ce0aa764745858ce3adc2e2e9ea28fd5_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

ce0aa764745858ce3adc2e2e9ea28fd5_JaffaCakes118
Size

1.9MB
MD5

ce0aa764745858ce3adc2e2e9ea28fd5
SHA1

b0d24a6d7df4502579e92209a352cedc4cfef0c8
SHA256

798e4133a18b792b074f461cb6cb784a2e294e8e7332c7eae44bd48989b370bd
SHA512

17c7ca966f7470c5e9fbfb9f98e7ecec7f1c98c6399a423529138d10df2e24f9475d339c6c76b6afd07b278863cdf7c7a1b97526070dc71c5a464e5edc95cd50
SSDEEP

24576:Eb60kDPWWqW2CaGhgXu2mK5qAjAEK1WcZhcesBXAdBhQVkcwgp95:460aeWqW2CaGiXIMjAEAWcLFBCNwg35

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ce0aa764745858ce3adc2e2e9ea28fd5_JaffaCakes118

Files

ce0aa764745858ce3adc2e2e9ea28fd5_JaffaCakes118
.dll windows:4 windows x86 arch:x86

5a8f026ea9115ff0bbca8aca367498c7

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\LocalSvnForDailyBuild\pushup_usa\trunk\bin\release\Adapter.pdb

Imports

ws2_32

sendto
WSASend
gethostbyname
gethostbyaddr
__WSAFDIsSet
shutdown
closesocket
recv
connect
WSAStartup
send
inet_addr
htons
select
ioctlsocket
socket
WSAGetLastError
WSACleanup

psapi

GetModuleInformation
GetProcessMemoryInfo

dbghelp

SymFunctionTableAccess
SymInitialize
SymSetOptions
StackWalk
SymGetModuleInfo
SymGetLineFromAddr
SymGetSymFromAddr
SymLoadModule
MiniDumpWriteDump

kernel32

GetVersionExW
lstrcmpA
VirtualFree
VirtualAlloc
MapViewOfFileEx
OpenFileMappingA
lstrcpynA
CreateFileMappingW
SearchPathA
GetPrivateProfileIntA
GetPrivateProfileStringA
CreateEventA
CreateMutexA
SetEvent
WaitForSingleObject
GetCurrentThread
VirtualQueryEx
QueryPerformanceCounter
GlobalAlloc
GlobalLock
GetLocaleInfoA
EnumResourceLanguagesA
ConvertDefaultLocale
GlobalDeleteAtom
SetLastError
SuspendThread
GlobalAddAtomA
lstrcmpW
GlobalFindAtomA
GlobalGetAtomNameA
FreeResource
MulDiv
GlobalUnlock
GlobalFree
FileTimeToSystemTime
FileTimeToLocalFileTime
LocalAlloc
GlobalReAlloc
GlobalHandle
LocalReAlloc
SetErrorMode
WritePrivateProfileStringA
GlobalFlags
MoveFileA
DeleteFileA
GetThreadLocale
ReadFile
WriteFile
SetFilePointer
LockFile
UnlockFile
SetEndOfFile
GetFileSize
DuplicateHandle
FindClose
GetVolumeInformationA
GetFullPathNameA
GetCPInfo
GetOEMCP
GetFileAttributesA
GetFileTime
HeapFree
TerminateProcess
UnhandledExceptionFilter
IsDebuggerPresent
GetSystemTimeAsFileTime
ExitThread
CreateThread
VirtualQuery
HeapAlloc
HeapReAlloc
ExitProcess
GetCommandLineA
GetProcessHeap
RaiseException
RtlUnwind
GetTimeZoneInformation
GetTimeFormatA
GetDateFormatA
WriteConsoleW
GetFileType
GetStdHandle
HeapSize
SetStdHandle
HeapDestroy
HeapCreate
GetConsoleCP
GetConsoleMode
GetACP
IsValidCodePage
SetHandleCount
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW
LoadLibraryW
GetLocaleInfoW
WriteConsoleA
GetConsoleOutputCP
SetEnvironmentVariableA
CreateFileW
CreateToolhelp32Snapshot
Module32FirstW
Module32NextW
LoadLibraryExA
GetModuleFileNameW
OutputDebugStringA
lstrcpyA
lstrcatA
TlsSetValue
TlsGetValue
TlsFree
TlsAlloc
DeleteCriticalSection
Sleep
OpenThread
ResumeThread
GetExitCodeThread
InterlockedDecrement
InterlockedIncrement
GetModuleFileNameA
LoadLibraryA
FreeLibrary
IsBadReadPtr
GetModuleHandleA
GetProcAddress
VirtualProtect
GetLocalTime
FindNextFileA
FindFirstFileA
GetVersion
InterlockedExchange
lstrcmpiA
MultiByteToWideChar
CompareStringW
CompareStringA
GetLastError
lstrlenA
FindResourceA
LoadResource
LockResource
SizeofResource
WideCharToMultiByte
CreateFileA
GetVersionExA
DeviceIoControl
CreateDirectoryA
GetTickCount
GetCurrentProcess
GetCurrentThreadId
EnterCriticalSection
InitializeCriticalSection
LeaveCriticalSection
LocalFree
FormatMessageA
CloseHandle
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
GetCurrentDirectoryA
GetCurrentProcessId
SetUnhandledExceptionFilter
InterlockedCompareExchange
ReleaseMutex
CreateSemaphoreA
ReleaseSemaphore
FlushInstructionCache
OpenProcess
Thread32Next
Thread32First
WriteProcessMemory
VirtualAllocEx
ReadProcessMemory
VirtualProtectEx
FlushFileBuffers

user32

DrawTextExA
GrayStringA
ClientToScreen
GetDC
ReleaseDC
BeginPaint
EndPaint
GetSysColorBrush
LoadCursorA
DestroyMenu
ShowWindow
SetWindowTextA
IsDialogMessageA
RegisterWindowMessageA
LoadIconA
SendDlgItemMessageA
WinHelpA
GetCapture
GetClassLongA
GetClassNameA
SetPropA
GetPropA
RemovePropA
SetFocus
GetWindowTextLengthA
GetWindowTextA
GetForegroundWindow
SetActiveWindow
GetDlgItem
GetTopWindow
DestroyWindow
GetMessageTime
GetMessagePos
MapWindowPoints
UpdateWindow
DrawTextA
GetMenu
GetSubMenu
GetMenuItemID
GetMenuItemCount
CreateWindowExA
GetClassInfoExA
GetClassInfoA
GetSysColor
AdjustWindowRectEx
CopyRect
PtInRect
GetDlgCtrlID
DefWindowProcA
CallWindowProcA
SetWindowPos
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetWindowRect
GetSystemMetrics
GetWindow
GetLastActivePopup
IsWindowEnabled
SetCursor
GetMessageA
TranslateMessage
DispatchMessageA
GetActiveWindow
PeekMessageA
GetCursorPos
ValidateRect
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapA
GetFocus
SendMessageA
ModifyMenuA
GetMenuState
EnableMenuItem
CheckMenuItem
UnhookWindowsHookEx
PostMessageA
PostQuitMessage
GetClassNameW
GetWindowTextW
SetWindowTextW
IsWindow
EnumChildWindows
CallNextHookEx
MessageBoxA
TabbedTextOutA
UnregisterClassA
GetDesktopWindow
CreateDialogIndirectParamA
GetNextDlgTabItem
EndDialog
GetClientRect
CharUpperA
GetKeyState
EnableWindow
IsWindowVisible
MessageBoxW
FindWindowA
SetForegroundWindow
SetWindowsHookExA
SetWindowLongA
KillTimer
SetTimer
GetWindowLongA
EnumWindows
GetWindowThreadProcessId
RegisterClassA
PostMessageW
GetParent

gdi32

GetObjectA
GetDeviceCaps
SaveDC
RestoreDC
SetMapMode
DeleteDC
GetStockObject
ScaleWindowExtEx
RectVisible
PtVisible
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
Escape
ExtTextOutA
SetBkColor
SetTextColor
GetClipBox
CreateBitmap
DeleteObject
TextOutA

comdlg32

GetFileTitleA

winspool.drv

OpenPrinterA
ClosePrinter
DocumentPropertiesA

advapi32

RegQueryValueA
RegOpenKeyA
RegEnumKeyA
RegDeleteKeyA
RegOpenKeyExA
RegQueryValueExA
ReportEventA
RegisterEventSourceA
RegCloseKey
RegSetValueExA
RegCreateKeyExA
DeregisterEventSource

shell32

SHFileOperationA

shlwapi

PathFindExtensionA
PathStripToRootA
PathFindFileNameA
PathIsUNCA

oleaut32

VariantInit
VariantChangeType
VariantClear

winmm

timeGetTime

wininet

InternetReadFile
InternetWriteFile
InternetSetFilePointer
InternetSetStatusCallback
InternetOpenA
InternetGetLastResponseInfoA
InternetCloseHandle
HttpQueryInfoA
HttpAddRequestHeadersA
InternetQueryDataAvailable
HttpOpenRequestA
InternetConnectA
HttpSendRequestA

Exports

Exports

?load_object_data@?$iserializer@Vbinary_iarchive@archive@boost@@V?$vector@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V?$allocator@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@@std@@@detail@archive@boost@@UBEXAAVbasic_iarchive@234@PAXI@Z
?load_object_data@?$iserializer@Vbinary_iarchive@archive@boost@@V?$vector@VPromotionRule@@V?$allocator@VPromotionRule@@@std@@@std@@@detail@archive@boost@@UBEXAAVbasic_iarchive@234@PAXI@Z
?load_object_data@?$iserializer@Vbinary_iarchive@archive@boost@@VChangePassEcho@@@detail@archive@boost@@UBEXAAVbasic_iarchive@234@PAXI@Z
?load_object_data@?$iserializer@Vbinary_iarchive@archive@boost@@VChangePassTransaction_C_S@@@detail@archive@boost@@UBEXAAVbasic_iarchive@234@PAXI@Z
?load_object_data@?$iserializer@Vbinary_iarchive@archive@boost@@VEffectivOnline_C_S@@@detail@archive@boost@@UBEXAAVbasic_iarchive@234@PAXI@Z
?load_object_data@?$iserializer@Vbinary_iarchive@archive@boost@@VExtendEcho@@@detail@archive@boost@@UBEXAAVbasic_iarchive@234@PAXI@Z
?load_object_data@?$iserializer@Vbinary_iarchive@archive@boost@@VExtendTransaction_C_S@@@detail@archive@boost@@UBEXAAVbasic_iarchive@234@PAXI@Z
?load_object_data@?$iserializer@Vbinary_iarchive@archive@boost@@VFreshUserEcho@@@detail@archive@boost@@UBEXAAVbasic_iarchive@234@PAXI@Z
?load_object_data@?$iserializer@Vbinary_iarchive@archive@boost@@VFreshUserLogin_C_S@@@detail@archive@boost@@UBEXAAVbasic_iarchive@234@PAXI@Z
?load_object_data@?$iserializer@Vbinary_iarchive@archive@boost@@VFreshUserRegist_C_S@@@detail@archive@boost@@UBEXAAVbasic_iarchive@234@PAXI@Z
?load_object_data@?$iserializer@Vbinary_iarchive@archive@boost@@VGetUserInfoEcho@@@detail@archive@boost@@UBEXAAVbasic_iarchive@234@PAXI@Z
?load_object_data@?$iserializer@Vbinary_iarchive@archive@boost@@VGetUserInfoTrans_C_S@@@detail@archive@boost@@UBEXAAVbasic_iarchive@234@PAXI@Z
?load_object_data@?$iserializer@Vbinary_iarchive@archive@boost@@VLogOffEcho@@@detail@archive@boost@@UBEXAAVbasic_iarchive@234@PAXI@Z
?load_object_data@?$iserializer@Vbinary_iarchive@archive@boost@@VLogOffTransaction_C_S@@@detail@archive@boost@@UBEXAAVbasic_iarchive@234@PAXI@Z
?load_object_data@?$iserializer@Vbinary_iarchive@archive@boost@@VLoginCustomerTransaction_C_S@@@detail@archive@boost@@UBEXAAVbasic_iarchive@234@PAXI@Z
?load_object_data@?$iserializer@Vbinary_iarchive@archive@boost@@VLoginEcho@@@detail@archive@boost@@UBEXAAVbasic_iarchive@234@PAXI@Z
?load_object_data@?$iserializer@Vbinary_iarchive@archive@boost@@VOnlineEcho@@@detail@archive@boost@@UBEXAAVbasic_iarchive@234@PAXI@Z
?load_object_data@?$iserializer@Vbinary_iarchive@archive@boost@@VOnlineTrasaction_C_S@@@detail@archive@boost@@UBEXAAVbasic_iarchive@234@PAXI@Z
?load_object_data@?$iserializer@Vbinary_iarchive@archive@boost@@VPromotionRule@@@detail@archive@boost@@UBEXAAVbasic_iarchive@234@PAXI@Z
?load_object_data@?$iserializer@Vbinary_iarchive@archive@boost@@VReadConfigEcho@@@detail@archive@boost@@UBEXAAVbasic_iarchive@234@PAXI@Z
?load_object_data@?$iserializer@Vbinary_iarchive@archive@boost@@VReadConfigFile_C_S@@@detail@archive@boost@@UBEXAAVbasic_iarchive@234@PAXI@Z
?load_object_data@?$iserializer@Vbinary_iarchive@archive@boost@@VRegEcho@@@detail@archive@boost@@UBEXAAVbasic_iarchive@234@PAXI@Z
?load_object_data@?$iserializer@Vbinary_iarchive@archive@boost@@VRegNewCustomerTransaction_C_S@@@detail@archive@boost@@UBEXAAVbasic_iarchive@234@PAXI@Z
?load_object_data@?$iserializer@Vbinary_iarchive@archive@boost@@VShareHitchAcount@@@detail@archive@boost@@UBEXAAVbasic_iarchive@234@PAXI@Z
?load_object_data@?$iserializer@Vbinary_iarchive@archive@boost@@VSimpleLoginEcho@@@detail@archive@boost@@UBEXAAVbasic_iarchive@234@PAXI@Z
?load_object_data@?$iserializer@Vbinary_iarchive@archive@boost@@VSimpleLoginTrans_C_S@@@detail@archive@boost@@UBEXAAVbasic_iarchive@234@PAXI@Z
?load_object_data@?$iserializer@Vbinary_iarchive@archive@boost@@VTestLargeDataSend_C_S@@@detail@archive@boost@@UBEXAAVbasic_iarchive@234@PAXI@Z
?load_object_data@?$iserializer@Vbinary_iarchive@archive@boost@@VTestOnlineSession_C_S@@@detail@archive@boost@@UBEXAAVbasic_iarchive@234@PAXI@Z
?load_object_data@?$iserializer@Vbinary_iarchive@archive@boost@@VTestTransaction_C_S@@@detail@archive@boost@@UBEXAAVbasic_iarchive@234@PAXI@Z
?load_object_data@?$iserializer@Vbinary_iarchive@archive@boost@@VUpLoadEcho@@@detail@archive@boost@@UBEXAAVbasic_iarchive@234@PAXI@Z
?load_object_data@?$iserializer@Vbinary_iarchive@archive@boost@@VUpLoadGameOnlineUserEcho@@@detail@archive@boost@@UBEXAAVbasic_iarchive@234@PAXI@Z
?load_object_data@?$iserializer@Vbinary_iarchive@archive@boost@@VUpLoadGameOnlineUser_C_S@@@detail@archive@boost@@UBEXAAVbasic_iarchive@234@PAXI@Z
?load_object_data@?$iserializer@Vbinary_iarchive@archive@boost@@VUpLoadScriptEcho@@@detail@archive@boost@@UBEXAAVbasic_iarchive@234@PAXI@Z
?load_object_data@?$iserializer@Vbinary_iarchive@archive@boost@@VUpLoadScript_C_S@@@detail@archive@boost@@UBEXAAVbasic_iarchive@234@PAXI@Z
?load_object_data@?$iserializer@Vbinary_iarchive@archive@boost@@VUpLoad_C_S@@@detail@archive@boost@@UBEXAAVbasic_iarchive@234@PAXI@Z
?save_object_data@?$oserializer@Vbinary_oarchive@archive@boost@@V?$vector@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V?$allocator@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@@std@@@detail@archive@boost@@UBEXAAVbasic_oarchive@234@PBX@Z
?save_object_data@?$oserializer@Vbinary_oarchive@archive@boost@@V?$vector@VPromotionRule@@V?$allocator@VPromotionRule@@@std@@@std@@@detail@archive@boost@@UBEXAAVbasic_oarchive@234@PBX@Z
?save_object_data@?$oserializer@Vbinary_oarchive@archive@boost@@VChangePassEcho@@@detail@archive@boost@@UBEXAAVbasic_oarchive@234@PBX@Z
?save_object_data@?$oserializer@Vbinary_oarchive@archive@boost@@VChangePassTransaction_C@@@detail@archive@boost@@UBEXAAVbasic_oarchive@234@PBX@Z
?save_object_data@?$oserializer@Vbinary_oarchive@archive@boost@@VEffectivOnline_C@@@detail@archive@boost@@UBEXAAVbasic_oarchive@234@PBX@Z
?save_object_data@?$oserializer@Vbinary_oarchive@archive@boost@@VExtendEcho@@@detail@archive@boost@@UBEXAAVbasic_oarchive@234@PBX@Z
?save_object_data@?$oserializer@Vbinary_oarchive@archive@boost@@VExtendTransaction_C@@@detail@archive@boost@@UBEXAAVbasic_oarchive@234@PBX@Z
?save_object_data@?$oserializer@Vbinary_oarchive@archive@boost@@VFreshUserEcho@@@detail@archive@boost@@UBEXAAVbasic_oarchive@234@PBX@Z
?save_object_data@?$oserializer@Vbinary_oarchive@archive@boost@@VFreshUserLogin_C@@@detail@archive@boost@@UBEXAAVbasic_oarchive@234@PBX@Z
?save_object_data@?$oserializer@Vbinary_oarchive@archive@boost@@VFreshUserRegist_C@@@detail@archive@boost@@UBEXAAVbasic_oarchive@234@PBX@Z
?save_object_data@?$oserializer@Vbinary_oarchive@archive@boost@@VGetUserInfoEcho@@@detail@archive@boost@@UBEXAAVbasic_oarchive@234@PBX@Z
?save_object_data@?$oserializer@Vbinary_oarchive@archive@boost@@VGetUserInfoTrans_C@@@detail@archive@boost@@UBEXAAVbasic_oarchive@234@PBX@Z
?save_object_data@?$oserializer@Vbinary_oarchive@archive@boost@@VLogOffTransaction_C@@@detail@archive@boost@@UBEXAAVbasic_oarchive@234@PBX@Z
?save_object_data@?$oserializer@Vbinary_oarchive@archive@boost@@VLoginCustomerTransaction_C@@@detail@archive@boost@@UBEXAAVbasic_oarchive@234@PBX@Z
?save_object_data@?$oserializer@Vbinary_oarchive@archive@boost@@VLoginEcho@@@detail@archive@boost@@UBEXAAVbasic_oarchive@234@PBX@Z
?save_object_data@?$oserializer@Vbinary_oarchive@archive@boost@@VOnlineEcho@@@detail@archive@boost@@UBEXAAVbasic_oarchive@234@PBX@Z
?save_object_data@?$oserializer@Vbinary_oarchive@archive@boost@@VPromotionRule@@@detail@archive@boost@@UBEXAAVbasic_oarchive@234@PBX@Z
?save_object_data@?$oserializer@Vbinary_oarchive@archive@boost@@VReadConfigEcho@@@detail@archive@boost@@UBEXAAVbasic_oarchive@234@PBX@Z
?save_object_data@?$oserializer@Vbinary_oarchive@archive@boost@@VReadConfigFile_C@@@detail@archive@boost@@UBEXAAVbasic_oarchive@234@PBX@Z
?save_object_data@?$oserializer@Vbinary_oarchive@archive@boost@@VRegEcho@@@detail@archive@boost@@UBEXAAVbasic_oarchive@234@PBX@Z
?save_object_data@?$oserializer@Vbinary_oarchive@archive@boost@@VRegNewCustomerTransaction_C@@@detail@archive@boost@@UBEXAAVbasic_oarchive@234@PBX@Z
?save_object_data@?$oserializer@Vbinary_oarchive@archive@boost@@VSimpleLoginEcho@@@detail@archive@boost@@UBEXAAVbasic_oarchive@234@PBX@Z
?save_object_data@?$oserializer@Vbinary_oarchive@archive@boost@@VSimpleLoginTrans_C@@@detail@archive@boost@@UBEXAAVbasic_oarchive@234@PBX@Z
?save_object_data@?$oserializer@Vbinary_oarchive@archive@boost@@VUpLoadGameOnlineUser_C@@@detail@archive@boost@@UBEXAAVbasic_oarchive@234@PBX@Z
?save_object_data@?$oserializer@Vbinary_oarchive@archive@boost@@VUpLoadScript_C@@@detail@archive@boost@@UBEXAAVbasic_oarchive@234@PBX@Z
?save_object_data@?$oserializer@Vbinary_oarchive@archive@boost@@VUpLoad_C@@@detail@archive@boost@@UBEXAAVbasic_oarchive@234@PBX@Z

Sections

.text
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 220KB - Virtual size: 217KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 44KB - Virtual size: 202KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: 100KB - Virtual size: 98KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 112KB - Virtual size: 111KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: 68KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 68KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5a8f026ea9115ff0bbca8aca367498c7

Headers

File Characteristics

PDB Paths

Imports

ws2_32

psapi

dbghelp

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

shlwapi

oleaut32

winmm

wininet

Exports

Exports

Sections

.text Size: 1.3MB - Virtual size: 1.3MB

.rdata Size: 220KB - Virtual size: 217KB

.data Size: 44KB - Virtual size: 202KB

.rsrc Size: 16KB - Virtual size: 15KB

.vmp0 Size: 100KB - Virtual size: 98KB

.vmp1 Size: 112KB - Virtual size: 111KB

.vmp0 Size: 68KB - Virtual size: 67KB

.vmp1 Size: 4KB - Virtual size: 3KB

.reloc Size: 68KB - Virtual size: 67KB

.text
Size: 1.3MB - Virtual size: 1.3MB

.rdata
Size: 220KB - Virtual size: 217KB

.data
Size: 44KB - Virtual size: 202KB

.rsrc
Size: 16KB - Virtual size: 15KB

.vmp0
Size: 100KB - Virtual size: 98KB

.vmp1
Size: 112KB - Virtual size: 111KB

.vmp0
Size: 68KB - Virtual size: 67KB

.vmp1
Size: 4KB - Virtual size: 3KB

.reloc
Size: 68KB - Virtual size: 67KB