d116800ff43240ba91ac560c1d2fec72_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

d116800ff43240ba91ac560c1d2fec72_JaffaCakes118
Size

7.5MB
MD5

d116800ff43240ba91ac560c1d2fec72
SHA1

9e2255d22c71be62adcdf59be8247effba14daac
SHA256

84fda80d4c270ee6c5aac279f3468ef406d5254e85277a1f1f4837717e6699d0
SHA512

7950088d1b259bae10f77cf051816dd3068bb1c2876eef0099de26115e5feedc0c9837e8b11f4f046ee9081eed4e4ff5df901df78b54ce434a346bc1e8fe9418
SSDEEP

196608:24NmgdPpvjxeYDjBqZseT0E8m2BAYxYvXVaZxs:2MhdNjo+qZsMYxYvT

Score

7^/10

upx

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 2 IoCs

Detects file using ACProtect software.

resource	yara_rule
static1/unpack001/7.1738/7.1738/dm(mta).dll	acprotect
static1/unpack001/7.1738/7.1738/dm.dll	acprotect

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/7.1738/7.1738/dm(mta).dll	upx
static1/unpack001/7.1738/7.1738/dm.dll	upx

Unsigned PE 12 IoCs

Checks for missing Authenticode signature.

resource
unpack001/7.1738/7.1738/RegDll.dll
unpack001/7.1738/7.1738/dm(mta).dll
unpack002/out.upx
unpack001/7.1738/7.1738/dm.dll
unpack003/out.upx
unpack001/7.1738/7.1738/xx.dat
unpack001/7.1738/7.1738/大漠后台系统.exe
unpack001/7.1738/7.1738/大漠综合工具.exe
unpack001/7.1738/7.1738/答题器/Get_Question.exe
unpack001/7.1738/7.1738/答题器/Put_Question.exe
unpack001/7.1738/7.1738/答题器/大漠答题器.exe
unpack001/7.1738/7.1738/获取本机机器码.exe

Files

d116800ff43240ba91ac560c1d2fec72_JaffaCakes118
.rar
7.1738/7.1738/RegDll.dll
.dll regsvr32 windows:4 windows x86 arch:x86

f076a1e4fbab4d2c4bccbdc4ea8a1b72

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mfc42

ord3831
ord3825
ord3079
ord4080
ord4424
ord614
ord1206
ord2623
ord290
ord825
ord1223
ord4622
ord4226
ord2486
ord4003
ord446
ord743
ord1569
ord1196
ord1168
ord6467
ord4274
ord6375
ord4486
ord2554
ord2512
ord5731
ord3922
ord3830
ord5199
ord2396
ord3346
ord5300
ord5302
ord2725
ord4079
ord4698
ord5307
ord5289
ord5714
ord3262
ord3081
ord3738
ord561
ord815
ord5500
ord1132
ord1131
ord6354
ord1176
ord1575
ord1577
ord1182
ord342
ord1243
ord1197
ord1570
ord1253
ord1255
ord2976
ord2985
ord3136
ord4465
ord3147
ord3259
ord2982
ord1799
ord1089
ord823
ord1578
ord600
ord826
ord269
ord1116

msvcrt

__CxxFrameHandler
wcstombs
__dllonexit
_onexit
free
??1type_info@@UAE@XZ
_adjust_fdiv
malloc
_initterm

kernel32

LocalFree
LoadLibraryA
FreeLibrary
GetProcAddress
LocalAlloc

advapi32

RegSetValueExA
RegCloseKey
RegCreateKeyExA

ole32

OleInitialize
CoTaskMemFree
StringFromCLSID
OleUninitialize

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer

Sections

.text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 722B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
7.1738/7.1738/dm(mta).dll
.dll regsvr32 windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

UPX0
Size: - Virtual size: 916KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 2.0MB - Virtual size: 2.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 44KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.dll regsvr32 windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

3.=DiFKX
Size: 976KB - Virtual size: 974KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

[lo#2Aa<
Size: 88KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

#Lv[=ZMZ
Size: 28KB - Virtual size: 125KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Nm&!d*7e
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

xYk7D8=w
Size: 52KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

3=J4Kc!2
Size: 44KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
7.1738/7.1738/dm.dll
.dll regsvr32 windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

UPX0
Size: - Virtual size: 940KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 2.0MB - Virtual size: 2.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 44KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.dll regsvr32 windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

2>=j9F!:
Size: 976KB - Virtual size: 974KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

nS]ESOOT
Size: 88KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

^,o,"Z26
Size: 28KB - Virtual size: 125KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

xjcm-;GN
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

cx7\AW#(
Size: 52KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

-_F<4FU5
Size: 44KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
7.1738/7.1738/xx.dat
.exe windows:4 windows x86 arch:x86

625034b53fad30f514fe83fbae8da710

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42

ord2554
ord2512
ord5731
ord3922
ord1089
ord5199
ord2396
ord3346
ord5300
ord5302
ord2725
ord4079
ord4698
ord5307
ord5289
ord5714
ord2982
ord3147
ord3259
ord4486
ord3136
ord3262
ord2985
ord3081
ord2976
ord3830
ord3831
ord3825
ord3079
ord4080
ord4622
ord4424
ord3738
ord561
ord825
ord815
ord1134
ord1576
ord6375
ord4465
ord4274
ord1168

msvcrt

_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
_controlfp
_XcptFilter
_exit
_onexit
_setmbcp
__dllonexit
exit

kernel32

GetModuleHandleA
GetStartupInfoA

Sections

.text
Size: 4KB - Virtual size: 1024B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 284B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
7.1738/7.1738/两个dll版本的说明.txt
7.1738/7.1738/从系统里卸载大漠插件.bat
7.1738/7.1738/修改记录.txt
7.1738/7.1738/关于繁体系统下如何查看大漠接口文档.txt
7.1738/7.1738/大漠后台系统.exe
.exe windows:4 windows x86 arch:x86

c29bff2b7edd6bf2ca73e13686acf566

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42u

ord2721
ord4269
ord6371
ord4480
ord2546
ord2504
ord5727
ord3917
ord1089
ord5193
ord2388
ord3341
ord5296
ord5298
ord2717
ord4074
ord4692
ord5303
ord5285
ord5710
ord2977
ord3142
ord3254
ord4459
ord3131
ord3257
ord2980
ord3076
ord2971
ord3825
ord3826
ord3820
ord3074
ord4075
ord4616
ord4418
ord3733
ord561
ord825
ord815
ord4041
ord2137
ord2136
ord6221
ord5227
ord5243
ord2124
ord4595
ord6211
ord617
ord5297
ord5208
ord296
ord986
ord520
ord4154
ord6113
ord2613
ord1131
ord823
ord824
ord5431
ord1676
ord1666
ord2620
ord5976
ord2633
ord4117
ord6210
ord6192
ord4293
ord5944
ord3083
ord3866
ord3869
ord3868
ord6194
ord4281
ord4278
ord3132
ord3791
ord5715
ord6088
ord3519
ord4027
ord6091
ord4030
ord2541
ord2425
ord3348
ord3574
ord426
ord726
ord826
ord5261
ord4370
ord4847
ord4992
ord4704
ord2506
ord6048
ord4073
ord1767
ord4401
ord5237
ord2377
ord5157
ord6370
ord4347
ord5276
ord3793
ord4831
ord4435
ord2640
ord2047
ord6372
ord3744
ord5059
ord1720
ord5257
ord2438
ord2116
ord5273
ord4621
ord4419
ord2722
ord324
ord641
ord4229
ord1817
ord4233
ord4690
ord3053
ord3060
ord6332
ord2502
ord2534
ord5239
ord5736
ord1739
ord5573
ord3167
ord5649
ord4414
ord4947
ord4852
ord2391
ord4381
ord3449
ord3193
ord6076
ord6171
ord4617
ord4420
ord338
ord652
ord4817
ord6589
ord6791
ord6642
ord6583
ord6798
ord6848
ord6814
ord6846
ord6823
ord6850
ord6858
ord6838
ord6805
ord6830
ord6837
ord6849
ord6807
ord6806
ord6803
ord6836
ord6847
ord4583
ord4582
ord4893
ord4364
ord4886
ord5070
ord4334
ord4341
ord4714
ord4883
ord4525
ord4539
ord4537
ord4520
ord4523
ord4518
ord4957
ord4954
ord4103
ord6050
ord1768
ord5236
ord5277
ord3743
ord1718
ord6683
ord4426
ord6475
ord6510
ord5256
ord800
ord6796
ord537
ord3000
ord2127
ord4219
ord6799
ord538
ord1594
ord6691
ord6653
ord1834
ord4237
ord2715
ord2382
ord3054
ord5094
ord5097
ord4461
ord4298
ord3345
ord5006
ord975
ord5468
ord3398
ord2874
ord2873
ord4146
ord6051
ord4072
ord5233
ord5278
ord2641
ord1658
ord4430
ord4421
ord366
ord674
ord4451
ord942
ord861
ord5248
ord1569
ord6466
ord2719
ord3592
ord6445
ord1165

msvcrt

wcsstr
free
_exit
_XcptFilter
exit
_wcmdln
__wgetmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
__dllonexit
_onexit
_controlfp
wcscpy
wcscat
_ftol
localtime
__CxxFrameHandler
malloc

kernel32

GetLocalTime
GetStartupInfoW
GetModuleHandleW

user32

wsprintfW
PostMessageW
GetClientRect
EnableWindow
UpdateWindow
MessageBoxW

oleaut32

SysAllocString
VariantInit
SysFreeString

ws2_32

WSAStartup
gethostbyname
ntohl
recvfrom
closesocket
sendto
setsockopt
htonl
htons
inet_addr
socket
inet_ntoa
WSACleanup

Exports

Exports

?interfaceMap@CCustomControlSite@@1UAFX_INTERFACEMAP@@B

Sections

.text
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
7.1738/7.1738/大漠接口说明.chm
.chm
7.1738/7.1738/大漠综合工具.exe
.exe windows:4 windows x86 arch:x86

f3f04f0ed38ca4adcc3ddbe6f4bbcc6b

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FormatMessageA
GlobalFree
IsBadReadPtr
SetLastError
WaitForSingleObject
InterlockedCompareExchange
CreateEventA
SetEvent
OpenEventA
UnmapViewOfFile
MapViewOfFile
GetHandleInformation
ExitThread
LocalFree
VirtualAlloc
GetSystemDirectoryA
GetStartupInfoW
InterlockedExchange
GetPrivateProfileStringA
GetPrivateProfileIntA
GetModuleFileNameA
WritePrivateProfileStringA
GetProfileIntW
GlobalDeleteAtom
GlobalFindAtomW
GlobalAddAtomW
GetLastError
CopyFileW
Sleep
CreateFileA
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetCurrentProcess
LoadLibraryExW
GetModuleHandleA
WriteFile
IsBadWritePtr
VirtualQuery
FormatMessageW
CreateFileW
SetFilePointer
CloseHandle
SetUnhandledExceptionFilter
GetModuleFileNameW
lstrcatW
lstrlenW
WinExec
lstrcpyW
FreeLibrary
FindResourceW
SizeofResource
LoadResource
LockResource
GetModuleHandleW
MulDiv
GetProcAddress
lstrcpynW
lstrcmpW
GlobalAlloc
GlobalLock
GlobalUnlock
MultiByteToWideChar
WideCharToMultiByte
GetVersionExW

user32

ReleaseCapture
RedrawWindow
SetCapture
MessageBeep
GetSysColor
DrawTextW
BeginPaint
EndPaint
PostQuitMessage
IsWindowVisible
DefWindowProcW
RegisterClassExW
CreateWindowExW
GetDlgCtrlID
LoadStringW
SetWindowPos
GetParent
PostMessageW
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
GetDC
ClientToScreen
GetAsyncKeyState
GetScrollPos
SetScrollPos
SetScrollRange
wvsprintfW
GetKeyState
SetTimer
ShowCursor
KillTimer
SetCursorPos
InvalidateRgn
IsRectEmpty
SetCursor
IsWindow
ScreenToClient
SetRect
InvalidateRect
GetWindowRect
PtInRect
IsIconic
GetClientRect
DrawIcon
ReleaseDC
SendMessageW
EnableWindow
SetRectEmpty
LoadCursorW
GetSystemMetrics
DrawFocusRect
DrawFrameControl
GetFocus
FillRect
OffsetRect
IsChild
GetWindowDC
GetSubMenu
LoadMenuW
EqualRect
GetForegroundWindow
GetDesktopWindow
LoadImageW
SetWindowLongW
RegisterHotKey
UnregisterHotKey
GetNextDlgGroupItem
DispatchMessageW
GetMessageW
GetDCEx
UpdateWindow
GetCapture
GetClassNameW
GetWindowTextW
GetWindowLongW
MapVirtualKeyW
AdjustWindowRectEx
GetMenu
RemovePropA
GetPropA
GetIconInfo
GetWindowTextA
FindWindowA
WindowFromPoint
GetWindow
SystemParametersInfoW
AttachThreadInput
SetFocus
SetForegroundWindow
GetWindowLongA
UnhookWindowsHookEx
GetWindowThreadProcessId
DestroyCursor
GetCursorPos
GetActiveWindow
GetWindowPlacement
EnumWindows
TranslateAcceleratorA
InflateRect
CopyIcon
ShowWindow
HideCaret
LoadIconW
MessageBoxW

gdi32

Rectangle
GetStockObject
GetTextExtentPoint32W
CombineRgn
CreateRectRgnIndirect
GetDIBits
BitBlt
SetDIBits
LineDDA
SetPixelV
CreatePen
EnumFontFamiliesExW
CreateFontIndirectW
SetTextColor
SetBkMode
DeleteObject
CreateSolidBrush
GetBkColor
CreateCompatibleBitmap
SetROP2
CreatePatternBrush
CreateBitmap
PatBlt
UnrealizeObject
RealizePalette
SelectPalette
SelectObject
DeleteDC
GetObjectW
CreateCompatibleDC
GetDeviceCaps
GetPixel
CreateRectRgn

advapi32

RegOpenKeyExW
RegQueryValueW
RegCloseKey

shell32

DragQueryFileW
DragFinish
ShellExecuteW

mfc42u

ord4616
ord5710
ord5285
ord5303
ord4692
ord4074
ord5298
ord3341
ord2388
ord5193
ord1089
ord3917
ord5727
ord2504
ord2546
ord4480
ord6371
ord4269
ord2372
ord4282
ord3084
ord4279
ord609
ord3569
ord4390
ord2567
ord2745
ord4474
ord927
ord1197
ord795
ord3716
ord3494
ord5785
ord616
ord3577
ord4392
ord2570
ord4213
ord2015
ord2403
ord283
ord6168
ord1172
ord2354
ord2286
ord3284
ord2916
ord3559
ord956
ord6617
ord4158
ord5651
ord2004
ord5880
ord554
ord2859
ord3798
ord355
ord2507
ord3447
ord3870
ord2290
ord2350
ord4197
ord6865
ord2756
ord6278
ord6279
ord6654
ord4273
ord541
ord801
ord2910
ord5568
ord3733
ord561
ord815
ord692
ord804
ord1202
ord1131
ord5296
ord2717
ord1764
ord2405
ord2016
ord4214
ord2573
ord4395
ord3634
ord2579
ord4400
ord3389
ord3724
ord6777
ord6451
ord6597
ord4215
ord2576
ord3649
ord2430
ord6266
ord2858
ord1637
ord6868
ord3785
ord2755
ord5436
ord6379
ord5446
ord6390
ord941
ord1263
ord1562
ord1193
ord6115
ord4312
ord6190
ord1563
ord1194
ord1808
ord5857
ord5706
ord4124
ord6874
ord6139
ord6362
ord858
ord2293
ord2281
ord942
ord5784
ord4292
ord3701
ord5261
ord4992
ord2506
ord6048
ord4073
ord1767
ord4401
ord5237
ord2377
ord5157
ord6370
ord4347
ord3793
ord4831
ord4435
ord2640
ord2047
ord6372
ord3744
ord5059
ord1720
ord5257
ord2438
ord2116
ord5273
ord2977
ord3142
ord3254
ord4459
ord3131
ord3257
ord2980
ord3076
ord2971
ord3825
ord3826
ord3820
ord3074
ord4075
ord4621
ord4419
ord3592
ord641
ord1634
ord1143
ord1165
ord324
ord825
ord3621
ord3658
ord2406
ord2855
ord2294
ord4229
ord535
ord800
ord940
ord537
ord860
ord540
ord4294
ord6193
ord6376
ord4704
ord2371
ord755
ord470
ord4370
ord613
ord2637
ord289
ord4470
ord640
ord2397
ord5781
ord1633
ord323
ord3614
ord861
ord2810
ord5783
ord5871
ord2235
ord472
ord5276
ord6051
ord1768
ord4418
ord3605
ord567
ord656
ord4270
ord6195
ord5286
ord4847
ord2362
ord538
ord6237
ord3397
ord3706
ord783
ord807
ord6871
ord3087
ord6211
ord2078
ord4219
ord5977
ord3566
ord2746
ord2634
ord4688
ord3747
ord5142
ord6330
ord823
ord2854
ord3688
ord4128
ord1569

msvcrt

wcslen
_strupr
_controlfp
_onexit
__dllonexit
?terminate@@YAXXZ
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__wgetmainargs
_wcmdln
exit
_XcptFilter
_exit
strchr
time
_findfirst
remove
_findnext
_findclose
vsprintf
fopen
_itoa
strrchr
rand
floor
atof
fprintf
strncpy
atol
fseek
ftell
fread
wcscat
strncmp
sscanf
srand
_wsplitpath
_except_handler3
_wcsdup
wcsrchr
wcsstr
fwrite
_wfopen
wcscpy
fclose
sprintf
wcscmp
_ftol
swscanf
malloc
free
strstr
swprintf
__CxxFrameHandler

msvcp60

?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z
?_Xlen@std@@YAXXZ
?_Grow@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAE_NI_N@Z
?_Eos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXI@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ

Sections

5FT.7Oa<
Size: 280KB - Virtual size: 276KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

e)DxRq W
Size: 68KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

y$o: J33
Size: 8KB - Virtual size: 122.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

V; h7*+>
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

#o/-V Go
Size: 100KB - Virtual size: 98KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
7.1738/7.1738/注册大漠插件到系统.bat
7.1738/7.1738/答题器/Get_Question.exe
.exe windows:4 windows x86 arch:x86

84869660815e0a5935787df2212cfa75

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CloseHandle
UnmapViewOfFile
MapViewOfFile
OpenFileMappingA
GetCurrentProcessId
GetCommandLineA
GetVersion
ExitProcess
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleHandleA
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
HeapFree
RtlUnwind
WriteFile
HeapAlloc
GetLastError
SetFilePointer
GetCPInfo
GetACP
GetOEMCP
VirtualAlloc
HeapReAlloc
GetProcAddress
LoadLibraryA
FlushFileBuffers
SetStdHandle
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW

Sections

.text
Size: 20KB - Virtual size: 18KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
7.1738/7.1738/答题器/Get_Question/Get_Question.cpp
7.1738/7.1738/答题器/Get_Question/Get_Question.dsp
7.1738/7.1738/答题器/Get_Question/Get_Question.dsw
7.1738/7.1738/答题器/Get_Question/ReadMe.txt
7.1738/7.1738/答题器/Get_Question/StdAfx.cpp
7.1738/7.1738/答题器/Get_Question/StdAfx.h
7.1738/7.1738/答题器/Put_Question.exe
.exe windows:4 windows x86 arch:x86

bd9adee5135d77822915f71c4ed9aeb3

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

UnmapViewOfFile
MapViewOfFile
CloseHandle
OpenFileMappingA
GetCurrentProcessId
GetCommandLineA
GetVersion
ExitProcess
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleHandleA
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
HeapFree
RtlUnwind
WriteFile
HeapAlloc
GetLastError
SetFilePointer
GetCPInfo
GetACP
GetOEMCP
VirtualAlloc
HeapReAlloc
GetProcAddress
LoadLibraryA
FlushFileBuffers
SetStdHandle
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW

Sections

.text
Size: 20KB - Virtual size: 18KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
7.1738/7.1738/答题器/Put_Question/Put_Question.cpp
7.1738/7.1738/答题器/Put_Question/Put_Question.dsp
7.1738/7.1738/答题器/Put_Question/Put_Question.dsw
7.1738/7.1738/答题器/Put_Question/ReadMe.txt
7.1738/7.1738/答题器/Put_Question/StdAfx.cpp
7.1738/7.1738/答题器/Put_Question/StdAfx.h
7.1738/7.1738/答题器/alarm.mp3
7.1738/7.1738/答题器/大漠答题器.exe
.exe windows:4 windows x86 arch:x86

63ddd86058e50e8ac6021655517c8453

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42u

ord858
ord1764
ord6362
ord2405
ord2016
ord4214
ord2573
ord4395
ord3634
ord692
ord823
ord2371
ord3621
ord3658
ord3566
ord755
ord640
ord2397
ord2406
ord5871
ord6168
ord2745
ord5781
ord1634
ord1633
ord323
ord470
ord3867
ord4847
ord4370
ord4606
ord4604
ord4269
ord6371
ord4480
ord2546
ord2504
ord5727
ord3917
ord1089
ord5193
ord2388
ord3341
ord5296
ord5298
ord2717
ord4074
ord4692
ord5303
ord5710
ord4616
ord3733
ord815
ord561
ord941
ord1172
ord690
ord1980
ord5352
ord5201
ord389
ord6211
ord2910
ord617
ord5297
ord5208
ord296
ord986
ord520
ord4154
ord6113
ord2613
ord1131
ord5285
ord1817
ord4233
ord4690
ord3053
ord3060
ord6332
ord2502
ord3076
ord5239
ord5736
ord1739
ord5573
ord3167
ord5649
ord4414
ord4947
ord4852
ord2391
ord4381
ord3449
ord3193
ord6076
ord925
ord4617
ord4420
ord652
ord338
ord4817
ord1937
ord4268
ord4583
ord4582
ord4893
ord4364
ord4886
ord5070
ord4335
ord4343
ord4717
ord4884
ord4525
ord4539
ord4537
ord4520
ord4523
ord4518
ord4958
ord4955
ord4103
ord5236
ord3743
ord1719
ord4426
ord813
ord560
ord5256
ord2078
ord4294
ord1834
ord4237
ord2715
ord2382
ord3054
ord5094
ord5097
ord4461
ord4298
ord3345
ord5006
ord975
ord5468
ord3398
ord2874
ord2873
ord4146
ord4072
ord5233
ord5278
ord2641
ord1658
ord4430
ord4421
ord674
ord366
ord5248
ord4331
ord4451
ord537
ord1569
ord2980
ord3257
ord3131
ord4459
ord3254
ord3142
ord2977
ord5273
ord2116
ord2438
ord5257
ord1720
ord5059
ord3744
ord6372
ord2047
ord2640
ord4435
ord4831
ord3793
ord4347
ord6370
ord5157
ord2377
ord922
ord4118
ord942
ord5276
ord3870
ord5977
ord4219
ord5237
ord4401
ord1768
ord4073
ord6051
ord3397
ord4704
ord2810
ord3871
ord3087
ord2634
ord538
ord6330
ord3312
ord4229
ord2294
ord2293
ord2354
ord2362
ord2355
ord2350
ord324
ord641
ord616
ord3577
ord4392
ord2570
ord4213
ord2015
ord2403
ord3592
ord4419
ord1767
ord6048
ord2506
ord4992
ord5261
ord535
ord6195
ord861
ord2859
ord4270
ord825
ord567
ord540
ord818
ord656
ord800
ord3605
ord4418
ord4621
ord4075
ord3074
ord3820
ord3826
ord3825
ord6171
ord2971
ord2534
ord5286
ord1165

msvcrt

__CxxFrameHandler
swprintf
sprintf
strstr
wcscmp
wcslen
atoi
wcscat
wcsrchr
free
malloc
strncmp
_wtoi
rand
srand
strncpy
_wsplitpath
wcscpy
_controlfp
_onexit
__dllonexit
__set_app_type
__p__fmode
strrchr
_itoa
strncat
vsprintf
_except_handler3
_exit
_XcptFilter
exit
_wcmdln
__wgetmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
??1type_info@@UAE@XZ
getenv
sscanf
strtod
gmtime
_iob
fprintf
_snprintf
abort
floor
_ftol
wcsncpy
calloc
fclose
_wfopen
_purecall
fread
fwrite
fseek
ftell
fflush
fputc
getc
fgets
fscanf
_wcsnicmp
_CIpow
ldiv
_CIacos
_CIfmod
qsort
_cabs
ceil
realloc
longjmp
_setjmp3
__CxxLongjmpUnwind
_CxxThrowException
printf
isprint

kernel32

OpenEventW
EnterCriticalSection
LeaveCriticalSection
VirtualAlloc
VirtualFree
InterlockedDecrement
PostQueuedCompletionStatus
InterlockedIncrement
GetQueuedCompletionStatus
SetEvent
CreateIoCompletionPort
InterlockedExchange
GetSystemInfo
CreateEventW
DeleteCriticalSection
InitializeCriticalSection
CreateFileA
GetLastError
SetCurrentDirectoryA
CreateDirectoryA
GetPrivateProfileStringA
GetPrivateProfileIntA
GetModuleFileNameA
WritePrivateProfileStringA
WriteFile
IsBadWritePtr
VirtualQuery
FormatMessageW
CreateFileW
SetFilePointer
SetUnhandledExceptionFilter
CreateDirectoryW
GetLocalTime
GetTickCount
CreateProcessW
CreateFileMappingA
TerminateProcess
MapViewOfFile
UnmapViewOfFile
ResumeThread
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleW
GetModuleFileNameW
Beep
Sleep
CreateThread
CloseHandle
MultiByteToWideChar
WideCharToMultiByte
GlobalUnlock
GlobalLock
GlobalAlloc
GlobalSize
LockResource
LoadResource
SizeofResource
GetStartupInfoW

user32

GetKeyNameTextW
PostMessageW
KillTimer
SetTimer
InvalidateRect
DrawTextW
GetClientRect
MapVirtualKeyW
UpdateWindow
ScreenToClient
GetWindowRect
AdjustWindowRectEx
GetWindowLongW
MessageBoxW
wvsprintfW
ReleaseDC
GetDC
GetIconInfo
GetParent
EnableWindow
SendMessageW

gdi32

DeleteDC
SelectObject
GetObjectW
CreateCompatibleBitmap
CreateCompatibleDC
DeleteObject
PatBlt
SetBrushOrgEx
CreateDIBPatternBrushPt
CreateDIBSection
GetDIBits
RealizePalette
RestoreDC
SetDIBitsToDevice
SetStretchBltMode
ExtSelectClipRgn
CreateRectRgnIndirect
GetClipBox
SaveDC
StretchBlt
SetBkColor
CreateBitmap
RectVisible
StretchDIBits
SetBkMode
SetTextColor
GetStockObject
CreateFontIndirectW
CombineRgn
CreateRectRgn
BitBlt

winmm

mciSendCommandW

ws2_32

gethostbyname
WSAStartup
WSARecv
ntohs
inet_ntoa
WSAGetLastError
WSASend
closesocket
WSAIoctl
listen
bind
htons
inet_addr
socket
setsockopt
recv
getsockopt
send
WSACleanup
gethostname

Sections

.text
Size: 404KB - Virtual size: 403KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 40KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
7.1738/7.1738/答题器/答题器使用说明.txt
7.1738/7.1738/获取本机机器码.exe
.exe windows:4 windows x86 arch:x86

ef73302e1a8b95e12ee48917d951947f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42u

ord2980
ord3076
ord2971
ord3825
ord3826
ord3820
ord3074
ord4075
ord4616
ord4418
ord3733
ord561
ord815
ord641
ord2506
ord2613
ord1131
ord5261
ord4370
ord4847
ord4992
ord6048
ord4073
ord1767
ord4401
ord5237
ord2377
ord5157
ord6370
ord3257
ord5276
ord3793
ord4831
ord4435
ord2640
ord2047
ord6372
ord3744
ord5059
ord1720
ord5257
ord2438
ord2116
ord5273
ord4621
ord4419
ord3592
ord1143
ord1165
ord324
ord4229
ord3087
ord6195
ord2810
ord4704
ord2371
ord755
ord470
ord3131
ord4459
ord3254
ord3142
ord2977
ord5710
ord5285
ord5303
ord4692
ord4074
ord2717
ord5298
ord5296
ord3341
ord2388
ord5193
ord1089
ord3917
ord5727
ord2504
ord2546
ord4480
ord6371
ord4269
ord4667
ord942
ord823
ord861
ord825
ord535
ord538
ord800
ord540
ord4347
ord1569

msvcrt

__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
free
strchr
fopen
fseek
ftell
malloc
fread
_controlfp
_onexit
__dllonexit
_except_handler3
__CxxFrameHandler
_wcsicmp
wcslen
wcscpy
wcscat
_exit
_XcptFilter
fclose
__wgetmainargs
_wcmdln
exit
_initterm

kernel32

GetVersion
CloseHandle
GetModuleHandleW
GetModuleFileNameW
EnterCriticalSection
GetFileAttributesW
GetCurrentThread
InitializeCriticalSection
GetModuleHandleA
GetCurrentProcess
LoadLibraryW
GetProcAddress
FreeLibrary
GlobalUnlock
GlobalLock
GlobalAlloc
WideCharToMultiByte
LeaveCriticalSection
VirtualQuery
InterlockedCompareExchange
GetCurrentThreadId
ResumeThread
FlushInstructionCache
GetThreadContext
SetThreadContext
GetLastError
SuspendThread
VirtualAlloc
SetLastError
GetSystemDirectoryA
VirtualFree
WriteFile
CreateFileA
GetStartupInfoW

user32

IsIconic
GetSystemMetrics
GetClientRect
DrawIcon
EnableWindow
SendMessageW
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
LoadIconW
MessageBoxW

advapi32

GetTokenInformation
RegOpenKeyA
RegQueryValueExA
RegCloseKey
OpenProcessToken

ole32

CoCreateInstance
CoUninitialize
CLSIDFromProgID
CoInitialize

Sections

.text
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
下载说明.txt
第七下载.url
.url
解压密码.txt

Sharing

General

Malware Config

Signatures

Files

f076a1e4fbab4d2c4bccbdc4ea8a1b72

Headers

File Characteristics

Imports

mfc42

msvcrt

kernel32

advapi32

ole32

Exports

Exports

Sections

.text Size: 4KB - Virtual size: 3KB

.rdata Size: 4KB - Virtual size: 2KB

.data Size: 4KB - Virtual size: 4KB

.rsrc Size: 4KB - Virtual size: 2KB

.reloc Size: 4KB - Virtual size: 722B

Headers

File Characteristics

Exports

Exports

Sections

UPX0 Size: - Virtual size: 916KB

UPX1 Size: 2.0MB - Virtual size: 2.0MB

.rsrc Size: 44KB - Virtual size: 44KB

Headers

File Characteristics

Exports

Exports

Sections

3.=DiFKX Size: 976KB - Virtual size: 974KB

[lo#2Aa< Size: 88KB - Virtual size: 84KB

#Lv[=ZMZ Size: 28KB - Virtual size: 125KB

Nm&!d*7e Size: 1.6MB - Virtual size: 1.6MB

xYk7D8=w Size: 52KB - Virtual size: 50KB

3=J4Kc!2 Size: 44KB - Virtual size: 42KB

Headers

File Characteristics

Exports

Exports

Sections

UPX0 Size: - Virtual size: 940KB

UPX1 Size: 2.0MB - Virtual size: 2.0MB

.rsrc Size: 44KB - Virtual size: 44KB

Headers

File Characteristics

Exports

Exports

Sections

2>=j9F!: Size: 976KB - Virtual size: 974KB

nS]ESOOT Size: 88KB - Virtual size: 84KB

^,o,"Z26 Size: 28KB - Virtual size: 125KB

xjcm-;GN Size: 1.6MB - Virtual size: 1.6MB

cx7\AW#( Size: 52KB - Virtual size: 50KB

-_F<4FU5 Size: 44KB - Virtual size: 42KB

625034b53fad30f514fe83fbae8da710

Headers

File Characteristics

Imports

mfc42

msvcrt

kernel32

Sections

.text Size: 4KB - Virtual size: 1024B

.rdata Size: 4KB - Virtual size: 1KB

.data Size: 4KB - Virtual size: 284B

c29bff2b7edd6bf2ca73e13686acf566

Headers

File Characteristics

Imports

mfc42u

msvcrt

kernel32

user32

oleaut32

.text
Size: 4KB - Virtual size: 3KB

.rdata
Size: 4KB - Virtual size: 2KB

.data
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 4KB - Virtual size: 2KB

.reloc
Size: 4KB - Virtual size: 722B

UPX0
Size: - Virtual size: 916KB

UPX1
Size: 2.0MB - Virtual size: 2.0MB

.rsrc
Size: 44KB - Virtual size: 44KB

3.=DiFKX
Size: 976KB - Virtual size: 974KB

[lo#2Aa<
Size: 88KB - Virtual size: 84KB

#Lv[=ZMZ
Size: 28KB - Virtual size: 125KB

Nm&!d*7e
Size: 1.6MB - Virtual size: 1.6MB

xYk7D8=w
Size: 52KB - Virtual size: 50KB

3=J4Kc!2
Size: 44KB - Virtual size: 42KB

UPX0
Size: - Virtual size: 940KB

UPX1
Size: 2.0MB - Virtual size: 2.0MB

.rsrc
Size: 44KB - Virtual size: 44KB

2>=j9F!:
Size: 976KB - Virtual size: 974KB

nS]ESOOT
Size: 88KB - Virtual size: 84KB

^,o,"Z26
Size: 28KB - Virtual size: 125KB

xjcm-;GN
Size: 1.6MB - Virtual size: 1.6MB

cx7\AW#(
Size: 52KB - Virtual size: 50KB

-_F<4FU5
Size: 44KB - Virtual size: 42KB

.text
Size: 4KB - Virtual size: 1024B

.rdata
Size: 4KB - Virtual size: 1KB

.data
Size: 4KB - Virtual size: 284B

.text
Size: 12KB - Virtual size: 8KB

.rdata
Size: 8KB - Virtual size: 5KB

.data
Size: 4KB - Virtual size: 1KB

.rsrc
Size: 8KB - Virtual size: 4KB

5FT.7Oa<
Size: 280KB - Virtual size: 276KB

e)DxRq W
Size: 68KB - Virtual size: 64KB

y$o: J33
Size: 8KB - Virtual size: 122.7MB

V; h7*+>
Size: 1.3MB - Virtual size: 1.3MB

#o/-V Go
Size: 100KB - Virtual size: 98KB

.text
Size: 20KB - Virtual size: 18KB

.rdata
Size: 4KB - Virtual size: 2KB

.data
Size: 12KB - Virtual size: 15KB

.text
Size: 20KB - Virtual size: 18KB

.rdata
Size: 4KB - Virtual size: 2KB

.data
Size: 12KB - Virtual size: 15KB

.text
Size: 404KB - Virtual size: 403KB

.rdata
Size: 40KB - Virtual size: 37KB

.data
Size: 24KB - Virtual size: 26KB

.rsrc
Size: 8KB - Virtual size: 7KB