d9b16199bfcecc5fad40be403075512a_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

d9b16199bfcecc5fad40be403075512a_JaffaCakes118
Size

7.8MB
MD5

d9b16199bfcecc5fad40be403075512a
SHA1

a13864987882c6cbc251d3b3926e4ab5e595b7ce
SHA256

a960e86396627254743c3901d07bf52a77d682d6ce4fc0c277f0c73028fe8006
SHA512

90bb29883d87143576b15ebc80482a545a076092cb89ebb31d1b4ed888846ff5f321e8f851dffb875bc0c390cf5cc07d87a16e55ef90cf0a4065434268612bb2
SSDEEP

196608:2rHKKqD05Yx86zAQNe7egNqZlSkM9z82k/86D/nC5SRFHm1kj:8vYxZvU7DYOBz82F6raSRFG18

Score

3^/10

Malware Config

Signatures

Unsigned PE 56 IoCs

Checks for missing Authenticode signature.

resource
unpack001/autologon.exe
unpack001/bftowdthunk.dll
unpack001/bodyacro.exe
unpack001/bodyblock.exe
unpack001/bodybook.exe
unpack001/bodybt.exe
unpack001/bodybtw.exe
unpack001/bodyburn.dll
unpack001/bodyburn.exe
unpack001/bodycalc.exe
unpack001/bodyexcel.exe
unpack001/bodyexpl.exe
unpack001/bodyflash.exe
unpack001/bodyimgview.exe
unpack001/bodyiso.exe
unpack001/bodymail.exe
unpack001/bodyminimize.exe
unpack001/bodymobile.exe
unpack001/bodympc.exe
unpack001/bodynotepad.exe
unpack001/bodyoffice.dll
unpack001/bodyoffice2000.dll
unpack001/bodypdvd.exe
unpack001/bodyrecycle.exe
unpack001/bodyscan.exe
unpack001/bodywinamp.exe
unpack001/bodyword.exe
unpack001/browser.exe
unpack001/cabarc.exe
unpack001/classv.exe
unpack001/exhook.dll
unpack001/helper.dll
unpack001/indicdll.dll
unpack001/inj_scan.dll
unpack001/internat.exe
unpack001/modem_restart.exe
unpack001/mp.exe
unpack001/pic_bmp.dll
unpack001/pic_jpeg.dll
unpack001/pic_png.dll
unpack001/rp_shared.dll
unpack001/rpgina.dll
unpack001/rs_api.dll
unpack001/rshell.exe
unpack001/rsinternal.exe
unpack001/rsrules.dll
unpack001/rsrules.exe
unpack001/rssemaphore.exe
unpack001/rsspoolcleaner.exe
unpack001/settings.dll
unpack001/tm.exe
unpack001/updatechk.exe
unpack001/updater.exe
unpack001/vstwain.dll
unpack001/wb.dll
unpack001/wb.exe

Files

d9b16199bfcecc5fad40be403075512a_JaffaCakes118
.cab
autologon.exe
.exe windows:5 windows x86 arch:x86

160b44cb685df0673e4f9626f8c25e39

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LoadLibraryA
TerminateProcess
SetUnhandledExceptionFilter
ExitProcess
FreeLibrary
GetComputerNameA
lstrlenA
IsDebuggerPresent
GetModuleHandleA
GetProcAddress
UnhandledExceptionFilter
GetCurrentProcess

user32

DialogBoxParamA
LoadIconA
SetClassLongA
CheckDlgButton
GetDlgItem
SetFocus
ActivateKeyboardLayout
EndDialog
GetDlgItemTextA
IsDlgButtonChecked
MessageBoxA
SetDlgItemTextA

advapi32

RegCloseKey
RegCreateKeyExA
RegDeleteValueA
RegOpenKeyExA
GetUserNameA
RegSetValueExA

comctl32

ord17

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
bftowdthunk.dll
.dll windows:4 windows x86 arch:x86

a4040eebe561bf9309698677695c458f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CreateEventA
WaitForSingleObject
CloseHandle
SetEvent
CreateMutexA
CreateThread
CallNamedPipeA
ReleaseMutex
GetTickCount
TlsAlloc
SetLastError
OutputDebugStringA
CreateFileA
InitializeCriticalSection
GetVersionExA
EnterCriticalSection
LeaveCriticalSection
OpenProcess
LoadLibraryA
GetProcAddress
GetLastError
DeviceIoControl
GetModuleHandleA
GetModuleFileNameA
ResetEvent
WaitForMultipleObjects
Sleep
FreeLibrary

user32

PeekMessageA
DestroyWindow
IsWindow
CreateWindowExW
SetClassLongW
PostMessageA
CheckRadioButton
CheckDlgButton
GetDlgItem
CallWindowProcW
SendMessageA
wsprintfA

wbtapi

?BtmDeviceIsReady@CWBtAPI@@QAEHXZ
?SetOnDeviceStatusCallback@CWBtAPI@@QAE?AW4WBtRc@@P6AXPAXJJ@Z0@Z
??0CWBtAPI@@QAE@XZ
?SetOnInquiryCompleteCallback@CWBtAPI@@QAE?AW4WBtRc@@P6AXPAXJF@Z0@Z
?SetOnDeviceFoundCallback@CWBtAPI@@QAE?AW4WBtRc@@P6AXPAXQAE11H@Z0@Z
?ClearDeviceStatusCallback@CWBtAPI@@QAE?AW4WBtRc@@XZ
??1CWBtAPI@@QAE@XZ
?GapStartInquiry@CWBtAPI@@QAE?AW4WBtRc@@XZ
?GapStopInquiry@CWBtAPI@@QAE?AW4WBtRc@@XZ
?ClearInquiryCompleteCallback@CWBtAPI@@QAE?AW4WBtRc@@XZ
?ClearDeviceFoundCallback@CWBtAPI@@QAE?AW4WBtRc@@XZ
?GapStartDiscovery@CWBtAPI@@QAE?AW4WBtRc@@PAEH@Z
?GapStartServiceDiscovery@CWBtAPI@@QAE?AW4WBtRc@@PAEU_GUID@@H@Z
?SetOnDiscoveryEventCallback@CWBtAPI@@QAE?AW4WBtRc@@P6AXPAXQAEGJ@Z0@Z
?GapGetAvailableServices@CWBtAPI@@QAE?AW4WBtRc@@QAEPAHHPAUtBT_SERVICE_INFO@@@Z
?GapBond@CWBtAPI@@QAE?AW4WBtRc@@QAEJ0J@Z
?MapGuidToUuid@@YAXPAU_GUID@@PAUtBT_UUID@@@Z
?ConnectToServer@CWBtAPI@@QAE?AW4WBtRc@@_NI00@Z

msvcrt

_except_handler3
?terminate@@YAXXZ
_initterm
_adjust_fdiv
_strupr
strstr
wcslen
atoi
sscanf
_mbscmp
_purecall
toupper
isdigit
vsprintf
_beginthreadex
calloc
_mbsnbcpy
sprintf
strncpy
malloc
free
??2@YAPAXI@Z
??3@YAXPAX@Z
__CxxFrameHandler

advapi32

RegCloseKey
RegSetValueExA
CryptAcquireContextA
CryptReleaseContext
CryptSetProvParam
RegDeleteValueA
RegEnumKeyExA
RegDeleteKeyA
RegCreateKeyExA
RegOpenKeyExA
RegQueryValueExA
CryptImportKey
CryptDecrypt
CryptGetUserKey
CryptGenKey
CryptExportKey
CryptEncrypt
CryptDestroyKey
InitializeSecurityDescriptor

version

GetFileVersionInfoSizeA
VerQueryValueA
GetFileVersionInfoA

ws2_32

ntohl
bind
socket
WSAStartup
sendto

Exports

Exports

WD_Bond
WD_BondQuery
WD_CloseServer
WD_CreateCOMPortAssociation
WD_Discovery
WD_FreeDLL
WD_GetConnectionStats
WD_GetLocalDeviceName
WD_GetLocalDeviceVersionInfo
WD_GetRemoteAddr
WD_GetVersion
WD_InitDLL
WD_Inquiry
WD_IsDeviceReady
WD_IsRemoteDeviceConnected
WD_IsStackServerUp
WD_OpenServer
WD_RemoveCOMPortAssociation
WD_SetLocalDeviceName
WD_UnBond
WD_Write
sdk_close
sdk_init

Sections

.text
Size: 56KB - Virtual size: 53KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 280KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
bodyacro.exe
.exe windows:5 windows x86 arch:x86

9c79eb4774ea530e86d380439b58f5a1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SizeofResource
LoadResource
FindResourceA
LoadLibraryExA
lstrcmpiA
IsDBCSLeadByte
InitializeCriticalSection
VirtualProtect
LocalFree
VirtualAlloc
FlushFileBuffers
CloseHandle
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetStringTypeW
GetStringTypeA
FreeLibrary
LCMapStringA
GetConsoleMode
GetConsoleCP
SetFilePointer
GetLocaleInfoA
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetFileType
lstrcmpA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
HeapSize
InitializeCriticalSectionAndSpinCount
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
RtlUnwind
GetModuleHandleA
InterlockedIncrement
LeaveCriticalSection
SetLastError
GetCurrentThreadId
GetCurrentProcess
FlushInstructionCache
EnterCriticalSection
WideCharToMultiByte
LCMapStringW
GetLastError
MulDiv
lstrlenW
GetModuleFileNameA
InterlockedDecrement
DeleteCriticalSection
GlobalAlloc
GlobalLock
GlobalUnlock
lstrlenA
RaiseException
GetStdHandle
WriteFile
HeapCreate
VirtualFree
HeapReAlloc
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetStartupInfoA
GetCommandLineA
ExitProcess
Sleep
VirtualQuery
GetSystemInfo
IsProcessorFeaturePresent
LoadLibraryA
GetProcAddress
HeapAlloc
GetProcessHeap
HeapFree
InterlockedCompareExchange
SetHandleCount
MultiByteToWideChar
GetModuleHandleW

user32

GetClientRect
UnregisterClassA
RegisterClassExA
LoadCursorA
GetClassInfoExA
MessageBoxA
DefWindowProcA
SetWindowLongA
GetWindowLongA
SetWindowTextA
GetWindowTextA
GetWindowTextLengthA
RegisterWindowMessageA
FillRect
CallWindowProcA
DestroyWindow
GetDlgItem
InvalidateRgn
InvalidateRect
SetCapture
ReleaseCapture
ScreenToClient
ClientToScreen
CreateAcceleratorTableA
GetDesktopWindow
CharNextA
GetParent
GetClassNameA
SetWindowPos
RedrawWindow
IsWindow
BeginPaint
MoveWindow
EndPaint
GetDC
ReleaseDC
IsChild
GetFocus
GetWindow
GetSysColor
DestroyAcceleratorTable
CreateWindowExA
ShowWindow
LoadIconA
wsprintfA
SetFocus
GetMessageA
TranslateMessage
DispatchMessageA
FindWindowA
SendMessageA
PostQuitMessage

gdi32

GetObjectA
CreateSolidBrush
DeleteObject
CreateCompatibleBitmap
CreateCompatibleDC
SelectObject
BitBlt
DeleteDC
GetDeviceCaps
GetStockObject

advapi32

RegCreateKeyExA
RegQueryInfoKeyA
RegSetValueExA
RegEnumKeyExA
RegCloseKey
RegDeleteValueA
RegDeleteKeyA
RegOpenKeyExA
RegQueryValueExA

shlwapi

PathFindFileNameA

ole32

OleUninitialize
CreateStreamOnHGlobal
CoUninitialize
CoInitialize
CoGetClassObject
CLSIDFromProgID
CLSIDFromString
CoCreateInstance
StringFromGUID2
CoTaskMemAlloc
OleLockRunning
CoTaskMemFree
CoTaskMemRealloc
OleInitialize

oleaut32

VarUI4FromStr
VariantClear
VariantInit
DispCallFunc
LoadTypeLi
LoadRegTypeLi
SysAllocString
SysStringLen
SysAllocStringLen
SysFreeString
GetErrorInfo
OleCreateFontIndirect

comctl32

ord17

Sections

.text
Size: 125KB - Virtual size: 124KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 38KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
bodyblock.exe
.exe windows:5 windows x86 arch:x86

68e4fb32241a0019fb89f1303d3e4446

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrcatA
lstrcpyA
InitializeCriticalSection
DeleteCriticalSection
CloseHandle
CreateEventA
CreateProcessA
lstrcpynA
GetCommandLineA
GetStartupInfoA
GetVersion
OpenEventA
GetProcAddress
GetModuleHandleA
CreateMutexA
InterlockedIncrement
IsDBCSLeadByte
FreeLibrary
SizeofResource
LoadResource
FindResourceA
LoadLibraryExA
LoadLibraryA
GetFileAttributesA
HeapAlloc
GetProcessHeap
HeapFree
GetTickCount
LocalFree
FlushFileBuffers
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetStringTypeW
GetStringTypeA
LCMapStringW
FindFirstFileA
GetLocaleInfoA
GetConsoleMode
GetConsoleCP
SetFilePointer
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
InitializeCriticalSectionAndSpinCount
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
HeapSize
RtlUnwind
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetStdHandle
WriteFile
HeapReAlloc
HeapCreate
ExitProcess
VirtualQuery
GetSystemInfo
GetModuleHandleW
VirtualProtect
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
InterlockedCompareExchange
FindNextFileA
FindClose
GlobalAlloc
GlobalLock
GlobalUnlock
Sleep
GetModuleFileNameA
lstrlenA
WideCharToMultiByte
MulDiv
lstrcmpA
GetLastError
lstrlenW
SetLastError
InterlockedDecrement
GetCurrentThreadId
lstrcmpiA
GetCurrentProcess
FlushInstructionCache
LeaveCriticalSection
EnterCriticalSection
RaiseException
MultiByteToWideChar
LCMapStringA

user32

IsWindow
ReleaseDC
GetDC
SetWindowLongA
GetWindowLongA
CreateWindowExA
DestroyWindow
MoveWindow
GetClientRect
UpdateWindow
ShowWindow
SetRectEmpty
GetClassInfoExA
LoadCursorA
IsRectEmpty
GetWindowRect
OpenInputDesktop
CreateDesktopA
GetThreadDesktop
SwitchDesktop
SetThreadDesktop
CloseDesktop
PeekMessageA
GetMessageA
TranslateMessage
DispatchMessageA
MsgWaitForMultipleObjects
UnhookWindowsHookEx
GetCursorPos
SetWindowsHookExA
CallNextHookEx
SendMessageA
SetTimer
UnregisterClassA
GetSystemMetrics
SetRect
ShowCursor
RegisterWindowMessageA
GetWindowTextLengthA
GetWindowTextA
SetWindowTextA
CreateAcceleratorTableA
RegisterClassA
GetDesktopWindow
GetFocus
GetWindow
SetFocus
DestroyAcceleratorTable
BeginPaint
EndPaint
CallWindowProcA
FillRect
ReleaseCapture
GetClassNameA
GetDlgItem
GetParent
IsChild
SetCapture
RedrawWindow
InvalidateRgn
InvalidateRect
ScreenToClient
ClientToScreen
SetWindowPos
CharNextA
GetSysColor
RegisterClassExA
DefWindowProcA

gdi32

CreateDIBSection
GetStockObject
GetObjectA
CreateSolidBrush
CreateCompatibleDC
CreateCompatibleBitmap
SelectObject
DeleteDC
GetDeviceCaps
BitBlt
GdiSetBatchLimit
DeleteObject

advapi32

RegEnumKeyExA
RegQueryInfoKeyA
RegSetValueExA
RegOpenKeyExA
RegCreateKeyExA
RegCloseKey
RegDeleteValueA
RegDeleteKeyA

shlwapi

PathAddBackslashA
PathRemoveFileSpecA
PathIsDirectoryA
PathFindExtensionA

ole32

CoGetClassObject
StringFromGUID2
OleLockRunning
CLSIDFromProgID
CLSIDFromString
CoCreateInstance
CreateStreamOnHGlobal
OleInitialize
OleUninitialize
CoUninitialize
CoInitialize
CoTaskMemRealloc
CoTaskMemFree
CoTaskMemAlloc

oleaut32

SysStringLen
SysAllocString
SysAllocStringLen
VariantInit
GetErrorInfo
VariantClear
VarUI4FromStr
DispCallFunc
LoadTypeLi
LoadRegTypeLi
OleCreateFontIndirect
SysFreeString

comctl32

ord17

rp_shared

EnableFFDshowForOurApp

Sections

.text
Size: 92KB - Virtual size: 92KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 760B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
bodybook.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 357KB - Virtual size: 356KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 2KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 16B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 45KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
bodybt.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 606KB - Virtual size: 606KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 3KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 16B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 46KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 255KB - Virtual size: 255KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
bodybtw.exe
.exe windows:5 windows x86 arch:x86

98c88d882f01a3f6ac1e5f7dfd761624

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ExitProcess

user32

MessageBoxA

Sections

.text
Size: 512B - Virtual size: 38B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 146B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 100B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
bodyburn.dll
.dll windows:5 windows x86 arch:x86

0dd7b7e4e5beeccb79fe69c832544cb8

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrlenA
GetFileAttributesA
FindClose
FindNextFileA
lstrcmpA
FindFirstFileA
lstrcatA
lstrcmpiA
LCMapStringA
GetStringTypeW
GetStringTypeA
GetLocaleInfoA
lstrcpyA
HeapFree
GetProcessHeap
LCMapStringW
HeapAlloc
FreeLibrary
LoadLibraryA
SetEnvironmentVariableA
GetProcAddress
GetCurrentThreadId
GetCommandLineA
GetLastError
MoveFileA
RtlUnwind
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetModuleHandleW
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
InterlockedDecrement
Sleep
ExitProcess
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapCreate
HeapDestroy
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
LeaveCriticalSection
EnterCriticalSection
VirtualAlloc
HeapReAlloc
WriteFile
RaiseException
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
InitializeCriticalSectionAndSpinCount
CompareStringA
MultiByteToWideChar
CompareStringW
HeapSize

shlwapi

PathIsDirectoryA
PathFindExtensionA
PathFindFileNameA
PathAddBackslashA
PathRemoveBackslashA

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

advapi32

RegOpenKeyExA
RegQueryValueExA
RegCloseKey
RegSetValueExA

Exports

Exports

BurnAsyncCancelOperation
BurnCreateDevList
BurnDisc
BurnDone
BurnEraseDisc
BurnGetDevName
BurnGetDevSpeedAt
BurnGetDevSpeedsCount
BurnInit
BurnIsDriveAllowed

Sections

.text
Size: 45KB - Virtual size: 44KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
bodyburn.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 473KB - Virtual size: 473KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 3KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 16B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 35KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 97KB - Virtual size: 97KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
bodycalc.exe
.exe windows:5 windows x86 arch:x86

98feaf0f8f73f7370e6122d9107f77bd

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

shell32

ShellAboutA

msvcrt

_exit
_strrev
_CxxThrowException
__CxxFrameHandler
_EH_prolog
_controlfp
??1type_info@@UAE@XZ
??3@YAXPAX@Z
_except_handler3
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_XcptFilter
toupper
memmove
strchr

advapi32

RegOpenKeyExA
RegQueryValueExA
RegCloseKey

kernel32

LocalReAlloc
LocalAlloc
GetCommandLineA
GetProfileIntA
GetStartupInfoA
GetModuleHandleA
LoadLibraryA
GetProcAddress
GlobalCompact
GlobalReAlloc
GlobalAlloc
GlobalFree
lstrcmpA
Sleep
WriteProfileStringA
GlobalLock
GlobalSize
GlobalUnlock
CloseHandle
CreateEventA
CreateThread
ResetEvent
SetEvent
WaitForSingleObject
lstrcpyA
LocalFree
lstrlenA
lstrcatA
GetProfileStringA

gdi32

SetBkColor
SetTextColor

user32

MessageBoxA
DispatchMessageA
TranslateMessage
TranslateAcceleratorA
IsChild
IsDialogMessageA
GetMessageA
LoadAcceleratorsA
CreateWindowExA
LoadStringA
CharNextA
RegisterClassExA
GetSysColorBrush
LoadCursorA
LoadIconA
InvalidateRect
UpdateWindow
ShowWindow
SetDlgItemTextA
CheckMenuRadioItem
GetSubMenu
GetMenu
SetWindowPos
OffsetRect
MapWindowPoints
GetClientRect
EnableWindow
GetDlgItem
CreateDialogParamA
DestroyWindow
GetWindowRect
SetCursor
CheckRadioButton
SetFocus
MessageBeep
SendMessageA
EndDialog
DialogBoxParamA
SetWindowTextA
CloseClipboard
GetClipboardData
OpenClipboard
DestroyMenu
TrackPopupMenuEx
LoadMenuA
DefWindowProcA
ChildWindowFromPoint
ScreenToClient
PostQuitMessage
WinHelpA
EnableMenuItem
IsClipboardFormatAvailable
GetDlgCtrlID
DrawTextA
DrawEdge
GetSysColor
CheckDlgButton
SetDlgItemInt
GetWindowTextA

Sections

.text
Size: 72KB - Virtual size: 70KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
bodyexcel.exe
.exe windows:5 windows x86 arch:x86

98c88d882f01a3f6ac1e5f7dfd761624

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ExitProcess

user32

MessageBoxA

Sections

.text
Size: 512B - Virtual size: 38B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 146B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 132B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
bodyexpl.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 609KB - Virtual size: 608KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 16B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 42KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 218KB - Virtual size: 218KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
bodyflash.exe
.exe windows:5 windows x86 arch:x86

1e8b80a4bc92cada81e544f1ab5b495b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FreeLibrary
SizeofResource
LoadResource
FindResourceA
LoadLibraryExA
lstrcmpiA
IsDBCSLeadByte
InitializeCriticalSection
VirtualProtect
LocalFree
VirtualAlloc
FlushFileBuffers
CloseHandle
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetStringTypeW
GetStringTypeA
GetModuleHandleA
LCMapStringA
GetConsoleMode
GetConsoleCP
SetFilePointer
GetLocaleInfoA
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetFileType
MulDiv
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
HeapSize
InitializeCriticalSectionAndSpinCount
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
RtlUnwind
InterlockedIncrement
LeaveCriticalSection
SetLastError
GetCurrentThreadId
GetCurrentProcess
FlushInstructionCache
EnterCriticalSection
WideCharToMultiByte
GetLastError
LCMapStringW
lstrcmpA
lstrlenW
GetModuleFileNameA
InterlockedDecrement
DeleteCriticalSection
GlobalAlloc
GlobalLock
GlobalUnlock
lstrlenA
RaiseException
GetStdHandle
WriteFile
HeapCreate
HeapReAlloc
VirtualFree
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetStartupInfoA
GetCommandLineA
ExitProcess
Sleep
VirtualQuery
GetSystemInfo
IsProcessorFeaturePresent
LoadLibraryA
GetProcAddress
HeapAlloc
GetProcessHeap
HeapFree
InterlockedCompareExchange
SetHandleCount
MultiByteToWideChar
GetModuleHandleW

user32

GetClientRect
UnregisterClassA
RegisterClassExA
LoadCursorA
GetClassInfoExA
MessageBoxA
DefWindowProcA
SetWindowLongA
GetWindowLongA
SetWindowTextA
GetWindowTextA
GetWindowTextLengthA
RegisterWindowMessageA
FillRect
CallWindowProcA
DestroyWindow
GetDlgItem
InvalidateRgn
InvalidateRect
SetCapture
ReleaseCapture
ScreenToClient
ClientToScreen
CreateAcceleratorTableA
GetDesktopWindow
CharNextA
GetParent
GetClassNameA
SetWindowPos
RedrawWindow
IsWindow
BeginPaint
MoveWindow
EndPaint
GetDC
ReleaseDC
IsChild
GetFocus
GetWindow
GetSysColor
DestroyAcceleratorTable
CreateWindowExA
ShowWindow
LoadIconA
wsprintfA
SetFocus
GetMessageA
TranslateMessage
DispatchMessageA
FindWindowA
SendMessageA
PostQuitMessage

gdi32

GetObjectA
CreateSolidBrush
DeleteObject
CreateCompatibleBitmap
CreateCompatibleDC
SelectObject
BitBlt
DeleteDC
GetDeviceCaps
GetStockObject

advapi32

RegOpenKeyExA
RegQueryInfoKeyA
RegSetValueExA
RegEnumKeyExA
RegDeleteKeyA
RegCreateKeyExA
RegCloseKey
RegDeleteValueA

shlwapi

PathFindFileNameA

ole32

OleUninitialize
CreateStreamOnHGlobal
OleInitialize
CoInitialize
CoGetClassObject
CLSIDFromProgID
CLSIDFromString
CoCreateInstance
StringFromGUID2
CoTaskMemAlloc
OleLockRunning
CoTaskMemFree
CoTaskMemRealloc
CoUninitialize

oleaut32

VarUI4FromStr
VariantClear
VariantInit
DispCallFunc
LoadTypeLi
LoadRegTypeLi
SysAllocString
SysStringLen
SysAllocStringLen
SysFreeString
GetErrorInfo
OleCreateFontIndirect

comctl32

ord17

Sections

.text
Size: 125KB - Virtual size: 124KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 38KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
bodyimgview.exe
.exe windows:5 windows x86 arch:x86

888e36d0b835354ddd06e7c633a6c463

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetFileAttributesA
FileTimeToSystemTime
CreateEventA
CreateMutexA
TerminateThread
WaitForSingleObject
ReleaseMutex
FindCloseChangeNotification
FindNextChangeNotification
Sleep
FindFirstChangeNotificationA
CreateThread
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
MultiByteToWideChar
CreateProcessA
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
GetTickCount
HeapSize
HeapReAlloc
VirtualAlloc
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
InitializeCriticalSectionAndSpinCount
EnterCriticalSection
LeaveCriticalSection
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
VirtualFree
HeapCreate
InterlockedDecrement
WriteFile
CloseHandle
HeapFree
GetProcessHeap
HeapAlloc
lstrcatA
FindFirstFileA
LoadLibraryA
GetProcAddress
GetFullPathNameA
lstrlenA
FreeLibrary
FindNextFileA
FindClose
GetModuleHandleA
GetCurrentThreadId
SetLastError
InterlockedIncrement
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
DeleteCriticalSection
GetFileType
SetHandleCount
GetEnvironmentStringsW
GetLastError
GetModuleFileNameA
lstrcmpiA
GetCommandLineA
lstrcpyA
GetLocaleInfoA
WideCharToMultiByte
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStdHandle
ExitProcess
GetModuleHandleW
RtlUnwind
IsDebuggerPresent
SetUnhandledExceptionFilter
GetStartupInfoA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter

user32

SendMessageA
FindWindowA
DrawTextA
GetSystemMetrics
GetTabbedTextExtentA
MessageBoxA
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
LoadIconA
RegisterClassA
CreateWindowExA
ShowWindow
SetForegroundWindow
UpdateWindow
GetMessageA
MsgWaitForMultipleObjects
PeekMessageA
DispatchMessageA
DestroyWindow
UnregisterClassA
LoadCursorA
SetCursor
InvalidateRect
MoveWindow
BeginPaint
IsIconic
EndPaint
ShowCursor
DefWindowProcA
wsprintfA
GetDC
ReleaseDC

gdi32

GetDeviceCaps
StretchDIBits
EndPage
StartDocA
EndDoc
GetStockObject
SetDIBits
DeleteDC
CreateCompatibleBitmap
CreateCompatibleDC
BitBlt
CreateFontA
SelectObject
SetBkMode
DeleteObject
SetTextColor
GdiSetBatchLimit
StartPage

shlwapi

PathRemoveExtensionA
StrStrA
PathAddBackslashA
PathRemoveFileSpecA
PathFindFileNameA
PathFindExtensionA
PathAppendA

comdlg32

PrintDlgA

comctl32

ord17

ole32

CoInitialize

rp_shared

GetLangStr
RPMessageBox
RunProcess

Sections

.text
Size: 39KB - Virtual size: 39KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 69KB - Virtual size: 69KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
bodyiso.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 460KB - Virtual size: 459KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 2KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 16B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 33KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 102KB - Virtual size: 102KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
bodymail.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 599KB - Virtual size: 598KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 16B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 45KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 84KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
bodyminimize.exe
.exe windows:5 windows x86 arch:x86

21d50ab9ad92a345f01efd36c28dd1fd

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ExitProcess

user32

FindWindowA
PostMessageA

Sections

.text
Size: 512B - Virtual size: 42B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 186B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
bodymobile.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 582KB - Virtual size: 582KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 3KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 16B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 303KB - Virtual size: 303KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
bodympc.exe
.exe windows:5 windows x86 arch:x86

98c88d882f01a3f6ac1e5f7dfd761624

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ExitProcess

user32

MessageBoxA

Sections

.text
Size: 512B - Virtual size: 38B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 146B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 168B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
bodynotepad.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 492KB - Virtual size: 491KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 3KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 16B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 34KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 109KB - Virtual size: 109KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
bodyoffice.dll
.dll regsvr32 windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

CODE
Size: 518KB - Virtual size: 517KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 3KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 167B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 35KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
bodyoffice2000.dll
.dll regsvr32 windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

CODE
Size: 511KB - Virtual size: 510KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 3KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 167B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 35KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 35KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
bodypdvd.exe
.exe windows:5 windows x86 arch:x86

98c88d882f01a3f6ac1e5f7dfd761624

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ExitProcess

user32

MessageBoxA

Sections

.text
Size: 512B - Virtual size: 38B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 146B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 140B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
bodyrecycle.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 491KB - Virtual size: 491KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 3KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 16B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 33KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 66KB - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
bodyscan.exe
.exe windows:5 windows x86 arch:x86

30eb78e4add2026b6eb071c9a0b2277a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetStringTypeW
GetStringTypeA
LCMapStringW
GetModuleHandleA
GetLocaleInfoA
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
HeapSize
HeapReAlloc
VirtualAlloc
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
GetModuleFileNameA
GetVersion
lstrcmpiA
InterlockedDecrement
lstrcpyA
lstrcatA
LCMapStringA
lstrlenA
QueryPerformanceCounter
VirtualFree
HeapCreate
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
InitializeCriticalSectionAndSpinCount
LoadLibraryA
GetLastError
MultiByteToWideChar
WideCharToMultiByte
LocalFree
GetModuleHandleW
Sleep
GetProcAddress
ExitProcess
GetCommandLineA
GetStartupInfoA
HeapFree
HeapAlloc
RtlUnwind
RaiseException
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
WriteFile
GetStdHandle
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection

user32

CreateWindowExA
SetForegroundWindow
MessageBoxA
DefWindowProcA
UnregisterClassA
FindWindowA
SendMessageA
PostMessageA
IsWindow
DestroyWindow
SetCursor
LoadCursorA
LoadIconA
RegisterClassA

shell32

ShellExecuteA
SHGetSpecialFolderLocation
SHGetMalloc
SHGetPathFromIDListA

shlwapi

PathRemoveFileSpecA
PathAddBackslashA
SHDeleteKeyA

advapi32

RegSetValueExA
RegCreateKeyExA
RegCloseKey

comctl32

ord17

comdlg32

GetSaveFileNameA

ole32

CoCreateInstance
CoUninitialize
CoInitialize

rp_shared

GetLangStr

oleaut32

GetErrorInfo
SysAllocString
VariantClear
SysFreeString

Sections

.text
Size: 42KB - Virtual size: 42KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
bodywinamp.exe
.exe windows:5 windows x86 arch:x86

98c88d882f01a3f6ac1e5f7dfd761624

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ExitProcess

user32

MessageBoxA

Sections

.text
Size: 512B - Virtual size: 38B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 146B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 128B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
bodyword.exe
.exe windows:5 windows x86 arch:x86

98c88d882f01a3f6ac1e5f7dfd761624

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ExitProcess

user32

MessageBoxA

Sections

.text
Size: 512B - Virtual size: 38B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 146B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 128B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
browser.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 517KB - Virtual size: 517KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 3KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 16B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 34KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 52KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
cabarc.exe
.exe windows:5 windows x86 arch:x86

597a4c82b524d35adf4da7c03330ead4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FileTimeToDosDateTime
FileTimeToLocalFileTime
CloseHandle
GetFileInformationByHandle
GetLastError
CreateFileA
CreateDirectoryA
GetFileAttributesA
SetFileAttributesA
SetFileTime
LocalFileTimeToFileTime
DosDateTimeToFileTime
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
LocalAlloc
LocalFree
ReadFile
WriteFile
SetFilePointer
TerminateProcess
GetCurrentProcess
GetProcAddress
GetModuleHandleA
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime

msvcrt

printf
toupper
_strnicmp
_stricmp
isdigit
atoi
exit
_vsnprintf
strrchr
free
_tempnam
strchr
rand
srand
time
strncpy
memmove
_getch
isspace
fclose
fgets
fopen
malloc
_c_exit
_exit
_XcptFilter
_cexit
__initenv
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
_controlfp

Sections

.text
Size: 61KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 992B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
classv.exe
.exe windows:5 windows x86 arch:x86

d65e50b5ce424af03a67a9272770477c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetModuleHandleA
ExitProcess
IsDebuggerPresent

user32

DialogBoxParamA
SetForegroundWindow
GetForegroundWindow
GetClassNameA
SetDlgItemTextA
SendDlgItemMessageA
EndDialog
SetTimer

comctl32

ord17

Sections

.text
Size: 1024B - Virtual size: 524B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 574B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 824B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
exhook.dll
.dll regsvr32 windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

CODE
Size: 95KB - Virtual size: 94KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 2KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 163B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
help.chm
.chm
helper.dll
.dll windows:5 windows x86 arch:x86

193318e1d0f33b4efba65a89e7d96540

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrcmpA
GetProcAddress
GetModuleHandleA
DisableThreadLibraryCalls
HeapSize
LCMapStringW
LCMapStringA
lstrlenA
MultiByteToWideChar
GetStringTypeA
GetLocaleInfoA
RtlUnwind
InitializeCriticalSectionAndSpinCount
LoadLibraryA
lstrcmpiA
GetVersion
GetStringTypeW
lstrcpyA
GetCurrentThreadId
GetCommandLineA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetModuleHandleW
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetLastError
InterlockedDecrement
HeapFree
Sleep
ExitProcess
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapCreate
HeapDestroy
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
LeaveCriticalSection
EnterCriticalSection
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
HeapAlloc
VirtualAlloc
HeapReAlloc
WriteFile

user32

GetForegroundWindow
GetWindowTextA
UnhookWindowsHookEx
SetWindowsHookExA
GetWindow
GetDesktopWindow
GetDlgCtrlID
FindWindowExA
GetParent
GetAncestor
SendMessageA
IsWindow
IsWindowVisible
GetClassNameA
GetPropA
GetWindowLongA
GetAsyncKeyState
CallNextHookEx
FindWindowA
PostMessageA

advapi32

RegQueryValueExA
RegCloseKey
RegOpenKeyExA

Exports

Exports

DoneHook
InitHook
SetConsoleHook
SetDialogsHook
SetInputDisableState
SetWinampHook

Sections

.text
Size: 29KB - Virtual size: 29KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Shared
Size: 512B - Virtual size: 52B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
indicdll.dll
.dll windows:5 windows x86 arch:x86

e849a4fb4c69e579ec1b546f9edc4a93

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

kernel32

HeapFree
GetACP
HeapAlloc
HeapCreate
lstrlenW
GetCurrentProcessId
CreateFileMappingW
GetCurrentThreadId
lstrcmpW
UnmapViewOfFile
GetLastError
MapViewOfFile
GlobalFree
GlobalAlloc
CloseHandle

user32

IsWindow
GetFocus
GetWindowThreadProcessId
CallNextHookEx
PostMessageW
CreatePopupMenu
InsertMenuItemW
SendMessageW
GetKeyboardLayout
SetWindowsHookExW
UnhookWindowsHookEx
GetMessagePos
GetWindowRect
PtInRect
GetParent
GetClassNameW
GetDesktopWindow

gdi32

DeleteObject

imm32

ImmReleaseContext
ImmGetConversionStatus
ImmGetOpenStatus
ImmGetDefaultIMEWnd
ImmGetImeMenuItemsW
ImmGetContext

Sections

.text
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 28B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 444B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
inj_scan.dll
.dll windows:5 windows x86 arch:x86

d0fcdb0c1cf5845299c3053f185f5923

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

HeapFree
CloseHandle
WriteProcessMemory
ReadProcessMemory
HeapAlloc
GetProcessHeap
OpenProcess
GetCurrentProcessId
GetProcAddress
LoadLibraryA
GetModuleHandleA
LeaveCriticalSection
EnterCriticalSection
lstrcpyA
GetWindowsDirectoryA
DeleteCriticalSection
CreateThread
InitializeCriticalSection
HeapSize
LCMapStringW
LCMapStringA
GetCurrentThreadId
GetCommandLineA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetModuleHandleW
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetLastError
InterlockedDecrement
Sleep
ExitProcess
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapCreate
HeapDestroy
VirtualFree
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
VirtualAlloc
HeapReAlloc
WriteFile
InitializeCriticalSectionAndSpinCount
RtlUnwind
GetLocaleInfoA
GetStringTypeA
MultiByteToWideChar
GetStringTypeW

user32

SendMessageA
PostMessageA
FindWindowA

shlwapi

PathFindFileNameA
PathAppendA

Sections

.text
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
internat.exe
.exe windows:5 windows x86 arch:x86

6ec4b9854181010bb09f30f0c6b36520

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

lstrlenW
GlobalReAlloc
GlobalLock
lstrcatW
GlobalUnlock
FreeLibrary
lstrcpyW
AddAtomW
IsValidLocale
GlobalFree
DeleteAtom
LoadLibraryW
lstrcmpW
GetProcAddress
LocalAlloc
lstrcpynW
GetLocaleInfoW
GlobalGetAtomNameW
LocalFree
WinExec
GetModuleHandleW
GetStartupInfoW
GetAtomNameW
ExitProcess
GlobalAlloc
lstrcmpiW

user32

RemovePropW
SetPropW
AllowSetForegroundWindow
GetWindow
DestroyMenu
GetPropW
GetDesktopWindow
MapWindowPoints
TrackPopupMenuEx
GetLastActivePopup
GetParent
GetWindowLongW
LoadBitmapW
GetSysColor
DrawTextW
CreateIconIndirect
GetKeyboardLayout
GetKeyboardLayoutList
DestroyIcon
GetWindowThreadProcessId
AttachThreadInput
MessageBeep
GetDC
ReleaseDC
EnumChildWindows
DrawFocusRect
GetSystemMetrics
GetWindowDC
SystemParametersInfoW
wsprintfW
UnloadKeyboardLayout
GetMessageW
TranslateMessage
DispatchMessageW
CreateWindowExW
ShowWindow
LoadStringW
FindWindowW
MessageBoxW
LoadIconW
LoadCursorW
RegisterClassExW
PostMessageW
LoadStringA
WinHelpW
GetProcessDefaultLayout
CreatePopupMenu
InsertMenuW
CheckMenuItem
DestroyWindow
KillTimer
SetTimer
GetMessagePos
InSendMessageEx
GetClassNameW
DefWindowProcW
SetForegroundWindow
IsWindow
SendMessageW
SetActiveWindow
PostQuitMessage
RegisterWindowMessageW
GetClientRect

gdi32

TranslateCharsetInfo
DeleteDC
DeleteObject
GetTextCharsetInfo
GetStockObject
ExtTextOutW
PatBlt
SetBkColor
SelectObject
SetTextColor
CreateCompatibleBitmap
CreateCompatibleDC
CreateBitmap
GetTextExtentPointW
BitBlt
CreateFontIndirectW
GetObjectW

comctl32

ord329
ImageList_Create
ImageList_Destroy
ord328
ImageList_ReplaceIcon
ord334
ImageList_GetIconSize
ImageList_GetIcon
ord332
ImageList_Draw
ImageList_Remove

imm32

ImmAssociateContext
ImmGetDefaultIMEWnd
ImmGetIMEFileNameW
ImmGetDescriptionW
ImmGetProperty

setupapi

SetupOpenInfFileW
SetupOpenAppendInfFileW
SetupCloseInfFile
SetupFindFirstLineW
SetupGetStringFieldW

advapi32

RegFlushKey
RegQueryValueW
RegOpenKeyW
RegEnumKeyW
RegOpenKeyExW
RegCloseKey
RegSetValueExW
RegQueryValueExW
RegDeleteValueW

shell32

SHAppBarMessage
ExtractIconExW
Shell_NotifyIconW

Sections

.text
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 620B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
modem_restart.exe
.exe windows:5 windows x86 arch:x86

6bc531c7b6fe8bec45ee91c69da8d797

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetStringTypeA
LCMapStringW
MultiByteToWideChar
LCMapStringA
GetLocaleInfoA
GetModuleHandleA
lstrcpyA
Sleep
GetStringTypeW
lstrlenA
HeapSize
RtlUnwind
HeapReAlloc
VirtualAlloc
HeapAlloc
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
InitializeCriticalSectionAndSpinCount
LoadLibraryA
EnterCriticalSection
GetCommandLineA
GetStartupInfoA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetModuleHandleW
GetProcAddress
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetLastError
GetEnvironmentStringsW
SetHandleCount
GetFileType
DeleteCriticalSection
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
HeapCreate
VirtualFree
HeapFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
LeaveCriticalSection

user32

EndDialog
SetCursor
LoadCursorA
UpdateWindow
EnableWindow
MessageBoxA
GetDlgItemTextA
SetFocus
SetDlgItemTextA
SendDlgItemMessageA
SetClassLongA
LoadIconA
GetDlgItem
DialogBoxParamA

advapi32

RegCreateKeyExA
RegSetValueExA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey

comctl32

ord17

ws2_32

htons
inet_addr
WSAStartup
connect
setsockopt
closesocket
WSACleanup
socket
send

wininet

InternetConnectA
InternetCloseHandle
HttpOpenRequestA
HttpSendRequestA
InternetOpenA

Sections

.text
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
mp.exe
.exe windows:5 windows x86 arch:x86

15e49c763b232840f6ff09507940ebc9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GlobalLock
GlobalAlloc
FreeLibrary
SizeofResource
LoadResource
FindResourceA
LoadLibraryExA
GetModuleHandleA
lstrcpyA
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
GetConsoleMode
GetConsoleCP
SetFilePointer
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
InitializeCriticalSectionAndSpinCount
GlobalUnlock
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
RtlUnwind
GetLastError
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetStdHandle
WriteFile
HeapReAlloc
HeapCreate
GetStartupInfoA
GetCommandLineA
ExitProcess
Sleep
VirtualQuery
GetSystemInfo
GetModuleHandleW
VirtualProtect
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
GetModuleFileNameA
MulDiv
lstrcmpA
SetLastError
IsDBCSLeadByte
GetCurrentThreadId
lstrcmpiA
lstrlenA
InterlockedDecrement
HeapSize
InterlockedIncrement
lstrlenW
WideCharToMultiByte
GetCurrentProcess
MultiByteToWideChar
FlushInstructionCache
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
LoadLibraryA
FlushFileBuffers
CloseHandle
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetProcAddress
HeapAlloc
GetProcessHeap
HeapFree
InterlockedCompareExchange
GetLocaleInfoA
RaiseException
IsDebuggerPresent

user32

wsprintfA
LoadIconA
GetMessageA
TranslateMessage
DispatchMessageA
RegisterWindowMessageA
GetWindowTextLengthA
GetWindowTextA
UnregisterClassA
CreateAcceleratorTableA
IsWindow
GetDesktopWindow
GetFocus
GetWindow
SetFocus
DestroyAcceleratorTable
BeginPaint
EndPaint
SetWindowTextA
DestroyWindow
FillRect
ReleaseCapture
GetClassNameA
GetDlgItem
GetParent
IsChild
SetCapture
RedrawWindow
InvalidateRgn
InvalidateRect
ReleaseDC
GetDC
ScreenToClient
ClientToScreen
SetWindowPos
GetSysColor
RegisterClassExA
DefWindowProcA
CharNextA
FindWindowA
MessageBoxA
PostQuitMessage
SendMessageA
LoadCursorA
GetClassInfoExA
ShowWindow
UpdateWindow
GetClientRect
MoveWindow
CreateWindowExA
GetWindowLongA
SetWindowLongA
CallWindowProcA

gdi32

GetObjectA
CreateSolidBrush
BitBlt
CreateCompatibleDC
CreateCompatibleBitmap
SelectObject
DeleteObject
DeleteDC
GetDeviceCaps
GetStockObject

advapi32

RegCreateKeyExA
RegDeleteValueA
RegEnumKeyExA
RegQueryInfoKeyA
RegSetValueExA
RegOpenKeyExA
RegCloseKey
RegDeleteKeyA

ole32

CLSIDFromString
CoTaskMemAlloc
CoInitialize
CoUninitialize
OleUninitialize
OleInitialize
CreateStreamOnHGlobal
CoCreateInstance
CLSIDFromProgID
CoGetClassObject
OleLockRunning
StringFromGUID2
CoTaskMemFree
CoTaskMemRealloc

oleaut32

DispCallFunc
LoadRegTypeLi
OleCreateFontIndirect
LoadTypeLi
SysStringLen
VariantClear
VariantInit
VarUI4FromStr
SysAllocString
SysAllocStringLen
SysFreeString

comctl32

ord17

shlwapi

PathUnquoteSpacesA

rp_shared

EnableFFDshowForOurApp

Sections

.text
Size: 72KB - Virtual size: 71KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 51KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
pic_bmp.dll
.dll windows:5 windows x86 arch:x86

9c3885f5db671556966b8bbd73e1b1a7

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

HeapAlloc
GetProcessHeap
HeapFree
CreateFileA
CloseHandle
ReadFile
WriteFile
SetFilePointer
lstrcmpiA
lstrlenA
GetCurrentThreadId
GetCommandLineA
GetModuleHandleW
GetProcAddress
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetLastError
InterlockedDecrement
Sleep
ExitProcess
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapCreate
HeapDestroy
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
LeaveCriticalSection
EnterCriticalSection
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
VirtualAlloc
HeapReAlloc
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
LoadLibraryA
InitializeCriticalSectionAndSpinCount
RtlUnwind
GetLocaleInfoA
GetStringTypeA
MultiByteToWideChar
GetStringTypeW
LCMapStringA
LCMapStringW
HeapSize

Exports

Exports

CheckFile
GetInfo
LoadFile
SaveFile

Sections

.text
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
pic_jpeg.dll
.dll windows:5 windows x86 arch:x86

11f88177fc21487105ca5f4aee3adc00

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

HeapAlloc
GetProcessHeap
HeapFree
CreateFileA
CloseHandle
ReadFile
WriteFile
lstrcmpiA
lstrlenA
GetCurrentThreadId
GetCommandLineA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetModuleHandleW
GetProcAddress
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetLastError
InterlockedDecrement
Sleep
ExitProcess
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapCreate
HeapDestroy
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
LeaveCriticalSection
EnterCriticalSection
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
VirtualAlloc
HeapReAlloc
LoadLibraryA
InitializeCriticalSectionAndSpinCount
RtlUnwind
GetLocaleInfoA
GetStringTypeA
MultiByteToWideChar
GetStringTypeW
LCMapStringA
LCMapStringW
HeapSize

Exports

Exports

CheckFile
GetInfo
LoadFile
SaveFile

Sections

.text
Size: 80KB - Virtual size: 79KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
pic_png.dll
.dll windows:5 windows x86 arch:x86

11f88177fc21487105ca5f4aee3adc00

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

HeapAlloc
GetProcessHeap
HeapFree
CreateFileA
CloseHandle
ReadFile
WriteFile
lstrcmpiA
lstrlenA
GetCurrentThreadId
GetCommandLineA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetModuleHandleW
GetProcAddress
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetLastError
InterlockedDecrement
Sleep
ExitProcess
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapCreate
HeapDestroy
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
LeaveCriticalSection
EnterCriticalSection
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
VirtualAlloc
HeapReAlloc
LoadLibraryA
InitializeCriticalSectionAndSpinCount
RtlUnwind
GetLocaleInfoA
GetStringTypeA
MultiByteToWideChar
GetStringTypeW
LCMapStringA
LCMapStringW
HeapSize

Exports

Exports

CheckFile
GetInfo
LoadFile
SaveFile

Sections

.text
Size: 66KB - Virtual size: 66KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
rp_shared.dll
.dll windows:5 windows x86 arch:x86

4dd46ab1a03f810aa68740efad8f6cba

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

FindFirstFileA
lstrcatA
lstrcpyA
GetProcAddress
LoadLibraryA
GetModuleHandleA
GetDriveTypeA
GlobalAddAtomA
SetLastError
HeapFree
WriteProcessMemory
ReadProcessMemory
HeapAlloc
GetProcessHeap
OpenProcess
GetCurrentProcessId
GetLogicalDrives
GetVolumeInformationA
SetErrorMode
FileTimeToSystemTime
SystemTimeToFileTime
GetLocalTime
GlobalDeleteAtom
GlobalGetAtomNameA
GetExitCodeProcess
WaitForSingleObject
CreateProcessA
GetCurrentThreadId
lstrcmpiA
LockResource
SizeofResource
LoadResource
FindResourceA
Process32First
Process32Next
CreateDirectoryA
lstrcmpA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetConsoleMode
GetConsoleCP
SetStdHandle
SetFilePointer
HeapSize
ReadFile
RaiseException
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
RtlUnwind
InitializeCriticalSectionAndSpinCount
HeapReAlloc
VirtualAlloc
EnterCriticalSection
LeaveCriticalSection
MultiByteToWideChar
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
GetSystemTimeAsFileTime
FindClose
FindNextFileA
GetFileSize
WriteFile
GetVersionExA
FlushFileBuffers
CloseHandle
CreateFileA
DeviceIoControl
lstrlenA
GetCommandLineA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetModuleHandleW
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
GetLastError
InterlockedDecrement
Sleep
ExitProcess
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapCreate
HeapDestroy
VirtualFree
QueryPerformanceCounter
GetTickCount

user32

MessageBoxA
AttachThreadInput
SetForegroundWindow
SendMessageA
DialogBoxParamA
SetWindowLongA
GetDlgItem
SetPropA
GetWindowLongA
GetWindowThreadProcessId
GetWindowRect
OffsetRect
GetWindowDC
DrawTextA
GetSystemMetrics
SendDlgItemMessageA
ReleaseDC
SetWindowPos
GetClientRect
SetWindowTextA
SetDlgItemTextA
LoadIconA
SetFocus
RemovePropA
EndDialog
FindWindowA
PostMessageA
wsprintfA
CharUpperA
ClientToScreen

shlwapi

PathRemoveBlanksA
PathMatchSpecA
PathFindExtensionA
UrlGetPartA
StrCmpNIA
PathIsDirectoryA
PathAddBackslashA

shell32

SHFormatDrive

gdi32

SelectObject

advapi32

RegDeleteValueA
RegCreateKeyExA
RegSetValueExA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey

comdlg32

GetSaveFileNameA

Exports

Exports

AddURL2Stat
ArcCos
ArcSin
CreateEmptyFile
CreateNewEmptyDOC
CreateNewEmptyTXT
CreateNewEmptyXLS
EjectDrive
EnableFFDshowForOurApp
ExportDeleteRegValue
ExportRegistryFile
ExportWriteRegStr
FormatDrive
GetAdditionalFolderAccess
GetAdditionalFolderName
GetAdditionalFolderPath
GetAdditionalFoldersCount
GetCDROMName
GetCDROMPath
GetDirectorySize
GetDisketteName
GetDiskettePath
GetDriveFreeSpace
GetDriveTotalSpace
GetFavoritesPath
GetFlashName
GetFlashPath
GetLangStr
GetLangStrByLangId
GetOpenWithCount
GetOpenWithName
GetSaveFileDialog
GetUserFolderName
GetUserFolderPath
GetUserFolderRetrospective
GetVIPFolderName
GetVIPFolderPath
HackAPIFunction
HackCreateProcessA
HackCreateProcessSilentA
HackCreateProcessSilentW
HackCreateProcessW
ImportRegistryFile
IsAdditionalFoldersAllowed
IsCDROMAllowed
IsDisketteAllowed
IsDriveTrueRemovableI
IsDriveTrueRemovableS
IsFlashAllowed
IsRunningUnderVistaLonghorn
IsUrlCannotBeDownloadedWithOurDM
IsUserFolderAllowed
IsVIPFolderAllowed
OpenWith
RPMessageBox
RPOpenSaveDialog
RunHiddenProcessAndWait
RunHiddenProcessAndWaitIdle
RunProcess
RunProcessWithShowWindow
ScanForLawProtected
StrColor2Int
UnhackAPIFunction
UnhackCreateProcess
WrapperOfPFuncF
WrapperOfPFuncN

Sections

.text
Size: 69KB - Virtual size: 68KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 72KB - Virtual size: 71KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 52KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
rpgina.dll
.dll windows:5 windows x86 arch:x86

4ac1a08b2122e2fa8776494ef370e499

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrcpyA
lstrcmpiA
GlobalDeleteAtom
GlobalGetAtomNameA
WideCharToMultiByte
lstrlenA
HeapSize
LCMapStringW
LCMapStringA
GetStringTypeW
MultiByteToWideChar
GetStringTypeA
LoadLibraryA
GetProcAddress
DisableThreadLibraryCalls
GetCurrentThreadId
GetCommandLineA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetModuleHandleW
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetLastError
InterlockedDecrement
HeapFree
Sleep
ExitProcess
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapCreate
HeapDestroy
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
LeaveCriticalSection
EnterCriticalSection
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
HeapAlloc
VirtualAlloc
HeapReAlloc
WriteFile
InitializeCriticalSectionAndSpinCount
RtlUnwind
GetLocaleInfoA

user32

OpenDesktopA
EnumDesktopWindows
CloseDesktop
SendMessageTimeoutA
PostMessageA
GetClassNameA
SendDlgItemMessageA
GetDlgItem
SetFocus
EnableWindow
EndDialog

advapi32

RegQueryValueExA
RegCloseKey
RegOpenKeyExA

Exports

Exports

WlxActivateUserShell
WlxDisconnectNotify
WlxDisplayLockedNotice
WlxDisplaySASNotice
WlxDisplayStatusMessage
WlxGetConsoleSwitchCredentials
WlxGetStatusMessage
WlxInitialize
WlxIsLockOk
WlxIsLogoffOk
WlxLoggedOnSAS
WlxLoggedOutSAS
WlxLogoff
WlxNegotiate
WlxNetworkProviderLoad
WlxReconnectNotify
WlxRemoveStatusMessage
WlxScreenSaverNotify
WlxShutdown
WlxWkstaLockedSAS

Sections

.text
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 35KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
rs_api.chm
.chm
rs_api.dll
.dll regsvr32 windows:5 windows x86 arch:x86

6b98329def1184ddce407810ac966c33

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

InterlockedDecrement
lstrlenA
lstrcmpiA
GetModuleFileNameA
GetProcAddress
GetModuleHandleW
IsDBCSLeadByte
FreeLibrary
SizeofResource
LoadResource
FindResourceA
LoadLibraryExA
GetModuleHandleA
GetPrivateProfileStringA
CloseHandle
CreateProcessA
InterlockedIncrement
GlobalDeleteAtom
GlobalGetAtomNameA
GlobalAddAtomA
GetVersion
GetFileAttributesA
lstrcatA
GetLocaleInfoA
lstrlenW
GetLastError
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
RaiseException
WideCharToMultiByte
lstrcpyA
MultiByteToWideChar
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
LoadLibraryA
InitializeCriticalSectionAndSpinCount
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
HeapAlloc
HeapFree
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
GetCurrentThreadId
GetCommandLineA
VirtualFree
HeapReAlloc
HeapCreate
HeapDestroy
Sleep
ExitProcess
WriteFile
GetStdHandle
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlUnwind
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
HeapSize
SetHandleCount

user32

FindWindowA
CharNextW
SendMessageTimeoutA
PostMessageA
wsprintfA
CharNextA
IsWindow
GetWindowThreadProcessId

advapi32

RegEnumKeyExA
RegQueryInfoKeyA
RegSetValueExA
RegCreateKeyExA
RegDeleteValueA
RegOpenKeyExA
RegCloseKey
RegDeleteKeyA
RegQueryValueExA

ole32

CoCreateInstance
CoTaskMemFree
StringFromCLSID
CoTaskMemAlloc
CoTaskMemRealloc
StringFromGUID2

shlwapi

PathFindFileNameA
PathAppendA
PathAddBackslashA
SHDeleteKeyA

oleaut32

VarUI4FromStr
RegisterTypeLi
UnRegisterTypeLi
SysAllocString
SysFreeString
SysStringLen
LoadTypeLi

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 51KB - Virtual size: 50KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
rshell.exe
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 141KB - Virtual size: 304KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 32KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 25KB - Virtual size: 2.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 125KB - Virtual size: 704KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 631KB - Virtual size: 632KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
rsinternal.exe
.exe windows:5 windows x86 arch:x86

16f6f5e776ac4149f5d0050469eec512

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetVersion
SetSystemPowerState
CreateFileA
LCMapStringW
LCMapStringA
GetStringTypeW
MultiByteToWideChar
GetStringTypeA
lstrcmpiA
GetCurrentProcess
CloseHandle
GetModuleHandleW
Sleep
GetProcAddress
ExitProcess
GetCommandLineA
GetStartupInfoA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
GetLastError
InterlockedDecrement
WriteFile
GetStdHandle
GetModuleFileNameA
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
LoadLibraryA
InitializeCriticalSectionAndSpinCount
RtlUnwind
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
SetHandleCount
GetFileType
HeapCreate
VirtualFree
HeapFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
HeapSize
GetLocaleInfoA
HeapAlloc
VirtualAlloc
HeapReAlloc

user32

ExitWindowsEx

ole32

CoSetProxyBlanket
CoInitializeSecurity
CoCreateInstance
CoInitializeEx

oleaut32

VariantClear

advapi32

LookupPrivilegeValueA
AdjustTokenPrivileges
OpenProcessToken

Sections

.text
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 712B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
rsrules.dll
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

ShowRules

Sections

CODE
Size: 403KB - Virtual size: 402KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 3KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 72B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 29KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
rsrules.exe
.exe windows:5 windows x86 arch:x86

c939c7dd2ac2563a8871ac7f5c8579da

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetVersion
FreeLibrary
LoadLibraryA
GetLastError
CreateMutexA
GetModuleHandleA
LCMapStringW
LCMapStringA
GetProcAddress
GetModuleHandleW
Sleep
ExitProcess
GetCommandLineA
GetStartupInfoA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
WriteFile
GetStdHandle
GetModuleFileNameA
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
InitializeCriticalSectionAndSpinCount
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
SetHandleCount
GetFileType
HeapCreate
VirtualFree
HeapFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
HeapSize
RtlUnwind
GetLocaleInfoA
HeapAlloc
VirtualAlloc
HeapReAlloc
GetStringTypeA
MultiByteToWideChar
GetStringTypeW

user32

FindWindowA

ole32

OleUninitialize
OleInitialize

comctl32

ord17

Sections

.text
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 760B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
rssemaphore.exe
.exe windows:5 windows x86 arch:x86

31f1128040f926611191a697b3672dc6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleHandleA
GetVersion
ExitProcess
SetProcessShutdownParameters
GetProcAddress

user32

DefWindowProcA
UnregisterClassA
DestroyWindow
DispatchMessageA
GetMessageA
CreateWindowExA
RegisterClassA
FindWindowA

Sections

.text
Size: 512B - Virtual size: 271B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 502B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
rsspoolcleaner.exe
.exe windows:5 windows x86 arch:x86

4a2ce2e4fea903428850a6db8bd7f63d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcessHeap
HeapFree
ExitProcess
HeapAlloc

winspool.drv

SetJobA
EnumJobsA
ClosePrinter
OpenPrinterA
EnumPrintersA

Sections

.text
Size: 512B - Virtual size: 374B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 302B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
settings.dll
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

MouseSetup
RSSendMail
ShowMasterDialog
ShowSaverWindow
ShowSettings

Sections

CODE
Size: 686KB - Virtual size: 685KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 171B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 49KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 304KB - Virtual size: 304KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
tempdrv.exe
.exe windows:5 windows x86 arch:x86

cf621f0af82ae5f4161211b4ebcc4db8

Code Sign

4f:63:d0:30:f8:15:a3:a5:b3:44:69:40:06:3d:16:89
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

17/05/2005, 00:00

Not After

16/05/2010, 23:59

Subject

CN=Comodo Time Stamping Signer,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

44:be:0c:8b:50:00:24:b4:11:d3:36:2d:e0:b3:5f:1b
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

09/07/1999, 18:31

Not After

09/07/2019, 18:40

Subject

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

7a:19:cb:18:17:18:6f:5d:e0:8f:c8:5e:b6:f3:b1:44
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

07/10/2009, 00:00

Not After

07/10/2010, 23:59

Subject

CN=NodaSoft,O=NodaSoft,POSTALCODE=121471,STREET=Mozhaiskoe shosse 29/2\, build 1,L=Moscow,ST=Moscow,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetVersion
GetModuleHandleA
GetCurrentProcess
TerminateProcess
SetUnhandledExceptionFilter
GetCommandLineA
ExitProcess
GetSystemDirectoryA
lstrcatA
DeleteFileA
IsDebuggerPresent
GetLastError
WriteFile
CloseHandle
UnhandledExceptionFilter
CreateFileA

user32

LoadIconA
SetClassLongA
EndDialog
GetDlgItem
EnableWindow
UpdateWindow
LoadCursorA
SetCursor
MessageBoxA
DialogBoxParamA

shlwapi

StrStrIA
PathAddBackslashA

shell32

ord680

advapi32

CloseServiceHandle
OpenSCManagerA
DeleteService
OpenServiceA
StartServiceA
ControlService
CreateServiceA

comctl32

ord17

Sections

.text
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
tm.exe
.exe windows:5 windows x86 arch:x86

46ab049bfa67a99e386781d08f9f7bb4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FindNextFileA
lstrcmpA
FindFirstFileA
lstrcatA
MultiByteToWideChar
GetVersion
Process32Next
lstrlenA
lstrcmpiA
GetCurrentProcessId
Process32First
WaitForSingleObject
CreateToolhelp32Snapshot
LoadLibraryA
GetLastError
CreateMutexA
GetCommandLineA
LCMapStringW
LCMapStringA
GetStringTypeW
GetStringTypeA
FindClose
HeapReAlloc
VirtualAlloc
HeapAlloc
GetLocaleInfoA
RtlUnwind
HeapSize
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
GetSystemTimeAsFileTime
GetTickCount
QueryPerformanceCounter
HeapFree
VirtualFree
HeapCreate
GetFileType
SetHandleCount
GetEnvironmentStringsW
WideCharToMultiByte
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
InitializeCriticalSectionAndSpinCount
GetModuleHandleA
GetProcAddress
lstrcpyA
OpenProcess
TerminateProcess
CloseHandle
GetModuleHandleW
Sleep
ExitProcess
GetStartupInfoA
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
WriteFile
GetStdHandle
GetModuleFileNameA
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection

user32

GetWindowThreadProcessId
ShowWindowAsync
IsIconic
wsprintfA
SetForegroundWindow
DialogBoxParamA
FindWindowA
GetDlgItem
LoadIconA
SetClassLongA
SetDlgItemTextA
SetWindowTextA
SetFocus
SetTimer
EndDialog
MessageBoxA
EnableWindow
UpdateWindow
SendMessageA
GetWindowTextA
EnumWindows
IsWindow
GetWindowLongA
GetWindow
GetParent

shlwapi

PathAddBackslashA
StrCmpNIA
StrStrA
PathFindFileNameA

shell32

SHGetPathFromIDListA
SHGetSpecialFolderLocation
SHGetMalloc

ole32

CoUninitialize
CoInitialize
CoCreateInstance

advapi32

RegEnumValueA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey

comctl32

ord17

rp_shared

GetLangStr

Sections

.text
Size: 29KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
updatechk.exe
.exe windows:5 windows x86 arch:x86

932e6b3ad6b2e0db0a565bd713fda78f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

user32

FindWindowA
PostMessageA

wininet

InternetReadFile
InternetOpenA
InternetCloseHandle
InternetOpenUrlA

shlwapi

StrToIntA

kernel32

QueryPerformanceCounter
GetCommandLineA
GetStartupInfoA
SetUnhandledExceptionFilter
GetModuleHandleW
Sleep
GetProcAddress
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetLastError
GetEnvironmentStringsW
SetHandleCount
GetFileType
DeleteCriticalSection
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
HeapCreate
VirtualFree
HeapFree
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
LeaveCriticalSection
EnterCriticalSection
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
IsDebuggerPresent
LoadLibraryA
InitializeCriticalSectionAndSpinCount
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
HeapAlloc
VirtualAlloc
HeapReAlloc
RtlUnwind
HeapSize
GetLocaleInfoA
LCMapStringA
MultiByteToWideChar
LCMapStringW
GetStringTypeA
GetStringTypeW

Sections

.text
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
updater.exe
.exe windows:5 windows x86 arch:x86

54d2be848d3a28bf386b7271b13e06ca

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrcatA
lstrcpyA
WaitForSingleObject
CreateProcessA
GetModuleHandleA
LCMapStringW
LCMapStringA
GetStringTypeW
CopyFileA
GetStringTypeA
GetTickCount
HeapReAlloc
VirtualAlloc
HeapAlloc
GetLocaleInfoA
RtlUnwind
HeapSize
DeleteFileA
GetFileAttributesA
GetCurrentProcess
GetVersion
CreateEventA
MultiByteToWideChar
SetEvent
IsValidCodePage
GetOEMCP
GetACP
lstrcmpA
Sleep
GetCurrentThreadId
GetModuleHandleW
GetProcAddress
ExitProcess
GetCommandLineA
GetStartupInfoA
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetLastError
InterlockedDecrement
WriteFile
GetStdHandle
GetModuleFileNameA
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
LoadLibraryA
InitializeCriticalSectionAndSpinCount
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
SetHandleCount
GetFileType
HeapCreate
VirtualFree
HeapFree
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetCPInfo

user32

wsprintfA
ExitWindowsEx
OpenInputDesktop
CloseDesktop
GetThreadDesktop
GetUserObjectInformationA
DestroyWindow
LoadCursorA
GetSystemMetrics
CreateWindowExA
ShowWindow
UpdateWindow
DefWindowProcA
BeginPaint
EndPaint
UnregisterClassA
GetClientRect
DrawTextA
RegisterClassA

gdi32

CreateFontA
SelectObject
SetBkMode
SetTextColor
DeleteObject
GetStockObject

shlwapi

PathAppendA
PathAddBackslashA

advapi32

LookupPrivilegeValueA
AdjustTokenPrivileges
OpenProcessToken

Sections

.text
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 704B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
vstwain.dll
.dll regsvr32 windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: - Virtual size: 256KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 108KB - Virtual size: 112KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 31KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
wb.dll
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

ShowBrowser

Sections

CODE
Size: 615KB - Virtual size: 614KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 3KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 69B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 42KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 280KB - Virtual size: 280KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
wb.exe
.exe windows:5 windows x86 arch:x86

85f5a7a9a3072cf5546849c0568e3d34

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

WriteFile
lstrcmpA
GetTickCount
SetFilePointer
DeleteFileA
CloseHandle
GetFileSize
CreateFileA
CreateDirectoryA
GetTempPathA
lstrcatA
lstrcpynA
SetThreadPriority
CreateThread
HeapFree
GetProcessHeap
GetCurrentThreadId
HeapAlloc
GetVersionExA
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
GetLastError
CreateProcessW
SetLastError
FreeLibrary
GetProcAddress
LoadLibraryA
GetModuleFileNameA
GetModuleHandleA
WideCharToMultiByte
Sleep
FlushFileBuffers
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
MultiByteToWideChar
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
HeapReAlloc
VirtualAlloc
GetLocaleInfoA
RtlUnwind
HeapSize
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
GetConsoleMode
GetConsoleCP
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
VirtualFree
CopyFileA
GlobalAddAtomA
GetDriveTypeA
GetFileAttributesA
lstrcpyA
lstrcmpiA
HeapCreate
GetFileType
lstrlenA
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
InitializeCriticalSectionAndSpinCount
GetStdHandle
InterlockedDecrement
InterlockedIncrement
TlsFree
TlsSetValue
GetModuleHandleW
ExitProcess
GetCommandLineA
GetStartupInfoA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
TlsGetValue
TlsAlloc

user32

SetWindowTextA
DialogBoxParamA
GetPropA
EnumWindows
PostMessageA
CharUpperA
FindWindowA
EnableWindow
RemovePropA
SetClassLongA
EndDialog
MessageBoxA
GetDlgItem
SendMessageA
LoadIconA
wsprintfA
SetFocus
SetDlgItemTextA
RegisterWindowMessageA
PostThreadMessageA
SetPropA

shlwapi

PathAddBackslashA
PathFindExtensionA
PathRemoveBlanksA
StrChrA
UrlUnescapeA
PathFindFileNameA
StrStrA
UrlGetPartA
StrStrIW
PathRemoveExtensionA
StrCmpNIA

advapi32

RegCreateKeyExA
RegSetValueExA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey

ole32

OleUninitialize
CoGetClassObject
OleInitialize

comctl32

ord17

wininet

HttpQueryInfoA
InternetOpenA
InternetOpenUrlA
InternetCloseHandle
InternetSetFilePointer
InternetReadFile

rp_shared

IsDriveTrueRemovableS
RPOpenSaveDialog
UnhackAPIFunction
HackAPIFunction
UnhackCreateProcess
HackCreateProcessA
GetLangStr

Sections

.text
Size: 57KB - Virtual size: 56KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 94KB - Virtual size: 94KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

160b44cb685df0673e4f9626f8c25e39

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

comctl32

Sections

.text Size: 1KB - Virtual size: 1KB

.rdata Size: 2KB - Virtual size: 1KB

.data Size: 512B - Virtual size: 1024B

.rsrc Size: 27KB - Virtual size: 27KB

a4040eebe561bf9309698677695c458f

Headers

File Characteristics

Imports

kernel32

user32

wbtapi

msvcrt

advapi32

version

ws2_32

Exports

Exports

Sections

.text Size: 56KB - Virtual size: 53KB

.rdata Size: 8KB - Virtual size: 6KB

.data Size: 12KB - Virtual size: 280KB

.reloc Size: 16KB - Virtual size: 14KB

9c79eb4774ea530e86d380439b58f5a1

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shlwapi

ole32

oleaut32

comctl32

Sections

.text Size: 125KB - Virtual size: 124KB

.rdata Size: 22KB - Virtual size: 21KB

.data Size: 8KB - Virtual size: 15KB

.rsrc Size: 38KB - Virtual size: 37KB

68e4fb32241a0019fb89f1303d3e4446

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shlwapi

ole32

oleaut32

comctl32

rp_shared

Sections

.text Size: 92KB - Virtual size: 92KB

.rdata Size: 23KB - Virtual size: 23KB

.data Size: 9KB - Virtual size: 16KB

.rsrc Size: 1024B - Virtual size: 760B

Headers

File Characteristics

Sections

CODE Size: 357KB - Virtual size: 356KB

DATA Size: 5KB - Virtual size: 4KB

BSS Size: - Virtual size: 2KB

.text
Size: 1KB - Virtual size: 1KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 512B - Virtual size: 1024B

.rsrc
Size: 27KB - Virtual size: 27KB

.text
Size: 56KB - Virtual size: 53KB

.rdata
Size: 8KB - Virtual size: 6KB

.data
Size: 12KB - Virtual size: 280KB

.reloc
Size: 16KB - Virtual size: 14KB

.text
Size: 125KB - Virtual size: 124KB

.rdata
Size: 22KB - Virtual size: 21KB

.data
Size: 8KB - Virtual size: 15KB

.rsrc
Size: 38KB - Virtual size: 37KB

.text
Size: 92KB - Virtual size: 92KB

.rdata
Size: 23KB - Virtual size: 23KB

.data
Size: 9KB - Virtual size: 16KB

.rsrc
Size: 1024B - Virtual size: 760B

CODE
Size: 357KB - Virtual size: 356KB

DATA
Size: 5KB - Virtual size: 4KB

BSS
Size: - Virtual size: 2KB

.idata
Size: 8KB - Virtual size: 8KB

.tls
Size: - Virtual size: 16B

.rdata
Size: 512B - Virtual size: 24B

.reloc
Size: 26KB - Virtual size: 26KB

.rsrc
Size: 45KB - Virtual size: 45KB

CODE
Size: 606KB - Virtual size: 606KB

DATA
Size: 8KB - Virtual size: 8KB

BSS
Size: - Virtual size: 3KB

.idata
Size: 9KB - Virtual size: 9KB

.tls
Size: - Virtual size: 16B

.rdata
Size: 512B - Virtual size: 24B

.reloc
Size: 46KB - Virtual size: 45KB

.rsrc
Size: 255KB - Virtual size: 255KB

.text
Size: 512B - Virtual size: 38B

.rdata
Size: 512B - Virtual size: 146B

.data
Size: 512B - Virtual size: 100B

.rsrc
Size: 22KB - Virtual size: 22KB

.text
Size: 45KB - Virtual size: 44KB

.rdata
Size: 11KB - Virtual size: 10KB

.data
Size: 4KB - Virtual size: 32KB

.reloc
Size: 6KB - Virtual size: 5KB

CODE
Size: 473KB - Virtual size: 473KB

DATA
Size: 5KB - Virtual size: 5KB

BSS
Size: - Virtual size: 3KB

.idata
Size: 9KB - Virtual size: 9KB

.tls
Size: - Virtual size: 16B

.rdata
Size: 512B - Virtual size: 24B

.reloc
Size: 35KB - Virtual size: 35KB

.rsrc
Size: 97KB - Virtual size: 97KB

.text
Size: 72KB - Virtual size: 70KB

.data
Size: 4KB - Virtual size: 3KB