Extracted

• aad64c84d287dd26356876eac49ab7a83a49144be66a2a9ca1f7946e69929c4a

  .exe windows x86

  23ec2320f665b173189b84b06442f39a

  
  

  Headers

  File Characteristics

  IMAGE_FILE_RELOCS_STRIPPED

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_LINE_NUMS_STRIPPED

  IMAGE_FILE_LOCAL_SYMS_STRIPPED

  IMAGE_FILE_32BIT_MACHINE

  Imports

  msvcrt

  fseek

  ftell

  malloc

  fwrite

  _stat

  free

  strncmp

  _snprintf

  _vsnprintf

  sscanf

  strtoul

  fopen

  fread

  fclose

  strtok

  atoi

  strstr

  strncpy

  exit

  sprintf

  srand

  rand

  kernel32

  GetTickCount

  CreateThread

  Sleep

  CreateMutexA

  SetFileAttributesA

  CopyFileA

  GetSystemDirectoryA

  GetModuleFileNameA

  GetModuleHandleA

  ExitProcess

  GetProcAddress

  LoadLibraryA

  TerminateThread

  WinExec

  lstrcmpA

  CloseHandle

  ReadFile

  lstrlenA

  GetFileSize

  CreateFileA

  lstrcpyA

  DeleteFileA

  WriteFile

  GetTempPathA

  GlobalUnlock

  GlobalLock

  GlobalAlloc

  GetLocaleInfoA

  GetVersionExA

  CreateProcessA

  FindClose

  FindNextFileA

  SetCurrentDirectoryA

  FindFirstFileA

  GetDriveTypeA

  GetEnvironmentVariableA

  lstrcatA

  MoveFileExA

  GetShortPathNameA

  lstrcpynA

  GetLastError

  WaitForSingleObject

  lstrcmpiA

  OpenProcess

  ExitThread

  LocalFree

  LocalAlloc

  GetWindowsDirectoryA

  SetFileTime

  GetFileTime

  SearchPathA

  Process32Next

  TerminateProcess

  Process32First

  CreateToolhelp32Snapshot

  user32

  wsprintfA

  GetKeyState

  CharLowerA

  EnumWindows

  GetWindowTextA

  GetClassNameA

  VkKeyScanA

  keybd_event

  SetFocus

  SetForegroundWindow

  BringWindowToTop

  CloseClipboard

  SetClipboardData

  PostMessageA

  SetWindowPos

  MessageBoxA

  FindWindowA

  GetForegroundWindow

  GetAsyncKeyState

  ShowWindow

  OpenClipboard

  EmptyClipboard

  ws2_32

  ntohs

  inet_ntoa

  getpeername

  getsockname

  gethostbyname

  gethostname

  WSAConnect

  WSACleanup

  inet_addr

  setsockopt

  bind

  select

  ioctlsocket

  __WSAFDIsSet

  WSASocketA

  listen

  accept

  send

  htons

  socket

  connect

  closesocket

  recv

  WSAStartup

  advapi32

  StartServiceCtrlDispatcherA

  DeleteService

  OpenServiceA

  OpenSCManagerA

  CloseServiceHandle

  EnumServicesStatusA

  SetServiceStatus

  RegisterServiceCtrlHandlerA

  ImpersonateLoggedOnUser

  OpenProcessToken

  CreateServiceA

  StartServiceA

  UnlockServiceDatabase

  ChangeServiceConfig2A

  QueryServiceLockStatusA

  LockServiceDatabase

  RegCloseKey

  RegSetValueExA

  RegOpenKeyExA

  shell32

  ShellExecuteA

  psapi

  EnumProcessModules

  EnumProcesses

  GetModuleBaseNameA

  wininet

  InternetOpenUrlA

  InternetReadFile

  InternetCloseHandle

  InternetOpenA

  odbc32

  ord41

  ord11

  ord31

  ord24

  ord75

  crypt32

  CryptUnprotectData

  Sections

  .text

  Size: 29KB - Virtual size: 28KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .bss

  Size: - Virtual size: 2KB

  IMAGE_SCN_CNT_UNINITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rdata

  Size: 4KB - Virtual size: 3KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 46KB - Virtual size: 46KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rsrc

  Size: 1KB - Virtual size: 1KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ