00980d66f756e72b8f4818490608e7c0_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

00980d66f756e72b8f4818490608e7c0_JaffaCakes118
Size

7.8MB
MD5

00980d66f756e72b8f4818490608e7c0
SHA1

a02807bf355adc5ac42ab0aae345e57f35da1a90
SHA256

b92e1ee2bfeb614cbc96df222bd9dd085ce48185e350b5fd6d85d681897ff454
SHA512

fd177c77eabb54e5f4bd5f11c76e171a3e25affa954884ffbb88ed077502dce73e6278162e28e55b2151eeb9944bbdb17e21058a290fd2db5948a39289a9d306
SSDEEP

196608:005FlRcTKwGbl6dxWLuPQhuGaAhjPyDzChPsjjDF0a2F3PfKLA3IP8emRfv:005HWTdAlPLmoNaAhjPxhSjDTu3Py83d

Score

7^/10

upx

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 1 IoCs

Detects file using ACProtect software.

resource	yara_rule
static1/unpack001/efsdll.dll	acprotect

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/efsdll.dll	upx
static1/unpack001/efskey.exe	upx

Unsigned PE 39 IoCs

Checks for missing Authenticode signature.

resource
unpack001/$PLUGINSDIR/InstallOptions.dll
unpack001/$PLUGINSDIR/StartMenu.dll
unpack001/$PLUGINSDIR/nsisdll.dll
unpack001/123key.exe
unpack001/acbtkey.exe
unpack001/actkey.exe
unpack001/ariskkey.dll
unpack001/ariskkey.exe
unpack001/bckey.exe
unpack001/bckupkey.exe
unpack001/efsdll.dll
unpack001/efskey.exe
unpack001/fmkey.exe
unpack001/iekey.exe
unpack001/lnkey.exe
unpack001/mailkey.exe
unpack001/moneykey.exe
unpack001/msgrkey.exe
unpack001/msvcr71.dll
unpack001/myobkey.exe
unpack001/nckey.exe
unpack001/oekey.exe
unpack001/offkey.exe
unpack001/onkey.exe
unpack001/orgkey.exe
unpack001/pdoxkey.exe
unpack001/peachkey.exe
unpack001/pk83.dll
unpack001/projkey.exe
unpack001/qbkey.exe
unpack001/qpkey.exe
unpack001/quickey.exe
unpack001/rarkey.exe
unpack001/scdkey.exe
unpack001/sqlkey.exe
unpack001/winkey.exe
unpack001/wpkey.exe
unpack001/wprokey.exe
unpack001/zipkey.exe

NSIS installer 1 IoCs

installer

resource	yara_rule
sample	nsis_installer_1

Files

00980d66f756e72b8f4818490608e7c0_JaffaCakes118
.exe windows:4 windows x86 arch:x86

18bc6fa81e19f21156316b1ae696ed6b

Code Sign

e0:9f:88:1b:1e:12:ac:c6:39:14:f1:f0:f5:6d:35:6a
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

22-08-2007 00:00

Not After

21-08-2008 23:59

Subject

CN=Passware\, Inc. Limited,O=Passware\, Inc. Limited,POSTALCODE=NA,STREET=30-38 Main Street+STREET=Suite 31 Don House,L=Gibraltar,ST=GI,C=GI

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

f2:8c:be:21:07:7e:e4:42:0d:ed:23:04:e5:5f:02:67:31:66:8c:4a
Signer

Actual PE Digest

f2:8c:be:21:07:7e:e4:42:0d:ed:23:04:e5:5f:02:67:31:66:8c:4a

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CloseHandle
SetFileTime
CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetFileSize
GetModuleFileNameA
GetTickCount
GetCurrentProcess
lstrcmpiA
ExitProcess
GetCommandLineA
GetWindowsDirectoryA
GetTempPathA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
CreateFileA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
lstrcmpA
GetEnvironmentVariableA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
SetErrorMode
GetModuleHandleA
LoadLibraryA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
MulDiv
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
CopyFileA

user32

ScreenToClient
GetWindowRect
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
EndDialog
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxA
CharPrevA
DispatchMessageA
PeekMessageA
CreateDialogParamA
DestroyWindow
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
RegisterClassA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
TrackPopupMenu
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ShowWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetMalloc
SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 108KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 40KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/InstallOptions.dll
.dll windows:4 windows x86 arch:x86

57354bdeea3dfae6e948101add87501a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetCurrentDirectoryA
GetCurrentDirectoryA
GetPrivateProfileIntA
GetModuleHandleA
lstrcmpiA
GetPrivateProfileStringA
lstrcatA
lstrcpynA
WritePrivateProfileStringA
lstrlenA
lstrcpyA
GlobalFree
MultiByteToWideChar
GlobalAlloc

user32

GetDlgCtrlID
GetClientRect
SetWindowRgn
MapWindowPoints
LoadImageA
SetWindowLongA
CreateWindowExA
MapDialogRect
SetWindowPos
GetWindowRect
CreateDialogParamA
ShowWindow
EnableWindow
GetDlgItem
DestroyIcon
DestroyWindow
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
PtInRect
LoadCursorA
SetCursor
DrawTextA
GetWindowLongA
DrawFocusRect
CallWindowProcA
PostMessageA
MessageBoxA
CharNextA
wsprintfA
GetWindowTextA
SetWindowTextA
SendMessageA
LoadIconA

gdi32

SetTextColor
GetObjectA
SelectObject
GetDIBits
CreateRectRgn
CombineRgn
DeleteObject
CreateCompatibleDC

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetDesktopFolder
SHGetMalloc
ShellExecuteA

comdlg32

GetOpenFileNameA
GetSaveFileNameA
CommDlgExtendedError

Exports

Exports

dialog
initDialog
show

Sections

.text
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 954B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/StartMenu.dll
.dll windows:4 windows x86 arch:x86

28d94e5199b88ad374b3cb2118e31a66

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrcpynA
GlobalAlloc
MulDiv
GetModuleHandleA
GlobalFree
FindClose
FindNextFileA
FindFirstFileA
lstrcmpiA
lstrcatA
lstrcpyA

user32

GetMessageA
IsDialogMessageA
PostMessageA
CallWindowProcA
TranslateMessage
CheckDlgButton
ShowWindow
LoadIconA
GetClientRect
MoveWindow
ScreenToClient
GetWindowRect
ReleaseDC
GetDC
EnableWindow
SetWindowTextA
SendMessageA
IsDlgButtonChecked
GetWindowTextA
DispatchMessageA
DestroyWindow
GetDlgItem
CreateDialogParamA
SetWindowLongA
wsprintfA
GetWindowLongA

gdi32

GetTextMetricsA
SelectObject

shell32

SHGetMalloc
SHGetSpecialFolderLocation
SHGetPathFromIDListA

Exports

Exports

Init
Select
Show

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 296B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 460B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/ioSpecial.ini
$PLUGINSDIR/modern-header.bmp
$PLUGINSDIR/modern-wizard.bmp
$PLUGINSDIR/nsisdll.dll
.dll windows:4 windows x86 arch:x86

39c9ab7fb34a30e52b7a7164f24285fd

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalLock
GlobalAlloc
GetLastError
GlobalMemoryStatus
GetVersionExA
GetFullPathNameA
WideCharToMultiByte
MultiByteToWideChar
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
GetWindowsDirectoryA
GetCurrentDirectoryA
GetModuleHandleA
SetEndOfFile
RtlUnwind
RaiseException
GetCurrentThreadId
GetCommandLineA
ExitProcess
TerminateProcess
GetDriveTypeA
GetSystemTimeAsFileTime
GetFileAttributesA
FindClose
FileTimeToSystemTime
FileTimeToLocalFileTime
FindFirstFileA
FlushFileBuffers
SetFilePointer
SetStdHandle
GetFileType
SetLastError
HeapFree
GlobalUnlock
SetHandleCount
GetStdHandle
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
UnhandledExceptionFilter
WriteFile
VirtualProtect
VirtualAlloc
GetSystemInfo
LCMapStringA
LCMapStringW
GetTimeZoneInformation
CompareStringA
CompareStringW
HeapReAlloc
HeapSize
ReadFile
IsBadReadPtr
IsBadWritePtr
IsBadCodePtr
GetACP
GetOEMCP
GetCPInfo
InterlockedExchange
GetLocaleInfoA
GetStringTypeA
GetStringTypeW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
CreateFileA
SetEnvironmentVariableA
MulDiv
TlsAlloc
LoadLibraryA
GetProcAddress
GetCurrentProcess
DuplicateHandle
GetCurrentThread
CloseHandle
TlsFree
FreeLibrary
SetUnhandledExceptionFilter
TlsGetValue
TlsSetValue
GetModuleFileNameA
VirtualQuery
GlobalFree
InterlockedDecrement
InterlockedIncrement
HeapAlloc
lstrcpyA

advapi32

RegEnumKeyExA
RegDeleteValueA
RegDeleteKeyA
RegQueryInfoKeyA
RegQueryValueExA
GetUserNameA
RegSetValueExA
RegOpenKeyExA
RegCloseKey
RegCreateKeyExA
RegEnumValueA
RegFlushKey

user32

GetDlgItemTextA
GetSysColor
EnableMenuItem
GetSystemMenu
SetWindowLongA
SystemParametersInfoA
DialogBoxIndirectParamA
GetWindowLongA
SetFocus
GetParent
GetDesktopWindow
GetWindowRect
CopyRect
SetCursor
SetWindowPos
GetClassInfoA
LoadCursorA
CreateCursor
UnregisterClassA
RegisterClassA
SendDlgItemMessageA
SetClipboardData
OpenClipboard
EmptyClipboard
CloseClipboard
GetKeyState
MessageBoxA
GetDC
ReleaseDC
EndDialog
OffsetRect
SendMessageA
GetDlgItem

gdi32

GetDeviceCaps
CreateSolidBrush
SetTextColor
SetBkMode
GetStockObject
GetObjectA
CreateFontIndirectA
SelectObject
DeleteObject
GetTextExtentPoint32A

shell32

ShellExecuteA

imagehlp

SymGetLineFromAddr64
SymInitialize
SymSetOptions
StackWalk64
SymFunctionTableAccess64
SymGetModuleBase64
SymCleanup
SymGetSymFromAddr64

Exports

Exports

install
send_email

Sections

.text
Size: 196KB - Virtual size: 195KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 28KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/serial.ini
123key.exe
.exe windows:4 windows x86 arch:x86

592e3a5ce6ef4fbde491e82d160d314f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

InterlockedDecrement
InterlockedIncrement
GetModuleHandleA
GetStartupInfoA

pk83

ord20192
ord12838
ord409
ord6005
ord12666
ord20342
ord16167
ord10610
ord4881
ord1780
ord12625
ord19735
ord3970
ord11868
ord21220
ord5031
ord7792
ord18891
ord21431
ord1615
ord4223
ord19146
ord14822
ord19555
ord2242
ord21377
ord10994
ord854
ord5518
ord6584
ord3482
ord11080
ord1592
ord12667
ord5825
ord11786
ord16406
ord8815
ord1436
ord56
ord90
ord21105
ord17195
ord12483
ord7224
ord21444
ord2931
ord15046
ord10009
ord17680
ord8058
ord8177
ord20608
ord4287
ord6273
ord14075
ord1029
ord241
ord16310
ord10236
ord10574
ord20037
ord6202
ord2449
ord4937
ord240
ord2568
ord4291
ord16148
ord20606
ord21724
ord19694
ord8448
ord6272
ord16387
ord14146
ord13016
ord13371
ord5021
ord17675
ord2663
ord953
ord21782
ord15771
ord17152
ord11443
ord12710
ord22055
ord631
ord5406
ord15744
ord4499
ord7488
ord15327
ord10337
ord11533
ord12947
ord11348
ord4107
ord76
ord12446
ord21320
ord7980
ord17303
ord7304
ord4490
ord10704
ord22060
ord8582
ord18687
ord19786
ord15537
ord1356
ord1478
ord19401
ord3891
ord16859

msvcr71

_controlfp
_onexit
__dllonexit
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_amsg_exit
_acmdln
exit
_cexit
_ismbblead
_XcptFilter
_exit
_c_exit
??1type_info@@UAE@XZ
_except_handler3
?terminate@@YAXXZ
??0exception@@QAE@ABV0@@Z
??1exception@@UAE@XZ
??0exception@@QAE@ABQBD@Z
?what@exception@@UBEPBDXZ
_callnewh
malloc
__CxxLongjmpUnwind
_setjmp3
isprint
_purecall
_CxxThrowException
__CxxFrameHandler
??_V@YAXPAX@Z
??3@YAXPAX@Z

Sections

.text
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

CONST
Size: 4KB - Virtual size: 729B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

_TEXT
Size: 204KB - Virtual size: 203KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

xdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

text
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

_BSS
Size: - Virtual size: 1024B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_DATA
Size: 4KB - Virtual size: 506B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
acbtkey.exe
.exe windows:4 windows x86 arch:x86

9ff7774073a0e89d42e5c528498968ed

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

InterlockedIncrement
GetStartupInfoA
GetModuleHandleA
InterlockedDecrement

pk83

ord8815
ord16859
ord1478
ord90
ord21105
ord17195
ord12483
ord7224
ord21444
ord2931
ord7488
ord15327
ord12947
ord15046
ord2663
ord17675
ord56
ord20192
ord12838
ord409
ord6005
ord12666
ord20342
ord16167
ord4881
ord12625
ord19735
ord15881
ord13788
ord15224
ord3560
ord15868
ord11868
ord21220
ord5031
ord7792
ord18891
ord21431
ord1615
ord4223
ord19146
ord6630
ord9492
ord19555
ord12450
ord20389
ord10009
ord17680
ord8058
ord8177
ord20608
ord4287
ord6273
ord14075
ord13613
ord1029
ord241
ord16310
ord4499
ord10236
ord10574
ord15537
ord20037
ord6202
ord2449
ord4937
ord18454
ord21500
ord21377
ord18126
ord854
ord2568
ord4291
ord16148
ord20606
ord21724
ord2769
ord19694
ord8448
ord6272
ord16387
ord14146
ord13016
ord13371
ord5021
ord21368
ord14169
ord13987
ord9464
ord8458
ord13091
ord16740
ord19774
ord16406
ord4669
ord14627
ord14321
ord16470
ord2056
ord6947
ord19674
ord5488
ord7452
ord18275
ord18483
ord20511
ord9968
ord2138
ord5272
ord19184
ord9914
ord1092
ord5159
ord21204
ord11835
ord5371
ord9196
ord1228
ord21844
ord916
ord18379
ord8287
ord4926
ord3548
ord8377
ord11251
ord10185
ord15771
ord548
ord21128
ord20153
ord19971
ord1631
ord13693
ord19075
ord20009
ord455
ord15044
ord6689
ord21892
ord17099
ord17043
ord13843
ord17838
ord12538
ord10005
ord346
ord9525
ord8199
ord4806
ord11348
ord4107
ord18186
ord9455
ord17935
ord16500
ord21165
ord20129
ord9351
ord12333
ord229
ord15465
ord12587
ord7984
ord19195
ord4304
ord10960
ord18757
ord11403
ord3035
ord13200
ord7558
ord2451
ord5678
ord9636
ord12378
ord12288
ord10904
ord18933
ord14837
ord7481
ord14486
ord13134
ord966
ord186
ord18835
ord7306
ord12148
ord11786
ord5825
ord12667
ord1592
ord11080
ord3482
ord6584
ord5518
ord5406
ord10323
ord1543
ord14375
ord11359
ord16512
ord15744
ord21835
ord20395
ord4490
ord22060
ord7304
ord17303
ord10704
ord20989
ord7980
ord17044
ord12446
ord21320
ord485
ord18525
ord8582
ord18687
ord19786
ord12044
ord20980
ord149
ord6811
ord10059
ord6748
ord3891
ord7225

msvcr71

_controlfp
_onexit
__dllonexit
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_amsg_exit
_acmdln
exit
_cexit
_ismbblead
_XcptFilter
_exit
_c_exit
??1type_info@@UAE@XZ
_except_handler3
?terminate@@YAXXZ
??0exception@@QAE@ABV0@@Z
??1exception@@UAE@XZ
??0exception@@QAE@ABQBD@Z
?what@exception@@UBEPBDXZ
_callnewh
malloc
memmove
__CxxLongjmpUnwind
_setjmp3
strchr
_CxxThrowException
_purecall
__CxxFrameHandler
??_V@YAXPAX@Z
??3@YAXPAX@Z
_access

Sections

.text
Size: 156KB - Virtual size: 153KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

CONST
Size: 4KB - Virtual size: 530B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

_TEXT
Size: 88KB - Virtual size: 87KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

xdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

text
Size: 4KB - Virtual size: 597B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 820B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_DATA
Size: 4KB - Virtual size: 116B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
actkey.exe
.exe windows:4 windows x86 arch:x86

13273865ddf3d20c9ad8a3ce5f3df77a

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

InterlockedIncrement
InterlockedDecrement
GetModuleHandleA
GetStartupInfoA

advapi32

CloseServiceHandle
OpenSCManagerA
StartServiceA
QueryServiceStatus
OpenServiceA
ControlService

pk83

ord15044
ord16417
ord8704
ord10309
ord16148
ord13843
ord8679
ord21428
ord8095
ord9556
ord1058
ord4180
ord2244
ord17976
ord8666
ord10677
ord11683
ord19018
ord10419
ord16500
ord11348
ord4310
ord10323
ord8582
ord18948
ord14259
ord76
ord4768
ord4107
ord5906
ord12148
ord6723
ord12143
ord15771
ord7020
ord953
ord2663
ord17675
ord56
ord20192
ord12838
ord409
ord6005
ord12666
ord20342
ord16167
ord10610
ord4881
ord1780
ord12625
ord19735
ord3970
ord11868
ord21220
ord5031
ord7792
ord18891
ord21320
ord1615
ord4223
ord19146
ord14822
ord11495
ord2242
ord21377
ord10994
ord854
ord13023
ord11080
ord1592
ord12667
ord5825
ord11786
ord16406
ord8815
ord16859
ord1478
ord90
ord21105
ord17195
ord12483
ord7224
ord21444
ord2931
ord7488
ord15327
ord15046
ord8363
ord10009
ord17680
ord8058
ord8177
ord20608
ord4287
ord6273
ord14075
ord241
ord16310
ord2568
ord4291
ord20606
ord21724
ord19694
ord8448
ord6272
ord16387
ord14146
ord13016
ord13371
ord5021
ord10236
ord10574
ord15537
ord20037
ord6202
ord2449
ord20864
ord15594
ord6928
ord13474
ord11471
ord20146
ord6409
ord240
ord10337
ord3159
ord1084
ord12438
ord21197
ord19473
ord17044
ord2008
ord8274
ord15331
ord4499
ord1029
ord17043
ord13811
ord14169
ord12947
ord11533
ord12378
ord5406
ord11359
ord7310
ord14377
ord16512
ord12446
ord3482
ord6584
ord5518
ord485
ord18687
ord19786
ord10097
ord4490
ord22060
ord7304
ord17303
ord10704
ord15744
ord1944
ord14984
ord19427
ord19555
ord7980
ord3891
ord21431

msvcr71

_controlfp
_onexit
__dllonexit
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_amsg_exit
_acmdln
exit
_cexit
_ismbblead
_XcptFilter
_exit
_c_exit
??1type_info@@UAE@XZ
_except_handler3
?terminate@@YAXXZ
??0exception@@QAE@ABV0@@Z
??1exception@@UAE@XZ
??0exception@@QAE@ABQBD@Z
?what@exception@@UBEPBDXZ
_callnewh
toupper
setlocale
memmove
free
malloc
_purecall
__CxxLongjmpUnwind
_setjmp3
wcscmp
_CxxThrowException
__CxxFrameHandler
??_V@YAXPAX@Z
??3@YAXPAX@Z

Sections

.text
Size: 60KB - Virtual size: 58KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

CONST
Size: 4KB - Virtual size: 582B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

_TEXT
Size: 212KB - Virtual size: 209KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

xdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

text
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_DATA
Size: 4KB - Virtual size: 140B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
ariskkey.dll
.dll windows:4 windows x86 arch:x86

b52d799c44c87a199ae8aec934147fc4

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetVersionExA
CloseHandle
MapViewOfFile
UnmapViewOfFile
OpenFileMappingA
MultiByteToWideChar
WaitForSingleObject
OpenEventA
SetEvent
CreateEventA
CreateFileMappingA
GetModuleHandleA
GetSystemInfo
VirtualProtect
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
LCMapStringW
LCMapStringA
GetStringTypeW
GetStringTypeA
GetCurrentThreadId
GetCommandLineA
ExitProcess
GetProcAddress
TerminateProcess
GetCurrentProcess
TlsAlloc
SetLastError
GetLastError
TlsFree
TlsSetValue
TlsGetValue
HeapFree
HeapAlloc
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
UnhandledExceptionFilter
WriteFile
LeaveCriticalSection
EnterCriticalSection
GetACP
GetOEMCP
GetCPInfo
VirtualAlloc
HeapReAlloc
InitializeCriticalSection
RtlUnwind
InterlockedExchange
VirtualQuery
LoadLibraryA
HeapSize
GetLocaleInfoA

user32

SetWindowsHookExA
CallNextHookEx
EnumChildWindows
PostMessageA
UnhookWindowsHookEx
RegisterWindowMessageA
GetClassNameW
GetWindowTextLengthW
GetWindowLongA
IsWindowVisible
GetClassNameA
GetWindowTextW
GetWindowTextA
GetWindow
GetParent

Exports

Exports

pk_assert_dll_version

Sections

.text
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

CONST
Size: 1024B - Virtual size: 549B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

_TEXT
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_DATA
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ariskkey.exe
.exe windows:4 windows x86 arch:x86

15ef0cfc147effc09ab8deef4b7e6c51

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

InterlockedDecrement
InterlockedIncrement
GetCurrentThreadId
GetStartupInfoA
LocalFree
GetModuleHandleA

user32

GetClassNameA
GetWindowTextLengthA
GetWindowTextW
GetWindowTextLengthW
GetKeyState
GetParent
EnumChildWindows
IsWindowVisible
EnumWindows
PostMessageA
SetActiveWindow
AttachThreadInput
GetWindowThreadProcessId
IsWindow
GetWindowTextA

ole32

OleInitialize
OleUninitialize
OleRun
CoCreateInstance

oleaut32

GetErrorInfo
VariantClear

ariskkey

ord25
ord11
ord19
ord33
ord41

pk83

ord332
ord11848
ord4499
ord5174
ord11533
ord12947
ord14169
ord5406
ord19313
ord2093
ord5915
ord3350
ord18921
ord7488
ord15327
ord953
ord2663
ord17675
ord56
ord20192
ord12838
ord409
ord6005
ord12666
ord8377
ord16167
ord10610
ord4881
ord1780
ord12625
ord19735
ord3970
ord11868
ord21220
ord5031
ord18891
ord21431
ord1615
ord4223
ord19146
ord2242
ord19555
ord10994
ord14822
ord10009
ord17680
ord8058
ord8177
ord13048
ord4287
ord6273
ord14075
ord1029
ord241
ord18933
ord10574
ord20037
ord6202
ord17827
ord3587
ord16310
ord9607
ord449
ord9423
ord21377
ord854
ord2568
ord4291
ord16148
ord20606
ord21724
ord19694
ord8448
ord6272
ord16387
ord14146
ord13016
ord13371
ord5021
ord2008
ord14377
ord16512
ord12446
ord21320
ord7980
ord3482
ord12483
ord5518
ord90
ord1478
ord6584
ord16859
ord485
ord18525
ord8582
ord18687
ord19786
ord3891
ord15314
ord15046
ord4490
ord7304
ord17303
ord10704
ord18595
ord20078
ord4107
ord21444
ord2931
ord16406
ord11786
ord5825
ord7224
ord15744
ord17195
ord21105
ord8815
ord22060
ord12667
ord1592
ord11080
ord11359
ord17044
ord20608
ord7310
ord20342

msvcr71

_CxxThrowException
__CxxFrameHandler
strncmp
_setjmp3
_controlfp
_onexit
__dllonexit
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
__CxxLongjmpUnwind
??3@YAXPAX@Z
_amsg_exit
_acmdln
exit
_cexit
_ismbblead
_XcptFilter
_exit
_c_exit
??1type_info@@UAE@XZ
_except_handler3
?terminate@@YAXXZ
??0exception@@QAE@ABV0@@Z
??1exception@@UAE@XZ
??0exception@@QAE@ABQBD@Z
?what@exception@@UBEPBDXZ
_callnewh
malloc
_purecall

Sections

.text
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 376B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
bckey.exe
.exe windows:4 windows x86 arch:x86

972b5b9b42f88880b94724cd8f5d0da8

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

InterlockedDecrement
InterlockedIncrement
GetModuleHandleA
GetStartupInfoA

pk83

ord7225
ord4669
ord14627
ord14321
ord16470
ord2056
ord6947
ord19674
ord5488
ord7452
ord18275
ord18483
ord20511
ord9968
ord2138
ord5272
ord19184
ord1592
ord11080
ord12667
ord15744
ord5825
ord16406
ord11786
ord18687
ord7224
ord8815
ord17195
ord12483
ord21105
ord16859
ord1478
ord90
ord21444
ord2931
ord15046
ord14146
ord4291
ord6272
ord11251
ord10185
ord241
ord16310
ord548
ord21128
ord20153
ord16387
ord10236
ord10574
ord15537
ord20037
ord6202
ord2449
ord4937
ord18454
ord8582
ord7488
ord15327
ord2663
ord17675
ord56
ord10059
ord12838
ord409
ord19774
ord12666
ord20342
ord16167
ord4881
ord12625
ord19735
ord15881
ord13788
ord15224
ord3560
ord15868
ord11868
ord21220
ord5031
ord7792
ord18891
ord21431
ord1615
ord4223
ord19146
ord6630
ord9492
ord19555
ord12450
ord20389
ord10009
ord17680
ord8058
ord8177
ord20608
ord4287
ord6273
ord14075
ord13613
ord21500
ord21377
ord18126
ord854
ord2568
ord16148
ord20606
ord21724
ord2769
ord19694
ord8448
ord13016
ord13371
ord5021
ord10510
ord17237
ord2631
ord18525
ord8287
ord9914
ord11533
ord11513
ord15496
ord10661
ord21368
ord16740
ord3482
ord6584
ord5518
ord7980
ord1029
ord13091
ord4490
ord22060
ord7304
ord17303
ord11359
ord8458
ord9464
ord5406
ord13987
ord14169
ord20989
ord6748
ord21320
ord19786
ord3548
ord18379
ord916
ord21844
ord1228
ord9196
ord5371
ord11835
ord21204
ord5159
ord8075
ord9265
ord12947
ord4499
ord17043
ord6005
ord10704
ord3891
ord20192

msvcr71

_controlfp
_onexit
__dllonexit
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_amsg_exit
_acmdln
exit
_cexit
_ismbblead
_XcptFilter
_exit
_c_exit
??1type_info@@UAE@XZ
_except_handler3
?terminate@@YAXXZ
??0exception@@QAE@ABV0@@Z
??1exception@@UAE@XZ
??0exception@@QAE@ABQBD@Z
?what@exception@@UBEPBDXZ
_callnewh
free
malloc
fopen
__CxxLongjmpUnwind
_setjmp3
_purecall
_CxxThrowException
__CxxFrameHandler
??_V@YAXPAX@Z
??3@YAXPAX@Z

Sections

.text
Size: 100KB - Virtual size: 96KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

CONST
Size: 4KB - Virtual size: 335B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

_TEXT
Size: 76KB - Virtual size: 72KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

xdata
Size: 4KB - Virtual size: 700B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

text
Size: 4KB - Virtual size: 456B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 36KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_DATA
Size: 4KB - Virtual size: 59B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
bckupkey.exe
.exe windows:4 windows x86 arch:x86

e8059f44b88ecc2e1f17065a1508ef3b

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

InterlockedDecrement
InterlockedIncrement
GetModuleHandleA
GetStartupInfoA

pk83

ord3970
ord11868
ord21220
ord5031
ord7792
ord18891
ord21431
ord1615
ord4223
ord19146
ord14822
ord19555
ord2242
ord21377
ord10994
ord854
ord5518
ord6584
ord3482
ord11080
ord1592
ord12667
ord5825
ord15744
ord11786
ord16406
ord8815
ord16859
ord1478
ord90
ord21105
ord17195
ord12483
ord7224
ord18687
ord19735
ord7488
ord15327
ord15046
ord10009
ord17680
ord8058
ord8177
ord20608
ord4287
ord6273
ord14075
ord1029
ord241
ord16310
ord2568
ord4291
ord16148
ord20606
ord21724
ord19694
ord8448
ord6272
ord16387
ord14146
ord13016
ord13371
ord5021
ord10236
ord10574
ord20037
ord6202
ord2449
ord4937
ord240
ord12625
ord1780
ord4881
ord10610
ord16167
ord20342
ord12666
ord6005
ord409
ord12838
ord20192
ord56
ord17675
ord2663
ord953
ord4499
ord17303
ord7304
ord15537
ord15771
ord7020
ord4490
ord10704
ord22060
ord4768
ord12378
ord10337
ord11533
ord12947
ord11348
ord4107
ord76
ord12446
ord21320
ord2931
ord8582
ord3891
ord21444

msvcr71

_controlfp
_onexit
__dllonexit
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_amsg_exit
_acmdln
exit
_cexit
_ismbblead
_XcptFilter
_exit
_c_exit
??1type_info@@UAE@XZ
_except_handler3
?terminate@@YAXXZ
??0exception@@QAE@ABV0@@Z
??1exception@@UAE@XZ
??0exception@@QAE@ABQBD@Z
?what@exception@@UBEPBDXZ
_callnewh
malloc
__CxxLongjmpUnwind
_setjmp3
_purecall
_CxxThrowException
strncmp
__CxxFrameHandler
??_V@YAXPAX@Z
??3@YAXPAX@Z

Sections

.text
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

CONST
Size: 4KB - Virtual size: 550B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

_TEXT
Size: 148KB - Virtual size: 146KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

xdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

text
Size: 4KB - Virtual size: 688B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 184B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_DATA
Size: 4KB - Virtual size: 76B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
dict.txt
efsdll.dll
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

?GetFile@@YAHPADH0AAKAA_JH@Z
?GetFileWillBeLong@@YAHPAD@Z
?InitializeDll@@YAXPBD@Z
?SetParams@@YAHW4CSTYLE@@PAD@Z
?dll_breakflag@@3_NA
?lp_SetProgress@@3P6GXH@ZA

Sections

UPX0
Size: - Virtual size: 2.7MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 186KB - Virtual size: 188KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX2
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
efskey.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 280KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 157KB - Virtual size: 160KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 35KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
fmkey.exe
.exe windows:4 windows x86 arch:x86

c75132cb9cb1ab2ef1c8f8c9c3e52e10

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

InterlockedDecrement
InterlockedIncrement
GetSystemDefaultLCID
InterlockedExchange
GetModuleHandleA
GetStartupInfoA

user32

GetKeyState

pk83

ord953
ord2663
ord17675
ord56
ord20192
ord12838
ord409
ord6005
ord12666
ord20342
ord16167
ord10610
ord4881
ord1780
ord12625
ord19735
ord3970
ord11868
ord21220
ord5031
ord7792
ord18891
ord21431
ord1615
ord4223
ord19146
ord14822
ord19555
ord2242
ord21377
ord10994
ord854
ord5518
ord6584
ord3482
ord11080
ord1592
ord12667
ord5825
ord11786
ord16406
ord8815
ord16859
ord1478
ord90
ord21105
ord17195
ord12483
ord7224
ord21444
ord2931
ord7488
ord15327
ord15046
ord10009
ord17680
ord8058
ord8177
ord20608
ord4287
ord15331
ord14075
ord1029
ord8274
ord16310
ord2568
ord4291
ord16148
ord20606
ord21724
ord13016
ord19694
ord8448
ord6272
ord16387
ord14146
ord5021
ord10236
ord10574
ord15537
ord20037
ord6202
ord2449
ord4937
ord240
ord15044
ord6689
ord21892
ord9525
ord17099
ord13843
ord10323
ord2244
ord17976
ord8666
ord17223
ord16878
ord1687
ord2189
ord264
ord17044
ord3494
ord8581
ord2479
ord10695
ord7594
ord15400
ord4272
ord5885
ord20461
ord17702
ord21859
ord20538
ord11513
ord19067
ord9242
ord6453
ord2926
ord20313
ord6678
ord19108
ord2045
ord17520
ord4942
ord16346
ord18098
ord8979
ord21580
ord10661
ord16500
ord21897
ord3035
ord16157
ord15744
ord18595
ord7186
ord11533
ord18723
ord17043
ord15180
ord12947
ord11348
ord4499
ord7020
ord11359
ord4768
ord3507
ord4107
ord9265
ord12139
ord76
ord12446
ord21320
ord10510
ord2631
ord17237
ord8582
ord18687
ord19786
ord4490
ord22060
ord7304
ord17303
ord5406
ord10704
ord241
ord3891
ord6273

msvcr71

_controlfp
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_amsg_exit
_acmdln
exit
_cexit
_ismbblead
_XcptFilter
_exit
_c_exit
_onexit
__dllonexit
??1type_info@@UAE@XZ
_except_handler3
?terminate@@YAXXZ
??0exception@@QAE@ABQBD@Z
?what@exception@@UBEPBDXZ
_callnewh
malloc
__CxxLongjmpUnwind
_setjmp3
_purecall
??0exception@@QAE@ABV0@@Z
??0exception@@QAE@XZ
??1exception@@UAE@XZ
memmove
_CxxThrowException
__CxxFrameHandler
??_V@YAXPAX@Z
??3@YAXPAX@Z

Sections

.text
Size: 24KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

CONST
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

_TEXT
Size: 476KB - Virtual size: 473KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

xdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

text
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

_BSS
Size: - Virtual size: 48B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 952B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_DATA
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

CRT
Size: 4KB - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
iekey.exe
.exe windows:4 windows x86 arch:x86

8dc486803f4467042a488031d2240f12

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LoadLibraryA
GetProcAddress
FreeLibrary
InterlockedIncrement
InterlockedDecrement
lstrlenA
InitializeCriticalSection
GetStartupInfoA
GetModuleHandleA
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection

advapi32

RegOpenKeyExA
RegQueryValueExA
RegCloseKey

shell32

SHGetMalloc
SHGetSpecialFolderLocation
SHGetPathFromIDListA

pk83

ord20012
ord15721
ord15055
ord19066
ord3223
ord5518
ord3482
ord11080
ord1592
ord12667
ord11786
ord16406
ord8815
ord16859
ord1478
ord90
ord21105
ord17195
ord12483
ord7224
ord21444
ord953
ord2663
ord17675
ord56
ord20192
ord12838
ord409
ord6005
ord12666
ord20342
ord16167
ord10610
ord4881
ord1780
ord12625
ord19735
ord3970
ord11868
ord20578
ord5031
ord18891
ord21431
ord1615
ord4223
ord19146
ord2242
ord19555
ord10994
ord14822
ord15046
ord10009
ord17680
ord8058
ord8177
ord20608
ord4287
ord6273
ord14075
ord21306
ord21905
ord15478
ord1029
ord241
ord18933
ord3587
ord16310
ord21377
ord3350
ord854
ord2568
ord4291
ord16148
ord20606
ord21724
ord19694
ord8448
ord6272
ord16387
ord14146
ord13016
ord13371
ord5021
ord3035
ord20078
ord10323
ord1198
ord9172
ord14443
ord4551
ord15671
ord5276
ord6936
ord2703
ord2913
ord4815
ord3419
ord1547
ord10285
ord16236
ord4107
ord5906
ord5825
ord13121
ord13200
ord10419
ord10677
ord11683
ord19018
ord17223
ord8666
ord17976
ord2244
ord13307
ord7310
ord1543
ord18525
ord7266
ord9248
ord485
ord2931
ord2008
ord11359
ord17044
ord16248
ord11348
ord2898
ord14169
ord5406
ord4298
ord4511
ord18279
ord12148
ord16512
ord15594
ord11471
ord6928
ord17043
ord11533
ord15744
ord20864
ord20146
ord4499
ord4490
ord10704
ord22060
ord17303
ord7304
ord12947
ord7488
ord15327
ord20060
ord8377
ord12446
ord7980
ord13023
ord6584
ord8582
ord18687
ord19786
ord21320
ord3891
ord18237
ord6110
ord9455
ord12698
ord21220

msvcr71

_read
_lseek
_controlfp
_onexit
__dllonexit
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_amsg_exit
_acmdln
exit
_cexit
_ismbblead
_XcptFilter
_exit
_c_exit
??1type_info@@UAE@XZ
?terminate@@YAXXZ
??0exception@@QAE@ABQBD@Z
?what@exception@@UBEPBDXZ
_except_handler3
_callnewh
??0exception@@QAE@XZ
??1exception@@UAE@XZ
??0exception@@QAE@ABV0@@Z
memmove
__CxxLongjmpUnwind
_setjmp3
_close
_purecall
malloc
free
_CxxThrowException
__CxxFrameHandler
??_V@YAXPAX@Z
??3@YAXPAX@Z
_open

Sections

.text
Size: 64KB - Virtual size: 62KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

CONST
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

_TEXT
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

xdata
Size: 24KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

text
Size: 28KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

_BSS
Size: - Virtual size: 4B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_DATA
Size: 4KB - Virtual size: 894B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
lnkey.exe
.exe windows:4 windows x86 arch:x86

89a1783f5a4ae28f8d13f3e38fb8da52

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

InterlockedDecrement
InterlockedIncrement
GetModuleHandleA
GetStartupInfoA

pk83

ord548
ord11251
ord6272
ord16387
ord16310
ord14146
ord8582
ord2663
ord17675
ord56
ord20192
ord12838
ord409
ord6005
ord12666
ord20342
ord16167
ord4881
ord12625
ord19735
ord15881
ord13788
ord15224
ord3560
ord15868
ord11868
ord21220
ord5031
ord7792
ord18891
ord21431
ord1615
ord4223
ord19146
ord6630
ord9492
ord19555
ord12450
ord20389
ord10009
ord17680
ord8058
ord8177
ord20608
ord4287
ord6273
ord14075
ord13613
ord10236
ord10574
ord15537
ord20037
ord6202
ord2449
ord4937
ord240
ord21377
ord18126
ord854
ord2568
ord16148
ord7304
ord4490
ord20606
ord21724
ord2769
ord19694
ord8448
ord20153
ord5021
ord19786
ord21320
ord12446
ord11359
ord6748
ord9359
ord17694
ord7511
ord424
ord16616
ord21368
ord8287
ord9914
ord2142
ord9737
ord20989
ord8075
ord5208
ord5159
ord21204
ord11835
ord5371
ord9196
ord1228
ord21844
ord916
ord18379
ord3548
ord14169
ord13987
ord10704
ord5406
ord9464
ord8458
ord17303
ord13091
ord7980
ord16740
ord19774
ord7225
ord4669
ord14627
ord14321
ord16470
ord2056
ord6947
ord19674
ord5488
ord7452
ord18275
ord18483
ord20511
ord9968
ord2138
ord5272
ord19184
ord15044
ord6689
ord21892
ord9525
ord17043
ord13843
ord17099
ord18933
ord12378
ord14837
ord16512
ord21128
ord10185
ord241
ord4291
ord15771
ord1029
ord4499
ord15046
ord12947
ord15327
ord7488
ord76
ord2931
ord21444
ord7224
ord12483
ord17195
ord21105
ord90
ord1478
ord16859
ord18687
ord8815
ord22060
ord16406
ord11786
ord15744
ord5825
ord12667
ord1592
ord11080
ord3482
ord6584
ord13371
ord5518
ord3891
ord13016

msvcr71

_controlfp
_onexit
__dllonexit
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_amsg_exit
_acmdln
exit
_cexit
_ismbblead
_XcptFilter
_exit
_c_exit
??1type_info@@UAE@XZ
_except_handler3
?terminate@@YAXXZ
??0exception@@QAE@ABV0@@Z
??1exception@@UAE@XZ
??0exception@@QAE@ABQBD@Z
?what@exception@@UBEPBDXZ
_callnewh
malloc
_CxxThrowException
__CxxLongjmpUnwind
_setjmp3
_purecall
__CxxFrameHandler
??3@YAXPAX@Z

Sections

.text
Size: 44KB - Virtual size: 42KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 468B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
mailkey.exe
.exe windows:4 windows x86 arch:x86

c2a13e47fe337ddbb23c8bcda29aa28c

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

InterlockedDecrement
InterlockedIncrement
GetModuleHandleA
GetStartupInfoA

pk83

ord11080
ord1592
ord12667
ord5825
ord15744
ord11786
ord16406
ord22060
ord8815
ord18687
ord16859
ord1478
ord90
ord21105
ord17195
ord12483
ord7224
ord21444
ord2931
ord7488
ord15327
ord12947
ord15046
ord10009
ord17680
ord8058
ord8177
ord20608
ord4287
ord6273
ord14075
ord1029
ord241
ord953
ord3482
ord2568
ord4291
ord16148
ord7304
ord4490
ord20606
ord21724
ord19694
ord8448
ord6272
ord16387
ord14146
ord13016
ord13371
ord5021
ord10236
ord10574
ord15537
ord20037
ord6202
ord2449
ord4937
ord240
ord21320
ord12446
ord76
ord17043
ord4768
ord10704
ord6723
ord7020
ord15771
ord11533
ord6584
ord5518
ord8582
ord854
ord10994
ord21377
ord2242
ord19555
ord14822
ord19146
ord4223
ord1615
ord21431
ord18891
ord7792
ord5031
ord21220
ord11868
ord3970
ord19735
ord12625
ord1780
ord4881
ord10610
ord16167
ord20342
ord12666
ord6005
ord409
ord12838
ord20192
ord56
ord17675
ord4499
ord2663
ord3891
ord16310

msvcr71

_controlfp
_onexit
__dllonexit
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_amsg_exit
_acmdln
exit
_cexit
_ismbblead
_XcptFilter
_exit
_c_exit
??1type_info@@UAE@XZ
_except_handler3
?terminate@@YAXXZ
??0exception@@QAE@ABV0@@Z
??1exception@@UAE@XZ
??0exception@@QAE@ABQBD@Z
?what@exception@@UBEPBDXZ
_callnewh
malloc
_CxxThrowException
__CxxLongjmpUnwind
_setjmp3
_purecall
__CxxFrameHandler
??_V@YAXPAX@Z
??3@YAXPAX@Z

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

_TEXT
Size: 73KB - Virtual size: 73KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

CONST
Size: 512B - Virtual size: 263B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

xdata
Size: 512B - Virtual size: 444B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

text
Size: 512B - Virtual size: 188B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 208B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_DATA
Size: 1024B - Virtual size: 844B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
moneykey.exe
.exe windows:4 windows x86 arch:x86

d20e6d1feed0bb9c13798d5590e33e85

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

InterlockedIncrement
InterlockedDecrement
GetModuleHandleA
GetStartupInfoA

advapi32

CryptDestroyHash
CryptGetHashParam
CryptDestroyKey
CryptAcquireContextA
CryptReleaseContext
CryptSetKeyParam
CryptDecrypt
CryptDeriveKey
CryptHashData
CryptCreateHash

pk83

ord11359
ord13091
ord1029
ord7980
ord5518
ord6584
ord3482
ord16740
ord19774
ord7225
ord4669
ord14627
ord14321
ord16470
ord2056
ord6947
ord19674
ord5488
ord7452
ord10695
ord18483
ord20511
ord9968
ord2138
ord5272
ord19184
ord17237
ord2631
ord10510
ord18687
ord14377
ord1592
ord11080
ord12667
ord5825
ord16406
ord11786
ord7224
ord8815
ord17195
ord12483
ord21105
ord16859
ord1478
ord90
ord21444
ord2931
ord76
ord7488
ord12947
ord15327
ord15046
ord11533
ord4499
ord3507
ord10661
ord15496
ord19843
ord16354
ord21404
ord17043
ord15771
ord14146
ord4291
ord6272
ord11251
ord10185
ord548
ord21128
ord20153
ord16387
ord6723
ord4107
ord3035
ord7020
ord10059
ord15537
ord9265
ord5174
ord17668
ord2663
ord17675
ord3548
ord20192
ord12838
ord409
ord6005
ord12666
ord20342
ord16167
ord4881
ord12625
ord19735
ord15881
ord13788
ord15224
ord3560
ord15868
ord11868
ord21220
ord5031
ord7792
ord18891
ord21431
ord1615
ord4223
ord19146
ord6630
ord9492
ord19555
ord12450
ord20389
ord10009
ord17680
ord8058
ord8177
ord20608
ord4287
ord6273
ord14075
ord13613
ord241
ord16310
ord10236
ord10574
ord20037
ord6202
ord2449
ord4937
ord240
ord21377
ord18126
ord854
ord2568
ord16148
ord20606
ord21724
ord2769
ord19694
ord8448
ord13016
ord13371
ord5021
ord12333
ord229
ord15465
ord7984
ord15044
ord6689
ord21892
ord17099
ord13843
ord8287
ord18933
ord4768
ord14837
ord19621
ord17513
ord21544
ord16263
ord16617
ord18102
ord15744
ord8458
ord9464
ord5406
ord13987
ord18379
ord916
ord21844
ord1228
ord9196
ord5371
ord11835
ord21204
ord5851
ord5208
ord8075
ord20989
ord7838
ord4490
ord22060
ord7304
ord17303
ord10704
ord9914
ord21368
ord6748
ord17044
ord7310
ord8377
ord16512
ord2008
ord12446
ord21320
ord8582
ord18525
ord56
ord19786
ord3891
ord11348

msvcr71

_controlfp
_onexit
__dllonexit
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_amsg_exit
_acmdln
exit
_cexit
_ismbblead
_XcptFilter
_exit
_c_exit
??1type_info@@UAE@XZ
_except_handler3
?terminate@@YAXXZ
??0exception@@QAE@ABV0@@Z
??1exception@@UAE@XZ
??0exception@@QAE@ABQBD@Z
?what@exception@@UBEPBDXZ
_callnewh
malloc
_wcsupr
fopen
__CxxLongjmpUnwind
_setjmp3
_CxxThrowException
_purecall
__CxxFrameHandler
??_V@YAXPAX@Z
??3@YAXPAX@Z

Sections

.text
Size: 112KB - Virtual size: 110KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

CONST
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

_TEXT
Size: 188KB - Virtual size: 186KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

xdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

text
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 352B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_DATA
Size: 4KB - Virtual size: 561B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
msgrkey.exe
.exe windows:4 windows x86 arch:x86

9b2eb68d6593b1e92e4617f5b9ccdc47

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetVolumeInformationA
GetWindowsDirectoryA
InterlockedIncrement
GetLastError
GetCurrentThread
LoadLibraryA
GetProcAddress
InterlockedDecrement
GetCurrentProcess
FreeLibrary
GetModuleHandleA
GetStartupInfoA

advapi32

OpenProcessToken
GetTokenInformation
LookupAccountSidA
OpenThreadToken

pk83

ord17043
ord4499
ord12947
ord19786
ord12378
ord10323
ord5192
ord2008
ord10695
ord15044
ord6689
ord21892
ord9525
ord17099
ord13843
ord7838
ord6936
ord7488
ord15327
ord20285
ord11533
ord16141
ord18525
ord9607
ord5518
ord6584
ord3482
ord7310
ord11080
ord1592
ord12667
ord5825
ord11786
ord16406
ord8815
ord16859
ord1478
ord90
ord21105
ord17195
ord12483
ord7224
ord21444
ord15046
ord953
ord2663
ord17675
ord56
ord20192
ord12838
ord409
ord6005
ord12666
ord10704
ord16167
ord10610
ord1780
ord12625
ord19735
ord3970
ord11868
ord4310
ord5031
ord7792
ord18891
ord21431
ord1615
ord4223
ord19146
ord2242
ord14822
ord19555
ord10009
ord17680
ord8058
ord8177
ord20608
ord4287
ord6273
ord14075
ord18237
ord4815
ord4881
ord10236
ord10574
ord15537
ord20037
ord6202
ord2449
ord4937
ord240
ord4291
ord241
ord16148
ord20606
ord1029
ord9423
ord16310
ord6272
ord16387
ord14146
ord14169
ord6110
ord2913
ord21377
ord3350
ord10994
ord854
ord2568
ord21724
ord19694
ord8448
ord13016
ord13371
ord5021
ord15954
ord21657
ord12959
ord8377
ord6103
ord13121
ord17035
ord5406
ord16236
ord10285
ord15671
ord1547
ord16512
ord10337
ord7552
ord8773
ord1281
ord16878
ord1687
ord8666
ord17976
ord2244
ord76
ord13307
ord11359
ord7980
ord17044
ord12446
ord21320
ord11348
ord4107
ord1134
ord2931
ord8582
ord18687
ord15744
ord4490
ord22060
ord7304
ord21220
ord17303
ord3891
ord20342

msvcr71

_controlfp
_onexit
__dllonexit
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_amsg_exit
_acmdln
exit
_cexit
_ismbblead
_XcptFilter
_exit
_c_exit
??1type_info@@UAE@XZ
_except_handler3
?terminate@@YAXXZ
??0exception@@QAE@ABV0@@Z
??1exception@@UAE@XZ
??0exception@@QAE@ABQBD@Z
?what@exception@@UBEPBDXZ
_callnewh
malloc
__CxxLongjmpUnwind
_setjmp3
_purecall
_CxxThrowException
__CxxFrameHandler
??_V@YAXPAX@Z
??3@YAXPAX@Z

Sections

.text
Size: 92KB - Virtual size: 89KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 500B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
msvcr71.dll
.dll windows:4 windows x86 arch:x86

7acc8c379c768a1ecd81ec502ff5f33e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

msvcr71.pdb

Imports

kernel32

GetModuleFileNameA
GetModuleFileNameW
ExitProcess
GetProcAddress
GetModuleHandleA
TerminateProcess
GetCurrentProcess
WriteFile
GetStdHandle
GetCurrentThreadId
GetCommandLineA
GetVersionExA
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
ExitThread
CloseHandle
GetLastError
ResumeThread
CreateThread
TlsAlloc
SetLastError
GetCurrentThread
TlsFree
TlsSetValue
TlsGetValue
FindNextFileA
FindFirstFileA
FindClose
FindNextFileW
FindFirstFileW
HeapAlloc
HeapFree
GetEnvironmentVariableA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
IsBadWritePtr
SetHandleCount
GetFileType
GetStartupInfoA
GetACP
GetOEMCP
GetCPInfo
LoadLibraryA
MultiByteToWideChar
GetCommandLineW
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
InitializeCriticalSection
RtlUnwind
UnhandledExceptionFilter
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
SetConsoleCtrlHandler
InterlockedExchange
VirtualQuery
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
SetEnvironmentVariableA
SetEnvironmentVariableW
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
IsValidCodePage
GetLocaleInfoW
GetTimeFormatA
GetDateFormatA
GetTimeZoneInformation
HeapSize
VirtualProtect
GetSystemInfo
FlushFileBuffers
SetFilePointer
SetStdHandle
CompareStringA
CompareStringW
Sleep
Beep
FileTimeToSystemTime
FileTimeToLocalFileTime
GetDiskFreeSpaceA
GetLogicalDrives
SetErrorMode
GetFileAttributesA
GetCurrentDirectoryA
SetCurrentDirectoryA
SetFileAttributesA
GetFullPathNameA
GetDriveTypeA
CreateDirectoryA
RemoveDirectoryA
DeleteFileA
GetFileAttributesW
GetCurrentDirectoryW
SetCurrentDirectoryW
SetFileAttributesW
GetFullPathNameW
CreateDirectoryW
DeleteFileW
MoveFileW
RemoveDirectoryW
GetDriveTypeW
MoveFileA
RaiseException
IsBadReadPtr
SetUnhandledExceptionFilter
IsBadCodePtr
GetExitCodeProcess
WaitForSingleObject
FreeLibrary
CreateProcessA
CreateProcessW
HeapValidate
HeapCompact
HeapWalk
ReadConsoleA
SetConsoleMode
GetConsoleMode
IsDBCSLeadByteEx
GetConsoleCP
ReadConsoleW
SetEndOfFile
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
DuplicateHandle
GetFileInformationByHandle
PeekNamedPipe
ReadConsoleInputA
PeekConsoleInputA
GetNumberOfConsoleInputEvents
ReadConsoleInputW
LockFile
UnlockFile
CreateFileA
CreatePipe
ReadFile
CreateFileW
SetFileTime
LocalFileTimeToFileTime
SystemTimeToFileTime
GetLocalTime
SetLocalTime

Exports

Exports

$I10_OUTPUT
??0__non_rtti_object@@QAE@ABV0@@Z
??0__non_rtti_object@@QAE@PBD@Z
??0bad_cast@@AAE@PBQBD@Z
??0bad_cast@@QAE@ABQBD@Z
??0bad_cast@@QAE@ABV0@@Z
??0bad_cast@@QAE@PBD@Z
??0bad_typeid@@QAE@ABV0@@Z
??0bad_typeid@@QAE@PBD@Z
??0exception@@QAE@ABQBD@Z
??0exception@@QAE@ABV0@@Z
??0exception@@QAE@XZ
??1__non_rtti_object@@UAE@XZ
??1bad_cast@@UAE@XZ
??1bad_typeid@@UAE@XZ
??1exception@@UAE@XZ
??1type_info@@UAE@XZ
??2@YAPAXI@Z
??3@YAXPAX@Z
??4__non_rtti_object@@QAEAAV0@ABV0@@Z
??4bad_cast@@QAEAAV0@ABV0@@Z
??4bad_typeid@@QAEAAV0@ABV0@@Z
??4exception@@QAEAAV0@ABV0@@Z
??8type_info@@QBEHABV0@@Z
??9type_info@@QBEHABV0@@Z
??_7__non_rtti_object@@6B@
??_7bad_cast@@6B@
??_7bad_typeid@@6B@
??_7exception@@6B@
??_Fbad_cast@@QAEXXZ
??_Fbad_typeid@@QAEXXZ
??_U@YAPAXI@Z
??_V@YAXPAX@Z
?_query_new_handler@@YAP6AHI@ZXZ
?_query_new_mode@@YAHXZ
?_set_new_handler@@YAP6AHI@ZP6AHI@Z@Z
?_set_new_mode@@YAHH@Z
?_set_se_translator@@YAP6AXIPAU_EXCEPTION_POINTERS@@@ZP6AXI0@Z@Z
?before@type_info@@QBEHABV1@@Z
?name@type_info@@QBEPBDXZ
?raw_name@type_info@@QBEPBDXZ
?set_new_handler@@YAP6AXXZP6AXXZ@Z
?set_terminate@@YAP6AXXZP6AXXZ@Z
?set_unexpected@@YAP6AXXZP6AXXZ@Z
?swprintf@@YAHPAGIPBGZZ
?swprintf@@YAHPA_WIPB_WZZ
?terminate@@YAXXZ
?unexpected@@YAXXZ
?vswprintf@@YAHPAGIPBGPAD@Z
?vswprintf@@YAHPA_WIPB_WPAD@Z
?what@exception@@UBEPBDXZ
_CIacos
_CIasin
_CIatan
_CIatan2
_CIcos
_CIcosh
_CIexp
_CIfmod
_CIlog
_CIlog10
_CIpow
_CIsin
_CIsinh
_CIsqrt
_CItan
_CItanh
_CRT_RTC_INIT
_CxxThrowException
_EH_prolog
_Getdays
_Getmonths
_Gettnames
_HUGE
_Strftime
_XcptFilter
__CppXcptFilter
__CxxCallUnwindDtor
__CxxCallUnwindVecDtor
__CxxDetectRethrow
__CxxExceptionFilter
__CxxFrameHandler
__CxxLongjmpUnwind
__CxxQueryExceptionSize
__CxxRegisterExceptionObject
__CxxUnregisterExceptionObject
__DestructExceptionObject
__RTCastToVoid
__RTDynamicCast
__RTtypeid
__STRINGTOLD
___lc_codepage_func
___lc_collate_cp_func
___lc_handle_func
___mb_cur_max_func
___setlc_active_func
___unguarded_readlc_active_add_func
__argc
__argv
__badioinfo
__buffer_overrun
__crtCompareStringA
__crtCompareStringW
__crtGetLocaleInfoW
__crtGetStringTypeW
__crtLCMapStringA
__crtLCMapStringW
__dllonexit
__doserrno
__fpecode
__getmainargs
__initenv
__iob_func
__isascii
__iscsym
__iscsymf
__lc_clike
__lc_codepage
__lc_collate_cp
__lc_handle
__lconv_init
__mb_cur_max
__p___argc
__p___argv
__p___initenv
__p___mb_cur_max
__p___wargv
__p___winitenv
__p__acmdln
__p__amblksiz
__p__commode
__p__daylight
__p__dstbias
__p__environ
__p__fileinfo
__p__fmode
__p__iob
__p__mbcasemap
__p__mbctype
__p__osver
__p__pctype
__p__pgmptr
__p__pwctype
__p__timezone
__p__tzname
__p__wcmdln
__p__wenviron
__p__winmajor
__p__winminor
__p__winver
__p__wpgmptr
__pctype_func
__pioinfo
__pwctype_func
__pxcptinfoptrs
__security_error_handler
__set_app_type
__set_buffer_overrun_handler
__setlc_active
__setusermatherr
__threadhandle
__threadid
__toascii
__unDName
__unDNameEx
__uncaught_exception
__unguarded_readlc_active
__wargv
__wcserror
__wgetmainargs
__winitenv
_abnormal_termination
_access
_acmdln
_adj_fdiv_m16i
_adj_fdiv_m32
_adj_fdiv_m32i
_adj_fdiv_m64
_adj_fdiv_r
_adj_fdivr_m16i
_adj_fdivr_m32
_adj_fdivr_m32i
_adj_fdivr_m64
_adj_fpatan
_adj_fprem
_adj_fprem1
_adj_fptan
_adjust_fdiv
_aexit_rtn
_aligned_free
_aligned_malloc
_aligned_offset_malloc
_aligned_offset_realloc
_aligned_realloc
_amsg_exit
_assert
_atodbl
_atoi64
_atoldbl
_beep
_beginthread
_beginthreadex
_c_exit
_cabs
_callnewh
_cexit
_cgets
_cgetws
_chdir
_chdrive
_chgsign
_chkesp
_chmod
_chsize
_clearfp
_close
_commit
_commode
_control87
_controlfp
_copysign
_cprintf
_cputs
_cputws
_creat
_cscanf
_ctime64
_cwait
_cwprintf
_cwscanf
_daylight
_dstbias
_dup
_dup2
_ecvt
_endthread
_endthreadex
_environ
_eof
_errno
_except_handler2
_except_handler3
_execl
_execle
_execlp
_execlpe
_execv
_execve
_execvp
_execvpe
_exit
_expand
_fcloseall
_fcvt
_fdopen
_fgetchar
_fgetwchar
_filbuf
_fileinfo
_filelength
_filelengthi64
_fileno
_findclose
_findfirst
_findfirst64
_findfirsti64
_findnext
_findnext64
_findnexti64
_finite
_flsbuf
_flushall
_fmode
_fpclass
_fpieee_flt
_fpreset
_fputchar
_fputwchar
_fsopen
_fstat
_fstat64
_fstati64
_ftime
_ftime64
_ftol
_fullpath
_futime
_futime64
_gcvt
_get_heap_handle
_get_osfhandle
_get_sbh_threshold
_getch
_getche
_getcwd
_getdcwd
_getdiskfree
_getdllprocaddr
_getdrive
_getdrives
_getmaxstdio
_getmbcp
_getpid
_getsystime
_getw
_getwch
_getwche
_getws
_global_unwind2
_gmtime64
_heapadd
_heapchk
_heapmin
_heapset
_heapused
_heapwalk
_hypot
_i64toa
_i64tow
_initterm
_inp
_inpd
_inpw
_iob
_isatty
_isctype
_ismbbalnum
_ismbbalpha
_ismbbgraph
_ismbbkalnum
_ismbbkana
_ismbbkprint
_ismbbkpunct
_ismbblead
_ismbbprint
_ismbbpunct
_ismbbtrail
_ismbcalnum
_ismbcalpha
_ismbcdigit
_ismbcgraph
_ismbchira
_ismbckata
_ismbcl0
_ismbcl1
_ismbcl2
_ismbclegal
_ismbclower
_ismbcprint
_ismbcpunct
_ismbcspace
_ismbcsymbol
_ismbcupper
_ismbslead
_ismbstrail
_isnan
_itoa
_itow
_j0
_j1
_jn
_kbhit
_lfind
_loaddll
_local_unwind2
_localtime64
_lock
_locking
_logb
_longjmpex
_lrotl
_lrotr
_lsearch
_lseek
_lseeki64
_ltoa
_ltow
_makepath
_mbbtombc
_mbbtype
_mbcasemap
_mbccpy
_mbcjistojms
_mbcjmstojis
_mbclen
_mbctohira
_mbctokata
_mbctolower
_mbctombb
_mbctoupper
_mbctype
_mbsbtype
_mbscat
_mbschr
_mbscmp
_mbscoll
_mbscpy
_mbscspn
_mbsdec
_mbsdup
_mbsicmp
_mbsicoll
_mbsinc
_mbslen
_mbslwr
_mbsnbcat
_mbsnbcmp
_mbsnbcnt
_mbsnbcoll
_mbsnbcpy
_mbsnbicmp
_mbsnbicoll
_mbsnbset
_mbsncat
_mbsnccnt
_mbsncmp
_mbsncoll
_mbsncpy
_mbsnextc
_mbsnicmp
_mbsnicoll
_mbsninc
_mbsnset
_mbspbrk
_mbsrchr
_mbsrev
_mbsset
_mbsspn
_mbsspnp
_mbsstr
_mbstok
_mbstrlen
_mbsupr
_memccpy
_memicmp
_mkdir
_mktemp
_mktime64
_msize
_nextafter
_onexit
_open
_open_osfhandle
_osplatform
_osver
_outp
_outpd
_outpw
_pclose
_pctype
_pgmptr
_pipe
_popen
_purecall
_putch
_putenv
_putw
_putwch
_putws
_pwctype
_read
_resetstkoflw
_rmdir
_rmtmp
_rotl
_rotr
_safe_fdiv
_safe_fdivr
_safe_fprem
_safe_fprem1
_scalb
_scprintf
_scwprintf
_searchenv
_seh_longjmp_unwind
_set_SSE2_enable
_set_error_mode
_set_purecall_handler
_set_sbh_threshold
_set_security_error_handler
_seterrormode
_setjmp
_setjmp3
_setmaxstdio
_setmbcp
_setmode
_setsystime
_sleep
_snprintf
_snscanf
_snwprintf
_snwscanf
_sopen
_spawnl
_spawnle
_spawnlp
_spawnlpe
_spawnv
_spawnve
_spawnvp

Sections

.text
Size: 228KB - Virtual size: 226KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 68KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 952B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
myobkey.exe
.exe windows:4 windows x86 arch:x86

9eff66fa43205bd1322d08a9b2b14783

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

InterlockedDecrement
InterlockedIncrement
GetModuleHandleA
GetStartupInfoA

pk83

ord2663
ord17675
ord56
ord20192
ord12838
ord409
ord6005
ord12666
ord20342
ord16167
ord10610
ord4881
ord1780
ord12625
ord19735
ord3970
ord11868
ord21220
ord5031
ord7792
ord18891
ord21431
ord1615
ord4223
ord19146
ord14822
ord19555
ord2242
ord21377
ord10994
ord854
ord5518
ord6584
ord3482
ord11080
ord1592
ord12667
ord11786
ord16406
ord8815
ord16859
ord1478
ord18687
ord953
ord17195
ord12483
ord7224
ord21444
ord2931
ord15046
ord10009
ord17680
ord8058
ord8177
ord20608
ord4287
ord6273
ord14075
ord1029
ord241
ord16310
ord2568
ord4291
ord16148
ord20606
ord21724
ord19694
ord8448
ord6272
ord16387
ord14146
ord13016
ord13371
ord5021
ord10236
ord10574
ord15537
ord20037
ord6202
ord2449
ord4937
ord240
ord5406
ord15331
ord12143
ord3035
ord8274
ord5451
ord5825
ord16500
ord17303
ord7304
ord4490
ord22060
ord1687
ord16878
ord17223
ord8666
ord17976
ord2244
ord19786
ord18102
ord17152
ord10704
ord4768
ord17044
ord17043
ord15744
ord16512
ord12378
ord4499
ord10337
ord11533
ord11348
ord4107
ord12947
ord7488
ord15327
ord76
ord12446
ord21320
ord21105
ord8582
ord3891
ord90

msvcr71

_controlfp
_onexit
__dllonexit
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_amsg_exit
_acmdln
exit
_cexit
_ismbblead
_XcptFilter
_exit
_c_exit
??1type_info@@UAE@XZ
_except_handler3
?terminate@@YAXXZ
??0exception@@QAE@ABV0@@Z
??1exception@@UAE@XZ
??0exception@@QAE@ABQBD@Z
?what@exception@@UBEPBDXZ
_callnewh
malloc
__CxxLongjmpUnwind
_setjmp3
_CxxThrowException
_purecall
islower
__CxxFrameHandler
??_V@YAXPAX@Z
??3@YAXPAX@Z

Sections

.text
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

CONST
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

_TEXT
Size: 248KB - Virtual size: 247KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

xdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

text
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 192B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_DATA
Size: 4KB - Virtual size: 284B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
nckey.exe
.exe windows:4 windows x86 arch:x86

89698ecd95d75c0dd721a484fb6a6c72

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

rasapi32

RasEnumEntriesA

kernel32

GetProcAddress
GetStartupInfoA
InterlockedDecrement
FreeLibrary
InterlockedExchange
GetModuleHandleA
LoadLibraryA
InterlockedIncrement
GetPrivateProfileStringA

user32

PostMessageA

pk83

ord15721
ord15055
ord19066
ord1198
ord6728
ord76
ord10439
ord18784
ord12139
ord15942
ord16324
ord21478
ord21419
ord15044
ord18554
ord2126
ord7453
ord13843
ord18731
ord5885
ord20313
ord8928
ord18723
ord19439
ord4499
ord12947
ord7980
ord21320
ord12446
ord16512
ord14377
ord8377
ord17044
ord11359
ord7488
ord15327
ord18595
ord17043
ord11533
ord14169
ord6584
ord5518
ord3482
ord1592
ord11080
ord12667
ord5825
ord16406
ord11786
ord7224
ord8815
ord17195
ord12483
ord21105
ord16859
ord1478
ord90
ord21444
ord2931
ord12965
ord2663
ord953
ord19735
ord12625
ord1780
ord4881
ord10610
ord16167
ord20342
ord12666
ord6005
ord409
ord14822
ord2242
ord12838
ord20192
ord56
ord17675
ord19146
ord4223
ord1615
ord21431
ord18891
ord7266
ord5031
ord21220
ord11868
ord3970
ord19555
ord10009
ord17680
ord8058
ord8177
ord20608
ord4287
ord6273
ord14075
ord2449
ord10574
ord6202
ord20037
ord240
ord15537
ord4937
ord10236
ord449
ord9607
ord241
ord16310
ord1029
ord2898
ord3752
ord5481
ord854
ord10994
ord21377
ord3350
ord11685
ord14146
ord4291
ord6272
ord20606
ord19694
ord8448
ord21724
ord5021
ord2568
ord13016
ord13371
ord16148
ord16387
ord9302
ord2479
ord16219
ord2273
ord10695
ord9405
ord16157
ord15362
ord2045
ord9242
ord10623
ord12603
ord16184
ord2189
ord3494
ord19067
ord5406
ord17303
ord7304
ord4490
ord10704
ord9265
ord3507
ord20538
ord19786
ord10510
ord15823
ord17237
ord21106
ord3615
ord22060
ord8582
ord18687
ord3891
ord7792
ord15744
ord15046

msvcr71

_access
??_V@YAXPAX@Z
_controlfp
_onexit
__dllonexit
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_amsg_exit
_acmdln
exit
_cexit
_ismbblead
_XcptFilter
_exit
_c_exit
??1type_info@@UAE@XZ
_except_handler3
?terminate@@YAXXZ
??0exception@@QAE@ABV0@@Z
??1exception@@UAE@XZ
??0exception@@QAE@ABQBD@Z
?what@exception@@UBEPBDXZ
_callnewh
malloc
_setjmp3
__CxxLongjmpUnwind
_purecall
_CxxThrowException
__CxxFrameHandler
??3@YAXPAX@Z

Sections

.text
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

CONST
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

_TEXT
Size: 388KB - Virtual size: 385KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

xdata
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

text
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 520B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_DATA
Size: 4KB - Virtual size: 654B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
oekey.exe
.exe windows:4 windows x86 arch:x86

d033b91f6831dcf883bc9a380ddb93bd

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

InterlockedDecrement
InterlockedIncrement
GetModuleHandleA
GetStartupInfoA

user32

PostMessageA
GetKeyState

pk83

ord18186
ord16859
ord1478
ord90
ord12483
ord11080
ord1592
ord12667
ord8815
ord21105
ord17195
ord7224
ord11786
ord16406
ord21444
ord7488
ord15327
ord953
ord2663
ord17675
ord56
ord20192
ord12838
ord409
ord6005
ord12666
ord20342
ord16167
ord10610
ord4881
ord1780
ord12625
ord19735
ord3970
ord11868
ord21220
ord5031
ord18891
ord21431
ord1615
ord4223
ord19146
ord2242
ord19555
ord10994
ord16500
ord14822
ord15046
ord3223
ord17680
ord8058
ord8177
ord20608
ord4287
ord6273
ord14075
ord15643
ord9607
ord449
ord4573
ord5915
ord21377
ord3350
ord854
ord2568
ord4291
ord241
ord16148
ord20606
ord21724
ord19694
ord8448
ord16310
ord6272
ord16387
ord14146
ord13016
ord13371
ord5021
ord18933
ord10574
ord17043
ord20037
ord6202
ord17827
ord3587
ord16512
ord18595
ord14169
ord20078
ord12446
ord8377
ord11240
ord6147
ord13216
ord1134
ord12148
ord2931
ord13553
ord7980
ord15721
ord19066
ord1198
ord20337
ord5906
ord15055
ord1029
ord5825
ord15744
ord4499
ord5406
ord4551
ord11359
ord6635
ord6841
ord13200
ord12947
ord11533
ord4490
ord22060
ord7304
ord17303
ord10704
ord3482
ord6584
ord5518
ord18525
ord8582
ord18687
ord19786
ord21320
ord3891
ord10009

msvcr71

_exit
_controlfp
_onexit
__dllonexit
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_amsg_exit
_acmdln
exit
_cexit
_ismbblead
_XcptFilter
??3@YAXPAX@Z
_c_exit
??1type_info@@UAE@XZ
_except_handler3
?terminate@@YAXXZ
??0exception@@QAE@ABV0@@Z
??1exception@@UAE@XZ
??0exception@@QAE@ABQBD@Z
?what@exception@@UBEPBDXZ
_callnewh
malloc
__CxxLongjmpUnwind
_setjmp3
_purecall
_CxxThrowException
__CxxFrameHandler
??_V@YAXPAX@Z

Sections

.text
Size: 60KB - Virtual size: 56KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 428B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
offkey.exe
.exe windows:4 windows x86 arch:x86

84a7f71af6c06229f8d6a654a17d21fa

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleHandleA
GetStartupInfoA
LoadLibraryA
GetProcAddress
FreeLibrary
InterlockedExchange
InterlockedIncrement
InterlockedDecrement

user32

PostMessageA

advapi32

CryptReleaseContext
CryptDeriveKey
CryptEncrypt
CryptDecrypt
CryptDestroyKey
CryptGetHashParam
CryptHashData
CryptDestroyHash
CryptCreateHash
CryptAcquireContextA

pk83

ord19843
ord16354
ord21404
ord5825
ord21544
ord16263
ord16617
ord11251
ord10185
ord548
ord21128
ord20153
ord15771
ord17043
ord9265
ord17668
ord18102
ord485
ord5406
ord2189
ord12378
ord19067
ord3494
ord14169
ord2931
ord10464
ord18595
ord5530
ord14700
ord13032
ord5705
ord17158
ord3762
ord6250
ord20619
ord11080
ord1592
ord12667
ord11786
ord16406
ord8815
ord16859
ord1478
ord90
ord21105
ord17195
ord12483
ord7224
ord21444
ord5988
ord15046
ord4768
ord11348
ord10337
ord6723
ord16148
ord20606
ord4291
ord241
ord7020
ord16310
ord6272
ord17400
ord14146
ord21209
ord12336
ord10739
ord18455
ord11971
ord7706
ord14837
ord18933
ord565
ord20078
ord2763
ord9337
ord2244
ord17976
ord8666
ord17223
ord19018
ord11683
ord10677
ord10419
ord7136
ord7386
ord13383
ord2554
ord9248
ord631
ord12710
ord22055
ord11443
ord1436
ord5451
ord8756
ord5011
ord14802
ord3766
ord3182
ord20538
ord20746
ord15273
ord9328
ord12288
ord4516
ord12568
ord20702
ord10568
ord12217
ord11519
ord15362
ord16248
ord1543
ord1134
ord9455
ord18279
ord17838
ord10760
ord5513
ord18021
ord2451
ord7558
ord1759
ord15044
ord6689
ord9525
ord17099
ord13843
ord20009
ord8363
ord20459
ord17702
ord20461
ord16157
ord21047
ord19971
ord22024
ord639
ord8930
ord5620
ord2043
ord8037
ord6150
ord6543
ord6949
ord8274
ord15331
ord1270
ord12871
ord16728
ord13871
ord18879
ord10017
ord8924
ord10661
ord4120
ord20299
ord6942
ord12139
ord15537
ord5826
ord5429
ord3837
ord16387
ord17242
ord1307
ord18723
ord17640
ord1020
ord4307
ord20416
ord11194
ord1687
ord16878
ord12333
ord7984
ord229
ord15465
ord10323
ord7527
ord19190
ord5174
ord21859
ord12519
ord7027
ord4609
ord15342
ord1029
ord19401
ord4927
ord1356
ord1838
ord12148
ord18525
ord20337
ord15055
ord15721
ord19066
ord1198
ord11240
ord6147
ord13216
ord4551
ord13553
ord3223
ord21368
ord20989
ord8075
ord5208
ord5851
ord5159
ord21204
ord11835
ord5371
ord9196
ord1228
ord21844
ord916
ord18379
ord13987
ord9464
ord8458
ord3548
ord13091
ord16740
ord19774
ord7225
ord4669
ord14627
ord14321
ord16470
ord2056
ord6947
ord19674
ord5488
ord7452
ord10695
ord18483
ord20511
ord9968
ord2138
ord5272
ord19184
ord932
ord2669
ord805
ord2663
ord17675
ord56
ord20192
ord12838
ord409
ord6005
ord12666
ord20342
ord16167
ord4881
ord12625
ord19735
ord15881
ord13788
ord3560
ord15868
ord11868
ord21220
ord5031
ord7792
ord18891
ord21431
ord1615
ord4223
ord19146
ord6630
ord9492
ord21555
ord8069
ord2843
ord3459
ord4534
ord13578
ord19397
ord15923
ord4812
ord10236
ord4937
ord12450
ord20389
ord10009
ord17680
ord8058
ord8177
ord20608
ord4287
ord6273
ord14075
ord13613
ord19555
ord9607
ord449
ord15224
ord7836
ord535
ord5710
ord14907
ord10869
ord3350
ord21377
ord12746
ord18126
ord854
ord2568
ord21724
ord9321
ord2769
ord19694
ord8448
ord13016
ord13371
ord5021
ord2449
ord240
ord10574
ord20037
ord6202
ord3587
ord17827
ord20395
ord21892
ord10005
ord6811
ord149
ord20980
ord21835
ord12044
ord4582
ord19798
ord4507
ord9636
ord3507
ord8287
ord17513
ord19621
ord9914
ord7488
ord15327
ord76
ord7310
ord3482
ord5518
ord6584
ord17237
ord10510
ord2631
ord17303
ord7304
ord4490
ord10704
ord22060
ord12636
ord15744
ord4107
ord4499
ord11533
ord12947
ord11359
ord17044
ord8377
ord2008
ord16512
ord14377
ord12446
ord7980
ord8582
ord18687
ord19786
ord5070
ord21429
ord4877
ord1701
ord12485
ord4198
ord10059
ord6748
ord21320
ord3891
ord21910
ord15496
ord902

msvcr71

_controlfp
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_amsg_exit
_acmdln
exit
_cexit
_ismbblead
_XcptFilter
_exit
_c_exit
_onexit
__dllonexit
??1type_info@@UAE@XZ
_except_handler3
?terminate@@YAXXZ
??0exception@@QAE@ABV0@@Z
??1exception@@UAE@XZ
??0exception@@QAE@ABQBD@Z
?what@exception@@UBEPBDXZ
_callnewh
malloc
strchr
memmove
rand
strtoul
isxdigit
sprintf
_mktemp
_strupr
wcscmp
_stricmp
_setjmp3
__CxxLongjmpUnwind
fopen
_purecall
wcslen
_CxxThrowException
__CxxFrameHandler
??_V@YAXPAX@Z
??3@YAXPAX@Z
_access

Sections

.text
Size: 212KB - Virtual size: 210KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

CONST
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

_TEXT
Size: 2.6MB - Virtual size: 2.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

xdata
Size: 32KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

text
Size: 28KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

_BSS
Size: - Virtual size: 48B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 560KB - Virtual size: 557KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_DATA
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 32KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
onkey.exe
.exe windows:4 windows x86 arch:x86

c8b606a7e8e6a278469104502b49dcff

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

InterlockedIncrement
InterlockedDecrement
GetModuleHandleA
GetStartupInfoA

advapi32

CryptImportKey
CryptDeriveKey
CryptDestroyHash
CryptAcquireContextA
CryptReleaseContext
CryptDestroyKey
CryptDuplicateKey
CryptCreateHash
CryptHashData

pk83

ord16387
ord14146
ord15771
ord9914
ord4499
ord8582
ord2663
ord17675
ord56
ord20192
ord12838
ord409
ord6005
ord12666
ord20342
ord16167
ord4881
ord12625
ord19735
ord15881
ord13788
ord15224
ord3560
ord15868
ord11868
ord21220
ord5031
ord7792
ord18891
ord21431
ord1615
ord4223
ord19146
ord6630
ord9492
ord19555
ord12450
ord20389
ord10009
ord17680
ord8058
ord8177
ord20608
ord4287
ord6273
ord14075
ord13613
ord10236
ord10574
ord15537
ord20037
ord6202
ord2449
ord4937
ord240
ord241
ord16310
ord21377
ord18126
ord854
ord2568
ord16148
ord7304
ord4490
ord10059
ord21724
ord2769
ord19694
ord8448
ord13016
ord6272
ord5021
ord19786
ord21320
ord12446
ord8377
ord7310
ord6748
ord21368
ord20989
ord17303
ord13987
ord9464
ord8458
ord17043
ord11533
ord8075
ord5208
ord5851
ord5159
ord21204
ord11835
ord5371
ord9196
ord1228
ord21844
ord916
ord18379
ord3548
ord11359
ord13091
ord7980
ord16740
ord19774
ord7225
ord4669
ord14627
ord14321
ord16470
ord2056
ord6947
ord19674
ord5488
ord7452
ord10695
ord18483
ord20511
ord9968
ord2138
ord5272
ord19184
ord76
ord2244
ord17976
ord8666
ord17223
ord19018
ord11683
ord10677
ord10419
ord229
ord15465
ord7984
ord12333
ord16512
ord8876
ord8287
ord20500
ord4768
ord14837
ord18933
ord5406
ord10704
ord11251
ord548
ord20153
ord21128
ord10185
ord4291
ord1029
ord15046
ord12947
ord15327
ord7488
ord2931
ord21444
ord7224
ord12483
ord17195
ord21105
ord90
ord1478
ord16859
ord18687
ord8815
ord22060
ord16406
ord11786
ord15744
ord5825
ord12667
ord1592
ord11080
ord3482
ord6584
ord13371
ord5518
ord3891
ord20606

msvcr71

_controlfp
_onexit
__dllonexit
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_amsg_exit
_acmdln
exit
_cexit
_ismbblead
_XcptFilter
_exit
_c_exit
??1type_info@@UAE@XZ
_except_handler3
?terminate@@YAXXZ
??0exception@@QAE@ABV0@@Z
??1exception@@UAE@XZ
??0exception@@QAE@ABQBD@Z
?what@exception@@UBEPBDXZ
_callnewh
malloc
memmove
_CxxThrowException
__CxxLongjmpUnwind
_setjmp3
_purecall
__CxxFrameHandler
??_V@YAXPAX@Z
??3@YAXPAX@Z

Sections

.text
Size: 40KB - Virtual size: 37KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

CONST
Size: 4KB - Virtual size: 929B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

_TEXT
Size: 152KB - Virtual size: 149KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

xdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

text
Size: 4KB - Virtual size: 715B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 352B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_DATA
Size: 4KB - Virtual size: 186B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
orgkey.exe
.exe windows:4 windows x86 arch:x86

638f2cc02e313b7dc49be0150faca516

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

InterlockedDecrement
InterlockedIncrement
GetModuleHandleA
GetStartupInfoA

pk83

ord21220
ord5031
ord7792
ord18891
ord21431
ord1615
ord4223
ord19146
ord14822
ord19555
ord2242
ord21377
ord10994
ord854
ord5518
ord6584
ord3482
ord11080
ord1592
ord12667
ord5825
ord11786
ord16406
ord8815
ord18687
ord16859
ord1478
ord90
ord21105
ord17195
ord12483
ord7224
ord21444
ord19786
ord11868
ord15327
ord15046
ord10009
ord17680
ord8058
ord8177
ord20608
ord4287
ord6273
ord14075
ord1029
ord241
ord16310
ord10236
ord10574
ord15537
ord20037
ord6202
ord2449
ord4937
ord240
ord2568
ord4291
ord16148
ord20606
ord21724
ord19694
ord8448
ord6272
ord16387
ord14146
ord13016
ord13371
ord5021
ord3970
ord19735
ord12625
ord1780
ord4881
ord10610
ord16167
ord20342
ord12666
ord6005
ord409
ord12838
ord20192
ord56
ord17675
ord2663
ord953
ord15744
ord5406
ord18102
ord17152
ord17303
ord7304
ord4499
ord4490
ord10704
ord11348
ord22060
ord4768
ord12947
ord76
ord12446
ord21320
ord7488
ord8582
ord3891
ord2931

msvcr71

_controlfp
_onexit
__dllonexit
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_amsg_exit
_acmdln
exit
_cexit
_ismbblead
_XcptFilter
_exit
_c_exit
??1type_info@@UAE@XZ
_except_handler3
?terminate@@YAXXZ
??0exception@@QAE@ABV0@@Z
??1exception@@UAE@XZ
??0exception@@QAE@ABQBD@Z
?what@exception@@UBEPBDXZ
_callnewh
malloc
__CxxLongjmpUnwind
_setjmp3
_CxxThrowException
_purecall
__CxxFrameHandler
??_V@YAXPAX@Z
??3@YAXPAX@Z

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

CONST
Size: 1024B - Virtual size: 571B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

_TEXT
Size: 79KB - Virtual size: 78KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

xdata
Size: 1024B - Virtual size: 696B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

text
Size: 512B - Virtual size: 385B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_DATA
Size: 512B - Virtual size: 140B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
pdoxkey.exe
.exe windows:4 windows x86 arch:x86

a4ddbdfb4deab42d48093d90fb4b667d

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

InterlockedDecrement
InterlockedIncrement
GetModuleHandleA
GetStartupInfoA

pk83

ord19555
ord2242
ord21377
ord10994
ord854
ord8582
ord5518
ord6584
ord3482
ord11080
ord1592
ord12667
ord5825
ord11786
ord16406
ord8815
ord18687
ord16859
ord1478
ord90
ord21105
ord17195
ord12483
ord7224
ord21444
ord2931
ord7488
ord15327
ord12947
ord15046
ord76
ord14822
ord8058
ord8177
ord20608
ord4287
ord6273
ord14075
ord1029
ord241
ord16310
ord4499
ord2568
ord4291
ord16148
ord20606
ord21724
ord19694
ord8448
ord6272
ord16387
ord14146
ord13016
ord13371
ord5021
ord10236
ord10574
ord15537
ord20037
ord6202
ord2449
ord4937
ord240
ord19146
ord4223
ord1615
ord21431
ord18891
ord7792
ord5031
ord21220
ord11868
ord3970
ord19735
ord12625
ord1780
ord4881
ord10610
ord16167
ord20342
ord12666
ord6005
ord409
ord12838
ord20192
ord56
ord17675
ord2663
ord953
ord15744
ord17303
ord7304
ord15771
ord7020
ord4490
ord10704
ord17680
ord22060
ord3891
ord10009

msvcr71

_controlfp
_onexit
__dllonexit
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_amsg_exit
_acmdln
exit
_cexit
_ismbblead
_XcptFilter
_exit
_c_exit
??1type_info@@UAE@XZ
_except_handler3
?terminate@@YAXXZ
??0exception@@QAE@ABV0@@Z
??1exception@@UAE@XZ
??0exception@@QAE@ABQBD@Z
?what@exception@@UBEPBDXZ
_callnewh
malloc
__CxxLongjmpUnwind
_setjmp3
_purecall
_CxxThrowException
__CxxFrameHandler
??_V@YAXPAX@Z
??3@YAXPAX@Z

Sections

.text
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

CONST
Size: 512B - Virtual size: 265B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

_TEXT
Size: 66KB - Virtual size: 66KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

xdata
Size: 512B - Virtual size: 392B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

text
Size: 512B - Virtual size: 239B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 952B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_DATA
Size: 512B - Virtual size: 74B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
peachkey.exe
.exe windows:4 windows x86 arch:x86

3275b1a6af93b295f57d2bf0144f3849

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

InterlockedDecrement
InterlockedIncrement
GetModuleHandleA
GetStartupInfoA

pk83

ord19735
ord3970
ord11868
ord21220
ord5031
ord7792
ord18891
ord21431
ord1615
ord4223
ord19146
ord14822
ord19555
ord2242
ord21377
ord10994
ord854
ord5518
ord6584
ord3482
ord11080
ord1592
ord12667
ord5825
ord11786
ord16406
ord8815
ord16859
ord1478
ord90
ord21105
ord17195
ord12483
ord7224
ord7980
ord12625
ord7488
ord15327
ord15046
ord10009
ord17680
ord8058
ord8177
ord20608
ord4287
ord6273
ord14075
ord1029
ord241
ord16310
ord10574
ord10236
ord15537
ord20037
ord6202
ord240
ord4937
ord2449
ord2568
ord4291
ord16148
ord20606
ord21724
ord13016
ord19694
ord8448
ord6272
ord16387
ord14146
ord5021
ord15771
ord1780
ord4881
ord10610
ord16167
ord20342
ord12666
ord6005
ord409
ord12838
ord20192
ord56
ord17675
ord2663
ord953
ord8582
ord11533
ord18687
ord5406
ord15744
ord19786
ord4499
ord12947
ord17043
ord11359
ord16512
ord76
ord17303
ord7304
ord4490
ord10704
ord22060
ord12378
ord12446
ord2931
ord21320
ord3891
ord21444

msvcr71

_controlfp
_onexit
__dllonexit
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_amsg_exit
_acmdln
exit
_cexit
_ismbblead
_XcptFilter
_exit
_c_exit
??1type_info@@UAE@XZ
_except_handler3
?terminate@@YAXXZ
??0exception@@QAE@ABV0@@Z
??1exception@@UAE@XZ
??0exception@@QAE@ABQBD@Z
?what@exception@@UBEPBDXZ
_callnewh
malloc
_purecall
__CxxLongjmpUnwind
_setjmp3
_CxxThrowException
__CxxFrameHandler
??_V@YAXPAX@Z
??3@YAXPAX@Z

Sections

.text
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

CONST
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

_TEXT
Size: 448KB - Virtual size: 444KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

xdata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

text
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_DATA
Size: 4KB - Virtual size: 528B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
pk.chm
.chm
pk83.dll
.dll windows:4 windows x86 arch:x86

c503d15cab7a346063e2655c570d2ef5

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

ReleaseSemaphore
SignalObjectAndWait
lstrlenA
DisableThreadLibraryCalls
GetCurrentDirectoryA
GetWindowsDirectoryA
GlobalFree
GetFullPathNameA
GlobalMemoryStatus
CreateSemaphoreA
GlobalAlloc
GlobalLock
GlobalUnlock
ResumeThread
SuspendThread
TerminateThread
TryEnterCriticalSection
WideCharToMultiByte
MulDiv
DuplicateHandle
SetUnhandledExceptionFilter
GetModuleFileNameA
VirtualQuery
InterlockedExchangeAdd
GetCurrentThread
GetCurrentProcess
GetProcessTimes
GetThreadTimes
CreateThread
GetExitCodeThread
SetThreadPriority
FindResourceW
SetErrorMode
CreateEventA
ResetEvent
SetEvent
SetEndOfFile
FormatMessageW
LocalFree
FindNextFileW
GetDriveTypeW
GetModuleFileNameW
SetFileAttributesW
GetFileAttributesExW
FindFirstFileW
FindClose
Sleep
GetCurrentThreadId
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
ReleaseMutex
WaitForSingleObject
CloseHandle
CreateMutexA
GetVersionExA
MultiByteToWideChar
TlsSetValue
TlsGetValue
TlsFree
TlsAlloc
GetTimeFormatW
GetDateFormatW
GetNumberFormatA
GetLocaleInfoA
InterlockedExchange
GetLastError
GetSystemTime
LoadResource
SizeofResource
LockResource
FindResourceA
SetLastError
GetLocalTime
SystemTimeToFileTime
LocalAlloc
CreateFileA
FormatMessageA
InterlockedIncrement
GetCurrentProcessId
SetFileAttributesA
GetFileAttributesA
GetModuleHandleA
FreeLibrary
IsBadWritePtr
GetProcAddress
LoadLibraryA
InterlockedDecrement

msvcr71

_onexit
__dllonexit
??1type_info@@UAE@XZ
__CppXcptFilter
_adjust_fdiv
_initterm
_except_handler3
?terminate@@YAXXZ
??0exception@@QAE@ABQBD@Z
?what@exception@@UBEPBDXZ
__uncaught_exception
_callnewh
srand
rand
strtod
strncmp
clock
rename
_findfirst
_findnext
_findclose
remove
_chmod
_chdrive
time
_getdrive
_getcwd
_strnicmp
gmtime
sprintf
wcscoll
_wcslwr
_wcsupr
strtol
_strlwr
_strupr
strstr
_wputenv
wprintf
setlocale
?_set_new_mode@@YAHH@Z
?_set_new_handler@@YAP6AHI@ZP6AHI@Z@Z
_set_purecall_handler
?set_terminate@@YAP6AXXZP6AXXZ@Z
abort
wcsftime
_get_osfhandle
_commit
fgetpos
_lseeki64
fsetpos
_vscwprintf
_vscprintf
iswdigit
_vsnwprintf
strerror
isdigit
_wrename
_getdrives
_wgetcwd
_wchdir
_wutime
_wchmod
_wstati64
_wrmdir
_wmkdir
_wcreat
_close
_waccess
_strcmpi
_wremove
iswalpha
wcscspn
wcsspn
strcspn
strspn
towupper
tolower
isspace
iswspace
getenv
_wstat
_wfopen
_errno
strncpy
realloc
fwrite
_vsnprintf
fputs
fputc
_snprintf
_chsize
fflush
fprintf
_iob
vfprintf
puts
fgets
free
malloc
wcstoul
strtoul
towlower
_wmktemp
fseek
ftell
printf
wcschr
_fpclass
_isnan
strtok
strftime
strncat
fgetc
isalnum
isalpha
iscntrl
isgraph
islower
ispunct
isupper
isxdigit
_CIfmod
floor
ceil
isprint
mblen
_CIpow
_atoi64
_creat
_mktemp
_rmdir
_chdir
_mkdir
_ftime
_fileno
_write
_read
_access
_wgetenv
memchr
wcscmp
_stricmp
sscanf
toupper
mbstowcs
??0exception@@QAE@ABV0@@Z
??0exception@@QAE@XZ
??1exception@@UAE@XZ
strchr
wcslen
memmove
exit
atoi
_stat
__CxxLongjmpUnwind
_setjmp3
fopen
fread
fclose
_purecall
_CxxThrowException
localtime
_getpid
__CxxFrameHandler
??_V@YAXPAX@Z
??3@YAXPAX@Z

comctl32

ImageList_ReplaceIcon
ImageList_Create
ImageList_Draw
PropertySheetA
ImageList_GetIconSize
InitCommonControlsEx
ImageList_Destroy

user32

GetKeyState
SetRectEmpty
GetWindowThreadProcessId
EmptyClipboard
LoadIconA
LoadAcceleratorsA
MessageBoxA
SendMessageA
IsWindow
GetWindowRect
CreateWindowExA
LoadStringA
RegisterClassExA
LoadCursorA
UpdateWindow
ShowWindow
LoadBitmapA
OpenClipboard
SetClipboardData
CreateCursor
SetWindowPos
UnregisterClassA
SetFocus
GetDlgItemTextA
EnableMenuItem
GetSystemMenu
SystemParametersInfoA
CloseClipboard
MoveWindow
DialogBoxIndirectParamA
FindWindowA
EndPaint
BeginPaint
ClientToScreen
GetDesktopWindow
PostMessageA
SetForegroundWindow
SetWindowTextA
CheckDlgButton
GetDlgItemInt
GetParent
GetDlgItem
ScreenToClient
GetWindowTextLengthA
GetWindowTextA
SetCursor
SendDlgItemMessageA
GetClassInfoA
RegisterClassA
DialogBoxParamA
SetDlgItemTextA
EndDialog
CreatePopupMenu
CreateMenu
DestroyMenu
RemoveMenu
FillRect
OffsetRect
TrackPopupMenuEx
GetSysColorBrush
InflateRect
GetSysColor
CopyRect
DrawEdge
GetDC
DrawTextA
ReleaseDC
GetSystemMetrics
GetMenuItemCount
InsertMenuItemA
GetMenuItemInfoA
GetWindowLongA
PostQuitMessage
SetWindowLongA
DefWindowProcA
GetClientRect
SetWindowsHookExA
UnhookWindowsHookEx
GetActiveWindow
CallNextHookEx
MessageBeep
KillTimer
SetTimer
SetDlgItemInt
EnableWindow
RegisterWindowMessageA
DispatchMessageA
TranslateMessage
TranslateAcceleratorA
GetMessageA
DestroyWindow
InvalidateRect
SetRect
SetMenu

gdi32

GetDeviceCaps
DeleteObject
GetObjectA
DeleteDC
BitBlt
SelectObject
CreateCompatibleDC
CreateFontIndirectA
SetTextColor
SetBkColor
PatBlt
CreateBitmap
SetBkMode
GetStockObject
CreateSolidBrush
GetTextExtentPoint32A

comdlg32

GetSaveFileNameA
GetOpenFileNameA

advapi32

RegCreateKeyExW
InitializeSecurityDescriptor
RegSetValueExW
RegQueryInfoKeyW
RegOpenKeyExW
RegDeleteKeyW
RegDeleteValueW
RegQueryValueExW
CryptEncrypt
CryptGetHashParam
CryptDecrypt
CryptCreateHash
CryptHashData
CryptDeriveKey
CryptSetKeyParam
CryptDestroyHash
CryptAcquireContextA
CryptDestroyKey
RegFlushKey
RegCreateKeyExA
RegCloseKey
RegOpenKeyExA
RegSetValueExA
RegQueryValueExA
RegQueryInfoKeyA
RegDeleteKeyA
RegDeleteValueA
RegEnumValueA
RegEnumKeyExA
SetSecurityDescriptorDacl
RegSetKeySecurity
RegEnumValueW
RegEnumKeyExW
CryptReleaseContext
RegGetKeySecurity

shell32

SHGetSpecialFolderPathA
SHGetMalloc
ShellExecuteA
SHGetPathFromIDListA
SHGetSpecialFolderLocation
DragAcceptFiles
DragFinish
DragQueryFileA

ole32

OleUninitialize
OleInitialize
CoUninitialize
CreateILockBytesOnHGlobal
CoTaskMemFree
StgIsStorageILockBytes
StgIsStorageFile
StgCreateDocfileOnILockBytes
StgCreateDocfile
StgOpenStorageOnILockBytes
StgOpenStorage
CLSIDFromString
CoCreateInstance
ReleaseStgMedium
CoInitialize

oleaut32

GetErrorInfo
SafeArrayCreateVector
SafeArrayDestroyDescriptor
SafeArrayCreate
SafeArrayPutElement
VariantClear
SysAllocString
VariantInit
SysStringByteLen
SysAllocStringByteLen
SysFreeString

imagehlp

SymInitialize
SymGetSymFromAddr64
SymCleanup
SymFunctionTableAccess64
SymGetLineFromAddr64
SymSetOptions
SymGetModuleBase64
StackWalk64

ws2_32

ntohl
accept
connect
htons
setsockopt
bind
listen
shutdown
send
recv
getsockopt
ioctlsocket
socket
closesocket
WSAStartup
WSACleanup
htonl
WSAGetLastError
select
__WSAFDIsSet
ntohs

Exports

Exports

pk_assert_dll_version

Sections

.text
Size: 2.6MB - Virtual size: 2.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

_TEXT
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

CONST
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

xdata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

text
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 708KB - Virtual size: 704KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 174KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_DATA
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 4KB - Virtual size: 525B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 144KB - Virtual size: 142KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 344KB - Virtual size: 342KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
projkey.exe
.exe windows:4 windows x86 arch:x86

76eccb796e9cb404daf6d43ba1f6e8c1

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

InterlockedDecrement
InterlockedIncrement
GetModuleHandleA
GetStartupInfoA

pk83

ord12666
ord20342
ord16167
ord10610
ord4881
ord1780
ord12625
ord19735
ord3970
ord11868
ord21220
ord5031
ord7792
ord18891
ord21431
ord1615
ord4223
ord19146
ord14822
ord19555
ord2242
ord21377
ord10994
ord854
ord8582
ord5518
ord6584
ord3482
ord11080
ord1592
ord12667
ord5825
ord11786
ord16406
ord8815
ord16859
ord1478
ord90
ord19786
ord6005
ord12483
ord7224
ord21444
ord2931
ord7488
ord15327
ord15046
ord10009
ord17680
ord8058
ord8177
ord20608
ord4287
ord6273
ord14075
ord1029
ord241
ord16310
ord2568
ord4291
ord16148
ord20606
ord21724
ord19694
ord8448
ord6272
ord16387
ord14146
ord13016
ord13371
ord5021
ord10236
ord10574
ord20037
ord6202
ord2449
ord4937
ord240
ord409
ord12838
ord20192
ord56
ord17675
ord2663
ord953
ord15771
ord11971
ord18455
ord10739
ord15744
ord16512
ord4490
ord22060
ord7304
ord17303
ord10704
ord20578
ord15537
ord4768
ord21782
ord17152
ord4499
ord12378
ord12947
ord11533
ord12336
ord21209
ord76
ord7310
ord8377
ord12446
ord21320
ord17195
ord18687
ord3891
ord21105

msvcr71

_controlfp
_onexit
__dllonexit
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_amsg_exit
_acmdln
exit
_cexit
_ismbblead
_XcptFilter
_exit
_c_exit
??1type_info@@UAE@XZ
_except_handler3
?terminate@@YAXXZ
??0exception@@QAE@ABV0@@Z
??1exception@@UAE@XZ
??0exception@@QAE@ABQBD@Z
?what@exception@@UBEPBDXZ
_callnewh
malloc
__CxxLongjmpUnwind
_setjmp3
_purecall
_CxxThrowException
wcscmp
__CxxFrameHandler
??3@YAXPAX@Z

Sections

.text
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 268B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
qbkey.exe
.exe windows:4 windows x86 arch:x86

15226d3308043246a2e6d534563738cb

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

InterlockedDecrement
InterlockedIncrement
SetFileAttributesA
GetFileAttributesA
GetModuleHandleA
GetStartupInfoA

pk83

ord21320
ord11359
ord11080
ord1592
ord12667
ord5825
ord15744
ord11786
ord16406
ord22060
ord8815
ord18687
ord16859
ord1478
ord90
ord21105
ord17195
ord12483
ord7224
ord21444
ord2931
ord7488
ord15327
ord12947
ord1281
ord8773
ord7552
ord15046
ord10009
ord17680
ord8058
ord8177
ord20608
ord4287
ord6273
ord14075
ord1029
ord241
ord16310
ord4499
ord2568
ord4291
ord16148
ord7304
ord4490
ord20606
ord21724
ord19694
ord8448
ord6272
ord16387
ord14146
ord13016
ord13371
ord5021
ord10704
ord8582
ord5406
ord3482
ord10574
ord15537
ord20037
ord6202
ord2449
ord4937
ord240
ord19786
ord17043
ord12446
ord76
ord18921
ord4107
ord11348
ord11533
ord10337
ord17099
ord9525
ord21892
ord6689
ord15044
ord13843
ord12143
ord15331
ord16512
ord6723
ord7020
ord15771
ord7980
ord17044
ord2244
ord17976
ord8666
ord17223
ord19018
ord11683
ord10677
ord10419
ord13121
ord10323
ord14375
ord4768
ord16500
ord7437
ord18838
ord21702
ord12378
ord18525
ord485
ord20009
ord7427
ord1520
ord17838
ord8363
ord5011
ord4310
ord12148
ord9814
ord6584
ord5518
ord854
ord10994
ord21377
ord2242
ord19555
ord14822
ord19146
ord4223
ord1615
ord21431
ord18891
ord7792
ord5031
ord21220
ord11868
ord3970
ord19735
ord12625
ord1780
ord4881
ord10610
ord16167
ord20342
ord12666
ord6005
ord409
ord12838
ord20192
ord56
ord17675
ord2663
ord10236
ord953
ord3891
ord17303

msvcr71

_controlfp
_onexit
__dllonexit
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_amsg_exit
_acmdln
exit
_cexit
_ismbblead
_XcptFilter
_exit
_c_exit
??1type_info@@UAE@XZ
_except_handler3
?terminate@@YAXXZ
??0exception@@QAE@ABV0@@Z
??1exception@@UAE@XZ
??0exception@@QAE@ABQBD@Z
?what@exception@@UBEPBDXZ
_callnewh
malloc
_CxxThrowException
__CxxLongjmpUnwind
_setjmp3
_purecall
__CxxFrameHandler
??_V@YAXPAX@Z
??3@YAXPAX@Z

Sections

.text
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

CONST
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

_TEXT
Size: 556KB - Virtual size: 554KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

xdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

text
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 304B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_DATA
Size: 4KB - Virtual size: 820B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
qpkey.exe
.exe windows:4 windows x86 arch:x86

89f46820008e334951be9c9b77ff9d8b

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

InterlockedDecrement
InterlockedIncrement
GetModuleHandleA
GetStartupInfoA

pk83

ord1592
ord12667
ord5825
ord15744
ord11786
ord16406
ord22060
ord8815
ord18687
ord16859
ord1478
ord90
ord21105
ord17195
ord12483
ord7224
ord21444
ord2931
ord7488
ord15327
ord12947
ord15046
ord10009
ord17680
ord8058
ord8177
ord20608
ord4287
ord6273
ord14075
ord1029
ord241
ord16310
ord10236
ord10574
ord15537
ord20037
ord6202
ord2449
ord4937
ord953
ord11080
ord4291
ord16148
ord7304
ord4490
ord20606
ord21724
ord4499
ord19694
ord8448
ord6272
ord16387
ord14146
ord13016
ord13371
ord5021
ord19786
ord7980
ord21320
ord12446
ord8377
ord7310
ord76
ord21209
ord12336
ord11533
ord10337
ord11359
ord12378
ord11971
ord10739
ord18455
ord7020
ord15771
ord21782
ord4107
ord11348
ord10704
ord17303
ord16512
ord10323
ord4768
ord3482
ord6584
ord5518
ord8582
ord854
ord10994
ord21377
ord2242
ord19555
ord14822
ord19146
ord4223
ord1615
ord21431
ord18891
ord7792
ord5031
ord21220
ord11868
ord3970
ord19735
ord12625
ord1780
ord4881
ord10610
ord16167
ord20342
ord12666
ord6005
ord409
ord12838
ord20192
ord56
ord17675
ord2568
ord2663
ord3891
ord240

msvcr71

_controlfp
_onexit
__dllonexit
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_amsg_exit
_acmdln
exit
_cexit
_ismbblead
_XcptFilter
_exit
_c_exit
??1type_info@@UAE@XZ
_except_handler3
?terminate@@YAXXZ
??0exception@@QAE@ABV0@@Z
??1exception@@UAE@XZ
??0exception@@QAE@ABQBD@Z
?what@exception@@UBEPBDXZ
_callnewh
malloc
wcscmp
_purecall
_CxxThrowException
__CxxLongjmpUnwind
_setjmp3
__CxxFrameHandler
??_V@YAXPAX@Z
??3@YAXPAX@Z

Sections

.text
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

CONST
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

_TEXT
Size: 256KB - Virtual size: 253KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

xdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

text
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 200B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_DATA
Size: 4KB - Virtual size: 158B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
quickey.exe
.exe windows:4 windows x86 arch:x86

2eba94e9acf8df9d6ed28b3955f38f5a

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

InterlockedExchange
InterlockedIncrement
GetStartupInfoA
GetModuleHandleA
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
InterlockedDecrement

pk83

ord12667
ord5825
ord16406
ord11786
ord18687
ord7224
ord8815
ord17195
ord12483
ord21105
ord16859
ord1478
ord90
ord21444
ord2931
ord76
ord15046
ord16512
ord12378
ord7020
ord15771
ord4499
ord12947
ord17043
ord4768
ord12397
ord13570
ord12143
ord15331
ord11471
ord7437
ord18838
ord21702
ord14146
ord4291
ord6272
ord16387
ord11251
ord10185
ord548
ord21128
ord20153
ord9337
ord4107
ord11348
ord9248
ord7427
ord8287
ord18933
ord14837
ord10323
ord12657
ord2008
ord10695
ord13134
ord966
ord186
ord18835
ord7488
ord15327
ord2663
ord17675
ord56
ord20192
ord12838
ord409
ord6005
ord12666
ord20342
ord16167
ord4881
ord10677
ord19735
ord11080
ord13788
ord15224
ord3560
ord15868
ord11868
ord21220
ord5031
ord7792
ord18891
ord21431
ord1615
ord4223
ord19146
ord6630
ord9492
ord19555
ord12450
ord20389
ord10009
ord17680
ord8058
ord8177
ord20608
ord4287
ord6273
ord14075
ord13613
ord241
ord16310
ord10236
ord10574
ord15537
ord20037
ord6202
ord2449
ord4937
ord240
ord21377
ord18126
ord854
ord2568
ord16148
ord20606
ord21724
ord19694
ord8448
ord13016
ord13371
ord5021
ord17044
ord6723
ord2189
ord20538
ord9265
ord15180
ord7186
ord2045
ord12587
ord20313
ord8581
ord2926
ord5885
ord11991
ord18295
ord1191
ord6597
ord2479
ord4184
ord20002
ord17702
ord20461
ord16157
ord16346
ord1592
ord13680
ord13023
ord8582
ord19184
ord5272
ord2138
ord9968
ord20511
ord18483
ord18275
ord7452
ord5488
ord19674
ord6947
ord2056
ord16470
ord14321
ord14627
ord4669
ord7225
ord19774
ord16740
ord3482
ord6584
ord5518
ord7980
ord1029
ord13091
ord4490
ord22060
ord7304
ord17303
ord8458
ord9464
ord5406
ord10704
ord13987
ord15744
ord14169
ord3548
ord18379
ord916
ord21844
ord1228
ord9196
ord5371
ord11835
ord21204
ord5159
ord5208
ord8075
ord20989
ord1805
ord17091
ord16312
ord20723
ord9914
ord21368
ord16616
ord424
ord7511
ord17694
ord9359
ord16878
ord1687
ord10419
ord19018
ord15881
ord11683
ord8666
ord17976
ord17223
ord2244
ord6748
ord11359
ord12446
ord21320
ord19786
ord10059
ord3891
ord12625

msvcr71

_controlfp
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_amsg_exit
_acmdln
exit
_cexit
_ismbblead
_XcptFilter
_exit
_c_exit
_onexit
__dllonexit
??1type_info@@UAE@XZ
?terminate@@YAXXZ
?_set_new_handler@@YAP6AHI@ZP6AHI@Z@Z
__uncaught_exception
_callnewh
malloc
??0exception@@QAE@ABQBD@Z
?what@exception@@UBEPBDXZ
strncmp
?name@type_info@@QBEPBDXZ
??9type_info@@QBEHABV0@@Z
??8type_info@@QBEHABV0@@Z
_aligned_malloc
_aligned_free
_except_handler3
??0exception@@QAE@XZ
memmove
??1exception@@UAE@XZ
??0exception@@QAE@ABV0@@Z
toupper
__CxxLongjmpUnwind
_setjmp3
_CxxThrowException
_purecall
__CxxFrameHandler
??_V@YAXPAX@Z
??3@YAXPAX@Z

Sections

.text
Size: 152KB - Virtual size: 148KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

CONST
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

_TEXT
Size: 600KB - Virtual size: 596KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

xdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

text
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

_BSS
Size: - Virtual size: 152B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_DATA
Size: 4KB - Virtual size: 807B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

CRT
Size: 4KB - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
rarkey.exe
.exe windows:4 windows x86 arch:x86

2e15224f629960f6f93c1404bc8044ac

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

InterlockedDecrement
InterlockedIncrement
GetModuleHandleA
GetStartupInfoA

pk83

ord12625
ord19735
ord15881
ord13788
ord15224
ord3560
ord15868
ord11868
ord21220
ord5031
ord7792
ord18891
ord21431
ord1615
ord4223
ord19146
ord6630
ord9492
ord19555
ord12450
ord20389
ord10009
ord17680
ord8058
ord8177
ord20608
ord4287
ord6273
ord14075
ord13613
ord1029
ord241
ord16310
ord10236
ord10574
ord15537
ord20037
ord6202
ord2449
ord4937
ord18454
ord21377
ord18126
ord854
ord2568
ord4291
ord16148
ord7304
ord4490
ord20606
ord21724
ord2769
ord19694
ord8448
ord6272
ord16387
ord14146
ord13016
ord13371
ord5021
ord21320
ord10185
ord21128
ord20153
ord548
ord11251
ord18933
ord9914
ord14837
ord8287
ord10704
ord5406
ord17303
ord8075
ord5208
ord5851
ord5159
ord21204
ord11835
ord5371
ord9196
ord1228
ord4881
ord18379
ord3548
ord19786
ord12446
ord8377
ord7310
ord6748
ord20989
ord13987
ord9464
ord8458
ord11359
ord13091
ord7980
ord16740
ord19774
ord7225
ord4669
ord14627
ord14321
ord16470
ord2056
ord6947
ord19674
ord5488
ord7452
ord10695
ord18483
ord20511
ord9968
ord2138
ord5272
ord19184
ord21368
ord1072
ord5988
ord15044
ord6689
ord21892
ord17099
ord17043
ord13843
ord2244
ord17976
ord8666
ord10677
ord11683
ord19018
ord10419
ord12333
ord7984
ord229
ord15465
ord16512
ord8876
ord12538
ord17044
ord10005
ord10170
ord1270
ord8199
ord565
ord14377
ord15663
ord17838
ord9814
ord10323
ord18595
ord2167
ord20395
ord6811
ord149
ord20980
ord21835
ord12044
ord4107
ord4582
ord19798
ord4507
ord11348
ord9636
ord16167
ord20342
ord12666
ord6005
ord409
ord12838
ord20192
ord56
ord17675
ord2663
ord4499
ord15046
ord12947
ord15327
ord7488
ord2931
ord21444
ord7224
ord12483
ord17195
ord21105
ord90
ord1478
ord16859
ord18687
ord8815
ord22060
ord16406
ord11786
ord15744
ord5825
ord12667
ord1592
ord11080
ord3482
ord6584
ord5518
ord916
ord8582
ord3891
ord21844

msvcr71

_controlfp
_onexit
__dllonexit
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_amsg_exit
_acmdln
exit
_cexit
_ismbblead
_XcptFilter
_exit
_c_exit
??1type_info@@UAE@XZ
_except_handler3
?terminate@@YAXXZ
??0exception@@QAE@ABV0@@Z
??1exception@@UAE@XZ
??0exception@@QAE@ABQBD@Z
?what@exception@@UBEPBDXZ
_callnewh
strchr
strncpy
malloc
free
memmove
_CxxThrowException
__CxxLongjmpUnwind
_setjmp3
_purecall
__CxxFrameHandler
??_V@YAXPAX@Z
??3@YAXPAX@Z

Sections

.text
Size: 136KB - Virtual size: 134KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
scdkey.exe
.exe windows:4 windows x86 arch:x86

a3ab6f24bfa88376889efbd55eaa34d2

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

InterlockedDecrement
InterlockedIncrement
WideCharToMultiByte
GetModuleHandleA
GetStartupInfoA

pk83

ord11868
ord21220
ord5031
ord7792
ord18891
ord21431
ord1615
ord4223
ord19146
ord14822
ord19555
ord2242
ord21377
ord10994
ord854
ord5518
ord6584
ord3482
ord11080
ord1592
ord12667
ord5825
ord15744
ord11786
ord16406
ord8815
ord16859
ord1478
ord90
ord21105
ord17195
ord12483
ord7224
ord18687
ord2931
ord3970
ord15327
ord15046
ord10009
ord17680
ord8058
ord8177
ord20608
ord4287
ord6273
ord14075
ord1029
ord241
ord16310
ord2568
ord4291
ord16148
ord20606
ord21724
ord19694
ord8448
ord6272
ord16387
ord14146
ord13016
ord13371
ord5021
ord10236
ord10574
ord15537
ord20037
ord6202
ord2449
ord4937
ord240
ord19735
ord12625
ord1780
ord4881
ord10610
ord16167
ord20342
ord12666
ord6005
ord409
ord12838
ord20192
ord56
ord17675
ord2663
ord953
ord15771
ord7020
ord17303
ord7304
ord4490
ord22060
ord4499
ord10704
ord11348
ord4768
ord12947
ord17043
ord12378
ord4107
ord76
ord12446
ord21320
ord7488
ord8582
ord3891
ord21444

msvcr71

_controlfp
_onexit
__dllonexit
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_amsg_exit
_acmdln
exit
_cexit
_ismbblead
_XcptFilter
_exit
_c_exit
??1type_info@@UAE@XZ
_except_handler3
?terminate@@YAXXZ
??0exception@@QAE@ABV0@@Z
??1exception@@UAE@XZ
??0exception@@QAE@ABQBD@Z
?what@exception@@UBEPBDXZ
_callnewh
malloc
__CxxLongjmpUnwind
_setjmp3
_purecall
_CxxThrowException
__CxxFrameHandler
??_V@YAXPAX@Z
??3@YAXPAX@Z

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

CONST
Size: 512B - Virtual size: 278B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

_TEXT
Size: 79KB - Virtual size: 78KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

xdata
Size: 1024B - Virtual size: 772B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

text
Size: 1024B - Virtual size: 553B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_DATA
Size: 512B - Virtual size: 138B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
sqlkey.exe
.exe windows:4 windows x86 arch:x86

4b6cff476f8e9b824a9baeed3e36f823

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleHandleA
InterlockedIncrement
InterlockedDecrement
GetStartupInfoA

user32

PostMessageA

advapi32

QueryServiceStatus
OpenSCManagerA
CloseServiceHandle
OpenServiceA
StartServiceA
ControlService

pk83

ord11683
ord19018
ord10419
ord13811
ord6103
ord19786
ord14259
ord18687
ord8582
ord13023
ord14377
ord11080
ord1592
ord12667
ord5825
ord11786
ord16406
ord8815
ord16859
ord1478
ord90
ord21105
ord17195
ord12483
ord7224
ord21444
ord2931
ord7488
ord15327
ord15046
ord8363
ord20864
ord15594
ord6928
ord13474
ord11471
ord20146
ord10236
ord6409
ord10574
ord15537
ord20037
ord6202
ord2449
ord4937
ord240
ord9607
ord449
ord10677
ord5481
ord241
ord9423
ord16310
ord8666
ord2663
ord17675
ord56
ord20192
ord12838
ord409
ord6005
ord12666
ord20342
ord16167
ord10610
ord4881
ord1780
ord12625
ord19735
ord3970
ord11868
ord5031
ord7792
ord18891
ord21431
ord1615
ord4223
ord19146
ord14822
ord19555
ord2242
ord21377
ord3350
ord10994
ord854
ord10009
ord17680
ord8058
ord8177
ord20608
ord4287
ord6273
ord14075
ord21220
ord2568
ord4291
ord16148
ord20606
ord21724
ord19694
ord8448
ord6272
ord16387
ord14146
ord13016
ord13371
ord5021
ord17976
ord2244
ord17044
ord11533
ord4499
ord1029
ord15331
ord8274
ord15744
ord12947
ord17043
ord12378
ord3482
ord5518
ord6584
ord12164
ord13230
ord4180
ord11495
ord1084
ord5406
ord4490
ord22060
ord7304
ord17303
ord10704
ord8377
ord16512
ord11359
ord2008
ord12446
ord7310
ord21320
ord7980
ord953
ord3891
ord14169

msvcr71

_controlfp
_onexit
__dllonexit
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_amsg_exit
_acmdln
exit
_cexit
_ismbblead
_XcptFilter
_exit
_c_exit
??1type_info@@UAE@XZ
_except_handler3
?terminate@@YAXXZ
??0exception@@QAE@ABV0@@Z
??1exception@@UAE@XZ
??0exception@@QAE@ABQBD@Z
?what@exception@@UBEPBDXZ
_callnewh
malloc
_purecall
_setjmp3
__CxxLongjmpUnwind
wcscmp
_CxxThrowException
__CxxFrameHandler
??_V@YAXPAX@Z
??3@YAXPAX@Z

Sections

.text
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

CONST
Size: 4KB - Virtual size: 362B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

_TEXT
Size: 72KB - Virtual size: 69KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

xdata
Size: 4KB - Virtual size: 624B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

text
Size: 4KB - Virtual size: 352B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 320B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_DATA
Size: 4KB - Virtual size: 142B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
un-kitd.exe.nsis
winkey.exe
.exe windows:4 windows x86 arch:x86

be2450b53b74613a98f9d6d41b539f51

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

imagehlp

CheckSumMappedFile

kernel32

GetTimeZoneInformation
InterlockedDecrement
InterlockedIncrement
InterlockedExchange
CloseHandle
WaitForSingleObject
CreateProcessA
GetTempPathA
LockResource
LoadResource
SizeofResource
FindResourceA
GetModuleHandleA
GetDriveTypeA
GetLogicalDrives
DeviceIoControl
CreateFileA
GetDiskFreeSpaceA
SetErrorMode
FormatMessageA
GetLastError
FlushFileBuffers
GetProcAddress
LoadLibraryA
FreeLibrary
WriteFile
SetFilePointer
DefineDosDeviceA
EnterCriticalSection
LeaveCriticalSection
ResetEvent
CreateEventA
GetSystemTime
QueryPerformanceFrequency
InitializeCriticalSection
DeleteCriticalSection
GetStartupInfoA
MultiByteToWideChar
FindFirstFileA
WideCharToMultiByte
FindNextFileA
FileTimeToSystemTime
FileTimeToLocalFileTime
FindClose
ResumeThread
SetThreadPriority
Sleep
QueryPerformanceCounter
ReadFile
CreateFileW
GetFileSize
GlobalFree
GlobalAlloc
GetFullPathNameA
GetLocalTime
SetEvent
WaitForMultipleObjects

pk83

ord14259
ord1982
ord9088
ord15044
ord6689
ord9525
ord17099
ord13843
ord9248
ord9455
ord16521
ord4507
ord6545
ord16382
ord13784
ord10306
ord13023
ord6584
ord5518
ord1097
ord21107
ord3482
ord13307
ord13680
ord11080
ord1592
ord12667
ord16406
ord8815
ord16859
ord1478
ord90
ord21105
ord1134
ord12483
ord7224
ord21444
ord7488
ord15327
ord953
ord2663
ord17675
ord56
ord20192
ord12838
ord409
ord6005
ord12666
ord20342
ord16167
ord10610
ord4881
ord1780
ord12625
ord19735
ord3970
ord11868
ord21220
ord5031
ord18891
ord21431
ord1615
ord4223
ord19146
ord2242
ord19555
ord10994
ord14822
ord15046
ord10009
ord17680
ord8058
ord8177
ord20608
ord4287
ord6273
ord14075
ord22076
ord9423
ord10337
ord16369
ord9607
ord10809
ord9941
ord7065
ord1029
ord13559
ord20078
ord15180
ord15362
ord20311
ord1547
ord21377
ord3350
ord11685
ord6936
ord10285
ord6110
ord854
ord2568
ord4291
ord241
ord16148
ord20606
ord21724
ord19694
ord8448
ord16310
ord6272
ord16387
ord14146
ord13016
ord13371
ord5021
ord15594
ord7793
ord16219
ord19956
ord5050
ord11471
ord13570
ord11839
ord12397
ord20864
ord20146
ord3766
ord16141
ord14443
ord4402
ord7472
ord10131
ord8377
ord17044
ord12545
ord5906
ord3035
ord13200
ord4527
ord12538
ord7266
ord17043
ord16512
ord11385
ord4107
ord4937
ord17820
ord10236
ord18219
ord12102
ord2931
ord14837
ord18933
ord9640
ord5825
ord7306
ord1900
ord16695
ord15735
ord14424
ord11348
ord21534
ord10231
ord6949
ord15744
ord6543
ord5406
ord4194
ord6782
ord11786
ord12446
ord21320
ord7980
ord4490
ord7304
ord17303
ord10704
ord485
ord18525
ord8582
ord18687
ord17838
ord18731
ord20009
ord6034
ord12947
ord4499
ord10661
ord21580
ord1519
ord6205
ord17409
ord20697
ord2036
ord11896
ord10556
ord11519
ord20719
ord7753
ord9835
ord19032
ord20746
ord11533
ord22060
ord11862
ord19191
ord16184
ord16157
ord7186
ord18784
ord17234
ord18723
ord9242
ord3507
ord20538
ord9265
ord12139
ord12603
ord20137
ord10439
ord18921
ord76
ord2631
ord17237
ord10510
ord19786
ord3891
ord17195

msvcr71

_strupr
_creat
_stat
_access
_stricmp
??_V@YAXPAX@Z
_controlfp
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_amsg_exit
_acmdln
exit
_cexit
_ismbblead
_XcptFilter
_exit
_c_exit
_onexit
__dllonexit
??1type_info@@UAE@XZ
_except_handler3
?terminate@@YAXXZ
??0exception@@QAE@ABQBD@Z
?what@exception@@UBEPBDXZ
_callnewh
clock
islower
isalpha
strspn
strrchr
strchr
_splitpath
time
_endthreadex
_beginthreadex
qsort
toupper
wcscmp
malloc
_ftol
ceil
fopen
fprintf
fclose
calloc
strncmp
free
wcscpy
wcslen
wcstombs
__CxxLongjmpUnwind
_setjmp3
_close
remove
sprintf
??0exception@@QAE@ABV0@@Z
??0exception@@QAE@XZ
??1exception@@UAE@XZ
_CxxThrowException
memmove
_purecall
__CxxFrameHandler
??3@YAXPAX@Z

Sections

.text
Size: 196KB - Virtual size: 192KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 56KB - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 880KB - Virtual size: 877KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
wpkey.exe
.exe windows:4 windows x86 arch:x86

900931fcda8f2186c3e6e07b87d1dc5e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

InterlockedDecrement
InterlockedIncrement
GetModuleHandleA
GetStartupInfoA

pk83

ord10610
ord4881
ord1780
ord12625
ord19735
ord3970
ord11868
ord21220
ord5031
ord7792
ord18891
ord21431
ord1615
ord4223
ord19146
ord14822
ord19555
ord2242
ord21377
ord10994
ord854
ord5518
ord6584
ord3482
ord11080
ord1592
ord12667
ord5825
ord11786
ord16406
ord8815
ord18687
ord16859
ord1478
ord90
ord21105
ord17195
ord12483
ord7224
ord21444
ord2931
ord10704
ord16167
ord15046
ord10009
ord17680
ord8058
ord8177
ord20608
ord4287
ord6273
ord14075
ord1029
ord241
ord16310
ord2568
ord4291
ord16148
ord20606
ord21724
ord19694
ord8448
ord6809
ord13389
ord6272
ord16387
ord14146
ord13016
ord13371
ord5021
ord10236
ord10574
ord15537
ord20037
ord6202
ord2449
ord4937
ord240
ord12545
ord3367
ord8471
ord5348
ord9640
ord10231
ord12148
ord20342
ord12666
ord6005
ord409
ord12838
ord20192
ord56
ord17675
ord2663
ord953
ord15331
ord12143
ord11971
ord18455
ord10739
ord15771
ord11533
ord12336
ord21209
ord7310
ord8377
ord12446
ord21320
ord19786
ord15744
ord7020
ord10337
ord11348
ord8582
ord4499
ord6723
ord12947
ord17043
ord76
ord4490
ord22060
ord7304
ord17303
ord15327
ord5406
ord3891
ord7488

msvcr71

_controlfp
_onexit
__dllonexit
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_amsg_exit
_acmdln
exit
_cexit
_ismbblead
_XcptFilter
_exit
_c_exit
??1type_info@@UAE@XZ
_except_handler3
?terminate@@YAXXZ
??0exception@@QAE@ABV0@@Z
??1exception@@UAE@XZ
??0exception@@QAE@ABQBD@Z
?what@exception@@UBEPBDXZ
_callnewh
malloc
toupper
islower
__CxxLongjmpUnwind
_setjmp3
_purecall
wcscmp
wcslen
memmove
_CxxThrowException
__CxxFrameHandler
??_V@YAXPAX@Z
??3@YAXPAX@Z

Sections

.text
Size: 32KB - Virtual size: 30KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

CONST
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

_TEXT
Size: 896KB - Virtual size: 894KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

xdata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

text
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

_BSS
Size: - Virtual size: 245B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_DATA
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

CRT
Size: 4KB - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
wprokey.exe
.exe windows:4 windows x86 arch:x86

a2c346809bd445ff1b56c9e4e5a24114

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

InterlockedDecrement
InterlockedIncrement
GetModuleHandleA
GetStartupInfoA

pk83

ord12625
ord19735
ord3970
ord11868
ord21220
ord5031
ord7792
ord18891
ord21431
ord1615
ord4223
ord19146
ord14822
ord19555
ord2242
ord21377
ord10994
ord854
ord8582
ord5518
ord6584
ord3482
ord11080
ord1592
ord12667
ord5825
ord15744
ord11786
ord16406
ord8815
ord18687
ord16859
ord1478
ord90
ord21105
ord7980
ord1780
ord7224
ord21444
ord2931
ord15046
ord10009
ord17680
ord8058
ord8177
ord20608
ord4287
ord6273
ord14075
ord1029
ord241
ord16310
ord10236
ord10574
ord15537
ord20037
ord6202
ord2449
ord4937
ord240
ord2568
ord4291
ord16148
ord20606
ord21724
ord19694
ord8448
ord6272
ord16387
ord14146
ord13016
ord13371
ord5021
ord4881
ord10610
ord16167
ord20342
ord12666
ord6005
ord409
ord12838
ord20192
ord56
ord17675
ord2663
ord953
ord7488
ord15327
ord15771
ord17152
ord16512
ord11348
ord12378
ord76
ord10323
ord4768
ord12947
ord4499
ord17043
ord11359
ord4490
ord22060
ord7304
ord17303
ord10704
ord12446
ord12483
ord21320
ord3891
ord17195

msvcr71

_controlfp
_onexit
__dllonexit
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_amsg_exit
_acmdln
exit
_cexit
_ismbblead
_XcptFilter
_exit
_c_exit
??1type_info@@UAE@XZ
_except_handler3
?terminate@@YAXXZ
??0exception@@QAE@ABV0@@Z
??1exception@@UAE@XZ
??0exception@@QAE@ABQBD@Z
?what@exception@@UBEPBDXZ
_callnewh
malloc
__CxxLongjmpUnwind
_setjmp3
_purecall
_CxxThrowException
__CxxFrameHandler
??_V@YAXPAX@Z
??3@YAXPAX@Z

Sections

.text
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

CONST
Size: 4KB - Virtual size: 717B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

_TEXT
Size: 148KB - Virtual size: 147KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

xdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

text
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 264B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_DATA
Size: 4KB - Virtual size: 150B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
zipkey.exe
.exe windows:4 windows x86 arch:x86

1f1031ed0f70e683901073ecbada99de

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

InterlockedDecrement
InterlockedIncrement
GetModuleHandleA
GetStartupInfoA

user32

EndDialog
SetWindowLongA
GetDlgItemTextA
SetDlgItemTextA
GetDlgItem
DialogBoxParamA
ShowWindow
EnableWindow

pk83

ord16740
ord7980
ord17044
ord19774
ord16500
ord7225
ord4669
ord14627
ord14321
ord16470
ord2056
ord6947
ord19674
ord5488
ord7452
ord1029
ord5518
ord6584
ord3482
ord8075
ord5208
ord5159
ord21844
ord18379
ord3548
ord131
ord17442
ord2008
ord16512
ord12148
ord16584
ord17312
ord2498
ord11348
ord18275
ord18483
ord20511
ord9968
ord2138
ord5272
ord19184
ord18687
ord8582
ord1592
ord11080
ord12667
ord15744
ord5825
ord16406
ord11786
ord7224
ord8815
ord17195
ord12483
ord21105
ord16859
ord1478
ord90
ord21444
ord2931
ord15046
ord8898
ord2906
ord21835
ord20980
ord149
ord6811
ord12044
ord9248
ord14146
ord4291
ord6272
ord16387
ord7065
ord22076
ord14259
ord12947
ord20606
ord4499
ord16148
ord18933
ord3350
ord240
ord7852
ord4625
ord7266
ord11251
ord10185
ord548
ord21128
ord20153
ord18202
ord11533
ord12169
ord4054
ord19021
ord17838
ord21697
ord11232
ord4582
ord241
ord14837
ord16310
ord20395
ord10005
ord10323
ord4107
ord19798
ord4507
ord9636
ord21220
ord2791
ord7488
ord15327
ord8878
ord2663
ord17675
ord56
ord20192
ord12838
ord409
ord6005
ord12666
ord20342
ord16167
ord4881
ord12625
ord13091
ord15881
ord565
ord15224
ord3560
ord15868
ord11868
ord5031
ord7792
ord18891
ord21431
ord1615
ord4223
ord19146
ord6630
ord9492
ord12450
ord20389
ord10009
ord17680
ord8058
ord8177
ord20608
ord4287
ord6273
ord14075
ord13613
ord19555
ord10236
ord10574
ord15537
ord20037
ord6202
ord17827
ord4937
ord18454
ord21500
ord21377
ord18126
ord854
ord2568
ord21724
ord2769
ord19694
ord8448
ord13016
ord13371
ord5021
ord113
ord2958
ord10299
ord10819
ord10337
ord2496
ord15373
ord9423
ord21877
ord2677
ord9387
ord6711
ord18525
ord20884
ord9866
ord18921
ord12020
ord3035
ord9083
ord9090
ord1543
ord16114
ord6679
ord144
ord3089
ord3291
ord2717
ord10824
ord16248
ord4926
ord1092
ord8363
ord17280
ord18491
ord10782
ord19950
ord6809
ord13389
ord7306
ord12288
ord6409
ord5307
ord12736
ord7481
ord14486
ord5348
ord12012
ord11728
ord3367
ord10330
ord5011
ord21107
ord3766
ord16413
ord7020
ord3116
ord531
ord17385
ord20250
ord2798
ord5562
ord13200
ord1013
ord10231
ord6723
ord9640
ord12545
ord15400
ord2050
ord4772
ord1835
ord20403
ord21204
ord11835
ord5371
ord9196
ord1228
ord916
ord3587
ord20009
ord76
ord12378
ord11511
ord15982
ord4768
ord8458
ord9464
ord13987
ord17099
ord5406
ord14169
ord9914
ord20989
ord21368
ord13843
ord17043
ord9525
ord21892
ord6689
ord15044
ord14406
ord4490
ord22060
ord7304
ord17303
ord10704
ord15479
ord8287
ord6748
ord11359
ord7310
ord8377
ord12446
ord21320
ord19786
ord15454
ord16344
ord10976
ord3405
ord996
ord10059
ord3891
ord13788
ord19735

msvcr71

_controlfp
??_V@YAXPAX@Z
__CxxFrameHandler
_CxxThrowException
_purecall
_setjmp3
__CxxLongjmpUnwind
strtoul
_onexit
__dllonexit
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_amsg_exit
_acmdln
exit
_cexit
_ismbblead
_XcptFilter
_exit
_c_exit
??1type_info@@UAE@XZ
_except_handler3
?terminate@@YAXXZ
??0exception@@QAE@ABV0@@Z
??1exception@@UAE@XZ
??0exception@@QAE@ABQBD@Z
?what@exception@@UBEPBDXZ
_callnewh
malloc
strchr
memmove
??3@YAXPAX@Z

Sections

.text
Size: 188KB - Virtual size: 185KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

CONST
Size: 4KB - Virtual size: 678B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

_TEXT
Size: 128KB - Virtual size: 126KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

xdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

_BSS
Size: - Virtual size: 4B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 40KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_DATA
Size: 4KB - Virtual size: 220B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

18bc6fa81e19f21156316b1ae696ed6b

Code Sign

e0:9f:88:1b:1e:12:ac:c6:39:14:f1:f0:f5:6d:35:6aCertificate

Extended Key Usages

Key Usages

f2:8c:be:21:07:7e:e4:42:0d:ed:23:04:e5:5f:02:67:31:66:8c:4aSigner

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 22KB - Virtual size: 22KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 1024B - Virtual size: 108KB

.ndata Size: - Virtual size: 40KB

.rsrc Size: 3KB - Virtual size: 3KB

57354bdeea3dfae6e948101add87501a

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

comdlg32

Exports

Exports

Sections

.text Size: 6KB - Virtual size: 6KB

.rdata Size: 2KB - Virtual size: 1KB

.data Size: 1KB - Virtual size: 9KB

.rsrc Size: 512B - Virtual size: 152B

.reloc Size: 1024B - Virtual size: 954B

28d94e5199b88ad374b3cb2118e31a66

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

Exports

Exports

Sections

.text Size: 2KB - Virtual size: 2KB

.rdata Size: 1KB - Virtual size: 1KB

.data Size: 512B - Virtual size: 5KB

.rsrc Size: 512B - Virtual size: 296B

.reloc Size: 512B - Virtual size: 460B

39c9ab7fb34a30e52b7a7164f24285fd

Headers

File Characteristics

Imports

kernel32

advapi32

user32

gdi32

shell32

imagehlp

Exports

Exports

Sections

.text Size: 196KB - Virtual size: 195KB

.rdata Size: 40KB - Virtual size: 39KB

.data Size: 8KB - Virtual size: 12KB

.reloc Size: 28KB - Virtual size: 25KB

592e3a5ce6ef4fbde491e82d160d314f

Headers

e0:9f:88:1b:1e:12:ac:c6:39:14:f1:f0:f5:6d:35:6a
Certificate

f2:8c:be:21:07:7e:e4:42:0d:ed:23:04:e5:5f:02:67:31:66:8c:4a
Signer

.text
Size: 22KB - Virtual size: 22KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 1024B - Virtual size: 108KB

.ndata
Size: - Virtual size: 40KB

.rsrc
Size: 3KB - Virtual size: 3KB

.text
Size: 6KB - Virtual size: 6KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 1KB - Virtual size: 9KB

.rsrc
Size: 512B - Virtual size: 152B

.reloc
Size: 1024B - Virtual size: 954B

.text
Size: 2KB - Virtual size: 2KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: 512B - Virtual size: 5KB

.rsrc
Size: 512B - Virtual size: 296B

.reloc
Size: 512B - Virtual size: 460B

.text
Size: 196KB - Virtual size: 195KB

.rdata
Size: 40KB - Virtual size: 39KB

.data
Size: 8KB - Virtual size: 12KB

.reloc
Size: 28KB - Virtual size: 25KB

.text
Size: 8KB - Virtual size: 6KB

CONST
Size: 4KB - Virtual size: 729B

_TEXT
Size: 204KB - Virtual size: 203KB

xdata
Size: 4KB - Virtual size: 2KB

text
Size: 4KB - Virtual size: 2KB

_BSS
Size: - Virtual size: 1024B

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 4KB - Virtual size: 152B

_DATA
Size: 4KB - Virtual size: 506B

.rsrc
Size: 20KB - Virtual size: 19KB

.text
Size: 156KB - Virtual size: 153KB

CONST
Size: 4KB - Virtual size: 530B

_TEXT
Size: 88KB - Virtual size: 87KB

xdata
Size: 4KB - Virtual size: 1KB

text
Size: 4KB - Virtual size: 597B

.rdata
Size: 28KB - Virtual size: 25KB

.data
Size: 4KB - Virtual size: 820B

_DATA
Size: 4KB - Virtual size: 116B

.rsrc
Size: 28KB - Virtual size: 27KB

.text
Size: 60KB - Virtual size: 58KB

CONST
Size: 4KB - Virtual size: 582B

_TEXT
Size: 212KB - Virtual size: 209KB

xdata
Size: 4KB - Virtual size: 3KB

text
Size: 8KB - Virtual size: 4KB

.rdata
Size: 16KB - Virtual size: 14KB

.data
Size: 4KB - Virtual size: 436B

_DATA
Size: 4KB - Virtual size: 140B

.rsrc
Size: 20KB - Virtual size: 19KB

.text
Size: 20KB - Virtual size: 19KB

CONST
Size: 1024B - Virtual size: 549B

_TEXT
Size: 12KB - Virtual size: 12KB

.rdata
Size: 6KB - Virtual size: 6KB

.data
Size: 2KB - Virtual size: 4KB

_DATA
Size: 512B - Virtual size: 16B

.reloc
Size: 4KB - Virtual size: 4KB