3c13bdfe00f65e9ee1c894d5ff5faf53_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

3c13bdfe00f65e9ee1c894d5ff5faf53_JaffaCakes118
Size

8.9MB
MD5

3c13bdfe00f65e9ee1c894d5ff5faf53
SHA1

17dffc2f7f5cfbc78574ba66aa9db8bd3cc63b32
SHA256

618d3b074c90c2a25e2613a4ffca145a0f662244618100a13537e5ea22bb2b51
SHA512

ffab19c74a9ce800dc6806c0e667b432a6eff08cdd77a006d9c3a997b802da68b3df7be985883d479655cb172d155ec951ddc7566fee82a2381d4f81e07edd81
SSDEEP

196608:9d58/v0aLMtnApk9GUvqDgAgAYi0YVPAGj76s5ZzI6WkLH8JdR5uKDB:9M/v0aIApk9ZwbgAlvV4GqsLIOHc5TF

Score

7^/10

pdf link upx

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 1 IoCs

Detects file using ACProtect software.

resource	yara_rule
static1/unpack004/16Edit.dll	acprotect

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack004/16Edit.dll	upx

One or more HTTP URLs in PDF identified
Detects presence of HTTP links in PDF files.
pdf link

Unsigned PE 25 IoCs

Checks for missing Authenticode signature.

resource
unpack002/ExplorerSuite.exe
unpack001/Files/Patch.exe
unpack001/Files/Saturday Night Crackme.exe
unpack004/16Edit.dll
unpack005/out.upx
unpack004/BeaEngine.dll
unpack004/pcre.dll
unpack004/plugins/PDK/c/Release/plugin_example.d2p
unpack004/plugins/PDK/c/Release/plugin_example.dll
unpack004/plugins/backup_switch.d2p
unpack004/plugins/backup_switch.dll
unpack004/plugins/checkwindowsversion.d2p
unpack004/plugins/checkwindowsversion.dll
unpack004/plugins/delete_file.d2p
unpack004/plugins/delete_file.dll
unpack004/plugins/filetime.d2p
unpack004/plugins/filetime.dll
unpack004/plugins/findnextfile.d2p
unpack004/plugins/findnextfile.dll
unpack004/plugins/log_message.d2p
unpack004/plugins/log_message.dll
unpack004/plugins/move_file.d2p
unpack004/plugins/move_file.dll
unpack004/plugins/plugin_example.d2p
unpack004/plugins/plugin_example.dll

Files

3c13bdfe00f65e9ee1c894d5ff5faf53_JaffaCakes118
.zip
Files/CFFExplorerSuite.rar
.rar
ExplorerSuite.exe
.exe windows:1 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 1024B - Virtual size: 588B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 3KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 8B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Files/Patch.exe
.exe windows:5 windows x86 arch:x86

dc73a9bd8de0fd640549c85ac4089b87

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

DeleteFileA
ExitProcess
FindResourceA
FreeLibrary
GetModuleHandleA
GetProcAddress
GetTempPathA
LoadLibraryA
LoadResource
RtlMoveMemory
SizeofResource
VirtualAlloc
lstrcatA
CloseHandle
CreateFileA
FlushFileBuffers
WriteFile

Sections

.text
Size: 512B - Virtual size: 502B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 472B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 52B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 82B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Files/SSECS dUP skin by nwokiller.zip
.zip
Lips.ico
MAIN.bmp
MAIN.png
.png
MAIN.res
MAIN.rgn
colorscheme.ini
Files/Saturday Night Crackme.exe
.exe windows:4 windows x86 arch:x86

7b4b46f6f0c0d1258ca5336af07ecd52

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

SetWindowTextA
SetWindowLongA
SetDlgItemTextA
SetCursor
SendMessageA
SendDlgItemMessageA
OffsetRect
LoadIconA
DialogBoxParamA
DrawTextA
EndDialog
FillRect
GetDlgCtrlID
CallWindowProcA
GetDlgItem
GetDlgItemTextA
InflateRect
LoadCursorA

kernel32

CreateThread
ExitThread
ResumeThread
SetThreadPriority
Sleep
CloseHandle
CreateFileA
ExitProcess
FindResourceA
GetModuleHandleA
GlobalAlloc
GlobalFree
LoadResource
LockResource
ReadFile
SizeofResource
SuspendThread

gdi32

CreateFontIndirectA
CreateSolidBrush
DeleteObject
GetObjectA
RoundRect
SelectObject
SetBkMode
SetTextColor
CreatePen

winmm

waveOutWrite
waveOutUnprepareHeader
waveOutRestart
waveOutPrepareHeader
waveOutPause
waveOutOpen
waveOutGetPosition
waveOutClose
waveOutReset

Sections

.text
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 334KB - Virtual size: 334KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Files/dUP2.zip
.zip
16Edit.dll
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

HEEnterWindowLoop
HEEnterWindowLoopInNewThread
HESpecifySettings

Sections

UPX0
Size: - Virtual size: 32KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 14KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.text
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
BeaEngine.dll
.dll windows:4 windows x86 arch:x86

8cbe474b22125fb1db558aa74cc5bc46

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

VirtualFree
HeapCreate
HeapDestroy
HeapAlloc
HeapReAlloc
HeapFree
HeapSize
HeapValidate
GetSystemTimeAsFileTime
GetStartupInfoA
GetFileType
GetStdHandle
GetCurrentProcess
DuplicateHandle
SetHandleCount
GetCommandLineA
GetModuleFileNameA
GetEnvironmentStrings
FreeEnvironmentStringsA
GetCommandLineW
GetModuleFileNameW
GetEnvironmentStringsW
FreeEnvironmentStringsW
ExitProcess
MultiByteToWideChar
VirtualAlloc
VirtualQuery
WideCharToMultiByte

Exports

Exports

_BeaEngineRevision@0
_BeaEngineVersion@0
_Disasm@4

Sections

.text
Size: 224KB - Virtual size: 223KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
dup2.exe
.exe windows:5 windows x86 arch:x86

4379e7d6decaf8cb79188e5eadeb9b87

Code Sign

7f:08:a2:94:bf:0f:cc:76:b7:9d:a0:7b:74:6d:bc:60
Certificate

Issuer

CN=diablo2oo2

Not Before

26/09/2011, 14:33

Not After

31/12/2039, 23:59

Subject

CN=diablo2oo2.cjb.net

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1e:55:2b:56:a9:5e:ec:e4:96:54:6a:d9:8e:9a:56:f1:65:31:2c:a7
Signer

Actual PE Digest

1e:55:2b:56:a9:5e:ec:e4:96:54:6a:d9:8e:9a:56:f1:65:31:2c:a7

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

user32

SetWindowLongA
SetMenu
SetForegroundWindow
SetFocus
SetDlgItemTextA
SetDlgItemInt
SetClipboardData
SetClassLongA
SetCapture
SetActiveWindow
SendMessageA
SendDlgItemMessageA
ScreenToClient
RemoveMenu
ReleaseDC
ReleaseCapture
RegisterClipboardFormatA
RedrawWindow
SetWindowTextA
OpenClipboard
MoveWindow
MessageBoxA
MessageBeep
LoadStringA
LoadIconA
LoadCursorA
LoadBitmapA
IsDlgButtonChecked
IsClipboardFormatAvailable
InvalidateRect
GetWindowTextLengthA
GetWindowRect
GetWindowLongA
GetTitleBarInfo
GetSysColor
GetParent
GetMenuStringA
ShowWindow
TrackPopupMenu
UpdateWindow
PtInRect
GetKeyState
GetDlgItemTextA
GetDlgItemInt
GetDlgItem
GetDlgCtrlID
GetDesktopWindow
GetDC
GetCursorPos
GetClipboardData
GetClientRect
GetClassNameA
GetCapture
GetActiveWindow
FrameRect
FindWindowA
EnumChildWindows
EndDialog
EnableWindow
EnableMenuItem
EmptyClipboard
DialogBoxParamA
CreateWindowExA
CreatePopupMenu
CreateMenu
CreateDialogParamA
CloseClipboard
CheckDlgButton
CharLowerA
CallWindowProcA
AppendMenuA
wsprintfA

kernel32

CreateToolhelp32Snapshot
OpenProcess
Process32First
Process32Next
FlushFileBuffers
WriteFile
lstrlenA
lstrcpyA
lstrcmpiA
lstrcmpA
lstrcatA
WritePrivateProfileStringA
WideCharToMultiByte
WaitForSingleObject
VirtualQueryEx
VirtualFree
VirtualAlloc
UpdateResourceA
UnmapViewOfFile
TerminateProcess
Sleep
SizeofResource
SetUnhandledExceptionFilter
SetFileAttributesA
SetEnvironmentVariableA
RtlZeroMemory
RtlMoveMemory
ReadFile
MultiByteToWideChar
MoveFileA
MapViewOfFile
LoadResource
LoadLibraryA
GlobalUnlock
GlobalLock
GlobalAlloc
GetVersionExA
GetTempPathA
GetSystemTime
GetProcAddress
GetPrivateProfileStringA
GetModuleHandleA
GetModuleFileNameA
GetLastError
GetFileSize
GetFileAttributesA
GetCurrentProcess
BeginUpdateResourceA
CloseHandle
CompareStringA
CreateFileA
CreateFileMappingA
CreateProcessA
CreateThread
DeleteFileA
EndUpdateResourceA
EnumResourceNamesA
ExitProcess
ExpandEnvironmentStringsA
FindClose
FindFirstFileA
FindNextFileA
FindResourceA
FormatMessageA
FreeLibrary
GetCommandLineA

shell32

DragQueryFileA
DragFinish
DragAcceptFiles
ShellExecuteA

gdi32

GetObjectA
LineTo
AddFontResourceA
CreateFontIndirectA
CreateSolidBrush
CreatePen
SetTextColor
SetBkMode
SelectObject
RoundRect
RemoveFontResourceA
MoveToEx

comdlg32

GetOpenFileNameA
GetSaveFileNameA
ChooseColorA
ChooseFontA

advapi32

RegCloseKey
RegSetValueExA
RegOpenKeyExA
RegDeleteValueA
RegQueryValueExA
RegCreateKeyExA

Exports

Exports

AddToolTip
CRC32OfFile
CloseLoadedFile
CmpMemory
Copy2Clipboard
DragInControl
EndChooseHideMethod
GetCurrentPluginDataMemory
GetDup2MainDialogHandle
GetEntryPoint
GetFirstSectionOffset
GetRegDword
GetRegString
GetSectionName
HexDataToHexString
HexStringToHexData
Is64BitWindows
IsFileExtension
IsHexPatternString
IsHexString
IsInString
IsNumberString
IsPEFile
LoadFileToMem
LoadWindowPosition
MD5OfFile
MakeFileNameValid
OffsetToRVA
OffsetToVA
OffsetToVA_File
RVAToOffset
ReadIniString
Reg_Delete_Value
RemoveSubstring
ResizeCurrentPluginDataMemory
ResolvePath
SaveWindowPosition
SetRegDword
SetRegString
StartChooseHideMethod
TrimToPathOnly
VAToOffset
VAToOffset_File
WriteIniString
d2k2_FileNameOfPath
d2k2_GetFilePath
d2k2_GetSaveFilePathEx

Sections

.text
Size: 118KB - Virtual size: 117KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 259KB - Virtual size: 811KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 128KB - Virtual size: 127KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
dup2.ini
dup2_help.chm
.chm
icons/Chip.ico
icons/Disk1.ico
icons/dUP2_black.ico
icons/dup1_default.ico
lang_english.dll
.dll windows:5 windows x86 arch:x86

Code Sign

7f:08:a2:94:bf:0f:cc:76:b7:9d:a0:7b:74:6d:bc:60
Certificate

Issuer

CN=diablo2oo2

Not Before

26/09/2011, 14:33

Not After

31/12/2039, 23:59

Subject

CN=diablo2oo2.cjb.net

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

ff:99:2d:79:52:d3:55:b1:75:80:7c:5a:49:ab:80:bf:5e:ff:e1:4e
Signer

Actual PE Digest

ff:99:2d:79:52:d3:55:b1:75:80:7c:5a:49:ab:80:bf:5e:ff:e1:4e

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

dup_language

Sections

.text
Size: 512B - Virtual size: 22B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 80B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 43KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
pcre.dll
.dll windows:4 windows x86 arch:x86

44ad01bacb408a0f8ee6922e7548bebc

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

HeapAlloc
HeapFree
GetCommandLineA
GetVersion
GetProcAddress
GetModuleHandleA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
WideCharToMultiByte
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
ExitProcess
TerminateProcess
GetCurrentProcess
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
DisableThreadLibraryCalls
WriteFile
RtlUnwind
GetCPInfo
GetACP
GetOEMCP
LoadLibraryA

Exports

Exports

pcre_callout
pcre_compile
pcre_compile2
pcre_config
pcre_copy_named_substring
pcre_copy_substring
pcre_dfa_exec
pcre_exec
pcre_free
pcre_free_substring
pcre_free_substring_list
pcre_fullinfo
pcre_get_named_substring
pcre_get_stringnumber
pcre_get_stringtable_entries
pcre_get_substring
pcre_get_substring_list
pcre_info
pcre_maketables
pcre_malloc
pcre_refcount
pcre_stack_free
pcre_stack_malloc
pcre_study
pcre_version

Sections

.text
Size: 208KB - Virtual size: 207KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 68KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
plugins/PDK/MASM/dup2.inc
plugins/PDK/MASM/dup2.lib
plugins/PDK/MASM/dup2patcher.inc
plugins/PDK/MASM/dup2patcher.lib
plugins/PDK/MASM/masm32_backup_switch/MAKE_DLL.BAT
plugins/PDK/MASM/masm32_backup_switch/MAKE_PATCHER_DLL.BAT
plugins/PDK/MASM/masm32_backup_switch/backup_switch.asm
plugins/PDK/MASM/masm32_backup_switch/backup_switch.def
plugins/PDK/MASM/masm32_backup_switch/backup_switch_patcherdll.asm
plugins/PDK/MASM/masm32_backup_switch/backup_switch_patcherdll.def
plugins/PDK/MASM/masm32_backup_switch/plugin_data_struct.inc
plugins/PDK/MASM/masm32_backup_switch/resource.res
plugins/PDK/MASM/masm32_checkwindowsversion/MAKE_DLL.BAT
plugins/PDK/MASM/masm32_checkwindowsversion/MAKE_PATCHER_DLL.BAT
plugins/PDK/MASM/masm32_checkwindowsversion/checkwindowsversion.asm
plugins/PDK/MASM/masm32_checkwindowsversion/checkwindowsversion.def
plugins/PDK/MASM/masm32_checkwindowsversion/checkwindowsversion_patcherdll.asm
plugins/PDK/MASM/masm32_checkwindowsversion/checkwindowsversion_patcherdll.def
plugins/PDK/MASM/masm32_checkwindowsversion/plugin_data_struct.inc
plugins/PDK/MASM/masm32_checkwindowsversion/resource.res
plugins/PDK/MASM/masm32_delete_file/MAKE_DLL.BAT
plugins/PDK/MASM/masm32_delete_file/MAKE_PATCHER_DLL.BAT
plugins/PDK/MASM/masm32_delete_file/delete_file.asm
plugins/PDK/MASM/masm32_delete_file/delete_file.def
plugins/PDK/MASM/masm32_delete_file/delete_file_patcherdll.asm
.vbs
plugins/PDK/MASM/masm32_delete_file/delete_file_patcherdll.def
plugins/PDK/MASM/masm32_delete_file/plugin_data_struct.inc
plugins/PDK/MASM/masm32_delete_file/resource.res
plugins/PDK/MASM/masm32_filetime/MAKE_DLL.BAT
plugins/PDK/MASM/masm32_filetime/MAKE_PATCHER_DLL.BAT
plugins/PDK/MASM/masm32_filetime/filetime.asm
plugins/PDK/MASM/masm32_filetime/filetime.def
plugins/PDK/MASM/masm32_filetime/filetime_patcherdll.asm
.vbs
plugins/PDK/MASM/masm32_filetime/filetime_patcherdll.def
plugins/PDK/MASM/masm32_filetime/plugin_data_struct.inc
plugins/PDK/MASM/masm32_filetime/resource.res
plugins/PDK/MASM/masm32_findnextfile/MAKE_DLL.BAT
plugins/PDK/MASM/masm32_findnextfile/MAKE_PATCHER_DLL.BAT
plugins/PDK/MASM/masm32_findnextfile/findnextfile.asm
plugins/PDK/MASM/masm32_findnextfile/findnextfile.def
plugins/PDK/MASM/masm32_findnextfile/findnextfile_patcherdll.asm
.vbs
plugins/PDK/MASM/masm32_findnextfile/findnextfile_patcherdll.def
plugins/PDK/MASM/masm32_findnextfile/plugin_data_struct.inc
plugins/PDK/MASM/masm32_findnextfile/resource.res
plugins/PDK/MASM/masm32_log_message/MAKE_DLL.BAT
plugins/PDK/MASM/masm32_log_message/MAKE_PATCHER_DLL.BAT
plugins/PDK/MASM/masm32_log_message/log_message.asm
plugins/PDK/MASM/masm32_log_message/log_message.def
plugins/PDK/MASM/masm32_log_message/log_message_patcherdll.asm
.vbs
plugins/PDK/MASM/masm32_log_message/log_message_patcherdll.def
plugins/PDK/MASM/masm32_log_message/plugin_data_struct.inc
plugins/PDK/MASM/masm32_log_message/resource.res
plugins/PDK/MASM/masm32_move_file/MAKE_DLL.BAT
plugins/PDK/MASM/masm32_move_file/MAKE_PATCHER_DLL.BAT
plugins/PDK/MASM/masm32_move_file/move_file.asm
plugins/PDK/MASM/masm32_move_file/move_file.def
plugins/PDK/MASM/masm32_move_file/move_file_patcherdll.asm
.vbs
plugins/PDK/MASM/masm32_move_file/move_file_patcherdll.def
plugins/PDK/MASM/masm32_move_file/plugin_data_struct.inc
plugins/PDK/MASM/masm32_move_file/resource.res
plugins/PDK/MASM/masm32_plugin_example/MAKE_DLL.BAT
plugins/PDK/MASM/masm32_plugin_example/MAKE_PATCHER_DLL.BAT
plugins/PDK/MASM/masm32_plugin_example/plugin_data_struct.inc
plugins/PDK/MASM/masm32_plugin_example/plugin_example.asm
plugins/PDK/MASM/masm32_plugin_example/plugin_example.def
plugins/PDK/MASM/masm32_plugin_example/plugin_example_patcherdll.asm
plugins/PDK/MASM/masm32_plugin_example/plugin_example_patcherdll.def
plugins/PDK/MASM/masm32_plugin_example/resource.res
plugins/PDK/c/Release/plugin_example.d2p
.dll windows:5 windows x86 arch:x86

2a2cbf808ebbd2a7e406c80c39fd6885

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

user32

MessageBoxA

kernel32

HeapCreate
CopyFileA
lstrcatA
GetTempPathA
GetFileAttributesA
GetCurrentThreadId
GetCommandLineA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetModuleHandleW
GetProcAddress
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetLastError
InterlockedDecrement
HeapFree
Sleep
ExitProcess
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapDestroy
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
LeaveCriticalSection
EnterCriticalSection
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
HeapAlloc
VirtualAlloc
HeapReAlloc
WriteFile
LoadLibraryA
InitializeCriticalSectionAndSpinCount
RtlUnwind
GetLocaleInfoA
GetStringTypeA
MultiByteToWideChar
GetStringTypeW
LCMapStringA
LCMapStringW
HeapSize

dup2patcher.exe

AddMsg

Exports

Exports

PLUGIN_Action

Sections

.text
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
plugins/PDK/c/Release/plugin_example.dll
.dll windows:5 windows x86 arch:x86

28796fcc5d81c7efec035b36b20400b9

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

user32

DialogBoxParamA
SetDlgItemTextA
SendMessageA
IsDlgButtonChecked
GetDlgItemTextA
CheckDlgButton
EndDialog

dup2.exe

EndChooseHideMethod
d2k2_FileNameOfPath
d2k2_GetFilePath
LoadWindowPosition
StartChooseHideMethod
ResizeCurrentPluginDataMemory
GetDup2MainDialogHandle
SaveWindowPosition

kernel32

GetEnvironmentStrings
HeapSize
LCMapStringW
LCMapStringA
GetStringTypeW
MultiByteToWideChar
GetStringTypeA
GetLocaleInfoA
GetCurrentThreadId
GetCommandLineA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetModuleHandleW
GetProcAddress
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetLastError
InterlockedDecrement
HeapFree
Sleep
ExitProcess
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapCreate
HeapDestroy
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
LeaveCriticalSection
EnterCriticalSection
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
HeapAlloc
VirtualAlloc
HeapReAlloc
WriteFile
LoadLibraryA
InitializeCriticalSectionAndSpinCount
RtlUnwind

Exports

Exports

DUP2_EditPluginData
DUP2_ModuleDescription
DUP2_PluginInfo

Sections

.text
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 560B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
plugins/PDK/c/SDK/dup2.h
plugins/PDK/c/SDK/dup2.lib
plugins/PDK/c/SDK/dup2patcher.h
plugins/PDK/c/SDK/dup2patcher.lib
plugins/PDK/c/dup2plugin.workspace
.xml
plugins/PDK/c/plugin_example.dsw
plugins/PDK/c/plugin_example/main.cpp
plugins/PDK/c/plugin_example/main.h
plugins/PDK/c/plugin_example/plugin_example.def
plugins/PDK/c/plugin_example/plugin_example.dsp
plugins/PDK/c/plugin_example/plugin_example.project
.xml
plugins/PDK/c/plugin_example/resource.h
plugins/PDK/c/plugin_example/resource.rc
plugins/PDK/c/plugin_example/resrc1.h
plugins/PDK/c/plugin_example_patcherdll/main.cpp
plugins/PDK/c/plugin_example_patcherdll/main.h
plugins/PDK/c/plugin_example_patcherdll/plugin_example_patcherdll.def
plugins/PDK/c/plugin_example_patcherdll/plugin_example_patcherdll.dsp
plugins/PDK/c/plugin_example_patcherdll/plugin_example_patcherdll.project
.xml
plugins/backup_switch.d2p
.dll windows:5 windows x86 arch:x86

45a21ba3cfd4bd12e05d9a09f33f25d2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

user32

CheckDlgButton

dup2patcher

AddMsg
GetPatcherWindowHandle

kernel32

WriteFile
CloseHandle
CreateFileA
FlushFileBuffers

Exports

Exports

PLUGIN_Action

Sections

.text
Size: 512B - Virtual size: 258B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 429B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 52B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 52B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
plugins/backup_switch.dll
.dll windows:5 windows x86 arch:x86

cdbd941c34bc5b17aea82755929bd3f3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

user32

SendMessageA
GetDlgItem
EndDialog
DialogBoxParamA

dup2.exe

SaveWindowPosition
LoadWindowPosition
EndChooseHideMethod
StartChooseHideMethod
ResizeCurrentPluginDataMemory
GetDup2MainDialogHandle

kernel32

FlushFileBuffers
WriteFile
CreateFileA
CloseHandle
FindClose
FindFirstFileA

Exports

Exports

DUP2_EditPluginData
DUP2_ModuleDescription
DUP2_PluginInfo

Sections

.text
Size: 1024B - Virtual size: 774B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 723B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 836B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 384B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 118B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
plugins/checkwindowsversion.d2p
.dll windows:5 windows x86 arch:x86

04b741c2be2918d0adc015f0e39bf953

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

user32

GetSystemMetrics

kernel32

GetProcAddress
GetSystemInfo
GetVersionExA
WriteFile
GetModuleHandleA
FlushFileBuffers
CloseHandle
CreateFileA

dup2patcher

AddMsg

Exports

Exports

PLUGIN_Action

Sections

.text
Size: 1024B - Virtual size: 700B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 499B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 564B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 112B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
plugins/checkwindowsversion.dll
.dll windows:5 windows x86 arch:x86

1ace2f5900b3f9232d185b268d7977f5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

user32

SendMessageA
IsDlgButtonChecked
GetDlgItem
EndDialog
DialogBoxParamA
CheckDlgButton
wsprintfA

kernel32

FindFirstFileA
lstrlenA
CloseHandle
WriteFile
CreateFileA
FlushFileBuffers
FindClose

dup2.exe

ResizeCurrentPluginDataMemory
EndChooseHideMethod
StartChooseHideMethod
GetDup2MainDialogHandle
LoadWindowPosition
SaveWindowPosition

Exports

Exports

DUP2_EditPluginData
DUP2_ModuleDescription
DUP2_PluginInfo

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 825B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 656B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 170B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
plugins/delete_file.d2p
.dll windows:5 windows x86 arch:x86

fdb48a643c6e65ea67f358cb6a871498

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

ExpandEnvironmentStringsA
DeleteFileA
CloseHandle
CreateFileA
FlushFileBuffers
WriteFile

dup2patcher

AddMsg

Exports

Exports

PLUGIN_Action

Sections

.text
Size: 512B - Virtual size: 280B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 379B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 68B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 52B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
plugins/delete_file.dll
.dll windows:5 windows x86 arch:x86

198511deee1c6586a00f2dbec8377ea2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

user32

SetDlgItemTextA
SendMessageA
MessageBoxA
GetDlgItemTextA
EndDialog
DialogBoxParamA

dup2.exe

EndChooseHideMethod
LoadWindowPosition
SaveWindowPosition
StartChooseHideMethod
ResizeCurrentPluginDataMemory
GetDup2MainDialogHandle

kernel32

CloseHandle
CreateFileA
FlushFileBuffers
WriteFile
FindFirstFileA
FindClose

Exports

Exports

DUP2_EditPluginData
DUP2_ModuleDescription
DUP2_PluginInfo

Sections

.text
Size: 1024B - Virtual size: 710B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 785B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 816B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 384B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 110B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
plugins/filetime.d2p
.dll windows:5 windows x86 arch:x86

b1167cae6a3e571cbeefae2df527a59e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

ExpandEnvironmentStringsA
GetFileTime
GlobalLock
GlobalUnlock
CreateFileA
SetFileTime
lstrcatA
lstrcpyA
SetEnvironmentVariableA
CloseHandle
FlushFileBuffers
WriteFile

dup2patcher

AddMsg

Exports

Exports

PLUGIN_Action

Sections

.text
Size: 1024B - Virtual size: 868B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 520B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 116B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 72B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
plugins/filetime.dll
.dll windows:5 windows x86 arch:x86

65a1d19e773b7b9b8fe8b7c726a0ebdc

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

user32

SetDlgItemTextA
SendMessageA
MessageBoxA
IsDlgButtonChecked
GetDlgItemTextA
GetDlgItem
EndDialog
DialogBoxParamA
CheckDlgButton
wsprintfA

dup2.exe

EndChooseHideMethod
SaveWindowPosition
StartChooseHideMethod
ResizeCurrentPluginDataMemory
GetDup2MainDialogHandle
AddToolTip
d2k2_GetFilePath
d2k2_FileNameOfPath
LoadWindowPosition

kernel32

CloseHandle
CreateFileA
FlushFileBuffers
WriteFile
FindFirstFileA
FindClose

Exports

Exports

DUP2_EditPluginData
DUP2_ModuleDescription
DUP2_PluginInfo

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 942B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 704B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 182B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
plugins/findnextfile.d2p
.dll windows:5 windows x86 arch:x86

2a24ce4d8bd82915e89691fb6ee19f96

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

FindFirstFileA
FindNextFileA
GetCurrentDirectoryA
SetEnvironmentVariableA
FindClose
lstrcatA
lstrcpyA
lstrlenA
VirtualAlloc
ExpandEnvironmentStringsA
CloseHandle
CreateFileA
FlushFileBuffers
WriteFile

dup2patcher

AddMsg

Exports

Exports

PLUGIN_Action

Sections

.text
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 588B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 36B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 72B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
plugins/findnextfile.dll
.dll windows:5 windows x86 arch:x86

1d8f1f92a7f4815a04e8da8938755251

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

user32

SetDlgItemTextA
SendMessageA
MessageBoxA
IsDlgButtonChecked
GetDlgItemTextA
EndDialog
DialogBoxParamA
CheckDlgButton
wsprintfA

kernel32

FindFirstFileA
CloseHandle
lstrlenA
CreateFileA
WriteFile
FlushFileBuffers
FindClose

dup2.exe

ResizeCurrentPluginDataMemory
StartChooseHideMethod
GetDup2MainDialogHandle
SaveWindowPosition
LoadWindowPosition
AddToolTip
EndChooseHideMethod

Exports

Exports

DUP2_EditPluginData
DUP2_ModuleDescription
DUP2_PluginInfo

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 898B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 752B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 158B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
plugins/log_message.d2p
.dll windows:5 windows x86 arch:x86

dcb313090d212a6e0b98124b1f470791

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CloseHandle
CreateFileA
FlushFileBuffers
WriteFile
ExpandEnvironmentStringsA

dup2patcher

AddMsg

Exports

Exports

PLUGIN_Action

Sections

.text
Size: 512B - Virtual size: 232B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 347B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 44B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
plugins/log_message.dll
.dll windows:5 windows x86 arch:x86

984128b554a7cedc7b60abd02e55c1f7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

user32

SetDlgItemTextA
SendMessageA
MessageBoxA
IsDlgButtonChecked
GetDlgItemTextA
EndDialog
DialogBoxParamA
CheckDlgButton

dup2.exe

StartChooseHideMethod
EndChooseHideMethod
ResizeCurrentPluginDataMemory
GetDup2MainDialogHandle
LoadWindowPosition
SaveWindowPosition

kernel32

CloseHandle
CreateFileA
FlushFileBuffers
WriteFile
FindFirstFileA
FindClose

Exports

Exports

DUP2_EditPluginData
DUP2_ModuleDescription
DUP2_PluginInfo

Sections

.text
Size: 1024B - Virtual size: 774B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 833B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 832B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 472B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 120B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
plugins/move_file.d2p
.dll windows:5 windows x86 arch:x86

783adea1f2ff92ae5d45c53bc47120cb

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

MoveFileExA
ExpandEnvironmentStringsA
CloseHandle
CreateFileA
FlushFileBuffers
WriteFile

dup2patcher

AddMsg

Exports

Exports

PLUGIN_Action

Sections

.text
Size: 512B - Virtual size: 336B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 377B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 68B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 52B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
plugins/move_file.dll
.dll windows:5 windows x86 arch:x86

984128b554a7cedc7b60abd02e55c1f7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

user32

SetDlgItemTextA
SendMessageA
MessageBoxA
IsDlgButtonChecked
GetDlgItemTextA
EndDialog
DialogBoxParamA
CheckDlgButton

dup2.exe

StartChooseHideMethod
EndChooseHideMethod
ResizeCurrentPluginDataMemory
GetDup2MainDialogHandle
LoadWindowPosition
SaveWindowPosition

kernel32

CloseHandle
CreateFileA
FlushFileBuffers
WriteFile
FindFirstFileA
FindClose

Exports

Exports

DUP2_EditPluginData
DUP2_ModuleDescription
DUP2_PluginInfo

Sections

.text
Size: 1024B - Virtual size: 822B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 831B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 832B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 592B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 122B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
plugins/plugin_example.d2p
.dll windows:5 windows x86 arch:x86

f0f70c3637d0028211015f80e8216d50

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrcatA
CopyFileA
GetTempPathA
GetFileAttributesA
CloseHandle
CreateFileA
FlushFileBuffers
WriteFile

dup2patcher

AddMsg

Exports

Exports

PLUGIN_Action

Sections

.text
Size: 512B - Virtual size: 376B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 414B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 116B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 60B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
plugins/plugin_example.dll
.dll windows:5 windows x86 arch:x86

7b376d138945621c0cdf8988d407fbf5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

user32

SetDlgItemTextA
SendMessageA
IsDlgButtonChecked
GetDlgItemTextA
EndDialog
DialogBoxParamA
CheckDlgButton

dup2.exe

SaveWindowPosition
d2k2_GetFilePath
AddToolTip
LoadWindowPosition
EndChooseHideMethod
StartChooseHideMethod
ResizeCurrentPluginDataMemory
GetDup2MainDialogHandle
d2k2_FileNameOfPath

kernel32

CloseHandle
CreateFileA
FlushFileBuffers
WriteFile
FindFirstFileA
FindClose

Exports

Exports

DUP2_EditPluginData
DUP2_ModuleDescription
DUP2_PluginInfo

Sections

.text
Size: 1024B - Virtual size: 824B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 900B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 896B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 560B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 128B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
projects/!ReadMe!.txt
projects/!example_console_patch.dUP2
projects/!example_filetime_plugin.dUP2
projects/!example_findnextfile_plugin.dUP2
projects/!example_loader.dUP2
projects/!example_project.dUP2
projects/!example_script.dUP2
readme.txt
skins/!ReadME!.txt
skins/black_colorsheme.ini
skins/blue_colorsheme.ini
skins/plastic/Plastic.res
skins/plastic/Plastic.rgn
skins/plastic/colorscheme.ini
skins/standard_skin.res
skins/vistaskin/ACKNOWLEDGE -BRK-.FON
skins/vistaskin/VistaSkin.ini
skins/vistaskin/VistaSkin.res
skins/vistaskin/VistaSkin.rgn
R4ndom_tutorial_19.pdf
.pdf
- http://RSSWordPress.org
- http://thelegendofrandom.com/blog
- http://thelegendofrandom.com/blog/archives/1875
- http://thelegendofrandom.com/blog/archives/1875[8/27/2012
- http://thelegendofrandom.com/blog/archives/author/random
- http://thelegendofrandom.com/blog/archives/category/beginner
- http://thelegendofrandom.com/blog/archives/category/reverse-engineering
- http://thelegendofrandom.com/blog/archives/category/tutorials
- http://thelegendofrandom.com/blog/challenges
- http://thelegendofrandom.com/blog/contact-2
- http://thelegendofrandom.com/blog/sample-page
- http://thelegendofrandom.com/blog/tools
- http://thelegendofrandom.com/blog/wp-content/uploads/2012/08/105.png
- http://thelegendofrandom.com/blog/wp-content/uploads/2012/08/1110.png
- http://thelegendofrandom.com/blog/wp-content/uploads/2012/08/1210.png
- http://thelegendofrandom.com/blog/wp-content/uploads/2012/08/1310.png
- http://thelegendofrandom.com/blog/wp-content/uploads/2012/08/1410.png
- http://thelegendofrandom.com/blog/wp-content/uploads/2012/08/153.png
- http://thelegendofrandom.com/blog/wp-content/uploads/2012/08/154.png
- http://thelegendofrandom.com/blog/wp-content/uploads/2012/08/155.png
- http://thelegendofrandom.com/blog/wp-content/uploads/2012/08/163.png
- http://thelegendofrandom.com/blog/wp-content/uploads/2012/08/173.png
- http://thelegendofrandom.com/blog/wp-content/uploads/2012/08/182.png
- http://thelegendofrandom.com/blog/wp-content/uploads/2012/08/192.png
- http://thelegendofrandom.com/blog/wp-content/uploads/2012/08/218.png
- http://thelegendofrandom.com/blog/wp-content/uploads/2012/08/219.png
- http://thelegendofrandom.com/blog/wp-content/uploads/2012/08/220.png
- http://thelegendofrandom.com/blog/wp-content/uploads/2012/08/222.png
- http://thelegendofrandom.com/blog/wp-content/uploads/2012/08/231.png
- http://thelegendofrandom.com/blog/wp-content/uploads/2012/08/241.png
- http://thelegendofrandom.com/blog/wp-content/uploads/2012/08/251.png
- http://thelegendofrandom.com/blog/wp-content/uploads/2012/08/261.png
- http://thelegendofrandom.com/blog/wp-content/uploads/2012/08/271.png
- http://thelegendofrandom.com/blog/wp-content/uploads/2012/08/281.png
- http://thelegendofrandom.com/blog/wp-content/uploads/2012/08/30.png
- http://thelegendofrandom.com/blog/wp-content/uploads/2012/08/315.png
- http://thelegendofrandom.com/blog/wp-content/uploads/2012/08/316.png
- http://thelegendofrandom.com/blog/wp-content/uploads/2012/08/321.png
- http://thelegendofrandom.com/blog/wp-content/uploads/2012/08/331.png
- http://thelegendofrandom.com/blog/wp-content/uploads/2012/08/341.png
- http://thelegendofrandom.com/blog/wp-content/uploads/2012/08/351.png
- http://thelegendofrandom.com/blog/wp-content/uploads/2012/08/410.png
- http://thelegendofrandom.com/blog/wp-content/uploads/2012/08/59.png
- http://thelegendofrandom.com/blog/wp-content/uploads/2012/08/68.png
- http://thelegendofrandom.com/blog/wp-content/uploads/2012/08/76.png
- http://thelegendofrandom.com/blog/wp-content/uploads/2012/08/86.png
- http://thelegendofrandom.com/blog/wp-content/uploads/2012/08/97.png
- http://www.TheLegendOfRandom.com
- http://www.thelegendofrandom.com/forum/
- Show all

Sharing

General

Malware Config

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

CODE Size: 36KB - Virtual size: 36KB

DATA Size: 1024B - Virtual size: 588B

BSS Size: - Virtual size: 3KB

.idata Size: 2KB - Virtual size: 2KB

.tls Size: - Virtual size: 8B

.rdata Size: 512B - Virtual size: 24B

.reloc Size: - Virtual size: 2KB

.rsrc Size: 10KB - Virtual size: 10KB

dc73a9bd8de0fd640549c85ac4089b87

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

Sections

.text Size: 512B - Virtual size: 502B

.rdata Size: 512B - Virtual size: 472B

.data Size: 512B - Virtual size: 52B

.rsrc Size: 1.1MB - Virtual size: 1.1MB

.reloc Size: 512B - Virtual size: 82B

7b4b46f6f0c0d1258ca5336af07ecd52

Headers

File Characteristics

Imports

user32

kernel32

gdi32

winmm

Sections

.text Size: 13KB - Virtual size: 13KB

.rdata Size: 1KB - Virtual size: 1KB

.data Size: 1024B - Virtual size: 29KB

.rsrc Size: 334KB - Virtual size: 334KB

Headers

File Characteristics

Exports

Exports

Sections

UPX0 Size: - Virtual size: 32KB

UPX1 Size: 14KB - Virtual size: 16KB

.rsrc Size: 3KB - Virtual size: 4KB

Headers

File Characteristics

Sections

.text Size: 27KB - Virtual size: 26KB

.rsrc Size: 6KB - Virtual size: 6KB

.reloc Size: 1KB - Virtual size: 1KB

8cbe474b22125fb1db558aa74cc5bc46

Headers

File Characteristics

Imports

kernel32

Exports

Exports

Sections

.text Size: 224KB - Virtual size: 223KB

.rdata Size: 7KB - Virtual size: 7KB

.data Size: 9KB - Virtual size: 9KB

.reloc Size: 9KB - Virtual size: 8KB

4379e7d6decaf8cb79188e5eadeb9b87

Code Sign

7f:08:a2:94:bf:0f:cc:76:b7:9d:a0:7b:74:6d:bc:60Certificate

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

1e:55:2b:56:a9:5e:ec:e4:96:54:6a:d9:8e:9a:56:f1:65:31:2c:a7Signer

Headers

DLL Characteristics

CODE
Size: 36KB - Virtual size: 36KB

DATA
Size: 1024B - Virtual size: 588B

BSS
Size: - Virtual size: 3KB

.idata
Size: 2KB - Virtual size: 2KB

.tls
Size: - Virtual size: 8B

.rdata
Size: 512B - Virtual size: 24B

.reloc
Size: - Virtual size: 2KB

.rsrc
Size: 10KB - Virtual size: 10KB

.text
Size: 512B - Virtual size: 502B

.rdata
Size: 512B - Virtual size: 472B

.data
Size: 512B - Virtual size: 52B

.rsrc
Size: 1.1MB - Virtual size: 1.1MB

.reloc
Size: 512B - Virtual size: 82B

.text
Size: 13KB - Virtual size: 13KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: 1024B - Virtual size: 29KB

.rsrc
Size: 334KB - Virtual size: 334KB

UPX0
Size: - Virtual size: 32KB

UPX1
Size: 14KB - Virtual size: 16KB

.rsrc
Size: 3KB - Virtual size: 4KB

.text
Size: 27KB - Virtual size: 26KB

.rsrc
Size: 6KB - Virtual size: 6KB

.reloc
Size: 1KB - Virtual size: 1KB

.text
Size: 224KB - Virtual size: 223KB

.rdata
Size: 7KB - Virtual size: 7KB

.data
Size: 9KB - Virtual size: 9KB

.reloc
Size: 9KB - Virtual size: 8KB

7f:08:a2:94:bf:0f:cc:76:b7:9d:a0:7b:74:6d:bc:60
Certificate

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

1e:55:2b:56:a9:5e:ec:e4:96:54:6a:d9:8e:9a:56:f1:65:31:2c:a7
Signer

.text
Size: 118KB - Virtual size: 117KB

.rdata
Size: 5KB - Virtual size: 5KB

.data
Size: 259KB - Virtual size: 811KB

.rsrc
Size: 128KB - Virtual size: 127KB

.reloc
Size: 11KB - Virtual size: 11KB

7f:08:a2:94:bf:0f:cc:76:b7:9d:a0:7b:74:6d:bc:60
Certificate

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

ff:99:2d:79:52:d3:55:b1:75:80:7c:5a:49:ab:80:bf:5e:ff:e1:4e
Signer

.text
Size: 512B - Virtual size: 22B

.rdata
Size: 512B - Virtual size: 80B

.rsrc
Size: 43KB - Virtual size: 42KB

.text
Size: 208KB - Virtual size: 207KB

.rdata
Size: 68KB - Virtual size: 64KB

.data
Size: 4KB - Virtual size: 3KB

.reloc
Size: 8KB - Virtual size: 4KB

.text
Size: 25KB - Virtual size: 25KB

.rdata
Size: 7KB - Virtual size: 7KB

.data
Size: 3KB - Virtual size: 6KB

.reloc
Size: 3KB - Virtual size: 3KB