5df6d9c1242391b19832a9880bb343f68631a1a32bee541f0dface41a4a4c65d

Sharing

Copy URL Twitter E-mail

General

Target

5df6d9c1242391b19832a9880bb343f68631a1a32bee541f0dface41a4a4c65d
Size

1.2MB
MD5

af71edeeb02cd69485512bb6cad49665
SHA1

c6a5c9c33e59f9ba1afa6417d77e4423f6ce2e26
SHA256

5df6d9c1242391b19832a9880bb343f68631a1a32bee541f0dface41a4a4c65d
SHA512

b8a74e7a61a70c4481c848fd712b9c1f77539dcd961d81d561237b8158cb08fb092bb5bdaf3caa6397d67a866e2ab79f7cb0db9af7eca999c4a0bffb70005b14
SSDEEP

24576:DjuWVafsGxH0DpAfwWHbx+jwUCx4xCckWyQGh1o3Qv4DtiTrEUP4:DjBEsnewWHbxBxeCcbSN484i4

Score

N/A

Malware Config

Signatures

Files

5df6d9c1242391b19832a9880bb343f68631a1a32bee541f0dface41a4a4c65d
.bz2
sample
.tar .js
AUTHORS
AVStatus.h
AntiSpywareControl.cpp
.js
AntiSpywareControl.h
COPYING
CacheDumpControl.cpp
.js
CacheDumpControl.h
Debug/fgdump.exe
.exe windows x86

868cb7f1b3f21aceb6cb2fd9fe989a8a

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

netapi32

NetShareEnum
NetApiBufferFree

mpr

WNetCancelConnection2A
WNetUseConnectionA
WNetAddConnection2A

kernel32

GetLastError
GetTempPathA
LeaveCriticalSection
SetEvent
ResetEvent
WaitForMultipleObjects
EnterCriticalSection
GetCurrentThreadId
CreateThread
CreateEventA
CopyFileA
DeleteFileA
GetLocalTime
InterlockedIncrement
CloseHandle
DuplicateHandle
DeleteCriticalSection
CreatePipe
GetStdHandle
CreateProcessA
ReadFile
GetCurrentDirectoryA
FreeResource
SizeofResource
LockResource
LoadResource
FindResourceA
Sleep
CreateMutexA
ReleaseMutex
GetDriveTypeA
GetTimeFormatA
InterlockedExchange
InitializeCriticalSection
LoadLibraryExA
FormatMessageA
FreeLibrary
WaitForSingleObject
GetDateFormatA
GetLocaleInfoW
SetEndOfFile
GetTimeZoneInformation
CompareStringA
CompareStringW
GetCurrentProcess
ExitProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
RtlUnwind
IsBadWritePtr
IsBadReadPtr
HeapValidate
RaiseException
TerminateProcess
SetEnvironmentVariableA
GetProcAddress
GetModuleHandleA
WriteConsoleA
ReadConsoleInputA
SetConsoleMode
GetConsoleMode
PeekConsoleInputA
GetNumberOfConsoleInputEvents
MultiByteToWideChar
WideCharToMultiByte
GetCommandLineA
GetVersionExA
LCMapStringA
LCMapStringW
GetCPInfo
DebugBreak
WriteFile
InterlockedDecrement
OutputDebugStringA
LoadLibraryA
GetModuleFileNameA
SetFilePointer
FlushFileBuffers
HeapAlloc
HeapReAlloc
HeapFree
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
SetUnhandledExceptionFilter
CreateFileA
VirtualProtect
GetSystemInfo
VirtualQuery
SetHandleCount
GetFileType
GetStartupInfoA
GetACP
GetOEMCP
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetStringTypeA
GetStringTypeW
IsValidLocale
IsValidCodePage
GetLocaleInfoA
EnumSystemLocalesA
GetUserDefaultLCID
IsBadCodePtr
SetConsoleCtrlHandler
GetProcessHeap
SetStdHandle
QueryPerformanceCounter

user32

wsprintfA

advapi32

CreateServiceA
ControlService
StartServiceA
OpenSCManagerA
OpenServiceA
CloseServiceHandle
QueryServiceStatus
RegConnectRegistryA
RegOpenKeyA
RegCloseKey
RegQueryValueExA
DeleteService

ole32

CoCreateGuid
StringFromGUID2

Sections

.textbss
Size: - Virtual size: 129KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 288KB - Virtual size: 285KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 44KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 572KB - Virtual size: 568KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
ErrorHandler.cpp
ErrorHandler.h
HostDumper.cpp
.js
HostDumper.h
INSTALL
Impersonator.cpp
Impersonator.h
LogWriter.cpp
LogWriter.h
Main.cpp
McAfeeControl.cpp
McAfeeControl.h
NetUse.cpp
NetUse.h
PWDumpControl.cpp
.js
PWDumpControl.h
Process.cpp
Process.h
ProtectedStorageControl.cpp
.js
ProtectedStorageControl.h
PwDump.exe
.exe windows x86

632969ddf6dbf4e0f53424b75e4b91f2

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mpr

WNetAddConnection2A
WNetCancelConnection2A

kernel32

QueryPerformanceCounter
GetCurrentDirectoryA
GetLastError
CopyFileA
GetModuleFileNameA
CloseHandle
GlobalReAlloc
Sleep
ReadFile
SetNamedPipeHandleState
CreateFileA
WaitNamedPipeA
CompareStringA
GetLocaleInfoW
DeleteFileA
WaitForSingleObject
MultiByteToWideChar
GlobalFree
CompareStringW
SetEnvironmentVariableA
GlobalAlloc
GetCommandLineA
LCMapStringW
LCMapStringA
GetStringTypeW
GetStringTypeA
SetEndOfFile
LoadLibraryA
EnterCriticalSection
LeaveCriticalSection
CreateThread
GetCurrentThreadId
TlsSetValue
ExitThread
HeapFree
HeapAlloc
WriteConsoleA
ReadConsoleInputA
SetConsoleMode
GetConsoleMode
GetTimeZoneInformation
GetSystemTime
GetLocalTime
RtlUnwind
RaiseException
InterlockedDecrement
InterlockedIncrement
WideCharToMultiByte
InterlockedExchange
GetVersion
ExitProcess
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
TerminateProcess
GetCurrentProcess
InitializeCriticalSection
TlsAlloc
SetLastError
TlsGetValue
UnhandledExceptionFilter
GetModuleHandleA
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
IsBadWritePtr
SetUnhandledExceptionFilter
WriteFile
SetFilePointer
FlushFileBuffers
HeapSize
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetStdHandle
IsBadReadPtr
IsBadCodePtr
GetCPInfo
IsValidLocale
IsValidCodePage
GetLocaleInfoA
EnumSystemLocalesA
GetUserDefaultLCID
GetACP
GetOEMCP
GetProcAddress

user32

wsprintfA

advapi32

CreateServiceA
OpenServiceA
StartServiceA
QueryServiceStatus
DeleteService
CloseServiceHandle
OpenSCManagerA

ole32

StringFromGUID2
CoCreateGuid

netapi32

NetApiBufferFree
NetShareEnum
NetShareGetInfo

Sections

.text
Size: 132KB - Virtual size: 128KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
README
RegQuery.cpp
RegQuery.h
Release/fgdump.exe
.exe windows x86

8d51bacf64ac3e45703d0a2b73c0d05b

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

netapi32

NetShareEnum
NetApiBufferFree

mpr

WNetCancelConnection2A
WNetUseConnectionA

kernel32

SetEvent
ResetEvent
LeaveCriticalSection
WaitForMultipleObjects
EnterCriticalSection
GetCurrentThreadId
CreateThread
CreateEventA
GetLastError
GetTempPathA
CopyFileA
DeleteFileA
GetLocalTime
InterlockedIncrement
CloseHandle
CreateProcessA
DeleteCriticalSection
DuplicateHandle
GetCurrentProcess
CreatePipe
GetStdHandle
GetCurrentDirectoryA
FreeResource
SizeofResource
LockResource
LoadResource
FindResourceA
Sleep
CreateMutexA
GetLocaleInfoW
InterlockedExchange
InitializeCriticalSection
LoadLibraryExA
FormatMessageA
FreeLibrary
WaitForSingleObject
SetEndOfFile
ReadFile
GetProcAddress
LoadLibraryA
SetStdHandle
HeapFree
RtlUnwind
RaiseException
ExitProcess
GetModuleHandleA
TerminateProcess
HeapAlloc
WriteConsoleA
ReadConsoleInputA
SetConsoleMode
GetConsoleMode
MultiByteToWideChar
WideCharToMultiByte
GetCommandLineA
GetVersionExA
LCMapStringA
LCMapStringW
GetCPInfo
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
IsBadWritePtr
SetUnhandledExceptionFilter
WriteFile
FlushFileBuffers
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
GetModuleFileNameA
SetFilePointer
CreateFileA
VirtualProtect
GetSystemInfo
VirtualQuery
SetHandleCount
GetFileType
GetStartupInfoA
HeapSize
GetACP
GetOEMCP
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetLocaleInfoA
GetStringTypeA
GetStringTypeW
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
IsValidCodePage
IsBadReadPtr
IsBadCodePtr

user32

wsprintfA

advapi32

CreateServiceA
ControlService
StartServiceA
OpenSCManagerA
OpenServiceA
CloseServiceHandle
QueryServiceStatus
RegConnectRegistryA
RegOpenKeyA
RegCloseKey
RegQueryValueExA
DeleteService

ole32

CoCreateGuid
StringFromGUID2

Sections

.text
Size: 84KB - Virtual size: 81KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 476KB - Virtual size: 473KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
ResourceLoader.cpp
.js
ResourceLoader.h
ServiceControl.cpp
ServiceControl.h
ShareFinder.cpp
ShareFinder.h
SophosControl.cpp
SophosControl.h
StringArray.cpp
StringArray.h
SymantecAVControl.cpp
SymantecAVControl.h
XGetopt.cpp
XGetopt.h
cachedump.exe
.exe windows x86

1281cbbeeb6094afa3992d31c7393074

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FreeEnvironmentStringsW
WideCharToMultiByte
GetLastError
GetEnvironmentStringsW
SetHandleCount
GetFileType
GetStartupInfoA
DeleteCriticalSection
TlsAlloc
SetLastError
GetCurrentThreadId
GetCurrentThread
TlsFree
TlsSetValue
TlsGetValue
HeapDestroy
HeapCreate
VirtualFree
HeapFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
LeaveCriticalSection
FatalAppExitA
EnterCriticalSection
LoadLibraryA
HeapAlloc
GetACP
GetOEMCP
GetCPInfo
InitializeCriticalSection
VirtualAlloc
HeapReAlloc
IsBadWritePtr
RtlUnwind
InterlockedExchange
GetEnvironmentStrings
HeapSize
LCMapStringA
MultiByteToWideChar
LCMapStringW
GetStringTypeA
GetStringTypeW
GetTimeFormatA
GetDateFormatA
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
IsValidCodePage
VirtualProtect
GetSystemInfo
GetTimeZoneInformation
GetLocaleInfoW
CompareStringA
CompareStringW
SetEnvironmentVariableA
SetFilePointer
FreeEnvironmentStringsA
FormatMessageA
GetProcessHeap
Sleep
CloseHandle
DisconnectNamedPipe
ReadFile
ConnectNamedPipe
CreateNamedPipeA
FreeLibrary
ReadProcessMemory
OpenProcess
ExitThread
FlushFileBuffers
CreateFileA
WaitNamedPipeA
CreateThread
UnhandledExceptionFilter
GetModuleFileNameA
GetStdHandle
WriteFile
GetCurrentProcess
TerminateProcess
ExitProcess
GetVersionExA
GetCommandLineA
GetModuleHandleA
GetProcAddress
VirtualQuery
OutputDebugStringA
SetStdHandle

mscoree

_CorExeMain

user32

wsprintfA

advapi32

RegQueryValueExA
OpenServiceA
CreateServiceA
StartServiceA
QueryServiceStatus
ControlService
DeleteService
CloseServiceHandle
OpenSCManagerA
StartServiceCtrlDispatcherA
RegOpenKeyExA
RegisterServiceCtrlHandlerA
SetServiceStatus

ole32

StringFromGUID2
CoCreateGuid

psapi

GetModuleInformation

Sections

.text
Size: 56KB - Virtual size: 53KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
cachedump/cachedump-1.2-fgpatch1.patch
cachedump/cachedump.c
cachedump/cachedump.exe
.exe windows x86

1281cbbeeb6094afa3992d31c7393074

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FreeEnvironmentStringsW
WideCharToMultiByte
GetLastError
GetEnvironmentStringsW
SetHandleCount
GetFileType
GetStartupInfoA
DeleteCriticalSection
TlsAlloc
SetLastError
GetCurrentThreadId
GetCurrentThread
TlsFree
TlsSetValue
TlsGetValue
HeapDestroy
HeapCreate
VirtualFree
HeapFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
LeaveCriticalSection
FatalAppExitA
EnterCriticalSection
LoadLibraryA
HeapAlloc
GetACP
GetOEMCP
GetCPInfo
InitializeCriticalSection
VirtualAlloc
HeapReAlloc
IsBadWritePtr
RtlUnwind
InterlockedExchange
GetEnvironmentStrings
HeapSize
LCMapStringA
MultiByteToWideChar
LCMapStringW
GetStringTypeA
GetStringTypeW
GetTimeFormatA
GetDateFormatA
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
IsValidCodePage
VirtualProtect
GetSystemInfo
GetTimeZoneInformation
GetLocaleInfoW
CompareStringA
CompareStringW
SetEnvironmentVariableA
SetFilePointer
FreeEnvironmentStringsA
FormatMessageA
GetProcessHeap
Sleep
CloseHandle
DisconnectNamedPipe
ReadFile
ConnectNamedPipe
CreateNamedPipeA
FreeLibrary
ReadProcessMemory
OpenProcess
ExitThread
FlushFileBuffers
CreateFileA
WaitNamedPipeA
CreateThread
UnhandledExceptionFilter
GetModuleFileNameA
GetStdHandle
WriteFile
GetCurrentProcess
TerminateProcess
ExitProcess
GetVersionExA
GetCommandLineA
GetModuleHandleA
GetProcAddress
VirtualQuery
OutputDebugStringA
SetStdHandle

mscoree

_CorExeMain

user32

wsprintfA

advapi32

RegQueryValueExA
OpenServiceA
CreateServiceA
StartServiceA
QueryServiceStatus
ControlService
DeleteService
CloseServiceHandle
OpenSCManagerA
StartServiceCtrlDispatcherA
RegOpenKeyExA
RegisterServiceCtrlHandlerA
SetServiceStatus

ole32

StringFromGUID2
CoCreateGuid

psapi

GetModuleInformation

Sections

.text
Size: 56KB - Virtual size: 53KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
cachedump/cachedump.h
cachedump/getpid.c
cachedump/lsastuff.c
cachedump/md5.c
cachedump/md5.h
cachedump/rc4.c
cachedump/rc4.h
cachedump/readme.txt
cachedump/service.c
cachedump/version.txt
fgdump.cpp
fgdump.h
fgdump.rc
fgdump.sln
fgdump.vcproj
.xml
fgexec.exe
.exe windows x86

5652942959a5cb6994ae8b6d76cdbf00

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

DisconnectNamedPipe
FlushFileBuffers
WriteFile
ReadFile
GetLastError
ConnectNamedPipe
CreateNamedPipeA
CloseHandle
CallNamedPipeA
CreateProcessA
DuplicateHandle
GetCurrentProcess
CreatePipe
GetStdHandle
SetEvent
CreateFileA
CreateEventA
WaitForSingleObject
RtlUnwind
ExitProcess
GetModuleHandleA
GetCommandLineA
GetVersionExA
HeapAlloc
RaiseException
HeapFree
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
GetModuleFileNameA
GetACP
GetOEMCP
GetCPInfo
GetProcAddress
TerminateProcess
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
SetHandleCount
GetFileType
GetStartupInfoA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
IsBadWritePtr
HeapSize
SetUnhandledExceptionFilter
IsBadReadPtr
IsBadCodePtr
SetFilePointer
LoadLibraryA
InterlockedExchange
VirtualQuery
LCMapStringA
MultiByteToWideChar
LCMapStringW
GetStringTypeA
GetStringTypeW
SetStdHandle
GetLocaleInfoA
VirtualProtect
GetSystemInfo

advapi32

RegisterServiceCtrlHandlerA
SetServiceStatus
StartServiceCtrlDispatcherA

Sections

.text
Size: 32KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
fgexec/AUTHORS
fgexec/COPYING
fgexec/Debug/fgexec.exe
.exe windows x86

1453fbc48f97e1c7fe3909a06d21ab7c

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

DisconnectNamedPipe
FlushFileBuffers
WriteFile
ReadFile
GetLastError
ConnectNamedPipe
CreateNamedPipeA
CloseHandle
CallNamedPipeA
DuplicateHandle
GetCurrentProcess
CreatePipe
GetStdHandle
CreateProcessA
SetEvent
CreateFileA
CreateEventA
WaitForSingleObject
RtlUnwind
GetCommandLineA
GetVersionExA
GetModuleHandleA
IsBadWritePtr
IsBadReadPtr
HeapValidate
RaiseException
DebugBreak
GetProcAddress
LoadLibraryA
InterlockedDecrement
OutputDebugStringA
InterlockedIncrement
GetModuleFileNameA
GetCPInfo
GetACP
GetOEMCP
TerminateProcess
ExitProcess
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
SetHandleCount
GetFileType
GetStartupInfoA
HeapDestroy
HeapCreate
HeapFree
VirtualFree
HeapAlloc
HeapReAlloc
VirtualAlloc
SetUnhandledExceptionFilter
IsBadCodePtr
GetProcessHeap
FreeLibrary
SetFilePointer
SetConsoleCtrlHandler
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
VirtualQuery
InterlockedExchange
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
SetStdHandle
VirtualProtect
GetSystemInfo
GetLocaleInfoA

advapi32

RegisterServiceCtrlHandlerA
SetServiceStatus
StartServiceCtrlDispatcherA

Sections

.textbss
Size: - Virtual size: 64KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 104KB - Virtual size: 101KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
fgexec/INSTALL
fgexec/Process.cpp
fgexec/Process.h
fgexec/README
fgexec/Release/fgexec.exe
.exe windows x86

f5ca537c40e7246de506f3cadd1c9d5a

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCurrentProcess
CreatePipe
GetStdHandle
WaitForSingleObject
CreateFileA
SetEvent
DisconnectNamedPipe
DuplicateHandle
WriteFile
GetLastError
ConnectNamedPipe
CreateNamedPipeA
CreateEventA
CallNamedPipeA
ReadFile
CreateProcessA
FlushFileBuffers
CloseHandle
RtlUnwind
ExitProcess
GetModuleHandleA
GetCommandLineA
GetVersionExA
HeapAlloc
RaiseException
GetACP
GetOEMCP
GetCPInfo
HeapFree
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
GetModuleFileNameA
GetProcAddress
TerminateProcess
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
SetHandleCount
GetFileType
GetStartupInfoA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
IsBadWritePtr
HeapSize
SetUnhandledExceptionFilter
LCMapStringA
MultiByteToWideChar
LCMapStringW
GetStringTypeA
GetStringTypeW
IsBadReadPtr
IsBadCodePtr
SetFilePointer
LoadLibraryA
InterlockedExchange
VirtualQuery
GetLocaleInfoA
VirtualProtect
GetSystemInfo
SetStdHandle

advapi32

RegisterServiceCtrlHandlerA
SetServiceStatus
StartServiceCtrlDispatcherA

Sections

.text
Size: 32KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
fgexec/XGetopt.cpp
fgexec/XGetopt.h
fgexec/fgexec.cpp
.js
fgexec/fgexec.vcproj
.xml
fgexec/stdafx.cpp
fgexec/stdafx.h
imokav.exe
.exe windows x86

cbb6ea69caf8741e77d91023f8c9c90b

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CloseHandle
GetExitCodeThread
WaitForSingleObject
CreateRemoteThread
VirtualFreeEx
GetLastError
VirtualAllocEx
GetModuleFileNameA
OpenProcess
LoadLibraryA
GetProcAddress
WriteProcessMemory
FreeLibrary
GetCommandLineA
GetVersion
ExitProcess
HeapAlloc
HeapFree
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetCurrentThreadId
TlsSetValue
TlsAlloc
SetLastError
TlsGetValue
HeapDestroy
HeapCreate
VirtualFree
RtlUnwind
WriteFile
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
VirtualAlloc
HeapReAlloc
SetFilePointer
InterlockedDecrement
InterlockedIncrement
GetCPInfo
GetACP
GetOEMCP
SetStdHandle
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
FlushFileBuffers

advapi32

RegisterServiceCtrlHandlerA
SetServiceStatus
StartServiceCtrlDispatcherA

lstarget

SetAccessPriv

Sections

.text
Size: 20KB - Virtual size: 18KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
lstarget.dll
.dll windows x86

2bb81e6cc710a9f6ae133c6adb777d9e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CloseHandle
LocalFree
FreeLibrary
LoadLibraryA
GetCurrentProcess
WriteFile
FlushFileBuffers
DisconnectNamedPipe
ConnectNamedPipe
GetLastError
GetProcAddress
CreateNamedPipeA
HeapFree
HeapAlloc
InterlockedDecrement
InterlockedIncrement
WideCharToMultiByte
GetCommandLineA
GetVersion
HeapDestroy
HeapCreate
VirtualFree
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
ExitProcess
VirtualAlloc
HeapReAlloc
TerminateProcess
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetFilePointer
GetCPInfo
GetACP
GetOEMCP
SetStdHandle
GetStringTypeA
GetStringTypeW
MultiByteToWideChar
LCMapStringA
LCMapStringW
RtlUnwind

advapi32

LookupPrivilegeValueA
AdjustTokenPrivileges
LsaOpenPolicy
LsaQueryInformationPolicy
LsaClose
OpenProcessToken

Exports

Exports

GetHash
SetAccessPriv

Sections

.text
Size: 24KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
pstgdump.exe
.exe windows x86

f38a14b98597618926f15856879f2f5f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

crypt32

CryptUnprotectData

kernel32

GetLocaleInfoA
GetSystemInfo
GetLastError
CloseHandle
LoadLibraryA
GetProcAddress
lstrcpyA
VirtualProtect
LocalFree
HeapFree
HeapReAlloc
HeapAlloc
ExitProcess
RtlUnwind
GetModuleHandleA
TerminateProcess
GetCurrentProcess
GetCommandLineA
GetVersionExA
RaiseException
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
GetModuleFileNameA
GetACP
GetOEMCP
GetCPInfo
WriteFile
GetStdHandle
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
SetHandleCount
GetFileType
GetStartupInfoA
SetUnhandledExceptionFilter
InterlockedExchange
VirtualQuery
SetFilePointer
IsBadReadPtr
IsBadCodePtr
HeapSize
LCMapStringA
MultiByteToWideChar
LCMapStringW
GetStringTypeA
GetStringTypeW
FlushFileBuffers
SetStdHandle

user32

wsprintfA
IsCharAlphaNumericA

advapi32

RegQueryValueExA
LogonUserA
ImpersonateLoggedOnUser
RevertToSelf
RegOpenKeyExA
RegEnumKeyExA
RegCloseKey

oleaut32

GetErrorInfo

Sections

.text
Size: 40KB - Virtual size: 37KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
pstgdump/AUTHORS
pstgdump/COPYING
pstgdump/Debug/pstgdump.exe
.exe windows x86

a90c02abb8e70055e03e9c555fc4eb35

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

crypt32

CryptUnprotectData

kernel32

GetLocaleInfoA
SetStdHandle
GetLastError
CloseHandle
LoadLibraryA
GetProcAddress
lstrcpyA
FlushFileBuffers
LocalFree
lstrlenW
IsBadWritePtr
IsBadReadPtr
HeapValidate
RtlUnwind
TerminateProcess
GetCurrentProcess
ExitProcess
GetModuleHandleA
GetCommandLineA
GetVersionExA
RaiseException
HeapAlloc
DebugBreak
GetStdHandle
WriteFile
InterlockedDecrement
OutputDebugStringA
InterlockedIncrement
GetModuleFileNameA
HeapReAlloc
HeapFree
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
GetCPInfo
GetACP
GetOEMCP
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
SetHandleCount
GetFileType
GetStartupInfoA
SetUnhandledExceptionFilter
VirtualQuery
InterlockedExchange
SetConsoleCtrlHandler
MultiByteToWideChar
GetStringTypeA
GetStringTypeW
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
GetProcessHeap
FreeLibrary
IsBadCodePtr
SetFilePointer
LCMapStringA
LCMapStringW
VirtualProtect
GetSystemInfo

user32

wsprintfA
IsCharAlphaNumericA

advapi32

RegQueryValueExA
LogonUserA
ImpersonateLoggedOnUser
RevertToSelf
RegOpenKeyExA
RegEnumKeyExA
RegCloseKey

oleaut32

VariantClear
CreateErrorInfo
SysFreeString
GetErrorInfo
VariantChangeType
VariantInit
SetErrorInfo

Sections

.textbss
Size: - Virtual size: 64KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 128KB - Virtual size: 124KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
pstgdump/INSTALL
pstgdump/ProtectedStorage.cpp
pstgdump/ProtectedStorage.h
pstgdump/README
pstgdump/Release/pstgdump.exe
.exe windows x86

f38a14b98597618926f15856879f2f5f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

crypt32

CryptUnprotectData

kernel32

GetLocaleInfoA
GetSystemInfo
GetLastError
CloseHandle
LoadLibraryA
GetProcAddress
lstrcpyA
VirtualProtect
LocalFree
HeapFree
HeapReAlloc
HeapAlloc
ExitProcess
RtlUnwind
GetModuleHandleA
TerminateProcess
GetCurrentProcess
GetCommandLineA
GetVersionExA
RaiseException
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
GetModuleFileNameA
GetACP
GetOEMCP
GetCPInfo
WriteFile
GetStdHandle
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
SetHandleCount
GetFileType
GetStartupInfoA
SetUnhandledExceptionFilter
InterlockedExchange
VirtualQuery
SetFilePointer
IsBadReadPtr
IsBadCodePtr
HeapSize
LCMapStringA
MultiByteToWideChar
LCMapStringW
GetStringTypeA
GetStringTypeW
FlushFileBuffers
SetStdHandle

user32

wsprintfA
IsCharAlphaNumericA

advapi32

RegQueryValueExA
LogonUserA
ImpersonateLoggedOnUser
RevertToSelf
RegOpenKeyExA
RegEnumKeyExA
RegCloseKey

oleaut32

GetErrorInfo

Sections

.text
Size: 40KB - Virtual size: 37KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
pstgdump/XGetopt.cpp
pstgdump/XGetopt.h
pstgdump/pstgdump.cpp
pstgdump/pstgdump.vcproj
.xml
pstgdump/stdafx.cpp
pstgdump/stdafx.h
pwdump6/BlowfishStringConvert.h
pwdump6/COPYING
pwdump6/LsaExt.c
pwdump6/LsaExt.dsp
pwdump6/LsaExtDebug/lstarget.dll
.dll windows x86

6d7df12f6cc2bd83006769cc57f76bf9

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CloseHandle
LocalFree
FreeLibrary
LoadLibraryA
GetCurrentProcess
WriteFile
FlushFileBuffers
DisconnectNamedPipe
ConnectNamedPipe
GetLastError
GetProcAddress
CreateNamedPipeA
IsBadWritePtr
IsBadReadPtr
HeapValidate
InterlockedDecrement
InterlockedIncrement
WideCharToMultiByte
GetCommandLineA
GetVersion
DebugBreak
GetStdHandle
OutputDebugStringA
GetModuleFileNameA
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
ExitProcess
FatalAppExitA
HeapAlloc
HeapReAlloc
HeapFree
HeapDestroy
HeapCreate
VirtualFree
TerminateProcess
VirtualAlloc
Sleep
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
GetCurrentThread
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetConsoleCtrlHandler
SetFilePointer
MultiByteToWideChar
GetStringTypeA
GetStringTypeW
GetCPInfo
IsValidLocale
IsValidCodePage
GetLocaleInfoA
EnumSystemLocalesA
GetUserDefaultLCID
GetVersionExA
UnhandledExceptionFilter
GetACP
GetOEMCP
SetStdHandle
RtlUnwind
LCMapStringA
LCMapStringW
GetTimeZoneInformation
GetLocaleInfoW
CompareStringA
CompareStringW
SetEnvironmentVariableA

advapi32

LookupPrivilegeValueA
AdjustTokenPrivileges
LsaOpenPolicy
LsaQueryInformationPolicy
LsaClose
OpenProcessToken

Exports

Exports

GetHash
SetAccessPriv

Sections

.text
Size: 168KB - Virtual size: 164KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
pwdump6/LsaExtRelease/lstarget.dll
.dll windows x86

2bb81e6cc710a9f6ae133c6adb777d9e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CloseHandle
LocalFree
FreeLibrary
LoadLibraryA
GetCurrentProcess
WriteFile
FlushFileBuffers
DisconnectNamedPipe
ConnectNamedPipe
GetLastError
GetProcAddress
CreateNamedPipeA
HeapFree
HeapAlloc
InterlockedDecrement
InterlockedIncrement
WideCharToMultiByte
GetCommandLineA
GetVersion
HeapDestroy
HeapCreate
VirtualFree
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
ExitProcess
VirtualAlloc
HeapReAlloc
TerminateProcess
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetFilePointer
GetCPInfo
GetACP
GetOEMCP
SetStdHandle
GetStringTypeA
GetStringTypeW
MultiByteToWideChar
LCMapStringA
LCMapStringW
RtlUnwind

advapi32

LookupPrivilegeValueA
AdjustTokenPrivileges
LsaOpenPolicy
LsaQueryInformationPolicy
LsaClose
OpenProcessToken

Exports

Exports

GetHash
SetAccessPriv

Sections

.text
Size: 24KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
pwdump6/PwDump6.cpp
.js
pwdump6/PwDump6.dsp
pwdump6/PwDump6.dsw
pwdump6/PwDumpDebug/PwDump.exe
.exe windows x86

6b1df8a338af8d56416c50af945886f7

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mpr

WNetAddConnection2A
WNetCancelConnection2A

kernel32

QueryPerformanceCounter
GetLastError
CopyFileA
GetModuleFileNameA
GetCurrentDirectoryA
GlobalReAlloc
GlobalAlloc
Sleep
ReadFile
SetNamedPipeHandleState
CreateFileA
WaitNamedPipeA
CompareStringA
GetLocaleInfoW
DeleteFileA
WaitForSingleObject
MultiByteToWideChar
GlobalFree
CompareStringW
SetEnvironmentVariableA
CloseHandle
GetCommandLineA
LCMapStringW
LCMapStringA
SetEndOfFile
GetOEMCP
GetACP
GetUserDefaultLCID
EnumSystemLocalesA
EnterCriticalSection
LeaveCriticalSection
CreateThread
GetCurrentThreadId
TlsSetValue
ExitThread
IsBadWritePtr
IsBadReadPtr
HeapValidate
WriteConsoleA
ReadConsoleInputA
SetConsoleMode
GetConsoleMode
PeekConsoleInputA
GetNumberOfConsoleInputEvents
GetTimeZoneInformation
GetSystemTime
GetLocalTime
RtlUnwind
RaiseException
InterlockedDecrement
InterlockedIncrement
WideCharToMultiByte
InterlockedExchange
GetVersion
ExitProcess
DebugBreak
GetStdHandle
WriteFile
OutputDebugStringA
GetProcAddress
LoadLibraryA
SetHandleCount
GetFileType
GetStartupInfoA
DeleteCriticalSection
TerminateProcess
GetCurrentProcess
InitializeCriticalSection
FatalAppExitA
TlsAlloc
TlsFree
SetLastError
TlsGetValue
GetCurrentThread
HeapFree
UnhandledExceptionFilter
HeapAlloc
HeapReAlloc
VirtualFree
VirtualAlloc
GetModuleHandleA
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
SetUnhandledExceptionFilter
SetFilePointer
FlushFileBuffers
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetConsoleCtrlHandler
GetStringTypeA
GetStringTypeW
SetStdHandle
IsBadCodePtr
GetCPInfo
IsValidLocale
IsValidCodePage
GetLocaleInfoA

user32

wsprintfA

advapi32

CreateServiceA
OpenServiceA
StartServiceA
QueryServiceStatus
DeleteService
CloseServiceHandle
OpenSCManagerA

ole32

StringFromGUID2
CoCreateGuid

netapi32

NetApiBufferFree
NetShareEnum
NetShareGetInfo

Sections

.text
Size: 460KB - Virtual size: 458KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 40KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
pwdump6/PwDumpDebug/imokav.exe
.exe windows x86

0b58feccd1a878d798caa41028277c59

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

lstarget

SetAccessPriv

kernel32

LoadLibraryA
VirtualFreeEx
CloseHandle
GetExitCodeThread
WaitForSingleObject
GetProcAddress
WriteProcessMemory
GetLastError
VirtualAllocEx
GetModuleFileNameA
OpenProcess
FreeLibrary
CompareStringW
CreateRemoteThread
GetEnvironmentStrings
GetCommandLineA
GetVersion
ExitProcess
IsBadWritePtr
IsBadReadPtr
HeapValidate
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
FatalAppExitA
DebugBreak
GetStdHandle
WriteFile
InterlockedDecrement
OutputDebugStringA
InterlockedIncrement
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
SetEnvironmentVariableA
GetEnvironmentStringsW
SetHandleCount
GetFileType
GetStartupInfoA
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
GetCurrentThread
HeapDestroy
HeapCreate
HeapFree
VirtualFree
RtlUnwind
HeapAlloc
HeapReAlloc
VirtualAlloc
SetConsoleCtrlHandler
SetFilePointer
GetCPInfo
GetACP
GetOEMCP
MultiByteToWideChar
GetStringTypeA
GetStringTypeW
SetStdHandle
Sleep
LCMapStringA
LCMapStringW
FlushFileBuffers
IsValidLocale
IsValidCodePage
GetLocaleInfoA
EnumSystemLocalesA
GetUserDefaultLCID
GetVersionExA
GetTimeZoneInformation
GetLocaleInfoW
CompareStringA

advapi32

RegisterServiceCtrlHandlerA
SetServiceStatus
StartServiceCtrlDispatcherA

Sections

.text
Size: 160KB - Virtual size: 158KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
pwdump6/PwDumpDebug/lstarget.dll
.dll windows x86

6d7df12f6cc2bd83006769cc57f76bf9

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CloseHandle
LocalFree
FreeLibrary
LoadLibraryA
GetCurrentProcess
WriteFile
FlushFileBuffers
DisconnectNamedPipe
ConnectNamedPipe
GetLastError
GetProcAddress
CreateNamedPipeA
IsBadWritePtr
IsBadReadPtr
HeapValidate
InterlockedDecrement
InterlockedIncrement
WideCharToMultiByte
GetCommandLineA
GetVersion
DebugBreak
GetStdHandle
OutputDebugStringA
GetModuleFileNameA
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
ExitProcess
FatalAppExitA
HeapAlloc
HeapReAlloc
HeapFree
HeapDestroy
HeapCreate
VirtualFree
TerminateProcess
VirtualAlloc
Sleep
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
GetCurrentThread
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetConsoleCtrlHandler
SetFilePointer
MultiByteToWideChar
GetStringTypeA
GetStringTypeW
GetCPInfo
IsValidLocale
IsValidCodePage
GetLocaleInfoA
EnumSystemLocalesA
GetUserDefaultLCID
GetVersionExA
UnhandledExceptionFilter
GetACP
GetOEMCP
SetStdHandle
RtlUnwind
LCMapStringA
LCMapStringW
GetTimeZoneInformation
GetLocaleInfoW
CompareStringA
CompareStringW
SetEnvironmentVariableA

advapi32

LookupPrivilegeValueA
AdjustTokenPrivileges
LsaOpenPolicy
LsaQueryInformationPolicy
LsaClose
OpenProcessToken

Exports

Exports

GetHash
SetAccessPriv

Sections

.text
Size: 168KB - Virtual size: 164KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
pwdump6/PwDumpRelease/PwDump.exe
.exe windows x86

632969ddf6dbf4e0f53424b75e4b91f2

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mpr

WNetAddConnection2A
WNetCancelConnection2A

kernel32

QueryPerformanceCounter
GetCurrentDirectoryA
GetLastError
CopyFileA
GetModuleFileNameA
CloseHandle
GlobalReAlloc
Sleep
ReadFile
SetNamedPipeHandleState
CreateFileA
WaitNamedPipeA
CompareStringA
GetLocaleInfoW
DeleteFileA
WaitForSingleObject
MultiByteToWideChar
GlobalFree
CompareStringW
SetEnvironmentVariableA
GlobalAlloc
GetCommandLineA
LCMapStringW
LCMapStringA
GetStringTypeW
GetStringTypeA
SetEndOfFile
LoadLibraryA
EnterCriticalSection
LeaveCriticalSection
CreateThread
GetCurrentThreadId
TlsSetValue
ExitThread
HeapFree
HeapAlloc
WriteConsoleA
ReadConsoleInputA
SetConsoleMode
GetConsoleMode
GetTimeZoneInformation
GetSystemTime
GetLocalTime
RtlUnwind
RaiseException
InterlockedDecrement
InterlockedIncrement
WideCharToMultiByte
InterlockedExchange
GetVersion
ExitProcess
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
TerminateProcess
GetCurrentProcess
InitializeCriticalSection
TlsAlloc
SetLastError
TlsGetValue
UnhandledExceptionFilter
GetModuleHandleA
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
IsBadWritePtr
SetUnhandledExceptionFilter
WriteFile
SetFilePointer
FlushFileBuffers
HeapSize
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetStdHandle
IsBadReadPtr
IsBadCodePtr
GetCPInfo
IsValidLocale
IsValidCodePage
GetLocaleInfoA
EnumSystemLocalesA
GetUserDefaultLCID
GetACP
GetOEMCP
GetProcAddress

user32

wsprintfA

advapi32

CreateServiceA
OpenServiceA
StartServiceA
QueryServiceStatus
DeleteService
CloseServiceHandle
OpenSCManagerA

ole32

StringFromGUID2
CoCreateGuid

netapi32

NetApiBufferFree
NetShareEnum
NetShareGetInfo

Sections

.text
Size: 132KB - Virtual size: 128KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1000B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
pwdump6/PwDumpRelease/imokav.exe
.exe windows x86

cbb6ea69caf8741e77d91023f8c9c90b

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CloseHandle
GetExitCodeThread
WaitForSingleObject
CreateRemoteThread
VirtualFreeEx
GetLastError
VirtualAllocEx
GetModuleFileNameA
OpenProcess
LoadLibraryA
GetProcAddress
WriteProcessMemory
FreeLibrary
GetCommandLineA
GetVersion
ExitProcess
HeapAlloc
HeapFree
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetCurrentThreadId
TlsSetValue
TlsAlloc
SetLastError
TlsGetValue
HeapDestroy
HeapCreate
VirtualFree
RtlUnwind
WriteFile
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
VirtualAlloc
HeapReAlloc
SetFilePointer
InterlockedDecrement
InterlockedIncrement
GetCPInfo
GetACP
GetOEMCP
SetStdHandle
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
FlushFileBuffers

advapi32

RegisterServiceCtrlHandlerA
SetServiceStatus
StartServiceCtrlDispatcherA

lstarget

SetAccessPriv

Sections

.text
Size: 20KB - Virtual size: 18KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
pwdump6/PwDumpRelease/lstarget.dll
.dll windows x86

2bb81e6cc710a9f6ae133c6adb777d9e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CloseHandle
LocalFree
FreeLibrary
LoadLibraryA
GetCurrentProcess
WriteFile
FlushFileBuffers
DisconnectNamedPipe
ConnectNamedPipe
GetLastError
GetProcAddress
CreateNamedPipeA
HeapFree
HeapAlloc
InterlockedDecrement
InterlockedIncrement
WideCharToMultiByte
GetCommandLineA
GetVersion
HeapDestroy
HeapCreate
VirtualFree
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
ExitProcess
VirtualAlloc
HeapReAlloc
TerminateProcess
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetFilePointer
GetCPInfo
GetACP
GetOEMCP
SetStdHandle
GetStringTypeA
GetStringTypeW
MultiByteToWideChar
LCMapStringA
LCMapStringW
RtlUnwind

advapi32

LookupPrivilegeValueA
AdjustTokenPrivileges
LsaOpenPolicy
LsaQueryInformationPolicy
LsaClose
OpenProcessToken

Exports

Exports

GetHash
SetAccessPriv

Sections

.text
Size: 24KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
pwdump6/PwserviceDebug/imokav.exe
.exe windows x86

0b58feccd1a878d798caa41028277c59

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

lstarget

SetAccessPriv

kernel32

LoadLibraryA
VirtualFreeEx
CloseHandle
GetExitCodeThread
WaitForSingleObject
GetProcAddress
WriteProcessMemory
GetLastError
VirtualAllocEx
GetModuleFileNameA
OpenProcess
FreeLibrary
CompareStringW
CreateRemoteThread
GetEnvironmentStrings
GetCommandLineA
GetVersion
ExitProcess
IsBadWritePtr
IsBadReadPtr
HeapValidate
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
FatalAppExitA
DebugBreak
GetStdHandle
WriteFile
InterlockedDecrement
OutputDebugStringA
InterlockedIncrement
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
SetEnvironmentVariableA
GetEnvironmentStringsW
SetHandleCount
GetFileType
GetStartupInfoA
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
GetCurrentThread
HeapDestroy
HeapCreate
HeapFree
VirtualFree
RtlUnwind
HeapAlloc
HeapReAlloc
VirtualAlloc
SetConsoleCtrlHandler
SetFilePointer
GetCPInfo
GetACP
GetOEMCP
MultiByteToWideChar
GetStringTypeA
GetStringTypeW
SetStdHandle
Sleep
LCMapStringA
LCMapStringW
FlushFileBuffers
IsValidLocale
IsValidCodePage
GetLocaleInfoA
EnumSystemLocalesA
GetUserDefaultLCID
GetVersionExA
GetTimeZoneInformation
GetLocaleInfoW
CompareStringA

advapi32

RegisterServiceCtrlHandlerA
SetServiceStatus
StartServiceCtrlDispatcherA

Sections

.text
Size: 160KB - Virtual size: 158KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
pwdump6/PwserviceRelease/imokav.exe
.exe windows x86

cbb6ea69caf8741e77d91023f8c9c90b

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CloseHandle
GetExitCodeThread
WaitForSingleObject
CreateRemoteThread
VirtualFreeEx
GetLastError
VirtualAllocEx
GetModuleFileNameA
OpenProcess
LoadLibraryA
GetProcAddress
WriteProcessMemory
FreeLibrary
GetCommandLineA
GetVersion
ExitProcess
HeapAlloc
HeapFree
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetCurrentThreadId
TlsSetValue
TlsAlloc
SetLastError
TlsGetValue
HeapDestroy
HeapCreate
VirtualFree
RtlUnwind
WriteFile
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
VirtualAlloc
HeapReAlloc
SetFilePointer
InterlockedDecrement
InterlockedIncrement
GetCPInfo
GetACP
GetOEMCP
SetStdHandle
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
FlushFileBuffers

advapi32

RegisterServiceCtrlHandlerA
SetServiceStatus
StartServiceCtrlDispatcherA

lstarget

SetAccessPriv

Sections

.text
Size: 20KB - Virtual size: 18KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
pwdump6/README
pwdump6/XGetopt.c
pwdump6/XGetopt.h
pwdump6/blowfish.c
pwdump6/blowfish.h
pwdump6/config.h
pwdump6/pwdump.rc
pwdump6/pwservice.cpp
pwdump6/pwservice.dsp
pwdump6/resource.h
resource.h
stdafx.cpp
stdafx.h

Sharing

General

Malware Config

Signatures

Files

868cb7f1b3f21aceb6cb2fd9fe989a8a

Headers

File Characteristics

Imports

netapi32

mpr

kernel32

user32

advapi32

ole32

Sections

.textbss Size: - Virtual size: 129KB

.text Size: 288KB - Virtual size: 285KB

.rdata Size: 44KB - Virtual size: 40KB

.data Size: 12KB - Virtual size: 16KB

.idata Size: 8KB - Virtual size: 4KB

.rsrc Size: 572KB - Virtual size: 568KB

632969ddf6dbf4e0f53424b75e4b91f2

Headers

File Characteristics

Imports

mpr

kernel32

user32

advapi32

ole32

netapi32

Sections

.text Size: 132KB - Virtual size: 128KB

.rdata Size: 28KB - Virtual size: 24KB

.data Size: 20KB - Virtual size: 30KB

.rsrc Size: 4KB - Virtual size: 1KB

8d51bacf64ac3e45703d0a2b73c0d05b

Headers

File Characteristics

Imports

netapi32

mpr

kernel32

user32

advapi32

ole32

Sections

.text Size: 84KB - Virtual size: 81KB

.rdata Size: 28KB - Virtual size: 25KB

.data Size: 4KB - Virtual size: 9KB

.rsrc Size: 476KB - Virtual size: 473KB

1281cbbeeb6094afa3992d31c7393074

Headers

File Characteristics

Imports

kernel32

mscoree

user32

advapi32

ole32

psapi

Sections

.text Size: 56KB - Virtual size: 53KB

.rdata Size: 32KB - Virtual size: 28KB

.data Size: 4KB - Virtual size: 72KB

.reloc Size: 4KB - Virtual size: 3KB

1281cbbeeb6094afa3992d31c7393074

Headers

File Characteristics

Imports

kernel32

mscoree

user32

advapi32

ole32

psapi

Sections

.text Size: 56KB - Virtual size: 53KB

.rdata Size: 32KB - Virtual size: 28KB

.textbss
Size: - Virtual size: 129KB

.text
Size: 288KB - Virtual size: 285KB

.rdata
Size: 44KB - Virtual size: 40KB

.data
Size: 12KB - Virtual size: 16KB

.idata
Size: 8KB - Virtual size: 4KB

.rsrc
Size: 572KB - Virtual size: 568KB

.text
Size: 132KB - Virtual size: 128KB

.rdata
Size: 28KB - Virtual size: 24KB

.data
Size: 20KB - Virtual size: 30KB

.rsrc
Size: 4KB - Virtual size: 1KB

.text
Size: 84KB - Virtual size: 81KB

.rdata
Size: 28KB - Virtual size: 25KB

.data
Size: 4KB - Virtual size: 9KB

.rsrc
Size: 476KB - Virtual size: 473KB

.text
Size: 56KB - Virtual size: 53KB

.rdata
Size: 32KB - Virtual size: 28KB

.data
Size: 4KB - Virtual size: 72KB

.reloc
Size: 4KB - Virtual size: 3KB

.text
Size: 56KB - Virtual size: 53KB

.rdata
Size: 32KB - Virtual size: 28KB

.data
Size: 4KB - Virtual size: 72KB

.reloc
Size: 4KB - Virtual size: 3KB

.text
Size: 32KB - Virtual size: 28KB

.rdata
Size: 8KB - Virtual size: 6KB

.data
Size: 4KB - Virtual size: 7KB

.textbss
Size: - Virtual size: 64KB

.text
Size: 104KB - Virtual size: 101KB

.rdata
Size: 16KB - Virtual size: 14KB

.data
Size: 8KB - Virtual size: 13KB

.idata
Size: 4KB - Virtual size: 2KB

.text
Size: 32KB - Virtual size: 28KB

.rdata
Size: 8KB - Virtual size: 6KB

.data
Size: 4KB - Virtual size: 7KB

.text
Size: 20KB - Virtual size: 18KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 4KB - Virtual size: 9KB

.text
Size: 24KB - Virtual size: 21KB

.rdata
Size: 8KB - Virtual size: 7KB

.data
Size: 8KB - Virtual size: 13KB

.reloc
Size: 4KB - Virtual size: 3KB

.text
Size: 40KB - Virtual size: 37KB

.rdata
Size: 8KB - Virtual size: 7KB