fd467ed77f83283caf0c971e108c28fd_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

fd467ed77f83283caf0c971e108c28fd_JaffaCakes118
Size

2.4MB
MD5

fd467ed77f83283caf0c971e108c28fd
SHA1

88bda05eec93affc4e1dd2195d4f2c802b72777f
SHA256

36a6bd14c468207bad218c223b40c0ee6c4120a529f96bfd9c8c868d235ee85e
SHA512

cf566edfcb4a92ab2e20aec1a525ce0466850df4d09b625d688f592e9777ff89ee3d4d7214536ef355cf3a90f70853e37ab022d93c0572a9bd6136da40a4fcb0
SSDEEP

49152:7nO2w4q0WVtx2LeFKSFmDNAdlHk1JFjcXLFFl0c9sGNZebsgC/:idndx1FKSqAbk5AxrT9scysR

Score

3^/10

Malware Config

Signatures

Unsigned PE 12 IoCs

Checks for missing Authenticode signature.

resource
fd467ed77f83283caf0c971e108c28fd_JaffaCakes118
unpack001/$PLUGINSDIR/InstallOptions.dll
unpack001/$PLUGINSDIR/StartMenu.dll
unpack001/Config.dll
unpack001/config/KbdProcs.dll
unpack001/config/SubSystems.dll
unpack001/config/fdsubst.dll
unpack001/config/system/ClipboardHistory.exe
unpack001/config/system/StructureUpdater.exe
unpack001/config/system/xml2tls/xml2tls.exe
unpack001/config/telepat.dll
unpack001/telepat.icl

NSIS installer 1 IoCs

installer

resource	yara_rule
sample	nsis_installer_1

Files

fd467ed77f83283caf0c971e108c28fd_JaffaCakes118
.exe windows:4 windows x86 arch:x86

9632e80596371cfa7f563f680f3c4498

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

comctl32

ImageList_AddMasked
ord17
ImageList_Destroy
ImageList_Create

kernel32

SetErrorMode
GetExitCodeProcess
WaitForSingleObject
ExpandEnvironmentStringsA
GetEnvironmentVariableA
lstrcmpiA
FindNextFileA
DeleteFileA
FindFirstFileA
SetFileTime
GetFileAttributesA
CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
lstrcatA
SetCurrentDirectoryA
CreateDirectoryA
SetFileAttributesA
CreateFileA
GetFileSize
GetModuleFileNameA
GetTickCount
GetModuleHandleA
ExitProcess
lstrcpynA
GetCommandLineA
GetWindowsDirectoryA
GetTempPathA
GetUserDefaultLangID
GetDiskFreeSpaceA
GetVersion
GlobalUnlock
GlobalLock
GlobalAlloc
CreateProcessA
RemoveDirectoryA
GetTempFileNameA
SetEndOfFile
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
lstrcpyA
lstrlenA
GetSystemDirectoryA
EnterCriticalSection
Sleep
LeaveCriticalSection
InitializeCriticalSection
CloseHandle
GlobalFree
LoadLibraryA
GetProcAddress
CreateThread
FreeLibrary
MultiByteToWideChar
GetCurrentProcess
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
SetFilePointer
FindClose
MulDiv
CopyFileA

user32

CharNextA
DialogBoxParamA
GetClassInfoA
CreateWindowExA
SystemParametersInfoA
RegisterClassA
EndDialog
ScreenToClient
GetWindowRect
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
LoadCursorA
SetCursor
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxA
CharPrevA
CreateDialogParamA
DestroyWindow
SetTimer
SetWindowTextA
SetForegroundWindow
ShowWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
PeekMessageA
DispatchMessageA
ExitWindowsEx
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
PostQuitMessage

gdi32

GetDeviceCaps
CreateFontIndirectA
DeleteObject
CreateBrushIndirect
CreateFontA
SetBkMode
SetTextColor
SetBkColor
SelectObject

advapi32

RegEnumValueA
RegEnumKeyA
RegQueryValueExA
RegSetValueExA
RegDeleteKeyA
RegOpenKeyExA
RegDeleteValueA
RegCreateKeyA
RegCloseKey

shell32

ShellExecuteA
SHBrowseForFolderA
SHGetPathFromIDListA
SHGetMalloc
SHGetSpecialFolderLocation
SHFileOperationA

ole32

OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 36KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 18KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/InstallOptions.dll
.dll windows:4 windows x86 arch:x86

3764e6c387ce3c76b39936a24d523dce

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetPrivateProfileIntA
MultiByteToWideChar
GetPrivateProfileStringA
MulDiv
lstrcmpiA
lstrcatA
lstrcpynA
WritePrivateProfileStringA
lstrlenA
lstrcpyA
GlobalFree
GetModuleHandleA
GlobalAlloc

user32

PtInRect
MapWindowPoints
GetDlgCtrlID
LoadIconA
LoadImageA
LoadCursorA
CreateWindowExA
GetDC
SetWindowPos
GetWindowRect
CreateDialogParamA
ShowWindow
GetDlgItem
DestroyIcon
DestroyWindow
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
SetCursor
DrawTextA
GetWindowLongA
DrawFocusRect
CallWindowProcA
PostMessageA
MessageBoxA
EnableWindow
SendMessageA
SetWindowTextA
GetWindowTextA
wsprintfA
CharNextA
SetWindowLongA

gdi32

SetTextColor
CreateCompatibleDC
SelectObject
GetTextMetricsA
GetTextExtentPoint32A
DeleteDC
DeleteObject

comdlg32

GetOpenFileNameA
CommDlgExtendedError
GetSaveFileNameA

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetDesktopFolder
SHGetMalloc
ShellExecuteA

Exports

Exports

dialog
initDialog
show

Sections

.text
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 924B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/StartMenu.dll
.dll windows:4 windows x86 arch:x86

aebc3107701149edfc563b8db7a789fd

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrcpynA
GlobalAlloc
MulDiv
GetModuleHandleA
GlobalFree
FindClose
FindNextFileA
FindFirstFileA
lstrcmpiA
lstrcatA
lstrcpyA

user32

GetDlgItem
PostMessageA
CallWindowProcA
CreateDialogParamA
CheckDlgButton
ShowWindow
LoadIconA
GetClientRect
MoveWindow
ScreenToClient
GetWindowRect
ReleaseDC
GetDC
EnableWindow
SetWindowTextA
SendMessageA
GetWindowTextA
IsDlgButtonChecked
SetWindowLongA
IsDialogMessageA
GetMessageA
TranslateMessage
DispatchMessageA
DestroyWindow
GetWindowLongA

gdi32

GetTextMetricsA
SelectObject

shell32

SHGetMalloc
SHGetSpecialFolderLocation
SHGetPathFromIDListA

Exports

Exports

Select

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 296B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 444B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/ioSpecial.ini
$PLUGINSDIR/modern-wizard.bmp
Config.dll
.dll windows:4 windows x86 arch:x86

17773dcb492ff41912dcb7da71e87b0f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

version

VerQueryValueA
GetFileVersionInfoSizeA
VerLanguageNameA
GetFileVersionInfoA

bkend

?GetBkEndUI@@YAPAVCBkEndUI@@XZ
?GetID@CMetaDataObj@@QBEJXZ
?GetCalcVarDef@CMetaDataCont@@QBEPAVCCalcVarDef@@PBD@Z
?GetMetaData@@YAPAVCMetaDataCont@@XZ
?GetTypeCode@CType@@QBEHXZ
?SetTypeCode@CType@@QAEXH@Z
?GetCode@CMetaDataObj@@QBEPBDXZ
?FindObject@CMetaDataCont@@QBEPAVCMetaDataObj@@J@Z
?GetTypeID@CType@@QBEJXZ
?GetTypeTitle@CType@@QAE?AVCString@@XZ
?GetCTypeCode@CType@@QBEDXZ
?SetTypeID@CType@@QAEXJ@Z
?GetLength@CType@@QBEHXZ
?SetFormat@CType@@QAEXHH@Z
?GetPrecision@CType@@QBEHXZ
?IsPositiveOnly@CType@@QBEHXZ
?SetPositiveOnly@CType@@QAEXH@Z
?IsNumSeparated@CType@@QBEHXZ
?SetNumSeparated@CType@@QAEXH@Z
?GetDefaultLanguage@CTaskDef@@QBEHXZ
?SetDefaultLanguage@CTaskDef@@QAEXH@Z
?GetEnableImmediateDelete@CTaskDef@@QBEHXZ
?SetEnableImmediateDelete@CTaskDef@@QAEXH@Z
?GetUseBuchRounding@CTaskDef@@QBEHXZ
?SetUseBuchRounding@CTaskDef@@QAEXH@Z
?GetNConstDefs@CMetaDataCont@@QBEHXZ
?AddConstDef@CMetaDataCont@@QAEHPAVCConstDef@@@Z
??1CType@@QAE@XZ
??0CConstDef@@QAE@JPBD0HABVCType@@@Z
?GetNewID@CMetaDataCont@@QAEJXZ
??0CType@@QAE@H@Z
?GetConstDef@CMetaDataCont@@QBEPAVCConstDef@@PBD@Z
?ValidateCode@CMetaDataObj@@SAHPBDH@Z
?DelConstDef@CMetaDataCont@@QAEXPAVCConstDef@@H@Z
?GetConstDefAt@CMetaDataCont@@QBEPAVCConstDef@@H@Z
?SetDateDep@CConstDef@@QAEXH@Z
?GetNValDefs@CEnumDef@@QBEHXZ
?AddValDef@CEnumDef@@QAEHPAVCEnumValDef@@@Z
??0CEnumValDef@@QAE@JPBD0@Z
?GetValDef@CEnumDef@@QBEPAVCEnumValDef@@PBD@Z
?DelValDef@CEnumDef@@QAEXPAVCEnumValDef@@H@Z
?GetValDefAt@CEnumDef@@QBEPAVCEnumValDef@@H@Z
?GetNEnumDefs@CMetaDataCont@@QBEHXZ
?DelEnumDef@CMetaDataCont@@QAEXPAVCEnumDef@@H@Z
?TestRefers@CMetaDataCont@@QBEHJAAV?$CArray@PAVCMetaDataObj@@PAV1@@@@Z
?AddEnumDef@CMetaDataCont@@QAEHPAVCEnumDef@@@Z
??0CEnumDef@@QAE@JPBD0@Z
??0CBkEndUI@@QAE@XZ
?GetEnumDefAt@CMetaDataCont@@QBEPAVCEnumDef@@H@Z
?GetTitle@CEnumValDef@@QBEPBDXZ
?SetTitle@CEnumValDef@@QAEXPBD@Z
?GetNItems@CMetaDataObjArray@@QBEHXZ
??1CValue@@UAE@XZ
?GetFullName@CMetaDataCont@@QBEPBDJPAJH@Z
?GetString@CMetaDataRef@@QBE?AVCString@@XZ
?GetRefDefAt@CMetaDataRefObj@@QBEPAVCMetaDataRef@@H@Z
?GetNRefDefs@CMetaDataRefObj@@QBEHXZ
?GetString@CValue@@QBEABVCString@@XZ
??0CValue@@QAE@XZ
?SetCode@CMetaDataObj@@QAEXPBD@Z
?GetPresent@CMetaDataObj@@QBEPBDXZ
?SetPresent@CMetaDataObj@@QAEXPBD@Z
?GetDescr@CMetaDataObj@@QBEPBDXZ
?SetDescr@CMetaDataObj@@QAEXPBD@Z
?GetAt@CMetaDataObjArray@@QBEPAVCMetaDataObj@@H@Z
??0CType@@QAE@ABV0@@Z
?GetType@CMetaDataTypedObj@@QBEABVCType@@XZ
?SetType@CMetaDataTypedObj@@QAEXABVCType@@@Z
??9CType@@QBEHABV0@@Z
?IsValid@CType@@QAEHXZ
?GetItem@CMetaDataObjArray@@QBEPAVCMetaDataObj@@PBD@Z
?GetRuler@CMetaDataObjDistr@@QBEHXZ
?SetRuler@CMetaDataObjDistr@@QAEXH@Z
?IsAutoRegister@CMetaDataObjDistr@@QBEHXZ
?SetAutoRegister@CMetaDataObjDistr@@QAEXH@Z
?GetAdditDBSigns@CMetaDataObjDistr@@QBEPBDXZ
?SetAdditDBSigns@CMetaDataObjDistr@@QAEXPBD@Z
?GetAdditDBSigns@CMetaDataObjDistr@@QBEXAAVCString@@@Z
?GetTaskDef@CMetaDataCont@@QBEPAVCTaskDef@@XZ
?DescribeMDCont@CMetaDataCont@@QAEXAAVCString@@@Z
?GetLongCopyright@CMetaDataCont@@QAEPBDXZ
?GetShortCopyright@CMetaDataCont@@QAEPBDXZ
?SaveData@CMetaDataCont@@QBEHPBD@Z
?DoMessageBox@CBkEndUI@@UAEHPBDII@Z
?TestRefersForOne@CMetaDataCont@@QBEXJAAV?$CArray@PAVCMetaDataObj@@PAV1@@@@Z
?GetProvFormDefsArray@CBuhDef@@QAEPAVCFormDefsArray@@XZ
?GetOperJournalDef@CBuhDef@@QAEPAVCOperJournalDef@@XZ
?GetAccFormDefsArray@CBuhDef@@QAEPAVCFormDefsArray@@XZ
?GetBuhDef@CMetaDataCont@@QBEPAVCBuhDef@@XZ
?GetFormDefsArray@CCJDef@@QAEPAVCFormDefsArray@@XZ
?GetCJDef@CMetaDataCont@@QBEPAVCCJDef@@PBD@Z
?GetFormDefsArray@CJournalDef@@QAEPAVCFormDefsArray@@XZ
?GetJournalDef@CMetaDataCont@@QBEPAVCJournalDef@@PBD@Z
?GetAlgorithmDef@CMetaDataCont@@QBEPAVCAlgorithmDef@@PBD@Z
?GetReportDef@CMetaDataCont@@QBEPAVCReportDef@@PBD@Z
?GetDocDef@CMetaDataCont@@QBEPAVCDocDef@@PBD@Z
?GetFormDefsArray@CSbCntTypeDef@@QAEPAVCFormDefsArray@@XZ
?GetSTypeDef@CMetaDataCont@@QBEPAVCSbCntTypeDef@@PBD@Z
?GetMetaDataArray@CFormDefsArray@@QAEPAVCMetaDataObjArray@@XZ
??4CType@@QAEAAV0@ABV0@@Z
?DoMessageBox@CBkEndUI@@UAEHIII@Z
?DoStatusLine@CBkEndUI@@UAEXPBD@Z
?GetStatusLine@CBkEndUI@@UBE?AVCString@@XZ
?GetEnumDef@CMetaDataCont@@QBEPAVCEnumDef@@PBD@Z
?GetMetaDataObjDistr@CMetaDataCont@@QAEPAVCMetaDataObjDistr@@J@Z

editr

?MoveLayer@CEditDoc@@QAEXHH@Z
?IsLayerVisible@CEditDoc@@QAEHPBD@Z
?ValidateCodeName@CEditDoc@@QAEHPBDPAVCCtrlHolder@@@Z
?SetActiveLayer@CEditDoc@@QAEXH@Z
?GetActiveLayer@CEditDoc@@QAEHXZ
?GetLayerState@CEditDoc@@QAEHH@Z
?AddLayer@CEditDoc@@QAEXPBDH@Z
?ClearList@CEditDoc@@QAEXXZ
?GetLayersCount@CEditDoc@@QAEHXZ
?DeleteLayer@CEditDoc@@QAEXHPBD@Z
?InitFromArchive@CEditDoc@@IAEHAAVCArchive@@@Z
?GetLayer@CEditDoc@@QAE?AVCString@@H@Z
?SetLayer@CEditDoc@@QAEXHPBDH@Z
?FindLayer@CEditDoc@@QAEHPBD@Z

frame

?GetStringProp@CProfile7@@QBEABVCString@@H@Z
?DefineDefaultToolBar@SECToolBarManager@@QAEXIPBDIPAIKIIHH@Z
?AddTempString@CMenu7@@SAXJVCString@@H@Z
?AddTab@SECTabWndBase@@UAEPAVSECTab@@PAUCRuntimeClass@@PBDPAUCCreateContext@@I@Z
?DefineBtnGroup@SECToolBarCmdPage@@QAEXPBDHPAI@Z
?SetTabIcon@SECTabWndBase@@UAEXHPAUHICON__@@@Z
?GetSECManager@CTBManager@@SAPAVSECToolBarManager@@XZ
?SetStringProp@CProfile7@@QAEXHPBD@Z
?GetDocumentTemplateID@CTemplate7@@SAIPAVCDocument@@@Z
??0CTemplate7@@QAE@IPAUCRuntimeClass@@00@Z
?GetToolBarManager@@YAPAVCTBManager@@XZ
?DeletePage@CContainer@@QAEXH@Z
?RenamePage@CContainer@@QAEXHPBD@Z
?GetPagePos@CContainer@@QBEHPBD@Z
?Copy@CPictureHolder7@@QAEAAV1@ABV1@@Z
?GetTabCount@SECTabWndBase@@QAEHXZ
?ShowControlBar@SECMDIFrameWnd@@QAEXPAVCControlBar@@HH@Z
?IsMDIChild@SECControlBar@@QBEHXZ
?GetTabInfo@SECTabWndBase@@QAEHHAAPBDAAHAAPAVCWnd@@AAPAX@Z
?GetActiveTab@SECTabWndBase@@QAEHAAH@Z
?ActivateTab@SECTabWndBase@@UAEXH@Z
?Show@CPropertyBox@@QAEXH@Z
?GetPropertyBox@CPropertyBox@@SAPAV1@XZ
?GetPagePos@CContainer@@QBEHPBVCDocument@@@Z
?GetPagePathName@CContainer@@IBE?AVCString@@H@Z
?CreateEmpty@CPictureHolder7@@QAEHXZ
??1CPictureHolder7@@UAE@XZ

moxel

?SaveAs@CSheetDoc@@QAEHPBDW4CSheetSaveAsType@@@Z

seven

?UpdateMoxelHook@CWorkBookDoc@@QAEXXZ
?AddPage@CWorkBookDoc@@QAEPAVCDocument@@IPBD@Z
?GetActiveDocument@CWorkBookDoc@@QAEPAVCDocument@@XZ
?DoFileSaveToPath@CConfigCont@@QAEHPBDH@Z
?ID2Position@CGalleryHolder@@QAEHK@Z
?GetPicture@CGalleryHolder@@QAE?AVCPictureHolder7@@K@Z
?GetTablesName@CWorkBookDoc@@QAEHAAVCStringArray@@@Z
?GetDEditDocument@CWorkBookDoc@@QAEPAVCDocument@@XZ
?GetTextDocument@CWorkBookDoc@@QAEPAVCDocument@@XZ
?FindDocument@CWorkBookDoc@@QAEPAVCDocument@@PBDPAH@Z
?PathToDocument@CConfigCont@@SAPAVCDocument@@ABVCString@@@Z
?DocumentToPath@CConfigCont@@SAXPAVCDocument@@AAVCString@@@Z
?GetTablesName@CTypedCont@@QAEHAAVCStringArray@@@Z
?SwitchToPage@CWorkBookDoc@@QAEHH@Z
?ShowDocument@CModuleCont@@QAEXPBD@Z
?DocumentToID@CConfigCont@@SAJPAVCDocument@@AAVCString@@@Z
?GetModuleFullName@@YA?AVCString@@JPBDHPAVCMetaDataCont@@@Z
?IDToTextModule@CConfigCont@@SAHJPBDAAVCString@@PAPAVCModuleCont@@H@Z
?GetTextDocument@CModuleCont@@QAEPAVCDocument@@XZ
?GetAllTypedItem@CConfigCont@@SAXP6AHAAVCString@@JJW4PageType@@@ZJ1H@Z
?StartNewProcess@CApp7@@QAEHW4CAppRunMode@@@Z
?GetLog@CApp7@@QAEPAVCAdminService@@XZ
?ReportUserEvent@CAdminService@@QAEHVCString@@0W4EventType@@0PAVCValue@@0@Z
?GetProps@CApp7@@QAEPAVCProfile7@@XZ
?IDToPath@CConfigCont@@SAHJPBDAAVCString@@PAPAVCTypedCont@@H@Z
?ShowDocument@CTypedCont@@QAEXH@Z
?GetWorkBook@CTypedCont@@QAEPAVCWorkBookDoc@@XZ
?GetContainer@CConfigCont@@SAPAV1@XZ
?GetGallery@CGalleryHolder@@SAPAV1@XZ

txtedt

?SetText@CTextDocument@@QAEHPBD@Z
?GetLineLength@CTextDocument@@QBEHH@Z
?GetLineCount@CTextDocument@@QBEHXZ
?GetSelectedText@CTextDocument@@QBEXAAVCString@@@Z
?SetSel@CTextDocument@@QAEXVCPoint@@0@Z
?Replace@CTextDocument@@QAEXPBD@Z
?GetSel@CTextDocument@@QBEXAAVCPoint@@0@Z
?GetSelText@CTextEditor@@QAEXAAVCString@@@Z
?GetCurrentWord@CTextEditor@@QAEXAAVCString@@@Z
?MoveCaret@CTextEditor@@QAEXVCPoint@@0H@Z
?GetMaxLineLen@CTextDocument@@QBEHXZ
?IsModule@CTextDocument@@QBEHXZ
?IsReadOnly@CTextDocument@@QBEHXZ
?IsSetBookMark@CTextDocument@@QBEHH@Z
?SetBookMark@CTextDocument@@QAEXHH@Z
?GetNextBookMark@CTextDocument@@QAEHH@Z
?GetPrevBookMark@CTextDocument@@QAEHH@Z
?ClearAllBookMarks@CTextDocument@@QAEXXZ
?CanUndo@CTextDocument@@QBEHXZ
?CanRedo@CTextDocument@@QBEHXZ
?Undo@CTextDocument@@QAEXXZ
?Redo@CTextDocument@@QAEXXZ
?GetText@CTextDocument@@QAEXAAVCString@@@Z

mfc42

ord804
ord4299
ord2119
ord6785
ord3729
ord3394
ord4406
ord2587
ord3290
ord3301
ord4824
ord420
ord5826
ord5741
ord818
ord3742
ord4003
ord2486
ord4786
ord823
ord1883
ord5914
ord986
ord411
ord1168
ord5751
ord4155
ord2990
ord3415
ord5024
ord3514
ord6344
ord5627
ord1003
ord3449
ord3787
ord3250
ord4697
ord3058
ord3065
ord6336
ord2510
ord2542
ord5244
ord1746
ord5577
ord3172
ord5653
ord4421
ord4954
ord2401
ord4387
ord3454
ord3198
ord6081
ord6175
ord2982
ord3147
ord3259
ord4465
ord3136
ord3262
ord2985
ord3081
ord2976
ord3830
ord3831
ord3825
ord3079
ord4080
ord4623
ord4430
ord437
ord825
ord734
ord4226
ord6698
ord2014
ord6395
ord5455
ord3298
ord4483
ord1781
ord2793
ord2955
ord2858
ord5652
ord5019
ord5106
ord6849
ord5003
ord6831
ord4388
ord4669
ord4490
ord4345
ord4338
ord1729
ord4647
ord5022
ord4493
ord4492
ord4512
ord4962
ord6824
ord4382
ord971
ord2058
ord4645
ord2548
ord6872
ord5956
ord4037
ord3353
ord4622
ord4424
ord5824
ord6746
ord2186
ord6481
ord6523
ord1945
ord4273
ord4589
ord4588
ord4899
ord4370
ord4892
ord5076
ord4341
ord4890
ord4531
ord4545
ord4543
ord4526
ord4529
ord4524
ord4964
ord4961
ord6055
ord4078
ord1776
ord4407
ord5240
ord2385
ord5163
ord6374
ord4353
ord5290
ord3798
ord4837
ord4441
ord2648
ord2055
ord6376
ord3748
ord5065
ord1726
ord2446
ord2124
ord5277
ord4627
ord4432
ord560
ord813
ord5260
ord3442
ord2371
ord4508
ord2379
ord5981
ord3256
ord6009
ord4349
ord5265
ord4376
ord4853
ord4998
ord2514
ord6052
ord1775
ord5241
ord5280
ord3749
ord1727
ord5261
ord4425
ord3597
ord641
ord540
ord800
ord324
ord2302
ord4234
ord6199
ord922
ord3874
ord3092
ord860
ord2818
ord924
ord4710
ord3692
ord3571
ord3619
ord3721
ord567
ord3626
ord3663
ord795
ord2414
ord4275
ord2864
ord1641
ord5875
ord2243
ord5791
ord1640
ord323
ord562
ord5785
ord858
ord640
ord6453
ord755
ord470
ord613
ord3021
ord289
ord394
ord696
ord3435
ord909
ord5628
ord1175
ord5590
ord541
ord801
ord341
ord654
ord4242
ord537
ord6140
ord6143
ord5858
ord5861
ord2867
ord3499
ord2515
ord355
ord535
ord6877
ord5608
ord6787
ord2727
ord6467
ord2730
ord2729
ord1200
ord5683
ord5572
ord2915
ord2645
ord326
ord2582
ord4402
ord3370
ord3640
ord807
ord554
ord693
ord6905
ord6007
ord3998
ord3996
ord5655
ord4163
ord6625
ord2614
ord500
ord772
ord2452
ord5860
ord4185
ord955
ord810
ord2827
ord1601
ord1253
ord342
ord1182
ord2233
ord3447
ord3196
ord701
ord399
ord3440
ord4216
ord3495
ord4129
ord2764
ord4202
ord5710
ord1083
ord2762
ord914
ord501
ord4190
ord665
ord1979
ord5442
ord3318
ord5186
ord354
ord2919
ord939
ord6883
ord539
ord912
ord4188
ord3402
ord3631
ord683
ord2642
ord5606
ord941
ord3226
ord3398
ord3733
ord3303
ord3287
ord3438
ord6008
ord4000
ord4277
ord398
ord700
ord6142
ord2393
ord353
ord6778
ord913
ord4189
ord538
ord699
ord397
ord5631
ord926
ord3439
ord1825
ord4696
ord5243
ord5740
ord4420
ord4953
ord4858
ord4823
ord2399
ord6080
ord4426
ord338
ord652
ord4238
ord4108
ord1659
ord5961
ord1567
ord268
ord3924
ord4723
ord4047
ord4271
ord6283
ord6282
ord3296
ord3914
ord4506
ord384
ord686
ord2096
ord1642
ord2408
ord1233
ord1146
ord2152
ord2862
ord6442
ord4464
ord2380
ord6605
ord3220
ord2859
ord4287
ord4284
ord6215
ord6696
ord536
ord940
ord1770
ord462
ord2884
ord4083
ord3797
ord1858
ord923
ord6930
ord6928
ord5593
ord603
ord6329
ord273
ord4616
ord6385
ord703
ord879
ord403
ord1989
ord1969
ord882
ord5600

msvcrt

wcslen
_adjust_fdiv
malloc
_initterm
??1type_info@@UAE@XZ
_onexit
__dllonexit
?terminate@@YAXXZ
_except_handler3
strncpy
atoi
free
_strdup
atol
strstr
_mbscmp
_purecall
_mbsicmp
rand
_CxxThrowException
__CxxFrameHandler

kernel32

WideCharToMultiByte
GetCurrentProcess
TerminateProcess
GetCommandLineA
GetVersionExA
GetModuleFileNameA
lstrcmpiA
FindFirstFileA
FindNextFileA
FindClose
LocalAlloc
GetFileAttributesA
lstrlenA
MultiByteToWideChar
GlobalLock
GlobalUnlock
GlobalFree
lstrcmpA
GetCurrentThreadId
LoadLibraryA
FreeLibrary
GetLastError
FormatMessageA
LocalFree
lstrcpynA
FindResourceA
LoadResource
LockResource
IsBadWritePtr
VirtualProtect
InterlockedDecrement
GetModuleHandleA
GetProcAddress

user32

CopyAcceleratorTableA
InsertMenuItemA
DeleteMenu
GetMenuItemID
AppendMenuA
IsWindowVisible
TranslateAcceleratorA
LoadAcceleratorsA
ReleaseDC
LoadBitmapA
GetDC
GetDesktopWindow
LoadStringA
SetWindowPos
UnhookWindowsHookEx
CallNextHookEx
SetWindowsHookExA
IsWindow
LoadIconA
GetFocus
GetKeyNameTextA
MapVirtualKeyA
wsprintfA
MessageBoxA
DestroyIcon
DestroyMenu
TrackPopupMenu
ClientToScreen
CreatePopupMenu
LoadCursorA
MoveWindow
ClipCursor
SetCapture
ReleaseCapture
keybd_event
SetFocus
ShowWindow
PostMessageA
KillTimer
IsZoomed
IsIconic
ScreenToClient
GetWindowRect
LoadImageA
GetKeyState
DestroyAcceleratorTable
CreateAcceleratorTableA
GetWindow
GetWindowLongA
SetWindowLongA
SetMenuItemInfoA
IsMenu
GetMenuItemCount
GetMenuItemInfoA
LoadMenuA
InsertMenuA
CallWindowProcA
InvalidateRect
IsChild
GetParent
SendMessageA
PeekMessageA
SetTimer
EnableWindow
GetClientRect
GetActiveWindow

gdi32

CreatePalette
GetObjectA
PatBlt
GetStockObject
CreateCompatibleBitmap
SelectObject
DeleteDC
DeleteObject
BitBlt
GetTextExtentPoint32A
CreateDIBSection
CreateCompatibleDC
RealizePalette

advapi32

RegCreateKeyExA
RegCloseKey
RegQueryValueExA
RegOpenKeyExA
RegEnumKeyA
RegDeleteValueA
RegDeleteKeyA
RegSetValueExA
RegQueryInfoKeyA

shell32

ExtractIconExA
SHGetFileInfoA

comctl32

ImageList_Remove
ImageList_Create
ImageList_GetImageCount
ImageList_ReplaceIcon
ImageList_Duplicate

ole32

OleLoad
StgCreateDocfile
CoCreateInstance
OleRun
StgOpenStorage
CreateStreamOnHGlobal
GetHGlobalFromStream
CLSIDFromProgID
CLSIDFromString

oleaut32

SysStringLen
SysFreeString
SysAllocString
DispGetIDsOfNames
DispInvoke
RegisterTypeLi
LoadTypeLi
LoadRegTypeLi
SysAllocStringByteLen
VariantClear
VariantChangeType
VariantCopy
VariantInit
SetErrorInfo
CreateErrorInfo
GetErrorInfo

Sections

.text
Size: 213KB - Virtual size: 212KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 60KB - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
OpenConf.chm
.chm
config.tlb
config/1cv7srct.st
config/KbdProcs.dll
.dll regsvr32 windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

CODE
Size: 371KB - Virtual size: 370KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 3KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 165B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
config/SubSystems.dll
.dll regsvr32 windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

CODE
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 5KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 167B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 111KB - Virtual size: 110KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 369KB - Virtual size: 369KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
config/SubSystemsData.mdb
config/docs/FDSubst.readme.txt
config/docs/KbdProcs.readme.txt
config/docs/OpenConf.history.txt
config/docs/OpenConfPowerPack.html
.html
config/docs/readme.txt
config/docs/telepat.chm
.chm
config/docs/telepat.history.txt
config/fdsubst.dll
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 512B - Virtual size: 184B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 2KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
config/scripts/SubSystemsManage.vbs
.vbs
config/scripts/SubsystemsReports.js
.js
config/scripts/telepat.vbs
.vbs
config/system/ClipboardHistory.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 532KB - Virtual size: 532KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 5KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 52B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 38KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 50KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
config/system/StructureUpdater.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 684KB - Virtual size: 684KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 16B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 52KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 50KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
config/system/xml2tls/1cpplang.xml
.xml
config/system/xml2tls/readme.txt
config/system/xml2tls/xml2tls.exe
.exe windows:4 windows x86 arch:x86

81e9cc91cd3aba74e4de700c8650c33c

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

InterlockedDecrement
LocalFree
LocalAlloc
lstrlenA
FormatMessageA
GlobalUnlock
GlobalLock
GetFullPathNameA
GetModuleHandleA
GetCommandLineA
WideCharToMultiByte
MultiByteToWideChar
GetLastError

user32

wsprintfA

ole32

CreateStreamOnHGlobal
CoInitialize
CoUninitialize
CoCreateInstance
OleRun
GetHGlobalFromStream

oleaut32

SysFreeString
VariantClear
GetErrorInfo
SysAllocString

mfc42

ord1575
ord5683
ord4129
ord2827
ord1772
ord815
ord561
ord397
ord699
ord394
ord696
ord341
ord654
ord800
ord6883
ord6930
ord6928
ord538
ord801
ord823
ord5608
ord541
ord912
ord4188
ord6877
ord825
ord537
ord941
ord858
ord924
ord6779
ord540
ord909
ord4185
ord535
ord5858
ord859
ord2393
ord5572
ord2915
ord665
ord1979
ord6385
ord353
ord5861
ord922
ord2818
ord860

msvcrt

atol
_CxxThrowException
__dllonexit
_onexit
??1type_info@@UAE@XZ
_exit
__CxxFrameHandler
exit
__p___initenv
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
_stricmp
_except_handler3
_controlfp
wcslen
_XcptFilter
__set_app_type

msvcp60

??0_Winit@std@@QAE@XZ
??0Init@ios_base@std@@QAE@XZ
?cerr@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
??6std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@PBD@Z
?endl@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@1@AAV21@@Z
??1_Winit@std@@QAE@XZ
??1Init@ios_base@std@@QAE@XZ

Sections

.text
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
config/telepat.dll
.dll regsvr32 windows:4 windows x86 arch:x86

e93a954234b873ecae3f81136eec93a0

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mfc42

ord5683
ord5593
ord4188
ord3438
ord5861
ord696
ord4185
ord394
ord641
ord2514
ord1168
ord5265
ord4376
ord4998
ord6052
ord1775
ord5280
ord4425
ord3597
ord324
ord2302
ord4234
ord3092
ord4710
ord2645
ord4476
ord5606
ord2867
ord3610
ord807
ord554
ord656
ord5655
ord6887
ord4163
ord6625
ord3803
ord2859
ord2452
ord1641
ord3619
ord3626
ord2414
ord5789
ord4297
ord6170
ord6876
ord859
ord3986
ord2393
ord665
ord1979
ord5442
ord353
ord5590
ord5875
ord697
ord2411
ord2023
ord4218
ord2578
ord397
ord3582
ord616
ord5629
ord4480
ord6242
ord910
ord2080
ord2463
ord4274
ord815
ord6375
ord4486
ord2554
ord2512
ord5731
ord3922
ord1089
ord5199
ord2396
ord3346
ord5300
ord5302
ord4079
ord4698
ord5307
ord5289
ord5714
ord3738
ord561
ord3953
ord2725
ord1131
ord6467
ord1182
ord2827
ord2754
ord6172
ord3874
ord5785
ord755
ord6215
ord4275
ord567
ord6442
ord818
ord3742
ord4627
ord5277
ord2124
ord2446
ord5261
ord1727
ord5065
ord3749
ord6376
ord2055
ord2648
ord4441
ord4837
ord3798
ord912
ord699
ord539
ord465
ord6928
ord6930
ord1601
ord403
ord273
ord3318
ord5445
ord603
ord703
ord6779
ord923
ord2764
ord941
ord5736
ord2152
ord924
ord5053
ord4277
ord5710
ord4202
ord922
ord6142
ord6453
ord4299
ord6880
ord5608
ord6781
ord6778
ord6648
ord1176
ord2099
ord692
ord3639
ord3402
ord4401
ord2581
ord4219
ord2024
ord2413
ord6366
ord1771
ord2864
ord6199
ord6605
ord6380
ord6197
ord470
ord4398
ord5794
ord5290
ord4353
ord6374
ord1116
ord1575
ord5163
ord1577
ord342
ord1243
ord1197
ord1570
ord1253
ord1255
ord1578
ord600
ord826
ord269
ord2385
ord5241
ord4407
ord1776
ord4078
ord6055
ord1233
ord5860
ord940
ord939
ord500
ord772
ord2614
ord6140
ord1146
ord541
ord341
ord6282
ord6283
ord5858
ord654
ord801
ord3436
ord5981
ord535
ord1644
ord6883
ord909
ord2915
ord5572
ord6143
ord6877
ord2763
ord4129
ord858
ord2379
ord860
ord538
ord2818
ord537
ord3663
ord2863
ord6270
ord2438
ord3654
ord2584
ord4220
ord1200
ord4216
ord2884
ord4083
ord3495
ord3196
ord3447
ord4045
ord540
ord823
ord800
ord4226
ord614
ord825
ord290
ord3579
ord4424
ord4622
ord4080
ord3079
ord3825
ord3831
ord3830
ord2976
ord3081
ord2985
ord3262
ord3136
ord4465
ord3259
ord3147
ord395
ord2982

msvcrt

strstr
__CxxFrameHandler
_EH_prolog
_mbscmp
memcpy
_CxxThrowException
strcmp
strlen
_mbsicmp
_purecall
atoi
memset
strcpy
free
wcslen
malloc
realloc
_adjust_fdiv
_initterm
_onexit
__dllonexit
??1type_info@@UAE@XZ
?terminate@@YAXXZ
_except_handler3
memcmp

kernel32

LocalFree
GlobalAlloc
GlobalHandle
MulDiv
GetCurrentProcess
FlushInstructionCache
GetCurrentThreadId
lstrcatA
lstrcpyA
LoadLibraryA
HeapDestroy
IsDBCSLeadByte
lstrcpynA
lstrcmpiA
GetLastError
WideCharToMultiByte
GetModuleFileNameA
GetShortPathNameA
MultiByteToWideChar
lstrlenW
EnterCriticalSection
InterlockedIncrement
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSection
FindResourceA
LoadResource
LockResource
SizeofResource
GlobalFree
GetFileAttributesExA
CompareFileTime
CreateFileA
GetFileSize
ReadFile
CloseHandle
GlobalLock
GlobalUnlock
FindFirstFileA
FindNextFileA
FindClose
lstrlenA
lstrcmpA
InterlockedDecrement
GetVersionExA
IsBadWritePtr
LoadLibraryExA
FreeLibrary
GetModuleHandleA
GetProcAddress
VirtualProtect
LocalAlloc

user32

GetWindow
MoveWindow
SetRectEmpty
TranslateAcceleratorA
DestroyWindow
GetClassInfoExA
RegisterClassExA
CreateWindowExA
GetDlgItemInt
GetDlgItem
SetDlgItemInt
IsWindow
ReleaseCapture
InvalidateRect
UpdateWindow
GetCapture
SetCapture
GetSysColor
CopyRect
DrawIconEx
DrawFocusRect
GetMenuStringA
LoadImageA
EnumChildWindows
PtInRect
GetCursorPos
ScreenToClient
GetKeyState
SetCaretPos
GetDesktopWindow
AdjustWindowRect
CreateCaret
ShowCaret
EnableWindow
GetParent
GetSystemMetrics
GetWindowRect
GetDC
DrawTextA
OffsetRect
GetClientRect
KillTimer
SetTimer
PostMessageA
GetFocus
InsertMenuA
SendMessageA
ReleaseDC
GetCaretPos
GetMenuItemCount
TrackPopupMenu
ShowWindow
UnionRect
IsDialogMessageA
GetNextDlgTabItem
IsChild
SetWindowLongA
CharNextA
GetDialogBaseUnits
CreateDialogIndirectParamA
RegisterWindowMessageA
DefWindowProcA
SetWindowTextA
GetWindowTextA
GetWindowTextLengthA
GetWindowLongA
CallWindowProcA
SetFocus
EndPaint
FillRect
BeginPaint
SetWindowPos
RedrawWindow
GetClassNameA
wsprintfA
InvalidateRgn
SetWindowRgn
EqualRect
IntersectRect
GetMenuItemID
CreatePopupMenu
LoadCursorA
RemoveMenu
AppendMenuA
LoadAcceleratorsA
CopyAcceleratorTableA
DestroyAcceleratorTable
CreateAcceleratorTableA
LoadMenuA
InsertMenuItemA
GetMenuItemInfoA
SetMenuItemInfoA
DestroyMenu
GetSubMenu
IsWindowVisible
InflateRect
ClientToScreen

gdi32

GetNearestColor
CreateSolidBrush
DeleteObject
CreateFontIndirectA
GetObjectA
GetTextExtentExPointA
GetDeviceCaps
DeleteDC
BitBlt
CreateCompatibleDC
CreateCompatibleBitmap
CreateRectRgnIndirect
RestoreDC
SetViewportOrgEx
SetWindowOrgEx
SetMapMode
SaveDC
LPtoDP
CreateDCA
SetBkColor
ExtTextOutA
SetTextColor
Rectangle
SetBkMode
TextOutA
GetTextMetricsA
SelectObject
GetStockObject
GetTextExtentPointA
GetTextExtentPoint32A

advapi32

RegQueryInfoKeyA
RegEnumKeyExA
RegDeleteValueA
RegDeleteKeyA
RegSetValueExA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
RegCreateKeyExA
RegEnumValueA

ole32

GetHGlobalFromStream
CreateOleAdviseHolder
OleLockRunning
StringFromCLSID
OleUninitialize
OleInitialize
OleSaveToStream
WriteClassStm
OleLoadFromStream
CoTaskMemRealloc
CoTaskMemAlloc
CoTaskMemFree
OleRegGetMiscStatus
OleRegGetUserType
OleRegEnumVerbs
CLSIDFromString
CLSIDFromProgID
CoCreateInstance
OleRun
CreateStreamOnHGlobal

olepro32

ord254
ord250
ord253

oleaut32

SysAllocStringLen
SysStringLen
SysStringByteLen
SysAllocStringByteLen
RegisterTypeLi
LoadTypeLi
VarUI4FromStr
LoadRegTypeLi
SysAllocString
VariantChangeType
VariantInit
VariantClear
VariantCopy
SysFreeString

bkend

?GetDocDefs@CMetaDataCont@@QAEPAVCMetaDataObjArray@@XZ
?GetAt@CMetaDataObjArray@@QBEPAVCMetaDataObj@@H@Z
?GetNItems@CMetaDataObjArray@@QBEHXZ
?GetCode@CMetaDataObj@@QBEPBDXZ
??1CType@@QAE@XZ
?GetPrecision@CType@@QBEHXZ
?GetLength@CType@@QBEHXZ
?FindObject@CMetaDataCont@@QBEPAVCMetaDataObj@@J@Z
?GetTypeID@CType@@QBEJXZ
?GetTypeTitle@CType@@QAE?AVCString@@XZ
??0CType@@QAE@ABV0@@Z
?GetType@CMetaDataTypedObj@@QBEABVCType@@XZ
?GetNRefDefs@CMetaDataRefObj@@QBEHXZ
?GetDescr@CMetaDataObj@@QBEPBDXZ
?GetPresent@CMetaDataObj@@QBEPBDXZ
?GetFullName@CMetaDataCont@@QBEPBDJPAJH@Z
?GetID@CMetaDataObj@@QBEJXZ
?GetParams@CSbCntTypeDef@@QAEPAVCMetaDataObjArray@@XZ
?GetGenJrnlFlds@CMetaDataCont@@QBEPAV?$CTypedFldDefsArray@VCGenJrnlFldDef@@@@XZ
?GetTables@CDocDef@@QAEPAVCMetaDataObjArray@@XZ
?GetHeads@CDocDef@@QAEPAVCMetaDataObjArray@@XZ
?GetFilds@CJournalDef@@QAEPAVCMetaDataObjArray@@XZ
?GetAccParamDefs@CBuhDef@@QAEPAV?$CTypedFldDefsArray@VCAccParamDef@@@@XZ
?GetBuhDef@CMetaDataCont@@QBEPAVCBuhDef@@XZ
?GetProvParamDefs@CBuhDef@@QAEPAV?$CTypedFldDefsArray@VCProvParamDef@@@@XZ
?GetOperParamDefs@CBuhDef@@QAEPAV?$CTypedFldDefsArray@VCOperParamDef@@@@XZ
?GetOperJournalDef@CBuhDef@@QAEPAVCOperJournalDef@@XZ
?GetCJParamDefs@CCJDef@@QAEPAVCMetaDataObjArray@@XZ
?GetCJDefs@CMetaDataCont@@QAEPAVCMetaDataObjArray@@XZ
??0CType@@QAE@HHH@Z
?C2TypeCode@CType@@SAHD@Z
?GetNPlanDefs@CBuhDef@@QBEHXZ
?GetNCJDefs@CMetaDataCont@@QBEHXZ
?GetNRegDefs@CMetaDataCont@@QBEHXZ
?GetDefaultLanguage@CTaskDef@@QBEHXZ
?GetTaskDef@CMetaDataCont@@QBEPAVCTaskDef@@XZ
?GetSTypeDef@CMetaDataCont@@QBEPAVCSbCntTypeDef@@PBD@Z
?GetParentID@CSbCntTypeDef@@QBEJXZ
?GetParamDef@CSbCntTypeDef@@QBEPAVCSbCntParamDef@@PBD@Z
?GetSTypeDefs@CMetaDataCont@@QAEPAVCMetaDataObjArray@@XZ
?GetLevelsLimit@CSbCntTypeDef@@QBEHXZ
?GetCodeLen@CSbCntTypeDef@@QBEHXZ
?GetDescLen@CSbCntTypeDef@@QBEHXZ
?GetDocDef@CMetaDataCont@@QBEPAVCDocDef@@PBD@Z
?GetItem@CMetaDataObjArray@@QBEPAVCMetaDataObj@@PBD@Z
?GetTblFldDef@CDocDef@@QBEPAVCDocTblFldDef@@PBD@Z
?GetHeadFldDef@CDocDef@@QBEPAVCDocHeadFldDef@@PBD@Z
?GetFormDefsArray@CSbCntTypeDef@@QAEPAVCFormDefsArray@@XZ
?GetJournalDef@CMetaDataCont@@QBEPAVCJournalDef@@PBD@Z
?GetJournalDefs@CMetaDataCont@@QAEPAVCMetaDataObjArray@@XZ
?GetFormDefsArray@CJournalDef@@QAEPAVCFormDefsArray@@XZ
?GetRegDef@CMetaDataCont@@QBEPAVCRegDef@@PBD@Z
?GetTypeCode@CType@@QBEHXZ
?GetFilds@CRegDef@@QAEPAVCMetaDataObjArray@@XZ
?GetPropDef@CRegDef@@QBEPAVCRegPropDef@@PBD@Z
?GetRegDefs@CMetaDataCont@@QAEPAVCMetaDataObjArray@@XZ
?GetRegDefAt@CMetaDataCont@@QBEPAVCRegDef@@H@Z
?GetProps@CRegDef@@QAEPAVCMetaDataObjArray@@XZ
?GetFigure@CRegDef@@QAEPAVCMetaDataObjArray@@XZ
?GetReportDefs@CMetaDataCont@@QAEPAVCMetaDataObjArray@@XZ
?GetCalcVarDefs@CMetaDataCont@@QAEPAVCMetaDataObjArray@@XZ
?GetPlanDefs@CBuhDef@@QAEPAVCMetaDataObjArray@@XZ
?GetPlanDef@CBuhDef@@QBEPAVCPlanDef@@PBD@Z
?GetAccFormDefsArray@CBuhDef@@QAEPAVCFormDefsArray@@XZ
?GetMetaData@@YAPAVCMetaDataCont@@XZ
?GetBkEndUI@@YAPAVCBkEndUI@@XZ

frame

?SetButtonMap@SECToolBarManager@@QAEXPBUSECBtnMapEntry@@@Z
?SetCursor@SECWndBtn@@QAEHXZ
?PrePaint@SECWndBtn@@IAEXXZ
?PostPaint@SECWndBtn@@IAEXXZ
?RButtonDblClk@SECWndBtn@@QAEHIVCPoint@@@Z
?RButtonUp@SECWndBtn@@QAEHIVCPoint@@@Z
?RButtonDown@SECWndBtn@@QAEHIVCPoint@@@Z
?LButtonDblClk@SECWndBtn@@QAEHIVCPoint@@@Z
?LButtonUp@SECWndBtn@@QAEHIVCPoint@@@Z
??0SECWndBtn@@QAE@XZ
??1SECWndBtn@@UAE@XZ
?SetMode@SECWndBtn@@UAEXH@Z
?SetPos@SECWndBtn@@UAEXHH@Z
?Invalidate@SECWndBtn@@UBEXH@Z
?Init@SECWndBtn@@UAEXPAVSECCustomToolBar@@PBI@Z
?DrawButton@SECWndBtn@@UAEXAAVCDC@@AAUSECBtnDrawData@@@Z
?BtnPressDown@SECStdBtn@@UAEHVCPoint@@@Z
?BtnPressMouseMove@SECStdBtn@@UAEXVCPoint@@@Z
?BtnPressCancel@SECStdBtn@@UAEXXZ
?BtnPressUp@SECStdBtn@@UAEIVCPoint@@@Z
?BarStyleChanged@SECStdBtn@@UAEXK@Z
?OnToolHitTest@SECWndBtn@@UBEHVCPoint@@PAUtagTOOLINFOA@@@Z
?InformBtn@SECWndBtn@@UAEXIPAX@Z
?AdjustSize@SECWndBtn@@UAEXXZ
?GetBtnInfo@SECWndBtn@@UBEXPAEPAPAE@Z
?SetBtnInfo@SECWndBtn@@UAEXEQAE@Z
?DrawFace@SECStdBtn@@MAEXAAUSECBtnDrawData@@HAAH111H@Z
?DrawDisabled@SECStdBtn@@MAEXAAUSECBtnDrawData@@HHHH@Z
?DrawChecked@SECStdBtn@@MAEXAAUSECBtnDrawData@@HHHH@Z
?DrawIndeterminate@SECStdBtn@@MAEXAAUSECBtnDrawData@@HHHH@Z
?DrawConfigFocus@SECStdBtn@@MAEXAAUSECBtnDrawData@@@Z
?LButtonDown@SECWndBtn@@UAEHIVCPoint@@@Z
?AddTempString@CMenu7@@SAXJVCString@@H@Z

seven

?GetTextDocument@CWorkBookDoc@@QAEPAVCDocument@@XZ
?ShowDocument@CModuleCont@@QAEXPBD@Z
?ConvertTemplate@CSTInsrtType@@SA?AVCString@@PBD0AAVCPoint@@AAH@Z
?GetDEditDocument@CWorkBookDoc@@QAEPAVCDocument@@XZ
?IDToTextModule@CConfigCont@@SAHJPBDAAVCString@@PAPAVCModuleCont@@H@Z
?SwitchToPage@CWorkBookDoc@@QAEHH@Z
?GetActiveDocument@CWorkBookDoc@@QAEPAVCDocument@@XZ
?DocumentToID@CConfigCont@@SAJPAVCDocument@@AAVCString@@@Z
?GetSourceTemplate@CAssistantDoc@@QAEPAVCSrcTemplDocParent@@XZ
?IDToPath@CConfigCont@@SAHJPBDAAVCString@@PAPAVCTypedCont@@H@Z
?GetWorkBook@CTypedCont@@QAEPAVCWorkBookDoc@@XZ
?ShowDocument@CTypedCont@@QAEXH@Z
?GetTextDocument@CModuleCont@@QAEPAVCDocument@@XZ
?GetModuleFullName@@YA?AVCString@@JPBDHPAVCMetaDataCont@@@Z

txtedt

?DeleteSymb@CTextDocument@@QAEHDVCPoint@@@Z
?GetCurrentWord@CTextEditor@@QAEXAAVCString@@@Z
?OnDestroy@CTextEditor@@IAEXXZ
?OnTxtEnumproc@CTextEditor@@IAEXXZ
?InsertStr@CTextDocument@@QAEXPBDVCPoint@@H@Z
?OnKeyDown@CTextEditor@@IAEXIII@Z
?OnChar@CTextEditor@@IAEXIII@Z
?messageMap@CTextEditor@@1UAFX_MSGMAP@@B
?IsReadOnly@CTextDocument@@QBEHXZ
?IsModule@CTextDocument@@QBEHXZ
?OnContextMenu@CTextEditor@@IAEXPAVCWnd@@VCPoint@@@Z
?MoveCaret@CTextEditor@@QAEXVCPoint@@0H@Z
?Replace@CTextDocument@@QAEXPBD@Z
?SetSel@CTextDocument@@QAEXVCPoint@@0@Z
?GetLine@CTextDocument@@QBEXHAAVCString@@@Z
?OnLButtonDown@CTextEditor@@IAEXIVCPoint@@@Z
?OnLButtonDblClk@CTextEditor@@IAEXIVCPoint@@@Z
?OnRButtonDown@CTextEditor@@IAEXIVCPoint@@@Z
?OnVScroll@CTextEditor@@IAEXIIPAVCScrollBar@@@Z
?OnHScroll@CTextEditor@@IAEXIIPAVCScrollBar@@@Z
?OnMouseWheel@CTextEditor@@IAEHIFVCPoint@@@Z
?OnSize@CTextEditor@@IAEXIHH@Z
?ReplaceTempl@CTextDocument@@QAEHPBD0@Z
?GetSel@CTextDocument@@QBEXAAVCPoint@@0@Z
?AddTemplateMenu@CTextEditor@@IAEXPAVCMenu@@@Z
?MyGetDC@CTextEditor@@IAEPAVCDC@@XZ
?ReplaceTemplate@CTextEditor@@IAEXPBD0VCPoint@@1H@Z
?GetDocument@CTextEditor@@QBEPAVCTextDocument@@XZ
?GetSelText@CTextEditor@@QAEXAAVCString@@@Z
?GetText@CTextDocument@@QAEXAAVCString@@@Z
?OnUpdateCaretPos@CTextEditor@@IAEXPAVCCmdUI@@@Z
?GetLineCount@CTextDocument@@QBEHXZ
?GetLineLength@CTextDocument@@QBEHH@Z
?GetSelectedText@CTextDocument@@QBEXAAVCString@@@Z
?OnCreate@CTextEditor@@IAEHPAUtagCREATESTRUCTA@@@Z

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
SetConvigService

Sections

.text
Size: 133KB - Virtual size: 133KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 42KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 229KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 78KB - Virtual size: 78KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
telepat.icl
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rsrc
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9632e80596371cfa7f563f680f3c4498

Headers

File Characteristics

Imports

comctl32

kernel32

user32

gdi32

advapi32

shell32

ole32

version

Sections

.text Size: 23KB - Virtual size: 23KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 1024B - Virtual size: 107KB

.ndata Size: - Virtual size: 36KB

.rsrc Size: 18KB - Virtual size: 20KB

3764e6c387ce3c76b39936a24d523dce

Headers

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

shell32

Exports

Exports

Sections

.text Size: 6KB - Virtual size: 5KB

.rdata Size: 2KB - Virtual size: 1KB

.data Size: 1KB - Virtual size: 9KB

.rsrc Size: 512B - Virtual size: 152B

.reloc Size: 1024B - Virtual size: 924B

aebc3107701149edfc563b8db7a789fd

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

Exports

Exports

Sections

.text Size: 2KB - Virtual size: 2KB

.rdata Size: 1KB - Virtual size: 1KB

.data Size: 512B - Virtual size: 5KB

.rsrc Size: 512B - Virtual size: 296B

.reloc Size: 512B - Virtual size: 444B

17773dcb492ff41912dcb7da71e87b0f

Headers

File Characteristics

Imports

version

bkend

editr

frame

moxel

seven

txtedt

mfc42

msvcrt

kernel32

user32

gdi32

advapi32

shell32

comctl32

ole32

oleaut32

Sections

.text Size: 213KB - Virtual size: 212KB

.rdata Size: 60KB - Virtual size: 59KB

.text
Size: 23KB - Virtual size: 23KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 1024B - Virtual size: 107KB

.ndata
Size: - Virtual size: 36KB

.rsrc
Size: 18KB - Virtual size: 20KB

.text
Size: 6KB - Virtual size: 5KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 1KB - Virtual size: 9KB

.rsrc
Size: 512B - Virtual size: 152B

.reloc
Size: 1024B - Virtual size: 924B

.text
Size: 2KB - Virtual size: 2KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: 512B - Virtual size: 5KB

.rsrc
Size: 512B - Virtual size: 296B

.reloc
Size: 512B - Virtual size: 444B

.text
Size: 213KB - Virtual size: 212KB

.rdata
Size: 60KB - Virtual size: 59KB

.data
Size: 10KB - Virtual size: 11KB

.rsrc
Size: 13KB - Virtual size: 13KB

.reloc
Size: 25KB - Virtual size: 25KB

CODE
Size: 371KB - Virtual size: 370KB

DATA
Size: 5KB - Virtual size: 4KB

BSS
Size: - Virtual size: 3KB

.idata
Size: 9KB - Virtual size: 9KB

.edata
Size: 512B - Virtual size: 165B

.reloc
Size: 26KB - Virtual size: 25KB

.rsrc
Size: 26KB - Virtual size: 26KB

CODE
Size: 1.5MB - Virtual size: 1.5MB

DATA
Size: 15KB - Virtual size: 15KB

BSS
Size: - Virtual size: 5KB

.idata
Size: 12KB - Virtual size: 11KB

.edata
Size: 512B - Virtual size: 167B

.reloc
Size: 111KB - Virtual size: 110KB

.rsrc
Size: 369KB - Virtual size: 369KB

CODE
Size: 25KB - Virtual size: 25KB

DATA
Size: 512B - Virtual size: 184B

BSS
Size: - Virtual size: 2KB

.idata
Size: 3KB - Virtual size: 2KB

.reloc
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 9KB - Virtual size: 9KB

CODE
Size: 532KB - Virtual size: 532KB

DATA
Size: 9KB - Virtual size: 8KB

BSS
Size: - Virtual size: 5KB

.idata
Size: 9KB - Virtual size: 9KB

.tls
Size: - Virtual size: 52B

.rdata
Size: 512B - Virtual size: 24B

.reloc
Size: 38KB - Virtual size: 38KB

.rsrc
Size: 50KB - Virtual size: 50KB

CODE
Size: 684KB - Virtual size: 684KB

DATA
Size: 11KB - Virtual size: 10KB

BSS
Size: - Virtual size: 4KB

.idata
Size: 9KB - Virtual size: 9KB

.tls
Size: - Virtual size: 16B

.rdata
Size: 512B - Virtual size: 24B

.reloc
Size: 52KB - Virtual size: 51KB

.rsrc
Size: 50KB - Virtual size: 50KB