mimikatz | 7dce1875380b33521ba701fdb7c7f5b7c30da6723b0984d23e7383eecca949a6

Sharing

Copy URL

Twitter E-mail

General

Target

7dce1875380b33521ba701fdb7c7f5b7c30da6723b0984d23e7383eecca949a6
Size

22.4MB
MD5

8bb3635abbd1922d64d53244a24860ec
SHA1

bc779efd834eb3d2e809bf0d20f99b3b7b9e0a31
SHA256

7dce1875380b33521ba701fdb7c7f5b7c30da6723b0984d23e7383eecca949a6
SHA512

d95e4ce34184acc6d8e7c109a28805f02790fad51a51a111ea2dd2df3dfd099d1a179f519bcd8128f22b2257c4f0bbb945ecbea15e6de7f07d581dacafb3a7fe
SSDEEP

196608:J878tY+QV1JiZJVBW9SuE+pzDcNDwOYPE9332EzDcNDwmf0BAblw:J878CX1JiZJVBeU+rOkbqmsmblw

Score

10^/10

mimikatz

Malware Config

Signatures

Mimikatz family
mimikatz

mimikatz is an open source tool to dump credentials on Windows 3 IoCs

Processes:

resource	yara_rule
sample	mimikatz
static1/unpack001/data/meterpreter/ext_server_kiwi.x64.dll	mimikatz
static1/unpack001/data/meterpreter/ext_server_kiwi.x86.dll	mimikatz

Files

7dce1875380b33521ba701fdb7c7f5b7c30da6723b0984d23e7383eecca949a6
.tar
.gitignore
CONTRIBUTING.md
Gemfile
LICENSE
README.md
Rakefile
data/android/apk/AndroidManifest.xml
data/android/apk/classes.dex
.dex
data/android/apk/resources.arsc
data/android/meterpreter.dex
.dex
data/android/meterpreter.jar
.apk android
data/android/metstage.jar
.apk android
data/android/shell.jar
.apk android
data/java/com/metasploit/meterpreter/MemoryBufferURLConnection.class
data/java/com/metasploit/meterpreter/MemoryBufferURLStreamHandler.class
data/java/javapayload/stage/Meterpreter.class
data/java/javapayload/stage/Shell.class
data/java/javapayload/stage/Stage.class
data/java/javapayload/stage/StreamForwarder.class
data/java/metasploit/AESEncryption.class
data/java/metasploit/JMXPayload.class
data/java/metasploit/JMXPayloadMBean.class
data/java/metasploit/Payload.class
data/java/metasploit/PayloadServlet.class
data/java/metasploit/PayloadTrustManager.class
data/java/metasploit/RMILoader.class
data/java/metasploit/RMIPayload.class
data/meterpreter/elevator.x64.dll
.dll windows x64

db30ab1188e9f9fd120bcbcaad845d09

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

CloseHandle
GetCurrentProcess
GetLastError
LoadLibraryA
CreateEventA
Sleep
WriteFile
SetEvent
WaitForSingleObject
CreateFileA
ExitThread
GetProcAddress
ExitProcess
GetCommandLineA
GetCurrentThreadId
IsDebuggerPresent
EncodePointer
DecodePointer
IsProcessorFeaturePresent
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
SetLastError
MultiByteToWideChar
HeapAlloc
GetModuleHandleExW
WideCharToMultiByte
GetProcessHeap
GetStdHandle
GetFileType
DeleteCriticalSection
GetStartupInfoW
GetModuleFileNameA
HeapFree
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetEnvironmentStringsW
FreeEnvironmentStringsW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleW
RtlUnwindEx
EnterCriticalSection
LeaveCriticalSection
GetStringTypeW
LCMapStringW
GetConsoleCP
GetConsoleMode
SetFilePointerEx
GetModuleFileNameW
LoadLibraryExW
HeapReAlloc
SetStdHandle
WriteConsoleW
OutputDebugStringW
HeapSize
FlushFileBuffers
CreateFileW

advapi32

AllocateAndInitializeSid
DuplicateTokenEx
SetThreadToken
OpenProcessToken
SetServiceStatus
RegisterServiceCtrlHandlerA
StartServiceCtrlDispatcherA
FreeSid

Exports

Exports

ReflectiveLoader
a

Sections

.text
Size: 51KB - Virtual size: 51KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
data/meterpreter/elevator.x86.dll
.dll windows x86

ac83dcf5b14ce9a671baa4aca9d1c533

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CloseHandle
GetCurrentProcess
GetLastError
LoadLibraryA
CreateEventA
Sleep
WriteFile
SetEvent
WaitForSingleObject
CreateFileA
ExitThread
GetProcAddress
ExitProcess
GetCommandLineA
GetCurrentThreadId
IsProcessorFeaturePresent
IsDebuggerPresent
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
SetLastError
MultiByteToWideChar
HeapAlloc
GetModuleHandleExW
WideCharToMultiByte
GetProcessHeap
GetStdHandle
GetFileType
DeleteCriticalSection
GetStartupInfoW
GetModuleFileNameA
HeapFree
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetEnvironmentStringsW
FreeEnvironmentStringsW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleW
EnterCriticalSection
LeaveCriticalSection
GetStringTypeW
LCMapStringW
GetConsoleCP
GetConsoleMode
SetFilePointerEx
GetModuleFileNameW
LoadLibraryExW
RtlUnwind
HeapReAlloc
SetStdHandle
WriteConsoleW
OutputDebugStringW
HeapSize
FlushFileBuffers
CreateFileW

advapi32

AllocateAndInitializeSid
DuplicateTokenEx
SetThreadToken
OpenProcessToken
SetServiceStatus
RegisterServiceCtrlHandlerA
StartServiceCtrlDispatcherA
FreeSid

Exports

Exports

_ReflectiveLoader@4
_a@16

Sections

.text
Size: 49KB - Virtual size: 48KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
data/meterpreter/ext_server_espia.x64.dll
.dll windows x64

08c5b4e8b3d7e279da32d10b0d63d540

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

WriteConsoleW
SetStdHandle
SetFilePointerEx
SetEnvironmentVariableA
CloseHandle
CreateFileW
ReadFile
LocalAlloc
GlobalFree
GlobalAlloc
SetUnhandledExceptionFilter
ExitThread
ExitProcess
GetStringTypeW
GetLastError
LCMapStringW
RaiseException
FreeLibrary
GetProcAddress
LoadLibraryExA
HeapFree
HeapAlloc
HeapReAlloc
GetCommandLineA
GetCurrentThreadId
EncodePointer
DecodePointer
GetModuleHandleExW
MultiByteToWideChar
WideCharToMultiByte
EnterCriticalSection
LeaveCriticalSection
IsDebuggerPresent
IsProcessorFeaturePresent
RtlUnwindEx
GetProcessHeap
GetStdHandle
WriteFile
GetModuleFileNameW
SetLastError
GetFileType
DeleteCriticalSection
GetStartupInfoW
GetModuleFileNameA
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetEnvironmentStringsW
FreeEnvironmentStringsW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
Sleep
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleW
LoadLibraryExW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
FlushFileBuffers
GetConsoleCP
GetConsoleMode
OutputDebugStringW
HeapSize
CompareStringW
ReadConsoleW

user32

GetSystemMetrics
SetWindowLongA
GetWindowLongA
ShowWindow
DestroyWindow
IsWindow
SendMessageA
GetDesktopWindow
ReleaseDC
GetDC

gdi32

SelectObject
GetDIBits
DeleteObject
DeleteDC
CreateCompatibleDC
CreateCompatibleBitmap
BitBlt
GetObjectA

avicap32

capCreateCaptureWindowA
capGetDriverDescriptionA

winmm

mciSendCommandA

Exports

Exports

DeinitServerExtension
GetExtensionName
InitServerExtension
ReflectiveLoader
controlcam
controlmic

Sections

.text
Size: 140KB - Virtual size: 140KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 41KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
data/meterpreter/ext_server_espia.x86.dll
.dll windows x86

1d8c05c04a8f20d6e22dfd52c5b4ba86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

WriteConsoleW
SetStdHandle
SetFilePointerEx
SetEnvironmentVariableA
CloseHandle
CreateFileW
ReadFile
LocalAlloc
GlobalFree
GlobalAlloc
SetUnhandledExceptionFilter
ExitThread
ExitProcess
GetStringTypeW
GetLastError
LCMapStringW
RaiseException
FreeLibrary
GetProcAddress
LoadLibraryExA
HeapFree
HeapAlloc
HeapReAlloc
GetCommandLineA
GetCurrentThreadId
GetModuleHandleExW
MultiByteToWideChar
WideCharToMultiByte
EnterCriticalSection
LeaveCriticalSection
IsDebuggerPresent
IsProcessorFeaturePresent
GetProcessHeap
GetStdHandle
WriteFile
GetModuleFileNameW
SetLastError
GetFileType
DeleteCriticalSection
GetStartupInfoW
GetModuleFileNameA
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetEnvironmentStringsW
FreeEnvironmentStringsW
UnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
Sleep
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleW
LoadLibraryExW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
FlushFileBuffers
GetConsoleCP
GetConsoleMode
RtlUnwind
VirtualQuery
OutputDebugStringW
HeapSize
CompareStringW
ReadConsoleW

user32

GetSystemMetrics
SetWindowLongA
GetWindowLongA
ShowWindow
DestroyWindow
IsWindow
SendMessageA
GetDesktopWindow
ReleaseDC
GetDC

gdi32

SelectObject
GetDIBits
DeleteObject
DeleteDC
CreateCompatibleDC
CreateCompatibleBitmap
BitBlt
GetObjectA

avicap32

capCreateCaptureWindowA
capGetDriverDescriptionA

winmm

mciSendCommandA

Exports

Exports

DeinitServerExtension
GetExtensionName
InitServerExtension
_ReflectiveLoader@0
controlcam
controlmic

Sections

.text
Size: 159KB - Virtual size: 158KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
data/meterpreter/ext_server_extapi.x64.dll
.dll windows x64

2cc392a77685bbbb068ec4f3526e525b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

gdiplus

GdipCloneImage
GdiplusShutdown
GdiplusStartup
GdipFree
GdipAlloc
GdipDisposeImage
GdipSaveImageToStream
GdipGetImageEncoders
GdipGetImageEncodersSize
GdipCreateBitmapFromGdiDib

ws2_32

htonl

kernel32

SetLastError
CloseHandle
MapViewOfFile
UnmapViewOfFile
CreateFileMappingA
Sleep
FreeLibrary
LocalAlloc
FormatMessageA
GetStringTypeW
SetFilePointerEx
GetConsoleMode
GetConsoleCP
OutputDebugStringW
LoadLibraryExW
LeaveCriticalSection
EnterCriticalSection
GetCurrentThreadId
GetModuleHandleW
GetDateFormatA
GetTimeFormatA
FileTimeToSystemTime
GetFileAttributesA
ExitThread
SetUnhandledExceptionFilter
ExitProcess
GetModuleHandleA
lstrlenA
lstrcmpA
GetSystemTime
WaitForMultipleObjects
GetLastError
LoadLibraryA
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
TerminateProcess
GetCurrentProcess
RtlVirtualUnwind
RtlCaptureContext
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCurrentProcessId
QueryPerformanceCounter
GetModuleFileNameA
GetStartupInfoW
DeleteCriticalSection
GetFileType
RtlPcToFileHeader
GetCPInfo
GetOEMCP
lstrlenW
LocalFree
GetProcAddress
GetACP
LCMapStringW
HeapSize
SetStdHandle
WriteConsoleW
FlushFileBuffers
CreateFileW
UnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
RaiseException
LoadLibraryExA
CreateThread
TerminateThread
ResumeThread
SetEvent
ReleaseMutex
WaitForSingleObject
CreateMutexA
CreateEventA
MultiByteToWideChar
WideCharToMultiByte
SystemTimeToFileTime
HeapFree
HeapReAlloc
HeapAlloc
RtlLookupFunctionEntry
RtlUnwindEx
GetCommandLineA
GetSystemTimeAsFileTime
GetProcessHeap
EncodePointer
DecodePointer
GetModuleHandleExW
GetStdHandle
WriteFile
GetModuleFileNameW
IsDebuggerPresent
IsProcessorFeaturePresent
IsValidCodePage

user32

DefWindowProcA
TranslateMessage
DispatchMessageA
PeekMessageA
SendMessageA
UnregisterClassA
RegisterClassExA
FindWindowW
SetWindowLongPtrA
GetWindowLongPtrA
ChangeClipboardChain
SetClipboardViewer
DestroyWindow
CreateWindowExA

advapi32

CryptDeriveKey
CryptDestroyKey
CryptGetHashParam
CryptEncrypt
CryptCreateHash
CryptReleaseContext
CryptDestroyHash
RegCloseKey
RegCreateKeyExA
RegOpenKeyExA
RegQueryInfoKeyA
CryptHashData
CryptAcquireContextA

ole32

CoUninitialize
CreateStreamOnHGlobal
CoInitializeEx
CoInitializeSecurity
CoCreateInstance
CoInitialize

oleaut32

VariantChangeType
VariantCopy
VariantClear
VariantInit
SafeArrayGetVartype
SafeArrayPtrOfIndex
SafeArrayGetElement
SafeArrayUnlock
SafeArrayLock
SafeArrayGetLBound
SafeArrayGetUBound
SysFreeString
SysAllocString
SafeArrayGetDim

activeds

ord9

esent

JetTerm
JetBeginSession
JetOpenTable
JetInit
JetCreateInstance
JetSetSystemParameter
JetAttachDatabase
JetDetachDatabase
JetGetTableColumnInfo
JetOpenDatabase
JetCloseDatabase
JetRetrieveColumn
JetMove
JetEndSession

Exports

Exports

DeinitServerExtension
GetExtensionName
InitServerExtension
ReflectiveLoader

Sections

.text
Size: 95KB - Virtual size: 95KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 41KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
data/meterpreter/ext_server_extapi.x86.dll
.dll windows x86

c90b1281bafc9431033947b7a9923d14

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

gdiplus

GdipCloneImage
GdiplusShutdown
GdiplusStartup
GdipFree
GdipAlloc
GdipDisposeImage
GdipSaveImageToStream
GdipGetImageEncoders
GdipGetImageEncodersSize
GdipCreateBitmapFromGdiDib

ws2_32

htonl

kernel32

SetLastError
CloseHandle
MapViewOfFile
UnmapViewOfFile
CreateFileMappingA
Sleep
FreeLibrary
InterlockedDecrement
LocalAlloc
FormatMessageA
GetStringTypeW
SetFilePointerEx
GetConsoleMode
GetConsoleCP
OutputDebugStringW
LoadLibraryExW
LeaveCriticalSection
EnterCriticalSection
GetCurrentThreadId
GetDateFormatA
GetTimeFormatA
FileTimeToSystemTime
GetFileAttributesA
ExitThread
SetUnhandledExceptionFilter
ExitProcess
GetModuleHandleA
lstrlenA
lstrcmpA
GetSystemTime
WaitForMultipleObjects
GetLastError
LoadLibraryA
GetModuleHandleW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
TerminateProcess
UnhandledExceptionFilter
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCurrentProcessId
QueryPerformanceCounter
GetModuleFileNameA
GetStartupInfoW
DeleteCriticalSection
GetFileType
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
IsProcessorFeaturePresent
lstrlenW
IsDebuggerPresent
LocalFree
GetProcAddress
LCMapStringW
HeapSize
SetStdHandle
WriteConsoleW
FlushFileBuffers
CreateFileW
InitializeCriticalSectionAndSpinCount
VirtualQuery
RaiseException
LoadLibraryExA
CreateThread
TerminateThread
ResumeThread
SetEvent
ReleaseMutex
WaitForSingleObject
CreateMutexA
CreateEventA
MultiByteToWideChar
WideCharToMultiByte
SystemTimeToFileTime
HeapFree
HeapReAlloc
HeapAlloc
RtlUnwind
GetCommandLineA
GetSystemTimeAsFileTime
GetProcessHeap
GetModuleHandleExW
GetStdHandle
WriteFile
GetModuleFileNameW
GetCurrentProcess

user32

DefWindowProcA
TranslateMessage
DispatchMessageA
PeekMessageA
SendMessageA
UnregisterClassA
RegisterClassExA
FindWindowW
SetWindowLongA
GetWindowLongA
ChangeClipboardChain
SetClipboardViewer
DestroyWindow
CreateWindowExA

advapi32

CryptReleaseContext
CryptDeriveKey
CryptDestroyKey
CryptGetHashParam
CryptEncrypt
CryptCreateHash
CryptHashData
CryptDestroyHash
RegCloseKey
RegCreateKeyExA
RegOpenKeyExA
RegQueryInfoKeyA
CryptAcquireContextA

ole32

CoUninitialize
CreateStreamOnHGlobal
CoInitializeEx
CoInitializeSecurity
CoCreateInstance
CoInitialize

oleaut32

VariantChangeType
VariantCopy
VariantClear
VariantInit
SafeArrayGetVartype
SafeArrayPtrOfIndex
SafeArrayGetElement
SafeArrayUnlock
SafeArrayLock
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayGetDim
SysFreeString
SysAllocString

activeds

ord9

esent

JetMove
JetTerm
JetBeginSession
JetEndSession
JetOpenTable
JetInit
JetCreateInstance
JetSetSystemParameter
JetAttachDatabase
JetDetachDatabase
JetGetTableColumnInfo
JetOpenDatabase
JetCloseDatabase
JetRetrieveColumn

Exports

Exports

DeinitServerExtension
GetExtensionName
InitServerExtension
_ReflectiveLoader@0

Sections

.text
Size: 87KB - Virtual size: 86KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
data/meterpreter/ext_server_incognito.x64.dll
.dll windows x64

e5857969df34399c4145435fb57c01c3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

netapi32

NetLocalGroupAddMembers
NetGroupAddUser
NetUserAdd

mpr

WNetCancelConnection2W
WNetAddConnection2W

kernel32

ExitProcess
SetUnhandledExceptionFilter
ExitThread
GetProcAddress
CloseHandle
GetCurrentProcess
DuplicateHandle
GetModuleHandleA
GetLastError
GetCurrentThread
LoadLibraryExW
OutputDebugStringW
SetStdHandle
WriteConsoleW
HeapSize
FlushFileBuffers
OpenProcess
GetCPInfo
RaiseException
FreeLibrary
LoadLibraryExA
MultiByteToWideChar
WideCharToMultiByte
Sleep
GetSystemTime
SystemTimeToFileTime
HeapFree
HeapAlloc
HeapReAlloc
GetCommandLineA
GetCurrentThreadId
GetSystemTimeAsFileTime
RtlUnwindEx
GetProcessHeap
IsDebuggerPresent
EncodePointer
DecodePointer
IsProcessorFeaturePresent
IsValidCodePage
GetACP
GetOEMCP
CreateFileW
SetLastError
GetModuleHandleExW
GetStdHandle
WriteFile
GetModuleFileNameW
GetFileType
DeleteCriticalSection
GetStartupInfoW
GetModuleFileNameA
QueryPerformanceCounter
GetCurrentProcessId
GetEnvironmentStringsW
FreeEnvironmentStringsW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleW
EnterCriticalSection
LeaveCriticalSection
GetConsoleCP
GetConsoleMode
SetFilePointerEx
GetStringTypeW
LCMapStringW

advapi32

LookupAccountSidW
LookupPrivilegeNameW
GetTokenInformation
OpenProcessToken
DuplicateTokenEx
ImpersonateLoggedOnUser
OpenThreadToken
RevertToSelf
LookupPrivilegeValueA

Exports

Exports

DeinitServerExtension
GetExtensionName
InitServerExtension
ReflectiveLoader

Sections

.text
Size: 68KB - Virtual size: 67KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 30KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
data/meterpreter/ext_server_incognito.x86.dll
.dll windows x86

bea7a0e9350143687fe8c144beb45ab8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

netapi32

NetLocalGroupAddMembers
NetGroupAddUser
NetUserAdd

mpr

WNetCancelConnection2W
WNetAddConnection2W

kernel32

ExitProcess
SetUnhandledExceptionFilter
ExitThread
GetProcAddress
CloseHandle
GetCurrentProcess
DuplicateHandle
GetModuleHandleA
GetLastError
GetCurrentThread
LoadLibraryExW
OutputDebugStringW
SetStdHandle
WriteConsoleW
HeapSize
FlushFileBuffers
OpenProcess
SetLastError
RaiseException
FreeLibrary
LoadLibraryExA
MultiByteToWideChar
WideCharToMultiByte
Sleep
GetSystemTime
SystemTimeToFileTime
HeapFree
HeapAlloc
HeapReAlloc
GetCommandLineA
GetCurrentThreadId
GetSystemTimeAsFileTime
GetProcessHeap
IsDebuggerPresent
IsProcessorFeaturePresent
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
CreateFileW
GetModuleHandleExW
GetStdHandle
WriteFile
GetModuleFileNameW
GetFileType
DeleteCriticalSection
GetStartupInfoW
GetModuleFileNameA
QueryPerformanceCounter
GetCurrentProcessId
GetEnvironmentStringsW
FreeEnvironmentStringsW
UnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleW
RtlUnwind
VirtualQuery
EnterCriticalSection
LeaveCriticalSection
GetConsoleCP
GetConsoleMode
SetFilePointerEx
GetStringTypeW
LCMapStringW

advapi32

LookupAccountSidW
LookupPrivilegeNameW
GetTokenInformation
OpenProcessToken
DuplicateTokenEx
ImpersonateLoggedOnUser
OpenThreadToken
RevertToSelf
LookupPrivilegeValueA

Exports

Exports

DeinitServerExtension
GetExtensionName
InitServerExtension
_ReflectiveLoader@0

Sections

.text
Size: 71KB - Virtual size: 71KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 21KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
data/meterpreter/ext_server_kiwi.x64.dll
.dll windows x64

530a21e59982a70053ad157cf5179327

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

ncrypt

BCryptDecrypt
BCryptEncrypt
BCryptGenerateSymmetricKey
BCryptSetProperty
BCryptGetProperty
NCryptExportKey
NCryptImportKey
NCryptSetProperty
NCryptGetProperty
NCryptOpenKey
NCryptFreeBuffer
NCryptEnumKeys
BCryptEnumRegisteredProviders
NCryptOpenStorageProvider
BCryptFreeBuffer
BCryptDestroyKey
BCryptImportKeyPair
BCryptExportKey
BCryptCloseAlgorithmProvider
BCryptOpenAlgorithmProvider
NCryptFreeObject

fltlib

FilterFindNext
FilterFindFirst

cabinet

ord14
ord13
ord10
ord11

userenv

DestroyEnvironmentBlock
CreateEnvironmentBlock

winscard

SCardListReadersW
SCardControl
SCardGetAttrib
SCardConnectW
SCardFreeMemory
SCardGetCardTypeProviderNameW
SCardListCardsW
SCardEstablishContext
SCardReleaseContext
SCardDisconnect

advapi32

CryptGetUserKey
CreateServiceW
ControlService
CloseServiceHandle
FreeSid
AllocateAndInitializeSid
RegSetValueExW
RegQueryInfoKeyW
RegEnumValueW
RegEnumKeyExW
CreateProcessWithLogonW
CreateWellKnownSid
CopySid
CryptDuplicateKey
CryptEncrypt
CryptSetHashParam
CryptAcquireContextA
SystemFunction025
SystemFunction024
ConvertStringSecurityDescriptorToSecurityDescriptorW
GetSidSubAuthorityCount
GetSidSubAuthority
CredFree
CredEnumerateW
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
LookupPrivilegeNameW
OpenThreadToken
IsValidSid
StartServiceCtrlDispatcherW
SetServiceStatus
RegisterServiceCtrlHandlerW
CreateProcessAsUserW
OpenProcessToken
LookupPrivilegeValueW
CheckTokenMembership
LookupAccountNameW
LookupAccountSidW
IsTextUnicode
BuildSecurityDescriptorW
StartServiceW
SetServiceObjectSecurity
QueryServiceStatusEx
QueryServiceObjectSecurity
OpenServiceW
OpenSCManagerW
CryptEnumProvidersW
ConvertSidToStringSidW
ConvertStringSidToSidW
LsaFreeMemory
CryptAcquireContextW
CryptReleaseContext
CryptSetKeyParam
CryptDecrypt
SetThreadToken
GetTokenInformation
DuplicateTokenEx
CryptGenKey
CryptDestroyKey
CryptGetKeyParam
CryptSetProvParam
CryptGetProvParam
DeleteService
CryptExportKey
CryptImportKey
CryptEnumProviderTypesW
SystemFunction006
SystemFunction007
ClearEventLogW
GetNumberOfEventLogRecords
OpenEventLogW
GetLengthSid
CryptDeriveKey
CryptGetHashParam
CryptCreateHash
CryptHashData
CryptDestroyHash
CryptSignHashW
LsaClose
LsaOpenPolicy
LsaQueryInformationPolicy
LsaQueryTrustedDomainInfoByName
LsaEnumerateTrustedDomainsEx
LsaRetrievePrivateData
SystemFunction001
SystemFunction005
SystemFunction013
SystemFunction032
LsaOpenSecret
LsaQuerySecret
A_SHAUpdate
A_SHAFinal
A_SHAInit

crypt32

CryptProtectData
CryptBinaryToStringW
CryptStringToBinaryW
CryptUnprotectData
PFXExportCertStoreEx
CertAddEncodedCertificateToStore
CertSetCertificateContextProperty
CertGetNameStringW
CertNameToStrW
CryptEncodeObject
CertOpenStore
CertCloseStore
CertEnumCertificatesInStore
CertFindCertificateInStore
CertFreeCertificateContext
CryptAcquireCertificatePrivateKey
CertAddCertificateContextToStore
CertEnumSystemStore
CryptSignAndEncodeCertificate
CryptExportPublicKeyInfo
CertGetCertificateContextProperty

cryptdll

CDLocateCSystem
MD5Final
MD5Update
MD5Init
CDLocateCheckSum
CDGenerateRandomBits

netapi32

NetServerGetInfo
NetApiBufferFree
NetSessionEnum
NetWkstaUserEnum
NetShareEnum
NetStatisticsGet
NetRemoteTOD
DsGetDcNameW
I_NetServerAuthenticate2
I_NetServerTrustPasswordsGet
I_NetServerReqChallenge

ole32

CoCreateInstance
CoInitializeEx
CoUninitialize

oleaut32

SysAllocString
SysFreeString
VariantInit

rpcrt4

MesDecodeIncrementalHandleCreate
RpcBindingFree
RpcBindingToStringBindingW
RpcBindingVectorFree
RpcStringFreeW
RpcServerInqBindings
RpcServerListen
RpcServerRegisterIf2
RpcServerUnregisterIfEx
RpcServerUseProtseqEpW
RpcMgmtStopServerListening
RpcEpResolveBinding
RpcServerRegisterAuthInfoW
RpcEpRegisterW
RpcEpUnregister
RpcMgmtEpEltInqBegin
RpcMgmtEpEltInqDone
RpcMgmtEpEltInqNextW
UuidCreate
I_RpcGetCurrentCallHandle
I_RpcBindingInqSecurityContext
RpcBindingSetOption
RpcBindingFromStringBindingW
RpcStringBindingComposeW
RpcImpersonateClient
RpcRevertToSelf
RpcBindingInqAuthClientW
RpcBindingSetAuthInfoExW
RpcMgmtWaitServerListen
UuidToStringW
NdrServerCall2
NdrClientCall2
NdrMesTypeDecode2
NdrMesTypeEncode2
NdrMesTypeAlignSize2
MesHandleFree
MesIncrementalHandleReset
MesEncodeIncrementalHandleCreate
NdrMesTypeFree2

shlwapi

PathCombineW
PathIsDirectoryW
PathFindFileNameW
PathCanonicalizeW
PathIsRelativeW

samlib

SamLookupIdsInDomain
SamLookupNamesInDomain
SamEnumerateUsersInDomain
SamiChangePasswordUser
SamSetInformationUser
SamQueryInformationUser
SamOpenUser
SamOpenDomain
SamLookupDomainInSamServer
SamEnumerateDomainsInSamServer
SamConnect
SamFreeMemory
SamOpenGroup
SamOpenAlias
SamGetGroupsForUser
SamGetAliasMembership
SamGetMembersInGroup
SamGetMembersInAlias
SamEnumerateGroupsInDomain
SamEnumerateAliasesInDomain
SamRidToSid
SamCloseHandle

secur32

InitializeSecurityContextW
DeleteSecurityContext
FreeContextBuffer
EnumerateSecurityPackagesW
QueryContextAttributesW
FreeCredentialsHandle
AcquireCredentialsHandleW
LsaFreeReturnBuffer
LsaCallAuthenticationPackage
LsaConnectUntrusted
LsaDeregisterLogonProcess
LsaLookupAuthenticationPackage

shell32

CommandLineToArgvW

user32

PostMessageW
DefWindowProcW
UnregisterClassW
SendMessageW
CreateWindowExW
DestroyWindow
OpenClipboard
CloseClipboard
GetClipboardSequenceNumber
SetClipboardViewer
ChangeClipboardChain
GetClipboardData
EnumClipboardFormats
GetUserObjectInformationW
IsCharAlphaNumericW
DispatchMessageW
GetMessageW
GetKeyboardLayout
RegisterClassExW
TranslateMessage

hid

HidD_GetHidGuid
HidP_GetCaps
HidD_GetAttributes
HidD_GetPreparsedData
HidD_FreePreparsedData

setupapi

SetupDiGetClassDevsW
SetupDiEnumDeviceInterfaces
SetupDiGetDeviceInterfaceDetailW
SetupDiDestroyDeviceInfoList

wldap32

ord127
ord54
ord301
ord304
ord309
ord310
ord145
ord13
ord73
ord208
ord157
ord41
ord26
ord27
ord36
ord88
ord167
ord142
ord77
ord79
ord133
ord147
ord12
ord14
ord203
ord69
ord113
ord140
ord139
ord97
ord96
ord224
ord223
ord122

ntdll

NtCompareTokens
RtlCreateUserThread
RtlGetCurrentPeb
NtQueryInformationProcess
NtQuerySystemInformation
RtlDecompressBuffer
RtlCompressBuffer
RtlGetCompressionWorkSpaceSize
RtlDowncaseUnicodeString
RtlFreeAnsiString
RtlUnicodeStringToAnsiString
NtQueryObject
RtlIpv6AddressToStringW
RtlIpv4AddressToStringW
RtlAnsiStringToUnicodeString
NtSetSystemEnvironmentValueEx
NtQuerySystemEnvironmentValueEx
NtTerminateProcess
NtSuspendProcess
RtlAdjustPrivilege
NtResumeProcess
RtlStringFromGUID
RtlFreeUnicodeString
RtlFreeOemString
RtlUpcaseUnicodeStringToOemString
RtlEqualUnicodeString
RtlGetNtVersionNumbers
RtlEqualString
RtlGUIDFromString
RtlInitUnicodeString
RtlUpcaseUnicodeString
RtlAppendUnicodeStringToString
NtEnumerateSystemEnvironmentValuesEx

msasn1

ASN1_CreateModule
ASN1_CloseModule
ASN1BERDotVal2Eoid
ASN1_CloseEncoder
ASN1_CreateDecoder
ASN1BEREoid2DotVal
ASN1_CloseDecoder
ASN1_FreeEncoded
ASN1_CreateEncoder
ASN1Free

winsta

WinStationConnectW
WinStationFreeMemory
WinStationEnumerateW
WinStationQueryInformationW
WinStationOpenServerW
WinStationCloseServer

kernel32

GetModuleHandleExW
LoadLibraryExW
GetCommandLineA
GetCurrentThreadId
IsDebuggerPresent
IsProcessorFeaturePresent
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetStartupInfoW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleFileNameW
GetStringTypeW
GetConsoleCP
GetConsoleMode
GetModuleFileNameA
GetEnvironmentStringsW
FreeEnvironmentStringsW
DecodePointer
EncodePointer
RtlUnwindEx
GetFileType
SetStdHandle
LoadLibraryExA
CreatePipe
SetHandleInformation
ReadFile
WaitForSingleObject
SystemTimeToFileTime
SetConsoleCtrlHandler
GetModuleHandleW
GlobalSize
SetLastError
TryEnterCriticalSection
GetFullPathNameW
GetFullPathNameA
HeapReAlloc
Sleep
CreateThread
GetSystemTimeAsFileTime
CreateFileW
LoadLibraryW
lstrlenA
GetProcAddress
FreeLibrary
GetLastError
CloseHandle
GetCurrentProcessId
OpenProcess
AllocConsole
lstrlenW
GetStdHandle
RaiseException
LocalFree
LocalAlloc
ExitThread
SetUnhandledExceptionFilter
ExitProcess
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
SetEvent
CreateEventW
GetTimeZoneInformation
GetSystemDirectoryW
SetCurrentDirectoryW
FillConsoleOutputCharacterW
GetConsoleScreenBufferInfo
CreateProcessW
SetConsoleCursorPosition
GetCurrentProcess
GetCurrentThread
ProcessIdToSessionId
GetComputerNameW
GetProcessId
FileTimeToSystemTime
TerminateThread
WriteFile
GetFileInformationByHandle
SetFilePointer
FileTimeToLocalFileTime
FileTimeToDosDateTime
GetTempPathA
GetTempFileNameA
GetCurrentDirectoryA
CreateFileA
DeleteFileA
GetFileSizeEx
FlushFileBuffers
FindClose
ExpandEnvironmentStringsW
GetCurrentDirectoryW
GetFileAttributesW
FindFirstFileW
FindNextFileW
DuplicateHandle
DeviceIoControl
VirtualAlloc
VirtualFree
VirtualProtect
VirtualQuery
VirtualAllocEx
VirtualFreeEx
VirtualProtectEx
VirtualQueryEx
ReadProcessMemory
WriteProcessMemory
MapViewOfFile
UnmapViewOfFile
CreateFileMappingW
GetComputerNameExW
CreateRemoteThread
ClearCommError
PurgeComm
WideCharToMultiByte
GetTimeFormatW
GetDateFormatW
AreFileApisANSI
GetSystemTime
DeleteFileW
GetVersionExA
OutputDebugStringA
GetFileAttributesExW
GetSystemInfo
GetDiskFreeSpaceA
CreateFileMappingA
GetDiskFreeSpaceW
LockFileEx
HeapSize
GetTempPathW
MultiByteToWideChar
HeapValidate
HeapCreate
GetFileAttributesA
HeapDestroy
GetVersionExW
FormatMessageW
FormatMessageA
GetProcessHeap
UnlockFileEx
GetTickCount
OutputDebugStringW
WaitForSingleObjectEx
LockFile
FlushViewOfFile
CompareStringW
LCMapStringW
SetFilePointerEx
WriteConsoleW
ReadConsoleW
SetEnvironmentVariableA
UnlockFile
HeapFree
QueryPerformanceCounter
HeapAlloc
SetEndOfFile
GetFileSize
CreateMutexW
HeapCompact

Exports

Exports

DeinitServerExtension
GetExtensionName
InitServerExtension
ReflectiveLoader
powershell_reflective_mimikatz

Sections

.text
Size: 604KB - Virtual size: 604KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 326KB - Virtual size: 326KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 27KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
data/meterpreter/ext_server_kiwi.x86.dll
.dll windows x86

4a44c12f60961988c7984aba9ee3786d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

ncrypt

BCryptDecrypt
BCryptEncrypt
BCryptGenerateSymmetricKey
BCryptSetProperty
BCryptGetProperty
NCryptExportKey
NCryptImportKey
NCryptSetProperty
NCryptGetProperty
NCryptOpenKey
NCryptFreeBuffer
NCryptEnumKeys
BCryptEnumRegisteredProviders
NCryptOpenStorageProvider
BCryptFreeBuffer
BCryptDestroyKey
BCryptImportKeyPair
BCryptExportKey
BCryptCloseAlgorithmProvider
BCryptOpenAlgorithmProvider
NCryptFreeObject

fltlib

FilterFindNext
FilterFindFirst

cabinet

ord14
ord13
ord10
ord11

userenv

DestroyEnvironmentBlock
CreateEnvironmentBlock

winscard

SCardListReadersW
SCardControl
SCardGetAttrib
SCardConnectW
SCardFreeMemory
SCardGetCardTypeProviderNameW
SCardListCardsW
SCardEstablishContext
SCardReleaseContext
SCardDisconnect

advapi32

CryptGetUserKey
CreateServiceW
ControlService
CloseServiceHandle
FreeSid
AllocateAndInitializeSid
RegSetValueExW
RegQueryInfoKeyW
RegEnumValueW
RegEnumKeyExW
CreateProcessWithLogonW
CreateWellKnownSid
CopySid
CryptDuplicateKey
CryptEncrypt
CryptSetHashParam
CryptAcquireContextA
SystemFunction025
SystemFunction024
ConvertStringSecurityDescriptorToSecurityDescriptorW
GetSidSubAuthorityCount
GetSidSubAuthority
CredFree
CredEnumerateW
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
LookupPrivilegeNameW
OpenThreadToken
IsValidSid
StartServiceCtrlDispatcherW
SetServiceStatus
RegisterServiceCtrlHandlerW
CreateProcessAsUserW
OpenProcessToken
LookupPrivilegeValueW
CheckTokenMembership
LookupAccountNameW
LookupAccountSidW
IsTextUnicode
BuildSecurityDescriptorW
StartServiceW
SetServiceObjectSecurity
QueryServiceStatusEx
QueryServiceObjectSecurity
OpenServiceW
OpenSCManagerW
CryptEnumProvidersW
ConvertSidToStringSidW
ConvertStringSidToSidW
LsaFreeMemory
CryptAcquireContextW
CryptReleaseContext
CryptSetKeyParam
CryptDecrypt
SetThreadToken
GetTokenInformation
DuplicateTokenEx
CryptGenKey
CryptDestroyKey
CryptGetKeyParam
CryptSetProvParam
CryptGetProvParam
DeleteService
CryptExportKey
CryptImportKey
CryptEnumProviderTypesW
SystemFunction006
SystemFunction007
ClearEventLogW
GetNumberOfEventLogRecords
OpenEventLogW
GetLengthSid
CryptDeriveKey
CryptGetHashParam
CryptCreateHash
CryptHashData
CryptDestroyHash
CryptSignHashW
LsaClose
LsaOpenPolicy
LsaQueryInformationPolicy
LsaQueryTrustedDomainInfoByName
LsaEnumerateTrustedDomainsEx
LsaRetrievePrivateData
SystemFunction001
SystemFunction005
SystemFunction013
SystemFunction032
LsaOpenSecret
LsaQuerySecret
A_SHAUpdate
A_SHAFinal
A_SHAInit

crypt32

CryptProtectData
CryptBinaryToStringW
CryptStringToBinaryW
CryptUnprotectData
PFXExportCertStoreEx
CertAddEncodedCertificateToStore
CertSetCertificateContextProperty
CertGetNameStringW
CertNameToStrW
CryptEncodeObject
CertOpenStore
CertCloseStore
CertEnumCertificatesInStore
CertFindCertificateInStore
CertFreeCertificateContext
CryptAcquireCertificatePrivateKey
CertAddCertificateContextToStore
CertEnumSystemStore
CryptSignAndEncodeCertificate
CryptExportPublicKeyInfo
CertGetCertificateContextProperty

cryptdll

CDLocateCSystem
MD5Final
MD5Update
MD5Init
CDLocateCheckSum
CDGenerateRandomBits

netapi32

NetServerGetInfo
NetApiBufferFree
NetSessionEnum
NetWkstaUserEnum
NetShareEnum
NetStatisticsGet
NetRemoteTOD
DsGetDcNameW
I_NetServerAuthenticate2
I_NetServerTrustPasswordsGet
I_NetServerReqChallenge

ole32

CoCreateInstance
CoInitializeEx
CoUninitialize

oleaut32

SysAllocString
SysFreeString
VariantInit

rpcrt4

RpcBindingSetAuthInfoExW
RpcBindingFree
RpcBindingToStringBindingW
RpcBindingVectorFree
RpcStringFreeW
RpcServerInqBindings
RpcServerListen
RpcServerRegisterIf2
RpcServerUnregisterIfEx
RpcServerUseProtseqEpW
RpcMgmtStopServerListening
RpcEpResolveBinding
RpcServerRegisterAuthInfoW
RpcEpRegisterW
RpcEpUnregister
RpcMgmtEpEltInqBegin
RpcMgmtEpEltInqDone
RpcMgmtEpEltInqNextW
UuidCreate
I_RpcGetCurrentCallHandle
I_RpcBindingInqSecurityContext
RpcBindingSetOption
RpcBindingFromStringBindingW
RpcStringBindingComposeW
RpcImpersonateClient
RpcRevertToSelf
RpcBindingInqAuthClientW
MesEncodeIncrementalHandleCreate
RpcMgmtWaitServerListen
UuidToStringW
NdrServerCall2
NdrClientCall2
NdrMesTypeDecode2
NdrMesTypeEncode2
NdrMesTypeAlignSize2
MesHandleFree
MesIncrementalHandleReset
MesDecodeIncrementalHandleCreate
NdrMesTypeFree2

shlwapi

PathCombineW
PathIsDirectoryW
PathFindFileNameW
PathCanonicalizeW
PathIsRelativeW

samlib

SamLookupIdsInDomain
SamLookupNamesInDomain
SamEnumerateUsersInDomain
SamiChangePasswordUser
SamSetInformationUser
SamQueryInformationUser
SamOpenUser
SamOpenDomain
SamLookupDomainInSamServer
SamEnumerateDomainsInSamServer
SamConnect
SamFreeMemory
SamOpenGroup
SamOpenAlias
SamGetGroupsForUser
SamGetAliasMembership
SamGetMembersInGroup
SamGetMembersInAlias
SamEnumerateGroupsInDomain
SamEnumerateAliasesInDomain
SamRidToSid
SamCloseHandle

secur32

InitializeSecurityContextW
DeleteSecurityContext
FreeContextBuffer
EnumerateSecurityPackagesW
QueryContextAttributesW
FreeCredentialsHandle
AcquireCredentialsHandleW
LsaFreeReturnBuffer
LsaCallAuthenticationPackage
LsaConnectUntrusted
LsaDeregisterLogonProcess
LsaLookupAuthenticationPackage

shell32

CommandLineToArgvW

user32

PostMessageW
DefWindowProcW
UnregisterClassW
SendMessageW
CreateWindowExW
DestroyWindow
OpenClipboard
CloseClipboard
GetClipboardSequenceNumber
SetClipboardViewer
ChangeClipboardChain
GetClipboardData
EnumClipboardFormats
GetUserObjectInformationW
IsCharAlphaNumericW
DispatchMessageW
GetMessageW
GetKeyboardLayout
RegisterClassExW
TranslateMessage

hid

HidD_GetHidGuid
HidP_GetCaps
HidD_GetAttributes
HidD_GetPreparsedData
HidD_FreePreparsedData

setupapi

SetupDiGetClassDevsW
SetupDiEnumDeviceInterfaces
SetupDiGetDeviceInterfaceDetailW
SetupDiDestroyDeviceInfoList

wldap32

ord167
ord54
ord301
ord304
ord309
ord310
ord145
ord13
ord73
ord208
ord41
ord26
ord27
ord36
ord127
ord12
ord142
ord77
ord79
ord133
ord147
ord88
ord14
ord203
ord157
ord69
ord113
ord140
ord139
ord97
ord96
ord224
ord223
ord122

ntdll

NtCompareTokens
RtlCreateUserThread
RtlGetCurrentPeb
NtQueryInformationProcess
NtQuerySystemInformation
RtlDecompressBuffer
RtlCompressBuffer
RtlGetCompressionWorkSpaceSize
RtlDowncaseUnicodeString
RtlFreeAnsiString
RtlUnicodeStringToAnsiString
NtQueryObject
RtlIpv6AddressToStringW
RtlIpv4AddressToStringW
RtlAnsiStringToUnicodeString
NtSetSystemEnvironmentValueEx
NtQuerySystemEnvironmentValueEx
NtTerminateProcess
NtSuspendProcess
RtlAdjustPrivilege
NtResumeProcess
RtlStringFromGUID
RtlFreeUnicodeString
RtlFreeOemString
RtlUpcaseUnicodeStringToOemString
RtlEqualUnicodeString
RtlGetNtVersionNumbers
RtlEqualString
RtlGUIDFromString
RtlInitUnicodeString
RtlUpcaseUnicodeString
RtlAppendUnicodeStringToString
NtEnumerateSystemEnvironmentValuesEx

msasn1

ASN1_CreateModule
ASN1_CloseModule
ASN1BERDotVal2Eoid
ASN1_CloseEncoder
ASN1_CreateDecoder
ASN1BEREoid2DotVal
ASN1_CloseDecoder
ASN1_FreeEncoded
ASN1_CreateEncoder
ASN1Free

winsta

WinStationConnectW
WinStationFreeMemory
WinStationEnumerateW
WinStationQueryInformationW
WinStationOpenServerW
WinStationCloseServer

kernel32

SetStdHandle
GetFileType
GetModuleHandleExW
LoadLibraryExW
GetCommandLineA
GetCurrentThreadId
IsDebuggerPresent
IsProcessorFeaturePresent
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetStartupInfoW
UnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleFileNameW
RtlUnwind
GetStringTypeW
GetConsoleCP
GetConsoleMode
GetModuleFileNameA
GetEnvironmentStringsW
FreeEnvironmentStringsW
LoadLibraryExA
TryEnterCriticalSection
GetFullPathNameW
GetFullPathNameA
HeapReAlloc
GetFileSize
WaitForSingleObject
SystemTimeToFileTime
SetConsoleCtrlHandler
GetModuleHandleW
GlobalSize
SetLastError
Sleep
CreateThread
GetSystemTimeAsFileTime
CreateMutexW
HeapCompact
SetEndOfFile
HeapAlloc
CreateFileW
LoadLibraryW
lstrlenA
GetProcAddress
FreeLibrary
GetLastError
CloseHandle
GetCurrentProcessId
OpenProcess
AllocConsole
lstrlenW
GetStdHandle
RaiseException
LocalFree
LocalAlloc
ExitThread
SetUnhandledExceptionFilter
ExitProcess
SetHandleInformation
CreatePipe
CreateProcessW
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
SetEvent
CreateEventW
GetCurrentProcess
GetTimeZoneInformation
GetSystemDirectoryW
ReadFile
SetCurrentDirectoryW
IsWow64Process
FillConsoleOutputCharacterW
GetConsoleScreenBufferInfo
SetConsoleCursorPosition
GetCurrentThread
ProcessIdToSessionId
GetComputerNameW
GetProcessId
FileTimeToSystemTime
TerminateThread
WriteFile
GetFileInformationByHandle
SetFilePointer
FileTimeToLocalFileTime
FileTimeToDosDateTime
GetTempPathA
GetTempFileNameA
GetCurrentDirectoryA
CreateFileA
DeleteFileA
GetFileSizeEx
FlushFileBuffers
FindClose
ExpandEnvironmentStringsW
GetCurrentDirectoryW
GetFileAttributesW
FindFirstFileW
FindNextFileW
DuplicateHandle
DeviceIoControl
VirtualAlloc
VirtualFree
VirtualProtect
VirtualQuery
VirtualAllocEx
VirtualFreeEx
VirtualProtectEx
VirtualQueryEx
ReadProcessMemory
WriteProcessMemory
MapViewOfFile
UnmapViewOfFile
CreateFileMappingW
GetComputerNameExW
CreateRemoteThread
ClearCommError
PurgeComm
WideCharToMultiByte
GetTimeFormatW
GetDateFormatW
AreFileApisANSI
GetSystemTime
DeleteFileW
GetVersionExA
OutputDebugStringA
GetFileAttributesExW
GetSystemInfo
GetDiskFreeSpaceA
CreateFileMappingA
GetDiskFreeSpaceW
LockFileEx
HeapSize
GetTempPathW
MultiByteToWideChar
HeapValidate
HeapCreate
GetFileAttributesA
HeapDestroy
GetVersionExW
FormatMessageW
FormatMessageA
GetProcessHeap
UnlockFileEx
GetTickCount
OutputDebugStringW
WaitForSingleObjectEx
LockFile
CompareStringW
LCMapStringW
SetFilePointerEx
WriteConsoleW
ReadConsoleW
SetEnvironmentVariableA
FlushViewOfFile
UnlockFile
InterlockedCompareExchange
HeapFree
QueryPerformanceCounter

Exports

Exports

DeinitServerExtension
GetExtensionName
InitServerExtension
_ReflectiveLoader@0
powershell_reflective_mimikatz

Sections

.text
Size: 502KB - Virtual size: 502KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 264KB - Virtual size: 264KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
data/meterpreter/ext_server_lanattacks.x64.dll
.dll windows x64

2422904d06a009c161ccd03cda20115c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

CreateThread
GetLastError
WaitForSingleObject
ExitProcess
SetUnhandledExceptionFilter
ExitThread
CloseHandle
CreateFileW
FlushFileBuffers
WriteConsoleW
SetStdHandle
SetFilePointerEx
GetConsoleMode
GetConsoleCP
OutputDebugStringW
LoadLibraryExW
HeapReAlloc
FreeEnvironmentStringsW
GetEnvironmentStringsW
RaiseException
FreeLibrary
GetProcAddress
LoadLibraryExA
WideCharToMultiByte
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
EncodePointer
DecodePointer
MultiByteToWideChar
GetStringTypeW
HeapFree
HeapAlloc
RtlPcToFileHeader
RtlLookupFunctionEntry
RtlUnwindEx
GetSystemTimeAsFileTime
GetCommandLineA
GetCurrentThreadId
GetCPInfo
RtlCaptureContext
RtlVirtualUnwind
UnhandledExceptionFilter
SetLastError
InitializeCriticalSectionAndSpinCount
Sleep
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStartupInfoW
GetModuleHandleW
IsProcessorFeaturePresent
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetModuleHandleExW
HeapSize
IsDebuggerPresent
GetProcessHeap
GetStdHandle
WriteFile
GetModuleFileNameW
IsValidCodePage
GetACP
GetOEMCP
GetFileType
GetModuleFileNameA
QueryPerformanceCounter
GetCurrentProcessId

ws2_32

ntohs
socket
setsockopt
sendto
select
recvfrom
ntohl
inet_addr
htons
htonl
getsockname
connect
closesocket
bind

Exports

Exports

DeinitServerExtension
GetExtensionName
InitServerExtension
ReflectiveLoader

Sections

.text
Size: 141KB - Virtual size: 140KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 59KB - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
data/meterpreter/ext_server_lanattacks.x86.dll
.dll windows x86

abd738afe96db62bfb8df5fd3e937142

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateThread
GetLastError
WaitForSingleObject
ExitProcess
SetUnhandledExceptionFilter
ExitThread
CloseHandle
CreateFileW
FlushFileBuffers
WriteConsoleW
SetStdHandle
SetFilePointerEx
GetConsoleMode
GetConsoleCP
OutputDebugStringW
LoadLibraryExW
HeapReAlloc
VirtualQuery
FreeEnvironmentStringsW
RaiseException
FreeLibrary
GetProcAddress
LoadLibraryExA
WideCharToMultiByte
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
MultiByteToWideChar
GetStringTypeW
HeapFree
HeapAlloc
RtlUnwind
GetSystemTimeAsFileTime
GetCommandLineA
GetCurrentThreadId
GetCPInfo
UnhandledExceptionFilter
SetLastError
InitializeCriticalSectionAndSpinCount
Sleep
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStartupInfoW
GetModuleHandleW
IsProcessorFeaturePresent
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetModuleHandleExW
HeapSize
GetProcessHeap
GetStdHandle
WriteFile
GetModuleFileNameW
IsDebuggerPresent
IsValidCodePage
GetACP
GetOEMCP
GetFileType
GetModuleFileNameA
QueryPerformanceCounter
GetCurrentProcessId
GetEnvironmentStringsW

ws2_32

ntohs
socket
setsockopt
sendto
select
recvfrom
ntohl
inet_addr
htons
htonl
getsockname
connect
closesocket
bind

Exports

Exports

DeinitServerExtension
GetExtensionName
InitServerExtension
_ReflectiveLoader@0

Sections

.text
Size: 122KB - Virtual size: 121KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 37KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
data/meterpreter/ext_server_mimikatz.x64.dll
.dll windows x64

36e4d5414001278bb80d1f97ce1be672

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

psapi

GetModuleInformation

advapi32

LookupPrivilegeNameW
EnumServicesStatusExW
CryptAcquireContextW
CryptReleaseContext
CryptDestroyKey
CryptImportKey
CryptDecrypt
CryptGetProvParam
CryptExportKey
CryptEnumProvidersW
CryptGetHashParam
CryptCreateHash
CryptHashData
CryptDestroyHash
CryptGetKeyParam
CryptGetUserKey
CredEnumerateW
CredFree
OpenEncryptedFileRawW
ReadEncryptedFileRaw
CloseEncryptedFileRaw
QueryUsersOnEncryptedFile
QueryRecoveryAgentsOnEncryptedFile
FreeEncryptionCertificateHashList
ImpersonateLoggedOnUser
RevertToSelf
RegCloseKey
RegOpenKeyExW
RegQueryValueExW
RegEnumKeyExW
RegQueryInfoKeyW
IsTextUnicode
CloseServiceHandle
CreateServiceW
OpenSCManagerW
OpenServiceW
StartServiceW
OpenProcessToken
GetTokenInformation
AdjustTokenPrivileges
LookupPrivilegeValueW
DeleteService
CreateProcessAsUserW
CreateProcessWithLogonW
AllocateAndInitializeSid
FreeSid
SetKernelObjectSecurity
LookupAccountSidW
DuplicateTokenEx
QueryServiceObjectSecurity
SetServiceObjectSecurity
BuildSecurityDescriptorW
ConvertSidToStringSidW
ControlService

user32

GetWindowThreadProcessId
UpdateWindow
InvalidateRect
PostThreadMessageW
EnumWindowStationsW
EnumDesktopsW
EnumWindows
WaitForInputIdle

secur32

LsaEnumerateLogonSessions
LsaFreeReturnBuffer
GetUserNameExW
LsaGetLogonSessionData

crypt32

CryptAcquireCertificatePrivateKey
CertEnumCertificatesInStore
PFXExportCertStoreEx
CertGetNameStringW
CertEnumSystemStore
CertAddCertificateContextToStore
CertGetCertificateContextProperty
CertFreeCertificateContext
CertCloseStore
CertOpenStore

shlwapi

PathCombineW
PathIsRelativeW
PathCanonicalizeW

wtsapi32

WTSEnumerateSessionsW
WTSCloseServer
WTSEnumerateProcessesW
WTSOpenServerW
WTSFreeMemory

kernel32

GetCurrentProcessId
QueryPerformanceCounter
GetModuleFileNameA
GetOEMCP
GetACP
GetSystemTimeAsFileTime
GetEnvironmentStringsW
FreeEnvironmentStringsW
LoadLibraryExW
SetStdHandle
OutputDebugStringW
WriteConsoleW
SetEndOfFile
VirtualProtect
IsValidCodePage
GetConsoleCP
GetModuleFileNameW
GetFileType
SetFilePointerEx
ReadConsoleW
GetConsoleMode
IsDebuggerPresent
GetProcessHeap
ExitProcess
SetUnhandledExceptionFilter
ExitThread
MultiByteToWideChar
WriteFile
ReadFile
CloseHandle
CreateFileW
FreeLibraryAndExitThread
GetProcAddress
Sleep
FreeLibrary
LoadLibraryW
GetLastError
FlushFileBuffers
SetLastError
GetModuleHandleW
VirtualAllocEx
VirtualFreeEx
OpenProcess
CreateRemoteThread
WaitForSingleObject
VirtualProtectEx
GetCurrentProcess
ReadProcessMemory
WriteProcessMemory
TerminateProcess
GetProcessId
DuplicateHandle
CreateJobObjectW
AssignProcessToJobObject
TerminateJobObject
ResumeThread
VirtualQueryEx
GetStdHandle
FillConsoleOutputCharacterW
GetConsoleScreenBufferInfo
SetConsoleCursorPosition
MapViewOfFile
UnmapViewOfFile
CreateFileMappingW
GetNativeSystemInfo
ConnectNamedPipe
DisconnectNamedPipe
SetNamedPipeHandleState
CreateNamedPipeW
WaitNamedPipeW
DebugActiveProcess
CreateProcessW
IsBadReadPtr
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
Module32FirstW
Module32NextW
LocalFree
FormatMessageW
GetCurrentDirectoryW
GetComputerNameExW
GetVersionExW
OpenThread
TerminateThread
SuspendThread
Thread32First
Thread32Next
RaiseException
LoadLibraryExA
WideCharToMultiByte
GetStringTypeW
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
EncodePointer
DecodePointer
HeapFree
RtlPcToFileHeader
RtlLookupFunctionEntry
RtlUnwindEx
HeapAlloc
HeapReAlloc
GetCommandLineA
GetCurrentThreadId
GetCPInfo
RtlCaptureContext
RtlVirtualUnwind
UnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStartupInfoW
IsProcessorFeaturePresent
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetModuleHandleExW
HeapSize

Exports

Exports

DeinitServerExtension
GetExtensionName
InitServerExtension
ReflectiveLoader
ping

Sections

.text
Size: 348KB - Virtual size: 348KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 148KB - Virtual size: 148KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 760B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
data/meterpreter/ext_server_mimikatz.x86.dll
.dll windows x86

afa6c44f705069d2018bca61eadff76f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

psapi

GetModuleInformation

advapi32

LookupPrivilegeNameW
EnumServicesStatusExW
CryptAcquireContextW
CryptReleaseContext
CryptDestroyKey
CryptImportKey
CryptDecrypt
CryptGetProvParam
CryptExportKey
CryptEnumProvidersW
CryptGetHashParam
CryptCreateHash
CryptHashData
CryptDestroyHash
CryptGetKeyParam
CryptGetUserKey
CredEnumerateW
CredFree
OpenEncryptedFileRawW
ReadEncryptedFileRaw
CloseEncryptedFileRaw
QueryUsersOnEncryptedFile
QueryRecoveryAgentsOnEncryptedFile
FreeEncryptionCertificateHashList
ImpersonateLoggedOnUser
RevertToSelf
RegCloseKey
RegOpenKeyExW
RegQueryValueExW
RegEnumKeyExW
RegQueryInfoKeyW
IsTextUnicode
CloseServiceHandle
CreateServiceW
OpenSCManagerW
OpenServiceW
StartServiceW
OpenProcessToken
GetTokenInformation
AdjustTokenPrivileges
LookupPrivilegeValueW
DeleteService
CreateProcessAsUserW
CreateProcessWithLogonW
AllocateAndInitializeSid
FreeSid
SetKernelObjectSecurity
LookupAccountSidW
DuplicateTokenEx
QueryServiceObjectSecurity
SetServiceObjectSecurity
BuildSecurityDescriptorW
ConvertSidToStringSidW
ControlService

user32

GetWindowThreadProcessId
UpdateWindow
InvalidateRect
PostThreadMessageW
EnumWindowStationsW
EnumDesktopsW
EnumWindows
WaitForInputIdle

secur32

LsaEnumerateLogonSessions
LsaFreeReturnBuffer
GetUserNameExW
LsaGetLogonSessionData

crypt32

CryptAcquireCertificatePrivateKey
CertEnumCertificatesInStore
PFXExportCertStoreEx
CertGetNameStringW
CertEnumSystemStore
CertAddCertificateContextToStore
CertGetCertificateContextProperty
CertFreeCertificateContext
CertCloseStore
CertOpenStore

shlwapi

PathCombineW
PathIsRelativeW
PathCanonicalizeW

wtsapi32

WTSEnumerateSessionsW
WTSCloseServer
WTSEnumerateProcessesW
WTSOpenServerW
WTSFreeMemory

kernel32

GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
GetModuleFileNameA
GetOEMCP
GetEnvironmentStringsW
FreeEnvironmentStringsW
VirtualQuery
LoadLibraryExW
SetStdHandle
OutputDebugStringW
WriteConsoleW
SetEndOfFile
OpenProcess
GetACP
IsValidCodePage
GetConsoleCP
GetModuleFileNameW
GetFileType
SetFilePointerEx
ReadConsoleW
GetConsoleMode
IsDebuggerPresent
ExitProcess
SetUnhandledExceptionFilter
ExitThread
MultiByteToWideChar
WriteFile
ReadFile
CloseHandle
CreateFileW
FreeLibraryAndExitThread
GetProcAddress
Sleep
FreeLibrary
LoadLibraryW
GetLastError
FlushFileBuffers
SetLastError
GetModuleHandleW
VirtualAllocEx
VirtualFreeEx
CreateRemoteThread
WaitForSingleObject
VirtualProtect
VirtualProtectEx
GetCurrentProcess
ReadProcessMemory
WriteProcessMemory
TerminateProcess
GetProcessId
DuplicateHandle
CreateJobObjectW
AssignProcessToJobObject
TerminateJobObject
ResumeThread
VirtualQueryEx
GetStdHandle
FillConsoleOutputCharacterW
GetConsoleScreenBufferInfo
SetConsoleCursorPosition
MapViewOfFile
UnmapViewOfFile
CreateFileMappingW
GetNativeSystemInfo
ConnectNamedPipe
DisconnectNamedPipe
SetNamedPipeHandleState
CreateNamedPipeW
WaitNamedPipeW
DebugActiveProcess
CreateProcessW
IsBadReadPtr
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
Module32FirstW
Module32NextW
LocalFree
FormatMessageW
GetCurrentDirectoryW
GetComputerNameExW
GetVersionExW
OpenThread
TerminateThread
SuspendThread
Thread32First
Thread32Next
RaiseException
LoadLibraryExA
WideCharToMultiByte
GetStringTypeW
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
HeapFree
RtlUnwind
HeapAlloc
HeapReAlloc
GetCommandLineA
GetCurrentThreadId
GetCPInfo
UnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStartupInfoW
IsProcessorFeaturePresent
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetModuleHandleExW
HeapSize
GetProcessHeap

Exports

Exports

DeinitServerExtension
GetExtensionName
InitServerExtension
_ReflectiveLoader@0
ping

Sections

.text
Size: 275KB - Virtual size: 275KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 94KB - Virtual size: 94KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 760B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
data/meterpreter/ext_server_peinjector.x64.dll
.dll windows x64

6f35de51ce0a5d3b8536d2a97ecf2a8d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

ExitProcess
SetUnhandledExceptionFilter
ExitThread
RaiseException
GetLastError
FreeLibrary
GetProcAddress
LoadLibraryExA
MultiByteToWideChar
WideCharToMultiByte
Sleep
GetSystemTime
SystemTimeToFileTime
ReadFile
HeapFree
HeapAlloc
HeapReAlloc
GetSystemTimeAsFileTime
GetCommandLineA
GetCurrentThreadId
RtlUnwindEx
IsDebuggerPresent
EncodePointer
DecodePointer
IsProcessorFeaturePresent
EnterCriticalSection
LeaveCriticalSection
CloseHandle
GetConsoleMode
ReadConsoleW
SetFilePointerEx
GetStdHandle
GetFileType
DeleteCriticalSection
GetStartupInfoW
WriteFile
GetConsoleCP
GetProcessHeap
GetModuleHandleExW
GetModuleFileNameW
SetLastError
GetModuleFileNameA
QueryPerformanceCounter
GetCurrentProcessId
GetEnvironmentStringsW
FreeEnvironmentStringsW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleW
SetStdHandle
FlushFileBuffers
WriteConsoleW
CreateFileW
LoadLibraryExW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
OutputDebugStringW
GetStringTypeW
SetEndOfFile
HeapSize
LCMapStringW

Exports

Exports

DeinitServerExtension
InitServerExtension
ReflectiveLoader

Sections

.text
Size: 75KB - Virtual size: 74KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 29KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
data/meterpreter/ext_server_peinjector.x86.dll
.dll windows x86

47ca254ac9e7c48f14cfc39eb47c484a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ExitProcess
SetUnhandledExceptionFilter
ExitThread
RaiseException
GetLastError
FreeLibrary
GetProcAddress
LoadLibraryExA
MultiByteToWideChar
WideCharToMultiByte
Sleep
GetSystemTime
SystemTimeToFileTime
ReadFile
HeapFree
HeapAlloc
HeapReAlloc
GetSystemTimeAsFileTime
GetCommandLineA
GetCurrentThreadId
IsDebuggerPresent
IsProcessorFeaturePresent
EnterCriticalSection
LeaveCriticalSection
CloseHandle
GetConsoleMode
ReadConsoleW
SetFilePointerEx
GetStdHandle
GetFileType
DeleteCriticalSection
GetStartupInfoW
WriteFile
GetConsoleCP
RtlUnwind
GetProcessHeap
GetModuleHandleExW
GetModuleFileNameW
SetLastError
GetModuleFileNameA
QueryPerformanceCounter
GetCurrentProcessId
GetEnvironmentStringsW
FreeEnvironmentStringsW
UnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleW
VirtualQuery
SetStdHandle
FlushFileBuffers
WriteConsoleW
CreateFileW
LoadLibraryExW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
OutputDebugStringW
GetStringTypeW
SetEndOfFile
HeapSize
LCMapStringW

Exports

Exports

DeinitServerExtension
InitServerExtension
_ReflectiveLoader@0

Sections

.text
Size: 74KB - Virtual size: 73KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
data/meterpreter/ext_server_powershell.x64.dll
.dll windows x64

4c2a730e152625f31d76c35b84485f9a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ws2_32

ntohl

kernel32

GetCPInfo
LocalFree
ExitProcess
SetUnhandledExceptionFilter
ExitThread
LocalAlloc
GetProcAddress
GetLastError
SetEvent
ResetEvent
CloseHandle
CreateEventA
LoadLibraryA
lstrlenA
CreateFileW
FlushFileBuffers
WriteConsoleW
SetStdHandle
OutputDebugStringW
SetFilePointerEx
GetConsoleMode
GetConsoleCP
LCMapStringW
RaiseException
FreeLibrary
LoadLibraryExA
CreateThread
GetCurrentThreadId
TerminateThread
ResumeThread
ReleaseMutex
WaitForSingleObject
CreateMutexA
Sleep
GetSystemTime
SystemTimeToFileTime
EncodePointer
DecodePointer
MultiByteToWideChar
HeapFree
RtlLookupFunctionEntry
RtlUnwindEx
GetCommandLineA
HeapAlloc
GetSystemTimeAsFileTime
IsDebuggerPresent
IsProcessorFeaturePresent
RtlPcToFileHeader
GetModuleHandleExW
WideCharToMultiByte
HeapSize
IsValidCodePage
GetACP
GetOEMCP
SetLastError
GetProcessHeap
GetStdHandle
GetFileType
DeleteCriticalSection
GetStartupInfoW
GetModuleFileNameA
QueryPerformanceCounter
GetCurrentProcessId
GetEnvironmentStringsW
FreeEnvironmentStringsW
RtlCaptureContext
RtlVirtualUnwind
UnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleW
WriteFile
GetModuleFileNameW
EnterCriticalSection
LeaveCriticalSection
LoadLibraryExW
HeapReAlloc
GetStringTypeW

oleaut32

VariantClear
VariantInit
SafeArrayCreateVector
SafeArrayPutElement
SafeArrayUnlock
SafeArrayLock
SafeArrayDestroy
SafeArrayCreate
SysAllocStringByteLen
SysStringLen
SysFreeString
SysAllocString

Exports

Exports

DeinitServerExtension
GetExtensionName
InitServerExtension
ReflectiveLoader
StagelessInit

Sections

.text
Size: 74KB - Virtual size: 74KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 35KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 64KB - Virtual size: 73KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
data/meterpreter/ext_server_powershell.x86.dll
.dll windows x86

7005679e99404ca384dba01425a000ab

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

ntohl

kernel32

SetLastError
LocalFree
ExitProcess
SetUnhandledExceptionFilter
ExitThread
LocalAlloc
InterlockedDecrement
GetProcAddress
GetLastError
SetEvent
ResetEvent
CloseHandle
CreateEventA
LoadLibraryA
lstrlenA
CreateFileW
FlushFileBuffers
WriteConsoleW
SetStdHandle
OutputDebugStringW
SetFilePointerEx
GetConsoleMode
GetConsoleCP
LCMapStringW
RaiseException
FreeLibrary
LoadLibraryExA
CreateThread
GetCurrentThreadId
TerminateThread
ResumeThread
ReleaseMutex
WaitForSingleObject
CreateMutexA
Sleep
GetSystemTime
SystemTimeToFileTime
MultiByteToWideChar
HeapFree
RtlUnwind
GetCommandLineA
HeapAlloc
GetSystemTimeAsFileTime
IsDebuggerPresent
IsProcessorFeaturePresent
GetModuleHandleExW
WideCharToMultiByte
HeapSize
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetProcessHeap
GetStdHandle
GetFileType
DeleteCriticalSection
GetStartupInfoW
GetModuleFileNameA
QueryPerformanceCounter
GetCurrentProcessId
GetEnvironmentStringsW
FreeEnvironmentStringsW
UnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleW
WriteFile
GetModuleFileNameW
VirtualQuery
EnterCriticalSection
LeaveCriticalSection
LoadLibraryExW
HeapReAlloc
GetStringTypeW

oleaut32

VariantClear
VariantInit
SafeArrayCreateVector
SafeArrayPutElement
SafeArrayUnlock
SafeArrayLock
SafeArrayDestroy
SafeArrayCreate
SysAllocStringByteLen
SysStringLen
SysFreeString
SysAllocString

Exports

Exports

DeinitServerExtension
GetExtensionName
InitServerExtension
StagelessInit
_ReflectiveLoader@0

Sections

.text
Size: 71KB - Virtual size: 70KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 63KB - Virtual size: 70KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
data/meterpreter/ext_server_priv.x64.dll
.dll windows x64

b075bbda511163243f6c78932d52a314

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

psapi

GetModuleBaseNameA
EnumProcesses

kernel32

WaitForSingleObject
CloseHandle
CreateEventA
LoadLibraryA
SetLastError
Sleep
GetTickCount
GetCurrentThread
GetExitCodeThread
ReleaseSemaphore
WriteFile
ReadFile
GetHandleInformation
ConnectNamedPipe
DisconnectNamedPipe
SetEvent
GetTempPathA
CreateFileA
DeleteFileA
CreateNamedPipeA
GetVersionExA
GetCurrentThreadId
FindClose
SystemTimeToFileTime
FileTimeToLocalFileTime
LocalFileTimeToFileTime
FileTimeToSystemTime
GetModuleHandleA
CreateFileW
FindFirstFileW
FindNextFileW
WriteProcessMemory
ReadProcessMemory
GetLastError
GetCurrentProcess
OpenProcess
VirtualFreeEx
VirtualAllocEx
GetProcAddress
FreeLibrary
ExitThread
SetUnhandledExceptionFilter
ExitProcess
WriteConsoleW
FlushFileBuffers
CreateSemaphoreA
ReleaseMutex
RaiseException
LoadLibraryExA
CreateRemoteThread
GetThreadId
CreateThread
TerminateThread
ResumeThread
SetEnvironmentVariableA
CreateMutexA
MultiByteToWideChar
WideCharToMultiByte
GetSystemTime
VirtualProtectEx
HeapFree
HeapAlloc
HeapReAlloc
GetCommandLineA
GetSystemTimeAsFileTime
RtlUnwindEx
IsDebuggerPresent
EncodePointer
DecodePointer
IsProcessorFeaturePresent
GetProcessHeap
GetModuleHandleExW
GetStdHandle
GetModuleFileNameW
GetTimeZoneInformation
GetFileType
DeleteCriticalSection
GetStartupInfoW
GetModuleFileNameA
QueryPerformanceCounter
GetCurrentProcessId
GetEnvironmentStringsW
FreeEnvironmentStringsW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleW
EnterCriticalSection
LeaveCriticalSection
LoadLibraryExW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
OutputDebugStringW
GetConsoleCP
GetConsoleMode
SetFilePointerEx
HeapSize
CompareStringW
LCMapStringW
GetStringTypeW
SetStdHandle

advapi32

DuplicateToken
OpenThreadToken
ImpersonateNamedPipeClient
StartServiceA
QueryServiceStatusEx
OpenServiceA
OpenSCManagerA
DeleteService
CreateServiceA
ControlService
CloseServiceHandle
LookupPrivilegeValueA
AdjustTokenPrivileges
OpenProcessToken
EnumServicesStatusA

Exports

Exports

DeinitServerExtension
GetExtensionName
InitServerExtension
ReflectiveLoader
control

Sections

.text
Size: 82KB - Virtual size: 81KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
data/meterpreter/ext_server_priv.x86.dll
.dll windows x86

7a16fa323a59bec644e1c92890946ae0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

psapi

GetModuleBaseNameA
EnumProcesses

kernel32

WaitForSingleObject
CloseHandle
CreateEventA
LoadLibraryA
SetLastError
Sleep
GetTickCount
GetCurrentThread
GetExitCodeThread
ReleaseSemaphore
WriteFile
ReadFile
GetHandleInformation
ConnectNamedPipe
DisconnectNamedPipe
SetEvent
GetTempPathA
CreateFileA
DeleteFileA
CreateNamedPipeA
GetVersionExA
GetCurrentThreadId
FindClose
SystemTimeToFileTime
FileTimeToLocalFileTime
LocalFileTimeToFileTime
FileTimeToSystemTime
GetModuleHandleA
CreateFileW
FindFirstFileW
FindNextFileW
WriteProcessMemory
ReadProcessMemory
GetLastError
GetCurrentProcess
OpenProcess
VirtualFreeEx
VirtualAllocEx
GetProcAddress
FreeLibrary
ExitThread
SetUnhandledExceptionFilter
ExitProcess
WriteConsoleW
FlushFileBuffers
CreateSemaphoreA
TerminateThread
RaiseException
LoadLibraryExA
CreateRemoteThread
GetThreadId
CreateThread
SetEnvironmentVariableA
ResumeThread
ReleaseMutex
CreateMutexA
MultiByteToWideChar
WideCharToMultiByte
GetSystemTime
VirtualProtect
VirtualProtectEx
HeapFree
HeapAlloc
HeapReAlloc
GetCommandLineA
GetSystemTimeAsFileTime
IsDebuggerPresent
IsProcessorFeaturePresent
GetProcessHeap
GetModuleHandleExW
GetStdHandle
GetModuleFileNameW
GetTimeZoneInformation
GetFileType
DeleteCriticalSection
GetStartupInfoW
GetModuleFileNameA
QueryPerformanceCounter
GetCurrentProcessId
GetEnvironmentStringsW
FreeEnvironmentStringsW
UnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleW
RtlUnwind
VirtualQuery
EnterCriticalSection
LeaveCriticalSection
LoadLibraryExW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
OutputDebugStringW
GetConsoleCP
GetConsoleMode
SetFilePointerEx
HeapSize
CompareStringW
LCMapStringW
GetStringTypeW
SetStdHandle

advapi32

DuplicateToken
OpenThreadToken
ImpersonateNamedPipeClient
StartServiceA
QueryServiceStatusEx
OpenServiceA
OpenSCManagerA
DeleteService
CreateServiceA
ControlService
CloseServiceHandle
LookupPrivilegeValueA
AdjustTokenPrivileges
OpenProcessToken
EnumServicesStatusA

Exports

Exports

DeinitServerExtension
GetExtensionName
InitServerExtension
_ReflectiveLoader@0
control

Sections

.text
Size: 80KB - Virtual size: 79KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
data/meterpreter/ext_server_python.x64.dll
.dll windows x64

f656523d0bded13b4a2535f60c388f12

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

crypt32

CertGetEnhancedKeyUsage
CertFreeCRLContext
CertEnumCRLsInStore
CertFreeCertificateContext
CertEnumCertificatesInStore
CertOpenSystemStoreA
CertCloseStore

ws2_32

socket
getnameinfo
freeaddrinfo
getaddrinfo
WSAIoctl
WSASetLastError
WSACleanup
WSAStartup
getprotobyname
getservbyname
getservbyport
__WSAFDIsSet
gethostbyname
gethostbyaddr
gethostname
shutdown
setsockopt
sendto
send
recvfrom
recv
ntohs
ntohl
listen
inet_ntoa
inet_addr
htons
htonl
getsockopt
getsockname
getpeername
ioctlsocket
connect
closesocket
bind
accept
WSAGetLastError
select

kernel32

ExitThread
ReadConsoleInputA
PeekConsoleInputA
GetNumberOfConsoleInputEvents
HeapCompact
WriteConsoleW
GetCurrentProcess
GetLastError
GetFileSize
SetEndOfFile
SetFilePointer
CloseHandle
DuplicateHandle
GetSystemInfo
MapViewOfFile
FlushViewOfFile
UnmapViewOfFile
CreateFileMappingA
GetVersion
GetProcessTimes
OpenProcess
TerminateProcess
GetExitCodeProcess
SetLastError
WaitForSingleObject
GetFileInformationByHandle
GetFileType
FindClose
SetFileTime
GetSystemTime
SystemTimeToFileTime
CreatePipe
GetModuleFileNameA
CreateProcessA
GetEnvironmentVariableA
SetEnvironmentVariableA
SetEnvironmentVariableW
SetCurrentDirectoryA
SetCurrentDirectoryW
GetCurrentDirectoryA
GetCurrentDirectoryW
CreateDirectoryA
CreateDirectoryW
RemoveDirectoryA
RemoveDirectoryW
GetFullPathNameA
GetFullPathNameW
CreateFileA
CreateFileW
SetFileAttributesA
SetFileAttributesW
GetFileAttributesA
GetFileAttributesW
GetFileAttributesExA
GetFileAttributesExW
DeleteFileA
DeleteFileW
FindFirstFileA
FindFirstFileW
FindNextFileA
FindNextFileW
MoveFileA
GenerateConsoleCtrlEvent
SetEvent
LoadLibraryExW
Sleep
CreateEventA
QueryPerformanceCounter
QueryPerformanceFrequency
SetConsoleCtrlHandler
DisableThreadLibraryCalls
FreeLibrary
LocalFree
FormatMessageA
LoadLibraryA
IsBadStringPtrA
IsBadStringPtrW
VirtualAlloc
GetProcAddress
GetACP
GetLocaleInfoA
WriteFile
ReadFile
GetTickCount
PeekNamedPipe
GetCurrentThreadId
ReleaseSemaphore
WaitForMultipleObjects
CreateSemaphoreA
ExitProcess
ConnectNamedPipe
SetNamedPipeHandleState
CreateNamedPipeA
WaitNamedPipeA
IsDBCSLeadByte
MultiByteToWideChar
WideCharToMultiByte
GetModuleHandleW
OutputDebugStringA
GetStdHandle
GetModuleHandleA
ExpandEnvironmentStringsW
SetErrorMode
LoadLibraryExA
OutputDebugStringW
GetConsoleCP
GetConsoleOutputCP
GetVersionExA
HeapAlloc
HeapFree
GetProcessHeap
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LockResource
VirtualQuery
LoadResource
FindResourceA
GetCurrentProcessId
GlobalMemoryStatus
LoadLibraryW
FlushConsoleInputBuffer
SetConsoleMode
ReadConsoleInputW
GetConsoleMode
UnlockFileEx
LockFileEx
RtlUnwindEx
GetTimeZoneInformation
GetCommandLineA
IsDebuggerPresent
GetModuleFileNameW
DeleteCriticalSection
GetStartupInfoW
ReadConsoleW
IsValidCodePage
GetOEMCP
GetCPInfo
ResetEvent
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
FindFirstFileExW
GetDriveTypeW
SystemTimeToTzSpecificLocalTime
GetStringTypeW
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetDateFormatW
GetTimeFormatW
CompareStringW
MoveFileW
GetSystemTimeAsFileTime
HeapSize
IsProcessorFeaturePresent
AreFileApisANSI
GetModuleHandleExW
DecodePointer
EncodePointer
GetTempPathA
SetFilePointerEx
FlushFileBuffers
RaiseException
CreateThread
TerminateThread
ResumeThread
ReleaseMutex
CreateMutexA
HeapReAlloc
EnterCriticalSection
LeaveCriticalSection
FileTimeToLocalFileTime
FileTimeToSystemTime
SetStdHandle
LCMapStringW

user32

GetDesktopWindow
CharPrevA
MessageBoxW
GetUserObjectInformationW
GetProcessWindowStation
LoadStringA

advapi32

RegEnumKeyExA
RegOpenKeyExA
RegQueryInfoKeyA
RegQueryValueExA
RegQueryValueA
RegConnectRegistryA
RegCreateKeyA
ReportEventW
RegisterEventSourceW
DeregisterEventSource
CryptReleaseContext
RegSetValueExA
RegSetValueA
RegSaveKeyA
RegLoadKeyA
RegFlushKey
RegEnumValueA
RegDeleteValueA
RegDeleteKeyA
RegCreateKeyExA
RegCloseKey

shell32

ShellExecuteW
ShellExecuteA

ole32

ProgIDFromCLSID

oleaut32

SysStringLen
SysAllocStringLen
GetErrorInfo
SysFreeString

Exports

Exports

CommandAdded
DeinitServerExtension
GetExtensionName
InitServerExtension
PyAST_Compile
PyAST_FromNode
PyArena_AddPyObject
PyArena_Free
PyArena_Malloc
PyArena_New
PyArg_Parse
PyArg_ParseTuple
PyArg_ParseTupleAndKeywords
PyArg_UnpackTuple
PyArg_VaParse
PyArg_VaParseTupleAndKeywords
PyBaseObject_Type
PyBaseString_Type
PyBool_FromLong
PyBool_Type
PyBuffer_FillContiguousStrides
PyBuffer_FillInfo
PyBuffer_FromContiguous
PyBuffer_FromMemory
PyBuffer_FromObject
PyBuffer_FromReadWriteMemory
PyBuffer_FromReadWriteObject
PyBuffer_GetPointer
PyBuffer_IsContiguous
PyBuffer_New
PyBuffer_Release
PyBuffer_ToContiguous
PyBuffer_Type
PyByteArrayIter_Type
PyByteArray_AsString
PyByteArray_Concat
PyByteArray_Fini
PyByteArray_FromObject
PyByteArray_FromStringAndSize
PyByteArray_Init
PyByteArray_Resize
PyByteArray_Size
PyByteArray_Type
PyCFunction_Call
PyCFunction_ClearFreeList
PyCFunction_Fini
PyCFunction_GetFlags
PyCFunction_GetFunction
PyCFunction_GetSelf
PyCFunction_New
PyCFunction_NewEx
PyCFunction_Type
PyCObject_AsVoidPtr
PyCObject_FromVoidPtr
PyCObject_FromVoidPtrAndDesc
PyCObject_GetDesc
PyCObject_Import
PyCObject_SetVoidPtr
PyCObject_Type
PyCallIter_New
PyCallIter_Type
PyCallable_Check
PyCapsule_GetContext
PyCapsule_GetDestructor
PyCapsule_GetName
PyCapsule_GetPointer
PyCapsule_Import
PyCapsule_IsValid
PyCapsule_New
PyCapsule_SetContext
PyCapsule_SetDestructor
PyCapsule_SetName
PyCapsule_SetPointer
PyCapsule_Type
PyCell_Get
PyCell_New
PyCell_Set
PyCell_Type
PyClassMethod_New
PyClassMethod_Type
PyClass_IsSubclass
PyClass_New
PyClass_Type
PyCode_Addr2Line
PyCode_New
PyCode_NewEmpty
PyCode_Optimize
PyCode_Type
PyCodec_BackslashReplaceErrors
PyCodec_Decode
PyCodec_Decoder
PyCodec_Encode
PyCodec_Encoder
PyCodec_IgnoreErrors
PyCodec_IncrementalDecoder
PyCodec_IncrementalEncoder
PyCodec_LookupError
PyCodec_Register
PyCodec_RegisterError
PyCodec_ReplaceErrors
PyCodec_StreamReader
PyCodec_StreamWriter
PyCodec_StrictErrors
PyCodec_XMLCharRefReplaceErrors
PyComplex_AsCComplex
PyComplex_FromCComplex
PyComplex_FromDoubles
PyComplex_ImagAsDouble
PyComplex_RealAsDouble
PyComplex_Type
PyDescr_NewClassMethod
PyDescr_NewGetSet
PyDescr_NewMember
PyDescr_NewMethod
PyDescr_NewWrapper
PyDictItems_Type
PyDictIterItem_Type
PyDictIterKey_Type
PyDictIterValue_Type
PyDictKeys_Type
PyDictProxy_New
PyDictProxy_Type
PyDictValues_Type
PyDict_Clear
PyDict_Contains
PyDict_Copy
PyDict_DelItem
PyDict_DelItemString
PyDict_Fini
PyDict_GetItem
PyDict_GetItemString
PyDict_Items
PyDict_Keys
PyDict_Merge
PyDict_MergeFromSeq2
PyDict_New
PyDict_Next
PyDict_SetItem
PyDict_SetItemString
PyDict_Size
PyDict_Type
PyDict_Update
PyDict_Values
PyEllipsis_Type
PyEnum_Type
PyErr_BadArgument
PyErr_BadInternalCall
PyErr_CheckSignals
PyErr_Clear
PyErr_Display
PyErr_ExceptionMatches
PyErr_Fetch
PyErr_Format
PyErr_GivenExceptionMatches
PyErr_NewException
PyErr_NewExceptionWithDoc
PyErr_NoMemory
PyErr_NormalizeException
PyErr_Occurred
PyErr_Print
PyErr_PrintEx
PyErr_ProgramText
PyErr_Restore
PyErr_SetExcFromWindowsErr
PyErr_SetExcFromWindowsErrWithFilename
PyErr_SetExcFromWindowsErrWithFilenameObject
PyErr_SetExcFromWindowsErrWithUnicodeFilename
PyErr_SetFromErrno
PyErr_SetFromErrnoWithFilename
PyErr_SetFromErrnoWithFilenameObject
PyErr_SetFromErrnoWithUnicodeFilename
PyErr_SetFromWindowsErr
PyErr_SetFromWindowsErrWithFilename
PyErr_SetFromWindowsErrWithUnicodeFilename
PyErr_SetInterrupt
PyErr_SetNone
PyErr_SetObject
PyErr_SetString
PyErr_SyntaxLocation
PyErr_Warn
PyErr_WarnEx
PyErr_WarnExplicit
PyErr_WriteUnraisable
PyEval_AcquireLock
PyEval_AcquireThread
PyEval_CallFunction
PyEval_CallMethod
PyEval_CallObjectWithKeywords
PyEval_EvalCode
PyEval_EvalCodeEx
PyEval_EvalFrame
PyEval_EvalFrameEx
PyEval_GetBuiltins
PyEval_GetCallStats
PyEval_GetFrame
PyEval_GetFuncDesc
PyEval_GetFuncName
PyEval_GetGlobals
PyEval_GetLocals
PyEval_GetRestricted
PyEval_InitThreads
PyEval_MergeCompilerFlags
PyEval_ReInitThreads
PyEval_ReleaseLock
PyEval_ReleaseThread
PyEval_RestoreThread
PyEval_SaveThread
PyEval_SetProfile
PyEval_SetTrace
PyEval_ThreadsInitialized
PyExc_ArithmeticError
PyExc_AssertionError
PyExc_AttributeError
PyExc_BaseException
PyExc_BufferError
PyExc_BytesWarning
PyExc_DeprecationWarning
PyExc_EOFError
PyExc_EnvironmentError
PyExc_Exception
PyExc_FloatingPointError
PyExc_FutureWarning
PyExc_GeneratorExit
PyExc_IOError
PyExc_ImportError
PyExc_ImportWarning
PyExc_IndentationError
PyExc_IndexError
PyExc_KeyError
PyExc_KeyboardInterrupt
PyExc_LookupError
PyExc_MemoryError
PyExc_MemoryErrorInst
PyExc_NameError
PyExc_NotImplementedError
PyExc_OSError
PyExc_OverflowError
PyExc_PendingDeprecationWarning
PyExc_RecursionErrorInst
PyExc_ReferenceError
PyExc_RuntimeError
PyExc_RuntimeWarning
PyExc_StandardError
PyExc_StopIteration
PyExc_SyntaxError
PyExc_SyntaxWarning
PyExc_SystemError
PyExc_SystemExit
PyExc_TabError
PyExc_TypeError
PyExc_UnboundLocalError
PyExc_UnicodeDecodeError
PyExc_UnicodeEncodeError
PyExc_UnicodeError
PyExc_UnicodeTranslateError
PyExc_UnicodeWarning
PyExc_UserWarning
PyExc_ValueError
PyExc_Warning
PyExc_WindowsError
PyExc_ZeroDivisionError
PyFile_AsFile
PyFile_DecUseCount
PyFile_FromFile
PyFile_FromString
PyFile_GetLine
PyFile_IncUseCount
PyFile_Name
PyFile_SetBufSize
PyFile_SetEncoding
PyFile_SetEncodingAndErrors
PyFile_SoftSpace
PyFile_Type
PyFile_WriteObject
PyFile_WriteString
PyFloat_AsDouble
PyFloat_AsReprString
PyFloat_AsString
PyFloat_ClearFreeList
PyFloat_Fini
PyFloat_FromDouble
PyFloat_FromString
PyFloat_GetInfo
PyFloat_GetMax
PyFloat_GetMin
PyFloat_Type
PyFrame_BlockPop
PyFrame_BlockSetup
PyFrame_ClearFreeList
PyFrame_FastToLocals
PyFrame_Fini
PyFrame_GetLineNumber
PyFrame_LocalsToFast
PyFrame_New
PyFrame_Type
PyFrozenSet_New
PyFrozenSet_Type
PyFunction_GetClosure
PyFunction_GetCode
PyFunction_GetDefaults
PyFunction_GetGlobals
PyFunction_GetModule
PyFunction_New
PyFunction_SetClosure
PyFunction_SetDefaults
PyFunction_Type
PyFuture_FromAST
PyGC_Collect
PyGILState_Ensure
PyGILState_GetThisThreadState
PyGILState_Release
PyGen_NeedsFinalizing
PyGen_New
PyGen_Type
PyGetSetDescr_Type
PyImport_AddModule
PyImport_AppendInittab
PyImport_Cleanup
PyImport_ExecCodeModule
PyImport_ExecCodeModuleEx
PyImport_ExtendInittab
PyImport_FrozenModules
PyImport_GetImporter
PyImport_GetMagicNumber
PyImport_GetModuleDict
PyImport_Import
PyImport_ImportFrozenModule
PyImport_ImportModule
PyImport_ImportModuleLevel
PyImport_ImportModuleNoBlock
PyImport_Inittab
PyImport_ReloadModule
PyInstance_New
PyInstance_NewRaw
PyInstance_Type
PyInt_AsLong
PyInt_AsSsize_t
PyInt_AsUnsignedLongLongMask
PyInt_AsUnsignedLongMask
PyInt_ClearFreeList
PyInt_Fini
PyInt_FromLong
PyInt_FromSize_t
PyInt_FromSsize_t
PyInt_FromString
PyInt_FromUnicode
PyInt_GetMax
PyInt_Type
PyInterpreterState_Clear
PyInterpreterState_Delete
PyInterpreterState_Head
PyInterpreterState_New
PyInterpreterState_Next
PyInterpreterState_ThreadHead
PyIter_Next
PyList_Append
PyList_AsTuple
PyList_Fini
PyList_GetItem
PyList_GetSlice
PyList_Insert
PyList_New
PyList_Reverse
PyList_SetItem
PyList_SetSlice
PyList_Size
PyList_Sort
PyList_Type
PyLong_AsDouble
PyLong_AsLong
PyLong_AsLongAndOverflow
PyLong_AsLongLong
PyLong_AsLongLongAndOverflow
PyLong_AsSsize_t
PyLong_AsUnsignedLong
PyLong_AsUnsignedLongLong
PyLong_AsUnsignedLongLongMask
PyLong_AsUnsignedLongMask
PyLong_AsVoidPtr
PyLong_FromDouble
PyLong_FromLong
PyLong_FromLongLong
PyLong_FromSize_t
PyLong_FromSsize_t
PyLong_FromString
PyLong_FromUnicode
PyLong_FromUnsignedLong
PyLong_FromUnsignedLongLong
PyLong_FromVoidPtr
PyLong_GetInfo
PyLong_Type
PyMapping_Check
PyMapping_GetItemString
PyMapping_HasKey
PyMapping_HasKeyString
PyMapping_Length
PyMapping_SetItemString
PyMapping_Size
PyMarshal_ReadLastObjectFromFile
PyMarshal_ReadLongFromFile
PyMarshal_ReadObjectFromFile
PyMarshal_ReadObjectFromString
PyMarshal_ReadShortFromFile
PyMarshal_WriteLongToFile
PyMarshal_WriteObjectToFile
PyMarshal_WriteObjectToString
PyMem_Free
PyMem_Malloc
PyMem_Realloc
PyMemberDescr_Type
PyMember_Get
PyMember_GetOne
PyMember_Set
PyMember_SetOne
PyMemoryView_FromBuffer
PyMemoryView_FromObject
PyMemoryView_GetContiguous
PyMemoryView_Type
PyMethod_Class
PyMethod_ClearFreeList
PyMethod_Fini
PyMethod_Function
PyMethod_New
PyMethod_Self
PyMethod_Type
PyModule_AddIntConstant
PyModule_AddObject
PyModule_AddStringConstant
PyModule_GetDict
PyModule_GetFilename
PyModule_GetName
PyModule_New
PyModule_Type
PyNode_AddChild
PyNode_Compile
PyNode_Free
PyNode_ListTree
PyNode_New
PyNullImporter_Type
PyNumber_Absolute
PyNumber_Add
PyNumber_And
PyNumber_AsSsize_t
PyNumber_Check
PyNumber_Coerce
PyNumber_CoerceEx
PyNumber_Divide
PyNumber_Divmod
PyNumber_Float
PyNumber_FloorDivide
PyNumber_InPlaceAdd
PyNumber_InPlaceAnd
PyNumber_InPlaceDivide
PyNumber_InPlaceFloorDivide
PyNumber_InPlaceLshift
PyNumber_InPlaceMultiply
PyNumber_InPlaceOr
PyNumber_InPlacePower
PyNumber_InPlaceRemainder
PyNumber_InPlaceRshift
PyNumber_InPlaceSubtract
PyNumber_InPlaceTrueDivide
PyNumber_InPlaceXor
PyNumber_Index
PyNumber_Int
PyNumber_Invert
PyNumber_Long
PyNumber_Lshift
PyNumber_Multiply
PyNumber_Negative
PyNumber_Or
PyNumber_Positive
PyNumber_Power
PyNumber_Remainder
PyNumber_Rshift
PyNumber_Subtract
PyNumber_ToBase
PyNumber_TrueDivide
PyNumber_Xor
PyOS_AfterFork
PyOS_FiniInterrupts
PyOS_InitInterrupts
PyOS_InputHook
PyOS_InterruptOccurred
PyOS_Readline
PyOS_ReadlineFunctionPointer
PyOS_ascii_atof
PyOS_ascii_formatd
PyOS_ascii_strtod
PyOS_double_to_string
PyOS_getsig
PyOS_mystricmp
PyOS_mystrnicmp
PyOS_setsig
PyOS_snprintf
PyOS_string_to_double
PyOS_strtol
PyOS_strtoul
PyOS_vsnprintf
PyObject_AsCharBuffer

Sections

.text
Size: 2.1MB - Virtual size: 2.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1.2MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 148KB - Virtual size: 147KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
data/meterpreter/ext_server_python.x86.dll
.dll windows x86

f5b0703e510c7a8a6ddc593fb02172a6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

crypt32

CertGetEnhancedKeyUsage
CertFreeCRLContext
CertEnumCRLsInStore
CertFreeCertificateContext
CertEnumCertificatesInStore
CertOpenSystemStoreA
CertCloseStore

ws2_32

setsockopt
WSAIoctl
WSASetLastError
WSACleanup
WSAStartup
getprotobyname
getservbyname
getservbyport
gethostname
gethostbyname
__WSAFDIsSet
socket
shutdown
gethostbyaddr
sendto
send
recvfrom
recv
ntohs
ntohl
listen
inet_ntoa
inet_addr
htons
htonl
getsockopt
getsockname
getpeername
ioctlsocket
connect
closesocket
bind
accept
WSAGetLastError
select

kernel32

ReadConsoleInputA
PeekConsoleInputA
GetNumberOfConsoleInputEvents
GetCurrentProcess
GetLastError
GetFileSize
SetEndOfFile
SetFilePointer
CloseHandle
DuplicateHandle
GetSystemInfo
MapViewOfFile
FlushViewOfFile
UnmapViewOfFile
CreateFileMappingA
GetVersion
GetProcessTimes
OpenProcess
TerminateProcess
GetExitCodeProcess
SetLastError
WaitForSingleObject
GetFileInformationByHandle
GetFileType
FindClose
SetFileTime
GetSystemTime
SystemTimeToFileTime
CreatePipe
GetModuleFileNameA
CreateProcessA
GetEnvironmentVariableA
SetEnvironmentVariableA
SetEnvironmentVariableW
SetCurrentDirectoryA
SetCurrentDirectoryW
GetCurrentDirectoryA
GetCurrentDirectoryW
CreateDirectoryA
CreateDirectoryW
RemoveDirectoryA
RemoveDirectoryW
GetFullPathNameA
GetFullPathNameW
CreateFileA
CreateFileW
SetFileAttributesA
SetFileAttributesW
GetFileAttributesA
GetFileAttributesW
GetFileAttributesExA
GetFileAttributesExW
DeleteFileA
DeleteFileW
FindFirstFileA
FindFirstFileW
FindNextFileA
FindNextFileW
MoveFileA
MoveFileW
GenerateConsoleCtrlEvent
FreeLibrary
GetCPInfo
LoadLibraryA
GetSystemDirectoryA
VirtualProtect
ResetEvent
Sleep
CreateEventA
QueryPerformanceCounter
QueryPerformanceFrequency
SetConsoleCtrlHandler
DisableThreadLibraryCalls
LocalFree
FormatMessageA
IsBadStringPtrA
IsBadStringPtrW
VirtualAlloc
GetACP
GetLocaleInfoA
WriteFile
ReadFile
GetTickCount
PeekNamedPipe
GetCurrentThreadId
ReleaseSemaphore
WaitForMultipleObjects
CreateSemaphoreA
ExitProcess
ConnectNamedPipe
SetNamedPipeHandleState
CreateNamedPipeA
WaitNamedPipeA
IsDBCSLeadByte
MultiByteToWideChar
WideCharToMultiByte
GetModuleHandleW
OutputDebugStringA
GetStdHandle
GetModuleHandleA
ExpandEnvironmentStringsW
SetErrorMode
LoadLibraryExA
OutputDebugStringW
GetConsoleCP
GetConsoleOutputCP
GetVersionExA
InterlockedIncrement
InterlockedDecrement
InterlockedCompareExchange
HeapAlloc
HeapFree
GetProcessHeap
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LockResource
VirtualQuery
LoadResource
FindResourceA
GetCurrentProcessId
GlobalMemoryStatus
FlushConsoleInputBuffer
HeapCompact
WriteConsoleW
SetConsoleMode
ReadConsoleInputW
GetConsoleMode
UnlockFileEx
LockFileEx
ExitThread
LoadLibraryExW
GetCommandLineA
IsDebuggerPresent
GetModuleFileNameW
DeleteCriticalSection
GetStartupInfoW
ReadConsoleW
IsValidCodePage
SetEvent
GetOEMCP
RtlUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
FindFirstFileExW
GetDriveTypeW
SystemTimeToTzSpecificLocalTime
GetStringTypeW
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetDateFormatW
GetTimeFormatW
CompareStringW
GetProcAddress
GetTimeZoneInformation
GetSystemTimeAsFileTime
HeapSize
IsProcessorFeaturePresent
AreFileApisANSI
GetModuleHandleExW
GetTempPathA
SetFilePointerEx
FlushFileBuffers
SetStdHandle
RaiseException
CreateThread
TerminateThread
ResumeThread
ReleaseMutex
CreateMutexA
HeapReAlloc
EnterCriticalSection
LeaveCriticalSection
FileTimeToLocalFileTime
FileTimeToSystemTime
LCMapStringW

user32

GetDesktopWindow
CharPrevA
MessageBoxA
GetUserObjectInformationW
GetProcessWindowStation
LoadStringA

advapi32

RegEnumKeyExA
RegOpenKeyExA
RegQueryInfoKeyA
RegQueryValueExA
RegQueryValueA
RegConnectRegistryA
RegCreateKeyA
ReportEventA
RegisterEventSourceA
DeregisterEventSource
CryptReleaseContext
RegSetValueExA
RegSetValueA
RegSaveKeyA
RegLoadKeyA
RegFlushKey
RegEnumValueA
RegDeleteValueA
RegDeleteKeyA
RegCreateKeyExA
RegCloseKey

shell32

ShellExecuteW
ShellExecuteA

ole32

ProgIDFromCLSID

oleaut32

SysStringLen
SysAllocStringLen
GetErrorInfo
SysFreeString

Exports

Exports

CommandAdded
DeinitServerExtension
GetExtensionName
InitServerExtension
PyAST_Compile
PyAST_FromNode
PyArena_AddPyObject
PyArena_Free
PyArena_Malloc
PyArena_New
PyArg_Parse
PyArg_ParseTuple
PyArg_ParseTupleAndKeywords
PyArg_UnpackTuple
PyArg_VaParse
PyArg_VaParseTupleAndKeywords
PyBaseObject_Type
PyBaseString_Type
PyBool_FromLong
PyBool_Type
PyBuffer_FillContiguousStrides
PyBuffer_FillInfo
PyBuffer_FromContiguous
PyBuffer_FromMemory
PyBuffer_FromObject
PyBuffer_FromReadWriteMemory
PyBuffer_FromReadWriteObject
PyBuffer_GetPointer
PyBuffer_IsContiguous
PyBuffer_New
PyBuffer_Release
PyBuffer_ToContiguous
PyBuffer_Type
PyByteArrayIter_Type
PyByteArray_AsString
PyByteArray_Concat
PyByteArray_Fini
PyByteArray_FromObject
PyByteArray_FromStringAndSize
PyByteArray_Init
PyByteArray_Resize
PyByteArray_Size
PyByteArray_Type
PyCFunction_Call
PyCFunction_ClearFreeList
PyCFunction_Fini
PyCFunction_GetFlags
PyCFunction_GetFunction
PyCFunction_GetSelf
PyCFunction_New
PyCFunction_NewEx
PyCFunction_Type
PyCObject_AsVoidPtr
PyCObject_FromVoidPtr
PyCObject_FromVoidPtrAndDesc
PyCObject_GetDesc
PyCObject_Import
PyCObject_SetVoidPtr
PyCObject_Type
PyCallIter_New
PyCallIter_Type
PyCallable_Check
PyCapsule_GetContext
PyCapsule_GetDestructor
PyCapsule_GetName
PyCapsule_GetPointer
PyCapsule_Import
PyCapsule_IsValid
PyCapsule_New
PyCapsule_SetContext
PyCapsule_SetDestructor
PyCapsule_SetName
PyCapsule_SetPointer
PyCapsule_Type
PyCell_Get
PyCell_New
PyCell_Set
PyCell_Type
PyClassMethod_New
PyClassMethod_Type
PyClass_IsSubclass
PyClass_New
PyClass_Type
PyCode_Addr2Line
PyCode_New
PyCode_NewEmpty
PyCode_Optimize
PyCode_Type
PyCodec_BackslashReplaceErrors
PyCodec_Decode
PyCodec_Decoder
PyCodec_Encode
PyCodec_Encoder
PyCodec_IgnoreErrors
PyCodec_IncrementalDecoder
PyCodec_IncrementalEncoder
PyCodec_LookupError
PyCodec_Register
PyCodec_RegisterError
PyCodec_ReplaceErrors
PyCodec_StreamReader
PyCodec_StreamWriter
PyCodec_StrictErrors
PyCodec_XMLCharRefReplaceErrors
PyComplex_AsCComplex
PyComplex_FromCComplex
PyComplex_FromDoubles
PyComplex_ImagAsDouble
PyComplex_RealAsDouble
PyComplex_Type
PyDescr_NewClassMethod
PyDescr_NewGetSet
PyDescr_NewMember
PyDescr_NewMethod
PyDescr_NewWrapper
PyDictItems_Type
PyDictIterItem_Type
PyDictIterKey_Type
PyDictIterValue_Type
PyDictKeys_Type
PyDictProxy_New
PyDictProxy_Type
PyDictValues_Type
PyDict_Clear
PyDict_Contains
PyDict_Copy
PyDict_DelItem
PyDict_DelItemString
PyDict_Fini
PyDict_GetItem
PyDict_GetItemString
PyDict_Items
PyDict_Keys
PyDict_Merge
PyDict_MergeFromSeq2
PyDict_New
PyDict_Next
PyDict_SetItem
PyDict_SetItemString
PyDict_Size
PyDict_Type
PyDict_Update
PyDict_Values
PyEllipsis_Type
PyEnum_Type
PyErr_BadArgument
PyErr_BadInternalCall
PyErr_CheckSignals
PyErr_Clear
PyErr_Display
PyErr_ExceptionMatches
PyErr_Fetch
PyErr_Format
PyErr_GivenExceptionMatches
PyErr_NewException
PyErr_NewExceptionWithDoc
PyErr_NoMemory
PyErr_NormalizeException
PyErr_Occurred
PyErr_Print
PyErr_PrintEx
PyErr_ProgramText
PyErr_Restore
PyErr_SetExcFromWindowsErr
PyErr_SetExcFromWindowsErrWithFilename
PyErr_SetExcFromWindowsErrWithFilenameObject
PyErr_SetExcFromWindowsErrWithUnicodeFilename
PyErr_SetFromErrno
PyErr_SetFromErrnoWithFilename
PyErr_SetFromErrnoWithFilenameObject
PyErr_SetFromErrnoWithUnicodeFilename
PyErr_SetFromWindowsErr
PyErr_SetFromWindowsErrWithFilename
PyErr_SetFromWindowsErrWithUnicodeFilename
PyErr_SetInterrupt
PyErr_SetNone
PyErr_SetObject
PyErr_SetString
PyErr_SyntaxLocation
PyErr_Warn
PyErr_WarnEx
PyErr_WarnExplicit
PyErr_WriteUnraisable
PyEval_AcquireLock
PyEval_AcquireThread
PyEval_CallFunction
PyEval_CallMethod
PyEval_CallObjectWithKeywords
PyEval_EvalCode
PyEval_EvalCodeEx
PyEval_EvalFrame
PyEval_EvalFrameEx
PyEval_GetBuiltins
PyEval_GetCallStats
PyEval_GetFrame
PyEval_GetFuncDesc
PyEval_GetFuncName
PyEval_GetGlobals
PyEval_GetLocals
PyEval_GetRestricted
PyEval_InitThreads
PyEval_MergeCompilerFlags
PyEval_ReInitThreads
PyEval_ReleaseLock
PyEval_ReleaseThread
PyEval_RestoreThread
PyEval_SaveThread
PyEval_SetProfile
PyEval_SetTrace
PyEval_ThreadsInitialized
PyExc_ArithmeticError
PyExc_AssertionError
PyExc_AttributeError
PyExc_BaseException
PyExc_BufferError
PyExc_BytesWarning
PyExc_DeprecationWarning
PyExc_EOFError
PyExc_EnvironmentError
PyExc_Exception
PyExc_FloatingPointError
PyExc_FutureWarning
PyExc_GeneratorExit
PyExc_IOError
PyExc_ImportError
PyExc_ImportWarning
PyExc_IndentationError
PyExc_IndexError
PyExc_KeyError
PyExc_KeyboardInterrupt
PyExc_LookupError
PyExc_MemoryError
PyExc_MemoryErrorInst
PyExc_NameError
PyExc_NotImplementedError
PyExc_OSError
PyExc_OverflowError
PyExc_PendingDeprecationWarning
PyExc_RecursionErrorInst
PyExc_ReferenceError
PyExc_RuntimeError
PyExc_RuntimeWarning
PyExc_StandardError
PyExc_StopIteration
PyExc_SyntaxError
PyExc_SyntaxWarning
PyExc_SystemError
PyExc_SystemExit
PyExc_TabError
PyExc_TypeError
PyExc_UnboundLocalError
PyExc_UnicodeDecodeError
PyExc_UnicodeEncodeError
PyExc_UnicodeError
PyExc_UnicodeTranslateError
PyExc_UnicodeWarning
PyExc_UserWarning
PyExc_ValueError
PyExc_Warning
PyExc_WindowsError
PyExc_ZeroDivisionError
PyFile_AsFile
PyFile_DecUseCount
PyFile_FromFile
PyFile_FromString
PyFile_GetLine
PyFile_IncUseCount
PyFile_Name
PyFile_SetBufSize
PyFile_SetEncoding
PyFile_SetEncodingAndErrors
PyFile_SoftSpace
PyFile_Type
PyFile_WriteObject
PyFile_WriteString
PyFloat_AsDouble
PyFloat_AsReprString
PyFloat_AsString
PyFloat_ClearFreeList
PyFloat_Fini
PyFloat_FromDouble
PyFloat_FromString
PyFloat_GetInfo
PyFloat_GetMax
PyFloat_GetMin
PyFloat_Type
PyFrame_BlockPop
PyFrame_BlockSetup
PyFrame_ClearFreeList
PyFrame_FastToLocals
PyFrame_Fini
PyFrame_GetLineNumber
PyFrame_LocalsToFast
PyFrame_New
PyFrame_Type
PyFrozenSet_New
PyFrozenSet_Type
PyFunction_GetClosure
PyFunction_GetCode
PyFunction_GetDefaults
PyFunction_GetGlobals
PyFunction_GetModule
PyFunction_New
PyFunction_SetClosure
PyFunction_SetDefaults
PyFunction_Type
PyFuture_FromAST
PyGC_Collect
PyGILState_Ensure
PyGILState_GetThisThreadState
PyGILState_Release
PyGen_NeedsFinalizing
PyGen_New
PyGen_Type
PyGetSetDescr_Type
PyImport_AddModule
PyImport_AppendInittab
PyImport_Cleanup
PyImport_ExecCodeModule
PyImport_ExecCodeModuleEx
PyImport_ExtendInittab
PyImport_FrozenModules
PyImport_GetImporter
PyImport_GetMagicNumber
PyImport_GetModuleDict
PyImport_Import
PyImport_ImportFrozenModule
PyImport_ImportModule
PyImport_ImportModuleLevel
PyImport_ImportModuleNoBlock
PyImport_Inittab
PyImport_ReloadModule
PyInstance_New
PyInstance_NewRaw
PyInstance_Type
PyInt_AsLong
PyInt_AsSsize_t
PyInt_AsUnsignedLongLongMask
PyInt_AsUnsignedLongMask
PyInt_ClearFreeList
PyInt_Fini
PyInt_FromLong
PyInt_FromSize_t
PyInt_FromSsize_t
PyInt_FromString
PyInt_FromUnicode
PyInt_GetMax
PyInt_Type
PyInterpreterState_Clear
PyInterpreterState_Delete
PyInterpreterState_Head
PyInterpreterState_New
PyInterpreterState_Next
PyInterpreterState_ThreadHead
PyIter_Next
PyList_Append
PyList_AsTuple
PyList_Fini
PyList_GetItem
PyList_GetSlice
PyList_Insert
PyList_New
PyList_Reverse
PyList_SetItem
PyList_SetSlice
PyList_Size
PyList_Sort
PyList_Type
PyLong_AsDouble
PyLong_AsLong
PyLong_AsLongAndOverflow
PyLong_AsLongLong
PyLong_AsLongLongAndOverflow
PyLong_AsSsize_t
PyLong_AsUnsignedLong
PyLong_AsUnsignedLongLong
PyLong_AsUnsignedLongLongMask
PyLong_AsUnsignedLongMask
PyLong_AsVoidPtr
PyLong_FromDouble
PyLong_FromLong
PyLong_FromLongLong
PyLong_FromSize_t
PyLong_FromSsize_t
PyLong_FromString
PyLong_FromUnicode
PyLong_FromUnsignedLong
PyLong_FromUnsignedLongLong
PyLong_FromVoidPtr
PyLong_GetInfo
PyLong_Type
PyMapping_Check
PyMapping_GetItemString
PyMapping_HasKey
PyMapping_HasKeyString
PyMapping_Length
PyMapping_SetItemString
PyMapping_Size
PyMarshal_ReadLastObjectFromFile
PyMarshal_ReadLongFromFile
PyMarshal_ReadObjectFromFile
PyMarshal_ReadObjectFromString
PyMarshal_ReadShortFromFile
PyMarshal_WriteLongToFile
PyMarshal_WriteObjectToFile
PyMarshal_WriteObjectToString
PyMem_Free
PyMem_Malloc
PyMem_Realloc
PyMemberDescr_Type
PyMember_Get
PyMember_GetOne
PyMember_Set
PyMember_SetOne
PyMemoryView_FromBuffer
PyMemoryView_FromObject
PyMemoryView_GetContiguous
PyMemoryView_Type
PyMethod_Class
PyMethod_ClearFreeList
PyMethod_Fini
PyMethod_Function
PyMethod_New
PyMethod_Self
PyMethod_Type
PyModule_AddIntConstant
PyModule_AddObject
PyModule_AddStringConstant
PyModule_GetDict
PyModule_GetFilename
PyModule_GetName
PyModule_New
PyModule_Type
PyNode_AddChild
PyNode_Compile
PyNode_Free
PyNode_ListTree
PyNode_New
PyNullImporter_Type
PyNumber_Absolute
PyNumber_Add
PyNumber_And
PyNumber_AsSsize_t
PyNumber_Check
PyNumber_Coerce
PyNumber_CoerceEx
PyNumber_Divide
PyNumber_Divmod
PyNumber_Float
PyNumber_FloorDivide
PyNumber_InPlaceAdd
PyNumber_InPlaceAnd
PyNumber_InPlaceDivide
PyNumber_InPlaceFloorDivide
PyNumber_InPlaceLshift
PyNumber_InPlaceMultiply
PyNumber_InPlaceOr
PyNumber_InPlacePower
PyNumber_InPlaceRemainder
PyNumber_InPlaceRshift
PyNumber_InPlaceSubtract
PyNumber_InPlaceTrueDivide
PyNumber_InPlaceXor
PyNumber_Index
PyNumber_Int
PyNumber_Invert
PyNumber_Long
PyNumber_Lshift
PyNumber_Multiply
PyNumber_Negative
PyNumber_Or
PyNumber_Positive
PyNumber_Power
PyNumber_Remainder
PyNumber_Rshift
PyNumber_Subtract
PyNumber_ToBase
PyNumber_TrueDivide
PyNumber_Xor
PyOS_AfterFork
PyOS_CheckStack
PyOS_FiniInterrupts
PyOS_InitInterrupts
PyOS_InputHook
PyOS_InterruptOccurred
PyOS_Readline
PyOS_ReadlineFunctionPointer
PyOS_ascii_atof
PyOS_ascii_formatd
PyOS_ascii_strtod
PyOS_double_to_string
PyOS_getsig
PyOS_mystricmp
PyOS_mystrnicmp
PyOS_setsig
PyOS_snprintf
PyOS_string_to_double
PyOS_strtol
PyOS_strtoul
PyOS_vsnprintf

Sections

.text
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 112KB - Virtual size: 111KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
data/meterpreter/ext_server_sniffer.x64.dll
.dll windows x64

96451f6bcbc1cd981d3c3690c6a2589f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ws2_32

ntohs
htonl
getpeername

kernel32

CompareStringW
GetCurrentProcessId
VirtualAlloc
VirtualFree
GetProcessWorkingSetSize
SetProcessWorkingSetSize
OpenProcess
CreateThread
SetThreadPriority
ReleaseSemaphore
WaitForMultipleObjects
WaitForSingleObjectEx
CreateEventA
CreateSemaphoreA
VirtualLock
VirtualUnlock
TerminateThread
CreateIoCompletionPort
GetQueuedCompletionStatus
PostQueuedCompletionStatus
SetEvent
WaitForSingleObject
Sleep
DeviceIoControl
IsBadReadPtr
GetTickCount
GetCurrentThreadId
GetSystemTimeAsFileTime
GetCurrentProcess
GetSystemInfo
GetFileAttributesW
CreateFileW
HeapAlloc
HeapReAlloc
HeapFree
GetProcessHeap
GetFileSize
ReadFile
ResetEvent
FreeLibrary
GetProcAddress
LoadLibraryW
GlobalAlloc
GlobalReAlloc
GlobalLock
GlobalHandle
GlobalUnlock
GlobalFree
WriteFile
SetEndOfFile
SetFilePointer
VirtualProtect
WriteConsoleW
SetStdHandle
GetStringTypeW
SetFilePointerEx
GetConsoleMode
GetConsoleCP
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
CreateFileA
GetSystemDirectoryW
GetLocalTime
CloseHandle
InitializeCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
WideCharToMultiByte
MultiByteToWideChar
PulseEvent
GetLastError
ExitThread
SetUnhandledExceptionFilter
ExitProcess
FlushFileBuffers
ReadConsoleW
GetVersionExA
LCMapStringW
OutputDebugStringW
RaiseException
LoadLibraryExA
ResumeThread
ReleaseMutex
CreateMutexA
LoadLibraryA
GetSystemTime
SystemTimeToFileTime
GetCommandLineA
EncodePointer
DecodePointer
RtlPcToFileHeader
RtlUnwindEx
RtlLookupFunctionEntry
GetModuleHandleExW
GetStdHandle
GetModuleFileNameW
IsDebuggerPresent
IsProcessorFeaturePresent
SetLastError
GetFileType
GetStartupInfoW
GetModuleFileNameA
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
RtlCaptureContext
RtlVirtualUnwind
UnhandledExceptionFilter
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleW
HeapSize
LoadLibraryExW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo

user32

LoadCursorW
MessageBoxW
wsprintfA
SetCursor
EnumThreadWindows
GetParent
GetDesktopWindow
IsWindowVisible
wsprintfW

advapi32

RegCreateKeyExW
UnlockServiceDatabase
StartServiceW
QueryServiceStatus
QueryServiceConfigW
OpenServiceW
OpenSCManagerW
LockServiceDatabase
DeleteService
CreateServiceW
ControlService
CloseServiceHandle
ChangeServiceConfigW
RegSetValueExW
RegQueryInfoKeyW
RegEnumKeyExW
RegDeleteValueW
RegQueryValueExW
RegOpenKeyExW
RegCloseKey

ole32

CoInitializeEx
CoCreateInstance
CoUninitialize

Exports

Exports

DeinitServerExtension
GetExtensionName
InitServerExtension
ReflectiveLoader

Sections

.text
Size: 245KB - Virtual size: 244KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 90KB - Virtual size: 89KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 69KB - Virtual size: 97KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
data/meterpreter/ext_server_sniffer.x86.dll
.dll windows x86

a982a0156f78161688814494d07e12ec

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

htonl
ntohs
getpeername

kernel32

GetCurrentProcessId
VirtualAlloc
VirtualFree
GetProcessWorkingSetSize
SetProcessWorkingSetSize
OpenProcess
CreateThread
SetThreadPriority
ReleaseSemaphore
WaitForMultipleObjects
WaitForSingleObjectEx
CreateEventA
CreateSemaphoreA
VirtualLock
VirtualUnlock
TerminateThread
CreateIoCompletionPort
GetQueuedCompletionStatus
PostQueuedCompletionStatus
SetEvent
ResetEvent
WaitForSingleObject
Sleep
DeviceIoControl
IsBadReadPtr
GetTickCount
InterlockedIncrement
InterlockedDecrement
InterlockedExchangeAdd
GetCurrentThreadId
GetSystemTimeAsFileTime
GetCurrentProcess
CompareStringW
GetFileAttributesW
GetVersionExA
HeapAlloc
HeapReAlloc
HeapFree
GetProcessHeap
GetFileSize
ReadFile
FreeLibrary
GetProcAddress
LoadLibraryW
GlobalAlloc
GlobalReAlloc
GlobalLock
GlobalHandle
GlobalUnlock
GlobalFree
WriteFile
SetEndOfFile
SetFilePointer
VirtualProtect
GetConsoleCP
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
GetConsoleMode
LCMapStringW
OutputDebugStringW
DeleteFileA
CreateFileW
CreateFileA
GetSystemDirectoryW
GetSystemDirectoryA
GetLocalTime
CloseHandle
lstrcmpA
InitializeCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
WideCharToMultiByte
MultiByteToWideChar
PulseEvent
GetLastError
ExitThread
SetUnhandledExceptionFilter
ExitProcess
FlushFileBuffers
ReadConsoleW
GetSystemInfo
WriteConsoleW
SetStdHandle
GetStringTypeW
SetFilePointerEx
RaiseException
LoadLibraryExA
ResumeThread
ReleaseMutex
CreateMutexA
LoadLibraryA
GetSystemTime
SystemTimeToFileTime
GetCommandLineA
RtlUnwind
GetModuleHandleExW
GetStdHandle
GetModuleFileNameW
IsProcessorFeaturePresent
IsDebuggerPresent
SetLastError
GetFileType
GetStartupInfoW
GetModuleFileNameA
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
UnhandledExceptionFilter
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleW
HeapSize
VirtualQuery
LoadLibraryExW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo

user32

EnumThreadWindows
GetParent
GetDesktopWindow
LoadCursorW
SetCursor
wsprintfA
MessageBoxW
wsprintfW
IsWindowVisible

advapi32

StartServiceW
QueryServiceStatus
QueryServiceConfigW
OpenServiceW
OpenSCManagerW
LockServiceDatabase
DeleteService
CreateServiceW
ControlService
CloseServiceHandle
ChangeServiceConfigW
RegSetValueExW
RegQueryInfoKeyW
RegEnumKeyExW
RegDeleteValueW
RegCreateKeyExW
RegQueryValueExW
RegQueryValueExA
RegQueryInfoKeyA
RegOpenKeyExW
RegOpenKeyExA
RegEnumKeyExA
RegCloseKey
UnlockServiceDatabase

ole32

CoUninitialize
CoInitializeEx
CoCreateInstance

Exports

Exports

DeinitServerExtension
GetExtensionName
InitServerExtension
_ReflectiveLoader@0

Sections

.text
Size: 214KB - Virtual size: 214KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 58KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 130KB - Virtual size: 153KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
data/meterpreter/ext_server_stdapi.jar
.jar
data/meterpreter/ext_server_stdapi.php
.ps1
data/meterpreter/ext_server_stdapi.py
.py .js
data/meterpreter/ext_server_stdapi.x64.dll
.dll windows x64

fd63c0a48290039784ebb6b5b4c0616d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

psapi

EnumDeviceDrivers
GetDeviceDriverBaseNameW
GetDeviceDriverFileNameW

winmm

waveInAddBuffer
waveInStart
waveInStop
sndPlaySoundA
waveInOpen
waveInPrepareHeader

iphlpapi

GetIpNetTable
GetUdpTable
GetIfEntry
GetIpAddrTable
GetIpForwardTable
CreateIpForwardEntry
DeleteIpForwardEntry
GetTcpTable

shlwapi

SHDeleteKeyW

ws2_32

getsockname
bind
accept
WSASocketA
WSAEventSelect
WSACreateEvent
shutdown
send
select
recv
connect
closesocket
WSAGetLastError
WSASetLastError
WSACleanup
WSAStartup
getservbyname
getservbyport
gethostbyname
gethostbyaddr
inet_ntoa
inet_addr
htons
ntohs
htonl
listen
setsockopt
recvfrom
sendto
ntohl

kernel32

DeleteCriticalSection
GetFileType
SetFilePointerEx
ReadConsoleW
GetLastError
GetLogicalDriveStringsA
GetDriveTypeA
GetDiskFreeSpaceExA
GetProcAddress
CloseHandle
GetModuleHandleA
FreeLibrary
GlobalFree
LoadLibraryA
GetSystemDirectoryA
ExitProcess
SetUnhandledExceptionFilter
ExitThread
SetLastError
FindClose
lstrcmpiW
lstrcpyW
lstrlenW
ExpandEnvironmentStringsW
SetCurrentDirectoryW
GetCurrentDirectoryW
CreateDirectoryW
RemoveDirectoryW
SetFileAttributesW
GetFileAttributesW
GetFileAttributesExW
DeleteFileW
FindFirstFileW
FindNextFileW
CopyFileW
MoveFileW
GetLogicalDrives
GetDriveTypeW
GetSystemDefaultLCID
GetVersionExA
ResetEvent
Sleep
OpenProcess
GetCurrentProcess
VirtualAlloc
VirtualAllocEx
TerminateProcess
ReadProcessMemory
WriteProcessMemory
GetThreadContext
SetThreadContext
ResumeThread
VirtualFreeEx
VirtualProtectEx
VirtualQueryEx
VirtualLock
VirtualUnlock
GetCurrentProcessId
GetCurrentThread
WaitForSingleObject
RtlVirtualUnwind
ReadFile
CreatePipe
PeekNamedPipe
CreateProcessA
WideCharToMultiByte
OpenThread
TerminateThread
SuspendThread
CreateToolhelp32Snapshot
Thread32First
Thread32Next
GetExitCodeThread
WaitForSingleObjectEx
LocalFree
GetStartupInfoW
GetTimeZoneInformation
GetEnvironmentVariableW
GetComputerNameA
GetLocaleInfoA
GetHandleInformation
GetTickCount
ConnectNamedPipe
DisconnectNamedPipe
CreateNamedPipeA
HeapAlloc
HeapFree
GetProcessHeap
CreateThread
GetSystemTime
GetTimeFormatW
GetDateFormatW
LockResource
LoadResource
SizeofResource
ExpandEnvironmentStringsA
FindResourceA
GetFileAttributesA
DeleteFileA
FormatMessageA
SetEvent
CreateEventA
GetConsoleMode
UnhandledExceptionFilter
LeaveCriticalSection
EnterCriticalSection
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
IsProcessorFeaturePresent
IsDebuggerPresent
GetModuleFileNameW
GetStdHandle
AreFileApisANSI
GetModuleHandleExW
GetSystemTimeAsFileTime
GetCommandLineA
DecodePointer
EncodePointer
RtlUnwindEx
HeapReAlloc
SystemTimeToFileTime
GetThreadId
CreateRemoteThread
VirtualFree
CreateMutexA
ReleaseMutex
GetCurrentThreadId
MultiByteToWideChar
LoadLibraryExA
RaiseException
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleW
LoadLibraryExW
OutputDebugStringW
GetStringTypeW
CompareStringW
GetConsoleCP
RtlPcToFileHeader
GetModuleFileNameA
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
RtlCaptureContext
GetLocalTime
RtlLookupFunctionEntry
LCMapStringW
SetStdHandle
FlushFileBuffers
WriteConsoleW
CreateFileW
HeapSize
SetEndOfFile
WriteFile
SetEnvironmentVariableA

user32

wsprintfW
OpenDesktopA
GetSystemMetrics
GetWindowThreadProcessId
EnumChildWindows
GetForegroundWindow
MapVirtualKeyA
SendInput
GetKeyNameTextW
GetKeyboardState
GetAsyncKeyState
GetKeyState
DestroyWindow
CreateWindowExA
RegisterClassExA
UnregisterClassA
DefWindowProcA
SendMessageA
DispatchMessageA
TranslateMessage
GetMessageA
ToUnicodeEx
GetProcessWindowStation
SetProcessWindowStation
CloseWindowStation
EnumWindowStationsA
OpenWindowStationA
CloseDesktop
SetThreadDesktop
SwitchDesktop
EnumDesktopsA
ExitWindowsEx

advapi32

OpenEventLogA
ConvertSidToStringSidA
ImpersonateLoggedOnUser
GetNumberOfEventLogRecords
CloseEventLog
ClearEventLogA
RegUnLoadKeyW
RegSetValueExW
RegQueryValueExW
RegQueryInfoKeyW
RegQueryInfoKeyA
RegOpenKeyExW
RegOpenKeyW
RegLoadKeyW
RegEnumValueW
RegEnumKeyW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
RegConnectRegistryW
RegCloseKey
LookupAccountSidA
GetTokenInformation
DuplicateTokenEx
CreateProcessAsUserA
OpenThreadToken
LookupPrivilegeValueA
AdjustTokenPrivileges
OpenProcessToken
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptGetHashParam
CryptReleaseContext
CryptAcquireContextA
ReadEventLogA
RevertToSelf
LookupAccountSidW
GetOldestEventLogRecord

ole32

CoUninitialize
CoCreateInstance
CoInitialize

oleaut32

VariantInit
VariantClear

mpr

WNetGetUniversalNameA

netapi32

NetWkstaGetInfo

Exports

Exports

DeinitServerExtension
GetExtensionName
InitServerExtension
ReflectiveLoader

Sections

.text
Size: 248KB - Virtual size: 247KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 71KB - Virtual size: 70KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 30KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 40KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
data/meterpreter/ext_server_stdapi.x86.dll
.dll windows x86

327f19daaa9bfee0f9cc27197fccbf1d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

psapi

GetDeviceDriverFileNameW
GetDeviceDriverBaseNameW
EnumDeviceDrivers

winmm

waveInAddBuffer
waveInStart
waveInStop
sndPlaySoundA
waveInOpen
waveInPrepareHeader

iphlpapi

GetIpNetTable
GetUdpTable
GetIfEntry
GetIpAddrTable
GetIpForwardTable
CreateIpForwardEntry
DeleteIpForwardEntry
GetTcpTable

shlwapi

SHDeleteKeyW

ws2_32

getsockname
bind
accept
WSASocketA
WSAEventSelect
WSACreateEvent
shutdown
send
select
recv
connect
closesocket
WSAGetLastError
WSASetLastError
WSACleanup
WSAStartup
getservbyname
getservbyport
gethostbyname
gethostbyaddr
inet_ntoa
inet_addr
htons
ntohs
htonl
listen
setsockopt
recvfrom
sendto
ntohl

kernel32

SetFilePointerEx
ReadConsoleW
GetConsoleMode
GetCPInfo
GetLastError
GetLogicalDriveStringsA
GetDriveTypeA
GetDiskFreeSpaceExA
GetProcAddress
CloseHandle
GetModuleHandleA
FreeLibrary
GlobalFree
LoadLibraryA
GetSystemDirectoryA
ExitProcess
SetUnhandledExceptionFilter
ExitThread
SetLastError
FindClose
lstrcmpiW
lstrcpyW
lstrlenW
ExpandEnvironmentStringsW
SetCurrentDirectoryW
GetCurrentDirectoryW
CreateDirectoryW
RemoveDirectoryW
SetFileAttributesW
GetFileAttributesW
GetFileAttributesExW
DeleteFileW
FindFirstFileW
FindNextFileW
CopyFileW
MoveFileW
GetLogicalDrives
GetDriveTypeW
GetSystemDefaultLCID
GetVersionExA
ResetEvent
Sleep
OpenProcess
GetCurrentProcess
VirtualAllocEx
WriteProcessMemory
GetThreadContext
SetThreadContext
VirtualFreeEx
VirtualProtectEx
VirtualQueryEx
ReadProcessMemory
VirtualLock
VirtualUnlock
GetCurrentProcessId
TerminateProcess
GetCurrentThread
FreeEnvironmentStringsW
WaitForSingleObject
WriteFile
ReadFile
CreatePipe
PeekNamedPipe
CreateProcessA
WideCharToMultiByte
OpenThread
TerminateThread
SuspendThread
CreateToolhelp32Snapshot
Thread32First
Thread32Next
GetExitCodeThread
WaitForSingleObjectEx
GetFileType
GetLocalTime
GetTimeZoneInformation
GetEnvironmentVariableW
GetComputerNameA
GetLocaleInfoA
GetHandleInformation
GetTickCount
ConnectNamedPipe
DisconnectNamedPipe
CreateNamedPipeA
HeapAlloc
HeapFree
GetProcessHeap
CreateThread
GetSystemTime
GetTimeFormatW
GetDateFormatW
LockResource
LoadResource
SizeofResource
ExpandEnvironmentStringsA
FindResourceA
GetFileAttributesA
DeleteFileA
FormatMessageA
SetEvent
CreateEventA
UnhandledExceptionFilter
GetOEMCP
GetACP
IsValidCodePage
GetModuleFileNameW
GetStdHandle
GetSystemTimeAsFileTime
IsProcessorFeaturePresent
IsDebuggerPresent
LeaveCriticalSection
EnterCriticalSection
AreFileApisANSI
GetModuleHandleExW
GetCommandLineA
HeapReAlloc
VirtualProtect
SystemTimeToFileTime
GetThreadId
CreateRemoteThread
VirtualFree
VirtualAlloc
CreateMutexA
ReleaseMutex
GetCurrentThreadId
MultiByteToWideChar
LoadLibraryExA
RaiseException
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleW
LoadLibraryExW
FlushFileBuffers
OutputDebugStringW
GetStringTypeW
DeleteCriticalSection
GetStartupInfoW
GetConsoleCP
RtlUnwind
VirtualQuery
GetModuleFileNameA
QueryPerformanceCounter
LocalFree
GetEnvironmentStringsW
CompareStringW
LCMapStringW
SetStdHandle
WriteConsoleW
CreateFileW
HeapSize
SetEnvironmentVariableA
ResumeThread
SetEndOfFile

user32

ExitWindowsEx
OpenDesktopA
GetSystemMetrics
GetWindowThreadProcessId
EnumChildWindows
GetForegroundWindow
MapVirtualKeyA
SendInput
GetKeyNameTextW
GetKeyboardState
GetAsyncKeyState
GetKeyState
DestroyWindow
CreateWindowExA
RegisterClassExA
UnregisterClassA
DefWindowProcA
SendMessageA
DispatchMessageA
TranslateMessage
GetMessageA
ToUnicodeEx
GetProcessWindowStation
SetProcessWindowStation
CloseWindowStation
EnumWindowStationsA
OpenWindowStationA
CloseDesktop
SetThreadDesktop
SwitchDesktop
EnumDesktopsA
wsprintfW

advapi32

ClearEventLogA
ConvertSidToStringSidA
ImpersonateLoggedOnUser
RegSetValueExW
RegQueryValueExW
RegQueryInfoKeyW
RegQueryInfoKeyA
RegOpenKeyExW
RegOpenKeyW
RegLoadKeyW
RegEnumValueW
RegEnumKeyW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
RegConnectRegistryW
RegCloseKey
LookupAccountSidA
GetTokenInformation
DuplicateTokenEx
CreateProcessAsUserA
OpenThreadToken
LookupPrivilegeValueA
AdjustTokenPrivileges
OpenProcessToken
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptGetHashParam
CryptReleaseContext
CryptAcquireContextA
CloseEventLog
GetNumberOfEventLogRecords
GetOldestEventLogRecord
OpenEventLogA
ReadEventLogA
RevertToSelf
LookupAccountSidW
RegUnLoadKeyW

ole32

CoCreateInstance
CoUninitialize
CoInitialize

oleaut32

VariantClear
VariantInit

mpr

WNetGetUniversalNameA

netapi32

NetWkstaGetInfo

Exports

Exports

DeinitServerExtension
GetExtensionName
InitServerExtension
_ReflectiveLoader@0

Sections

.text
Size: 250KB - Virtual size: 249KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 25KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 40KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
data/meterpreter/ext_server_unhook.x64.dll
.dll windows x64

7266d93370465e3d388f4abe41855b39

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

VirtualAlloc
VirtualFree
VirtualProtect
CloseHandle
MapViewOfFile
UnmapViewOfFile
CreateFileMappingW
LoadLibraryW
GetModuleHandleW
CreateFileW
ExitProcess
SetUnhandledExceptionFilter
ExitThread
RaiseException
GetLastError
FreeLibrary
GetProcAddress
LoadLibraryExA
HeapFree
MultiByteToWideChar
GetCommandLineA
GetCurrentThreadId
RtlUnwindEx
IsDebuggerPresent
EncodePointer
DecodePointer
IsProcessorFeaturePresent
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
SetLastError
HeapAlloc
GetProcessHeap
GetModuleHandleExW
WideCharToMultiByte
GetStdHandle
GetFileType
DeleteCriticalSection
GetStartupInfoW
GetModuleFileNameA
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetEnvironmentStringsW
FreeEnvironmentStringsW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
Sleep
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
EnterCriticalSection
LeaveCriticalSection
GetStringTypeW
LCMapStringW
WriteFile
GetModuleFileNameW
LoadLibraryExW
HeapReAlloc
OutputDebugStringW
HeapSize
FlushFileBuffers
GetConsoleCP
GetConsoleMode
SetStdHandle
SetFilePointerEx
WriteConsoleW

Exports

Exports

DeinitServerExtension
InitServerExtension
ReflectiveLoader

Sections

.text
Size: 51KB - Virtual size: 51KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
data/meterpreter/ext_server_unhook.x86.dll
.dll windows x86

6e4722a2d72172de112c119c9480172a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

VirtualAlloc
VirtualFree
VirtualProtect
CloseHandle
MapViewOfFile
UnmapViewOfFile
CreateFileMappingW
LoadLibraryW
GetModuleHandleW
CreateFileW
ExitProcess
SetUnhandledExceptionFilter
ExitThread
RaiseException
GetLastError
FreeLibrary
GetProcAddress
LoadLibraryExA
HeapFree
MultiByteToWideChar
GetCommandLineA
GetCurrentThreadId
IsDebuggerPresent
IsProcessorFeaturePresent
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
SetLastError
HeapAlloc
GetProcessHeap
GetModuleHandleExW
WideCharToMultiByte
GetStdHandle
GetFileType
DeleteCriticalSection
GetStartupInfoW
GetModuleFileNameA
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetEnvironmentStringsW
FreeEnvironmentStringsW
UnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
Sleep
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
RtlUnwind
VirtualQuery
EnterCriticalSection
LeaveCriticalSection
GetStringTypeW
LCMapStringW
WriteFile
GetModuleFileNameW
LoadLibraryExW
HeapReAlloc
OutputDebugStringW
HeapSize
FlushFileBuffers
GetConsoleCP
GetConsoleMode
SetStdHandle
SetFilePointerEx
WriteConsoleW

Exports

Exports

DeinitServerExtension
InitServerExtension
_ReflectiveLoader@0

Sections

.text
Size: 55KB - Virtual size: 54KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
data/meterpreter/ext_server_winpmem.x64.dll
.dll windows x64

c76bc389fb7e5b56cb8c2b250ac3be3f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

DeviceIoControl
SetFilePointerEx
CloseHandle
SetHandleInformation
GetNativeSystemInfo
CreatePipe
CreateProcessW
FindResourceW
GetTempPathW
ReadFile
GetFullPathNameW
CreateFileW
DeleteFileW
ExitProcess
SetUnhandledExceptionFilter
GetCurrentThreadId
ExitThread
OutputDebugStringA
WriteFile
GetStdHandle
SizeofResource
LoadResource
GetLastError
GlobalMemoryStatusEx
GetTempFileNameW
LockResource
RaiseException
FreeLibrary
GetProcAddress
LoadLibraryExA
EncodePointer
DecodePointer
HeapFree
HeapAlloc
GetSystemTimeAsFileTime
RtlLookupFunctionEntry
RtlUnwindEx
GetCommandLineA
IsProcessorFeaturePresent
RtlPcToFileHeader
GetProcessHeap
GetModuleHandleExW
MultiByteToWideChar
WideCharToMultiByte
GetModuleFileNameW
IsDebuggerPresent
SetLastError
GetFileType
DeleteCriticalSection
GetStartupInfoW
GetModuleFileNameA
QueryPerformanceCounter
GetCurrentProcessId
GetEnvironmentStringsW
FreeEnvironmentStringsW
RtlCaptureContext
RtlVirtualUnwind
UnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
Sleep
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleW
LCMapStringW
EnterCriticalSection
LeaveCriticalSection
LoadLibraryExW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
OutputDebugStringW
GetConsoleCP
GetConsoleMode
HeapReAlloc
HeapSize
GetStringTypeW
SetStdHandle
WriteConsoleW
FlushFileBuffers

advapi32

OpenServiceW
OpenSCManagerW
DeleteService
CreateServiceW
ControlService
CloseServiceHandle
StartServiceW

Exports

Exports

DeinitServerExtension
InitServerExtension
ReflectiveLoader

Sections

.text
Size: 72KB - Virtual size: 72KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 34KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
data/meterpreter/ext_server_winpmem.x86.dll
.dll windows x86

0535f114ca261fa565d7cc03d9869104

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

DeviceIoControl
SetFilePointerEx
CloseHandle
SetHandleInformation
GetNativeSystemInfo
CreatePipe
CreateProcessW
FindResourceW
GetTempPathW
ReadFile
GetFullPathNameW
CreateFileW
DeleteFileW
ExitProcess
SetUnhandledExceptionFilter
GetCurrentThreadId
ExitThread
OutputDebugStringA
WriteFile
GetStdHandle
SizeofResource
LoadResource
GetLastError
GlobalMemoryStatusEx
GetTempFileNameW
LockResource
RaiseException
FreeLibrary
GetProcAddress
LoadLibraryExA
HeapFree
HeapAlloc
GetSystemTimeAsFileTime
RtlUnwind
GetCommandLineA
IsProcessorFeaturePresent
GetProcessHeap
GetModuleHandleExW
MultiByteToWideChar
WideCharToMultiByte
GetModuleFileNameW
IsDebuggerPresent
SetLastError
GetFileType
DeleteCriticalSection
GetStartupInfoW
GetModuleFileNameA
QueryPerformanceCounter
GetCurrentProcessId
GetEnvironmentStringsW
FreeEnvironmentStringsW
UnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
Sleep
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleW
VirtualQuery
LCMapStringW
EnterCriticalSection
LeaveCriticalSection
LoadLibraryExW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
OutputDebugStringW
GetConsoleCP
GetConsoleMode
HeapReAlloc
HeapSize
GetStringTypeW
SetStdHandle
WriteConsoleW
FlushFileBuffers

advapi32

OpenServiceW
OpenSCManagerW
DeleteService
CreateServiceW
ControlService
CloseServiceHandle
StartServiceW

Exports

Exports

DeinitServerExtension
InitServerExtension
_ReflectiveLoader@0

Sections

.text
Size: 65KB - Virtual size: 65KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
data/meterpreter/meterpreter.jar
.jar
data/meterpreter/meterpreter.php
.ps1
data/meterpreter/meterpreter.py
.sh .js linux
data/meterpreter/metsrv.x64.dll
.dll windows x64

9a9051067ad471b1d048919084f55c99

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ws2_32

recv
select
ntohl
WSASetLastError
send
setsockopt
socket
gethostbyaddr
gethostbyname
getservbyport
getservbyname
WSAStartup
htons
WSADuplicateSocketA
WSAGetLastError
ntohs
listen
inet_ntoa
inet_addr
connect
closesocket
bind
accept
htonl

crypt32

CryptImportPublicKeyInfo
CryptDecodeObjectEx
CryptStringToBinaryA
CertGetCertificateContextProperty

wininet

InternetOpenW
InternetCloseHandle
InternetConnectW
InternetReadFile
InternetSetOptionW
HttpOpenRequestW
HttpSendRequestW
HttpQueryInfoW
InternetCrackUrlW

winhttp

WinHttpReadData
WinHttpQueryOption
WinHttpSetOption
WinHttpOpenRequest
WinHttpConnect
WinHttpReceiveResponse
WinHttpQueryHeaders
WinHttpGetProxyForUrl
WinHttpGetIEProxyConfigForCurrentUser
WinHttpCloseHandle
WinHttpOpen
WinHttpCrackUrl
WinHttpSendRequest

kernel32

HeapSize
LCMapStringW
GetStringTypeW
SetFilePointerEx
GetConsoleMode
GetConsoleCP
OutputDebugStringW
LoadLibraryExW
LeaveCriticalSection
EnterCriticalSection
TlsFree
TlsSetValue
TlsGetValue
GetProcAddress
FlushInstructionCache
VirtualAlloc
VirtualFree
VirtualProtect
VirtualQuery
WriteProcessMemory
LoadLibraryA
LoadLibraryW
GetModuleHandleA
ExitProcess
SetUnhandledExceptionFilter
ExitThread
GetLastError
GetSystemDirectoryW
GetVolumeInformationW
SetStdHandle
FreeLibrary
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
SetLastError
GetModuleHandleW
LocalAlloc
GetOverlappedResult
ResetEvent
WriteFile
ReadFile
CloseHandle
ConnectNamedPipe
CreateEventW
CreateNamedPipeA
Sleep
DuplicateHandle
SetHandleInformation
SetNamedPipeHandleState
PeekNamedPipe
CreateFileW
CreateNamedPipeW
GetSystemDirectoryA
GlobalFree
TlsAlloc
TerminateProcess
InitializeCriticalSectionAndSpinCount
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetModuleFileNameA
GetStartupInfoW
DeleteCriticalSection
GetFileType
GetCPInfo
GetOEMCP
GetACP
WriteConsoleW
ResumeThread
GetComputerNameW
GetFileSize
CreateFileA
CreateThread
TerminateThread
IsValidCodePage
SetEvent
ReleaseMutex
WaitForSingleObject
CreateMutexA
CreateEventA
WaitForMultipleObjects
GetSystemTime
SystemTimeToFileTime
LocalFree
VirtualAllocEx
OpenProcess
OpenThread
SuspendThread
GetVersionExA
CreateToolhelp32Snapshot
Thread32First
Thread32Next
CreateRemoteThread
GetThreadId
HeapFree
HeapAlloc
HeapReAlloc
GetSystemTimeAsFileTime
RtlUnwindEx
WideCharToMultiByte
GetCommandLineA
MultiByteToWideChar
IsDebuggerPresent
EncodePointer
DecodePointer
IsProcessorFeaturePresent
GetProcessHeap
GetModuleHandleExW
GetStdHandle
GetModuleFileNameW
FlushFileBuffers

user32

GetProcessWindowStation
GetUserObjectInformationW
GetThreadDesktop

advapi32

SetEntriesInAclW
CryptDuplicateKey
CryptDecrypt
CryptEncrypt
CryptImportKey
CryptGenRandom
CryptSetKeyParam
CryptDestroyKey
CryptReleaseContext
CryptAcquireContextA
ImpersonateLoggedOnUser
LookupPrivilegeValueA
LookupPrivilegeValueW
SetSecurityDescriptorSacl
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
InitializeAcl
AllocateAndInitializeSid
AdjustTokenPrivileges
OpenThreadToken
OpenProcessToken

ole32

CoCreateGuid

Exports

Exports

Init
ReflectiveLoader
buffer_from_file
buffer_to_file
channel_close
channel_create
channel_create_datagram
channel_create_pool
channel_create_stream
channel_default_io_handler
channel_destroy
channel_exists
channel_find_by_id
channel_get_buffered_io_context
channel_get_class
channel_get_flags
channel_get_id
channel_get_native_io_context
channel_get_type
channel_interact
channel_is_flag
channel_is_interactive
channel_open
channel_read
channel_read_from_buffered
channel_set_buffered_io_handler
channel_set_flags
channel_set_interactive
channel_set_native_io_context
channel_set_type
channel_write
channel_write_to_buffered
channel_write_to_remote
command_deregister
command_deregister_all
command_handle
command_join_threads
command_register
command_register_all
core_update_desktop
core_update_thread_token
packet_add_completion_handler
packet_add_exception
packet_add_group
packet_add_request_id
packet_add_tlv_bool
packet_add_tlv_group
packet_add_tlv_qword
packet_add_tlv_raw
packet_add_tlv_string
packet_add_tlv_uint
packet_add_tlv_wstring
packet_add_tlv_wstring_len
packet_add_tlvs
packet_call_completion_handlers
packet_create
packet_create_group
packet_create_response
packet_destroy
packet_enum_tlv
packet_get_tlv
packet_get_tlv_group_entry
packet_get_tlv_meta
packet_get_tlv_string
packet_get_tlv_value_bool
packet_get_tlv_value_qword
packet_get_tlv_value_raw
packet_get_tlv_value_string
packet_get_tlv_value_uint
packet_get_tlv_value_wstring
packet_get_type
packet_is_tlv_null_terminated
packet_remove_completion_handler
packet_transmit
packet_transmit_empty_response
packet_transmit_response
scheduler_destroy
scheduler_initialize
scheduler_insert_waitable
scheduler_signal_waitable
scheduler_waitable_thread

Sections

.text
Size: 136KB - Virtual size: 135KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 41KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
data/meterpreter/metsrv.x86.dll
.dll windows x86

b369089eef97f01fa6e25e5b6fe83274

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

recv
select
ntohl
WSASetLastError
send
setsockopt
socket
gethostbyaddr
gethostbyname
getservbyport
getservbyname
WSAStartup
htons
WSADuplicateSocketA
WSAGetLastError
ntohs
listen
inet_ntoa
inet_addr
connect
closesocket
bind
accept
htonl

crypt32

CryptDecodeObjectEx
CryptImportPublicKeyInfo
CryptStringToBinaryA
CertGetCertificateContextProperty

wininet

InternetOpenW
InternetCloseHandle
InternetConnectW
InternetReadFile
InternetSetOptionW
HttpOpenRequestW
HttpSendRequestW
HttpQueryInfoW
InternetCrackUrlW

winhttp

WinHttpReadData
WinHttpQueryOption
WinHttpSetOption
WinHttpOpenRequest
WinHttpConnect
WinHttpReceiveResponse
WinHttpQueryHeaders
WinHttpGetProxyForUrl
WinHttpGetIEProxyConfigForCurrentUser
WinHttpCloseHandle
WinHttpOpen
WinHttpCrackUrl
WinHttpSendRequest

kernel32

HeapSize
LCMapStringW
GetStringTypeW
SetFilePointerEx
GetConsoleMode
GetConsoleCP
OutputDebugStringW
LoadLibraryExW
LeaveCriticalSection
EnterCriticalSection
RaiseException
TlsFree
TlsSetValue
GetProcAddress
FlushInstructionCache
VirtualAlloc
VirtualFree
VirtualProtect
VirtualQuery
WriteProcessMemory
LoadLibraryA
LoadLibraryW
GetModuleHandleA
ExitProcess
SetUnhandledExceptionFilter
ExitThread
GetLastError
GetSystemDirectoryW
GetVolumeInformationW
SetStdHandle
FreeLibrary
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
SetLastError
GetModuleHandleW
LocalAlloc
GetOverlappedResult
ResetEvent
WriteFile
ReadFile
CloseHandle
ConnectNamedPipe
CreateEventW
CreateNamedPipeA
Sleep
DuplicateHandle
SetHandleInformation
SetNamedPipeHandleState
PeekNamedPipe
CreateFileW
CreateNamedPipeW
GetSystemDirectoryA
GlobalFree
TlsGetValue
TlsAlloc
TerminateProcess
InitializeCriticalSectionAndSpinCount
UnhandledExceptionFilter
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetModuleFileNameA
GetStartupInfoW
DeleteCriticalSection
GetFileType
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
RtlUnwind
CreateThread
WriteConsoleW
GetComputerNameW
GetFileSize
CreateFileA
TerminateThread
ResumeThread
SetEvent
ReleaseMutex
WaitForSingleObject
CreateMutexA
CreateEventA
WaitForMultipleObjects
GetSystemTime
SystemTimeToFileTime
LocalFree
VirtualAllocEx
OpenProcess
VirtualQueryEx
OpenThread
SuspendThread
GetVersionExA
CreateToolhelp32Snapshot
Thread32First
Thread32Next
CreateRemoteThread
GetThreadId
VirtualProtectEx
HeapFree
HeapAlloc
HeapReAlloc
GetSystemTimeAsFileTime
WideCharToMultiByte
GetCommandLineA
MultiByteToWideChar
IsDebuggerPresent
IsProcessorFeaturePresent
GetProcessHeap
GetModuleHandleExW
GetStdHandle
GetModuleFileNameW
FlushFileBuffers

user32

GetProcessWindowStation
GetUserObjectInformationW
GetThreadDesktop

advapi32

SetSecurityDescriptorSacl
CryptDuplicateKey
CryptDecrypt
CryptEncrypt
CryptImportKey
CryptGenRandom
CryptSetKeyParam
CryptDestroyKey
CryptReleaseContext
CryptAcquireContextA
ImpersonateLoggedOnUser
SetEntriesInAclW
LookupPrivilegeValueW
LookupPrivilegeValueA
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
InitializeAcl
AllocateAndInitializeSid
AdjustTokenPrivileges
OpenThreadToken
OpenProcessToken

ole32

CoCreateGuid

Exports

Exports

Init
_ReflectiveLoader@0
_scheduler_waitable_thread@4
buffer_from_file
buffer_to_file
channel_close
channel_create
channel_create_datagram
channel_create_pool
channel_create_stream
channel_default_io_handler
channel_destroy
channel_exists
channel_find_by_id
channel_get_buffered_io_context
channel_get_class
channel_get_flags
channel_get_id
channel_get_native_io_context
channel_get_type
channel_interact
channel_is_flag
channel_is_interactive
channel_open
channel_read
channel_read_from_buffered
channel_set_buffered_io_handler
channel_set_flags
channel_set_interactive
channel_set_native_io_context
channel_set_type
channel_write
channel_write_to_buffered
channel_write_to_remote
command_deregister
command_deregister_all
command_handle
command_join_threads
command_register
command_register_all
core_update_desktop
core_update_thread_token
packet_add_completion_handler
packet_add_exception
packet_add_group
packet_add_request_id
packet_add_tlv_bool
packet_add_tlv_group
packet_add_tlv_qword
packet_add_tlv_raw
packet_add_tlv_string
packet_add_tlv_uint
packet_add_tlv_wstring
packet_add_tlv_wstring_len
packet_add_tlvs
packet_call_completion_handlers
packet_create
packet_create_group
packet_create_response
packet_destroy
packet_enum_tlv
packet_get_tlv
packet_get_tlv_group_entry
packet_get_tlv_meta
packet_get_tlv_string
packet_get_tlv_value_bool
packet_get_tlv_value_qword
packet_get_tlv_value_raw
packet_get_tlv_value_string
packet_get_tlv_value_uint
packet_get_tlv_value_wstring
packet_get_type
packet_is_tlv_null_terminated
packet_remove_completion_handler
packet_transmit
packet_transmit_empty_response
packet_transmit_response
scheduler_destroy
scheduler_initialize
scheduler_insert_waitable
scheduler_signal_waitable

Sections

.text
Size: 128KB - Virtual size: 128KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
data/meterpreter/screenshot.x64.dll
.dll windows x64

448cc6134851742b014a9872c79fc4a2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

CreateFileA
GetVersionExA
ReadFile
CreateFileW
SetEnvironmentVariableA
WriteConsoleW
LoadLibraryA
HeapSize
HeapReAlloc
LCMapStringW
CompareStringW
CloseHandle
WriteFile
GetLastError
ExitThread
GetCurrentThreadId
GetProcAddress
FreeLibrary
GlobalFree
LocalAlloc
SetStdHandle
GlobalAlloc
HeapFree
HeapAlloc
GetCommandLineA
EncodePointer
DecodePointer
ExitProcess
GetModuleHandleExW
MultiByteToWideChar
WideCharToMultiByte
EnterCriticalSection
LeaveCriticalSection
IsDebuggerPresent
IsProcessorFeaturePresent
GetProcessHeap
GetStdHandle
GetModuleFileNameW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
SetLastError
GetFileType
DeleteCriticalSection
GetStartupInfoW
GetModuleFileNameA
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetEnvironmentStringsW
FreeEnvironmentStringsW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
Sleep
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleW
RtlUnwindEx
LoadLibraryExW
FlushFileBuffers
GetConsoleCP
GetConsoleMode
OutputDebugStringW
SetFilePointerEx
GetStringTypeW
ReadConsoleW

user32

GetDesktopWindow
ReleaseDC
GetDC
GetSystemMetrics
GetProcessWindowStation
SetProcessWindowStation
CloseWindowStation
OpenWindowStationA
GetThreadDesktop
CloseDesktop
SetThreadDesktop
OpenInputDesktop

gdi32

SelectObject
DeleteObject
DeleteDC
CreateCompatibleDC
CreateCompatibleBitmap
GetObjectA
GetDIBits
StretchBlt

advapi32

RevertToSelf

Exports

Exports

ReflectiveLoader

Sections

.text
Size: 142KB - Virtual size: 141KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 41KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
data/meterpreter/screenshot.x86.dll
.dll windows x86

2fe88963b5bfb23726c0440e28530088

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateFileA
GetVersionExA
ReadFile
CreateFileW
SetEnvironmentVariableA
WriteConsoleW
LoadLibraryA
HeapSize
HeapReAlloc
RtlUnwind
LCMapStringW
CompareStringW
CloseHandle
WriteFile
GetLastError
ExitThread
GetCurrentThreadId
GetProcAddress
FreeLibrary
GlobalFree
LocalAlloc
SetStdHandle
GlobalAlloc
HeapFree
HeapAlloc
GetCommandLineA
ExitProcess
GetModuleHandleExW
MultiByteToWideChar
WideCharToMultiByte
EnterCriticalSection
LeaveCriticalSection
IsDebuggerPresent
IsProcessorFeaturePresent
GetProcessHeap
GetStdHandle
GetModuleFileNameW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
SetLastError
GetFileType
DeleteCriticalSection
GetStartupInfoW
GetModuleFileNameA
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetEnvironmentStringsW
FreeEnvironmentStringsW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
Sleep
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleW
LoadLibraryExW
FlushFileBuffers
GetConsoleCP
GetConsoleMode
OutputDebugStringW
SetFilePointerEx
GetStringTypeW
ReadConsoleW

user32

GetDesktopWindow
ReleaseDC
GetDC
GetSystemMetrics
GetProcessWindowStation
SetProcessWindowStation
CloseWindowStation
OpenWindowStationA
GetThreadDesktop
CloseDesktop
SetThreadDesktop
OpenInputDesktop

gdi32

SelectObject
DeleteObject
DeleteDC
CreateCompatibleDC
CreateCompatibleBitmap
GetObjectA
GetDIBits
StretchBlt

advapi32

RevertToSelf

Exports

Exports

_ReflectiveLoader@4

Sections

.text
Size: 161KB - Virtual size: 160KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
lib/metasploit-payloads.rb
lib/metasploit-payloads/version.rb
metasploit-payloads.gemspec

Sharing

General

Malware Config

Signatures

Files

db30ab1188e9f9fd120bcbcaad845d09

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

Exports

Exports

Sections

.text Size: 51KB - Virtual size: 51KB

.rdata Size: 26KB - Virtual size: 25KB

.data Size: 5KB - Virtual size: 14KB

.pdata Size: 3KB - Virtual size: 2KB

.reloc Size: 1KB - Virtual size: 1KB

ac83dcf5b14ce9a671baa4aca9d1c533

Headers

File Characteristics

Imports

kernel32

advapi32

Exports

Exports

Sections

.text Size: 49KB - Virtual size: 48KB

.rdata Size: 18KB - Virtual size: 18KB

.data Size: 4KB - Virtual size: 11KB

.reloc Size: 3KB - Virtual size: 3KB

08c5b4e8b3d7e279da32d10b0d63d540

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

avicap32

winmm

Exports

Exports

Sections

.text Size: 140KB - Virtual size: 140KB

.rdata Size: 41KB - Virtual size: 41KB

.data Size: 7KB - Virtual size: 15KB

.pdata Size: 7KB - Virtual size: 6KB

.reloc Size: 2KB - Virtual size: 1KB

1d8c05c04a8f20d6e22dfd52c5b4ba86

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

avicap32

winmm

Exports

Exports

Sections

.text Size: 159KB - Virtual size: 158KB

.rdata Size: 28KB - Virtual size: 27KB

.data Size: 5KB - Virtual size: 12KB

.reloc Size: 5KB - Virtual size: 4KB

2cc392a77685bbbb068ec4f3526e525b

Headers

DLL Characteristics

File Characteristics

Imports

gdiplus

ws2_32

kernel32

user32

advapi32

ole32

oleaut32

.text
Size: 51KB - Virtual size: 51KB

.rdata
Size: 26KB - Virtual size: 25KB

.data
Size: 5KB - Virtual size: 14KB

.pdata
Size: 3KB - Virtual size: 2KB

.reloc
Size: 1KB - Virtual size: 1KB

.text
Size: 49KB - Virtual size: 48KB

.rdata
Size: 18KB - Virtual size: 18KB

.data
Size: 4KB - Virtual size: 11KB

.reloc
Size: 3KB - Virtual size: 3KB

.text
Size: 140KB - Virtual size: 140KB

.rdata
Size: 41KB - Virtual size: 41KB

.data
Size: 7KB - Virtual size: 15KB

.pdata
Size: 7KB - Virtual size: 6KB

.reloc
Size: 2KB - Virtual size: 1KB

.text
Size: 159KB - Virtual size: 158KB

.rdata
Size: 28KB - Virtual size: 27KB

.data
Size: 5KB - Virtual size: 12KB

.reloc
Size: 5KB - Virtual size: 4KB

.text
Size: 95KB - Virtual size: 95KB

.rdata
Size: 41KB - Virtual size: 41KB

.data
Size: 9KB - Virtual size: 18KB

.pdata
Size: 6KB - Virtual size: 5KB

.reloc
Size: 2KB - Virtual size: 1KB

.text
Size: 87KB - Virtual size: 86KB

.rdata
Size: 27KB - Virtual size: 27KB

.data
Size: 7KB - Virtual size: 15KB

.reloc
Size: 5KB - Virtual size: 5KB

.text
Size: 68KB - Virtual size: 67KB

.rdata
Size: 30KB - Virtual size: 29KB

.data
Size: 7KB - Virtual size: 15KB

.pdata
Size: 3KB - Virtual size: 3KB

.reloc
Size: 1KB - Virtual size: 1KB

.text
Size: 71KB - Virtual size: 71KB

.rdata
Size: 21KB - Virtual size: 20KB

.data
Size: 5KB - Virtual size: 13KB

.reloc
Size: 4KB - Virtual size: 4KB