growtopia | JaffaCakes118_62cb08452d4e84902a8e2eba5c9fffb0c42eef385825e1f090c48c3bdcb4ebc7

Sharing

Copy URL

Twitter E-mail

General

Target

JaffaCakes118_62cb08452d4e84902a8e2eba5c9fffb0c42eef385825e1f090c48c3bdcb4ebc7
Size

6.3MB
MD5

39741889d92aa8654da6cd1d45dbf4fa
SHA1

447e9ead3b6be4292da0520c9eae9d3e09d6cbc5
SHA256

62cb08452d4e84902a8e2eba5c9fffb0c42eef385825e1f090c48c3bdcb4ebc7
SHA512

e002c293f1e645b3b408c2e4f60b746f6b478a57fd85400ea69f0b21788fac5d7af1a57206e65e4722492f953132cd1df29709a958fb86013bbe0d80fc874338
SSDEEP

196608:IfUfCtB/qB5U3U+JrIj6Vem7iXXmEGr2z0+nADLnr:IfkOB/Eq3UwIj3m7MEr2TA

Score

10^/10

growtopia

Malware Config

Signatures

Growtopia family
growtopia

Unsigned PE 10 IoCs

Checks for missing Authenticode signature.

resource
unpack001/108e8f5a4051763f052d008fb1dc3a9fbc56d149b3bf442fc06a4a35178efe03
unpack001/1e3856ec1860b5f70ed544a3764beea115035fe60b95c13f57d4afc8327293b5
unpack001/7dbf54a7d28bc41c266a9277238b7ca8089e0df97b0c917f3424a443185f99c5
unpack001/8806eddaa2315f2a8108d2e56ca518b073c2feb5d70b72f075810b26a33cae73
unpack001/96b7ed816f80b062a3be985048b33dae141c5d9d8db276ab7ec50d11a0196331
unpack001/ad4f00ab519845f4c1a3a4044e9d7992dc37c5887c08260282f9731f21c5da99
unpack001/affda22761fab03d80c769e4d2c80e00c8895918b4756fbd4a802c14941fdb08
unpack001/b262e47d429a9705e173ca20401db353e887c1adec9d16c649503b31b7b2dcbc
unpack001/d17cfa5d11df85c2f16f66f59130430e1ca34fbd20657f9f88dafd4d9cf24b8a
unpack001/e4569dcd012ebfd64f7a33b77f385edab89d21ea44b96488e4fd63b3893d7b4c

Files

JaffaCakes118_62cb08452d4e84902a8e2eba5c9fffb0c42eef385825e1f090c48c3bdcb4ebc7
.zip

Password: infected
108e8f5a4051763f052d008fb1dc3a9fbc56d149b3bf442fc06a4a35178efe03
.dll windows:6 windows x64 arch:x64

818152acf9b9745a10910998c6f4cf34

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

Sleep
ExitProcess
HeapFree
lstrcmpiA
lstrcpyA
HeapAlloc
HeapCreate
LocalFree
LocalAlloc
GetModuleHandleA
GetWindowsDirectoryA
DeviceIoControl
GetLastError
CloseHandle
CreateThread
CreateFileA
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
GetModuleHandleW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
RtlPcToFileHeader
RaiseException
RtlUnwindEx
InterlockedFlushSList
SetLastError
EncodePointer
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
GetCurrentProcess
TerminateProcess
GetModuleHandleExW
GetModuleFileNameA
MultiByteToWideChar
WideCharToMultiByte
WriteFile
GetConsoleCP
GetConsoleMode
DeleteFileW
LCMapStringW
FindClose
FindFirstFileExA
FindNextFileA
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetProcessHeap
GetStdHandle
GetFileType
GetStringTypeW
SetStdHandle
FlushFileBuffers
CreateFileW
SetFilePointerEx
WriteConsoleW
HeapSize
HeapReAlloc
SetEndOfFile
ReadFile
ReadConsoleW

advapi32

CheckTokenMembership
AllocateAndInitializeSid
StartServiceA
OpenServiceA
OpenSCManagerA
DeleteService
CreateServiceA
ControlService
CloseServiceHandle
FreeSid

shell32

ord680

Exports

Exports

Control
FreeBuffer
Release
Start

Sections

.text
Size: 125KB - Virtual size: 124KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 39KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 512B - Virtual size: 216B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.l2
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
1e3856ec1860b5f70ed544a3764beea115035fe60b95c13f57d4afc8327293b5
.dll windows:6 windows x86 arch:x86

808d83d867a86e4f963a97415bed67af

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

HeapAlloc
HeapFree
Sleep
HeapCreate
CreateThread
lstrcmpiA
lstrcpyA
LocalFree
LocalAlloc
GetModuleHandleA
GetWindowsDirectoryA
DeviceIoControl
GetLastError
CloseHandle
ExitProcess
CreateFileA
IsProcessorFeaturePresent
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
GetModuleHandleW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
GetCurrentProcess
TerminateProcess
RaiseException
RtlUnwind
InterlockedFlushSList
SetLastError
EncodePointer
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
GetModuleHandleExW
GetModuleFileNameA
MultiByteToWideChar
WideCharToMultiByte
WriteFile
GetConsoleCP
GetConsoleMode
DeleteFileW
LCMapStringW
FindClose
FindFirstFileExA
FindNextFileA
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetProcessHeap
GetStdHandle
GetFileType
GetStringTypeW
SetStdHandle
FlushFileBuffers
CreateFileW
SetFilePointerEx
WriteConsoleW
HeapSize
HeapReAlloc
SetEndOfFile
ReadFile
ReadConsoleW
DecodePointer

advapi32

OpenServiceA
OpenSCManagerA
DeleteService
CreateServiceA
ControlService
CloseServiceHandle
StartServiceA

shell32

ord680

Exports

Exports

Control
FreeBuffer
Release
Start

Sections

.text
Size: 109KB - Virtual size: 108KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 272B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
7dbf54a7d28bc41c266a9277238b7ca8089e0df97b0c917f3424a443185f99c5
.dll windows:6 windows x86 arch:x86

03d3fbeb6c3d06f7324c0c4b5dd93935

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

Sleep
ExitProcess
HeapFree
lstrcmpiA
lstrcpyA
HeapAlloc
HeapCreate
LocalFree
LocalAlloc
GetModuleHandleA
GetWindowsDirectoryA
DeviceIoControl
GetLastError
CloseHandle
CreateThread
CreateFileA
IsProcessorFeaturePresent
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
GetModuleHandleW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
GetCurrentProcess
TerminateProcess
RaiseException
RtlUnwind
InterlockedFlushSList
SetLastError
EncodePointer
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
GetModuleHandleExW
GetModuleFileNameA
MultiByteToWideChar
WideCharToMultiByte
WriteFile
GetConsoleCP
GetConsoleMode
DeleteFileW
LCMapStringW
FindClose
FindFirstFileExA
FindNextFileA
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetProcessHeap
GetStdHandle
GetFileType
GetStringTypeW
SetStdHandle
FlushFileBuffers
CreateFileW
SetFilePointerEx
WriteConsoleW
HeapSize
HeapReAlloc
SetEndOfFile
ReadFile
ReadConsoleW
DecodePointer

advapi32

CheckTokenMembership
AllocateAndInitializeSid
StartServiceA
OpenServiceA
OpenSCManagerA
DeleteService
CreateServiceA
ControlService
CloseServiceHandle
FreeSid

shell32

ord680

Exports

Exports

Control
FreeBuffer
Release
Start

Sections

.text
Size: 108KB - Virtual size: 108KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 272B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.l2
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
8806eddaa2315f2a8108d2e56ca518b073c2feb5d70b72f075810b26a33cae73
.dll windows:6 windows x64 arch:x64

a2eb127529079d080d61c38ae9c2688c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

LeaveCriticalSection
InitializeCriticalSection
Sleep
GetLastError
CreateThread
DeleteCriticalSection
GetFileSize
SetLastError
CreateFileA
lstrlenA
LoadLibraryA
GetTickCount
AreFileApisANSI
ReadFile
TryEnterCriticalSection
GetFullPathNameW
WriteFile
GetDiskFreeSpaceW
OutputDebugStringA
LockFile
SetFilePointer
GetFullPathNameA
SetEndOfFile
UnlockFileEx
GetTempPathW
CreateMutexW
WaitForSingleObject
CreateFileW
GetFileAttributesW
GetCurrentThreadId
UnmapViewOfFile
HeapValidate
MultiByteToWideChar
GetTempPathA
FormatMessageW
GetDiskFreeSpaceA
EnterCriticalSection
GetFileAttributesExW
OutputDebugStringW
FlushViewOfFile
WaitForSingleObjectEx
DeleteFileA
DeleteFileW
CloseHandle
GetSystemInfo
LoadLibraryW
HeapCompact
HeapDestroy
UnlockFile
GetProcAddress
LocalFree
LockFileEx
GetCurrentProcessId
SystemTimeToFileTime
FreeLibrary
WideCharToMultiByte
GetSystemTimeAsFileTime
GetSystemTime
FormatMessageA
CreateFileMappingW
MapViewOfFile
QueryPerformanceCounter
FlushFileBuffers
lstrcpyA
GetModuleHandleA
ReadProcessMemory
CreatePipe
PeekNamedPipe
GetStartupInfoA
LocalAlloc
lstrlenW
GetPrivateProfileStringA
GlobalFree
WriteConsoleW
GetProcessHeap
HeapSize
VirtualFree
HeapAlloc
HeapReAlloc
HeapFree
HeapCreate
GetFileAttributesA
lstrcatA
RtlUnwind
SetStdHandle
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
IsValidCodePage
FindNextFileA
FindFirstFileExA
FindClose
SetFilePointerEx
ReadConsoleW
GetConsoleMode
GetConsoleCP
GetTimeZoneInformation
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetFileType
GetStdHandle
InitializeCriticalSectionAndSpinCount
SetEvent
ResetEvent
CreateEventW
GetModuleHandleW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
GetCurrentProcess
TerminateProcess
InitializeSListHead
SwitchToThread
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
EncodePointer
DecodePointer
GetCPInfo
CompareStringW
LCMapStringW
GetLocaleInfoW
GetStringTypeW
RtlUnwindEx
InterlockedFlushSList
RtlPcToFileHeader
RaiseException
LoadLibraryExW
ExitThread
FreeLibraryAndExitThread
GetModuleHandleExW
ExitProcess
GetModuleFileNameA
GetACP

advapi32

IsTextUnicode
CryptAcquireContextW
CryptGetHashParam

user32

GetParent
CharUpperA

psapi

GetProcessImageFileNameA

wininet

InternetCrackUrlA

Exports

Exports

Control
FreeBuffer
Release
Start
Stop

Sections

.text
Size: 977KB - Virtual size: 976KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 188KB - Virtual size: 188KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 31KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
96b7ed816f80b062a3be985048b33dae141c5d9d8db276ab7ec50d11a0196331
.dll windows:6 windows x64 arch:x64

e67e2cf33813231984c4e9d74b0f6d59

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

GlobalLock
GlobalUnlock
SetPriorityClass
GetCurrentProcess
GetExitCodeThread
SetThreadIdealProcessor
ExitProcess
InitializeCriticalSectionEx
MultiByteToWideChar
RaiseException
DeleteCriticalSection
WideCharToMultiByte
DeleteFileA
GetPrivateProfileStringA
LoadLibraryW
GetTempPathA
CopyFileA
GetFileAttributesA
GetTempFileNameA
AreFileApisANSI
ReadFile
TryEnterCriticalSection
HeapCreate
HeapFree
EnterCriticalSection
GetFullPathNameW
GetDiskFreeSpaceW
LockFile
LeaveCriticalSection
InitializeCriticalSection
GetFullPathNameA
SetEndOfFile
UnlockFileEx
GetTempPathW
CreateMutexW
CreateFileW
GetFileAttributesW
UnmapViewOfFile
HeapValidate
HeapSize
FormatMessageW
GetDiskFreeSpaceA
GetFileAttributesExW
OutputDebugStringW
FlushViewOfFile
WaitForSingleObjectEx
DeleteFileW
HeapReAlloc
GetSystemInfo
HeapAlloc
HeapCompact
HeapDestroy
UnlockFile
LocalFree
LockFileEx
GetFileSize
GetCurrentProcessId
GetProcessHeap
SystemTimeToFileTime
GetSystemTimeAsFileTime
GetSystemTime
FormatMessageA
WriteFile
MapViewOfFile
QueryPerformanceCounter
FlushFileBuffers
WriteConsoleW
SetStdHandle
GetStringTypeW
GlobalFree
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
ReadConsoleW
SetFilePointerEx
GetConsoleMode
GetConsoleCP
SetEnvironmentVariableW
GetTimeZoneInformation
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
GetFileType
GetStdHandle
GetModuleFileNameW
GetModuleHandleExW
FreeLibraryAndExitThread
ExitThread
LoadLibraryExW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
EncodePointer
InterlockedFlushSList
RtlPcToFileHeader
RtlUnwindEx
GetStartupInfoW
IsDebuggerPresent
InitializeSListHead
GetModuleHandleW
CreateEventW
ResetEvent
InitializeCriticalSectionAndSpinCount
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GlobalAlloc
CreateEventA
FreeLibrary
GetVersionExA
TerminateThread
GetCurrentThread
SetEvent
SwitchToThread
K32GetModuleFileNameExA
TerminateProcess
OpenFile
GetProcAddress
LoadLibraryA
GetModuleHandleA
ReadProcessMemory
VirtualAllocEx
CreateThread
CloseHandle
Sleep
OpenProcess
GetCurrentThreadId
WaitForSingleObject
FindClose
FindNextFileA
GetLastError
SetThreadPriority
VirtualAlloc
VirtualFree
SetLastError
GetTickCount
lstrcmpiA
CreateFileA
SetFilePointer
OutputDebugStringA
FindFirstFileA
CreateFileMappingW
WriteProcessMemory

user32

CloseWindow
PostMessageW
WindowFromPoint
CreateDesktopA
SetProcessWindowStation
OpenWindowStationA
GetSystemMetrics
CreateMenu
GetClientRect
CheckMenuItem
EmptyClipboard
SetClipboardData
GetAncestor
CallNextHookEx
AppendMenuA
SetMenu
MoveWindow
MessageBoxA
SetWindowTextA
DestroyWindow
ChildWindowFromPointEx
GetDesktopWindow
SendMessageA
OpenDesktopA
FindWindowExA
GetThreadDesktop
SetThreadDesktop
GetWindowThreadProcessId
InvalidateRect
UpdateWindow
SetParent
EnumDesktopWindows
CreateWindowExA
CloseDesktop
ShowWindow
TrackPopupMenu
GetClassNameA
PostMessageA
TranslateMessage
SetMenuItemInfoA
CreatePopupMenu
InsertMenuA
DispatchMessageA
GetMessageA
PostQuitMessage
GetClipboardData
DefWindowProcA
ChangeClipboardChain
RegisterClassA
SetWindowsHookExA
UnhookWindowsHookEx
GetWindow
IsWindowVisible
MonitorFromWindow
EnumChildWindows
RedrawWindow
GetWindowDC
PrintWindow
GetDpiForSystem
ReleaseDC
GetWindowRect
SetWindowPos
GetIconInfo
ScreenToClient
NotifyWinEvent
GetWindowPlacement
IsWindow
GetWindowTextA
GetWindowLongA
SetWindowPlacement
BringWindowToTop
IsZoomed
SetWinEventHook
GetParent
UnhookWinEvent
SetForegroundWindow
IsIconic
LoadCursorA
SetClipboardViewer
OpenClipboard
CloseClipboard

gdi32

DeleteDC
GetPixel
CreateBitmap
GetDIBits
StretchBlt
CreateCompatibleDC
SelectObject
TextOutA
DeleteObject
SetTextColor

advapi32

GetTokenInformation
RegGetValueA
OpenThreadToken
InitializeSecurityDescriptor
OpenProcessToken
LookupAccountSidA
LookupPrivilegeValueA
AdjustTokenPrivileges
SetSecurityDescriptorDacl
CryptReleaseContext
CryptGetHashParam
RegEnumValueA
RegOpenKeyExA
CryptDestroyHash
CryptHashData
CryptCreateHash
RegQueryValueExA
RegCloseKey
CryptAcquireContextA
RegEnumKeyA

shell32

ExtractIconExA
SHGetSpecialFolderPathA
ExtractAssociatedIconA
SHGetSpecialFolderLocation
SHGetPathFromIDListA

ole32

CoUninitialize
CoInitialize
CoCreateInstance

oleaut32

SysAllocString
VariantClear
SysFreeString
SysAllocStringLen

comctl32

ImageList_Create
ImageList_SetBkColor
ImageList_ReplaceIcon

rpcrt4

UuidCreate
UuidToStringA
RpcStringFreeA

gdiplus

GdiplusStartup
GdiplusShutdown
GdipGetImageEncoders
GdipCloneImage
GdipAlloc
GdipDisposeImage
GdipCloneBitmapAreaI
GdipCreateBitmapFromGdiDib
GdipFree
GdipGetImageEncodersSize
GdipSaveImageToStream

ws2_32

inet_ntoa
WSAResetEvent
socket
ntohs
connect
WSAWaitForMultipleEvents
WSARecv
htons
WSAGetOverlappedResult
setsockopt
WSAGetLastError
recv
closesocket
send
WSACleanup
WSAStartup
inet_addr
WSACreateEvent

crypt32

CryptUnprotectData

Exports

Exports

Control
FreeBuffer
NetServerStart
NetServerStop
Release
Start
cJSON_AddArrayToObject
cJSON_AddBoolToObject
cJSON_AddFalseToObject
cJSON_AddItemReferenceToArray
cJSON_AddItemReferenceToObject
cJSON_AddItemToArray
cJSON_AddItemToObject
cJSON_AddItemToObjectCS
cJSON_AddNullToObject
cJSON_AddNumberToObject
cJSON_AddObjectToObject
cJSON_AddRawToObject
cJSON_AddStringToObject
cJSON_AddTrueToObject
cJSON_Compare
cJSON_CreateArray
cJSON_CreateArrayReference
cJSON_CreateBool
cJSON_CreateDoubleArray
cJSON_CreateFalse
cJSON_CreateFloatArray
cJSON_CreateIntArray
cJSON_CreateNull
cJSON_CreateNumber
cJSON_CreateObject
cJSON_CreateObjectReference
cJSON_CreateRaw
cJSON_CreateString
cJSON_CreateStringArray
cJSON_CreateStringReference
cJSON_CreateTrue
cJSON_Delete
cJSON_DeleteItemFromArray
cJSON_DeleteItemFromObject
cJSON_DeleteItemFromObjectCaseSensitive
cJSON_DetachItemFromArray
cJSON_DetachItemFromObject
cJSON_DetachItemFromObjectCaseSensitive
cJSON_DetachItemViaPointer
cJSON_Duplicate
cJSON_GetArrayItem
cJSON_GetArraySize
cJSON_GetErrorPtr
cJSON_GetObjectItem
cJSON_GetObjectItemCaseSensitive
cJSON_GetStringValue
cJSON_HasObjectItem
cJSON_InitHooks
cJSON_InsertItemInArray
cJSON_IsArray
cJSON_IsBool
cJSON_IsFalse
cJSON_IsInvalid
cJSON_IsNull
cJSON_IsNumber
cJSON_IsObject
cJSON_IsRaw
cJSON_IsString
cJSON_IsTrue
cJSON_Minify
cJSON_Parse
cJSON_ParseWithOpts
cJSON_Print
cJSON_PrintBuffered
cJSON_PrintPreallocated
cJSON_PrintUnformatted
cJSON_ReplaceItemInArray
cJSON_ReplaceItemInObject
cJSON_ReplaceItemInObjectCaseSensitive
cJSON_ReplaceItemViaPointer
cJSON_SetNumberHelper
cJSON_Version
cJSON_free
cJSON_malloc

Sections

.text
Size: 897KB - Virtual size: 897KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 146KB - Virtual size: 146KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 38KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 148B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.SHARDAT
Size: 512B - Virtual size: 20B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ad4f00ab519845f4c1a3a4044e9d7992dc37c5887c08260282f9731f21c5da99
.dll windows:6 windows x64 arch:x64

818152acf9b9745a10910998c6f4cf34

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

Sleep
ExitProcess
HeapFree
lstrcmpiA
lstrcpyA
HeapAlloc
HeapCreate
LocalFree
LocalAlloc
GetModuleHandleA
GetWindowsDirectoryA
DeviceIoControl
GetLastError
CloseHandle
CreateThread
CreateFileA
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
GetModuleHandleW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
RtlPcToFileHeader
RaiseException
RtlUnwindEx
InterlockedFlushSList
SetLastError
EncodePointer
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
GetCurrentProcess
TerminateProcess
GetModuleHandleExW
GetModuleFileNameA
MultiByteToWideChar
WideCharToMultiByte
WriteFile
GetConsoleCP
GetConsoleMode
DeleteFileW
LCMapStringW
FindClose
FindFirstFileExA
FindNextFileA
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetProcessHeap
GetStdHandle
GetFileType
GetStringTypeW
SetStdHandle
FlushFileBuffers
CreateFileW
SetFilePointerEx
WriteConsoleW
HeapSize
HeapReAlloc
SetEndOfFile
ReadFile
ReadConsoleW

advapi32

CheckTokenMembership
AllocateAndInitializeSid
StartServiceA
OpenServiceA
OpenSCManagerA
DeleteService
CreateServiceA
ControlService
CloseServiceHandle
FreeSid

shell32

ord680

Exports

Exports

Control
FreeBuffer
Release
Start

Sections

.text
Size: 125KB - Virtual size: 124KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 39KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 512B - Virtual size: 216B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.l2
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
affda22761fab03d80c769e4d2c80e00c8895918b4756fbd4a802c14941fdb08
.dll windows:6 windows x86 arch:x86

03d3fbeb6c3d06f7324c0c4b5dd93935

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

Sleep
ExitProcess
HeapFree
lstrcmpiA
lstrcpyA
HeapAlloc
HeapCreate
LocalFree
LocalAlloc
GetModuleHandleA
GetWindowsDirectoryA
DeviceIoControl
GetLastError
CloseHandle
CreateThread
CreateFileA
IsProcessorFeaturePresent
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
GetModuleHandleW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
GetCurrentProcess
TerminateProcess
RaiseException
RtlUnwind
InterlockedFlushSList
SetLastError
EncodePointer
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
GetModuleHandleExW
GetModuleFileNameA
MultiByteToWideChar
WideCharToMultiByte
WriteFile
GetConsoleCP
GetConsoleMode
DeleteFileW
LCMapStringW
FindClose
FindFirstFileExA
FindNextFileA
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetProcessHeap
GetStdHandle
GetFileType
GetStringTypeW
SetStdHandle
FlushFileBuffers
CreateFileW
SetFilePointerEx
WriteConsoleW
HeapSize
HeapReAlloc
SetEndOfFile
ReadFile
ReadConsoleW
DecodePointer

advapi32

CheckTokenMembership
AllocateAndInitializeSid
StartServiceA
OpenServiceA
OpenSCManagerA
DeleteService
CreateServiceA
ControlService
CloseServiceHandle
FreeSid

shell32

ord680

Exports

Exports

Control
FreeBuffer
Release
Start

Sections

.text
Size: 108KB - Virtual size: 108KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 272B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.l2
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
b262e47d429a9705e173ca20401db353e887c1adec9d16c649503b31b7b2dcbc
.dll windows:5 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.text
Size: 496KB - Virtual size: 496KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 176KB - Virtual size: 175KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
d17cfa5d11df85c2f16f66f59130430e1ca34fbd20657f9f88dafd4d9cf24b8a
.dll windows:6 windows x86 arch:x86

03d3fbeb6c3d06f7324c0c4b5dd93935

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

Sleep
ExitProcess
HeapFree
lstrcmpiA
lstrcpyA
HeapAlloc
HeapCreate
LocalFree
LocalAlloc
GetModuleHandleA
GetWindowsDirectoryA
DeviceIoControl
GetLastError
CloseHandle
CreateThread
CreateFileA
IsProcessorFeaturePresent
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
GetModuleHandleW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
GetCurrentProcess
TerminateProcess
RaiseException
RtlUnwind
InterlockedFlushSList
SetLastError
EncodePointer
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
GetModuleHandleExW
GetModuleFileNameA
MultiByteToWideChar
WideCharToMultiByte
WriteFile
GetConsoleCP
GetConsoleMode
DeleteFileW
LCMapStringW
FindClose
FindFirstFileExA
FindNextFileA
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetProcessHeap
GetStdHandle
GetFileType
GetStringTypeW
SetStdHandle
FlushFileBuffers
CreateFileW
SetFilePointerEx
WriteConsoleW
HeapSize
HeapReAlloc
SetEndOfFile
ReadFile
ReadConsoleW
DecodePointer

advapi32

CheckTokenMembership
AllocateAndInitializeSid
StartServiceA
OpenServiceA
OpenSCManagerA
DeleteService
CreateServiceA
ControlService
CloseServiceHandle
FreeSid

shell32

ord680

Exports

Exports

Control
FreeBuffer
Release
Start

Sections

.text
Size: 108KB - Virtual size: 108KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 272B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.l2
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
e4569dcd012ebfd64f7a33b77f385edab89d21ea44b96488e4fd63b3893d7b4c
.dll windows:6 windows x64 arch:x64

818152acf9b9745a10910998c6f4cf34

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

Sleep
ExitProcess
HeapFree
lstrcmpiA
lstrcpyA
HeapAlloc
HeapCreate
LocalFree
LocalAlloc
GetModuleHandleA
GetWindowsDirectoryA
DeviceIoControl
GetLastError
CloseHandle
CreateThread
CreateFileA
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
GetModuleHandleW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
RtlPcToFileHeader
RaiseException
RtlUnwindEx
InterlockedFlushSList
SetLastError
EncodePointer
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
GetCurrentProcess
TerminateProcess
GetModuleHandleExW
GetModuleFileNameA
MultiByteToWideChar
WideCharToMultiByte
WriteFile
GetConsoleCP
GetConsoleMode
DeleteFileW
LCMapStringW
FindClose
FindFirstFileExA
FindNextFileA
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetProcessHeap
GetStdHandle
GetFileType
GetStringTypeW
SetStdHandle
FlushFileBuffers
CreateFileW
SetFilePointerEx
WriteConsoleW
HeapSize
HeapReAlloc
SetEndOfFile
ReadFile
ReadConsoleW

advapi32

CheckTokenMembership
AllocateAndInitializeSid
StartServiceA
OpenServiceA
OpenSCManagerA
DeleteService
CreateServiceA
ControlService
CloseServiceHandle
FreeSid

shell32

ord680

Exports

Exports

Control
FreeBuffer
Release
Start

Sections

.text
Size: 125KB - Virtual size: 124KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 39KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 512B - Virtual size: 216B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

818152acf9b9745a10910998c6f4cf34

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

shell32

Exports

Exports

Sections

.text Size: 125KB - Virtual size: 124KB

.rdata Size: 39KB - Virtual size: 38KB

.data Size: 6KB - Virtual size: 14KB

.pdata Size: 5KB - Virtual size: 4KB

.gfids Size: 512B - Virtual size: 216B

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 2KB - Virtual size: 1KB

.l2 Size: 512B - Virtual size: 512B

808d83d867a86e4f963a97415bed67af

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

shell32

Exports

Exports

Sections

.text Size: 109KB - Virtual size: 108KB

.rdata Size: 24KB - Virtual size: 24KB

.data Size: 5KB - Virtual size: 10KB

.gfids Size: 512B - Virtual size: 272B

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 5KB - Virtual size: 4KB

03d3fbeb6c3d06f7324c0c4b5dd93935

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

shell32

Exports

Exports

Sections

.text Size: 108KB - Virtual size: 108KB

.rdata Size: 24KB - Virtual size: 24KB

.data Size: 5KB - Virtual size: 10KB

.gfids Size: 512B - Virtual size: 272B

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 5KB - Virtual size: 4KB

.l2 Size: 512B - Virtual size: 512B

a2eb127529079d080d61c38ae9c2688c

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

user32

psapi

wininet

Exports

Exports

Sections

.text Size: 977KB - Virtual size: 976KB

.rdata Size: 188KB - Virtual size: 188KB

.data Size: 13KB - Virtual size: 23KB

.pdata Size: 31KB - Virtual size: 30KB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 6KB - Virtual size: 5KB

e67e2cf33813231984c4e9d74b0f6d59

.text
Size: 125KB - Virtual size: 124KB

.rdata
Size: 39KB - Virtual size: 38KB

.data
Size: 6KB - Virtual size: 14KB

.pdata
Size: 5KB - Virtual size: 4KB

.gfids
Size: 512B - Virtual size: 216B

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 2KB - Virtual size: 1KB

.l2
Size: 512B - Virtual size: 512B

.text
Size: 109KB - Virtual size: 108KB

.rdata
Size: 24KB - Virtual size: 24KB

.data
Size: 5KB - Virtual size: 10KB

.gfids
Size: 512B - Virtual size: 272B

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 5KB - Virtual size: 4KB

.text
Size: 108KB - Virtual size: 108KB

.rdata
Size: 24KB - Virtual size: 24KB

.data
Size: 5KB - Virtual size: 10KB

.gfids
Size: 512B - Virtual size: 272B

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 5KB - Virtual size: 4KB

.l2
Size: 512B - Virtual size: 512B

.text
Size: 977KB - Virtual size: 976KB

.rdata
Size: 188KB - Virtual size: 188KB

.data
Size: 13KB - Virtual size: 23KB

.pdata
Size: 31KB - Virtual size: 30KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 6KB - Virtual size: 5KB

.text
Size: 897KB - Virtual size: 897KB

.rdata
Size: 146KB - Virtual size: 146KB

.data
Size: 14KB - Virtual size: 22KB

.pdata
Size: 38KB - Virtual size: 37KB

_RDATA
Size: 512B - Virtual size: 148B

.SHARDAT
Size: 512B - Virtual size: 20B

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 4KB - Virtual size: 4KB

.text
Size: 125KB - Virtual size: 124KB

.rdata
Size: 39KB - Virtual size: 38KB

.data
Size: 6KB - Virtual size: 14KB

.pdata
Size: 5KB - Virtual size: 4KB

.gfids
Size: 512B - Virtual size: 216B

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 2KB - Virtual size: 1KB

.l2
Size: 512B - Virtual size: 512B

.text
Size: 108KB - Virtual size: 108KB

.rdata
Size: 24KB - Virtual size: 24KB

.data
Size: 5KB - Virtual size: 10KB

.gfids
Size: 512B - Virtual size: 272B

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 5KB - Virtual size: 4KB

.l2
Size: 512B - Virtual size: 512B

.text
Size: 496KB - Virtual size: 496KB

.data
Size: 12KB - Virtual size: 18KB