44545348f30dfac7c1f8fbc83f049f26_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

44545348f30dfac7c1f8fbc83f049f26_JaffaCakes118
Size

6.9MB
MD5

44545348f30dfac7c1f8fbc83f049f26
SHA1

64e64ec44853c63a9ee3436378248ee12aca7054
SHA256

a9874589cfdd429bd810e2455f35d0963754dc1969212c6eac750b1a6da22e16
SHA512

f478c826810a312039188b3e2dababaf777d130753d0d9bdacfd37cf7ad375afb9918245f5634e18fef0b4b8da44af972c74faa076f6a81920c899e519ab97fa
SSDEEP

196608:CE/3e7POe4+2WY+x6n12algYl0u4OWj6alv7QFpG7GHBi:GGDG6vOIw6alvUFo7b

Score

5^/10

upx

Malware Config

Signatures

AutoIT Executable 4 IoCs

AutoIT scripts compiled to PE executables.

resource	yara_rule
static1/unpack001/Freedom TestInstallation.exe	autoit_exe
static1/unpack001/LicenseServer.exe	autoit_exe
static1/unpack001/PreparingHost.exe	autoit_exe
static1/unpack002/out.upx	autoit_exe

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/Resources/PleaseWait.exe	upx

Unsigned PE 19 IoCs

Checks for missing Authenticode signature.

resource
unpack001/$PLUGINSDIR/AnimGif.dll
unpack001/$PLUGINSDIR/GetVersion.dll
unpack001/$PLUGINSDIR/InstallOptions.dll
unpack001/$PLUGINSDIR/Marquee.dll
unpack001/$PLUGINSDIR/NSIS_SkinCrafter_Plugin.dll
unpack001/$PLUGINSDIR/NSISdl.dll
unpack001/$PLUGINSDIR/Processes.dll
unpack001/$PLUGINSDIR/System.dll
unpack001/$PLUGINSDIR/newadvsplash.dll
unpack001/$PLUGINSDIR/nsSCM.dll
unpack001/$SYSDIR/$SYSDIR/DesktraVXLib.dll
unpack001/$SYSDIR/DesktraVX.exe
unpack001/$SYSDIR/DesktraVXLib.dll
unpack001/$SYSDIR/DesktraVXLicense.exe
unpack001/Freedom TestInstallation.exe
unpack001/LicenseServer.exe
unpack001/PreparingHost.exe
unpack001/Resources/PleaseWait.exe
unpack002/out.upx

NSIS installer 2 IoCs

installer

resource	yara_rule
sample	nsis_installer_1
sample	nsis_installer_2

Files

44545348f30dfac7c1f8fbc83f049f26_JaffaCakes118
.exe windows:4 windows x86 arch:x86

099c0646ea7282d232219f8807883be0

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

44:be:0c:8b:50:00:24:b4:11:d3:36:2d:e0:b3:5f:1b
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

09/07/1999, 18:31

Not After

09/07/2019, 18:40

Subject

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

cd:8e:8b:c6:79:9b:6d:e5:2d:16:5a:1f:53:12:2c:83
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

25/04/2007, 00:00

Not After

24/04/2009, 23:59

Subject

CN=NetLeverage Pty. LTD.,O=NetLeverage Pty. LTD.,POSTALCODE=1430,STREET=Garden Street\,+STREET=17 IBC\, Australian Technology Park\,,L=Eveleigh,ST=NSW,C=AU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

ff:29:6d:28:78:87:16:4d:bd:d0:fb:df:bc:31:34:14:1e:cb:fa:d8
Signer

Actual PE Digest

ff:29:6d:28:78:87:16:4d:bd:d0:fb:df:bc:31:34:14:1e:cb:fa:d8

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetTickCount
CreateFileA
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
SetFileTime
GetTempPathA
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
GetVersion
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
MulDiv
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetWindowsDirectoryA

user32

EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
RegisterClassA
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
DestroyWindow
CreateDialogParamA
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
OpenClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ShowWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 52KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 159KB - Virtual size: 159KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/AnimGif.dll
.dll windows:4 windows x86 arch:x86

6547d8bc6a3af52f06d7821153e62201

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GetFileSize
CreateFileA
ReadFile
ResetEvent
SetEvent
lstrcmpiA
CreateThread
ResumeThread
GlobalLock
GlobalUnlock
MulDiv
CloseHandle
CreateEventA
lstrcpyA
GlobalFree
WaitForSingleObject

user32

CopyRect
ValidateRect
FillRect
InvalidateRect
SetRect
GetSysColor
FindWindowExA
IsWindowVisible
GetClientRect
GetDC
ReleaseDC
IsWindow
GetWindowLongA
SetWindowLongA
RedrawWindow
CallWindowProcA

gdi32

GetDeviceCaps
CreateSolidBrush
StretchBlt
CreateCompatibleDC
CreateCompatibleBitmap
SelectObject
DeleteDC
DeleteObject
GetPixel
BitBlt

msvcrt

strtoul
strchr
??3@YAXPAX@Z
??2@YAPAXI@Z
__CxxFrameHandler

ole32

CreateStreamOnHGlobal

oleaut32

OleLoadPicture

Exports

Exports

play
stop

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 136B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 520B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/Desktra VXSplash.gif
.gif
$PLUGINSDIR/GetVersion.dll
.dll windows:4 windows x86 arch:x86

0125039a427c6f95b3acc9227413ece5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetModuleHandleA
lstrcatA
lstrcmpiA
GetVersionExA
GlobalAlloc
GetSystemInfo
GetProcAddress
lstrcpynA

user32

GetSystemMetrics
wsprintfA

advapi32

RegQueryValueExA
RegOpenKeyExA
RegCloseKey

Exports

Exports

WindowsName
WindowsPlatformArchitecture
WindowsPlatformId
WindowsServerName
WindowsServicePack
WindowsServicePackBuild
WindowsType
WindowsVersion

Sections

.text
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 290B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/InstallOptions.dll
.dll windows:4 windows x86 arch:x86

b1cd0d78f652ce5fc63f0879371af012

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetCurrentDirectoryA
GetCurrentDirectoryA
MultiByteToWideChar
GetPrivateProfileIntA
GlobalLock
GetModuleHandleA
lstrcmpiA
GetPrivateProfileStringA
lstrcatA
lstrcpynA
WritePrivateProfileStringA
lstrlenA
lstrcpyA
GlobalFree
GlobalUnlock
GlobalAlloc

user32

MapWindowPoints
GetDlgCtrlID
CloseClipboard
GetClipboardData
OpenClipboard
PtInRect
SetWindowRgn
LoadIconA
LoadImageA
SetWindowLongA
CreateWindowExA
MapDialogRect
SetWindowPos
GetWindowRect
CreateDialogParamA
ShowWindow
EnableMenuItem
GetSystemMenu
EnableWindow
GetDlgItem
DestroyIcon
DestroyWindow
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
LoadCursorA
SetCursor
DrawTextA
GetWindowLongA
DrawFocusRect
CallWindowProcA
PostMessageA
MessageBoxA
CharNextA
wsprintfA
GetWindowTextA
SetWindowTextA
SendMessageA
GetClientRect

gdi32

SetTextColor
CreateCompatibleDC
GetObjectA
GetDIBits
CreateRectRgn
CombineRgn
DeleteObject
SelectObject

shell32

SHBrowseForFolderA
SHGetDesktopFolder
SHGetPathFromIDListA
ShellExecuteA

comdlg32

GetOpenFileNameA
GetSaveFileNameA
CommDlgExtendedError

ole32

CoTaskMemFree

Exports

Exports

dialog
initDialog
show

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1012B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/Marquee.dll
.dll windows:4 windows x86 arch:x86

92ab985aa8de0e55dc16648abbc2c871

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
lstrcmpiA
GlobalFree
lstrcpyA
CreateThread
WaitForSingleObject
TerminateThread
CloseHandle
lstrlenA
Sleep

user32

FindWindowExA
SetRect
IsWindow
GetDC
ReleaseDC
RedrawWindow
GetClientRect

gdi32

SetTextColor
SelectObject
ExtTextOutA
FillRgn
DeleteObject
CombineRgn
CreateRectRgn
CreateSolidBrush
GetTextColor
GetPixel
CreateFontA
GetTextExtentPoint32A
SetBkColor

Exports

Exports

start
stop

Sections

.text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 899B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 344B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 546B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/NSIS_SkinCrafter_Plugin.dll
.dll windows:4 windows x86 arch:x86

126c9a9722a8a932a5bd1e79ebda7171

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetModuleFileNameA
SizeofResource
LockResource
LoadResource
FindResourceA
GlobalFree
lstrcpyA
MultiByteToWideChar
FreeLibrary
GetProcAddress
LoadLibraryA
GetSystemDirectoryA
InterlockedDecrement
InterlockedIncrement
InterlockedExchange
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
HeapFree
RtlUnwind
RaiseException
ExitProcess
GetLastError
GetFileAttributesA
GetCurrentThreadId
GetCommandLineA
GetVersionExA
LCMapStringA
WideCharToMultiByte
LCMapStringW
GetCPInfo
HeapAlloc
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
IsBadWritePtr
TlsAlloc
SetLastError
TlsFree
TlsSetValue
TlsGetValue
GetModuleHandleA
SetUnhandledExceptionFilter
WriteFile
FlushFileBuffers
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
SetFilePointer
CloseHandle
TerminateProcess
GetCurrentProcess
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
UnhandledExceptionFilter
GetLocaleInfoA
VirtualProtect
GetSystemInfo
VirtualQuery
GetStringTypeA
GetStringTypeW
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
IsValidCodePage
HeapSize
IsBadReadPtr
IsBadCodePtr
GetACP
GetOEMCP
SetStdHandle
ReadFile
GetLocaleInfoW
CreateFileA
SetEndOfFile

Exports

Exports

destroy
skin

Sections

.text
Size: 60KB - Virtual size: 58KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4.0MB - Virtual size: 4.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/NSISdl.dll
.dll windows:4 windows x86 arch:x86

9cce555dd3ff1b6c7dc92d64c794c51a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

WaitForSingleObject
lstrcpynA
lstrlenA
lstrcatA
GlobalAlloc
GlobalFree
CloseHandle
GetTickCount
DeleteFileA
Sleep
WriteFile
CreateFileA
lstrcmpiA
lstrcpyA
MulDiv
CreateThread

user32

CharPrevA
SetWindowLongA
RegisterWindowMessageA
CallWindowProcA
DestroyWindow
EnableWindow
GetWindowLongA
CreateWindowExA
GetWindowRect
GetClientRect
ShowWindow
IsWindowVisible
GetFocus
GetDlgItem
FindWindowExA
SetWindowTextA
SendMessageA
wsprintfA
SetDlgItemTextA

advapi32

RegQueryValueExA
RegOpenKeyExA
RegCloseKey

ws2_32

gethostbyname
inet_addr
ioctlsocket
htons
socket
closesocket
shutdown
connect
__WSAFDIsSet
select
recv
WSAGetLastError
send
WSACleanup
WSAStartup

Exports

Exports

download
download_quiet

Sections

.text
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 812B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/Processes.dll
.dll windows:4 windows x86 arch:x86

f5edecae12589e705677a6e272ad0394

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LoadLibraryA
GetProcAddress
FreeLibrary
OpenProcess
CloseHandle
TerminateProcess
GlobalFree
lstrcpyA
GetCommandLineA
GetVersionExA
ExitProcess
GetModuleHandleA
GetCurrentProcess
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
HeapDestroy
HeapCreate
VirtualFree
HeapFree
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetLastError
GetEnvironmentStringsW
UnhandledExceptionFilter
DisableThreadLibraryCalls
WriteFile
SetFilePointer
HeapAlloc
GetACP
GetOEMCP
GetCPInfo
VirtualAlloc
HeapReAlloc
RtlUnwind
InterlockedExchange
VirtualQuery
SetStdHandle
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
HeapSize
LCMapStringA
MultiByteToWideChar
LCMapStringW
GetStringTypeA
GetStringTypeW
FlushFileBuffers
GetLocaleInfoA
VirtualProtect
GetSystemInfo

user32

FindWindowA
GetDesktopWindow
wsprintfA
UpdateWindow

Exports

Exports

FindDevice
FindProcess
KillProcess

Sections

.text
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:4 windows x86 arch:x86

4ec328f99bdd944fc98d8a5cf11f7a62

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalFree
GlobalSize
lstrcpyA
lstrcpynA
FreeLibrary
lstrcatA
GetProcAddress
LoadLibraryA
GetModuleHandleA
MultiByteToWideChar
lstrlenA
WideCharToMultiByte
GetLastError
VirtualAlloc
VirtualProtect

user32

wsprintfA

ole32

StringFromGUID2
CLSIDFromString

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 784B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 92B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 496B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/ioSpecial.ini
$PLUGINSDIR/modern-header.bmp
$PLUGINSDIR/modern-wizard.bmp
$PLUGINSDIR/newadvsplash.dll
.dll windows:4 windows x86 arch:x86

eee37c14e102da3f62385f9796c701ce

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

MultiByteToWideChar
GetProcAddress
GetModuleHandleA
CloseHandle
CreateThread
lstrcpynA
lstrlenA
GetCurrentThreadId
Sleep
lstrcpyA
lstrcmpiA
lstrcatA
GlobalAlloc
GlobalFree
WaitForSingleObject

user32

DefWindowProcA
DestroyWindow
IsWindowVisible
UnregisterClassA
EnumDisplaySettingsA
wsprintfA
SetWindowPos
LoadCursorA
BeginPaint
CreateWindowExA
GetMessageA
TranslateMessage
DispatchMessageA
IsWindow
GetClientRect
SetWindowLongA
SetForegroundWindow
AttachThreadInput
GetWindowThreadProcessId
GetForegroundWindow
RegisterClassA
SystemParametersInfoA
SendMessageA
ShowWindow
PostMessageA
SetWindowRgn
EndPaint

gdi32

CombineRgn
GetObjectA
CreateCompatibleDC
SelectObject
GetDIBits
CreateRectRgn
DeleteObject

msvfw32

MCIWndCreateA

winmm

timeSetEvent
PlaySoundA
timeKillEvent

oleaut32

OleLoadPicturePath

msvcrt

_lseek
memset
memcmp
_read
memcpy
_close
_open
strtol

Exports

Exports

hwnd
play
show
stop

Sections

.text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 289B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 634B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/nsSCM.dll
.dll windows:4 windows x86 arch:x86

cae3b41a07819ca715746a4d081b8a6c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

advapi32

CreateServiceA
StartServiceA
OpenServiceA
ControlService
QueryServiceStatus
DeleteService
OpenSCManagerA
CloseServiceHandle

kernel32

GlobalFree
GetLastError
lstrcpyA
lstrcpynA
GlobalAlloc

user32

wsprintfA

Exports

Exports

Install
QueryStatus
Remove
Start
Stop

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 650B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 28B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 284B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$SYSDIR/$SYSDIR/DesktraVXLib.dll
.dll windows:5 windows x86 arch:x86

c635124b80663a71c3738b256b100a55

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

j:\Projects\NetLeverage\ThinPoint\ThinPoint\release\HookLib.pdb

Imports

kernel32

GetModuleHandleW
VirtualFree
ExpandEnvironmentStringsA
WaitNamedPipeW
WriteFile
OpenProcess
LoadLibraryW
Sleep
GetVersionExW
GetFileAttributesW
ReadFile
GetModuleFileNameW
CreateFileW
ExitThread
lstrlenW
FlushFileBuffers
FreeLibraryAndExitThread
GetLastError
VirtualQuery
GetProcAddress
VirtualAlloc
DisableThreadLibraryCalls
VirtualAllocEx
ProcessIdToSessionId
LocalAlloc
SetNamedPipeHandleState
VirtualProtect
CloseHandle
GetCurrentProcessId
LocalFree
WriteProcessMemory
ResumeThread
CreateThread
ExpandEnvironmentStringsW
SetThreadContext
GetFileSize
SetLastError
GetThreadContext
HeapSize
GetProcessHeap
SetEndOfFile
LoadLibraryA
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCommandLineA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
LCMapStringA
WideCharToMultiByte
MultiByteToWideChar
LCMapStringW
EnterCriticalSection
LeaveCriticalSection
RtlUnwind
GetConsoleCP
GetConsoleMode
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
SetFilePointer
HeapFree
ExitProcess
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapCreate
HeapDestroy
QueryPerformanceCounter
GetTickCount
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
HeapAlloc
CreateFileA
InitializeCriticalSectionAndSpinCount
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
HeapReAlloc

user32

wsprintfW

advapi32

RegOpenKeyExW
RegQueryValueExW
RegCloseKey

wtsapi32

WTSFreeMemory
WTSQuerySessionInformationW
WTSSendMessageW
WTSDisconnectSession
WTSLogoffSession

Exports

Exports

HookExistingProcess
HookProcess
InitDll
UnhookProcess
UnhookThisProcess
WLEventHandler

Sections

.text
Size: 57KB - Virtual size: 57KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$SYSDIR/DesktraVX.exe
.exe windows:5 windows x86 arch:x86

3364aa739e1baac75beace62678fcc26

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

j:\Projects\NetLeverage\ThinPoint\ThinPoint\release\Service.pdb

Imports

kernel32

GetProcAddress
Process32FirstW
ProcessIdToSessionId
LocalAlloc
CreateEventW
Module32FirstW
Process32NextW
CreateToolhelp32Snapshot
GetLastError
CloseHandle
GetCurrentProcessId
LocalFree
CreateThread
ExpandEnvironmentStringsW
FlushFileBuffers
DisconnectNamedPipe
CreateFileW
ReadFile
GetFileAttributesW
GetVersionExW
Sleep
LoadLibraryW
WriteFile
ExpandEnvironmentStringsA
CreateNamedPipeW
ConnectNamedPipe
SetEvent
WaitForSingleObject
GetCurrentProcess
Module32NextW
GetFileSize
HeapSize
GetProcessHeap
SetEndOfFile
LoadLibraryA
HeapReAlloc
VirtualAlloc
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
InitializeCriticalSectionAndSpinCount
CreateFileA
HeapAlloc
WideCharToMultiByte
GetCommandLineA
GetStartupInfoA
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
GetModuleHandleW
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetCurrentThreadId
LCMapStringA
MultiByteToWideChar
LCMapStringW
EnterCriticalSection
LeaveCriticalSection
RtlUnwind
GetConsoleCP
GetConsoleMode
SetHandleCount
GetStdHandle
GetFileType
DeleteCriticalSection
SetFilePointer
HeapFree
ExitProcess
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapCreate
VirtualFree
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
GetStringTypeA
GetStringTypeW
GetLocaleInfoA

user32

wsprintfW

advapi32

RegCloseKey
AdjustTokenPrivileges
RegOpenKeyExW
FreeSid
SetEntriesInAclW
SetServiceStatus
AllocateAndInitializeSid
LookupPrivilegeValueW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegQueryValueExW
RegCreateKeyExW
RegisterServiceCtrlHandlerExW
StartServiceCtrlDispatcherW
OpenProcessToken
RegSetValueExW

ws2_32

send
closesocket
socket
recv
ioctlsocket
connect
WSAStartup
inet_addr
WSAGetLastError
htons
shutdown
WSACleanup

wtsapi32

WTSFreeMemory
WTSEnumerateSessionsW
WTSSendMessageW
WTSDisconnectSession
WTSLogoffSession
WTSQuerySessionInformationW

Sections

.text
Size: 55KB - Virtual size: 55KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$SYSDIR/DesktraVXLib.dll
.dll windows:5 windows x86 arch:x86

c635124b80663a71c3738b256b100a55

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

j:\Projects\NetLeverage\ThinPoint\ThinPoint\release\HookLib.pdb

Imports

kernel32

GetModuleHandleW
VirtualFree
ExpandEnvironmentStringsA
WaitNamedPipeW
WriteFile
OpenProcess
LoadLibraryW
Sleep
GetVersionExW
GetFileAttributesW
ReadFile
GetModuleFileNameW
CreateFileW
ExitThread
lstrlenW
FlushFileBuffers
FreeLibraryAndExitThread
GetLastError
VirtualQuery
GetProcAddress
VirtualAlloc
DisableThreadLibraryCalls
VirtualAllocEx
ProcessIdToSessionId
LocalAlloc
SetNamedPipeHandleState
VirtualProtect
CloseHandle
GetCurrentProcessId
LocalFree
WriteProcessMemory
ResumeThread
CreateThread
ExpandEnvironmentStringsW
SetThreadContext
GetFileSize
SetLastError
GetThreadContext
HeapSize
GetProcessHeap
SetEndOfFile
LoadLibraryA
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCommandLineA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
LCMapStringA
WideCharToMultiByte
MultiByteToWideChar
LCMapStringW
EnterCriticalSection
LeaveCriticalSection
RtlUnwind
GetConsoleCP
GetConsoleMode
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
SetFilePointer
HeapFree
ExitProcess
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapCreate
HeapDestroy
QueryPerformanceCounter
GetTickCount
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
HeapAlloc
CreateFileA
InitializeCriticalSectionAndSpinCount
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
HeapReAlloc

user32

wsprintfW

advapi32

RegOpenKeyExW
RegQueryValueExW
RegCloseKey

wtsapi32

WTSFreeMemory
WTSQuerySessionInformationW
WTSSendMessageW
WTSDisconnectSession
WTSLogoffSession

Exports

Exports

HookExistingProcess
HookProcess
InitDll
UnhookProcess
UnhookThisProcess
WLEventHandler

Sections

.text
Size: 57KB - Virtual size: 57KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$SYSDIR/DesktraVXLicense.exe
.exe windows:5 windows x86 arch:x86

508de3803d6fa3bb5fc8237dd446c90e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

j:\Projects\NetLeverage\ThinPoint\ThinPoint\release\LicensingService.pdb

Imports

kernel32

ExpandEnvironmentStringsW
CreateThread
LocalFree
GlobalUnlock
GlobalLock
GlobalFree
GetModuleHandleA
GlobalAlloc
GetSystemDirectoryA
FreeLibrary
GetProcAddress
LoadLibraryA
GetLastError
DeleteFileA
GetWindowsDirectoryA
CreateFileA
SetFilePointer
GetVersionExA
FlushFileBuffers
GetFileAttributesA
GetDiskFreeSpaceA
GetCurrentProcess
GetCurrentDirectoryA
GetDriveTypeA
SetFileAttributesA
FileTimeToSystemTime
GetFileTime
SetFileTime
SystemTimeToFileTime
GetLocalTime
GlobalReAlloc
GetFileInformationByHandle
GetVolumeInformationA
CreateProcessA
GetOverlappedResult
DeviceIoControl
CreateEventA
MultiByteToWideChar
CloseHandle
GetComputerNameA
SetLastError
GetCurrentThread
GetSystemInfo
WideCharToMultiByte
GetSystemTimeAsFileTime
GetCommandLineA
GetStartupInfoA
HeapFree
HeapAlloc
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlUnwind
GetModuleHandleW
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
GetCurrentThreadId
InterlockedDecrement
GetConsoleCP
GetConsoleMode
SetHandleCount
GetStdHandle
GetFileType
DeleteCriticalSection
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
ExitProcess
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapCreate
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
LCMapStringA
LCMapStringW
VirtualAlloc
HeapReAlloc
InitializeCriticalSectionAndSpinCount
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
SetEndOfFile
GetProcessHeap
HeapSize
LocalAlloc
EnterCriticalSection
CreateFileW
GetModuleFileNameW
ReadFile
GetFileAttributesW
LeaveCriticalSection
Sleep
InitializeCriticalSection
WriteFile
ExpandEnvironmentStringsA
GlobalMemoryStatus
GetFileSize

user32

RegisterClassExA
GetSysColor
DispatchMessageA
TranslateMessage
UpdateWindow
PeekMessageA
FindWindowA
GetWindowTextA
UnregisterClassA
WaitForInputIdle
EnumThreadWindows
MessageBoxA
RegisterClassA
BeginPaint
LoadCursorA
SetCursor
SetWindowTextA
GetDlgItem
ShowWindow
DialogBoxIndirectParamA
GetDlgItemTextA
EndDialog
GetDesktopWindow
GetWindowRect
SetWindowPos
SetDlgItemTextA
MessageBoxW
wsprintfA
SendMessageA
EndPaint
CreateWindowExA
DestroyWindow
InvalidateRect
DefWindowProcA
wsprintfW

advapi32

DeleteService
StartServiceA
OpenServiceA
CreateServiceA
RegQueryValueExA
RegOpenKeyA
FreeSid
AllocateAndInitializeSid
RegSetValueExA
RegCreateKeyA
RegOpenKeyExA
RegSetValueA
OpenSCManagerA
RegEnumValueA
RegQueryInfoKeyA
RegEnumKeyExA
RegCreateKeyExA
GetSidSubAuthority
OpenThreadToken
OpenProcessToken
CreateServiceW
CloseServiceHandle
QueryServiceStatus
OpenSCManagerW
StartServiceCtrlDispatcherW
OpenServiceW
RegisterServiceCtrlHandlerExW
RegQueryValueExW
StartServiceW
SetServiceStatus
RegOpenKeyExW
ControlService
RegCloseKey
GetTokenInformation
LookupAccountNameA
IsValidSid
GetSidIdentifierAuthority
GetSidSubAuthorityCount

ws2_32

closesocket
send
listen
accept
socket
bind
recv
WSACleanup
inet_addr
gethostbyname
connect
ioctlsocket
setsockopt
shutdown
htons
WSAGetLastError
htonl
WSAStartup

gdi32

CreateSolidBrush
SetBkMode
TextOutA

ole32

CoSetProxyBlanket
CoInitializeEx
CoInitializeSecurity
CoUninitialize
CoCreateInstance

oleaut32

SysStringLen
SysFreeString
SysAllocStringLen
SysAllocString

comctl32

InitCommonControlsEx

Sections

.text
Size: 105KB - Virtual size: 104KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$SYSDIR/ld934bngh0dl3490t.sys
$TEMP/vista.skf
Desktra Freedom Server.exe
.exe windows:5 windows x86 arch:x86

89ff808a84c953dd25a3c68f0c92e169

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

44:be:0c:8b:50:00:24:b4:11:d3:36:2d:e0:b3:5f:1b
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

09/07/1999, 18:31

Not After

09/07/2019, 18:40

Subject

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

cd:8e:8b:c6:79:9b:6d:e5:2d:16:5a:1f:53:12:2c:83
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

25/04/2007, 00:00

Not After

24/04/2009, 23:59

Subject

CN=NetLeverage Pty. LTD.,O=NetLeverage Pty. LTD.,POSTALCODE=1430,STREET=Garden Street\,+STREET=17 IBC\, Australian Technology Park\,,L=Eveleigh,ST=NSW,C=AU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

f1:00:af:32:0f:bf:22:22:bb:8e:9a:c8:d6:27:96:d4:5d:fd:42:4c
Signer

Actual PE Digest

f1:00:af:32:0f:bf:22:22:bb:8e:9a:c8:d6:27:96:d4:5d:fd:42:4c

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

LocalAlloc
GetModuleHandleA
LeaveCriticalSection
EnterCriticalSection
GetCurrentDirectoryA
GetShortPathNameA
FindResourceExA
EnumResourceLanguagesA
ResumeThread
WriteProcessMemory
RaiseException
SetFileAttributesA
CreateDirectoryA
GetCurrentThreadId
GetPrivateProfileSectionA
GetStringTypeA
LCMapStringW
LCMapStringA
MultiByteToWideChar
LocalFree
GetProcAddress
InitializeCriticalSection
WideCharToMultiByte
RtlUnwind
GetStringTypeW

user32

SetFocus
AdjustWindowRectEx
DefWindowProcA

advapi32

RegCreateKeyA
RegSetValueA
RegCloseKey

ole32

CoRegisterClassObject
ReadClassStm

Sections

0
Size: 121KB - Virtual size: 209KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

1
Size: 19KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

2
Size: 3KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

3
Size: 64KB - Virtual size: 63KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

4
Size: - Virtual size: 34KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

5
Size: 44KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

6
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

7
Size: 7KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Freedom Helpsite/Scripts/AC_RunActiveContent.js
.js
Freedom Helpsite/blank.gif
.gif
Freedom Helpsite/download_button.jpg
.jpg
Freedom Helpsite/iepngfix.htc
.js
Freedom Helpsite/images/Desktra_VX icon.png
.png
Freedom Helpsite/images/Desktra_logo_footer.jpg
.jpg
Freedom Helpsite/images/Header2.jpg
.jpg
Freedom Helpsite/images/Network 1 Progress.png
.png
Freedom Helpsite/images/Network 1 Search.png
.png
Freedom Helpsite/images/Network 1 Security.png
.png
Freedom Helpsite/images/TUCWS.png
.png
Freedom Helpsite/images/Thumbs.db
Freedom Helpsite/images/WMarket.png
.png
Freedom Helpsite/images/arrow.png
.png
Freedom Helpsite/images/blank.gif
.gif
Freedom Helpsite/images/bluepanel_bottom.jpg
.jpg
Freedom Helpsite/images/bluepanel_middle.jpg
.jpg
Freedom Helpsite/images/bluepanel_top.jpg
.jpg
Freedom Helpsite/images/btn_middle.jpg
.jpg
Freedom Helpsite/images/downloads.png
.png
Freedom Helpsite/images/find_64x64.png
.png
Freedom Helpsite/images/hdrImage3.jpg
.jpg
Freedom Helpsite/images/heading.png
.png
Freedom Helpsite/images/icon.png
.png
Freedom Helpsite/images/left_cap.jpg
.jpg
Freedom Helpsite/images/right_cap.jpg
.jpg
Freedom Helpsite/images/tour_bottomcap.jpg
.jpg
Freedom Helpsite/images/tour_middle.jpg
.jpg
Freedom Helpsite/images/tour_topcap.jpg
.jpg
Freedom Helpsite/index.html
.html
Freedom Helpsite/main.css
Freedom TestInstallation.exe
.exe windows:4 windows x86 arch:x86

f205c9d20045158e8d360310398af2b7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

wsock32

__WSAFDIsSet
recv
send
socket
connect
closesocket
bind
select
accept
htons
sendto
recvfrom
ntohs
WSAGetLastError
ioctlsocket
WSACleanup
inet_addr
gethostbyname
WSAStartup
gethostname
listen

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

winmm

waveOutSetVolume
timeGetTime
mciSendStringA

comctl32

ImageList_EndDrag
ImageList_DragLeave
ImageList_DragMove
ImageList_DragEnter
ImageList_BeginDrag
ImageList_SetDragCursorImage
ImageList_ReplaceIcon
ImageList_Create
InitCommonControlsEx
ImageList_Remove
ImageList_Destroy

mpr

WNetUseConnectionA
WNetGetConnectionA
WNetAddConnection2A
WNetCancelConnection2A

kernel32

SetFilePointer
FindClose
LockResource
SizeofResource
MultiByteToWideChar
EnumResourceNamesA
DeleteFileA
FindNextFileA
lstrcmpiA
MoveFileA
OutputDebugStringA
CopyFileA
GetLastError
CreateDirectoryA
RemoveDirectoryA
TerminateProcess
WaitForSingleObject
SetSystemPowerState
SetFileTime
GetFileAttributesA
FindResourceA
FindFirstFileA
LoadResource
GetLocalTime
WideCharToMultiByte
CompareStringA
InterlockedIncrement
InterlockedDecrement
GetTempPathA
GetTempFileNameA
GetExitCodeProcess
VirtualFree
FormatMessageA
GetDriveTypeA
SetErrorMode
GetDiskFreeSpaceA
GetVolumeInformationA
SetVolumeLabelA
DeviceIoControl
GetPrivateProfileStringA
WritePrivateProfileStringA
GetPrivateProfileSectionA
WritePrivateProfileSectionA
SetFileAttributesA
ReadFile
GetShortPathNameA
FileTimeToLocalFileTime
FileTimeToSystemTime
SystemTimeToFileTime
LocalFileTimeToFileTime
SetProcessWorkingSetSize
GlobalMemoryStatus
Beep
GetFileSize
GetEnvironmentVariableA
SetEnvironmentVariableA
GlobalFree
GlobalLock
GlobalUnlock
GlobalAlloc
GetComputerNameA
GetWindowsDirectoryA
GetSystemDirectoryA
GetCurrentProcessId
CreatePipe
DuplicateHandle
GetStdHandle
CreateProcessA
SetPriorityClass
VirtualAlloc
WriteFile
GetFileType
PeekNamedPipe
SetLastError
LoadLibraryExA
GlobalFindAtomA
GetSystemTimeAsFileTime
EnterCriticalSection
LeaveCriticalSection
ResumeThread
GetCommandLineA
GetProcessHeap
GetStartupInfoA
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
UnhandledExceptionFilter
SetUnhandledExceptionFilter
RaiseException
DeleteCriticalSection
CreateFileA
ReadProcessMemory
WriteProcessMemory
MapViewOfFile
CreateFileMappingA
OpenProcess
UnmapViewOfFile
CloseHandle
QueryPerformanceFrequency
QueryPerformanceCounter
GetModuleHandleA
GetSystemInfo
GetCurrentProcess
GetVersionExA
GetCurrentThreadId
Sleep
GetCurrentDirectoryA
GetModuleFileNameA
GetFullPathNameA
HeapSize
HeapReAlloc
SetCurrentDirectoryA
FreeLibrary
GetProcAddress
LoadLibraryA
InitializeCriticalSection
CreateThread
ExitProcess
HeapAlloc
HeapFree
HeapDestroy
HeapCreate
RtlUnwind
GetConsoleCP
GetConsoleMode
SetHandleCount
SetStdHandle
ExitThread
FlushFileBuffers
LCMapStringA
LCMapStringW
GetTimeZoneInformation
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetTickCount
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetEndOfFile
GetPrivateProfileSectionNamesA
CompareStringW

user32

GetSysColor
GetActiveWindow
InflateRect
CharNextA
wsprintfA
DrawFocusRect
RedrawWindow
DrawTextA
FrameRect
DrawFrameControl
FillRect
DrawMenuBar
PtInRect
DestroyMenu
CreateMenu
SetMenu
SetCursor
GetWindowDC
GetWindowTextLengthA
GetSystemMetrics
IsDialogMessageA
SetClassLongA
ReleaseCapture
SetCapture
SubtractRect
OffsetRect
GetClassWord
GetNextDlgTabItem
GetWindow
IsChild
mouse_event
ExitWindowsEx
SetActiveWindow
FindWindowExA
EnumThreadWindows
LoadImageA
CreateIconFromResourceEx
CreateIcon
CheckMenuRadioItem
GetMenuItemID
GetMenuItemCount
SetMenuItemInfoA
GetMenuItemInfoA
SetMenuDefaultItem
InsertMenuItemA
FlashWindow
TrackPopupMenuEx
GetCursorPos
DeleteMenu
SetForegroundWindow
IsIconic
FindWindowA
SystemParametersInfoA
VkKeyScanA
GetAsyncKeyState
SetKeyboardState
EmptyClipboard
GetKeyState
keybd_event
CharUpperA
LoadStringA
DialogBoxParamA
MessageBeep
EndDialog
SendDlgItemMessageA
GetDlgItem
SetWindowTextA
GetMenu
GetClientRect
CopyRect
EndPaint
BeginPaint
DestroyWindow
EnumWindows
GetDesktopWindow
IsWindow
IsWindowEnabled
IsWindowVisible
EnableWindow
ScreenToClient
InvalidateRect
GetWindowLongA
GetWindowThreadProcessId
AttachThreadInput
SendMessageTimeoutA
GetFocus
GetWindowTextA
EnumChildWindows
CharUpperBuffA
GetClassNameA
GetParent
GetDlgCtrlID
SetWindowLongA
IsZoomed
GetCaretPos
GetSubMenu
GetMenuStringA
IsCharLowerA
IsCharAlphaNumericA
IsCharAlphaA
IsCharUpperA
GetDC
WindowFromPoint
IsMenu
SetClipboardData
SendMessageA
MapVirtualKeyA
PostMessageA
GetWindowRect
CreatePopupMenu
MessageBoxA
RegisterWindowMessageA
SetTimer
DestroyIcon
ShowWindow
CreateWindowExA
RegisterClassExA
LoadIconA
LoadCursorA
GetSysColorBrush
GetForegroundWindow
DefWindowProcA
MoveWindow
SetFocus
PostQuitMessage
KillTimer
LockWindowUpdate
CountClipboardFormats
SetWindowPos
CloseClipboard
CopyImage
GetClipboardData
IsClipboardFormatAvailable
OpenClipboard
AdjustWindowRectEx
SetRect
ClientToScreen
RegisterHotKey
ReleaseDC
GetCursor
CharLowerBuffA
GetMessageA
UnregisterHotKey
DispatchMessageA
TranslateMessage
GetKeyboardState
PeekMessageA
GetKeyboardLayoutNameA

gdi32

LineTo
AngleArc
MoveToEx
Ellipse
PolyDraw
BeginPath
GetObjectA
SetBkMode
RoundRect
SetBkColor
CreatePen
CloseFigure
SetPixel
EndPath
StrokePath
StrokeAndFillPath
ExtCreatePen
PolyBezierTo
SetViewportOrgEx
Rectangle
CreateSolidBrush
SetTextColor
CreateFontA
GetDeviceCaps
GetTextFaceA
GetStockObject
CreateDCA
CreateCompatibleBitmap
GetPixel
DeleteDC
GetDIBits
BitBlt
SelectObject
CreateDIBSection
CreateCompatibleDC
GetTextExtentPoint32A
DeleteObject

comdlg32

GetSaveFileNameA
GetOpenFileNameA

advapi32

RegEnumValueA
RegDeleteValueA
RegDeleteKeyA
RegSetValueExA
RegCreateKeyExA
GetUserNameA
RegConnectRegistryA
RegEnumKeyExA
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
CloseServiceHandle
UnlockServiceDatabase
LockServiceDatabase
OpenSCManagerA
RegCloseKey
RegQueryValueExA
RegOpenKeyExA

shell32

DragQueryPoint
ShellExecuteExA
DragQueryFileA
SHBrowseForFolderA
SHFileOperationA
SHGetPathFromIDListA
SHGetDesktopFolder
SHGetMalloc
ExtractIconExA
Shell_NotifyIconA
ShellExecuteA
DragFinish

ole32

MkParseDisplayName
OleSetContainedObject
OleSetMenuDescriptor
CoCreateInstance
CoInitialize
CoUninitialize
CreateStreamOnHGlobal
IIDFromString
StringFromIID
CLSIDFromString
OleInitialize
CreateBindCtx
CLSIDFromProgID
CoInitializeSecurity
CoCreateInstanceEx
CoSetProxyBlanket
StringFromCLSID
OleUninitialize
CoTaskMemAlloc
CoTaskMemFree

oleaut32

SafeArrayAllocData
SafeArrayAllocDescriptorEx
SysAllocString
GetActiveObject
LoadRegTypeLi
SafeArrayDestroyDescriptor
OleLoadPicture
SafeArrayUnaccessData
SafeArrayAccessData
VarR4FromDec
VariantTimeToSystemTime
VariantInit
VariantClear
VariantCopy
SafeArrayDestroyData

Sections

.text
Size: 399KB - Virtual size: 399KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 46KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 65KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 170KB - Virtual size: 170KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
LicenseServer.exe
.exe windows:4 windows x86 arch:x86

63a0f66333f5db68a287696f18c56a80

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

wsock32

__WSAFDIsSet
recv
send
socket
connect
closesocket
bind
select
accept
htons
sendto
recvfrom
ntohs
WSAGetLastError
ioctlsocket
WSACleanup
inet_addr
gethostbyname
WSAStartup
gethostname
listen

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

winmm

waveOutSetVolume
timeGetTime
mciSendStringA

comctl32

ImageList_DragEnter
ImageList_DragMove
ImageList_EndDrag
ImageList_DragLeave
ImageList_BeginDrag
ImageList_SetDragCursorImage
ImageList_Destroy
ImageList_ReplaceIcon
ImageList_Create
InitCommonControlsEx
ImageList_Remove

mpr

WNetCancelConnection2A
WNetGetConnectionA
WNetAddConnection2A
WNetUseConnectionA

kernel32

OpenProcess
CreateFileMappingA
MapViewOfFile
WriteProcessMemory
ReadProcessMemory
CreateFileA
ReadFile
SetFilePointer
MoveFileA
OutputDebugStringA
CopyFileA
CreateDirectoryA
RemoveDirectoryA
TerminateProcess
SetSystemPowerState
SetFileTime
FindResourceA
GetFileAttributesA
LoadResource
FindFirstFileA
LockResource
FindClose
SizeofResource
MultiByteToWideChar
EnumResourceNamesA
DeleteFileA
FindNextFileA
lstrcmpiA
GetLocalTime
WideCharToMultiByte
CompareStringA
InterlockedIncrement
InterlockedDecrement
DeleteCriticalSection
WriteFile
CreatePipe
GetStdHandle
InterlockedExchange
EnterCriticalSection
TerminateThread
LeaveCriticalSection
GetTempPathA
GetTempFileNameA
VirtualFree
UnmapViewOfFile
GetExitCodeProcess
GetDiskFreeSpaceA
GetVolumeInformationA
SetVolumeLabelA
DeviceIoControl
SetErrorMode
GetPrivateProfileStringA
WritePrivateProfileStringA
GetPrivateProfileSectionA
SetFileAttributesA
WritePrivateProfileSectionA
GetShortPathNameA
GetPrivateProfileSectionNamesA
FileTimeToLocalFileTime
FileTimeToSystemTime
SystemTimeToFileTime
LocalFileTimeToFileTime
GetDriveTypeA
GlobalAlloc
SetProcessWorkingSetSize
GlobalMemoryStatus
Beep
GetEnvironmentVariableA
GetFileSize
SetEnvironmentVariableA
GlobalFree
GlobalLock
GlobalUnlock
GetCurrentProcessId
GetComputerNameA
GetWindowsDirectoryA
GetSystemDirectoryA
CreateProcessA
SetPriorityClass
VirtualAlloc
GetCurrentThread
LoadLibraryExA
QueryPerformanceFrequency
QueryPerformanceCounter
GetModuleHandleA
GetSystemInfo
GetVersionExA
GetCurrentThreadId
Sleep
WaitForSingleObject
CreateThread
DuplicateHandle
GetLastError
HeapAlloc
GetProcessHeap
HeapFree
CloseHandle
ExitProcess
ExitThread
GetSystemTimeAsFileTime
ResumeThread
GetCommandLineA
GetStartupInfoA
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter
RaiseException
GetCurrentProcess
GetModuleFileNameA
GetFullPathNameA
SetCurrentDirectoryA
GetCurrentDirectoryA
FreeLibrary
InitializeCriticalSection
GetProcAddress
LoadLibraryA
HeapCreate
RtlUnwind
GetConsoleCP
GetConsoleMode
SetHandleCount
GetFileType
FlushFileBuffers
SetStdHandle
LCMapStringA
LCMapStringW
GetTimeZoneInformation
HeapSize
HeapReAlloc
HeapDestroy
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetTickCount
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetEndOfFile
FormatMessageA
CompareStringW

user32

GetCaretPos
IsZoomed
SetWindowLongA
FlashWindow
GetMenuStringA
GetSubMenu
SetMenu
DestroyAcceleratorTable
CreateAcceleratorTableA
GetWindowTextLengthA
SetCursor
GetWindowDC
TranslateAcceleratorA
GetSystemMetrics
IsDialogMessageA
CreateMenu
IsDlgButtonChecked
GetSysColor
GetActiveWindow
InflateRect
CharNextA
DrawFocusRect
wsprintfA
DrawTextA
RedrawWindow
FrameRect
DrawFrameControl
FillRect
DrawMenuBar
PtInRect
DestroyMenu
ReleaseCapture
SetCapture
DefDlgProcA
RegisterHotKey
ReleaseDC
GetCursor
GetDC
WindowFromPoint
SetClipboardData
EmptyClipboard
CountClipboardFormats
CharLowerBuffA
GetMessageA
LockWindowUpdate
DispatchMessageA
TranslateMessage
IsCharUpperA
UnregisterHotKey
LoadImageA
CreateIconFromResourceEx
mouse_event
ExitWindowsEx
SetActiveWindow
FindWindowExA
EnumThreadWindows
CheckMenuRadioItem
GetMenuItemID
GetMenuItemCount
SetMenuItemInfoA
GetMenuItemInfoA
SetMenuDefaultItem
InsertMenuItemA
IsMenu
TrackPopupMenuEx
GetCursorPos
DeleteMenu
SystemParametersInfoA
SetForegroundWindow
IsIconic
FindWindowA
GetKeyboardState
GetKeyState
keybd_event
VkKeyScanA
GetKeyboardLayoutNameA
GetAsyncKeyState
SetKeyboardState
CharUpperA
LoadStringA
MessageBeep
EndDialog
SendDlgItemMessageA
GetDlgItem
SetWindowTextA
GetMenu
GetClientRect
CopyRect
EndPaint
BeginPaint
DestroyWindow
GetDesktopWindow
IsWindow
EnumWindows
IsWindowEnabled
IsWindowVisible
IsCharLowerA
IsCharAlphaNumericA
IsCharAlphaA
SetWindowPos
CopyImage
CloseClipboard
GetClipboardData
IsClipboardFormatAvailable
OpenClipboard
AdjustWindowRectEx
SetRect
PeekMessageA
ClientToScreen
EnableWindow
InvalidateRect
GetWindowLongA
GetWindowTextA
ScreenToClient
EnumChildWindows
CharUpperBuffA
GetWindowThreadProcessId
AttachThreadInput
SendMessageTimeoutA
GetFocus
GetClassNameA
GetParent
GetDlgCtrlID
SendMessageA
MapVirtualKeyA
PostMessageA
GetWindowRect
DefWindowProcA
MoveWindow
SetFocus
PostQuitMessage
KillTimer
CreatePopupMenu
MessageBoxA
RegisterWindowMessageA
DestroyIcon
SetTimer
ShowWindow
CreateWindowExA
RegisterClassExA
LoadIconA
LoadCursorA
GetSysColorBrush
GetForegroundWindow
DialogBoxParamA

gdi32

Ellipse
MoveToEx
AngleArc
LineTo
CloseFigure
SetPixel
EndPath
CreateSolidBrush
StrokePath
PolyDraw
DeleteObject
GetTextExtentPoint32A
CreateDCA
BeginPath
Rectangle
SetViewportOrgEx
PolyBezierTo
ExtCreatePen
StrokeAndFillPath
RoundRect
SetBkColor
SetTextColor
GetObjectA
SetBkMode
CreateCompatibleBitmap
GetPixel
DeleteDC
GetDIBits
BitBlt
SelectObject
CreateDIBSection
CreateCompatibleDC
CreateFontA
GetDeviceCaps
GetTextFaceA
GetStockObject
CreatePen

comdlg32

GetSaveFileNameA
GetOpenFileNameA

advapi32

LookupPrivilegeValueA
RegEnumValueA
RegDeleteValueA
RegDeleteKeyA
RegSetValueExA
RegCreateKeyExA
GetUserNameA
RegConnectRegistryA
RegEnumKeyExA
AdjustTokenPrivileges
OpenProcessToken
CloseServiceHandle
UnlockServiceDatabase
LockServiceDatabase
OpenSCManagerA
RegCloseKey
RegQueryValueExA
RegOpenKeyExA

shell32

DragQueryPoint
ShellExecuteExA
DragQueryFileA
SHBrowseForFolderA
SHGetPathFromIDListA
SHGetDesktopFolder
SHGetMalloc
SHFileOperationA
ExtractIconExA
Shell_NotifyIconA
ShellExecuteA
DragFinish

ole32

OleSetContainedObject
OleSetMenuDescriptor
MkParseDisplayName
CoCreateInstance
CoInitialize
CoUninitialize
CreateStreamOnHGlobal
IIDFromString
StringFromIID
CLSIDFromString
OleInitialize
CreateBindCtx
CLSIDFromProgID
CoInitializeSecurity
CoCreateInstanceEx
CoSetProxyBlanket
StringFromCLSID
OleUninitialize
CoTaskMemAlloc
CoTaskMemFree

oleaut32

VariantTimeToSystemTime
VarR8FromDec
SafeArrayAccessData
SafeArrayUnaccessData
VariantClear
SafeArrayDestroyData
SafeArrayDestroyDescriptor
LoadRegTypeLi
GetActiveObject
SysAllocString
VariantCopy
VariantInit
SafeArrayAllocData
OleLoadPicture
SafeArrayAllocDescriptorEx

Sections

.text
Size: 403KB - Virtual size: 402KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 46KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 170KB - Virtual size: 170KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
PreparingHost.exe
.exe windows:4 windows x86 arch:x86

f205c9d20045158e8d360310398af2b7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

wsock32

__WSAFDIsSet
recv
send
socket
connect
closesocket
bind
select
accept
htons
sendto
recvfrom
ntohs
WSAGetLastError
ioctlsocket
WSACleanup
inet_addr
gethostbyname
WSAStartup
gethostname
listen

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

winmm

waveOutSetVolume
timeGetTime
mciSendStringA

comctl32

ImageList_EndDrag
ImageList_DragLeave
ImageList_DragMove
ImageList_DragEnter
ImageList_BeginDrag
ImageList_SetDragCursorImage
ImageList_ReplaceIcon
ImageList_Create
InitCommonControlsEx
ImageList_Remove
ImageList_Destroy

mpr

WNetUseConnectionA
WNetGetConnectionA
WNetAddConnection2A
WNetCancelConnection2A

kernel32

SetFilePointer
FindClose
LockResource
SizeofResource
MultiByteToWideChar
EnumResourceNamesA
DeleteFileA
FindNextFileA
lstrcmpiA
MoveFileA
OutputDebugStringA
CopyFileA
GetLastError
CreateDirectoryA
RemoveDirectoryA
TerminateProcess
WaitForSingleObject
SetSystemPowerState
SetFileTime
GetFileAttributesA
FindResourceA
FindFirstFileA
LoadResource
GetLocalTime
WideCharToMultiByte
CompareStringA
InterlockedIncrement
InterlockedDecrement
GetTempPathA
GetTempFileNameA
GetExitCodeProcess
VirtualFree
FormatMessageA
GetDriveTypeA
SetErrorMode
GetDiskFreeSpaceA
GetVolumeInformationA
SetVolumeLabelA
DeviceIoControl
GetPrivateProfileStringA
WritePrivateProfileStringA
GetPrivateProfileSectionA
WritePrivateProfileSectionA
SetFileAttributesA
ReadFile
GetShortPathNameA
FileTimeToLocalFileTime
FileTimeToSystemTime
SystemTimeToFileTime
LocalFileTimeToFileTime
SetProcessWorkingSetSize
GlobalMemoryStatus
Beep
GetFileSize
GetEnvironmentVariableA
SetEnvironmentVariableA
GlobalFree
GlobalLock
GlobalUnlock
GlobalAlloc
GetComputerNameA
GetWindowsDirectoryA
GetSystemDirectoryA
GetCurrentProcessId
CreatePipe
DuplicateHandle
GetStdHandle
CreateProcessA
SetPriorityClass
VirtualAlloc
WriteFile
GetFileType
PeekNamedPipe
SetLastError
LoadLibraryExA
GlobalFindAtomA
GetSystemTimeAsFileTime
EnterCriticalSection
LeaveCriticalSection
ResumeThread
GetCommandLineA
GetProcessHeap
GetStartupInfoA
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
UnhandledExceptionFilter
SetUnhandledExceptionFilter
RaiseException
DeleteCriticalSection
CreateFileA
ReadProcessMemory
WriteProcessMemory
MapViewOfFile
CreateFileMappingA
OpenProcess
UnmapViewOfFile
CloseHandle
QueryPerformanceFrequency
QueryPerformanceCounter
GetModuleHandleA
GetSystemInfo
GetCurrentProcess
GetVersionExA
GetCurrentThreadId
Sleep
GetCurrentDirectoryA
GetModuleFileNameA
GetFullPathNameA
HeapSize
HeapReAlloc
SetCurrentDirectoryA
FreeLibrary
GetProcAddress
LoadLibraryA
InitializeCriticalSection
CreateThread
ExitProcess
HeapAlloc
HeapFree
HeapDestroy
HeapCreate
RtlUnwind
GetConsoleCP
GetConsoleMode
SetHandleCount
SetStdHandle
ExitThread
FlushFileBuffers
LCMapStringA
LCMapStringW
GetTimeZoneInformation
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetTickCount
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetEndOfFile
GetPrivateProfileSectionNamesA
CompareStringW

user32

GetSysColor
GetActiveWindow
InflateRect
CharNextA
wsprintfA
DrawFocusRect
RedrawWindow
DrawTextA
FrameRect
DrawFrameControl
FillRect
DrawMenuBar
PtInRect
DestroyMenu
CreateMenu
SetMenu
SetCursor
GetWindowDC
GetWindowTextLengthA
GetSystemMetrics
IsDialogMessageA
SetClassLongA
ReleaseCapture
SetCapture
SubtractRect
OffsetRect
GetClassWord
GetNextDlgTabItem
GetWindow
IsChild
mouse_event
ExitWindowsEx
SetActiveWindow
FindWindowExA
EnumThreadWindows
LoadImageA
CreateIconFromResourceEx
CreateIcon
CheckMenuRadioItem
GetMenuItemID
GetMenuItemCount
SetMenuItemInfoA
GetMenuItemInfoA
SetMenuDefaultItem
InsertMenuItemA
FlashWindow
TrackPopupMenuEx
GetCursorPos
DeleteMenu
SetForegroundWindow
IsIconic
FindWindowA
SystemParametersInfoA
VkKeyScanA
GetAsyncKeyState
SetKeyboardState
EmptyClipboard
GetKeyState
keybd_event
CharUpperA
LoadStringA
DialogBoxParamA
MessageBeep
EndDialog
SendDlgItemMessageA
GetDlgItem
SetWindowTextA
GetMenu
GetClientRect
CopyRect
EndPaint
BeginPaint
DestroyWindow
EnumWindows
GetDesktopWindow
IsWindow
IsWindowEnabled
IsWindowVisible
EnableWindow
ScreenToClient
InvalidateRect
GetWindowLongA
GetWindowThreadProcessId
AttachThreadInput
SendMessageTimeoutA
GetFocus
GetWindowTextA
EnumChildWindows
CharUpperBuffA
GetClassNameA
GetParent
GetDlgCtrlID
SetWindowLongA
IsZoomed
GetCaretPos
GetSubMenu
GetMenuStringA
IsCharLowerA
IsCharAlphaNumericA
IsCharAlphaA
IsCharUpperA
GetDC
WindowFromPoint
IsMenu
SetClipboardData
SendMessageA
MapVirtualKeyA
PostMessageA
GetWindowRect
CreatePopupMenu
MessageBoxA
RegisterWindowMessageA
SetTimer
DestroyIcon
ShowWindow
CreateWindowExA
RegisterClassExA
LoadIconA
LoadCursorA
GetSysColorBrush
GetForegroundWindow
DefWindowProcA
MoveWindow
SetFocus
PostQuitMessage
KillTimer
LockWindowUpdate
CountClipboardFormats
SetWindowPos
CloseClipboard
CopyImage
GetClipboardData
IsClipboardFormatAvailable
OpenClipboard
AdjustWindowRectEx
SetRect
ClientToScreen
RegisterHotKey
ReleaseDC
GetCursor
CharLowerBuffA
GetMessageA
UnregisterHotKey
DispatchMessageA
TranslateMessage
GetKeyboardState
PeekMessageA
GetKeyboardLayoutNameA

gdi32

LineTo
AngleArc
MoveToEx
Ellipse
PolyDraw
BeginPath
GetObjectA
SetBkMode
RoundRect
SetBkColor
CreatePen
CloseFigure
SetPixel
EndPath
StrokePath
StrokeAndFillPath
ExtCreatePen
PolyBezierTo
SetViewportOrgEx
Rectangle
CreateSolidBrush
SetTextColor
CreateFontA
GetDeviceCaps
GetTextFaceA
GetStockObject
CreateDCA
CreateCompatibleBitmap
GetPixel
DeleteDC
GetDIBits
BitBlt
SelectObject
CreateDIBSection
CreateCompatibleDC
GetTextExtentPoint32A
DeleteObject

comdlg32

GetSaveFileNameA
GetOpenFileNameA

advapi32

RegEnumValueA
RegDeleteValueA
RegDeleteKeyA
RegSetValueExA
RegCreateKeyExA
GetUserNameA
RegConnectRegistryA
RegEnumKeyExA
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
CloseServiceHandle
UnlockServiceDatabase
LockServiceDatabase
OpenSCManagerA
RegCloseKey
RegQueryValueExA
RegOpenKeyExA

shell32

DragQueryPoint
ShellExecuteExA
DragQueryFileA
SHBrowseForFolderA
SHFileOperationA
SHGetPathFromIDListA
SHGetDesktopFolder
SHGetMalloc
ExtractIconExA
Shell_NotifyIconA
ShellExecuteA
DragFinish

ole32

MkParseDisplayName
OleSetContainedObject
OleSetMenuDescriptor
CoCreateInstance
CoInitialize
CoUninitialize
CreateStreamOnHGlobal
IIDFromString
StringFromIID
CLSIDFromString
OleInitialize
CreateBindCtx
CLSIDFromProgID
CoInitializeSecurity
CoCreateInstanceEx
CoSetProxyBlanket
StringFromCLSID
OleUninitialize
CoTaskMemAlloc
CoTaskMemFree

oleaut32

SafeArrayAllocData
SafeArrayAllocDescriptorEx
SysAllocString
GetActiveObject
LoadRegTypeLi
SafeArrayDestroyDescriptor
OleLoadPicture
SafeArrayUnaccessData
SafeArrayAccessData
VarR4FromDec
VariantTimeToSystemTime
VariantInit
VariantClear
VariantCopy
SafeArrayDestroyData

Sections

.text
Size: 399KB - Virtual size: 399KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 46KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 65KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 170KB - Virtual size: 169KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Resources/$R0
Resources/Footer.jpg
.jpg
Resources/Header.jpg
.jpg
Resources/Info.ico
Resources/PleaseWait.exe
.exe windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 484KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 216KB - Virtual size: 220KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 162KB - Virtual size: 164KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 399KB - Virtual size: 399KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 46KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 65KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 170KB - Virtual size: 169KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Resources/Progress_Anim.avi
Resources/Restricted.ico
Resources/Trust.ico
Resources/installer.ico
license.lf

Sharing

General

Malware Config

Signatures

Files

099c0646ea7282d232219f8807883be0

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

44:be:0c:8b:50:00:24:b4:11:d3:36:2d:e0:b3:5f:1bCertificate

Extended Key Usages

Key Usages

cd:8e:8b:c6:79:9b:6d:e5:2d:16:5a:1f:53:12:2c:83Certificate

Extended Key Usages

Key Usages

ff:29:6d:28:78:87:16:4d:bd:d0:fb:df:bc:31:34:14:1e:cb:fa:d8Signer

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 22KB - Virtual size: 22KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 1024B - Virtual size: 107KB

.ndata Size: - Virtual size: 52KB

.rsrc Size: 159KB - Virtual size: 159KB

6547d8bc6a3af52f06d7821153e62201

Headers

File Characteristics

Imports

kernel32

user32

gdi32

msvcrt

ole32

oleaut32

Exports

Exports

Sections

.text Size: 7KB - Virtual size: 7KB

.rdata Size: 2KB - Virtual size: 1KB

.data Size: 512B - Virtual size: 136B

.reloc Size: 1024B - Virtual size: 520B

0125039a427c6f95b3acc9227413ece5

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

Exports

Exports

Sections

.text Size: 2KB - Virtual size: 1KB

.rdata Size: 1KB - Virtual size: 1KB

.data Size: - Virtual size: 16B

.reloc Size: 512B - Virtual size: 290B

b1cd0d78f652ce5fc63f0879371af012

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

comdlg32

ole32

Exports

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

44:be:0c:8b:50:00:24:b4:11:d3:36:2d:e0:b3:5f:1b
Certificate

cd:8e:8b:c6:79:9b:6d:e5:2d:16:5a:1f:53:12:2c:83
Certificate

ff:29:6d:28:78:87:16:4d:bd:d0:fb:df:bc:31:34:14:1e:cb:fa:d8
Signer

.text
Size: 22KB - Virtual size: 22KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 1024B - Virtual size: 107KB

.ndata
Size: - Virtual size: 52KB

.rsrc
Size: 159KB - Virtual size: 159KB

.text
Size: 7KB - Virtual size: 7KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 512B - Virtual size: 136B

.reloc
Size: 1024B - Virtual size: 520B

.text
Size: 2KB - Virtual size: 1KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: - Virtual size: 16B

.reloc
Size: 512B - Virtual size: 290B

.text
Size: 7KB - Virtual size: 6KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 2KB - Virtual size: 10KB

.rsrc
Size: 512B - Virtual size: 152B

.reloc
Size: 1024B - Virtual size: 1012B

.text
Size: 3KB - Virtual size: 2KB

.rdata
Size: 1024B - Virtual size: 899B

.data
Size: 512B - Virtual size: 344B

.reloc
Size: 1024B - Virtual size: 546B

.text
Size: 60KB - Virtual size: 58KB

.rdata
Size: 16KB - Virtual size: 14KB

.data
Size: 4KB - Virtual size: 11KB

.rsrc
Size: 4.0MB - Virtual size: 4.0MB

.reloc
Size: 16KB - Virtual size: 15KB

.text
Size: 9KB - Virtual size: 9KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: 1KB - Virtual size: 25KB

.reloc
Size: 1024B - Virtual size: 812B

.text
Size: 23KB - Virtual size: 22KB

.rdata
Size: 5KB - Virtual size: 5KB

.data
Size: 2KB - Virtual size: 7KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 2KB - Virtual size: 2KB