fea0d360102e9aa9f82bead8e801efa1_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

fea0d360102e9aa9f82bead8e801efa1_JaffaCakes118
Size

5.9MB
MD5

fea0d360102e9aa9f82bead8e801efa1
SHA1

a4514a948f501b5071f02bb6f2894b672aed893b
SHA256

76596f36f5676d4c0179ba19c8aa4e3f17aff7b4bdba8ac89d7c03f836926ff3
SHA512

f5fe805fbc33a79302297ae2b86c5eb1806fd92dbd1cb39e3a7610b0b00e62494bdcd2ae18e73a556c7f108cd5f28a6138d8a39d2d577793719fe6cdd785742d
SSDEEP

98304:fTYuzsWlgyiKJAF94zw5BrakZp6qI75JTnUOdgBxAXrezYJulmr4vPtOyD6weuqU:fkugVyFuF94zSBrvp6jAOKBxaYY8gr4D

Score

5^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/KtzAionMain.exe	upx

Unsigned PE 7 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Charge.exe
unpack001/DCPO/MDIDLL.dll
unpack001/English.dll
unpack001/Ktz.dll
unpack001/KtzAionDll.dll
unpack001/KtzAionMain.exe
unpack001/SPIfilter.dll

Files

fea0d360102e9aa9f82bead8e801efa1_JaffaCakes118
.rar
AionScript/M_BBBLTask.txt
AionScript/M_BDZHECTask.txt
AionScript/M_ZhZhScript.txt
AionScript/M_adec.txt
AionScript/M_aetgdys.txt
AionScript/M_atrss.txt
AionScript/M_bbbl.txt
AionScript/M_bbblYeWai.txt
AionScript/M_bddsh.txt
AionScript/M_bdzhec.txt
AionScript/M_bllsnmc.txt
AionScript/M_bllsys.txt
AionScript/M_bspetc.txt
AionScript/M_djzyd.txt
AionScript/M_gedfdcw.txt
AionScript/M_hzdxc.txt
AionScript/M_mehhbdys.txt
AionScript/M_msfehsh.txt
AionScript/M_tptxmdxzh.txt
AionScript/M_ylxkc.txt
AionScript/M_yshmjshjd.txt
AionScript/T_JJTTask.txt
AionScript/T_ZHMKLGTask.txt
AionScript/T_ZhZhScript.txt
AionScript/T_aedsshd.txt
AionScript/T_aetnjjt.txt
AionScript/T_aetnys.txt
AionScript/T_aglc.txt
AionScript/T_aklasc.txt
AionScript/T_betl.txt
AionScript/T_gdyj.txt
AionScript/T_jjtc.txt
AionScript/T_jjtc001.txt
AionScript/T_jzhjtzhd.txt
AionScript/T_ktsha.txt
AionScript/T_mepndyd.txt
AionScript/T_mhlfjghwp.txt
AionScript/T_petc.txt
AionScript/T_tebsc.txt
AionScript/T_xlzhdxxc.txt
AionScript/T_yplxnc.txt
AionScript/T_yshshjshjd.txt
AionScript/T_ytedkjjt.txt
AionScript/T_ytedkys.txt
AionScript/T_zmnklg.txt
Charge.exe
.exe windows:4 windows x86 arch:x86

2b239e7a3a37dfb1a7978b8fd3651119

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

f:\Project\Aion\Charge\KtzCharge(英文版)美服\Release\KtzStudio.pdb

Imports

kernel32

SetErrorMode
FileTimeToLocalFileTime
GetFileAttributesA
GetFileTime
RtlUnwind
GetSystemInfo
HeapAlloc
HeapFree
GetSystemTimeAsFileTime
GetTimeFormatA
GetDateFormatA
GetStartupInfoA
GetCommandLineA
HeapReAlloc
TerminateProcess
ExitThread
HeapSize
HeapDestroy
IsBadWritePtr
GetTimeZoneInformation
SetUnhandledExceptionFilter
GetStdHandle
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
QueryPerformanceCounter
GetCurrentProcessId
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
IsBadCodePtr
SetStdHandle
SetEnvironmentVariableA
FileTimeToSystemTime
GetOEMCP
GetCPInfo
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
TlsGetValue
GlobalHandle
GlobalReAlloc
LocalAlloc
InterlockedIncrement
GlobalFlags
GetFullPathNameA
FindFirstFileA
FindClose
DuplicateHandle
UnlockFile
LockFile
FlushFileBuffers
InterlockedDecrement
SuspendThread
ResumeThread
SetThreadPriority
GetCurrentThread
lstrcmpA
ConvertDefaultLocale
EnumResourceLanguagesA
lstrcpyA
GetCurrentThreadId
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
LoadLibraryA
FreeLibrary
lstrcmpW
SetLastError
MulDiv
GlobalAlloc
FormatMessageA
lstrcpynA
LocalFree
GlobalLock
GlobalUnlock
GlobalFree
FreeResource
ReadFile
VirtualAlloc
SetEndOfFile
MapViewOfFile
GetFileSize
CreateFileMappingA
UnmapViewOfFile
lstrcatA
CopyFileA
WritePrivateProfileStringA
GetTickCount
VirtualProtectEx
TerminateThread
GetVolumeInformationA
GetLocalTime
GetProcAddress
VirtualProtect
IsBadReadPtr
WaitForMultipleObjects
GetCurrentProcess
ReleaseMutex
VirtualFree
ExitProcess
CreateMutexA
VirtualQuery
GetModuleFileNameA
GetModuleHandleA
CreateFileA
SetFilePointer
WriteFile
RaiseException
EnterCriticalSection
LeaveCriticalSection
Sleep
ResetEvent
DeleteCriticalSection
InitializeCriticalSection
CreateEventA
LoadResource
LockResource
SizeofResource
FindResourceA
GetLastError
CreateThread
CloseHandle
SetEvent
WaitForSingleObject
lstrlenA
lstrcmpiA
WideCharToMultiByte
CompareStringA
CompareStringW
MultiByteToWideChar
GetVersion
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
HeapCreate
GetVersionExA

user32

RegisterClipboardFormatA
PostThreadMessageA
IsRectEmpty
CharNextA
ReleaseCapture
SetCapture
LoadCursorA
GetSysColorBrush
SetWindowContextHelpId
MapDialogRect
GetMessageA
ValidateRect
SetCursor
PostQuitMessage
EndPaint
BeginPaint
ClientToScreen
DestroyMenu
SetMenuItemBitmaps
ModifyMenuA
CheckMenuItem
GetMenuCheckMarkDimensions
LoadBitmapA
ShowWindow
MoveWindow
SetWindowTextA
IsDialogMessageA
SetDlgItemTextA
RegisterWindowMessageA
WinHelpA
GetCapture
CreateWindowExA
SetWindowsHookExA
CallNextHookEx
GetClassLongA
GetClassInfoExA
GetClassNameA
SetPropA
GetPropA
RemovePropA
SendDlgItemMessageA
IsChild
GetWindowTextLengthA
GetWindowTextA
GetForegroundWindow
GetTopWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
PeekMessageA
MessageBoxA
TrackPopupMenu
SetForegroundWindow
IsWindowVisible
UpdateWindow
GetMenu
AdjustWindowRectEx
EqualRect
GetClassInfoA
RegisterClassA
GetDlgCtrlID
SetWindowPos
OffsetRect
IntersectRect
SystemParametersInfoA
GetWindowPlacement
CopyRect
GetMenuState
GetMenuItemID
GetMenuItemCount
GetSubMenu
GetDesktopWindow
GetActiveWindow
SetActiveWindow
CreateDialogIndirectParamA
DestroyWindow
GetDlgItem
IsWindowEnabled
GetNextDlgTabItem
EndDialog
MessageBeep
TranslateMessage
DispatchMessageA
GetParent
GetKeyState
GetWindowLongA
SetFocus
CallWindowProcA
DefWindowProcA
GetWindowDC
GetDC
ReleaseDC
SetWindowLongA
wsprintfA
GetFocus
GetWindowRect
PtInRect
RedrawWindow
GrayStringA
DrawTextExA
GetNextDlgGroupItem
InvalidateRgn
CopyAcceleratorTableA
GetLastActivePopup
SetRect
DrawTextA
TabbedTextOutA
InvalidateRect
GetSysColor
EnableMenuItem
IsWindow
IsIconic
DrawIcon
GetSystemMetrics
GetSystemMenu
LoadIconA
PostMessageA
GetWindow
GetClientRect
AppendMenuA
CreatePopupMenu
GetCursorPos
KillTimer
SendMessageA
SetTimer
UnregisterClassA
EnableWindow
CharUpperA
MapWindowPoints

gdi32

GetMapMode
GetBkColor
GetTextColor
GetRgnBox
SetMapMode
RestoreDC
SaveDC
ExtSelectClipRgn
ScaleWindowExtEx
SetWindowExtEx
SetWindowOrgEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
GetWindowExtEx
GetViewportExtEx
SelectClipRgn
GetStockObject
CreateRectRgnIndirect
CreateBitmap
GetObjectA
SetBkColor
GetClipBox
GetDeviceCaps
SelectObject
DeleteObject
DeleteDC
SetTextColor
SetBkMode
BitBlt
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
CreateCompatibleDC
CreateCompatibleBitmap
CreateRectRgn

comdlg32

GetFileTitleA

winspool.drv

OpenPrinterA
ClosePrinter
DocumentPropertiesA

advapi32

RegOpenKeyA
RegQueryValueExA
RegOpenKeyExA
RegDeleteKeyA
RegEnumKeyA
RegQueryValueA
RegCreateKeyExA
RegSetValueExA
RegCloseKey

shell32

Shell_NotifyIconA

comctl32

ord17
ImageList_Destroy

shlwapi

PathFindFileNameA
PathStripToRootA
PathFindExtensionA
PathIsUNCA

oledlg

ord8

ole32

OleInitialize
CoTaskMemFree
CoTaskMemAlloc
CLSIDFromProgID
CLSIDFromString
CoFreeUnusedLibraries
CoGetClassObject
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
OleUninitialize
CoRegisterMessageFilter
OleFlushClipboard
OleIsCurrentClipboard
CoRevokeClassObject

oleaut32

OleCreateFontIndirect
SysAllocString
SystemTimeToVariantTime
SafeArrayDestroy
VariantCopy
SysAllocStringByteLen
SysStringLen
SysAllocStringLen
VariantInit
VariantChangeType
VariantClear
SysFreeString

ws2_32

send
recv
closesocket
WSACleanup
WSAGetLastError
socket
gethostbyname
inet_addr
htons
connect
WSAStartup

winmm

timeKillEvent

iphlpapi

GetAdaptersInfo

Sections

.text
Size: 408KB - Virtual size: 406KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 100KB - Virtual size: 98KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 272KB - Virtual size: 441KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 200KB - Virtual size: 197KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: 276KB - Virtual size: 273KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 124B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
DCPO.ini
DCPO/MDIDLL.dll
.dll windows:4 windows x86 arch:x86

0132193beb1f776e902b66ec8e18f4d7

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

g:\source\Ktz\Aion\KtzAion\Mdidll\Release\MDIDLL.pdb

Imports

kernel32

LCMapStringA
LCMapStringW
SetStdHandle
CompareStringA
CompareStringW
SetEnvironmentVariableA
GetDateFormatA
GetTimeFormatA
GetStringTypeW
GetStringTypeA
GetCPInfo
GetOEMCP
IsBadCodePtr
IsBadReadPtr
GetTimeZoneInformation
IsBadWritePtr
UnhandledExceptionFilter
VirtualFree
HeapCreate
HeapDestroy
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
GetModuleFileNameA
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
SetUnhandledExceptionFilter
VirtualQuery
GetSystemInfo
VirtualAlloc
VirtualProtect
HeapSize
TerminateProcess
CreateThread
ExitThread
HeapReAlloc
HeapFree
HeapAlloc
GetCommandLineA
GetProfileIntW
EnumResourceTypesW
EnumResourceNamesW
GetTempPathW
GetPrivateProfileSectionNamesW
GetExitCodeThread
TerminateThread
ResetEvent
CreateDirectoryW
ExitProcess
RtlUnwind
SetFileAttributesW
FileTimeToLocalFileTime
GetVolumeInformationW
FindFirstFileW
FindClose
DuplicateHandle
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
GetStringTypeExW
DeleteFileW
GetCurrentDirectoryW
FileTimeToSystemTime
GlobalFlags
lstrcmpiW
SetErrorMode
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
TlsGetValue
EnterCriticalSection
GlobalHandle
GlobalReAlloc
LeaveCriticalSection
LocalAlloc
GetFullPathNameW
GetTempFileNameW
GetFileTime
GetFileAttributesW
GetCurrentThread
lstrcmpA
GetModuleFileNameW
ConvertDefaultLocale
EnumResourceLanguagesW
LoadLibraryW
GetLocaleInfoW
CreateEventW
SuspendThread
SetEvent
ResumeThread
SetThreadPriority
GetTickCount
GetPrivateProfileIntW
DeleteCriticalSection
InitializeCriticalSection
RaiseException
SetLastError
GlobalFree
MulDiv
lstrcpyW
GlobalAlloc
FormatMessageW
LocalFree
FreeResource
GlobalFindAtomW
GlobalDeleteAtom
lstrlenA
GetModuleHandleA
LoadLibraryA
FreeLibrary
lstrcmpW
GetModuleHandleW
GetProcAddress
GetVersionExA
GetVersion
GlobalLock
GlobalUnlock
GlobalGetAtomNameW
GlobalAddAtomW
lstrcpynW
lstrlenW
lstrcatW
OpenFileMappingW
MapViewOfFile
CloseHandle
CreateFileW
GetLastError
CreateFileMappingW
InterlockedCompareExchange
GetCurrentProcess
WritePrivateProfileStringW
InterlockedIncrement
GetPrivateProfileStringW
OutputDebugStringA
GetVersionExW
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
WaitForSingleObject
Sleep
WideCharToMultiByte
FindResourceW
LoadResource
LockResource
SizeofResource
GetCurrentThreadId
MultiByteToWideChar
InterlockedDecrement

user32

SetWindowsHookExW
CallNextHookEx
GetClassInfoExW
GetClassLongW
SetPropW
GetPropW
RemovePropW
SendDlgItemMessageW
SendDlgItemMessageA
IsChild
GetWindowTextLengthW
GetWindowTextW
GetForegroundWindow
DispatchMessageW
BeginDeferWindowPos
EndDeferWindowPos
GetTopWindow
DestroyWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
MapWindowPoints
MessageBoxW
TrackPopupMenu
SetForegroundWindow
ScreenToClient
DeferWindowPos
EndDialog
CreateDialogIndirectParamW
CheckMenuItem
GetDCEx
LockWindowUpdate
SendMessageW
DestroyIcon
ShowWindow
IsWindow
CopyIcon
SetWindowPos
GetClientRect
SetParent
SetScrollInfo
RegisterClassW
UnregisterClassW
CallWindowProcW
SystemParametersInfoA
GetWindowPlacement
GetSystemMetrics
PtInRect
LoadMenuW
DestroyMenu
GetClassNameW
GetSysColor
WinHelpW
EnableMenuItem
GetMenuState
ModifyMenuW
SetMenuItemBitmaps
SetFocus
EqualRect
GetDlgItem
GetKeyState
GetDlgCtrlID
UnpackDDElParam
ReuseDDElParam
GetClassInfoW
SetCursor
PeekMessageW
GetCapture
ReleaseCapture
IsDialogMessageW
SetWindowTextW
LoadBitmapW
GetMenuCheckMarkDimensions
SetWindowLongW
GetWindowLongW
GetWindowRect
DefWindowProcW
InsertMenuW
AppendMenuW
GetMenuStringW
IsClipboardFormatAvailable
FillRect
PostMessageW
UpdateWindow
GetFocus
EnableWindow
PostQuitMessage
OffsetRect
CopyRect
ScrollWindowEx
InvalidateRect
MoveWindow
EnumChildWindows
RegisterClassExW
LoadCursorW
LoadIconW
TranslateAcceleratorW
AttachThreadInput
PostThreadMessageW
SendMessageA
RegisterWindowMessageW
wsprintfW
DefFrameProcW
GetMenu
GetMenuItemID
GetSubMenu
GetMenuItemCount
GetParent
TabbedTextOutW
DrawTextW
DrawTextExW
GrayStringW
ClientToScreen
GetDC
ReleaseDC
GetWindowDC
BeginPaint
EndPaint
InflateRect
MapDialogRect
SetWindowContextHelpId
RegisterClipboardFormatW
ValidateRect
GetCursorPos
TranslateMessage
GetMessageW
ShowOwnedPopups
GetMenuItemInfoW
SystemParametersInfoW
GetKeyNameTextW
MapVirtualKeyW
GetSysColorBrush
IsRectEmpty
UnionRect
CharNextW
SetRect
CopyAcceleratorTableW
InvalidateRgn
SetCapture
GetNextDlgGroupItem
GetNextDlgTabItem
MessageBeep
DeleteMenu
CharUpperW
SetTimer
KillTimer
GetSystemMenu
DrawMenuBar
GetActiveWindow
LoadAcceleratorsW
SetActiveWindow
IsWindowVisible
IsIconic
InsertMenuItemW
CreatePopupMenu
IntersectRect
SetRectEmpty
GetLastActivePopup
SetMenu
GetDesktopWindow
GetWindow
IsWindowEnabled
AdjustWindowRectEx
TranslateMDISysAccel
CreateWindowExW
BringWindowToTop
DrawStateW
GetIconInfo
LoadImageW
CreateIconIndirect
CreateIconFromResourceEx
DrawIconEx
WaitMessage
ToUnicodeEx
GetKeyboardState
GetKeyboardLayoutList
IsCharLowerW
MapVirtualKeyExW
GetKeyboardLayout
DrawFrameControl
DrawFocusRect
GetMenuDefaultItem
IsMenu
IsZoomed
InvertRect
GetCursor
SetWindowRgn
SetCursorPos
GetWindowRgn
ShowCaret
HideCaret
LookupIconIdFromDirectoryEx
SetWindowLongA
GetWindowLongA
IsWindowUnicode
SendMessageTimeoutW
GetDoubleClickTime
DrawEdge
GetTabbedTextExtentA
WindowFromPoint

gdi32

RectVisible
TextOutW
ExtTextOutW
Escape
SelectObject
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
GetCurrentPositionEx
PolyBezierTo
ExtSelectClipRgn
DeleteDC
CreatePatternBrush
GetStockObject
CreatePen
CreateSolidBrush
CreateFontIndirectW
CreateRectRgnIndirect
SetRectRgn
CombineRgn
GetMapMode
PatBlt
DPtoLP
GetTextExtentPoint32W
StretchDIBits
PtVisible
CreateFontW
GetBkColor
GetTextColor
GetRgnBox
GetTextMetricsW
GetPixel
BitBlt
GetWindowExtEx
GetViewportExtEx
CreateRectRgn
GetClipRgn
SelectClipRgn
DeleteObject
MoveToEx
LineTo
IntersectClipRect
SetMapMode
SetStretchBltMode
SetBkMode
RestoreDC
SaveDC
StretchBlt
CreateDIBSection
GetDIBits
SetPixel
Polygon
GetCurrentObject
EnumFontFamiliesExW
GetBitmapBits
ExtCreateRegion
PtInRegion
Ellipse
Polyline
GetViewportOrgEx
GetWindowOrgEx
CreatePolygonRgn
RoundRect
GetTextAlign
GetTextExtentPoint32A
StrokePath
FillPath
StrokeAndFillPath
EndPath
CloseFigure
BeginPath
GetDeviceCaps
CreateBitmap
GetObjectW
SetBkColor
SetTextColor
ExcludeClipRect
GetClipBox
CreateCompatibleDC
GetCharWidthW
CreateCompatibleBitmap

comdlg32

GetFileTitleW

winspool.drv

DocumentPropertiesW
OpenPrinterW
ClosePrinter

advapi32

RegCloseKey
RegOpenKeyW
RegCreateKeyExW
RegOpenKeyExW
RegQueryValueExW
RegSetValueExW
RegDeleteValueW
RegDeleteKeyW
RegEnumKeyW
RegQueryValueW

shell32

SHGetPathFromIDListW
SHGetMalloc
ShellExecuteW
DragQueryFileW
DragFinish
SHGetSpecialFolderLocation

comctl32

ImageList_Destroy
ImageList_Create
ImageList_GetImageInfo
ImageList_Draw
ord17
ImageList_GetImageCount
ImageList_AddMasked
ImageList_GetIcon
ImageList_GetIconSize
ImageList_Add
ImageList_ReplaceIcon
ImageList_DrawEx
_TrackMouseEvent

shlwapi

PathStripToRootW
PathFindFileNameW
PathFindExtensionW
PathIsUNCW

oledlg

OleUIAddVerbMenuW
OleUIBusyW

ole32

CoFreeUnusedLibraries
OleUninitialize
CLSIDFromString
CLSIDFromProgID
CoDisconnectObject
CoTaskMemAlloc
OleInitialize
CoTaskMemFree
CoCreateInstance
CoGetClassObject
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
CoRevokeClassObject
OleRun
OleIsCurrentClipboard
CoRegisterMessageFilter
OleFlushClipboard
RegisterDragDrop
CoLockObjectExternal
RevokeDragDrop

oleaut32

SafeArrayGetLBound
VariantChangeTypeEx
VarUdateFromDate
OleLoadPicturePath
LoadTypeLi
OleCreateFontIndirect
VarBstrFromDate
VarDateFromStr
SysAllocString
SafeArrayDestroy
VariantCopy
SafeArrayGetDim
SafeArrayGetElemsize
SafeArrayGetUBound
SafeArrayAccessData
SafeArrayUnaccessData
SysStringByteLen
SysAllocStringByteLen
SysStringLen
SysFreeString
VariantInit
VariantChangeType
VariantClear
SysAllocStringLen
SystemTimeToVariantTime

dbghelp

SymSetOptions
SymGetOptions
SymInitialize

winmm

PlaySoundW

Exports

Exports

DCPO_ExeEnd
DCPO_ExeStart
DCPO_IIDCallBack

Sections

.text
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 244KB - Virtual size: 242KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 400KB - Virtual size: 398KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 136KB - Virtual size: 135KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
DefaulLayout
.xml
English.dll
.dll windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rsrc
Size: 256KB - Virtual size: 252KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Item/gather
Item/item
Item/mob
Ktz.dll
.dll windows:5 windows x86 arch:x86

db697eabb4071b8c967564a196f79f5d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

f:\Project\Aion\Bin\Ktz.pdb

Imports

kernel32

GlobalAlloc
OutputDebugStringW
GlobalFree
GetModuleFileNameW
CloseHandle
Sleep
GetLastError
OpenMutexW
MultiByteToWideChar
GetProcAddress
GetModuleHandleW
LoadLibraryW
ExpandEnvironmentStringsW
FlushFileBuffers
CreateFileA
HeapSize
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetCurrentThreadId
GetCommandLineA
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapFree
ExitProcess
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapCreate
HeapDestroy
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
LeaveCriticalSection
EnterCriticalSection
GetLocaleInfoA
SetFilePointer
WriteFile
GetConsoleCP
GetConsoleMode
HeapAlloc
VirtualAlloc
HeapReAlloc
LoadLibraryA
InitializeCriticalSectionAndSpinCount
RtlUnwind

ws2_32

WSCGetProviderPath
inet_ntoa
ntohs
inet_addr
htons
getpeername
WSAGetLastError
send
WSCEnumProtocols

Exports

Exports

LspCallBack

Sections

.text
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
KtzAionDll.dll
.dll windows:5 windows x86 arch:x86

d52213e1d15a5ae2f9308632873e4352

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

f:\Project\Aion\Bin\KtzAionDll.pdb

Imports

kernel32

lstrlenA
ReadFile
FlushFileBuffers
RaiseException
RtlUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetSystemTimeAsFileTime
HeapFree
HeapAlloc
GetCommandLineA
HeapReAlloc
ExitThread
HeapSize
GetCPInfo
GetACP
GetOEMCP
GetTimeFormatA
GetDateFormatA
GetTimeZoneInformation
GetStdHandle
GetModuleFileNameA
GetConsoleCP
GetConsoleMode
SetHandleCount
GetFileType
GetStartupInfoA
LCMapStringW
HeapCreate
HeapDestroy
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
InitializeCriticalSectionAndSpinCount
SetStdHandle
LCMapStringA
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetProcessHeap
CreateFileA
SetEnvironmentVariableA
GlobalFlags
GetModuleHandleA
SetErrorMode
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
GlobalHandle
GlobalReAlloc
TlsGetValue
LocalAlloc
SuspendThread
ResumeThread
SetThreadPriority
GetCurrentThread
ConvertDefaultLocale
EnumResourceLanguagesW
lstrcmpA
GetLocaleInfoW
CompareStringA
InterlockedExchange
GetCurrentProcessId
GetCurrentThreadId
GlobalAddAtomW
GlobalFindAtomW
GlobalDeleteAtom
GetVersionExW
CompareStringW
LoadLibraryA
lstrcmpW
GetVersionExA
GlobalAlloc
FormatMessageW
LocalFree
MulDiv
SetLastError
GlobalLock
GlobalUnlock
GlobalFree
FreeResource
LoadLibraryExW
FreeLibrary
GetFullPathNameW
SetCurrentDirectoryW
GetCurrentDirectoryW
VirtualAlloc
VirtualFree
SetEndOfFile
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
GetTickCount
InterlockedDecrement
InterlockedIncrement
CreateMutexW
lstrcatW
ExitProcess
TerminateProcess
LoadLibraryW
GetProcAddress
ResetEvent
SetEvent
CreateEventW
WaitForSingleObject
VirtualProtect
GetVolumeInformationW
GetPrivateProfileIntW
CopyFileW
DeleteFileW
FindFirstFileW
FindNextFileW
FindClose
GetPrivateProfileStringW
WritePrivateProfileStringW
VirtualProtectEx
FindResourceW
LoadResource
LockResource
SizeofResource
InitializeCriticalSection
IsBadReadPtr
VirtualQuery
GetLocalTime
GetModuleHandleW
CreateThread
GetModuleFileNameW
CreateToolhelp32Snapshot
GetLastError
Module32FirstW
CloseHandle
Module32NextW
GetCurrentProcess
DeleteCriticalSection
GetExitCodeThread
TerminateThread
lstrlenW
Sleep
EnterCriticalSection
LeaveCriticalSection
OutputDebugStringW
MultiByteToWideChar
CreateFileW
GetFileSize
SetFilePointer
WriteFile
WideCharToMultiByte
IsValidCodePage

user32

LoadBitmapW
ModifyMenuW
EnableMenuItem
CheckMenuItem
SendDlgItemMessageW
SendDlgItemMessageA
WinHelpW
GetCapture
GetClassLongW
GetClassNameW
SetPropW
GetPropW
RemovePropW
GetFocus
GetWindowTextLengthW
GetWindowTextW
GetForegroundWindow
GetLastActivePopup
DispatchMessageW
GetTopWindow
GetMessageTime
GetMessagePos
PeekMessageW
MapWindowPoints
GetKeyState
SetMenu
SetForegroundWindow
IsWindowVisible
UpdateWindow
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
GetSysColor
AdjustWindowRectEx
PtInRect
GetDlgCtrlID
GetMenu
SetWindowPos
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetSystemMetrics
GetWindow
GetMenuState
GetMenuItemID
GetMenuItemCount
GetSubMenu
GetDesktopWindow
GetActiveWindow
SetActiveWindow
CreateDialogIndirectParamW
DestroyWindow
IsWindowEnabled
GetParent
GetNextDlgTabItem
EndDialog
wsprintfW
SetFocus
CallWindowProcW
DefWindowProcW
GetWindowDC
GetDC
ReleaseDC
DrawTextW
GetWindowRect
MessageBoxW
GetClientRect
IsWindow
InvalidateRect
GetWindowLongW
SetWindowLongW
LoadIconW
PostMessageW
UnhookWindowsHookEx
SetWindowsHookExW
BringWindowToTop
CallNextHookEx
GetDlgItem
GetCursorPos
KillTimer
SetTimer
EnableWindow
SendMessageW
DestroyMenu
LoadCursorW
GetSysColorBrush
EndPaint
BeginPaint
ClientToScreen
GrayStringW
DrawTextExW
TabbedTextOutW
UnregisterClassW
SetCursor
GetMessageW
TranslateMessage
ValidateRect
PostQuitMessage
GetWindowThreadProcessId
ShowWindow
SetWindowTextW
IsDialogMessageW
SetDlgItemTextW
SetMenuItemBitmaps
CopyRect
GetMenuCheckMarkDimensions
RegisterWindowMessageW

gdi32

CreateBitmap
SaveDC
RestoreDC
SetMapMode
PtVisible
RectVisible
TextOutW
ExtTextOutW
Escape
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
SetBkColor
GetObjectW
GetClipBox
GetDeviceCaps
CreatePen
CreateCompatibleDC
CreateCompatibleBitmap
SelectObject
BitBlt
GetStockObject
Ellipse
SetTextColor
SetBkMode
DeleteObject
SetViewportOrgEx
DeleteDC

winspool.drv

DocumentPropertiesW
OpenPrinterW
ClosePrinter

advapi32

RegSetValueExW
RegCreateKeyExW
RegQueryValueW
RegOpenKeyW
RegEnumKeyW
RegDeleteKeyW
RegOpenKeyExW
RegQueryValueExW
RegCloseKey
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges
InitiateSystemShutdownW

shlwapi

PathFindExtensionW
PathFindFileNameW

oleaut32

VariantInit
VariantChangeType
VariantClear

dbghelp

SymInitialize
SymGetOptions
SymSetOptions
SymFromAddr
SymGetLineFromAddr64

ws2_32

WSAAccept
ntohs
inet_ntoa
WSASocketW
bind
getsockname
listen
WSAStartup
socket
gethostbyname
htons
connect
recv
closesocket
WSACleanup
inet_addr
WSAGetLastError
send

winmm

timeKillEvent
sndPlaySoundW

d3d9

Direct3DCreate9

iphlpapi

GetAdaptersInfo

Exports

Exports

??0CxFile@@QAE@ABV0@@Z
??0CxFile@@QAE@XZ
??0CxIOFile@@QAE@ABV0@@Z
??0CxIOFile@@QAE@PAU_iobuf@@@Z
??0CxMemFile@@QAE@ABV0@@Z
??1CxFile@@UAE@XZ
??1CxIOFile@@UAE@XZ
??1CxImage@@UAE@XZ
??4CxFile@@QAEAAV0@ABV0@@Z
??4CxIOFile@@QAEAAV0@ABV0@@Z
??4CxMemFile@@QAEAAV0@ABV0@@Z
??_7CxFile@@6B@
??_7CxIOFile@@6B@
??_7CxImage@@6B@
??_7CxMemFile@@6B@
??_FCxIOFile@@QAEXXZ
??_FCxImage@@QAEXXZ
??_FCxMemFile@@QAEXXZ
??_OCxImage@@QAEXAAV0@@Z
?Close@CxIOFile@@UAE_NXZ
?Eof@CxIOFile@@UAE_NXZ
?Error@CxIOFile@@UAEJXZ
?Flush@CxIOFile@@UAE_NXZ
?GetC@CxIOFile@@UAEJXZ
?GetS@CxIOFile@@UAEPADPADH@Z
?Open@CxIOFile@@QAE_NPB_W0@Z
?PutC@CxFile@@UAE_NE@Z
?PutC@CxIOFile@@UAE_NE@Z
?Read@CxIOFile@@UAEIPAXII@Z
?Scanf@CxIOFile@@UAEJPBDPAX@Z
?Seek@CxIOFile@@UAE_NJH@Z
?Size@CxIOFile@@UAEJXZ
?Tell@CxIOFile@@UAEJXZ
?Write@CxIOFile@@UAEIPBXII@Z
GetProxyPort
InstallHook
UnInstallHook

Sections

.text
Size: 482KB - Virtual size: 482KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 124KB - Virtual size: 123KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 149KB - Virtual size: 520KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 187KB - Virtual size: 186KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.KTZ0
Size: 66KB - Virtual size: 66KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.KTZ1
Size: 3.1MB - Virtual size: 3.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 68KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
KtzAionMain.exe
.exe windows:5 windows x86 arch:x86

fe1f467275f4fc600308177dac277705

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LCMapStringA
GetModuleHandleA
LoadLibraryA
VirtualAlloc
GetModuleFileNameA
ExitProcess

user32

GetMenuState
MessageBoxA

gdi32

GetViewportExtEx

comdlg32

GetFileTitleW

winspool.drv

ClosePrinter

advapi32

RegSetValueExW

shell32

Shell_NotifyIconW

comctl32

ord17

shlwapi

PathStripToRootW

oledlg

OleUIBusyW

ole32

CoTaskMemAlloc

oleaut32

VariantInit

ws2_32

WSCEnumProtocols

Sections

.text
Size: - Virtual size: 200KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 162KB - Virtual size: 174KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.UPX0
Size: - Virtual size: 187KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_WRITE

.UPX1
Size: 360KB - Virtual size: 359KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 116B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Layout
.xml
SPIFilter.ini
SPIfilter.dll
.dll windows:5 windows x86 arch:x86

ecc0ae1c3dda16519a35f6fd4e2d4bd5

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

VirtualFree
VirtualAlloc
FreeLibrary
SetEvent
ResetEvent
CreateEventW
GetModuleFileNameW
GetModuleHandleW
GetProcAddress
LoadLibraryW
ExpandEnvironmentStringsW
GetLastError
GetVersionExW
MultiByteToWideChar
FlushFileBuffers
CloseHandle
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetPrivateProfileStringW
WritePrivateProfileStringW
GetCurrentProcess
WriteFile
SetFilePointer
GetFileSize
CreateFileW
OutputDebugStringW
WideCharToMultiByte
GetCurrentThreadId
GetCommandLineA
RaiseException
HeapFree
HeapAlloc
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
LCMapStringW
RtlUnwind
Sleep
ExitProcess
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapCreate
HeapDestroy
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
HeapSize
LeaveCriticalSection
EnterCriticalSection
HeapReAlloc
GetConsoleCP
GetConsoleMode
LCMapStringA
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
LoadLibraryA
InitializeCriticalSectionAndSpinCount

ws2_32

WSCGetProviderPath
WSCEnumProtocols
WSCWriteProviderOrder
WSCInstallProvider
WSCDeinstallProvider

rpcrt4

UuidCreate

dbghelp

SymGetOptions
SymInitialize
SymSetOptions

user32

wsprintfW

Exports

Exports

WSPStartup

Sections

.text
Size: 57KB - Virtual size: 56KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Sound/Enemy.wav
Sound/GM.wav
Sound/Infected.wav

Sharing

General

Malware Config

Signatures

Files

2b239e7a3a37dfb1a7978b8fd3651119

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

oledlg

ole32

oleaut32

ws2_32

winmm

iphlpapi

Sections

.text Size: 408KB - Virtual size: 406KB

.rdata Size: 100KB - Virtual size: 98KB

.data Size: 272KB - Virtual size: 441KB

.rsrc Size: 200KB - Virtual size: 197KB

.vmp0 Size: 276KB - Virtual size: 273KB

.reloc Size: 4KB - Virtual size: 124B

0132193beb1f776e902b66ec8e18f4d7

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

oledlg

ole32

oleaut32

dbghelp

winmm

Exports

Exports

Sections

.text Size: 1.2MB - Virtual size: 1.2MB

.rdata Size: 244KB - Virtual size: 242KB

.data Size: 16KB - Virtual size: 32KB

.rsrc Size: 400KB - Virtual size: 398KB

.reloc Size: 136KB - Virtual size: 135KB

Headers

DLL Characteristics

File Characteristics

Sections

.rsrc Size: 256KB - Virtual size: 252KB

.reloc Size: 4KB - Virtual size: 8B

db697eabb4071b8c967564a196f79f5d

Headers

File Characteristics

PDB Paths

Imports

kernel32

ws2_32

Exports

Exports

Sections

.text Size: 44KB - Virtual size: 43KB

.rdata Size: 9KB - Virtual size: 9KB

.data Size: 4KB - Virtual size: 10KB

.rsrc Size: 512B - Virtual size: 436B

.reloc Size: 4KB - Virtual size: 4KB

.text
Size: 408KB - Virtual size: 406KB

.rdata
Size: 100KB - Virtual size: 98KB

.data
Size: 272KB - Virtual size: 441KB

.rsrc
Size: 200KB - Virtual size: 197KB

.vmp0
Size: 276KB - Virtual size: 273KB

.reloc
Size: 4KB - Virtual size: 124B

.text
Size: 1.2MB - Virtual size: 1.2MB

.rdata
Size: 244KB - Virtual size: 242KB

.data
Size: 16KB - Virtual size: 32KB

.rsrc
Size: 400KB - Virtual size: 398KB

.reloc
Size: 136KB - Virtual size: 135KB

.rsrc
Size: 256KB - Virtual size: 252KB

.reloc
Size: 4KB - Virtual size: 8B

.text
Size: 44KB - Virtual size: 43KB

.rdata
Size: 9KB - Virtual size: 9KB

.data
Size: 4KB - Virtual size: 10KB

.rsrc
Size: 512B - Virtual size: 436B

.reloc
Size: 4KB - Virtual size: 4KB

.text
Size: 482KB - Virtual size: 482KB

.rdata
Size: 124KB - Virtual size: 123KB

.data
Size: 149KB - Virtual size: 520KB

.rsrc
Size: 187KB - Virtual size: 186KB

.KTZ0
Size: 66KB - Virtual size: 66KB

.KTZ1
Size: 3.1MB - Virtual size: 3.1MB

.reloc
Size: 68KB - Virtual size: 67KB

.text
Size: - Virtual size: 200KB

.rdata
Size: - Virtual size: 53KB

.data
Size: - Virtual size: 26KB

.rsrc
Size: 162KB - Virtual size: 174KB

.UPX0
Size: - Virtual size: 187KB

.UPX1
Size: 360KB - Virtual size: 359KB

.reloc
Size: 512B - Virtual size: 116B

.text
Size: 57KB - Virtual size: 56KB

.rdata
Size: 15KB - Virtual size: 15KB

.data
Size: 4KB - Virtual size: 12KB

.rsrc
Size: 512B - Virtual size: 436B