gh0strat | test3[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

test3.zip
Size

14.4MB
MD5

76b9f844ebcddec3043d60d59f872a7e
SHA1

3d7a9dd34d01aaf57d1a17726daf04307c11372f
SHA256

2f3e99a8bdb080cad97881bc33b88ab9084003b649909895c3a8c156e5b8b83f
SHA512

51eb4c1ad218836c7fadcca23391783907ec8fc0fcfa2fe638a74b61e2ff0430172319fadc872cb781a44aafd34617993a2f07ddf88aaa95fcdc7be6272ae102
SSDEEP

393216:I0UYukVJORHAB4FLcmSR1SQErzkxgCFCRU:nJVCgB4+ms1SQzgCIq

Score

10^/10

gh0strat

Malware Config

Signatures

Gh0st RAT payload 3 IoCs

resource	yara_rule
static1/unpack001/test3/2e8bcfb94561e536ee0b378b7a879f1fa0763a309f0566c40772652f0b9ee76c.bin	family_gh0strat
static1/unpack001/test3/d3a43a20d2b6c497160bf63fe0dec0e1edf2e4406c9bd0ed5d00ce663fddc4cd.bin	family_gh0strat
static1/unpack001/test3/f7ba9ce7513a164ff2cbc3d41721d557a94e2441f22a97297f3308df6804ecd1.bin	family_gh0strat

Gh0strat family
gh0strat

Nirsoft 1 IoCs

resource	yara_rule
static1/unpack001/test3/08b0baa49485954e408eb2ddc02004b1aa7b451e6f704cf1c914d23f3ac0ee8c.bin	Nirsoft

Files

test3.zip
.zip
test3/08b0baa49485954e408eb2ddc02004b1aa7b451e6f704cf1c914d23f3ac0ee8c.bin
.exe windows x86

f7580fa6734d86b31ee2927ea8d237f2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_SYSTEM

Imports

gdi32

RoundRect

kernel32

FlushConsoleInputBuffer
GetLastError
FlsFree
GetNumberOfConsoleInputEvents
FillConsoleOutputCharacterA

urlmon

CoInternetIsFeatureZoneElevationEnabled

ole32

CoRevokeInitializeSpy

msi

ord30

setupapi

SetupFreeSourceListW

user32

MessageBoxA
EnumDisplaySettingsW
GetMenuItemInfoA
SetProcessDefaultLayout

Sections

.rdata
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CODE
Size: 91KB - Virtual size: 91KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ
test3/2e8bcfb94561e536ee0b378b7a879f1fa0763a309f0566c40772652f0b9ee76c.bin
.exe windows x86

216f3e7b7fd453fae9a36d867c553494

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

_controlfp
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_XcptFilter
_exit
_onexit
__dllonexit
_beginthreadex
sprintf
atoi
_except_handler3
free
realloc
malloc
??2@YAPAXI@Z
__CxxFrameHandler
_ftol
memmove
??3@YAXPAX@Z

kernel32

GetStartupInfoA
Process32First
Process32Next
lstrcmpiA
ReleaseMutex
CreateThread
GetCurrentThreadId
ExpandEnvironmentStringsA
DeleteFileA
OpenEventA
GetLocalTime
CreateDirectoryA
InitializeCriticalSection
DeleteCriticalSection
VirtualFree
LeaveCriticalSection
EnterCriticalSection
VirtualAlloc
CreateEventA
CloseHandle
WaitForSingleObject
ResetEvent
lstrcpyA
Sleep
SetEvent
InterlockedExchange
CancelIo
WriteFile
SetFilePointer
CreateFileA
GetFileSize
ReadFile
GetWindowsDirectoryA
GetFileAttributesA
CreateProcessA
lstrlenA
TerminateThread
lstrcatA
GetTickCount
GetLastError
GetCurrentProcess
HeapAlloc
GetProcessHeap
VirtualProtect
GetProcAddress
LoadLibraryA
IsBadReadPtr
HeapFree
FreeLibrary
GetModuleHandleA
GlobalMemoryStatusEx
GetVersionExA
GetSystemInfo

user32

OpenInputDesktop
GetThreadDesktop
GetUserObjectInformationA
SetThreadDesktop
OpenDesktopA
GetInputState
GetMessageA
ExitWindowsEx
wsprintfA
CloseDesktop

advapi32

LookupPrivilegeValueA
AdjustTokenPrivileges
OpenProcessToken
RegCloseKey
RegQueryValueExA
RegOpenKeyExA
RegSetValueExA
RegCreateKeyExA
RegOpenKeyA

shell32

ShellExecuteA

ws2_32

WSAIoctl
setsockopt
connect
WSACleanup
gethostbyname
socket
closesocket
recv
select
send
getsockname
gethostname
WSAStartup
htons

urlmon

URLDownloadToFileA

ole32

CoInitialize
CoCreateInstance

wininet

InternetCloseHandle

Sections

.text
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
test3/51239563ac4a295857c2712133b94de88d49a243329d93f643e6b6c8cc6c0d72.bin
.exe windows x86

9390f8d829051930041e56ff3b7c3cc1

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42

ord3147
ord3259
ord4465
ord3136
ord3262
ord2985
ord3081
ord2976
ord3830
ord3831
ord3825
ord3079
ord4080
ord4622
ord4424
ord3738
ord561
ord825
ord815
ord800
ord535
ord537
ord823
ord922
ord924
ord6215
ord6117
ord2621
ord1134
ord5265
ord4376
ord4853
ord4998
ord4710
ord2514
ord6052
ord4078
ord1775
ord4407
ord5241
ord2385
ord5163
ord6374
ord4353
ord5280
ord3798
ord4837
ord4441
ord2648
ord2055
ord6376
ord3749
ord5065
ord1727
ord5261
ord2446
ord2124
ord2982
ord4627
ord4425
ord3597
ord324
ord641
ord4234
ord1842
ord4242
ord2723
ord2390
ord3059
ord5100
ord5103
ord4467
ord4303
ord3350
ord5012
ord975
ord5472
ord3403
ord2879
ord2878
ord4151
ord6055
ord4077
ord1776
ord5237
ord5282
ord2649
ord1665
ord4436
ord807
ord796
ord674
ord554
ord529
ord366
ord2494
ord2627
ord2626
ord6000
ord2117
ord4163
ord6625
ord4457
ord1233
ord5252
ord5981
ord4427
ord5290
ord3742
ord567
ord818
ord4275
ord755
ord470
ord1576
ord5714
ord5289
ord5307
ord4698
ord4079
ord2725
ord5302
ord5300
ord3346
ord2396
ord5199
ord1089
ord3922
ord5731
ord2512
ord2554
ord4486
ord6375
ord5277
ord4274
ord1168

msvcrt

_except_handler3
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
_XcptFilter
_exit
??1type_info@@UAE@XZ
__CxxFrameHandler
_setmbcp
_CxxThrowException
_controlfp
_onexit
__dllonexit
printf
_access
remove
exit

kernel32

GetSystemInfo
GetTickCount
WinExec
GetStartupInfoA
Sleep
LoadLibraryA
GetProcAddress
FreeLibrary
GetModuleFileNameA
GetModuleHandleA
GetLastError
CreateThread

user32

LoadCursorA
UpdateWindow
EnableWindow

advapi32

RegSetValueExA
RegCloseKey
AllocateAndInitializeSid
CheckTokenMembership
FreeSid
RegOpenKeyA

shell32

ShellExecuteExA
ShellExecuteA

urlmon

URLDownloadToFileA

wininet

DeleteUrlCacheEntry

Sections

.text
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 104KB - Virtual size: 103KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
test3/9208908b0dc676aa1d9f2db46321bd3da597234fbc33790851032bc4d057b280.bin
.exe windows x86

6ceac9a861c5cab1625bb38abebf7718

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
GetCommandLineA
GetProcessHeap
GetStartupInfoA
HeapSize
GetStdHandle
VirtualFree
HeapDestroy
HeapCreate
GetACP
LCMapStringA
LCMapStringW
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
HeapReAlloc
SetHandleCount
GetFileType
QueryPerformanceCounter
GetTimeZoneInformation
GetDriveTypeA
GetStringTypeA
GetStringTypeW
GetConsoleCP
GetConsoleMode
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetEnvironmentVariableA
HeapFree
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetSystemTimeAsFileTime
HeapAlloc
ExitProcess
RaiseException
RtlUnwind
SetErrorMode
GetShortPathNameA
GetVolumeInformationA
GetCurrentProcess
DuplicateHandle
GetThreadLocale
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
DeleteFileA
MoveFileA
GetOEMCP
GetCPInfo
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
GlobalHandle
GlobalReAlloc
TlsGetValue
LocalAlloc
GlobalFlags
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSection
GetModuleFileNameW
FileTimeToLocalFileTime
CopyFileA
GlobalSize
FormatMessageA
LocalFree
MulDiv
GetDiskFreeSpaceA
GetFullPathNameA
GetTempFileNameA
GetFileTime
InterlockedDecrement
GetPrivateProfileStringA
WritePrivateProfileStringA
GetPrivateProfileIntA
GlobalFree
GetCurrentThread
ConvertDefaultLocale
EnumResourceLanguagesA
GetLocaleInfoA
lstrcmpA
GlobalAlloc
InterlockedIncrement
GlobalFindAtomA
GlobalDeleteAtom
FreeLibrary
lstrcmpW
GetVersionExA
GlobalLock
GlobalUnlock
GetCurrentProcessId
GlobalGetAtomNameA
GlobalAddAtomA
SetLastError
GetModuleHandleA
FreeResource
GetProfileIntA
GetCurrentThreadId
GetTickCount
GetFileSize
FileTimeToSystemTime
WriteFile
SetFileTime
GetCurrentDirectoryA
LocalFileTimeToFileTime
SystemTimeToFileTime
ReadFile
CloseHandle
CreateFileA
SetFilePointer
GetStringTypeExA
lstrlenA
lstrcmpiA
CompareStringW
CompareStringA
GetVersion
GetLastError
InterlockedExchange
Sleep
lstrlenW
CreateDirectoryA
GetModuleFileNameA
MultiByteToWideChar
LoadLibraryA
GetProcAddress
GetFileAttributesA
FindResourceA
LoadResource
LockResource
SizeofResource
WideCharToMultiByte
GetEnvironmentVariableA
FindFirstFileA
FindNextFileA
GetEnvironmentStringsW
FindClose

user32

MessageBeep
FindWindowA
DrawIcon
SetWindowRgn
GetTabbedTextExtentA
UnregisterClassA
WindowFromPoint
SetCapture
EndPaint
BeginPaint
GetWindowDC
ClientToScreen
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
GetMenuStringA
InsertMenuA
RemoveMenu
IsZoomed
FillRect
LoadCursorA
DestroyCursor
SetRect
WindowFromDC
InSendMessage
RegisterClipboardFormatA
SetWindowContextHelpId
MapDialogRect
ShowOwnedPopups
GetMessageA
TranslateMessage
CreateDialogIndirectParamA
GetNextDlgTabItem
EndDialog
PostQuitMessage
SetParent
GetSystemMenu
AppendMenuA
DeleteMenu
IsRectEmpty
MoveWindow
SetWindowTextA
IsDialogMessageA
SetDlgItemTextA
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapA
ModifyMenuA
GetMenuState
EnableMenuItem
CheckMenuItem
SendDlgItemMessageA
IsChild
SetWindowsHookExA
CallNextHookEx
GetClassLongA
SetPropA
GetPropA
RemovePropA
GetNextDlgGroupItem
GetWindowTextA
GetForegroundWindow
DispatchMessageA
BeginDeferWindowPos
EndDeferWindowPos
GetTopWindow
DestroyWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
MapWindowPoints
ScrollWindow
TrackPopupMenu
SetScrollRange
GetScrollRange
SetScrollPos
GetScrollPos
SetForegroundWindow
ShowScrollBar
MessageBoxA
CreateWindowExA
GetClassInfoExA
RegisterClassA
AdjustWindowRectEx
DeferWindowPos
GetScrollInfo
SetScrollInfo
DefWindowProcA
CallWindowProcA
SystemParametersInfoA
GetWindowPlacement
RegisterWindowMessageA
UnpackDDElParam
ReuseDDElParam
LoadMenuA
GetClassNameA
WinHelpA
SetWindowPos
SetFocus
GetWindowThreadProcessId
GetActiveWindow
IsWindowEnabled
GetFocus
EqualRect
GetDlgItem
GetKeyState
GetMenu
LoadIconA
EnableWindow
CharUpperA
wsprintfA
GetDesktopWindow
SetCursor
GetCapture
ReleaseCapture
LoadAcceleratorsA
SetActiveWindow
IsWindowVisible
IsIconic
InsertMenuItemA
GetSubMenu
GetMenuItemID
GetMenuItemCount
CreatePopupMenu
GetClassInfoA
OffsetRect
GetLastActivePopup
InvalidateRgn
CharNextA
DestroyIcon
LockWindowUpdate
GetMenuItemInfoA
GetDCEx
GetSysColorBrush
KillTimer
GetWindowTextLengthA
SetTimer
DestroyMenu
PeekMessageA
CopyAcceleratorTableA
CreateMenu
SetRectEmpty
CopyRect
IntersectRect
GetParent
PostThreadMessageA
PtInRect
InflateRect
GetClientRect
ScreenToClient
ReleaseDC
GetSystemMetrics
GetDC
SetWindowLongA
SendMessageA
GetWindowRect
InvalidateRect
GetSysColor
IsWindow
UpdateWindow
GetCursorPos
GetDlgCtrlID
ClipCursor
TranslateAcceleratorA
GetWindowLongA
ShowWindow
GetWindow
SetMenu
PostMessageA
BringWindowToTop
ValidateRect

gdi32

SelectClipRgn
CreateRectRgn
GetViewportExtEx
GetWindowExtEx
BitBlt
GetPixel
PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowOrgEx
SetWindowExtEx
ScaleWindowExtEx
GetCurrentPositionEx
ExtSelectClipRgn
CreateSolidBrush
GetBkColor
UnrealizeObject
CreateFontIndirectA
CreateRectRgnIndirect
SetRectRgn
CombineRgn
GetMapMode
GetTextColor
GetRgnBox
GetWindowOrgEx
CreateEllipticRgn
LPtoDP
Ellipse
GetNearestColor
GetBkMode
GetPolyFillMode
GetROP2
GetStretchBltMode
GetTextAlign
GetTextFaceA
SetTextAlign
MoveToEx
LineTo
IntersectClipRect
ExcludeClipRect
SetMapMode
CreatePatternBrush
DeleteObject
SetStretchBltMode
SetROP2
SetPolyFillMode
SetBkMode
RestoreDC
SaveDC
DeleteMetaFile
CloseMetaFile
CreateMetaFileA
CopyMetaFileA
GetTextExtentPoint32A
GetTextMetricsA
GetStockObject
PatBlt
Rectangle
GetViewportOrgEx
CreatePen
CreateDCA
EndDoc
AbortDoc
SetAbortProc
EndPage
StartPage
StartDocA
DPtoLP
GetDeviceCaps
CreateBitmap
SetBkColor
SetTextColor
GetClipBox
SetBrushOrgEx
CreateCompatibleBitmap
CreateCompatibleDC
StretchDIBits
DeleteDC
GetObjectA
CreateFontA
SelectObject
GetCharWidthA

comdlg32

GetFileTitleA

winspool.drv

DocumentPropertiesA
OpenPrinterA
GetJobA
ClosePrinter

advapi32

RegSetValueA
GetFileSecurityA
SetFileSecurityA
RegDeleteValueA
RegSetValueExA
RegCreateKeyExA
RegQueryValueA
RegOpenKeyA
RegEnumKeyA
RegDeleteKeyA
RegQueryValueExA
RegOpenKeyExA
RegCloseKey
RegCreateKeyA

shell32

SHGetFileInfoA
SHGetSpecialFolderLocation
SHGetMalloc
DragFinish
DragQueryFileA
SHGetPathFromIDListA
ExtractIconA

shlwapi

PathFindFileNameA
PathStripToRootA
PathFindExtensionA
PathIsUNCA

oledlg

ord8

ole32

CreateDataAdviseHolder
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
WriteClassStm
OleSaveToStream
CreateStreamOnHGlobal
CreateGenericComposite
CoGetClassObject
StgOpenStorageOnILockBytes
OleIsCurrentClipboard
OleFlushClipboard
CoRegisterMessageFilter
OleLockRunning
CreateOleAdviseHolder
CreateItemMoniker
OleRun
GetRunningObjectTable
OleIsRunning
WriteClassStg
CoTaskMemAlloc
StgIsStorageFile
StgOpenStorage
CreateFileMoniker
StgCreateDocfile
CoDisconnectObject
OleRegGetMiscStatus
OleRegGetUserType
OleRegEnumVerbs
OleInitialize
CoFreeUnusedLibraries
OleUninitialize
CLSIDFromString
CLSIDFromProgID
StringFromCLSID
CoTaskMemFree
CoRevokeClassObject
CoRegisterClassObject
RevokeDragDrop
CoLockObjectExternal
RegisterDragDrop
OleDestroyMenuDescriptor
OleCreateMenuDescriptor
IsAccelerator
OleTranslateAccelerator
ReleaseStgMedium
OleDuplicateData
CreateBindCtx

oleaut32

VariantClear
VariantChangeType
VariantInit
SysFreeString
SysStringByteLen
SysStringLen
SysAllocStringByteLen
OleCreateFontIndirect
VariantTimeToSystemTime
SystemTimeToVariantTime
SafeArrayDestroy
SysAllocString
VariantCopy
SysAllocStringLen

Sections

.text
Size: 392KB - Virtual size: 389KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 112KB - Virtual size: 111KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
test3/c599af32f470f3853d837af004590fb94bd1b4a595b04dfde22f876f9a8ea851.bin
.exe windows x86

9d2807cf0d49cbb8491992cc23de4bd2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

DeviceIoControl
GetSystemInfo
Process32NextW
lstrcmpiW
CreateToolhelp32Snapshot
WinExec
Process32FirstW
GetCurrentProcessId
DeleteFileA
SetEndOfFile
CreateFileA
WriteConsoleW
LoadLibraryA
SetFileAttributesA
GetProcAddress
GetLastError
CreateFileW
GetSystemDirectoryA
GetModuleFileNameW
GetFileAttributesA
GetVersionExW
GetConsoleWindow
SizeofResource
Sleep
GetModuleHandleW
GetCurrentProcess
LoadResource
CloseHandle
FindResourceW
SetStdHandle
HeapReAlloc
InterlockedIncrement
InterlockedDecrement
EncodePointer
DecodePointer
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
HeapFree
ExitProcess
GetCommandLineA
HeapSetInformation
RaiseException
RtlUnwind
HeapAlloc
WideCharToMultiByte
LCMapStringW
MultiByteToWideChar
GetCPInfo
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
SetHandleCount
GetStdHandle
InitializeCriticalSectionAndSpinCount
GetFileType
GetStartupInfoW
IsProcessorFeaturePresent
HeapCreate
ReadFile
SetFilePointer
WriteFile
GetConsoleCP
GetConsoleMode
FlushFileBuffers
LoadLibraryW
GetLocaleInfoW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
SetLastError
GetCurrentThreadId
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
HeapSize
GetACP
GetOEMCP
IsValidCodePage
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
GetStringTypeW
GetProcessHeap

user32

ShowWindow
MessageBoxA

advapi32

ControlService
CheckTokenMembership
FreeSid
AllocateAndInitializeSid
StartServiceW
RegOpenKeyExA
RegQueryValueExA
OpenServiceW
OpenSCManagerW
DeleteService
CloseServiceHandle
CreateServiceW
RegCloseKey

shell32

ShellExecuteExW

Sections

.text
Size: 97KB - Virtual size: 96KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7.4MB - Virtual size: 7.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
test3/d1eeb2ad38249bd944d2dc659a84f7a394652c537f80b59fceb3a2c284c6919b.bin
.exe windows x86

2ce009d256205d67b73720fd25005caf

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

getnameinfo

crypt32

CertCreateCertificateChainEngine

advapi32

RegOpenKeyW

kernel32

Wow64RevertWow64FsRedirection
VirtualQuery
LocalAlloc
LocalFree
GetModuleFileNameW
GetProcessAffinityMask
SetProcessAffinityMask
SetThreadAffinityMask
Sleep
ExitProcess
FreeLibrary
LoadLibraryA
GetModuleHandleA
GetProcAddress

user32

GetProcessWindowStation
GetProcessWindowStation
GetProcessWindowStation
GetUserObjectInformationW

msvcp140

?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ

userenv

UnloadUserProfile

rpcrt4

RpcStringFreeA

ole32

CoUninitialize

bcrypt

BCryptGenRandom

vcruntime140

_CxxThrowException

api-ms-win-crt-runtime-l1-1-0

_c_exit

api-ms-win-crt-stdio-l1-1-0

fputc

api-ms-win-crt-heap-l1-1-0

malloc

api-ms-win-crt-time-l1-1-0

_time64

api-ms-win-crt-convert-l1-1-0

wcstol

api-ms-win-crt-filesystem-l1-1-0

_fstat64i32

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

api-ms-win-crt-string-l1-1-0

isspace

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-utility-l1-1-0

qsort

api-ms-win-crt-environment-l1-1-0

getenv

oleaut32

SysFreeString

shlwapi

SHDeleteKeyW

wtsapi32

WTSSendMessageW

Exports

Exports

??0Assembler@asmjit@@QAE@PAURuntime@1@@Z
??0CodeGen@asmjit@@QAE@PAURuntime@1@@Z
??0HostRuntime@asmjit@@QAE@XZ
??0JitRuntime@asmjit@@QAE@XZ
??0Runtime@asmjit@@QAE@XZ
??0StaticRuntime@asmjit@@QAE@PAXI@Z
??0VMemMgr@asmjit@@QAE@PAX@Z
??0X86Assembler@asmjit@@QAE@PAURuntime@1@I@Z
??0Zone@asmjit@@QAE@I@Z
??1Assembler@asmjit@@UAE@XZ
??1CodeGen@asmjit@@UAE@XZ
??1HostRuntime@asmjit@@UAE@XZ
??1JitRuntime@asmjit@@UAE@XZ
??1Runtime@asmjit@@UAE@XZ
??1StaticRuntime@asmjit@@UAE@XZ
??1VMemMgr@asmjit@@QAE@XZ
??1X86Assembler@asmjit@@UAE@XZ
??1Zone@asmjit@@QAE@XZ
??_FVMemMgr@asmjit@@QAEXXZ
?_alloc@Zone@asmjit@@QAEPAXI@Z
?_emit@X86Assembler@asmjit@@UAEIIABUOperand@2@000@Z
?_grow@Assembler@asmjit@@QAEII@Z
?_grow@PodVectorBase@asmjit@@IAEIII@Z
?_newLabel@Assembler@asmjit@@QAEIPAULabel@2@@Z
?_newLabelLink@Assembler@asmjit@@QAEPAULabelLink@2@XZ
?_nullData@PodVectorBase@asmjit@@2UPodVectorData@2@B
?_registerIndexedLabels@Assembler@asmjit@@QAEII@Z
?_relocCode@X86Assembler@asmjit@@UBEIPAX_K@Z
?_reserve@Assembler@asmjit@@QAEII@Z
?_reserve@PodVectorBase@asmjit@@IAEIII@Z
?_x86CondToCmovcc@asmjit@@3QBIB
?_x86CondToJcc@asmjit@@3QBIB
?_x86CondToSetcc@asmjit@@3QBIB
?_x86InstExtendedInfo@asmjit@@3QBUX86InstExtendedInfo@1@B
?_x86InstInfo@asmjit@@3QBUX86InstInfo@1@B
?_x86ReverseCond@asmjit@@3QBIB
?add@JitRuntime@asmjit@@UAEIPAPAXPAUAssembler@2@@Z
?add@StaticRuntime@asmjit@@UAEIPAPAXPAUAssembler@2@@Z
?align@X86Assembler@asmjit@@UAEIII@Z
?alloc@VMemMgr@asmjit@@QAEPAXII@Z
?alloc@VMemUtil@asmjit@@SAPAXIPAII@Z
?allocProcessMemory@VMemUtil@asmjit@@SAPAXPAXIPAII@Z
?allocZeroed@Zone@asmjit@@QAEPAXI@Z
?bind@Assembler@asmjit@@UAEIABULabel@2@@Z
?callCpuId@X86CpuUtil@asmjit@@SAXIIPATX86CpuId@2@@Z
?detect@X86CpuUtil@asmjit@@SAXPAUX86CpuInfo@2@@Z
?detectHwThreadsCount@CpuInfo@asmjit@@SAIXZ
?dup@Zone@asmjit@@QAEPAXPBXI@Z
?embed@Assembler@asmjit@@UAEIPBXI@Z
?embedLabel@X86Assembler@asmjit@@QAEIABULabel@2@@Z
?emit@Assembler@asmjit@@QAEII@Z
?emit@Assembler@asmjit@@QAEIIABUOperand@2@00@Z
?emit@Assembler@asmjit@@QAEIIABUOperand@2@00H@Z
?emit@Assembler@asmjit@@QAEIIABUOperand@2@00_K@Z
?emit@Assembler@asmjit@@QAEIIABUOperand@2@0@Z
?emit@Assembler@asmjit@@QAEIIABUOperand@2@0H@Z
?emit@Assembler@asmjit@@QAEIIABUOperand@2@0_K@Z
?emit@Assembler@asmjit@@QAEIIABUOperand@2@@Z
?emit@Assembler@asmjit@@QAEIIABUOperand@2@H@Z
?emit@Assembler@asmjit@@QAEIIABUOperand@2@_K@Z
?emit@Assembler@asmjit@@QAEIIH@Z
?emit@Assembler@asmjit@@QAEII_K@Z
?flush@HostRuntime@asmjit@@UAEXPAXI@Z
?getCpuInfo@HostRuntime@asmjit@@UAEPBUCpuInfo@2@XZ
?getHost@CpuInfo@asmjit@@SAPBU12@XZ
?getPageGranularity@VMemUtil@asmjit@@SAIXZ
?getPageSize@VMemUtil@asmjit@@SAIXZ
?getStackAlignment@HostRuntime@asmjit@@UAEIXZ
?make@Assembler@asmjit@@UAEPAXXZ
?noOperand@asmjit@@3UOperand@1@B
?ptr_abs@x86@asmjit@@YA?AUX86Mem@2@_KABUX86Reg@2@IHI@Z
?ptr_abs@x86@asmjit@@YA?AUX86Mem@2@_KHI@Z
?release@JitRuntime@asmjit@@UAEIPAX@Z
?release@StaticRuntime@asmjit@@UAEIPAX@Z
?release@VMemMgr@asmjit@@QAEIPAX@Z
?release@VMemUtil@asmjit@@SAIPAXI@Z
?releaseProcessMemory@VMemUtil@asmjit@@SAIPAX0I@Z
?relocCode@Assembler@asmjit@@QBEIPAX_K@Z
?reset@Assembler@asmjit@@QAEX_N@Z
?reset@PodVectorBase@asmjit@@QAEX_N@Z
?reset@VMemMgr@asmjit@@QAEXXZ
?reset@Zone@asmjit@@QAEX_N@Z
?sdup@Zone@asmjit@@QAEPADPBD@Z
?setArch@X86Assembler@asmjit@@QAEII@Z
?setError@CodeGen@asmjit@@QAEIIPBD@Z
?setErrorHandler@CodeGen@asmjit@@QAEIPAUErrorHandler@2@@Z
?sformat@Zone@asmjit@@QAAPADPBDZZ
?shrink@VMemMgr@asmjit@@QAEIPAXI@Z
?x86RegData@asmjit@@3UX86RegData@1@B
��p(�#ɴ򖶉76�n�:��b��|�5�*��sdT=��U!��7Q��N^�X+�m��o+��_��T��Ͱ��fc�DH"� ��A&E��B�oj��}��9�c!��ɗ+�r.؁o�]�?�rتe�S1�M�.��M�� X��_�d�>J$Bm��Ƽ��&򆧃��6�aZ��1 ��@��%�f{�%^��%.��aqa�®�� ߹Bq*��>��f�6��z'I��"b��Sn)jH��W��0}��7KZ�Α��H��fQ[��p��`�Ƨ97`��KL��OT��4>δ� ��G��B�Ϯ��T��s˦�� d�*��1��nL,�R9UG*t$v{[~�(DBX��z� �A$�Zf _,X?T��FFyuxT��y��c'�>�DK��$�Vp�RT,b�s��S �ߒ�O��n|�� ڦ��K�U�᩠�%4f��'��Վ��!�W�~��靁�H.��v��m!p�y��f>ʉz]�31}!ᡅ��{b�u��7�E��YA�j}9I� �W� �{��O�oc_��,�,��cey��@2(��:u��E��ó��[��Yp�bFr��~9�%��N��c�\3/<L��V鈪�wޢ�FZ��!'#a��r�O�C�#� �su� N��"+%�緗V��i��и��o϶`9, ]�J��$v�w�X��s��U��r�7��﯆|��ݝ`�e��h�5i;��!�:�5��\u2�cΠצ#l%��{�^0g�:?��q��i��T�{�:��@�V��d��Bj�A��(kE�� 6�� u��@'_~TY�H�xg��j�m'g2�,��0]UV/��eU%I��L�v �$�pf�'�]J|�*�X��2"��i<�y��n]\��_)��7|��7Ws�s<��6�Uʍa�0�(�)H^@�s�YW߰��[�X�?YC��+?�:��\0*8e��+�(�0��X��PZ�G��I�:�e��i�H��>��h�b�� 繭�Aޗ�z�.��Z]�=��nx�r��V��RX�!��b��N��2�e!e�Ց�iV�tL��X� oX��$�0�H^I��ۤ��[�3��%z~v �s~%{��*��Y�w��5�H?Dc��0xĐ��<:�?�Ȍa��y��,U.F�%�B��S�_��^�p��e��K Ҹ�b��,�"7P�l�Zqf7OI. ��AK�=��~㲌'�.�y!�ZU(W-��l��#}��Q-n$vϜ��i�dP��/o�_׃SjӘc��Y��׆�z�KR��F܄��O+m.Qs�թ"D�j^��bjn�K(��B��'cT^��!��u)d�m��'A��j�=R��4)��BH�H�zD��;�{�a�o&�E��&� 5Q��P ��3�w��<y&��?b�~�_��*P]��75$��N=V�|��*fq��V%��n��m�g�!L�!i�W��eS�?��&'�x��MG��Pg��oe@٥�� FU��8{yS��P�V扐��凔;4F��G9~ \ů��L��?&T&�B�N�١.[ɕ ��гO�t��{�z�yY��Ƅ�� ɖTs�"E۠�b��LW�s�{C9�� S�Q�Z��$��~�&k��<⾮��a\�6s� K��X��񿈩ҁZ<E��g+�� H��'{��y{��M�&�\A6��X��{�9_�b�;�9�Y|1V�~�$+�� ˈ�=1�`)�9�0��AVY`\��E��4xZTL0t�K>>�(P�j#�s�O>�?j��=!2ČE�P�U)l��8F��SX�a�,�$p`�X��M��xQ�B��R��=��5��%�{��TpJ)�0��L.Zٮ옾y��u��Y��f�٪`��֌b�� 5�d4�" z�.eJ�'��o�E�A�G�kT��SG1r��F f׸��0��S��_|�:6�܃�� V��5��!&"��0UC��|,�U°V� |��y��k�3\�,v#ܧxڭ��$��i=��.�i+��v�ɽ��|IkL��2�TB��yy�P�\��:*��_��~/��X_��n�E�%�\�س�2;�c�B >�4�B�a��8�kA��cU��o�`qq&��;��#qT3V�F#ZBD6?n� �,��v�qNZ�?:��|�Vu��ӊ�X��2�E3��|��iO31C~�~fI|z�f$��Y@jت�0I �A��F��Ύ�:h^:�a|Ȉ.��-J�2BŀUP�pĝSd�s�Z�7�}�ZE��,�][�/��>̣��{��zGG.Rip��H �U��\��hx��5#��@\�9X��*�8��$d��:��[�.}�=� �R؏�A�p+�+m�g�P�}�cQ��k��f�>�e��7^��M�ߪ��+��&I��"E��3f"�_ ,x�|��8�Y%4�L�=*��<�{��FG+��]a�f�6(zR��,�?��nG*l��IK�,p��^A��Jp��W9��,(eT6ܨG�h�]lɛ^]�3k��k5��p ��g1��o��F�Rn�GCŏ��e7��C�� Ųsx7��I(V��g P�l/�xԩ-4�LC�$D}�X�c��%��:��f�߱D��R�� E�Q��D� �>]O��V D�9�h��Й2G �H�"rg�W �V��7Ay�t�8E��6��Ǐ�I�'��x5Ԉ�8�^g��8^��oK�u0s�SM0b�� *? y0c��5��ܟ)s�� R'��̨��M<\�\��v�vl��"�S�[�@#Ѱ+)�-��GaU��Ws��-UP

Sections

.text
Size: - Virtual size: 1.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 549KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ghc0
Size: - Virtual size: 2.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.ghc1
Size: 5.9MB - Virtual size: 5.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
test3/d3a43a20d2b6c497160bf63fe0dec0e1edf2e4406c9bd0ed5d00ce663fddc4cd.bin
.exe windows x86

216f3e7b7fd453fae9a36d867c553494

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

_controlfp
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_XcptFilter
_exit
_onexit
__dllonexit
_beginthreadex
sprintf
atoi
_except_handler3
free
realloc
malloc
??2@YAPAXI@Z
__CxxFrameHandler
_ftol
memmove
??3@YAXPAX@Z

kernel32

GetStartupInfoA
Process32First
Process32Next
lstrcmpiA
ReleaseMutex
CreateThread
GetCurrentThreadId
ExpandEnvironmentStringsA
DeleteFileA
OpenEventA
GetLocalTime
CreateDirectoryA
InitializeCriticalSection
DeleteCriticalSection
VirtualFree
LeaveCriticalSection
EnterCriticalSection
VirtualAlloc
CreateEventA
CloseHandle
WaitForSingleObject
ResetEvent
lstrcpyA
Sleep
SetEvent
InterlockedExchange
CancelIo
WriteFile
SetFilePointer
CreateFileA
GetFileSize
ReadFile
GetWindowsDirectoryA
GetFileAttributesA
CreateProcessA
lstrlenA
TerminateThread
lstrcatA
GetTickCount
GetLastError
GetCurrentProcess
HeapAlloc
GetProcessHeap
VirtualProtect
GetProcAddress
LoadLibraryA
IsBadReadPtr
HeapFree
FreeLibrary
GetModuleHandleA
GlobalMemoryStatusEx
GetVersionExA
GetSystemInfo

user32

OpenInputDesktop
GetThreadDesktop
GetUserObjectInformationA
SetThreadDesktop
OpenDesktopA
GetInputState
GetMessageA
ExitWindowsEx
wsprintfA
CloseDesktop

advapi32

LookupPrivilegeValueA
AdjustTokenPrivileges
OpenProcessToken
RegCloseKey
RegQueryValueExA
RegOpenKeyExA
RegSetValueExA
RegCreateKeyExA
RegOpenKeyA

shell32

ShellExecuteA

ws2_32

WSAIoctl
setsockopt
connect
WSACleanup
gethostbyname
socket
closesocket
recv
select
send
getsockname
gethostname
WSAStartup
htons

urlmon

URLDownloadToFileA

ole32

CoInitialize
CoCreateInstance

wininet

InternetCloseHandle

Sections

.text
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
test3/e0c7e609e4fdcbe12daffb6c0517c4fde9644e8774a0d74139d940fd8ca7e146.bin
.exe windows x86

fcb685398a35478d1e0f491fcb9bfbec

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetErrorMode
FileTimeToLocalFileTime
GetFileAttributesA
GetFileSizeEx
GetFileTime
GetTickCount
RtlUnwind
RaiseException
ExitThread
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCommandLineA
GetStartupInfoA
GetSystemInfo
VirtualQuery
HeapSize
GetACP
IsValidCodePage
HeapCreate
GetStdHandle
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
QueryPerformanceCounter
GetSystemTimeAsFileTime
InitializeCriticalSectionAndSpinCount
GetStringTypeA
GetStringTypeW
GetTimeZoneInformation
LCMapStringA
LCMapStringW
GetConsoleCP
GetConsoleMode
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CompareStringW
SetEnvironmentVariableA
FileTimeToSystemTime
GetModuleHandleW
GetOEMCP
GetCPInfo
GetFullPathNameA
GetVolumeInformationA
FindFirstFileA
FindClose
GetCurrentProcess
DuplicateHandle
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
GetThreadLocale
InterlockedIncrement
TlsFree
DeleteCriticalSection
LocalReAlloc
TlsSetValue
TlsAlloc
InitializeCriticalSection
GlobalHandle
GlobalReAlloc
EnterCriticalSection
TlsGetValue
LeaveCriticalSection
LocalAlloc
GlobalFlags
WritePrivateProfileStringA
InterlockedDecrement
GetModuleFileNameW
LocalFree
MulDiv
lstrlenA
GlobalGetAtomNameA
GlobalFindAtomA
lstrcmpW
GetVersionExA
GlobalUnlock
FreeResource
GlobalFree
GetCurrentProcessId
GlobalAddAtomA
GlobalDeleteAtom
GetCurrentThread
GetCurrentThreadId
ConvertDefaultLocale
EnumResourceLanguagesA
GetModuleFileNameA
GetLocaleInfoA
CompareStringA
InterlockedExchange
GlobalLock
lstrcmpA
GlobalAlloc
SetLastError
WriteFile
IsDBCSLeadByteEx
ReadFile
SetFilePointer
CreateFileW
GetFileSize
CreateFileA
MultiByteToWideChar
GetModuleHandleA
FormatMessageW
GetLastError
FormatMessageA
WideCharToMultiByte
LoadResource
LockResource
SizeofResource
FindResourceA
CreateThread
WaitForSingleObject
CloseHandle
Sleep
ExitProcess
FreeLibrary
IsBadReadPtr
LoadLibraryA
GetProcAddress
VirtualFree
VirtualProtect
VirtualAlloc
HeapReAlloc
HeapAlloc
GetProcessHeap
GetEnvironmentStrings
HeapFree

user32

UnregisterClassA
SetTimer
KillTimer
RegisterClipboardFormatA
PostThreadMessageA
WindowFromPoint
SetCapture
IsZoomed
UnpackDDElParam
ReuseDDElParam
LoadMenuA
ReleaseCapture
LoadAcceleratorsA
InvalidateRect
InsertMenuItemA
CreatePopupMenu
SetRectEmpty
BringWindowToTop
TranslateAcceleratorA
DestroyMenu
GetMenuItemInfoA
InflateRect
EndPaint
BeginPaint
GetWindowDC
ReleaseDC
GetDC
ClientToScreen
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
FillRect
ShowWindow
MoveWindow
SetWindowTextA
IsDialogMessageA
RegisterWindowMessageA
SendDlgItemMessageA
WinHelpA
IsChild
MessageBeep
GetClassLongA
GetClassNameA
SetPropA
GetPropA
RemovePropA
SetFocus
GetWindowTextLengthA
GetWindowTextA
GetForegroundWindow
BeginDeferWindowPos
EndDeferWindowPos
GetTopWindow
UnhookWindowsHookEx
GetMessagePos
MapWindowPoints
TrackPopupMenu
SetMenu
SetForegroundWindow
UpdateWindow
GetSubMenu
GetMenuItemID
GetMenuItemCount
CreateWindowExA
GetClassInfoExA
GetClassInfoA
RegisterClassA
GetSysColor
AdjustWindowRectEx
ScreenToClient
EqualRect
DeferWindowPos
CopyRect
PtInRect
GetDlgCtrlID
DefWindowProcA
CallWindowProcA
GetMenu
SetWindowLongA
OffsetRect
IntersectRect
SystemParametersInfoA
GetWindowPlacement
GetWindowRect
GetDesktopWindow
SetActiveWindow
CreateDialogIndirectParamA
DestroyWindow
IsWindow
GetDlgItem
GetNextDlgTabItem
GetNextDlgGroupItem
InvalidateRgn
SetRect
IsRectEmpty
CopyAcceleratorTableA
EndDialog
GetWindow
CharNextA
CharUpperA
GetSysColorBrush
GetCapture
LoadCursorA
SetWindowContextHelpId
MapDialogRect
SetWindowPos
GetWindowThreadProcessId
GetWindowLongA
GetLastActivePopup
IsWindowEnabled
MessageBoxA
ShowOwnedPopups
SetCursor
SetWindowsHookExA
CallNextHookEx
GetMessageA
TranslateMessage
DispatchMessageA
GetActiveWindow
IsWindowVisible
GetKeyState
PeekMessageA
GetCursorPos
ValidateRect
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapA
GetFocus
GetParent
ModifyMenuA
GetMenuState
EnableMenuItem
CheckMenuItem
PostMessageA
PostQuitMessage
LoadIconA
EnableWindow
GetClientRect
IsIconic
GetSystemMenu
SendMessageA
AppendMenuA
DrawIcon
GetSystemMetrics
GetMessageTime

gdi32

GetDeviceCaps
CreateSolidBrush
CreateFontIndirectA
GetTextExtentPoint32A
ScaleViewportExtEx
GetTextMetricsA
GetStockObject
CreateFontA
StretchDIBits
GetBkColor
GetTextColor
CreateRectRgnIndirect
GetRgnBox
GetMapMode
CreateCompatibleBitmap
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
CreateCompatibleDC
CreatePatternBrush
DeleteDC
ExtSelectClipRgn
ScaleWindowExtEx
SetWindowExtEx
GetCharWidthA
CreateBitmap
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
GetPixel
BitBlt
GetWindowExtEx
GetViewportExtEx
DeleteObject
IntersectClipRect
ExcludeClipRect
SetMapMode
SetBkMode
RestoreDC
SaveDC
GetObjectA
SetBkColor
SetTextColor
GetClipBox

comdlg32

GetFileTitleA

winspool.drv

DocumentPropertiesA
OpenPrinterA
ClosePrinter

advapi32

RegQueryValueA
RegSetValueExA
RegCreateKeyExA
RegCloseKey
RegOpenKeyA
RegEnumKeyA
RegDeleteKeyA
RegOpenKeyExA
RegQueryValueExA

shell32

DragFinish
DragQueryFileA

comctl32

ord17

shlwapi

PathFindFileNameA
PathStripToRootA
PathIsUNCA
PathFindExtensionA

oledlg

ord8

ole32

StgCreateDocfileOnILockBytes
CoTaskMemAlloc
CLSIDFromString
CLSIDFromProgID
CoTaskMemFree
CoCreateGuid
CreateILockBytesOnHGlobal
StgOpenStorageOnILockBytes
CoGetClassObject
OleUninitialize
CoFreeUnusedLibraries
OleInitialize
CoRevokeClassObject
OleIsCurrentClipboard
OleFlushClipboard
CoRegisterMessageFilter

oleaut32

VariantCopy
SysAllocString
SafeArrayDestroy
SystemTimeToVariantTime
VariantTimeToSystemTime
OleCreateFontIndirect
SysAllocStringByteLen
SysStringLen
VariantInit
VariantChangeType
VariantClear
SysAllocStringLen
SysFreeString
GetErrorInfo
SetErrorInfo
CreateErrorInfo

urlmon

FindMimeFromData

wininet

InternetConnectW
InternetOpenW
InternetSetOptionA
HttpQueryInfoA
HttpEndRequestA
InternetWriteFile
HttpSendRequestExA
HttpSendRequestA
HttpAddRequestHeadersA
HttpOpenRequestA
InternetConnectA
InternetCloseHandle
InternetOpenA
HttpSendRequestExW
HttpQueryInfoW
InternetSetOptionW
InternetReadFile
HttpSendRequestW

Sections

.text
Size: 361KB - Virtual size: 360KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 113KB - Virtual size: 112KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 368KB - Virtual size: 368KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
test3/f7ba9ce7513a164ff2cbc3d41721d557a94e2441f22a97297f3308df6804ecd1.bin
.exe windows x86

216f3e7b7fd453fae9a36d867c553494

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

_controlfp
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_XcptFilter
_exit
_onexit
__dllonexit
_beginthreadex
sprintf
atoi
_except_handler3
free
realloc
malloc
??2@YAPAXI@Z
__CxxFrameHandler
_ftol
memmove
??3@YAXPAX@Z

kernel32

GetStartupInfoA
Process32First
Process32Next
lstrcmpiA
ReleaseMutex
CreateThread
GetCurrentThreadId
ExpandEnvironmentStringsA
DeleteFileA
OpenEventA
GetLocalTime
CreateDirectoryA
InitializeCriticalSection
DeleteCriticalSection
VirtualFree
LeaveCriticalSection
EnterCriticalSection
VirtualAlloc
CreateEventA
CloseHandle
WaitForSingleObject
ResetEvent
lstrcpyA
Sleep
SetEvent
InterlockedExchange
CancelIo
WriteFile
SetFilePointer
CreateFileA
GetFileSize
ReadFile
GetWindowsDirectoryA
GetFileAttributesA
CreateProcessA
lstrlenA
TerminateThread
lstrcatA
GetTickCount
GetLastError
GetCurrentProcess
HeapAlloc
GetProcessHeap
VirtualProtect
GetProcAddress
LoadLibraryA
IsBadReadPtr
HeapFree
FreeLibrary
GetModuleHandleA
GlobalMemoryStatusEx
GetVersionExA
GetSystemInfo

user32

OpenInputDesktop
GetThreadDesktop
GetUserObjectInformationA
SetThreadDesktop
OpenDesktopA
GetInputState
GetMessageA
ExitWindowsEx
wsprintfA
CloseDesktop

advapi32

LookupPrivilegeValueA
AdjustTokenPrivileges
OpenProcessToken
RegCloseKey
RegQueryValueExA
RegOpenKeyExA
RegSetValueExA
RegCreateKeyExA
RegOpenKeyA

shell32

ShellExecuteA

ws2_32

WSAIoctl
setsockopt
connect
WSACleanup
gethostbyname
socket
closesocket
recv
select
send
getsockname
gethostname
WSAStartup
htons

urlmon

URLDownloadToFileA

ole32

CoInitialize
CoCreateInstance

wininet

InternetCloseHandle

Sections

.text
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

f7580fa6734d86b31ee2927ea8d237f2

Headers

DLL Characteristics

File Characteristics

Imports

gdi32

kernel32

urlmon

ole32

msi

setupapi

user32

Sections

.rdata Size: 9KB - Virtual size: 8KB

.rdata Size: 1KB - Virtual size: 1KB

.data Size: 2KB - Virtual size: 5KB

.CODE Size: 91KB - Virtual size: 91KB

.CRT Size: 1KB - Virtual size: 1KB

216f3e7b7fd453fae9a36d867c553494

Headers

File Characteristics

Imports

msvcrt

kernel32

user32

advapi32

shell32

ws2_32

urlmon

ole32

wininet

Sections

.text Size: 24KB - Virtual size: 20KB

.rdata Size: 8KB - Virtual size: 4KB

.data Size: 4KB - Virtual size: 3KB

9390f8d829051930041e56ff3b7c3cc1

Headers

File Characteristics

Imports

mfc42

msvcrt

kernel32

user32

advapi32

shell32

urlmon

wininet

Sections

.text Size: 8KB - Virtual size: 7KB

.rdata Size: 8KB - Virtual size: 4KB

.data Size: 4KB - Virtual size: 1KB

.rsrc Size: 104KB - Virtual size: 103KB

6ceac9a861c5cab1625bb38abebf7718

Headers

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

shlwapi

oledlg

ole32

oleaut32

Sections

.text Size: 392KB - Virtual size: 389KB

.rdata Size: 112KB - Virtual size: 111KB

.data Size: 16KB - Virtual size: 28KB

.rsrc Size: 28KB - Virtual size: 26KB

9d2807cf0d49cbb8491992cc23de4bd2

Headers

DLL Characteristics

.rdata
Size: 9KB - Virtual size: 8KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: 2KB - Virtual size: 5KB

.CODE
Size: 91KB - Virtual size: 91KB

.CRT
Size: 1KB - Virtual size: 1KB

.text
Size: 24KB - Virtual size: 20KB

.rdata
Size: 8KB - Virtual size: 4KB

.data
Size: 4KB - Virtual size: 3KB

.text
Size: 8KB - Virtual size: 7KB

.rdata
Size: 8KB - Virtual size: 4KB

.data
Size: 4KB - Virtual size: 1KB

.rsrc
Size: 104KB - Virtual size: 103KB

.text
Size: 392KB - Virtual size: 389KB

.rdata
Size: 112KB - Virtual size: 111KB

.data
Size: 16KB - Virtual size: 28KB

.rsrc
Size: 28KB - Virtual size: 26KB

.text
Size: 97KB - Virtual size: 96KB

.rdata
Size: 22KB - Virtual size: 22KB

.data
Size: 5KB - Virtual size: 13KB

.rsrc
Size: 7.4MB - Virtual size: 7.4MB

.reloc
Size: 26KB - Virtual size: 25KB

.text
Size: - Virtual size: 1.8MB

.rdata
Size: - Virtual size: 549KB

.data
Size: - Virtual size: 45KB

.ghc0
Size: - Virtual size: 2.9MB

.ghc1
Size: 5.9MB - Virtual size: 5.9MB

.rsrc
Size: 512B - Virtual size: 480B

.text
Size: 24KB - Virtual size: 20KB

.rdata
Size: 8KB - Virtual size: 4KB

.data
Size: 4KB - Virtual size: 3KB