523e3ba2d9513dd0d94dff6b5075f1c3_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

523e3ba2d9513dd0d94dff6b5075f1c3_JaffaCakes118
Size

3.1MB
MD5

523e3ba2d9513dd0d94dff6b5075f1c3
SHA1

eb6057f7d7046078306977102a43a01334e8675a
SHA256

ad6061ef7f24aa5218ef2add53fdd57cd7332cbb7e82bef040d276491e9d548a
SHA512

cc84e040bf669cd1cd1a886f9b3bb84593a5f3763fa169a8da5d23ff28cb139bb9667b5df1482ed29568816ca473d0680e9df7cd6ac4f7b0134cbb588f708915
SSDEEP

49152:meW2q04Z+ZKAl1nwg3g502m0CsTtGJ71d0LV1dqcxAQdvTwkU2w4QodJVg+wS:22dsCtJACpUh1dqcldkkPw4FdJjZ

Score

3^/10

Malware Config

Signatures

Unsigned PE 4 IoCs

Checks for missing Authenticode signature.

resource
523e3ba2d9513dd0d94dff6b5075f1c3_JaffaCakes118
unpack001/$PLUGINSDIR/NSISdl.dll
unpack001/$TEMP/ntfs-recovery-software-1.1.exe
unpack001/$TEMP/windll.dll

NSIS installer 1 IoCs

installer

resource	yara_rule
sample	nsis_installer_2

Files

523e3ba2d9513dd0d94dff6b5075f1c3_JaffaCakes118
.exe windows:4 windows x86 arch:x86

28a099a911237a28521d8b7ea250f089

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

advapi32

RegCloseKey
RegCreateKeyExA
RegDeleteKeyA
RegDeleteValueA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegQueryValueExA
RegSetValueExA

comctl32

ImageList_AddMasked
ImageList_Create
ImageList_Destroy
InitCommonControls

gdi32

CreateBrushIndirect
CreateFontIndirectA
DeleteObject
GetDeviceCaps
SelectObject
SetBkColor
SetBkMode
SetTextColor

kernel32

CloseHandle
CompareFileTime
CopyFileA
CreateDirectoryA
CreateFileA
CreateProcessA
CreateThread
DeleteFileA
ExitProcess
ExpandEnvironmentStringsA
FindClose
FindFirstFileA
FindNextFileA
FreeLibrary
GetCommandLineA
GetCurrentProcess
GetDiskFreeSpaceA
GetExitCodeProcess
GetFileAttributesA
GetFileSize
GetFullPathNameA
GetLastError
GetModuleFileNameA
GetModuleHandleA
GetPrivateProfileStringA
GetProcAddress
GetShortPathNameA
GetSystemDirectoryA
GetTempFileNameA
GetTempPathA
GetTickCount
GetVersion
GetWindowsDirectoryA
GlobalAlloc
GlobalFree
GlobalLock
GlobalUnlock
LoadLibraryA
LoadLibraryExA
MoveFileA
MulDiv
MultiByteToWideChar
ReadFile
RemoveDirectoryA
SearchPathA
SetCurrentDirectoryA
SetErrorMode
SetFileAttributesA
SetFilePointer
SetFileTime
Sleep
WaitForSingleObject
WriteFile
WritePrivateProfileStringA
lstrcatA
lstrcmpA
lstrcmpiA
lstrcpynA
lstrlenA

ole32

CoCreateInstance
CoTaskMemFree
OleInitialize
OleUninitialize

shell32

SHBrowseForFolderA
SHFileOperationA
SHGetFileInfoA
SHGetPathFromIDListA
SHGetSpecialFolderLocation
ShellExecuteA

user32

AppendMenuA
BeginPaint
CallWindowProcA
CharNextA
CharPrevA
CheckDlgButton
CloseClipboard
CreateDialogParamA
CreatePopupMenu
CreateWindowExA
DefWindowProcA
DestroyWindow
DialogBoxParamA
DispatchMessageA
DrawTextA
EmptyClipboard
EnableMenuItem
EnableWindow
EndDialog
EndPaint
ExitWindowsEx
FillRect
FindWindowExA
GetClassInfoA
GetClientRect
GetDC
GetDlgItem
GetDlgItemTextA
GetMessagePos
GetSysColor
GetSystemMenu
GetSystemMetrics
GetWindowLongA
GetWindowRect
InvalidateRect
IsWindow
IsWindowEnabled
IsWindowVisible
LoadBitmapA
LoadCursorA
LoadImageA
MessageBoxIndirectA
OpenClipboard
PeekMessageA
PostQuitMessage
RegisterClassA
ScreenToClient
SendMessageA
SendMessageTimeoutA
SetClassLongA
SetClipboardData
SetCursor
SetDlgItemTextA
SetForegroundWindow
SetTimer
SetWindowLongA
SetWindowPos
SetWindowTextA
ShowWindow
SystemParametersInfoA
TrackPopupMenu
wsprintfA

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

Sections

.text
Size: 30KB - Virtual size: 29KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 144B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 150KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: 1024B - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
$PLUGINSDIR/NSISdl.dll
.dll windows:4 windows x86 arch:x86

826f63babc644cdb846b4d888d102fa0

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

advapi32

RegCloseKey
RegOpenKeyExA
RegQueryValueExA

kernel32

CloseHandle
CreateFileA
CreateSemaphoreA
CreateThread
DeleteFileA
GetCurrentThreadId
GetLastError
GetModuleHandleA
GetProcAddress
GetTickCount
GlobalAlloc
GlobalFree
InterlockedDecrement
InterlockedIncrement
MulDiv
ReleaseSemaphore
SetLastError
Sleep
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
WaitForSingleObject
WriteFile
lstrcatA
lstrcmpiA
lstrcpyA
lstrcpynA
lstrlenA

msvcrt

_write
__dllonexit
_errno
_iob
abort
fflush
fputc
fputs
free
fwrite
malloc
memcpy
realloc
strcmp
strcpy
strlen

user32

CallWindowProcA
CharPrevA
CreateWindowExA
DestroyWindow
EnableWindow
FindWindowExA
GetClientRect
GetDlgItem
GetFocus
GetWindowLongA
GetWindowRect
IsWindowVisible
RegisterWindowMessageA
SendMessageA
SetDlgItemTextA
SetWindowLongA
SetWindowTextA
ShowWindow
wsprintfA

ws2_32

WSACleanup
WSAGetLastError
WSAStartup
__WSAFDIsSet
closesocket
connect
gethostbyname
getsockname
htons
inet_addr
ioctlsocket
recv
select
send
shutdown
socket

Exports

Exports

download
download_quiet

Sections

.text
Size: 43KB - Virtual size: 42KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 24KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 95B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$TEMP/ntfs-recovery-software-1.1.exe
.exe windows:1 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 1024B - Virtual size: 584B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 3KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 8B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$TEMP/windll.dll
.dll regsvr32 windows:4 windows x86 arch:x86

e14b4552a8f5717a8a6ee93a08689edf

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetDiskFreeSpaceExW
CompareStringA
GetCurrentThreadId
IsValidCodePage
GetDiskFreeSpaceW
GlobalGetAtomNameA
GetCurrentThread
GetThreadContext
GetCommandLineA
WaitForMultipleObjectsEx
GetStartupInfoW
CreateMutexW
GetEnvironmentStrings
GetFileAttributesA
GetLogicalDrives
GetFileType
GetProfileSectionA
LocalHandle
SetStdHandle
GetTempFileNameA
OpenEventA
SetVolumeLabelA
IsBadWritePtr
OpenJobObjectW
GetFullPathNameW
GetSystemWow64DirectoryW
FindResourceExA
GlobalMemoryStatusEx
LockFile
AddAtomW
EnumResourceNamesA
HeapSetInformation
GlobalReAlloc
PeekConsoleInputA
GetDriveTypeW
RaiseException
IsBadStringPtrA
SetFileTime
DeleteCriticalSection
SetWaitableTimer
LocalReAlloc
GetSystemDirectoryW
SetHandleInformation
SetHandleCount
OpenMutexW
GetLocaleInfoA
GetDefaultCommConfigW
GetConsoleScreenBufferInfo
ExitProcess
FindNextFileW
WaitNamedPipeA
CreateJobObjectW
FindFirstFileExW
SetErrorMode
EnumResourceLanguagesA
GetWindowsDirectoryW
GetUserDefaultUILanguage
GetFullPathNameA
InterlockedCompareExchange
CopyFileW
SetConsoleCtrlHandler
WaitForMultipleObjects
GetTapeParameters
WriteProcessMemory
GetVolumeInformationW
CompareFileTime
IsBadHugeWritePtr
FindFirstChangeNotificationA
CreateRemoteThread
IsValidLanguageGroup
GetVolumeNameForVolumeMountPointW
LockFileEx
PurgeComm
GetEnvironmentVariableA
DisconnectNamedPipe
CreateMailslotW
lstrcatW
GetStringTypeW
lstrcmpW
OpenThread
GetModuleHandleW
CreateSemaphoreA
LCMapStringA
FreeEnvironmentStringsW
lstrcpyW
SetCurrentDirectoryA
GetProfileIntW
GlobalFindAtomW
ChangeTimerQueueTimer
ReadConsoleW
FlushViewOfFile
PostQueuedCompletionStatus
ClearCommError
GetDateFormatW
CancelWaitableTimer
ReadConsoleA
FileTimeToLocalFileTime
GetSystemTimeAdjustment
QueueUserWorkItem
TransactNamedPipe
GetDateFormatA
GetFileInformationByHandle
PulseEvent
EnumResourceLanguagesW
lstrcatA
IsBadHugeReadPtr
GetFileSize
CreateEventW
GetCurrentProcess
LocalAlloc
RegisterWaitForSingleObjectEx
CopyFileA
InterlockedIncrement
GetTickCount
CreateFileMappingA
CreateThread
InitializeCriticalSection
InterlockedExchange
GetCurrentProcessId
HeapFree
WaitForSingleObject
GetProcAddress
GetModuleHandleA
ReleaseMutex
HeapAlloc
GetModuleFileNameA
CreateFileA
EnterCriticalSection
InterlockedDecrement
DeleteFileA
MoveFileA
GetSystemTimeAsFileTime
CreateMutexA
Sleep
GetProcessHeap
LeaveCriticalSection
LoadLibraryA
ReadFile
LocalFree
WriteFile
SetTimeZoneInformation

ole32

CoInitializeEx
CoRevertToSelf
CoGetClassObject
OleCreateMenuDescriptor
OleLoadFromStream
GetRunningObjectTable
OleCreateLink
CreateILockBytesOnHGlobal
OleRegGetMiscStatus
CoCreateGuid
CoRegisterMessageFilter
OleInitialize
StgCreateDocfileOnILockBytes
OleUninitialize
CoGetCallContext
StringFromGUID2
OleDuplicateData
OleQueryLinkFromData
OleCreateLinkFromData
CreateOleAdviseHolder
CoAllowSetForegroundWindow
StgCreateDocfile
CreateBindCtx
StgOpenStorage
StgOpenStorageEx
CoSwitchCallContext
OleRun
CoLockObjectExternal
OleCreate
CoCreateInstance

user32

SetWindowWord
SetMenuItemInfoA
SetProcessDefaultLayout
TranslateMessage
OffsetRect
GetWindowRect
LoadBitmapW
GetScrollBarInfo
ChangeDisplaySettingsExW
wvsprintfA
InsertMenuA
CreateWindowExW
DialogBoxParamA
IntersectRect
ChangeDisplaySettingsW
ShowWindow
GetScrollRange
CallMsgFilterW
CharUpperW
InternalGetWindowText
LookupIconIdFromDirectory
ModifyMenuW
GetSysColorBrush
DispatchMessageW
MessageBoxW
GetClassInfoW
DrawIconEx
SetFocus
GetUserObjectInformationA
SetMenuItemBitmaps
ScrollWindow
ChildWindowFromPoint
EnumDisplaySettingsW
TabbedTextOutA
EqualRect
MapWindowPoints
HideCaret
GetQueueStatus
SendMessageW
GetDoubleClickTime
MessageBoxIndirectW
EnumWindowStationsW
BeginDeferWindowPos
IsCharAlphaNumericA
ToUnicodeEx
LoadMenuA
GetClassLongA
SetWindowRgn
DrawFrameControl
MessageBoxIndirectA
ShowScrollBar
KillTimer
RegisterWindowMessageA
GetScrollPos
GetWindowTextA
TrackMouseEvent
GetMessageExtraInfo
CharUpperBuffW
UpdateWindow
IsDialogMessageA
ShowCursor
TrackPopupMenu
DefDlgProcW
EnableMenuItem
SetRectEmpty
SendNotifyMessageA
IsWindowVisible
ReplyMessage
GetMenuItemInfoA
CreateDialogIndirectParamW
GetMenuDefaultItem
GetSystemMetrics
GetScrollInfo
PostMessageA
DialogBoxIndirectParamW
SetTimer
SwitchToThisWindow
InSendMessageEx
GetMenuItemCount
PtInRect
GetMessageW
EndDialog
CopyIcon
RemovePropA
CheckMenuRadioItem
GetActiveWindow
AppendMenuA
GetWindowRgn
EndPaint
WindowFromDC
EnableWindow
SetWindowLongW
CharUpperA
SendDlgItemMessageW
FrameRect
ToAscii
DeferWindowPos
GetMenu
RegisterWindowMessageW
GetWindowDC
DestroyCursor
EnumDisplaySettingsA
EnumWindows
SetScrollPos
CopyImage
ShowOwnedPopups
IsCharAlphaNumericW
GetProcessDefaultLayout
PeekMessageW
SetMenuItemInfoW
DrawMenuBar
DestroyCaret
ReuseDDElParam
NotifyWinEvent
CreateAcceleratorTableA
DrawIcon
SetCapture
SetPropA
SendMessageTimeoutA
GetProcessWindowStation
SetClassLongW
RedrawWindow
MessageBoxExW
OpenInputDesktop
GetWindowTextLengthW
SetWindowPlacement
TranslateMDISysAccel
BringWindowToTop
CreateDialogIndirectParamA
InvalidateRgn
CharToOemBuffA
GetWindowWord
CreatePopupMenu
CreateCursor
CharNextA
LoadAcceleratorsA
GetMessageA
SendMessageA
SetWindowsHookExA
CallNextHookEx
GetWindowThreadProcessId
DefWindowProcA
PeekMessageA
GetWindowLongA
FindWindowA
UnhookWindowsHookEx
SetWindowLongA
GetClassNameA
LoadStringA

shell32

SHGetSpecialFolderLocation
SHGetFolderPathW
ShellExecuteW
ExtractIconExA
SHGetFolderLocation
SHGetInstanceExplorer
SHGetFileInfoW
ExtractIconExW
CommandLineToArgvW
ShellExecuteExA
SHPathPrepareForWriteW
ShellExecuteA
SHGetSpecialFolderPathW
SHCreateShellItem
SHBindToParent
SHGetFolderPathA

gdi32

CreateHatchBrush
SetViewportOrgEx
GetEnhMetaFileBits
GetLayout
GetPath
GetTextCharset
GetViewportExtEx
RealizePalette
PatBlt
GetViewportOrgEx
CreateScalableFontResourceA
GetNearestPaletteIndex
GetRandomRgn
GetTextExtentExPointA
ExtEscape
SetWorldTransform
LPtoDP
CreateMetaFileW
CreateDIBitmap
GetTextExtentPointA
GetDCOrgEx
SetPaletteEntries
CreateCompatibleDC
GetTextMetricsA
OffsetViewportOrgEx
CreateFontIndirectW
ExtFloodFill
CreateHalftonePalette
DeleteDC
SetTextCharacterExtra
PlayEnhMetaFileRecord
PolyPolygon
MoveToEx
AnimatePalette
GetWindowOrgEx
StrokePath
InvertRgn
EnumFontsA
PtInRegion
CopyEnhMetaFileA
GetCurrentPositionEx
GetBrushOrgEx
GetCharABCWidthsW
DeleteMetaFile
SetGraphicsMode
PolyDraw
GetKerningPairsA
ArcTo
CreateEnhMetaFileA
GetWinMetaFileBits
GetObjectW
CreateDiscardableBitmap
AbortDoc
GetTextCharacterExtra
SetArcDirection
GetRgnBox
CreateCompatibleBitmap
TextOutA
StrokeAndFillPath
CreateFontIndirectA
BitBlt
FillPath
GetObjectA
GetCharABCWidthsA
LineTo
GetStockObject
PlayMetaFile
EqualRgn
SetBitmapBits
FillRgn
SetBkMode
ScaleViewportExtEx
GetTextFaceW
EndDoc
SetColorAdjustment
GetSystemPaletteUse
GetClipRgn
ExtCreatePen
Polyline
GetTextExtentPointW
SetROP2
ExtTextOutW
StartDocA
SetMiterLimit
SetMetaFileBitsEx
SetTextAlign
AddFontResourceW
EndPath
GetTextAlign

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 92KB - Virtual size: 90KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

28a099a911237a28521d8b7ea250f089

Headers

File Characteristics

Imports

advapi32

comctl32

gdi32

kernel32

ole32

shell32

user32

version

Sections

.text Size: 30KB - Virtual size: 29KB

.data Size: 512B - Virtual size: 144B

.rdata Size: 3KB - Virtual size: 3KB

.bss Size: - Virtual size: 150KB

.idata Size: 5KB - Virtual size: 4KB

.ndata Size: 1024B - Virtual size: 32KB

.rsrc Size: 2KB - Virtual size: 2KB

826f63babc644cdb846b4d888d102fa0

Headers

File Characteristics

Imports

advapi32

kernel32

msvcrt

user32

ws2_32

Exports

Exports

Sections

.text Size: 43KB - Virtual size: 42KB

.data Size: 16KB - Virtual size: 16KB

.rdata Size: 6KB - Virtual size: 6KB

.bss Size: - Virtual size: 24KB

.edata Size: 512B - Virtual size: 95B

.idata Size: 2KB - Virtual size: 2KB

.reloc Size: 2KB - Virtual size: 2KB

Headers

DLL Characteristics

File Characteristics

Sections

CODE Size: 36KB - Virtual size: 35KB

DATA Size: 1024B - Virtual size: 584B

BSS Size: - Virtual size: 3KB

.idata Size: 2KB - Virtual size: 2KB

.tls Size: - Virtual size: 8B

.rdata Size: 512B - Virtual size: 24B

.reloc Size: - Virtual size: 2KB

.rsrc Size: 12KB - Virtual size: 11KB

e14b4552a8f5717a8a6ee93a08689edf

Headers

File Characteristics

Imports

kernel32

ole32

user32

shell32

gdi32

Exports

Exports

Sections

.text Size: 92KB - Virtual size: 90KB

.rdata Size: 12KB - Virtual size: 11KB

.data Size: 8KB - Virtual size: 7KB

.reloc Size: 4KB - Virtual size: 3KB

.text
Size: 30KB - Virtual size: 29KB

.data
Size: 512B - Virtual size: 144B

.rdata
Size: 3KB - Virtual size: 3KB

.bss
Size: - Virtual size: 150KB

.idata
Size: 5KB - Virtual size: 4KB

.ndata
Size: 1024B - Virtual size: 32KB

.rsrc
Size: 2KB - Virtual size: 2KB

.text
Size: 43KB - Virtual size: 42KB

.data
Size: 16KB - Virtual size: 16KB

.rdata
Size: 6KB - Virtual size: 6KB

.bss
Size: - Virtual size: 24KB

.edata
Size: 512B - Virtual size: 95B

.idata
Size: 2KB - Virtual size: 2KB

.reloc
Size: 2KB - Virtual size: 2KB

CODE
Size: 36KB - Virtual size: 35KB

DATA
Size: 1024B - Virtual size: 584B

BSS
Size: - Virtual size: 3KB

.idata
Size: 2KB - Virtual size: 2KB

.tls
Size: - Virtual size: 8B

.rdata
Size: 512B - Virtual size: 24B

.reloc
Size: - Virtual size: 2KB

.rsrc
Size: 12KB - Virtual size: 11KB

.text
Size: 92KB - Virtual size: 90KB

.rdata
Size: 12KB - Virtual size: 11KB

.data
Size: 8KB - Virtual size: 7KB

.reloc
Size: 4KB - Virtual size: 3KB