClose
waveOutPause

wsock32

htonl
recvfrom
select
ntohl
ntohs
getsockname
closesocket
accept
listen
bind
recv
htons
socket
gethostbyname
WSAGetLastError
connect
sendto
send
WSACleanup
WSAStartup

Exports

Exports

audio_output_module_register
control_message_get
control_message_send
control_message_send_I
control_message_send_II
control_message_send_III
control_message_send_IIII
control_message_send_IPI
control_message_send_N
control_message_send_P
control_message_send_S
control_message_send_SI
control_message_send_SS
control_message_to_win32_params
control_message_wait
control_procedure_delete
control_procedure_new
control_procedure_set_priority
control_win32_params_to_message
decoder_add_environment_listener
decoder_codec_get_channels
decoder_codec_get_equalizer
decoder_codec_get_quality
decoder_codec_module_register
decoder_codec_set_channels
decoder_codec_set_equalizer
decoder_codec_set_quality
decoder_decode
decoder_delete
decoder_get_environment_integer
decoder_get_environment_string
decoder_input_add_filter
decoder_input_close
decoder_input_delete
decoder_input_filters_list
decoder_input_module_query
decoder_input_module_register
decoder_input_new
decoder_input_open
decoder_input_read
decoder_input_remove_filter
decoder_input_seek_to_offset
decoder_input_seek_to_position
decoder_input_seek_to_time
decoder_input_seek_to_timecode
decoder_input_send_message
decoder_new
decoder_output_add_filter
decoder_output_close
decoder_output_delete
decoder_output_filters_list
decoder_output_get_control
decoder_output_module_query
decoder_output_module_register
decoder_output_new
decoder_output_open
decoder_output_remove_filter
decoder_output_send_message
decoder_output_set_control
decoder_output_write
decoder_play
decoder_remove_environment_listener
decoder_set_environment_integer
decoder_set_environment_string
decoder_unset_environment
event_forwarder_feedback_handler_module_register
fft_analyzer_delete
fft_analyzer_get_spectrum
fft_analyzer_interpolate_samples_signed
fft_analyzer_interpolate_samples_unsigned
fft_analyzer_new
fft_analyzer_set_samples
file_input_module_register
file_output_module_register
memory_input_module_register
mpeg_codec_module_register
player_delete
player_get_priority
player_new
player_new_ext
player_set_priority
properties_get_integer
properties_get_list
properties_get_string
stream_input_module_register
xaudio_error_string
xaudio_get_version

Sections

.text
Size: 136KB - Virtual size: 135KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 92KB - Virtual size: 91KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e2c53d427eaa3fd5a9071ee2782c70f3

Headers

File Characteristics

Imports

xaudio

kernel32

user32

gdi32

comctl32

shell32

Sections

.text Size: 36KB - Virtual size: 35KB

.rdata Size: 8KB - Virtual size: 5KB

.data Size: 16KB - Virtual size: 22KB

.rsrc Size: 8KB - Virtual size: 4KB

5b50c62fb0f4364c2d15e846bc2ba9a3

Headers

File Characteristics

Imports

kernel32

user32

Sections

UnIvErSe Size: 1024B - Virtual size: 4KB

UnIvErSe Size: 512B - Virtual size: 8KB

UnIvErSe Size: 1024B - Virtual size: 8KB

.rsrc Size: 512B - Virtual size: 4KB

UnIvErSe Size: 8KB - Virtual size: 12KB

489df1680b4077e756545d3eb62b6a82

Headers

File Characteristics

Imports

kernel32

Sections

CODE Size: 512B - Virtual size: 4KB

DATA Size: 512B - Virtual size: 4KB

.idata Size: 512B - Virtual size: 4KB

.reloc Size: 512B - Virtual size: 4KB

ce772902500f931adf43710a80932780

Headers

File Characteristics

Imports

advapi32

kernel32

Sections

CODE Size: 512B - Virtual size: 4KB

DATA Size: - Virtual size: 8KB

.idata Size: 512B - Virtual size: 4KB

.reloc Size: 512B - Virtual size: 4KB

d44bf7e9ca908ce1cac83460a15f3ebb

Headers

File Characteristics

Imports

kernel32

advapi32

Sections

CODE Size: 512B - Virtual size: 4KB

DATA Size: 512B - Virtual size: 4KB

.idata Size: 512B - Virtual size: 4KB

.reloc Size: 512B - Virtual size: 4KB

Headers

File Characteristics

Sections

.upx Size: - Virtual size: 60KB

.upx Size: 25KB - Virtual size: 28KB

.rsrc Size: 4KB - Virtual size: 4KB

f9ade0aa18f660a34a4fa23392e21838

Headers

File Characteristics

Imports

kernel32

Sections

CODE Size: 3KB - Virtual size: 4KB

DATA Size: - Virtual size: 4KB

.idata Size: 512B - Virtual size: 4KB

.reloc Size: 512B - Virtual size: 4KB

.text
Size: 36KB - Virtual size: 35KB

.rdata
Size: 8KB - Virtual size: 5KB

.data
Size: 16KB - Virtual size: 22KB

.rsrc
Size: 8KB - Virtual size: 4KB

UnIvErSe
Size: 1024B - Virtual size: 4KB

UnIvErSe
Size: 512B - Virtual size: 8KB

UnIvErSe
Size: 1024B - Virtual size: 8KB

.rsrc
Size: 512B - Virtual size: 4KB

UnIvErSe
Size: 8KB - Virtual size: 12KB

CODE
Size: 512B - Virtual size: 4KB

DATA
Size: 512B - Virtual size: 4KB

.idata
Size: 512B - Virtual size: 4KB

.reloc
Size: 512B - Virtual size: 4KB

CODE
Size: 512B - Virtual size: 4KB

DATA
Size: - Virtual size: 8KB

.idata
Size: 512B - Virtual size: 4KB

.reloc
Size: 512B - Virtual size: 4KB

CODE
Size: 512B - Virtual size: 4KB

DATA
Size: 512B - Virtual size: 4KB

.idata
Size: 512B - Virtual size: 4KB

.reloc
Size: 512B - Virtual size: 4KB

.upx
Size: - Virtual size: 60KB

.upx
Size: 25KB - Virtual size: 28KB

.rsrc
Size: 4KB - Virtual size: 4KB

CODE
Size: 3KB - Virtual size: 4KB

DATA
Size: - Virtual size: 4KB

.idata
Size: 512B - Virtual size: 4KB

.reloc
Size: 512B - Virtual size: 4KB

.text
Size: 16KB - Virtual size: 15KB

.data
Size: 4KB - Virtual size: 2KB

.idata
Size: 4KB - Virtual size: 3KB

.rsrc
Size: 24KB - Virtual size: 24KB

.reloc
Size: 4KB - Virtual size: 2KB

.text
Size: 47KB - Virtual size: 48KB

.data
Size: 12KB - Virtual size: 16KB

.tls
Size: 512B - Virtual size: 4KB

.rdata
Size: 512B - Virtual size: 4KB

.idata
Size: 3KB - Virtual size: 4KB

.edata
Size: 512B - Virtual size: 4KB

.rsrc
Size: 7KB - Virtual size: 8KB

.reloc
Size: 4KB - Virtual size: 144KB

.text
Size: 16KB - Virtual size: 15KB

.data
Size: 4KB - Virtual size: 2KB

.idata
Size: 4KB - Virtual size: 3KB

.rsrc
Size: 24KB - Virtual size: 24KB

.reloc
Size: 4KB - Virtual size: 2KB

.data
Size: 45KB - Virtual size: 48KB

.data
Size: - Virtual size: 4KB