erhn[.]zip | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

erhn.zip
Size

24.4MB
MD5

8add99ce75a65d272d0e48da742f7b62
SHA1

27f925fcd53b77bdd20d36c7168adeddf3f0d6c8
SHA256

5ba5a0f8c567a0102edcd8cfe7e15d47c0d1eeec456f70e942222e00627b38a6
SHA512

118588a32e32a4460c8709b3d00a3d931cd00407b4bf9c2b4cd558265c92f54b6f83e988e0cb6f40ec4dae8cff5dc4c6e6cf6f3fc33a4fe396e2c24c432213cb
SSDEEP

786432:gvj223EpcDIpP5R4GJWgpmTzXmijqsOItKDOj223EpDHC0:gvj2wycDIFzJWA3ItKaj2wyZ

Score

3^/10

Malware Config

Signatures

Unsigned PE 15 IoCs

Checks for missing Authenticode signature.

resource
unpack001/056567a16f15423ce8f0e4d768aa72390851342dc369b9e8cc0b35ff586a529d
unpack001/057ddd701280eb7a8a7cb4cd441493bec1d3544010d9f3a3288209517df104e0
unpack001/12762775ee93b4ebffd5f749077bd7ffdac20272ca61c500d33135d3be3dc014
unpack001/72aef8be54ba9efd684c47c2964615e3fdc5890edec1c1107817386c8a76760d
unpack001/72ddbced999f33de0a977c40670cc1a87e9c8d80ec168a4eea6b4b4e6f3435dc
unpack001/740fe5343863ba017fd0b7d09ba4333b6f91062e201acfc96891c0e6676f4357
unpack001/78a80da889fb77e1536903aa1d2abef676b1663c0cdff25dc03f16254ea2168e
unpack001/a080fb72f5167c76a0076864e959058168d7fdf22699e51b865adc0688eebac9
unpack001/a1119bd0cc5a8b1fafa0fcc0919760a0b0891f2c2049c9f82f16d88217ab1887
unpack001/b21cbdc149f602922476ca279748712c60f77132524c582f3817b23a4ad77eb6
unpack001/b88accb5dbab80e8fcdff9d2b48a62a33fd035a9e78ab67b26a3d5fdc20e4d25
unpack001/cfd519d80745d05e3a2c5a1b7f395d575053ff31c0e8ff4472d8dff49c2845ad
unpack001/d11fc97bb490d3332beee47fb8a8b140b9b223b6c8759357b81d344dc946bdda
unpack001/da00357666393a9c817fdde25d5cc0cff323f98ce74f6af7d0e338dbf6b76ff5
unpack001/fa8d41da58cca90a7d0da10c608f8bcabec80ace20c60353152fb705e4cb7bee

Files

erhn.zip
.zip

Password: infected
056567a16f15423ce8f0e4d768aa72390851342dc369b9e8cc0b35ff586a529d
.exe windows x86

2c1d6f07319e916f23334deb261840fd

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetConsoleAliasesLengthW
EnumDateFormatsExW
FindResourceW
GlobalAddAtomA
EnumCalendarInfoW
_lwrite
ScrollConsoleScreenBufferW
AddConsoleAliasW
GetComputerNameW
GetTickCount
GetConsoleAliasesA
GlobalAlloc
LoadLibraryW
FreeConsole
EnumSystemCodePagesA
FindNextVolumeW
ReadFile
GetCompressedFileSizeA
SetThreadPriority
DisconnectNamedPipe
GetConsoleAliasesW
InterlockedExchange
GetProfileIntA
lstrlenA
SetLastError
lstrcmpiA
GetProcAddress
VirtualAlloc
LoadLibraryA
SetCurrentDirectoryW
GetOEMCP
GetModuleHandleA
SetLocaleInfoW
CreateMutexA
FatalAppExitA
SetProcessShutdownParameters
_lopen
OpenSemaphoreW
SetFileShortNameA
ReadConsoleInputW
GetWindowsDirectoryW
DeleteFileW
LocalFileTimeToFileTime
CreateFileA
CloseHandle
WriteConsoleW
OpenMutexW
GetDateFormatW
InterlockedIncrement
InterlockedDecrement
Sleep
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetLastError
HeapFree
MultiByteToWideChar
GetStartupInfoW
RtlUnwind
RaiseException
GetModuleHandleW
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
HeapAlloc
HeapCreate
VirtualFree
HeapReAlloc
SetHandleCount
GetFileType
GetStartupInfoA
TerminateProcess
GetCurrentProcess
IsDebuggerPresent
GetCPInfo
GetACP
IsValidCodePage
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
GetCurrentThreadId
GetModuleFileNameW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
HeapSize
GetLocaleInfoA
GetStringTypeA
GetStringTypeW
InitializeCriticalSectionAndSpinCount
SetFilePointer
WideCharToMultiByte
GetConsoleCP
GetConsoleMode
LCMapStringA
LCMapStringW
FlushFileBuffers
SetStdHandle
WriteConsoleA
GetConsoleOutputCP

user32

DdeQueryStringW
CharUpperBuffA
LoadMenuW
CharLowerBuffW

advapi32

InitializeAcl

Sections

.text
Size: 643KB - Virtual size: 643KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 127KB - Virtual size: 126KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
057ddd701280eb7a8a7cb4cd441493bec1d3544010d9f3a3288209517df104e0
.exe windows x86

a44ecf2f3e664a2e7c4e6e3b02eb9b4e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

EnumCalendarInfoA
GetProfileIntW
GetSystemWindowsDirectoryW
GetComputerNameW
CreateHardLinkA
LockFile
SetTapeParameters
GetModuleHandleW
GetTickCount
GetDateFormatA
GetVolumePathNameW
FindResourceExA
LoadLibraryW
ReadConsoleInputA
_hread
GetVersionExW
EnumSystemCodePagesA
FindNextVolumeW
ReplaceFileA
DisconnectNamedPipe
FlushFileBuffers
GetConsoleAliasesW
FindFirstFileA
OpenMutexW
GetLastError
FindResourceA
lstrcmpiA
GetProcAddress
GetLongPathNameA
BeginUpdateResourceW
EnumDateFormatsExA
CopyFileA
LoadLibraryA
LocalAlloc
SetCurrentDirectoryW
SetProcessWorkingSetSize
HeapWalk
SetLocaleInfoW
CreateMutexA
VirtualProtect
GetVersionExA
GetWindowsDirectoryW
FileTimeToLocalFileTime
lstrcpyA
CloseHandle
CreateFileA
GetModuleHandleA
WriteConsoleW
GetConsoleOutputCP
SetLastError
CreateMutexW
InterlockedIncrement
InterlockedDecrement
Sleep
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
UnhandledExceptionFilter
SetUnhandledExceptionFilter
MultiByteToWideChar
GetStartupInfoW
HeapFree
RtlUnwind
RaiseException
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
TerminateProcess
GetCurrentProcess
IsDebuggerPresent
HeapAlloc
WideCharToMultiByte
SetHandleCount
GetFileType
GetStartupInfoA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
GetCurrentThreadId
HeapSize
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
GetModuleFileNameW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
HeapCreate
VirtualFree
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
VirtualAlloc
HeapReAlloc
GetLocaleInfoA
GetStringTypeA
GetStringTypeW
InitializeCriticalSectionAndSpinCount
SetFilePointer
GetConsoleCP
GetConsoleMode
LCMapStringA
LCMapStringW
SetStdHandle
WriteConsoleA

user32

GetMenuBarInfo
CharLowerBuffW
CharUpperBuffA
DdeQueryStringA
GetClipboardOwner
CharToOemBuffA

advapi32

LogonUserW

Sections

.text
Size: 152KB - Virtual size: 151KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 260KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 141KB - Virtual size: 140KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
12762775ee93b4ebffd5f749077bd7ffdac20272ca61c500d33135d3be3dc014
.exe windows x86

2c1d6f07319e916f23334deb261840fd

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetConsoleAliasesLengthW
EnumDateFormatsExW
FindResourceW
GlobalAddAtomA
EnumCalendarInfoW
_lwrite
ScrollConsoleScreenBufferW
AddConsoleAliasW
GetComputerNameW
GetTickCount
GetConsoleAliasesA
GlobalAlloc
LoadLibraryW
FreeConsole
EnumSystemCodePagesA
FindNextVolumeW
ReadFile
GetCompressedFileSizeA
SetThreadPriority
DisconnectNamedPipe
GetConsoleAliasesW
InterlockedExchange
GetProfileIntA
lstrlenA
SetLastError
lstrcmpiA
GetProcAddress
VirtualAlloc
LoadLibraryA
SetCurrentDirectoryW
GetOEMCP
GetModuleHandleA
SetLocaleInfoW
CreateMutexA
FatalAppExitA
SetProcessShutdownParameters
_lopen
OpenSemaphoreW
SetFileShortNameA
ReadConsoleInputW
GetWindowsDirectoryW
DeleteFileW
LocalFileTimeToFileTime
CreateFileA
CloseHandle
WriteConsoleW
OpenMutexW
GetDateFormatW
InterlockedIncrement
InterlockedDecrement
Sleep
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetLastError
HeapFree
MultiByteToWideChar
GetStartupInfoW
RtlUnwind
RaiseException
GetModuleHandleW
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
HeapAlloc
HeapCreate
VirtualFree
HeapReAlloc
SetHandleCount
GetFileType
GetStartupInfoA
TerminateProcess
GetCurrentProcess
IsDebuggerPresent
GetCPInfo
GetACP
IsValidCodePage
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
GetCurrentThreadId
GetModuleFileNameW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
HeapSize
GetLocaleInfoA
GetStringTypeA
GetStringTypeW
InitializeCriticalSectionAndSpinCount
SetFilePointer
WideCharToMultiByte
GetConsoleCP
GetConsoleMode
LCMapStringA
LCMapStringW
FlushFileBuffers
SetStdHandle
WriteConsoleA
GetConsoleOutputCP

user32

DdeQueryStringW
CharUpperBuffA
LoadMenuW
CharLowerBuffW

advapi32

InitializeAcl

Sections

.text
Size: 145KB - Virtual size: 145KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 127KB - Virtual size: 126KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 11.2MB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
44c503bf0f13b5bb45b08ea9011f7557ae6db5cef4d256e625149d4d8339ac00
.exe windows x86

2c1d6f07319e916f23334deb261840fd

Code Sign

68:fc:a9:5d:a6:bf:6b:6d:74:e0:6b:0a:31:fa:ba:08
Certificate

Issuer

CN=522434573635311625120101053d123d53210e113336571014061e5d361525000421,POSTALCODE=10700,ST=0b1c1115005f5c4e0f020a1000040b144b0114+ST=0b1c1115494a5c111413080004511740571216140506085f501c465147571b51505119141402511b5716571c511b0904121c030e061111050a0600110102055b0c0b0a070b

Not Before

20-07-2023 05:10

Not After

19-07-2024 05:10

Subject

CN=522434573635311625120101053d123d53210e113336571014061e5d361525000421,POSTALCODE=10700,ST=0b1c1115005f5c4e0f020a1000040b144b0114+ST=0b1c1115494a5c111413080004511740571216140506085f501c465147571b51505119141402511b5716571c511b0904121c030e061111050a0600110102055b0c0b0a070b

9e:1c:a5:e5:c2:b2:df:e1:60:67:92:cc:69:98:d2:3c:a4:e2:20:80:ae:6f:37:3d:d0:25:fd:d9:d2:8e:a5:06
Signer

Actual PE Digest

9e:1c:a5:e5:c2:b2:df:e1:60:67:92:cc:69:98:d2:3c:a4:e2:20:80:ae:6f:37:3d:d0:25:fd:d9:d2:8e:a5:06

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetConsoleAliasesLengthW
EnumDateFormatsExW
FindResourceW
GlobalAddAtomA
EnumCalendarInfoW
_lwrite
ScrollConsoleScreenBufferW
AddConsoleAliasW
GetComputerNameW
GetTickCount
GetConsoleAliasesA
GlobalAlloc
LoadLibraryW
FreeConsole
EnumSystemCodePagesA
FindNextVolumeW
ReadFile
GetCompressedFileSizeA
SetThreadPriority
DisconnectNamedPipe
GetConsoleAliasesW
InterlockedExchange
GetProfileIntA
lstrlenA
SetLastError
lstrcmpiA
GetProcAddress
VirtualAlloc
LoadLibraryA
SetCurrentDirectoryW
GetOEMCP
GetModuleHandleA
SetLocaleInfoW
CreateMutexA
FatalAppExitA
SetProcessShutdownParameters
_lopen
OpenSemaphoreW
SetFileShortNameA
ReadConsoleInputW
GetWindowsDirectoryW
DeleteFileW
LocalFileTimeToFileTime
CreateFileA
CloseHandle
WriteConsoleW
OpenMutexW
GetDateFormatW
InterlockedIncrement
InterlockedDecrement
Sleep
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetLastError
HeapFree
MultiByteToWideChar
GetStartupInfoW
RtlUnwind
RaiseException
GetModuleHandleW
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
HeapAlloc
HeapCreate
VirtualFree
HeapReAlloc
SetHandleCount
GetFileType
GetStartupInfoA
TerminateProcess
GetCurrentProcess
IsDebuggerPresent
GetCPInfo
GetACP
IsValidCodePage
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
GetCurrentThreadId
GetModuleFileNameW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
HeapSize
GetLocaleInfoA
GetStringTypeA
GetStringTypeW
InitializeCriticalSectionAndSpinCount
SetFilePointer
WideCharToMultiByte
GetConsoleCP
GetConsoleMode
LCMapStringA
LCMapStringW
FlushFileBuffers
SetStdHandle
WriteConsoleA
GetConsoleOutputCP

user32

DdeQueryStringW
CharUpperBuffA
LoadMenuW
CharLowerBuffW

advapi32

InitializeAcl

Sections

.text
Size: 4.0MB - Virtual size: 4.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 127KB - Virtual size: 3.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
5368e701fb57804a8bdfb775620ca67e69a9ca664baba5a7991f4e12313904d3
.exe windows x86

2c1d6f07319e916f23334deb261840fd

Code Sign

20:5d:ac:3f:5e:59:9b:8d:89:c5:5e:68:41:be:6a:b5
Certificate

Issuer

CN=52263d520931235736570a2402571c4021122b211102515e242235323619033a0b11,POSTALCODE=10802,ST=0b1c1115005f5c4e070c070f071d06170b16145b0d0017+ST=0b1c1115494a5c5305080e17100e0340021d1116090d510a0d0c455712130f510c06110f020b0a100346090b065b0e06410b06530c151c1b191457400b12055b0c0b0a070b

Not Before

20-07-2023 05:11

Not After

19-07-2024 05:11

Subject

CN=52263d520931235736570a2402571c4021122b211102515e242235323619033a0b11,POSTALCODE=10802,ST=0b1c1115005f5c4e070c070f071d06170b16145b0d0017+ST=0b1c1115494a5c5305080e17100e0340021d1116090d510a0d0c455712130f510c06110f020b0a100346090b065b0e06410b06530c151c1b191457400b12055b0c0b0a070b

9e:1c:a5:e5:c2:b2:df:e1:60:67:92:cc:69:98:d2:3c:a4:e2:20:80:ae:6f:37:3d:d0:25:fd:d9:d2:8e:a5:06
Signer

Actual PE Digest

9e:1c:a5:e5:c2:b2:df:e1:60:67:92:cc:69:98:d2:3c:a4:e2:20:80:ae:6f:37:3d:d0:25:fd:d9:d2:8e:a5:06

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetConsoleAliasesLengthW
EnumDateFormatsExW
FindResourceW
GlobalAddAtomA
EnumCalendarInfoW
_lwrite
ScrollConsoleScreenBufferW
AddConsoleAliasW
GetComputerNameW
GetTickCount
GetConsoleAliasesA
GlobalAlloc
LoadLibraryW
FreeConsole
EnumSystemCodePagesA
FindNextVolumeW
ReadFile
GetCompressedFileSizeA
SetThreadPriority
DisconnectNamedPipe
GetConsoleAliasesW
InterlockedExchange
GetProfileIntA
lstrlenA
SetLastError
lstrcmpiA
GetProcAddress
VirtualAlloc
LoadLibraryA
SetCurrentDirectoryW
GetOEMCP
GetModuleHandleA
SetLocaleInfoW
CreateMutexA
FatalAppExitA
SetProcessShutdownParameters
_lopen
OpenSemaphoreW
SetFileShortNameA
ReadConsoleInputW
GetWindowsDirectoryW
DeleteFileW
LocalFileTimeToFileTime
CreateFileA
CloseHandle
WriteConsoleW
OpenMutexW
GetDateFormatW
InterlockedIncrement
InterlockedDecrement
Sleep
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetLastError
HeapFree
MultiByteToWideChar
GetStartupInfoW
RtlUnwind
RaiseException
GetModuleHandleW
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
HeapAlloc
HeapCreate
VirtualFree
HeapReAlloc
SetHandleCount
GetFileType
GetStartupInfoA
TerminateProcess
GetCurrentProcess
IsDebuggerPresent
GetCPInfo
GetACP
IsValidCodePage
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
GetCurrentThreadId
GetModuleFileNameW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
HeapSize
GetLocaleInfoA
GetStringTypeA
GetStringTypeW
InitializeCriticalSectionAndSpinCount
SetFilePointer
WideCharToMultiByte
GetConsoleCP
GetConsoleMode
LCMapStringA
LCMapStringW
FlushFileBuffers
SetStdHandle
WriteConsoleA
GetConsoleOutputCP

user32

DdeQueryStringW
CharUpperBuffA
LoadMenuW
CharLowerBuffW

advapi32

InitializeAcl

Sections

.text
Size: 4.0MB - Virtual size: 4.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 127KB - Virtual size: 3.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
5ed9a68214b71c56e553067abc72ce520588181dc69b7abf935a6b232a14f4dc
.exe windows x86

2c1d6f07319e916f23334deb261840fd

Code Sign

ae:a5:65:46:cd:65:54:f7:3f:21:f8:fa:95:f7:cf:f0
Certificate

Issuer

CN=52201f2f18311d572f560b271a020721531729232121351c16372a14042518241f2d,POSTALCODE=10805,ST=0b1c1115005f5c4e0f020a1000040b140d120e5b1010+ST=0b1c1115494a5c0203141202020e504510065319025209045100410317190c5653150d02501b141f001a0d01060a52121b130a53030f08110d1453190b1a055b0c0b0a070b

Not Before

20-07-2023 05:17

Not After

19-07-2024 05:17

Subject

CN=52201f2f18311d572f560b271a020721531729232121351c16372a14042518241f2d,POSTALCODE=10805,ST=0b1c1115005f5c4e0f020a1000040b140d120e5b1010+ST=0b1c1115494a5c0203141202020e504510065319025209045100410317190c5653150d02501b141f001a0d01060a52121b130a53030f08110d1453190b1a055b0c0b0a070b

9e:1c:a5:e5:c2:b2:df:e1:60:67:92:cc:69:98:d2:3c:a4:e2:20:80:ae:6f:37:3d:d0:25:fd:d9:d2:8e:a5:06
Signer

Actual PE Digest

9e:1c:a5:e5:c2:b2:df:e1:60:67:92:cc:69:98:d2:3c:a4:e2:20:80:ae:6f:37:3d:d0:25:fd:d9:d2:8e:a5:06

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetConsoleAliasesLengthW
EnumDateFormatsExW
FindResourceW
GlobalAddAtomA
EnumCalendarInfoW
_lwrite
ScrollConsoleScreenBufferW
AddConsoleAliasW
GetComputerNameW
GetTickCount
GetConsoleAliasesA
GlobalAlloc
LoadLibraryW
FreeConsole
EnumSystemCodePagesA
FindNextVolumeW
ReadFile
GetCompressedFileSizeA
SetThreadPriority
DisconnectNamedPipe
GetConsoleAliasesW
InterlockedExchange
GetProfileIntA
lstrlenA
SetLastError
lstrcmpiA
GetProcAddress
VirtualAlloc
LoadLibraryA
SetCurrentDirectoryW
GetOEMCP
GetModuleHandleA
SetLocaleInfoW
CreateMutexA
FatalAppExitA
SetProcessShutdownParameters
_lopen
OpenSemaphoreW
SetFileShortNameA
ReadConsoleInputW
GetWindowsDirectoryW
DeleteFileW
LocalFileTimeToFileTime
CreateFileA
CloseHandle
WriteConsoleW
OpenMutexW
GetDateFormatW
InterlockedIncrement
InterlockedDecrement
Sleep
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetLastError
HeapFree
MultiByteToWideChar
GetStartupInfoW
RtlUnwind
RaiseException
GetModuleHandleW
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
HeapAlloc
HeapCreate
VirtualFree
HeapReAlloc
SetHandleCount
GetFileType
GetStartupInfoA
TerminateProcess
GetCurrentProcess
IsDebuggerPresent
GetCPInfo
GetACP
IsValidCodePage
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
GetCurrentThreadId
GetModuleFileNameW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
HeapSize
GetLocaleInfoA
GetStringTypeA
GetStringTypeW
InitializeCriticalSectionAndSpinCount
SetFilePointer
WideCharToMultiByte
GetConsoleCP
GetConsoleMode
LCMapStringA
LCMapStringW
FlushFileBuffers
SetStdHandle
WriteConsoleA
GetConsoleOutputCP

user32

DdeQueryStringW
CharUpperBuffA
LoadMenuW
CharLowerBuffW

advapi32

InitializeAcl

Sections

.text
Size: 4.0MB - Virtual size: 4.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 127KB - Virtual size: 3.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
72aef8be54ba9efd684c47c2964615e3fdc5890edec1c1107817386c8a76760d
.exe windows x86

2c1d6f07319e916f23334deb261840fd

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetConsoleAliasesLengthW
EnumDateFormatsExW
FindResourceW
GlobalAddAtomA
EnumCalendarInfoW
_lwrite
ScrollConsoleScreenBufferW
AddConsoleAliasW
GetComputerNameW
GetTickCount
GetConsoleAliasesA
GlobalAlloc
LoadLibraryW
FreeConsole
EnumSystemCodePagesA
FindNextVolumeW
ReadFile
GetCompressedFileSizeA
SetThreadPriority
DisconnectNamedPipe
GetConsoleAliasesW
InterlockedExchange
GetProfileIntA
lstrlenA
SetLastError
lstrcmpiA
GetProcAddress
VirtualAlloc
LoadLibraryA
SetCurrentDirectoryW
GetOEMCP
GetModuleHandleA
SetLocaleInfoW
CreateMutexA
FatalAppExitA
SetProcessShutdownParameters
_lopen
OpenSemaphoreW
SetFileShortNameA
ReadConsoleInputW
GetWindowsDirectoryW
DeleteFileW
LocalFileTimeToFileTime
CreateFileA
CloseHandle
WriteConsoleW
OpenMutexW
GetDateFormatW
InterlockedIncrement
InterlockedDecrement
Sleep
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetLastError
HeapFree
MultiByteToWideChar
GetStartupInfoW
RtlUnwind
RaiseException
GetModuleHandleW
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
HeapAlloc
HeapCreate
VirtualFree
HeapReAlloc
SetHandleCount
GetFileType
GetStartupInfoA
TerminateProcess
GetCurrentProcess
IsDebuggerPresent
GetCPInfo
GetACP
IsValidCodePage
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
GetCurrentThreadId
GetModuleFileNameW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
HeapSize
GetLocaleInfoA
GetStringTypeA
GetStringTypeW
InitializeCriticalSectionAndSpinCount
SetFilePointer
WideCharToMultiByte
GetConsoleCP
GetConsoleMode
LCMapStringA
LCMapStringW
FlushFileBuffers
SetStdHandle
WriteConsoleA
GetConsoleOutputCP

user32

DdeQueryStringW
CharUpperBuffA
LoadMenuW
CharLowerBuffW

advapi32

InitializeAcl

Sections

.text
Size: 145KB - Virtual size: 145KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 127KB - Virtual size: 126KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
72ddbced999f33de0a977c40670cc1a87e9c8d80ec168a4eea6b4b4e6f3435dc
.exe windows x86

2c1d6f07319e916f23334deb261840fd

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetConsoleAliasesLengthW
EnumDateFormatsExW
FindResourceW
GlobalAddAtomA
EnumCalendarInfoW
_lwrite
ScrollConsoleScreenBufferW
AddConsoleAliasW
GetComputerNameW
GetTickCount
GetConsoleAliasesA
GlobalAlloc
LoadLibraryW
FreeConsole
EnumSystemCodePagesA
FindNextVolumeW
ReadFile
GetCompressedFileSizeA
SetThreadPriority
DisconnectNamedPipe
GetConsoleAliasesW
InterlockedExchange
GetProfileIntA
lstrlenA
SetLastError
lstrcmpiA
GetProcAddress
VirtualAlloc
LoadLibraryA
SetCurrentDirectoryW
GetOEMCP
GetModuleHandleA
SetLocaleInfoW
CreateMutexA
FatalAppExitA
SetProcessShutdownParameters
_lopen
OpenSemaphoreW
SetFileShortNameA
ReadConsoleInputW
GetWindowsDirectoryW
DeleteFileW
LocalFileTimeToFileTime
CreateFileA
CloseHandle
WriteConsoleW
OpenMutexW
GetDateFormatW
InterlockedIncrement
InterlockedDecrement
Sleep
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetLastError
HeapFree
MultiByteToWideChar
GetStartupInfoW
RtlUnwind
RaiseException
GetModuleHandleW
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
HeapAlloc
HeapCreate
VirtualFree
HeapReAlloc
SetHandleCount
GetFileType
GetStartupInfoA
TerminateProcess
GetCurrentProcess
IsDebuggerPresent
GetCPInfo
GetACP
IsValidCodePage
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
GetCurrentThreadId
GetModuleFileNameW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
HeapSize
GetLocaleInfoA
GetStringTypeA
GetStringTypeW
InitializeCriticalSectionAndSpinCount
SetFilePointer
WideCharToMultiByte
GetConsoleCP
GetConsoleMode
LCMapStringA
LCMapStringW
FlushFileBuffers
SetStdHandle
WriteConsoleA
GetConsoleOutputCP

user32

DdeQueryStringW
CharUpperBuffA
LoadMenuW
CharLowerBuffW

advapi32

InitializeAcl

Sections

.text
Size: 145KB - Virtual size: 145KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 127KB - Virtual size: 126KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
740fe5343863ba017fd0b7d09ba4333b6f91062e201acfc96891c0e6676f4357
.exe windows x86

2c1d6f07319e916f23334deb261840fd

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetConsoleAliasesLengthW
EnumDateFormatsExW
FindResourceW
GlobalAddAtomA
EnumCalendarInfoW
_lwrite
ScrollConsoleScreenBufferW
AddConsoleAliasW
GetComputerNameW
GetTickCount
GetConsoleAliasesA
GlobalAlloc
LoadLibraryW
FreeConsole
EnumSystemCodePagesA
FindNextVolumeW
ReadFile
GetCompressedFileSizeA
SetThreadPriority
DisconnectNamedPipe
GetConsoleAliasesW
InterlockedExchange
GetProfileIntA
lstrlenA
SetLastError
lstrcmpiA
GetProcAddress
VirtualAlloc
LoadLibraryA
SetCurrentDirectoryW
GetOEMCP
GetModuleHandleA
SetLocaleInfoW
CreateMutexA
FatalAppExitA
SetProcessShutdownParameters
_lopen
OpenSemaphoreW
SetFileShortNameA
ReadConsoleInputW
GetWindowsDirectoryW
DeleteFileW
LocalFileTimeToFileTime
CreateFileA
CloseHandle
WriteConsoleW
OpenMutexW
GetDateFormatW
InterlockedIncrement
InterlockedDecrement
Sleep
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetLastError
HeapFree
MultiByteToWideChar
GetStartupInfoW
RtlUnwind
RaiseException
GetModuleHandleW
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
HeapAlloc
HeapCreate
VirtualFree
HeapReAlloc
SetHandleCount
GetFileType
GetStartupInfoA
TerminateProcess
GetCurrentProcess
IsDebuggerPresent
GetCPInfo
GetACP
IsValidCodePage
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
GetCurrentThreadId
GetModuleFileNameW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
HeapSize
GetLocaleInfoA
GetStringTypeA
GetStringTypeW
InitializeCriticalSectionAndSpinCount
SetFilePointer
WideCharToMultiByte
GetConsoleCP
GetConsoleMode
LCMapStringA
LCMapStringW
FlushFileBuffers
SetStdHandle
WriteConsoleA
GetConsoleOutputCP

user32

DdeQueryStringW
CharUpperBuffA
LoadMenuW
CharLowerBuffW

advapi32

InitializeAcl

Sections

.text
Size: 644KB - Virtual size: 643KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 127KB - Virtual size: 126KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
78a80da889fb77e1536903aa1d2abef676b1663c0cdff25dc03f16254ea2168e
.exe windows x86

2c1d6f07319e916f23334deb261840fd

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetConsoleAliasesLengthW
EnumDateFormatsExW
FindResourceW
GlobalAddAtomA
EnumCalendarInfoW
_lwrite
ScrollConsoleScreenBufferW
AddConsoleAliasW
GetComputerNameW
GetTickCount
GetConsoleAliasesA
GlobalAlloc
LoadLibraryW
FreeConsole
EnumSystemCodePagesA
FindNextVolumeW
ReadFile
GetCompressedFileSizeA
SetThreadPriority
DisconnectNamedPipe
GetConsoleAliasesW
InterlockedExchange
GetProfileIntA
lstrlenA
SetLastError
lstrcmpiA
GetProcAddress
VirtualAlloc
LoadLibraryA
SetCurrentDirectoryW
GetOEMCP
GetModuleHandleA
SetLocaleInfoW
CreateMutexA
FatalAppExitA
SetProcessShutdownParameters
_lopen
OpenSemaphoreW
SetFileShortNameA
ReadConsoleInputW
GetWindowsDirectoryW
DeleteFileW
LocalFileTimeToFileTime
CreateFileA
CloseHandle
WriteConsoleW
OpenMutexW
GetDateFormatW
InterlockedIncrement
InterlockedDecrement
Sleep
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetLastError
HeapFree
MultiByteToWideChar
GetStartupInfoW
RtlUnwind
RaiseException
GetModuleHandleW
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
HeapAlloc
HeapCreate
VirtualFree
HeapReAlloc
SetHandleCount
GetFileType
GetStartupInfoA
TerminateProcess
GetCurrentProcess
IsDebuggerPresent
GetCPInfo
GetACP
IsValidCodePage
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
GetCurrentThreadId
GetModuleFileNameW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
HeapSize
GetLocaleInfoA
GetStringTypeA
GetStringTypeW
InitializeCriticalSectionAndSpinCount
SetFilePointer
WideCharToMultiByte
GetConsoleCP
GetConsoleMode
LCMapStringA
LCMapStringW
FlushFileBuffers
SetStdHandle
WriteConsoleA
GetConsoleOutputCP

user32

DdeQueryStringW
CharUpperBuffA
LoadMenuW
CharLowerBuffW

advapi32

InitializeAcl

Sections

.text
Size: 225KB - Virtual size: 224KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 127KB - Virtual size: 126KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
96baee1e2ee597a6046d347e0dd8aa873b82566e156ed79ece42648a822b03a5
.exe windows x86

2c1d6f07319e916f23334deb261840fd

Code Sign

98:9b:0f:b3:f0:f2:03:f0:bc:b3:e7:29:83:bc:f7:33
Certificate

Issuer

CN=525d0b323423120e110456060e332e32311412140236333d57310b361108382b0633,POSTALCODE=10801,ST=0b1c1115005f5c4ea5ddb5d9b9e5b4f74ba2e1a4e7+ST=0b1c1115494a5c0c14061615180a130112020714120f145c5107110011530255570b5e0b52161c1c1217060c175f1703011717030c091c0e19041d15170a055b0c0b0a070b

Not Before

20-07-2023 05:15

Not After

19-07-2024 05:15

Subject

CN=525d0b323423120e110456060e332e32311412140236333d57310b361108382b0633,POSTALCODE=10801,ST=0b1c1115005f5c4ea5ddb5d9b9e5b4f74ba2e1a4e7+ST=0b1c1115494a5c0c14061615180a130112020714120f145c5107110011530255570b5e0b52161c1c1217060c175f1703011717030c091c0e19041d15170a055b0c0b0a070b

9e:1c:a5:e5:c2:b2:df:e1:60:67:92:cc:69:98:d2:3c:a4:e2:20:80:ae:6f:37:3d:d0:25:fd:d9:d2:8e:a5:06
Signer

Actual PE Digest

9e:1c:a5:e5:c2:b2:df:e1:60:67:92:cc:69:98:d2:3c:a4:e2:20:80:ae:6f:37:3d:d0:25:fd:d9:d2:8e:a5:06

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetConsoleAliasesLengthW
EnumDateFormatsExW
FindResourceW
GlobalAddAtomA
EnumCalendarInfoW
_lwrite
ScrollConsoleScreenBufferW
AddConsoleAliasW
GetComputerNameW
GetTickCount
GetConsoleAliasesA
GlobalAlloc
LoadLibraryW
FreeConsole
EnumSystemCodePagesA
FindNextVolumeW
ReadFile
GetCompressedFileSizeA
SetThreadPriority
DisconnectNamedPipe
GetConsoleAliasesW
InterlockedExchange
GetProfileIntA
lstrlenA
SetLastError
lstrcmpiA
GetProcAddress
VirtualAlloc
LoadLibraryA
SetCurrentDirectoryW
GetOEMCP
GetModuleHandleA
SetLocaleInfoW
CreateMutexA
FatalAppExitA
SetProcessShutdownParameters
_lopen
OpenSemaphoreW
SetFileShortNameA
ReadConsoleInputW
GetWindowsDirectoryW
DeleteFileW
LocalFileTimeToFileTime
CreateFileA
CloseHandle
WriteConsoleW
OpenMutexW
GetDateFormatW
InterlockedIncrement
InterlockedDecrement
Sleep
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetLastError
HeapFree
MultiByteToWideChar
GetStartupInfoW
RtlUnwind
RaiseException
GetModuleHandleW
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
HeapAlloc
HeapCreate
VirtualFree
HeapReAlloc
SetHandleCount
GetFileType
GetStartupInfoA
TerminateProcess
GetCurrentProcess
IsDebuggerPresent
GetCPInfo
GetACP
IsValidCodePage
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
GetCurrentThreadId
GetModuleFileNameW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
HeapSize
GetLocaleInfoA
GetStringTypeA
GetStringTypeW
InitializeCriticalSectionAndSpinCount
SetFilePointer
WideCharToMultiByte
GetConsoleCP
GetConsoleMode
LCMapStringA
LCMapStringW
FlushFileBuffers
SetStdHandle
WriteConsoleA
GetConsoleOutputCP

user32

DdeQueryStringW
CharUpperBuffA
LoadMenuW
CharLowerBuffW

advapi32

InitializeAcl

Sections

.text
Size: 4.0MB - Virtual size: 4.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 127KB - Virtual size: 3.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
a080fb72f5167c76a0076864e959058168d7fdf22699e51b865adc0688eebac9
.exe windows x86

2c1d6f07319e916f23334deb261840fd

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetConsoleAliasesLengthW
EnumDateFormatsExW
FindResourceW
GlobalAddAtomA
EnumCalendarInfoW
_lwrite
ScrollConsoleScreenBufferW
AddConsoleAliasW
GetComputerNameW
GetTickCount
GetConsoleAliasesA
GlobalAlloc
LoadLibraryW
FreeConsole
EnumSystemCodePagesA
FindNextVolumeW
ReadFile
GetCompressedFileSizeA
SetThreadPriority
DisconnectNamedPipe
GetConsoleAliasesW
InterlockedExchange
GetProfileIntA
lstrlenA
SetLastError
lstrcmpiA
GetProcAddress
VirtualAlloc
LoadLibraryA
SetCurrentDirectoryW
GetOEMCP
GetModuleHandleA
SetLocaleInfoW
CreateMutexA
FatalAppExitA
SetProcessShutdownParameters
_lopen
OpenSemaphoreW
SetFileShortNameA
ReadConsoleInputW
GetWindowsDirectoryW
DeleteFileW
LocalFileTimeToFileTime
CreateFileA
CloseHandle
WriteConsoleW
OpenMutexW
GetDateFormatW
InterlockedIncrement
InterlockedDecrement
Sleep
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetLastError
HeapFree
MultiByteToWideChar
GetStartupInfoW
RtlUnwind
RaiseException
GetModuleHandleW
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
HeapAlloc
HeapCreate
VirtualFree
HeapReAlloc
SetHandleCount
GetFileType
GetStartupInfoA
TerminateProcess
GetCurrentProcess
IsDebuggerPresent
GetCPInfo
GetACP
IsValidCodePage
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
GetCurrentThreadId
GetModuleFileNameW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
HeapSize
GetLocaleInfoA
GetStringTypeA
GetStringTypeW
InitializeCriticalSectionAndSpinCount
SetFilePointer
WideCharToMultiByte
GetConsoleCP
GetConsoleMode
LCMapStringA
LCMapStringW
FlushFileBuffers
SetStdHandle
WriteConsoleA
GetConsoleOutputCP

user32

DdeQueryStringW
CharUpperBuffA
LoadMenuW
CharLowerBuffW

advapi32

InitializeAcl

Sections

.text
Size: 224KB - Virtual size: 224KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 127KB - Virtual size: 126KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
a1119bd0cc5a8b1fafa0fcc0919760a0b0891f2c2049c9f82f16d88217ab1887
.exe windows x86

171ca87c7d79f90a7375ae3063387bdb

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetComputerNameA
SetupComm
CreateMutexW
FindResourceA
EnumCalendarInfoA
GetConsoleAliasesLengthW
EnumDateFormatsExW
GetProfileIntW
AddConsoleAliasW
GetModuleHandleW
GetTickCount
GetConsoleAliasesA
GlobalAlloc
LoadLibraryW
ReadConsoleInputA
CopyFileW
ReadFile
GetVolumePathNameA
lstrlenW
DisconnectNamedPipe
SetCurrentDirectoryA
GetLastError
SetLastError
GetProcAddress
BeginUpdateResourceW
IsValidCodePage
EnumSystemCodePagesW
LoadLibraryA
OpenMutexA
lstrcmpiW
SetLocaleInfoW
CreateMutexA
SetProcessShutdownParameters
_lopen
SetFileShortNameA
GetVersionExA
GetWindowsDirectoryW
FileTimeToLocalFileTime
AddConsoleAliasA
lstrcpyA
CreateFileA
CloseHandle
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
FlushFileBuffers
LCMapStringW
InterlockedIncrement
InterlockedDecrement
Sleep
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
UnhandledExceptionFilter
SetUnhandledExceptionFilter
HeapFree
MultiByteToWideChar
ExitProcess
GetStartupInfoW
RtlUnwind
RaiseException
WriteFile
GetStdHandle
GetModuleFileNameA
HeapAlloc
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
SetHandleCount
GetFileType
GetStartupInfoA
TerminateProcess
GetCurrentProcess
IsDebuggerPresent
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
GetCurrentThreadId
HeapSize
GetCPInfo
GetACP
GetOEMCP
InitializeCriticalSectionAndSpinCount
GetModuleFileNameW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetLocaleInfoA
GetStringTypeA
GetStringTypeW
SetFilePointer
WideCharToMultiByte
GetConsoleCP
GetConsoleMode
LCMapStringA

user32

EnumDesktopWindows
CharToOemBuffA
CharUpperBuffW
GetMenuBarInfo
CharLowerBuffW
UnhookWinEvent
DdeQueryStringW
CharUpperBuffA
LoadMenuW
LoadBitmapW
SetClipboardViewer

Sections

.text
Size: 134KB - Virtual size: 133KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 1.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 102KB - Virtual size: 102KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
b21cbdc149f602922476ca279748712c60f77132524c582f3817b23a4ad77eb6
.exe windows x86

2c1d6f07319e916f23334deb261840fd

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetConsoleAliasesLengthW
EnumDateFormatsExW
FindResourceW
GlobalAddAtomA
EnumCalendarInfoW
_lwrite
ScrollConsoleScreenBufferW
AddConsoleAliasW
GetComputerNameW
GetTickCount
GetConsoleAliasesA
GlobalAlloc
LoadLibraryW
FreeConsole
EnumSystemCodePagesA
FindNextVolumeW
ReadFile
GetCompressedFileSizeA
SetThreadPriority
DisconnectNamedPipe
GetConsoleAliasesW
InterlockedExchange
GetProfileIntA
lstrlenA
SetLastError
lstrcmpiA
GetProcAddress
VirtualAlloc
LoadLibraryA
SetCurrentDirectoryW
GetOEMCP
GetModuleHandleA
SetLocaleInfoW
CreateMutexA
FatalAppExitA
SetProcessShutdownParameters
_lopen
OpenSemaphoreW
SetFileShortNameA
ReadConsoleInputW
GetWindowsDirectoryW
DeleteFileW
LocalFileTimeToFileTime
CreateFileA
CloseHandle
WriteConsoleW
OpenMutexW
GetDateFormatW
InterlockedIncrement
InterlockedDecrement
Sleep
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetLastError
HeapFree
MultiByteToWideChar
GetStartupInfoW
RtlUnwind
RaiseException
GetModuleHandleW
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
HeapAlloc
HeapCreate
VirtualFree
HeapReAlloc
SetHandleCount
GetFileType
GetStartupInfoA
TerminateProcess
GetCurrentProcess
IsDebuggerPresent
GetCPInfo
GetACP
IsValidCodePage
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
GetCurrentThreadId
GetModuleFileNameW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
HeapSize
GetLocaleInfoA
GetStringTypeA
GetStringTypeW
InitializeCriticalSectionAndSpinCount
SetFilePointer
WideCharToMultiByte
GetConsoleCP
GetConsoleMode
LCMapStringA
LCMapStringW
FlushFileBuffers
SetStdHandle
WriteConsoleA
GetConsoleOutputCP

user32

DdeQueryStringW
CharUpperBuffA
LoadMenuW
CharLowerBuffW

advapi32

InitializeAcl

Sections

.text
Size: 232KB - Virtual size: 232KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 127KB - Virtual size: 126KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
b88accb5dbab80e8fcdff9d2b48a62a33fd035a9e78ab67b26a3d5fdc20e4d25
.exe windows x86

2c1d6f07319e916f23334deb261840fd

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetConsoleAliasesLengthW
EnumDateFormatsExW
FindResourceW
GlobalAddAtomA
EnumCalendarInfoW
_lwrite
ScrollConsoleScreenBufferW
AddConsoleAliasW
GetComputerNameW
GetTickCount
GetConsoleAliasesA
GlobalAlloc
LoadLibraryW
FreeConsole
EnumSystemCodePagesA
FindNextVolumeW
ReadFile
GetCompressedFileSizeA
SetThreadPriority
DisconnectNamedPipe
GetConsoleAliasesW
InterlockedExchange
GetProfileIntA
lstrlenA
SetLastError
lstrcmpiA
GetProcAddress
VirtualAlloc
LoadLibraryA
SetCurrentDirectoryW
GetOEMCP
GetModuleHandleA
SetLocaleInfoW
CreateMutexA
FatalAppExitA
SetProcessShutdownParameters
_lopen
OpenSemaphoreW
SetFileShortNameA
ReadConsoleInputW
GetWindowsDirectoryW
DeleteFileW
LocalFileTimeToFileTime
CreateFileA
CloseHandle
WriteConsoleW
OpenMutexW
GetDateFormatW
InterlockedIncrement
InterlockedDecrement
Sleep
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetLastError
HeapFree
MultiByteToWideChar
GetStartupInfoW
RtlUnwind
RaiseException
GetModuleHandleW
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
HeapAlloc
HeapCreate
VirtualFree
HeapReAlloc
SetHandleCount
GetFileType
GetStartupInfoA
TerminateProcess
GetCurrentProcess
IsDebuggerPresent
GetCPInfo
GetACP
IsValidCodePage
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
GetCurrentThreadId
GetModuleFileNameW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
HeapSize
GetLocaleInfoA
GetStringTypeA
GetStringTypeW
InitializeCriticalSectionAndSpinCount
SetFilePointer
WideCharToMultiByte
GetConsoleCP
GetConsoleMode
LCMapStringA
LCMapStringW
FlushFileBuffers
SetStdHandle
WriteConsoleA
GetConsoleOutputCP

user32

DdeQueryStringW
CharUpperBuffA
LoadMenuW
CharLowerBuffW

advapi32

InitializeAcl

Sections

.text
Size: 146KB - Virtual size: 145KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 127KB - Virtual size: 126KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
cfd519d80745d05e3a2c5a1b7f395d575053ff31c0e8ff4472d8dff49c2845ad
.exe windows x86

2c1d6f07319e916f23334deb261840fd

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetConsoleAliasesLengthW
EnumDateFormatsExW
FindResourceW
GlobalAddAtomA
EnumCalendarInfoW
_lwrite
ScrollConsoleScreenBufferW
AddConsoleAliasW
GetComputerNameW
GetTickCount
GetConsoleAliasesA
GlobalAlloc
LoadLibraryW
FreeConsole
EnumSystemCodePagesA
FindNextVolumeW
ReadFile
GetCompressedFileSizeA
SetThreadPriority
DisconnectNamedPipe
GetConsoleAliasesW
InterlockedExchange
GetProfileIntA
lstrlenA
SetLastError
lstrcmpiA
GetProcAddress
VirtualAlloc
LoadLibraryA
SetCurrentDirectoryW
GetOEMCP
GetModuleHandleA
SetLocaleInfoW
CreateMutexA
FatalAppExitA
SetProcessShutdownParameters
_lopen
OpenSemaphoreW
SetFileShortNameA
ReadConsoleInputW
GetWindowsDirectoryW
DeleteFileW
LocalFileTimeToFileTime
CreateFileA
CloseHandle
WriteConsoleW
OpenMutexW
GetDateFormatW
InterlockedIncrement
InterlockedDecrement
Sleep
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetLastError
HeapFree
MultiByteToWideChar
GetStartupInfoW
RtlUnwind
RaiseException
GetModuleHandleW
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
HeapAlloc
HeapCreate
VirtualFree
HeapReAlloc
SetHandleCount
GetFileType
GetStartupInfoA
TerminateProcess
GetCurrentProcess
IsDebuggerPresent
GetCPInfo
GetACP
IsValidCodePage
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
GetCurrentThreadId
GetModuleFileNameW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
HeapSize
GetLocaleInfoA
GetStringTypeA
GetStringTypeW
InitializeCriticalSectionAndSpinCount
SetFilePointer
WideCharToMultiByte
GetConsoleCP
GetConsoleMode
LCMapStringA
LCMapStringW
FlushFileBuffers
SetStdHandle
WriteConsoleA
GetConsoleOutputCP

user32

DdeQueryStringW
CharUpperBuffA
LoadMenuW
CharLowerBuffW

advapi32

InitializeAcl

Sections

.text
Size: 446KB - Virtual size: 446KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 127KB - Virtual size: 126KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
d11fc97bb490d3332beee47fb8a8b140b9b223b6c8759357b81d344dc946bdda
.exe windows x86

2c1d6f07319e916f23334deb261840fd

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetConsoleAliasesLengthW
EnumDateFormatsExW
FindResourceW
GlobalAddAtomA
EnumCalendarInfoW
_lwrite
ScrollConsoleScreenBufferW
AddConsoleAliasW
GetComputerNameW
GetTickCount
GetConsoleAliasesA
GlobalAlloc
LoadLibraryW
FreeConsole
EnumSystemCodePagesA
FindNextVolumeW
ReadFile
GetCompressedFileSizeA
SetThreadPriority
DisconnectNamedPipe
GetConsoleAliasesW
InterlockedExchange
GetProfileIntA
lstrlenA
SetLastError
lstrcmpiA
GetProcAddress
VirtualAlloc
LoadLibraryA
SetCurrentDirectoryW
GetOEMCP
GetModuleHandleA
SetLocaleInfoW
CreateMutexA
FatalAppExitA
SetProcessShutdownParameters
_lopen
OpenSemaphoreW
SetFileShortNameA
ReadConsoleInputW
GetWindowsDirectoryW
DeleteFileW
LocalFileTimeToFileTime
CreateFileA
CloseHandle
WriteConsoleW
OpenMutexW
GetDateFormatW
InterlockedIncrement
InterlockedDecrement
Sleep
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetLastError
HeapFree
MultiByteToWideChar
GetStartupInfoW
RtlUnwind
RaiseException
GetModuleHandleW
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
HeapAlloc
HeapCreate
VirtualFree
HeapReAlloc
SetHandleCount
GetFileType
GetStartupInfoA
TerminateProcess
GetCurrentProcess
IsDebuggerPresent
GetCPInfo
GetACP
IsValidCodePage
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
GetCurrentThreadId
GetModuleFileNameW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
HeapSize
GetLocaleInfoA
GetStringTypeA
GetStringTypeW
InitializeCriticalSectionAndSpinCount
SetFilePointer
WideCharToMultiByte
GetConsoleCP
GetConsoleMode
LCMapStringA
LCMapStringW
FlushFileBuffers
SetStdHandle
WriteConsoleA
GetConsoleOutputCP

user32

DdeQueryStringW
CharUpperBuffA
LoadMenuW
CharLowerBuffW

advapi32

InitializeAcl

Sections

.text
Size: 145KB - Virtual size: 144KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 127KB - Virtual size: 126KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
da00357666393a9c817fdde25d5cc0cff323f98ce74f6af7d0e338dbf6b76ff5
.exe windows x86

2c1d6f07319e916f23334deb261840fd

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetConsoleAliasesLengthW
EnumDateFormatsExW
FindResourceW
GlobalAddAtomA
EnumCalendarInfoW
_lwrite
ScrollConsoleScreenBufferW
AddConsoleAliasW
GetComputerNameW
GetTickCount
GetConsoleAliasesA
GlobalAlloc
LoadLibraryW
FreeConsole
EnumSystemCodePagesA
FindNextVolumeW
ReadFile
GetCompressedFileSizeA
SetThreadPriority
DisconnectNamedPipe
GetConsoleAliasesW
InterlockedExchange
GetProfileIntA
lstrlenA
SetLastError
lstrcmpiA
GetProcAddress
VirtualAlloc
LoadLibraryA
SetCurrentDirectoryW
GetOEMCP
GetModuleHandleA
SetLocaleInfoW
CreateMutexA
FatalAppExitA
SetProcessShutdownParameters
_lopen
OpenSemaphoreW
SetFileShortNameA
ReadConsoleInputW
GetWindowsDirectoryW
DeleteFileW
LocalFileTimeToFileTime
CreateFileA
CloseHandle
WriteConsoleW
OpenMutexW
GetDateFormatW
InterlockedIncrement
InterlockedDecrement
Sleep
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetLastError
HeapFree
MultiByteToWideChar
GetStartupInfoW
RtlUnwind
RaiseException
GetModuleHandleW
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
HeapAlloc
HeapCreate
VirtualFree
HeapReAlloc
SetHandleCount
GetFileType
GetStartupInfoA
TerminateProcess
GetCurrentProcess
IsDebuggerPresent
GetCPInfo
GetACP
IsValidCodePage
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
GetCurrentThreadId
GetModuleFileNameW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
HeapSize
GetLocaleInfoA
GetStringTypeA
GetStringTypeW
InitializeCriticalSectionAndSpinCount
SetFilePointer
WideCharToMultiByte
GetConsoleCP
GetConsoleMode
LCMapStringA
LCMapStringW
FlushFileBuffers
SetStdHandle
WriteConsoleA
GetConsoleOutputCP

user32

DdeQueryStringW
CharUpperBuffA
LoadMenuW
CharLowerBuffW

advapi32

InitializeAcl

Sections

.text
Size: 217KB - Virtual size: 216KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 127KB - Virtual size: 126KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ee493346d2c73515557ce5a2e8f57db398801083444be904f5c7d5c0570c0177
.exe windows x86

2c1d6f07319e916f23334deb261840fd

Code Sign

cb:7e:dc:34:f0:f1:3a:e0:a0:6f:3d:94:21:f6:0a:67
Certificate

Issuer

CN=52251f5711571c0f0d0d243a002f3139341c263d07362111531206573b1100053331,POSTALCODE=10812,ST=0b1c1115005f5c4e010c110c12040e5d0b1615+ST=0b1c1115494a5c0e46050a0d120f1645561d521a15010e0a07500703161643105207180c51000c010f1413070a07025344080a0019190c561800501c570a055b0c0b0a070b

Not Before

20-07-2023 05:12

Not After

19-07-2024 05:12

Subject

CN=52251f5711571c0f0d0d243a002f3139341c263d07362111531206573b1100053331,POSTALCODE=10812,ST=0b1c1115005f5c4e010c110c12040e5d0b1615+ST=0b1c1115494a5c0e46050a0d120f1645561d521a15010e0a07500703161643105207180c51000c010f1413070a07025344080a0019190c561800501c570a055b0c0b0a070b

9e:1c:a5:e5:c2:b2:df:e1:60:67:92:cc:69:98:d2:3c:a4:e2:20:80:ae:6f:37:3d:d0:25:fd:d9:d2:8e:a5:06
Signer

Actual PE Digest

9e:1c:a5:e5:c2:b2:df:e1:60:67:92:cc:69:98:d2:3c:a4:e2:20:80:ae:6f:37:3d:d0:25:fd:d9:d2:8e:a5:06

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetConsoleAliasesLengthW
EnumDateFormatsExW
FindResourceW
GlobalAddAtomA
EnumCalendarInfoW
_lwrite
ScrollConsoleScreenBufferW
AddConsoleAliasW
GetComputerNameW
GetTickCount
GetConsoleAliasesA
GlobalAlloc
LoadLibraryW
FreeConsole
EnumSystemCodePagesA
FindNextVolumeW
ReadFile
GetCompressedFileSizeA
SetThreadPriority
DisconnectNamedPipe
GetConsoleAliasesW
InterlockedExchange
GetProfileIntA
lstrlenA
SetLastError
lstrcmpiA
GetProcAddress
VirtualAlloc
LoadLibraryA
SetCurrentDirectoryW
GetOEMCP
GetModuleHandleA
SetLocaleInfoW
CreateMutexA
FatalAppExitA
SetProcessShutdownParameters
_lopen
OpenSemaphoreW
SetFileShortNameA
ReadConsoleInputW
GetWindowsDirectoryW
DeleteFileW
LocalFileTimeToFileTime
CreateFileA
CloseHandle
WriteConsoleW
OpenMutexW
GetDateFormatW
InterlockedIncrement
InterlockedDecrement
Sleep
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetLastError
HeapFree
MultiByteToWideChar
GetStartupInfoW
RtlUnwind
RaiseException
GetModuleHandleW
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
HeapAlloc
HeapCreate
VirtualFree
HeapReAlloc
SetHandleCount
GetFileType
GetStartupInfoA
TerminateProcess
GetCurrentProcess
IsDebuggerPresent
GetCPInfo
GetACP
IsValidCodePage
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
GetCurrentThreadId
GetModuleFileNameW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
HeapSize
GetLocaleInfoA
GetStringTypeA
GetStringTypeW
InitializeCriticalSectionAndSpinCount
SetFilePointer
WideCharToMultiByte
GetConsoleCP
GetConsoleMode
LCMapStringA
LCMapStringW
FlushFileBuffers
SetStdHandle
WriteConsoleA
GetConsoleOutputCP

user32

DdeQueryStringW
CharUpperBuffA
LoadMenuW
CharLowerBuffW

advapi32

InitializeAcl

Sections

.text
Size: 4.0MB - Virtual size: 4.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 127KB - Virtual size: 3.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
fa8d41da58cca90a7d0da10c608f8bcabec80ace20c60353152fb705e4cb7bee
.exe windows x86

2c1d6f07319e916f23334deb261840fd

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetConsoleAliasesLengthW
EnumDateFormatsExW
FindResourceW
GlobalAddAtomA
EnumCalendarInfoW
_lwrite
ScrollConsoleScreenBufferW
AddConsoleAliasW
GetComputerNameW
GetTickCount
GetConsoleAliasesA
GlobalAlloc
LoadLibraryW
FreeConsole
EnumSystemCodePagesA
FindNextVolumeW
ReadFile
GetCompressedFileSizeA
SetThreadPriority
DisconnectNamedPipe
GetConsoleAliasesW
InterlockedExchange
GetProfileIntA
lstrlenA
SetLastError
lstrcmpiA
GetProcAddress
VirtualAlloc
LoadLibraryA
SetCurrentDirectoryW
GetOEMCP
GetModuleHandleA
SetLocaleInfoW
CreateMutexA
FatalAppExitA
SetProcessShutdownParameters
_lopen
OpenSemaphoreW
SetFileShortNameA
ReadConsoleInputW
GetWindowsDirectoryW
DeleteFileW
LocalFileTimeToFileTime
CreateFileA
CloseHandle
WriteConsoleW
OpenMutexW
GetDateFormatW
InterlockedIncrement
InterlockedDecrement
Sleep
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetLastError
HeapFree
MultiByteToWideChar
GetStartupInfoW
RtlUnwind
RaiseException
GetModuleHandleW
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
HeapAlloc
HeapCreate
VirtualFree
HeapReAlloc
SetHandleCount
GetFileType
GetStartupInfoA
TerminateProcess
GetCurrentProcess
IsDebuggerPresent
GetCPInfo
GetACP
IsValidCodePage
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
GetCurrentThreadId
GetModuleFileNameW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
HeapSize
GetLocaleInfoA
GetStringTypeA
GetStringTypeW
InitializeCriticalSectionAndSpinCount
SetFilePointer
WideCharToMultiByte
GetConsoleCP
GetConsoleMode
LCMapStringA
LCMapStringW
FlushFileBuffers
SetStdHandle
WriteConsoleA
GetConsoleOutputCP

user32

DdeQueryStringW
CharUpperBuffA
LoadMenuW
CharLowerBuffW

advapi32

InitializeAcl

Sections

.text
Size: 145KB - Virtual size: 145KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 127KB - Virtual size: 126KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 10.0MB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

2c1d6f07319e916f23334deb261840fd

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

Sections

.text Size: 643KB - Virtual size: 643KB

.data Size: 6KB - Virtual size: 1.3MB

.rsrc Size: 127KB - Virtual size: 126KB

.reloc Size: 11KB - Virtual size: 11KB

a44ecf2f3e664a2e7c4e6e3b02eb9b4e

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

Sections

.text Size: 152KB - Virtual size: 151KB

.data Size: 7KB - Virtual size: 260KB

.rsrc Size: 141KB - Virtual size: 140KB

.reloc Size: 8KB - Virtual size: 7KB

2c1d6f07319e916f23334deb261840fd

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

Sections

.text Size: 145KB - Virtual size: 145KB

.data Size: 6KB - Virtual size: 1.3MB

.rsrc Size: 127KB - Virtual size: 126KB

.reloc Size: 11.2MB - Virtual size: 9KB

2c1d6f07319e916f23334deb261840fd

Code Sign

68:fc:a9:5d:a6:bf:6b:6d:74:e0:6b:0a:31:fa:ba:08Certificate

9e:1c:a5:e5:c2:b2:df:e1:60:67:92:cc:69:98:d2:3c:a4:e2:20:80:ae:6f:37:3d:d0:25:fd:d9:d2:8e:a5:06Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

Sections

.text Size: 4.0MB - Virtual size: 4.0MB

.data Size: 6KB - Virtual size: 1.3MB

.rsrc Size: 127KB - Virtual size: 3.8MB

.reloc Size: 20KB - Virtual size: 19KB

2c1d6f07319e916f23334deb261840fd

Code Sign

20:5d:ac:3f:5e:59:9b:8d:89:c5:5e:68:41:be:6a:b5Certificate

9e:1c:a5:e5:c2:b2:df:e1:60:67:92:cc:69:98:d2:3c:a4:e2:20:80:ae:6f:37:3d:d0:25:fd:d9:d2:8e:a5:06Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

Sections

.text Size: 4.0MB - Virtual size: 4.0MB

.data Size: 6KB - Virtual size: 1.3MB

.rsrc Size: 127KB - Virtual size: 3.8MB

.reloc Size: 20KB - Virtual size: 19KB

2c1d6f07319e916f23334deb261840fd

Code Sign

ae:a5:65:46:cd:65:54:f7:3f:21:f8:fa:95:f7:cf:f0Certificate

.text
Size: 643KB - Virtual size: 643KB

.data
Size: 6KB - Virtual size: 1.3MB

.rsrc
Size: 127KB - Virtual size: 126KB

.reloc
Size: 11KB - Virtual size: 11KB

.text
Size: 152KB - Virtual size: 151KB

.data
Size: 7KB - Virtual size: 260KB

.rsrc
Size: 141KB - Virtual size: 140KB

.reloc
Size: 8KB - Virtual size: 7KB

.text
Size: 145KB - Virtual size: 145KB

.data
Size: 6KB - Virtual size: 1.3MB

.rsrc
Size: 127KB - Virtual size: 126KB

.reloc
Size: 11.2MB - Virtual size: 9KB

68:fc:a9:5d:a6:bf:6b:6d:74:e0:6b:0a:31:fa:ba:08
Certificate

9e:1c:a5:e5:c2:b2:df:e1:60:67:92:cc:69:98:d2:3c:a4:e2:20:80:ae:6f:37:3d:d0:25:fd:d9:d2:8e:a5:06
Signer

.text
Size: 4.0MB - Virtual size: 4.0MB

.data
Size: 6KB - Virtual size: 1.3MB

.rsrc
Size: 127KB - Virtual size: 3.8MB

.reloc
Size: 20KB - Virtual size: 19KB

20:5d:ac:3f:5e:59:9b:8d:89:c5:5e:68:41:be:6a:b5
Certificate

9e:1c:a5:e5:c2:b2:df:e1:60:67:92:cc:69:98:d2:3c:a4:e2:20:80:ae:6f:37:3d:d0:25:fd:d9:d2:8e:a5:06
Signer

.text
Size: 4.0MB - Virtual size: 4.0MB

.data
Size: 6KB - Virtual size: 1.3MB

.rsrc
Size: 127KB - Virtual size: 3.8MB

.reloc
Size: 20KB - Virtual size: 19KB

ae:a5:65:46:cd:65:54:f7:3f:21:f8:fa:95:f7:cf:f0
Certificate

9e:1c:a5:e5:c2:b2:df:e1:60:67:92:cc:69:98:d2:3c:a4:e2:20:80:ae:6f:37:3d:d0:25:fd:d9:d2:8e:a5:06
Signer

.text
Size: 4.0MB - Virtual size: 4.0MB

.data
Size: 6KB - Virtual size: 1.3MB

.rsrc
Size: 127KB - Virtual size: 3.8MB

.reloc
Size: 20KB - Virtual size: 19KB

.text
Size: 145KB - Virtual size: 145KB

.data
Size: 6KB - Virtual size: 1.3MB

.rsrc
Size: 127KB - Virtual size: 126KB

.reloc
Size: 10KB - Virtual size: 9KB

.text
Size: 145KB - Virtual size: 145KB

.data
Size: 6KB - Virtual size: 1.3MB

.rsrc
Size: 127KB - Virtual size: 126KB

.reloc
Size: 10KB - Virtual size: 9KB

.text
Size: 644KB - Virtual size: 643KB

.data
Size: 6KB - Virtual size: 1.3MB

.rsrc
Size: 127KB - Virtual size: 126KB

.reloc
Size: 11KB - Virtual size: 11KB

.text
Size: 225KB - Virtual size: 224KB

.data
Size: 6KB - Virtual size: 1.3MB

.rsrc
Size: 127KB - Virtual size: 126KB

.reloc
Size: 10KB - Virtual size: 10KB

98:9b:0f:b3:f0:f2:03:f0:bc:b3:e7:29:83:bc:f7:33
Certificate

9e:1c:a5:e5:c2:b2:df:e1:60:67:92:cc:69:98:d2:3c:a4:e2:20:80:ae:6f:37:3d:d0:25:fd:d9:d2:8e:a5:06
Signer