d64c1cb9ceb7beefd70c586b88b56f80_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

d64c1cb9ceb7beefd70c586b88b56f80_JaffaCakes118
Size

4.1MB
MD5

d64c1cb9ceb7beefd70c586b88b56f80
SHA1

31ff9d754af2cf9d589e6c3b8bf16780e15c5b2c
SHA256

4c149d60fba62ee0e1cf0fcaa8e58192d77c6fc846bb798f4a51895ef35937f3
SHA512

6110a967a1cf6ccbdaa253ae736d8ebe259693c15c7ac920426e4072cc82bde50b2b6a71db73a1741abd9ebe02d550f3f2e19c383c9182549a0205487a44f7b6
SSDEEP

98304:0fgZxkM/TH2DIF/BHAQCDoXYstgQr8m7HJZjVYlZws5VWdV63zu:z/THqCCDHstf7HDjODwfd6u

Score

7^/10

aspackv2

Malware Config

Signatures

ASPack v2.12-2.42 1 IoCs

Detects executables packed with ASPack v2.12-2.42

aspackv2

resource	yara_rule
static1/unpack002/BATMAN ARKHAM CITY v1.01 + 8 Trainer.exe	aspack_v212_v242

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack002/BATMAN ARKHAM CITY v1.01 + 8 Trainer.exe
unpack003/BAC+8Tr-LNG_Proper/BAC+8Tr-LNG.exe

Files

d64c1cb9ceb7beefd70c586b88b56f80_JaffaCakes118
.rar
batman_arkham_city.8_trainer.rar
.rar
BATMAN ARKHAM CITY v1.01 + 8 Trainer.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 487KB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

DATA
Size: 16KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.2MB - Virtual size: 2.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.h4x0r#
Size: 455KB - Virtual size: 456KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
More Trainers @ GameCopyWorld.txt
More Trainers @ GameCopyWorld.url
dbghelp.dll
.dll windows:6 windows x86 arch:x86

fa6b094f828920cf8999743ff0004319

Code Sign

61:05:f7:1e:00:00:00:00:00:32
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

13/07/2009, 23:00

Not After

13/10/2010, 23:10

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:03:dc:f6:00:00:00:00:00:0c
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

25/07/2008, 19:12

Not After

25/07/2011, 19:22

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:159C-A3F7-2570,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03/04/2007, 12:53

Not After

03/04/2021, 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:15:08:27:00:00:00:00:00:0c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

25/01/2006, 23:22

Not After

25/01/2017, 23:32

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

8f:30:24:0d:35:ff:73:8c:8f:ce:2e:fe:f2:26:b5:b2:12:d2:d0:aa
Signer

Actual PE Digest

8f:30:24:0d:35:ff:73:8c:8f:ce:2e:fe:f2:26:b5:b2:12:d2:d0:aa

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

dbghelp.pdb

Imports

msvcrt

_isatty
_write
_lseeki64
??3@YAXPAX@Z
_fileno
_read
__pioinfo
__badioinfo
ferror
wctomb
_snprintf
isleadbyte
mbtowc
_onexit
_lock
__dllonexit
_unlock
_ismbblead
_amsg_exit
_initterm
_XcptFilter
memmove
_iob
__mb_cur_max
strchr
_vsnwprintf
_errno
__CxxFrameHandler
iswspace
calloc
_itoa
_wcsdup
towlower
tolower
_wcslwr
time
_wctime
_ltoa
_strnicmp
_wcsnicmp
_purecall
ctime
malloc
strncmp
isspace
_stricmp
_strlwr
free
wcsrchr
strstr
memcpy
_wcsicmp
qsort
wcschr
wcsstr
wcsncmp
iswxdigit
memset
??2@YAPAXI@Z
iswprint
fflush
fprintf
atol
fclose
__unDName
iswdigit
_CxxThrowException
bsearch
_wfsopen
fread
fseek
wcstol
_wfullpath
_wgetenv
_get_osfhandle
_chsize
_close
_open_osfhandle
ftell
_memicmp
_mbscmp
??1type_info@@UAE@XZ
_wsopen

kernel32

HeapFree
MapViewOfFileEx
GetCurrentDirectoryW
InitializeCriticalSectionAndSpinCount
GetFileType
DeviceIoControl
SetFileAttributesW
CreateFileMappingW
InterlockedIncrement
InterlockedDecrement
LocalFree
FormatMessageW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetTickCount
QueryPerformanceCounter
RtlUnwind
InterlockedExchange
GetThreadSelectorEntry
CreateThread
TerminateThread
VirtualQueryEx
GetPriorityClass
GetThreadPriority
GetThreadTimes
GetThreadContext
ResumeThread
SuspendThread
GetCurrentThreadId
GetSystemTimeAsFileTime
Sleep
GetVersion
GetSystemInfo
LoadLibraryExA
InterlockedCompareExchange
DelayLoadFailureHook
ReadProcessMemory
GetProcessHeap
GetFileAttributesA
SetErrorMode
WriteFile
OutputDebugStringA
VirtualFree
OpenProcess
GetCurrentProcessId
GetModuleHandleA
CreateFileMappingA
MapViewOfFile
DuplicateHandle
VirtualAlloc
VirtualProtect
CreateDirectoryA
UnmapViewOfFile
GetCurrentProcess
SetFilePointer
IsDBCSLeadByte
HeapAlloc
HeapReAlloc
GetVersionExA
InitializeCriticalSection
FindClose
SetLastError
LocalAlloc
LeaveCriticalSection
EnterCriticalSection
CloseHandle
ReadFile
GetFileSize
CreateFileA
GetLastError
TlsSetValue
TlsGetValue
FreeLibrary
LoadLibraryA
TlsAlloc
TlsFree
DeleteCriticalSection
HeapDestroy
HeapCreate
FlushViewOfFile

Exports

Exports

DbgHelpCreateUserDump
DbgHelpCreateUserDumpW
EnumDirTree
EnumDirTreeW
EnumerateLoadedModules
EnumerateLoadedModules64
EnumerateLoadedModulesEx
EnumerateLoadedModulesExW
EnumerateLoadedModulesW64
ExtensionApiVersion
FindDebugInfoFile
FindDebugInfoFileEx
FindDebugInfoFileExW
FindExecutableImage
FindExecutableImageEx
FindExecutableImageExW
FindFileInPath
FindFileInSearchPath
GetTimestampForLoadedLibrary
ImageDirectoryEntryToData
ImageDirectoryEntryToDataEx
ImageNtHeader
ImageRvaToSection
ImageRvaToVa
ImagehlpApiVersion
ImagehlpApiVersionEx
MakeSureDirectoryPathExists
MapDebugInformation
MiniDumpReadDumpStream
MiniDumpWriteDump
SearchTreeForFile
SearchTreeForFileW
StackWalk
StackWalk64
SymAddSourceStream
SymAddSourceStreamA
SymAddSourceStreamW
SymAddSymbol
SymAddSymbolW
SymCleanup
SymDeleteSymbol
SymDeleteSymbolW
SymEnumLines
SymEnumLinesW
SymEnumProcesses
SymEnumSourceFileTokens
SymEnumSourceFiles
SymEnumSourceFilesW
SymEnumSourceLines
SymEnumSourceLinesW
SymEnumSym
SymEnumSymbols
SymEnumSymbolsForAddr
SymEnumSymbolsForAddrW
SymEnumSymbolsW
SymEnumTypes
SymEnumTypesByName
SymEnumTypesByNameW
SymEnumTypesW
SymEnumerateModules
SymEnumerateModules64
SymEnumerateModulesW64
SymEnumerateSymbols
SymEnumerateSymbols64
SymEnumerateSymbolsW
SymEnumerateSymbolsW64
SymFindDebugInfoFile
SymFindDebugInfoFileW
SymFindExecutableImage
SymFindExecutableImageW
SymFindFileInPath
SymFindFileInPathW
SymFromAddr
SymFromAddrW
SymFromIndex
SymFromIndexW
SymFromName
SymFromNameW
SymFromToken
SymFromTokenW
SymFunctionTableAccess
SymFunctionTableAccess64
SymGetFileLineOffsets64
SymGetHomeDirectory
SymGetHomeDirectoryW
SymGetLineFromAddr
SymGetLineFromAddr64
SymGetLineFromAddrW64
SymGetLineFromName
SymGetLineFromName64
SymGetLineFromNameW64
SymGetLineNext
SymGetLineNext64
SymGetLineNextW64
SymGetLinePrev
SymGetLinePrev64
SymGetLinePrevW64
SymGetModuleBase
SymGetModuleBase64
SymGetModuleInfo
SymGetModuleInfo64
SymGetModuleInfoW
SymGetModuleInfoW64
SymGetOmapBlockBase
SymGetOmaps
SymGetOptions
SymGetScope
SymGetScopeW
SymGetSearchPath
SymGetSearchPathW
SymGetSourceFile
SymGetSourceFileFromToken
SymGetSourceFileFromTokenW
SymGetSourceFileToken
SymGetSourceFileTokenW
SymGetSourceFileW
SymGetSourceVarFromToken
SymGetSourceVarFromTokenW
SymGetSymFromAddr
SymGetSymFromAddr64
SymGetSymFromName
SymGetSymFromName64
SymGetSymNext
SymGetSymNext64
SymGetSymPrev
SymGetSymPrev64
SymGetSymbolFile
SymGetSymbolFileW
SymGetTypeFromName
SymGetTypeFromNameW
SymGetTypeInfo
SymGetTypeInfoEx
SymGetUnwindInfo
SymInitialize
SymInitializeW
SymLoadModule
SymLoadModule64
SymLoadModuleEx
SymLoadModuleExW
SymMatchFileName
SymMatchFileNameW
SymMatchString
SymMatchStringA
SymMatchStringW
SymNext
SymNextW
SymPrev
SymPrevW
SymRefreshModuleList
SymRegisterCallback
SymRegisterCallback64
SymRegisterCallbackW64
SymRegisterFunctionEntryCallback
SymRegisterFunctionEntryCallback64
SymSearch
SymSearchW
SymSetContext
SymSetHomeDirectory
SymSetHomeDirectoryW
SymSetOptions
SymSetParentWindow
SymSetScopeFromAddr
SymSetScopeFromIndex
SymSetSearchPath
SymSetSearchPathW
SymSrvDeltaName
SymSrvDeltaNameW
SymSrvGetFileIndexInfo
SymSrvGetFileIndexInfoW
SymSrvGetFileIndexString
SymSrvGetFileIndexStringW
SymSrvGetFileIndexes
SymSrvGetFileIndexesW
SymSrvGetSupplement
SymSrvGetSupplementW
SymSrvIsStore
SymSrvIsStoreW
SymSrvStoreFile
SymSrvStoreFileW
SymSrvStoreSupplement
SymSrvStoreSupplementW
SymUnDName
SymUnDName64
SymUnloadModule
SymUnloadModule64
UnDecorateSymbolName
UnDecorateSymbolNameW
UnmapDebugInformation
WinDbgExtensionDllInit
block
chksym
dbghelp
dh
fptr
homedir
itoldyouso
lmi
lminfo
omap
srcfiles
stack_force_ebp
stackdbg
sym
symsrv
vc7fpo

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 18KB - Virtual size: 112KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1008B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 60KB - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
h4x0r.nfo
batman_arkham_city.8_trainer108.rar
.rar
BAC+8Tr-LNG_Proper/BAC+8Tr-LNG - I.N.F.O.txt
BAC+8Tr-LNG_Proper/BAC+8Tr-LNG.exe
.exe windows:4 windows x86 arch:x86

075c950ba49f567d2dc940b4bb7953fe

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

__vbaBoolVar

kernel32

CreateThread
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

winmm

waveOutClose

user32

MessageBoxA

Exports

Exports

��}��\P_��F��vރ��*��w{P��\d��O��W�S��FW��%)��6w��o��;��^��x\��^�V��h��VC��mQԨm�z�%4Td� ��s ��ɑ�R��񆚨& ��\/u��M�X%��C�5�<��4�`��`4��9��@�lZ�X�#$�/a��5��=�<�T�);ڟ��*�AbO��|�~�5� ��h�IV�}�'Õ0��xu^4=T8�[��i��Z��+;JV�~�,w�ɴ�S�/�3z��10��Il��z�*�٘�a7p�B*|Qbk�EKBVq��Ga�S^)k�3��+��rD��牷��|�^�'U��h��J�8�_�4��7�ڽ�rY�� R+dE��L��eQm� ��,pB+��'��Ш�0��;��ӷ~;�ak�l��l�v�5R��O$�H!%��v=�䚉��Xq?k(�Z�GC�t��g��]⠁`K4��w��l�F_��v��s�� 5��[��eb#�ZW�<��q��0��S�\$�ѐQ�2�g�� HM��ɘ�O��+l�3�j��-MO�_�lQ��I1�Y��DҼ��Wv��|��l��~�Z}��*�!B��CǷy��K ��ͪ��'@��r�Hg�\h8nkhQ��'��b�>��J��b{m��g�SX�� p�3P��V�*q�* RZ�R�)�K��&pT�b*S�Y-�D�]�[��4��!Bp�|��l�ϟ`�ۅ��U H��f�Ⱥ��$��Pʶ�v��S��N�I��EF|�V�=FJ�^cB|-�T�h��x��iAz��~�@-��I��#��: ��ka�t��E�-��>a0w��lB�t��(g��);B��!9��Cz�6�&�,gF)�:�m��?74#�;��fq5S��^�:׭��C��%��>�w��u ��LT9��0,��.㒬_��SǵgD��QW��)6 �a^?��Y|�U��ώ�%|��O��@��`�C�Ĉ��^�螽ԫ9��g(uu16��;af�de!�s�w]S��i��XｂL�kţ��&�tГ�M��\�*�·d�S��ls��cJHҀ:.X�A¦L�@�ɴ��M&�*��5?��<L�� Vpq��B� d��b�^�dT+p�*�*�݌$�N~��>��G!�U�PNv��$��9z_��,�مjh<��a�e^?�5}2 �u��6��]AMp.ξ%�3��u3~��!a�x��Tq�%��B�SI��o��|\һu�eys��ܽɥ7i�zo_e4,��V7A�ʏlNJ�뺅Ϫ��x4z��E�y��3ny��V 6I~nF8%[��T2�N[{|��-*�h��I��46��Ǝ�R\��>�[��V�{��7uh=:Xɡ�j�ޭ�iA�?X�<`�<�G%��pdr��˻@��@��R"Z��!+��;T��ϋ~32.��L6�k��-ݏ�3ޱ�z��L��Ym �+Y��J�Q}W]�Q�ϚS��~C&�86�|��5� #r_C�&TU�x�U��i�ŒX��O�y%pONxF�@��8�8�u7d��p9^|��z^͞�ZMcJ��٬�B<��t$(-��$p�9� ��C�b�)�5�ۦ� \��e� �Z��hOW�C��8iˁ\��=�Un�'W% � �BW�=׍qJpI��j�;��x�i�v�2��Dsv;Gj[�f�m�B�_E-GX��o�~�tfrͮ��)�ۡ ��'��4<ޣ�V1��%d��gI��}�83�q9�A4H>��?`^oo��prB�|tp��Ξd`�Z��]��K?��u@� 흼r��W�#C�U+"�B��1l��|�o�^��L��F�V)=v[/��K�kQ��G? �oQl�@7�_Z�T)��[�\ǲð��9IF�m�2�I�K�m�eA��`4�ݘ�gr��z�ݨ��,qV��^��?�$X3�!�¬a��ꉞ��.��f��O�,�@��Q'pf��KW��CC��Tz�W��cm@�/ʏMep��a׸UU�M�c��?0��R��A��f��g�9/=K�� p%��p��J�Fˉ!�F�Ѝ��H��hC)��T��2�=�򍹦�?�%{�D~ٴ��L��<��N)��ύu٩7u�R3��su��<<�^�<Uɡ�e��7,��v��ɟ��XP��O�s�̌��%��}_��6��?��@E�c�U�#G�E�]P~~9�-K��)��u0&u.n��ЬD��l�1 �]�5�P-�:��G��/��D�l��w~O�1�.��m��iX:�l��@��*P�\�V��0��aĭ�)��Ց6�D�sUӌ�嗫ѷ��/f�0�C �k��E!v\��m){�?6�l� K +o��ⶊ�ɽ)<K4uL6�x/�F��+l�Q��ߐ��c� ��C�X�wW~��+Q��Y��ƪ�G�y`:��-��'�ְ0x@��iKƠ�K@��!�y2�?��Wv+xLw��[�b�G� V@�z]N6Z��"��r��N�)[~8��/��͛�H��-�@.{� 3z�� p?�|{s��II��G��?jp' %7��*��.vd�i[W!ۻ��j��Ī��&g'oB��ĳK��l�GsR�gW�1V6��c��O��ĳ�� iK62�x,�"o�hqX��0Ό��L"�ك��2V��Z ,�t��J�,��b��8;t�QJ��G��_\!��믣��5��u�Ԃ�g�(�yI� QΆ��T 츎��!΍

Sections

.text
Size: - Virtual size: 3.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 21KB - Virtual size: 952KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.VCrypt0
Size: - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE

.tls
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.VCrypt1
Size: 1.9MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
BAC+8Tr-LNG_Proper/VERY IMPORTANT!.txt
More Trainers @ GameCopyWorld.txt
More Trainers @ GameCopyWorld.url

Sharing

General

Malware Config

Signatures

Files

Headers

File Characteristics

Sections

CODE Size: 487KB - Virtual size: 1.3MB

DATA Size: 16KB - Virtual size: 32KB

BSS Size: - Virtual size: 40KB

.idata Size: 4KB - Virtual size: 12KB

.tls Size: - Virtual size: 4KB

.rdata Size: 512B - Virtual size: 4KB

.reloc Size: - Virtual size: 72KB

.rsrc Size: 1.2MB - Virtual size: 2.8MB

.h4x0r# Size: 455KB - Virtual size: 456KB

.adata Size: - Virtual size: 4KB

fa6b094f828920cf8999743ff0004319

Code Sign

61:05:f7:1e:00:00:00:00:00:32Certificate

Extended Key Usages

Key Usages

61:03:dc:f6:00:00:00:00:00:0cCertificate

Extended Key Usages

Key Usages

61:16:68:34:00:00:00:00:00:1cCertificate

Extended Key Usages

Key Usages

61:15:08:27:00:00:00:00:00:0cCertificate

Extended Key Usages

Key Usages

8f:30:24:0d:35:ff:73:8c:8f:ce:2e:fe:f2:26:b5:b2:12:d2:d0:aaSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

kernel32

Exports

Exports

Sections

.text Size: 1.1MB - Virtual size: 1.1MB

.data Size: 18KB - Virtual size: 112KB

.rsrc Size: 1024B - Virtual size: 1008B

.reloc Size: 60KB - Virtual size: 59KB

075c950ba49f567d2dc940b4bb7953fe

Headers

File Characteristics

Imports

msvbvm60

kernel32

winmm

user32

Exports

Exports

Sections

.text Size: - Virtual size: 3.5MB

.data Size: - Virtual size: 84KB

.rsrc Size: 21KB - Virtual size: 952KB

.VCrypt0 Size: - Virtual size: 1.5MB

.tls Size: 512B - Virtual size: 24B

.VCrypt1 Size: 1.9MB - Virtual size: 1.9MB

CODE
Size: 487KB - Virtual size: 1.3MB

DATA
Size: 16KB - Virtual size: 32KB

BSS
Size: - Virtual size: 40KB

.idata
Size: 4KB - Virtual size: 12KB

.tls
Size: - Virtual size: 4KB

.rdata
Size: 512B - Virtual size: 4KB

.reloc
Size: - Virtual size: 72KB

.rsrc
Size: 1.2MB - Virtual size: 2.8MB

.h4x0r#
Size: 455KB - Virtual size: 456KB

.adata
Size: - Virtual size: 4KB

61:05:f7:1e:00:00:00:00:00:32
Certificate

61:03:dc:f6:00:00:00:00:00:0c
Certificate

61:16:68:34:00:00:00:00:00:1c
Certificate

61:15:08:27:00:00:00:00:00:0c
Certificate

8f:30:24:0d:35:ff:73:8c:8f:ce:2e:fe:f2:26:b5:b2:12:d2:d0:aa
Signer

.text
Size: 1.1MB - Virtual size: 1.1MB

.data
Size: 18KB - Virtual size: 112KB

.rsrc
Size: 1024B - Virtual size: 1008B

.reloc
Size: 60KB - Virtual size: 59KB

.text
Size: - Virtual size: 3.5MB

.data
Size: - Virtual size: 84KB

.rsrc
Size: 21KB - Virtual size: 952KB

.VCrypt0
Size: - Virtual size: 1.5MB

.tls
Size: 512B - Virtual size: 24B

.VCrypt1
Size: 1.9MB - Virtual size: 1.9MB