sessionmanager | up[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

up.zip
Size

29.1MB
MD5

8e55ac85297f10a09b3445311e21ee69
SHA1

337faa8462151bf3671d59dac6882320e60e4c0a
SHA256

7ac82c97b884b5ff5ae1699d793d7c0101d2484b597cbae9b7516a2bde8091c5
SHA512

0cc153d18f9cabffffea481e697757306b6ea0c3be4a5f53f1d21a277f58fcd4c135ae6b7a6732952422641e6b6e942d3b1e51112efa30c0a15d2e08ae6065a6
SSDEEP

786432:vBcQV0RGzCr2i+3vUO11Od4W9I6DsENIen86Won4bD:yI0RGzCrF+3vNOCyI6scn8634v

Score

10^/10

backdoor loader sessionmanager magicrat purecrypter

Malware Config

Signatures

Detect PureCrypter injector 6 IoCs

loader

resource	yara_rule
static1/unpack001/Purecrypter12_browsingExe.exe	family_purecrypter
static1/unpack001/Purecrypter16_browsingExe.exe	family_purecrypter
static1/unpack001/Purecrypter28_browsingExe.exe	family_purecrypter
static1/unpack001/Purecrypter3_browsing7Exe_2.exe	family_purecrypter
static1/unpack001/Purecrypter45_browsingExe.exe	family_purecrypter
static1/unpack001/Purecrypter50_browsingExe.exe	family_purecrypter

Detected MagicRAT payload 1 IoCs

resource	yara_rule
static1/unpack001/Magicratbggdhgejff1_browsingExe.exe	family_magicrat

Detected SessionManager backdoor 1 IoCs

backdoor

resource	yara_rule
static1/unpack001/Iisbgfhaciadc2_browsingDll.dll	family_sessionmanager

Magicrat family
magicrat
Purecrypter family
purecrypter
Sessionmanager family
sessionmanager

Unsigned PE 16 IoCs

Checks for missing Authenticode signature.

resource
unpack002/vcruntime140.dll
unpack002/vctool140.dll
unpack001/Iisbgfhaciadc2_browsingDll.dll
unpack001/Iranbggaiajfbi13_browsingExe.exe
unpack001/Knotweedbgfjcfhafh13_browsingDll.dll
unpack001/Magicratbggdhgejff1_browsingExe.exe
unpack001/Newlogforshell18_browsingExe.exe
unpack001/Purecrypter12_browsingExe.exe
unpack001/Purecrypter16_browsingExe.exe
unpack001/Purecrypter28_browsingExe.exe
unpack001/Purecrypter3_browsing7Exe_2.exe
unpack001/Purecrypter45_browsingExe.exe
unpack001/Purecrypter50_browsingExe.exe
unpack001/Redeembgfighcgda1_browsingExe.exe
unpack001/Xfourk15_browsingExe.exe
unpack001/Xfourk19_browsingExe.exe

Files

up.zip
.zip
Cloakedbgfjfjjaea5_browsingIso.iso
.iso
Information.lnk
.lnk
_
agenda.exe
.exe windows x64

ae76f6354c75c58b47b250b7fb349fb3

Code Sign

01:1f:39:a2:26:1a:99:3d:d1:51:76:da:6f:e4:fb:ea
Certificate

Issuer

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

19-12-2020 00:00

Not After

21-12-2022 23:59

Subject

SERIALNUMBER=2748129,CN=Adobe Inc.,OU=Acrobat DC,O=Adobe Inc.,L=San Jose,ST=ca,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18-04-2012 12:00

Not After

18-04-2027 12:00

Subject

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-01-2021 00:00

Not After

06-01-2031 00:00

Subject

CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07-01-2016 12:00

Not After

07-01-2031 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

42:c3:b6:a3:c7:d2:4c:c0:c4:d7:4a:ed:2b:c2:0a:43:fb:25:78:f0:65:4e:04:da:aa:50:0b:fe:0a:2f:71:25
Signer

Actual PE Digest

42:c3:b6:a3:c7:d2:4c:c0:c4:d7:4a:ed:2b:c2:0a:43:fb:25:78:f0:65:4e:04:da:aa:50:0b:fe:0a:2f:71:25

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

ReadFile
WriteFile
CloseHandle
GetLastError
SetNamedPipeHandleState
OpenMutexW
Sleep
GetTickCount
lstrlenW
OutputDebugStringA
RaiseException
SetLastError
HeapDestroy
HeapAlloc
HeapReAlloc
HeapFree
HeapSize
GetProcessHeap
InitializeCriticalSectionEx
DeleteCriticalSection
FindResourceExW
GetModuleFileNameW
GetModuleHandleExW
LoadResource
LockResource
SizeofResource
FindResourceW
LoadLibraryW
CreateActCtxW
ActivateActCtx
DeactivateActCtx
FindActCtxSectionStringW
QueryActCtxW
MultiByteToWideChar
GetCurrentProcessId
GetVolumeInformationW
GetModuleHandleW
GetProcAddress
WideCharToMultiByte
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
DeleteFileW
FindClose
FindFirstFileW
GetTempFileNameW
GetTempPathW
CreateProcessW
MoveFileW
VerSetConditionMask
HeapSetInformation
GetCurrentProcess
ExitProcess
CreateThread
TerminateThread
SetDllDirectoryW
VerifyVersionInfoW
CreateFileW
QueryPerformanceCounter
IsDebuggerPresent
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
CreateEventW
WaitForSingleObjectEx
ResetEvent
SetEvent
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
FreeLibrary
OutputDebugStringW

user32

DdeDisconnect
DdeFreeStringHandle
DdeGetLastError
DdeUninitialize
DdeClientTransaction
DdeCreateStringHandleW
KillTimer
SetTimer
DispatchMessageW
TranslateMessage
DdeConnect
GetMessageW
MessageBoxW
DestroyWindow
CreateWindowExW
RegisterClassExW
DefWindowProcW
PostMessageW
RegisterWindowMessageW
DdeInitializeW

advapi32

RegOpenKeyExA
RegOpenKeyExW
RegQueryValueExA
RegQueryValueExW
RegCloseKey

shell32

ShellExecuteExW
ShellExecuteW

ole32

CoInitializeEx
CoUninitialize

msvcp140

?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?_Xlength_error@std@@YAXPEBD@Z
?_Xout_of_range@std@@YAXPEBD@Z
?uncaught_exception@std@@YA_NXZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?sputc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAAGG@Z
?sputn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAA_JPEBG_J@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?setstate@?$basic_ios@GU?$char_traits@G@std@@@std@@QEAAXH_N@Z
?_Osfx@?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAXXZ
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
?flush@?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV12@XZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEBD_J@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?read@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEAD_J@Z
?cin@std@@3V?$basic_istream@DU?$char_traits@D@std@@@1@A
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?wcout@std@@3V?$basic_ostream@GU?$char_traits@G@std@@@1@A
??0_Lockit@std@@QEAA@H@Z
??1_Lockit@std@@QEAA@XZ
??Bid@locale@std@@QEAA_KXZ
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?always_noconv@codecvt_base@std@@QEBA_NXZ
?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?_Fiopen@std@@YAPEAU_iobuf@@PEBGHH@Z
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ

shlwapi

PathFileExistsW

vcruntime140

_CxxThrowException
__C_specific_handler
memcpy
__std_terminate
__std_exception_destroy
__current_exception_context
__current_exception
memcmp
memmove
memchr
__std_exception_copy
memset

vcruntime140_1

__CxxFrameHandler4

api-ms-win-crt-runtime-l1-1-0

_register_thread_local_exe_atexit_callback
__p___wargv
_invalid_parameter_noinfo
_exit
__p___argc
_errno
_invalid_parameter_noinfo_noreturn
_initialize_onexit_table
_register_onexit_function
_crt_atexit
_cexit
terminate
_seh_filter_exe
_set_app_type
_c_exit
_configure_wide_argv
_initialize_wide_environment
_get_initial_wide_environment
_initterm
_initterm_e
exit

api-ms-win-crt-string-l1-1-0

isspace
isxdigit
isdigit
strlen
wcscpy_s
wcscat_s
_wcslwr
_wcsicmp
wcsncpy
wcsnlen
wcsncpy_s
wcsncat_s
wmemcpy_s

api-ms-win-crt-heap-l1-1-0

_set_new_mode
_get_heap_handle
malloc
_callnewh
free

api-ms-win-crt-stdio-l1-1-0

_set_fmode
_fileno
__acrt_iob_func
ungetc
setvbuf
fwrite
_fseeki64
__p__commode
fsetpos
_setmode
fputc
fgetpos
fgetc
fflush
_get_stream_buffer_pointers
getchar
fclose
_wfopen_s
fread

api-ms-win-crt-filesystem-l1-1-0

_wsplitpath_s
_waccess
_unlock_file
_waccess_s
_lock_file

api-ms-win-crt-convert-l1-1-0

_itoa_s
_itow_s

api-ms-win-crt-math-l1-1-0

__setusermatherr
pow

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 89KB - Virtual size: 89KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 43KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 256B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
vcruntime140.dll
.dll windows x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Exports

Exports

_CreateFrameInfo
_CxxThrowException
_FindAndUnlinkFrame
_IsExceptionObjectToBeDestroyed
_SetWinRTOutOfMemoryExceptionCallback
__AdjustPointer
__BuildCatchObject
__BuildCatchObjectHelper
__C_specific_handler
__C_specific_handler_noexcept
__CxxDetectRethrow
__CxxExceptionFilter
__CxxFrameHandler
__CxxFrameHandler2
__CxxFrameHandler3
__CxxQueryExceptionSize
__CxxRegisterExceptionObject
__CxxUnregisterExceptionObject
__DestructExceptionObject
__FrameUnwindFilter
__GetPlatformExceptionInfo
__NLG_Dispatch2
__NLG_Return2
__RTCastToVoid
__RTDynamicCast
__RTtypeid
__TypeMatch
__current_exception
__current_exception_context
__intrinsic_setjmp
__intrinsic_setjmpex
__processing_throw
__report_gsfailure
__std_exception_copy
__std_exception_destroy
__std_terminate
__std_type_info_compare
__std_type_info_destroy_list
__std_type_info_hash
__std_type_info_name
__telemetry_main_invoke_trigger
__telemetry_main_return_trigger
__unDName
__unDNameEx
__uncaught_exception
__uncaught_exceptions
__vcrt_GetModuleFileNameW
__vcrt_GetModuleHandleW
__vcrt_InitializeCriticalSectionEx
__vcrt_LoadLibraryExW
_get_purecall_handler
_get_unexpected
_is_exception_typeof
_local_unwind
_purecall
_set_purecall_handler
_set_se_translator
longjmp
memchr
memcmp
memcpy
memmove
memset
set_unexpected
strchr
strrchr
strstr
unexpected
wcschr
wcsrchr
wcsstr

Sections

.text
Size: 62KB - Virtual size: 62KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 244B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1016B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
vctool140.dll
.dll windows x64

6af15efcf8b02fb0f30aba51e0286183

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

GetModuleHandleA
GetLastError
CreateFileA
LoadLibraryA
CloseHandle
FreeConsole
K32GetModuleInformation
CreateThread
GetProcAddress
CreateFileMappingA
SuspendThread
MapViewOfFile
OpenThread
WriteConsoleW
CreateFileW
SetFilePointerEx
GetConsoleMode
GetConsoleOutputCP
GetCurrentThreadId
GetModuleFileNameA
GetFileSize
ReadFile
WriteFile
FlushFileBuffers
LocalFree
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
RtlUnwindEx
RtlPcToFileHeader
RaiseException
InterlockedFlushSList
SetLastError
EncodePointer
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
ExitProcess
GetModuleHandleExW
GetModuleFileNameW
HeapAlloc
HeapFree
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
MultiByteToWideChar
WideCharToMultiByte
GetEnvironmentStringsW
FreeEnvironmentStringsW
LCMapStringW
GetProcessHeap
GetStdHandle
GetFileType
GetStringTypeW
HeapSize
HeapReAlloc
SetStdHandle

oleaut32

VariantInit
SafeArrayUnlock
SafeArrayLock
SafeArrayCreate
VariantClear
GetErrorInfo

cabinet

ord40
ord45
ord43

mscoree

CLRCreateInstance

Exports

Exports

_CreateFrame

Sections

.text
Size: 57KB - Virtual size: 57KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 38KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 252B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Guloaderbgghjjdjcc1_browsingIso.iso
.iso
Iisbgfhaciadc2_browsingDll.dll
.dll windows x64

37791ed07fb74bfe504edfe9d52f4e3a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

OutputDebugStringA
DebugBreak
ReadFile
CreatePipe
GetLastError
CloseHandle
CreateProcessA
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
RtlPcToFileHeader
EncodePointer
RaiseException
RtlUnwindEx
InterlockedFlushSList
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
ExitProcess
GetModuleHandleExW
GetModuleFileNameA
MultiByteToWideChar
WideCharToMultiByte
HeapFree
HeapAlloc
DeleteFileW
WriteFile
GetConsoleCP
GetConsoleMode
GetStringTypeW
GetACP
ReadConsoleW
GetStdHandle
GetFileType
LCMapStringW
FindClose
FindFirstFileExA
FindNextFileA
IsValidCodePage
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetProcessHeap
CreateFileW
SetStdHandle
FlushFileBuffers
SetFilePointerEx
WriteConsoleW
HeapSize
HeapReAlloc
SetEndOfFile

Exports

Exports

RegisterModule

Sections

.text
Size: 104KB - Virtual size: 103KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 45KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 512B - Virtual size: 216B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Iranbggaiajfbi13_browsingExe.exe
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 21KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Knotweedbgfjcfhafh13_browsingDll.dll
.dll windows x64

fb53c25042d49980f86f221ccb7bb886

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

ws2_32

select
setsockopt
WSAStartup
gethostbyname
getprotobyname
ioctlsocket
WSACloseEvent
WSACreateEvent
WSAEnumNetworkEvents
inet_addr
WSAIoctl
WSAResetEvent
WSASetEvent
WSAWaitForMultipleEvents
accept
listen
gethostname
socket
WSAEventSelect
getsockopt
connect
send
recv
WSAGetLastError
ntohs
htons
getsockname
closesocket
bind
shutdown
freeaddrinfo
getaddrinfo
WSACleanup

wininet

InternetSetOptionA
InternetCloseHandle
InternetOpenA
HttpSendRequestA
HttpOpenRequestA
InternetConnectA
InternetReadFile

gdiplus

GdiplusShutdown
GdipSaveImageToStream
GdipFree
GdipGetImageHorizontalResolution
GdipGetImageHeight
GdipBitmapSetResolution
GdipCreateBitmapFromScan0
GdipDeleteGraphics
GdipGetImageGraphicsContext
GdipDrawImageRectI
GdipGraphicsClear
GdipGetImageVerticalResolution
GdipAlloc
GdipGetImageEncodersSize
GdipDisposeImage
GdipGetImageEncoders
GdipSetInterpolationMode
GdipCloneImage
GdiplusStartup
GdipGetImageWidth
GdipCreateBitmapFromHBITMAP

rpcrt4

RpcBindingFromStringBindingW
RpcAsyncInitializeHandle
RpcStringBindingComposeW
RpcBindingSetAuthInfoExW
NdrAsyncClientCall
RpcRaiseException
RpcAsyncCompleteCall
RpcBindingFree
RpcStringFreeW

kernel32

WaitForDebugEvent
InitializeProcThreadAttributeList
SetFilePointer
SetFilePointerEx
UpdateProcThreadAttribute
DeleteProcThreadAttributeList
CreatePipe
ReadFile
TerminateProcess
WriteFile
WaitForSingleObject
SetHandleInformation
PeekNamedPipe
GetCurrentThreadId
WriteProcessMemory
OpenProcess
GetProcAddress
LoadLibraryW
ExpandEnvironmentStringsW
GetWindowsDirectoryW
CloseHandle
CreateFileW
GlobalUnlock
GetProcessHeap
GetModuleHandleW
GlobalLock
HeapFree
HeapAlloc
DeleteFileW
GetTempPathW
GetCurrentDirectoryW
GetLastError
CopyFileW
MoveFileExW
CreateThread
GetCurrentProcessId
VirtualProtect
GetModuleHandleA
GetModuleFileNameA
SetCurrentDirectoryW
VirtualAlloc
ExitThread
GetEnvironmentVariableA
GetTimeZoneInformation
GetModuleFileNameW
Wow64RevertWow64FsRedirection
Wow64DisableWow64FsRedirection
Sleep
GetSystemDirectoryW
VirtualFree
GetCurrentProcess
SetErrorMode
GetCommandLineW
ExitProcess
GetThreadContext
SetThreadContext
Thread32First
HeapCreate
Thread32Next
SetThreadPriority
OpenThread
GetThreadPriority
TryEnterCriticalSection
MapViewOfFile
UnmapViewOfFile
UnlockFile
LockFile
FormatMessageW
FindNextFileA
FindFirstFileA
InitializeCriticalSection
QueryPerformanceFrequency
SetEnvironmentVariableA
SetEndOfFile
WriteConsoleW
GetFullPathNameW
GetFileInformationByHandle
FileTimeToLocalFileTime
OutputDebugStringW
SetStdHandle
GetConsoleCP
FlushFileBuffers
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
FindFirstFileExW
ReadConsoleW
GetConsoleMode
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetStdHandle
HeapSize
AreFileApisANSI
GetOEMCP
GetACP
IsValidCodePage
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetStartupInfoW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
SetLastError
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlCaptureContext
LoadLibraryExW
GetCPInfo
RtlUnwindEx
RtlLookupFunctionEntry
RaiseException
RtlPcToFileHeader
HeapReAlloc
GetCommandLineA
GetSystemTimeAsFileTime
IsProcessorFeaturePresent
IsDebuggerPresent
DecodePointer
EncodePointer
GetStringTypeW
SetNamedPipeHandleState
CancelIoEx
DisconnectNamedPipe
GetOverlappedResult
CreateNamedPipeW
ConnectNamedPipe
CreateEventW
GetSystemTime
FreeLibrary
ResumeThread
SuspendThread
GetExitCodeThread
TerminateThread
CreateProcessW
GlobalFree
GetTickCount
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
LockFileEx
GetDiskFreeSpaceW
CreateFileMappingW
GetFileAttributesExW
ContinueDebugEvent
GetVolumeInformationW
GetDiskFreeSpaceExW
GetFileTime
FindNextFileW
Process32NextW
RemoveDirectoryW
GetFileType
GetCurrentThread
LocalAlloc
LocalFree
GetTickCount64
GetModuleHandleExW
Module32FirstW
CreateToolhelp32Snapshot
Module32NextW
LoadLibraryA
DuplicateHandle
IsBadReadPtr
SetEvent
WaitForMultipleObjects
OpenEventW
WideCharToMultiByte
MultiByteToWideChar
OpenMutexA
CreateMutexA
GetEnvironmentVariableW
GetFileSize
GetUserDefaultLocaleName
FindFirstFileW
GetNativeSystemInfo
GetDriveTypeW
VirtualQuery
K32GetProcessImageFileNameW
GetLogicalDriveStringsW
SetEnvironmentVariableW
CreateDirectoryW
GetComputerNameW
GetFileAttributesW
GetPhysicallyInstalledSystemMemory
GetFileSizeEx
FindClose
Process32FirstW
GetProcessId
IsWow64Process

user32

MapVirtualKeyW
SetTimer
GetMessageW
GetRawInputData
UnregisterClassW
TranslateMessage
wsprintfW
EnumDisplayMonitors
SetProcessWindowStation
SetProcessDPIAware
GetThreadDesktop
GetKeyboardState
GetForegroundWindow
EnumWindows
GetClassNameW
IsWindowVisible
RegisterClassExW
GetClipboardData
GetWindowTextW
RegisterRawInputDevices
CreateWindowExW
OpenClipboard
CloseWindow
ToUnicode
DefWindowProcW
GetWindowThreadProcessId
DispatchMessageW
MonitorFromWindow
CloseWindowStation
GetProcessWindowStation
OpenInputDesktop
CloseDesktop
GetDC
OpenWindowStationA
ReleaseDC
CloseClipboard
GetDesktopWindow
SetThreadDesktop
KillTimer

gdi32

DeleteDC
CreateCompatibleBitmap
CreateCompatibleDC
SelectObject
DeleteObject
BitBlt

advapi32

DuplicateToken
RegUnLoadKeyW
CloseServiceHandle
OpenProcessToken
OpenSCManagerW
OpenServiceW
GetTokenInformation
LookupPrivilegeValueW
StartServiceW
DuplicateTokenEx
QueryServiceStatusEx
IsValidSid
ConvertSidToStringSidW
QueryServiceStatus
CreateProcessAsUserW
CryptGenRandom
CryptReleaseContext
CryptAcquireContextW
ConvertStringSecurityDescriptorToSecurityDescriptorW
GetSidSubAuthority
IsWellKnownSid
RegSetValueExW
RegCloseKey
RegLoadKeyW
RegOpenKeyExW
GetUserNameW
SetThreadToken
InitializeSecurityDescriptor
PrivilegeCheck
ConvertStringSidToSidW
CreateProcessWithTokenW
SetSecurityDescriptorDacl
LookupAccountSidW
CheckTokenMembership
AdjustTokenPrivileges
CreateWellKnownSid
RegDeleteKeyExW
RegEnumKeyW
RegCreateKeyExW
RegQueryValueExW
RegOpenKeyW
RegQueryInfoKeyW
RegDeleteValueW

ole32

CoGetObject
CoInitializeEx
CoUninitialize
CoCreateInstance

oleaut32

SysAllocString
VariantInit
VariantClear

ntdll

NtRemoveProcessDebug
NtQueryObject
NtQueryInformationToken
NtClose
NtDuplicateObject
DbgUiSetThreadDebugObject
NtReadVirtualMemory
RtlAddFunctionTable
NtQueryInformationProcess
RtlCreateUnicodeString

dbghelp

MiniDumpWriteDump

shlwapi

ord176

bcrypt

BCryptGenerateSymmetricKey
BCryptDecrypt
BCryptSetProperty
BCryptOpenAlgorithmProvider

imagehlp

CheckSumMappedFile

winhttp

WinHttpGetProxyForUrl
WinHttpConnect
WinHttpOpen
WinHttpCloseHandle
WinHttpSendRequest
WinHttpReceiveResponse
WinHttpGetIEProxyConfigForCurrentUser
WinHttpReadData
WinHttpOpenRequest
WinHttpQueryDataAvailable
WinHttpQueryHeaders

netapi32

DsRoleFreeMemory
DsRoleGetPrimaryDomainInformation

iphlpapi

GetIpForwardTable
GetAdaptersAddresses

Exports

Exports

unqlite_begin
unqlite_close
unqlite_commit
unqlite_config
unqlite_kv_append
unqlite_kv_append_fmt
unqlite_kv_config
unqlite_kv_cursor_data
unqlite_kv_cursor_data_callback
unqlite_kv_cursor_delete_entry
unqlite_kv_cursor_first_entry
unqlite_kv_cursor_init
unqlite_kv_cursor_key
unqlite_kv_cursor_key_callback
unqlite_kv_cursor_last_entry
unqlite_kv_cursor_next_entry
unqlite_kv_cursor_prev_entry
unqlite_kv_cursor_release
unqlite_kv_cursor_reset
unqlite_kv_cursor_seek
unqlite_kv_cursor_valid_entry
unqlite_kv_delete
unqlite_kv_fetch
unqlite_kv_fetch_callback
unqlite_kv_store
unqlite_kv_store_fmt
unqlite_lib_config
unqlite_lib_copyright
unqlite_lib_ident
unqlite_lib_init
unqlite_lib_is_threadsafe
unqlite_lib_shutdown
unqlite_lib_signature
unqlite_lib_version
unqlite_open
unqlite_rollback
unqlite_util_random_num
unqlite_util_random_string

Sections

.text
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 318KB - Virtual size: 317KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 42KB - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 65KB - Virtual size: 65KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Magicratbggdhgejff1_browsingExe.exe
.exe windows x64

207a191ca5a5ececab300a9baa69d115

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Imports

advapi32

AccessCheck
AllocateAndInitializeSid
BuildTrusteeWithSidW
CopySid
DuplicateToken
FreeSid
GetEffectiveRightsFromAclW
GetLengthSid
GetNamedSecurityInfoW
GetTokenInformation
LookupAccountSidW
MapGenericMask
OpenProcessToken
RegCloseKey
RegCreateKeyExW
RegDeleteKeyW
RegDeleteValueW
RegEnumKeyExW
RegEnumValueW
RegFlushKey
RegNotifyChangeKeyValue
RegOpenKeyExW
RegQueryInfoKeyW
RegQueryValueExW
RegSetValueExW
SystemFunction036

crypt32

CertCreateCertificateContext
CertFreeCertificateChain
CertFreeCertificateContext
CertGetCertificateChain

dwmapi

DwmEnableBlurBehindWindow
DwmIsCompositionEnabled

gdi32

AddFontMemResourceEx
AddFontResourceExW
BitBlt
ChoosePixelFormat
CombineRgn
CreateBitmap
CreateCompatibleBitmap
CreateCompatibleDC
CreateDCW
CreateDIBSection
CreateFontIndirectW
CreateRectRgn
DeleteDC
DeleteObject
DescribePixelFormat
EnumFontFamiliesExW
ExtTextOutW
GdiFlush
GetBitmapBits
GetCharABCWidthsFloatW
GetCharABCWidthsW
GetDIBits
GetDeviceCaps
GetFontData
GetGlyphOutlineW
GetObjectW
GetOutlineTextMetricsW
GetPixelFormat
GetRegionData
GetStockObject
GetTextExtentPoint32W
GetTextFaceW
GetTextMetricsW
OffsetRgn
RemoveFontMemResourceEx
RemoveFontResourceExW
SelectClipRgn
SelectObject
SetBkMode
SetGraphicsMode
SetPixelFormat
SetTextAlign
SetTextColor
SetWorldTransform
SwapBuffers

imm32

ImmAssociateContext
ImmAssociateContextEx
ImmGetCompositionStringW
ImmGetContext
ImmGetDefaultIMEWnd
ImmGetOpenStatus
ImmGetVirtualKey
ImmNotifyIME
ImmReleaseContext
ImmSetCandidateWindow
ImmSetCompositionWindow

iphlpapi

ConvertInterfaceIndexToLuid
ConvertInterfaceLuidToIndex
ConvertInterfaceLuidToNameW
ConvertInterfaceNameToLuidW
GetAdaptersAddresses
GetNetworkParams

kernel32

AddVectoredExceptionHandler
CancelIoEx
CheckRemoteDebuggerPresent
CloseHandle
CompareStringEx
CompareStringW
ConnectNamedPipe
CopyFileW
CreateDirectoryW
CreateEventA
CreateEventW
CreateFileA
CreateFileMappingW
CreateFileW
CreateMutexW
CreateNamedPipeW
CreateProcessW
CreateSemaphoreA
CreateSemaphoreW
CreateThread
DeleteCriticalSection
DeleteFileW
DeviceIoControl
DuplicateHandle
EnterCriticalSection
ExitProcess
ExpandEnvironmentStringsW
FileTimeToSystemTime
FindClose
FindCloseChangeNotification
FindFirstChangeNotificationW
FindFirstFileExW
FindFirstFileW
FindNextChangeNotification
FindNextFileW
FlushFileBuffers
FormatMessageW
FreeEnvironmentStringsW
FreeLibrary
GetCommandLineW
GetConsoleWindow
GetCurrencyFormatW
GetCurrentDirectoryW
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetDateFormatW
GetDriveTypeW
GetEnvironmentStringsW
GetExitCodeProcess
GetFileAttributesExW
GetFileAttributesW
GetFileInformationByHandle
GetFileInformationByHandleEx
GetFileSize
GetFileType
GetFullPathNameW
GetGeoInfoW
GetHandleInformation
GetLastError
GetLocalTime
GetLocaleInfoW
GetLogicalDrives
GetLongPathNameW
GetModuleFileNameW
GetModuleHandleExW
GetModuleHandleW
GetNativeSystemInfo
GetProcAddress
GetProcessAffinityMask
GetProcessId
GetStartupInfoA
GetStartupInfoW
GetStdHandle
GetSystemDirectoryW
GetSystemInfo
GetSystemTime
GetSystemTimeAsFileTime
GetTempPathW
GetThreadContext
GetThreadPriority
GetTickCount
GetTickCount64
GetTimeFormatW
GetTimeZoneInformation
GetUserDefaultLCID
GetUserDefaultLangID
GetUserGeoID
GetUserPreferredUILanguages
GetVolumeInformationW
GetVolumePathNamesForVolumeNameW
GlobalAlloc
GlobalFree
GlobalLock
GlobalSize
GlobalUnlock
InitializeCriticalSection
IsDBCSLeadByteEx
IsDebuggerPresent
LCMapStringW
LeaveCriticalSection
LoadLibraryA
LoadLibraryW
LocalFree
MapViewOfFile
MoveFileExW
MoveFileW
MultiByteToWideChar
OpenFileMappingW
OpenProcess
OutputDebugStringA
OutputDebugStringW
PeekNamedPipe
QueryPerformanceCounter
QueryPerformanceFrequency
RaiseException
RaiseFailFastException
ReadFile
ReadFileEx
RegisterWaitForSingleObject
ReleaseMutex
ReleaseSemaphore
RemoveDirectoryW
RemoveVectoredExceptionHandler
ResetEvent
ResumeThread
RtlAddFunctionTable
RtlCaptureContext
RtlLookupFunctionEntry
RtlUnwindEx
RtlVirtualUnwind
SetCurrentDirectoryW
SetEndOfFile
SetErrorMode
SetEvent
SetFilePointer
SetFilePointerEx
SetFileTime
SetHandleInformation
SetLastError
SetProcessAffinityMask
SetThreadContext
SetThreadPriority
SetUnhandledExceptionFilter
Sleep
SleepEx
SuspendThread
SwitchToThread
SystemTimeToFileTime
TerminateProcess
TerminateThread
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
TryEnterCriticalSection
TzSpecificLocalTimeToSystemTime
UnhandledExceptionFilter
UnmapViewOfFile
UnregisterWaitEx
VirtualAlloc
VirtualFree
VirtualProtect
VirtualQuery
WTSGetActiveConsoleSessionId
WaitForMultipleObjects
WaitForSingleObject
WaitForSingleObjectEx
WideCharToMultiByte
WriteFile
WriteFileEx
__C_specific_handler
lstrcmpW

msvcrt

___lc_codepage_func
___mb_cur_max_func
__argc
__argv
__doserrno
__getmainargs
__initenv
__iob_func
__lconv_init
__pioinfo
__set_app_type
__setusermatherr
_acmdln
_amsg_exit
_beginthreadex
_cexit
_close
_endthreadex
_environ
_errno
_exit
_filelengthi64
_fileno
_fmode
_get_osfhandle
_getdrive
_gmtime64
_initterm
_localtime64
_lock
_lseeki64
_mktime64
_onexit
_open_osfhandle
_putenv
_read
_setjmp
_snwprintf
_strdup
_strnicmp
_timezone
_tzset
_tzname
_ultoa
_unlock
_vsnprintf
_waccess
_wchmod
_wgetdcwd
_wgetenv_s
_write
_write
abort
acos
asin
atan
atof
atoi
bsearch
calloc
exit
fclose
feof
ferror
fflush
fgetpos
fgets
fopen
fprintf
fputc
fputs
fread
free
frexp
fseek
fsetpos
ftell
fwprintf
fwrite
getc
getenv
islower
ispunct
isspace
isupper
iswctype
isxdigit
localeconv
log10
longjmp
malloc
memchr
memcmp
memcpy
memmove
memset
printf
puts
qsort
raise
rand
realloc
remove
setlocale
signal
sprintf
srand
sscanf
strcat
strchr
strcmp
strcoll
strcpy
strerror
strftime
strlen
strncmp
strncpy
strrchr
strstr
strtol
strtoul
strxfrm
tan
tolower
toupper
towlower
towupper
ungetc
vfprintf
wcschr
wcscmp
wcscoll
wcscpy
wcsftime
wcslen
wcsncmp
wcsrchr
wcsstr
wcsxfrm

netapi32

NetApiBufferFree
NetShareEnum

ole32

CoCreateGuid
CoCreateInstance
CoGetMalloc
CoInitialize
CoInitializeEx
CoLockObjectExternal
CoTaskMemFree
CoUninitialize
DoDragDrop
OleFlushClipboard
OleGetClipboard
OleInitialize
OleIsCurrentClipboard
OleSetClipboard
OleUninitialize
RegisterDragDrop
ReleaseStgMedium
RevokeDragDrop
StringFromGUID2

oleaut32

SafeArrayCreateVector
SafeArrayPutElement
SysAllocString

shell32

CommandLineToArgvW
SHBrowseForFolderW
SHCreateItemFromIDList
SHCreateItemFromParsingName
SHGetFileInfoW
SHGetKnownFolderIDList
SHGetKnownFolderPath
SHGetMalloc
SHGetPathFromIDListW
SHGetStockIconInfo
ShellExecuteW
Shell_NotifyIconGetRect
Shell_NotifyIconW

userenv

GetUserProfileDirectoryW

uxtheme

CloseThemeData
DrawThemeBackgroundEx
GetCurrentThemeName
GetThemeBackgroundRegion
GetThemeBool
GetThemeColor
GetThemeEnumValue
GetThemeInt
GetThemeMargins
GetThemePartSize
GetThemePropertyOrigin
GetThemeTransitionDuration
IsAppThemed
IsThemeActive
IsThemeBackgroundPartiallyTransparent
OpenThemeData
SetWindowTheme

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

winmm

timeKillEvent
timeSetEvent

ws2_32

WSAAccept
WSAAsyncSelect
WSACleanup
WSAConnect
WSAGetLastError
WSAHtonl
WSAIoctl
WSANtohl
WSANtohs
WSARecv
WSARecvFrom
WSASend
WSASendTo
WSASocketW
WSAStartup
__WSAFDIsSet
bind
closesocket
freeaddrinfo
getaddrinfo
gethostname
getnameinfo
getpeername
getsockname
getsockopt
htonl
htons
listen
ntohl
select
setsockopt

wtsapi32

WTSFreeMemory
WTSQuerySessionInformationW

user32

AdjustWindowRectEx
AppendMenuW
AttachThreadInput
BeginPaint
CallNextHookEx
ChangeClipboardChain
ChangeWindowMessageFilterEx
CharNextExA
ChildWindowFromPointEx
ClientToScreen
CloseTouchInputHandle
CreateCaret
CreateCursor
CreateIconIndirect
CreateMenu
CreatePopupMenu
CreateWindowExW
DefWindowProcW
DestroyCaret
DestroyCursor
DestroyIcon
DestroyMenu
DestroyWindow
DispatchMessageW
DrawIconEx
DrawMenuBar
EnableMenuItem
EndPaint
EnumDisplayDevicesW
EnumDisplayMonitors
EnumWindows
FindWindowA
FlashWindowEx
GetAncestor
GetAsyncKeyState
GetCapture
GetCaretBlinkTime
GetClassInfoW
GetClientRect
GetClipboardFormatNameW
GetCursor
GetCursorInfo
GetCursorPos
GetDC
GetDesktopWindow
GetDoubleClickTime
GetFocus
GetForegroundWindow
GetIconInfo
GetKeyState
GetKeyboardLayout
GetKeyboardLayoutList
GetKeyboardState
GetMenu
GetMenuItemInfoW
GetMessageExtraInfo
GetMonitorInfoW
GetParent
GetQueueStatus
GetSysColor
GetSysColorBrush
GetSystemMenu
GetSystemMetrics
GetTouchInputInfo
GetUpdateRect
GetWindow
GetWindowLongPtrW
GetWindowLongW
GetWindowPlacement
GetWindowRect
GetWindowTextW
GetWindowThreadProcessId
HideCaret
InsertMenuW
InvalidateRect
IsChild
IsHungAppWindow
IsIconic
IsTouchWindow
IsWindow
IsWindowEnabled
IsWindowVisible
IsZoomed
KillTimer
LoadCursorW
LoadIconW
LoadImageW
MapVirtualKeyW
MessageBeep
MessageBoxW
ModifyMenuW
MonitorFromPoint
MonitorFromWindow
MoveWindow
MsgWaitForMultipleObjectsEx
PeekMessageW
PostMessageW
PostThreadMessageW
RealGetWindowClassW
RegisterClassExW
RegisterClassW
RegisterClipboardFormatW
RegisterDeviceNotificationW
RegisterTouchWindow
RegisterWindowMessageW
ReleaseCapture
ReleaseDC
RemoveMenu
ScreenToClient
SendMessageW
SetCapture
SetCaretPos
SetClipboardViewer
SetCursor
SetCursorPos
SetFocus
SetForegroundWindow
SetLayeredWindowAttributes
SetMenu
SetMenuItemInfoW
SetParent
SetTimer
SetWindowLongPtrW
SetWindowLongW
SetWindowPlacement
SetWindowPos
SetWindowRgn
SetWindowTextW
SetWindowsHookExW
ShowCaret
ShowWindow
SystemParametersInfoW
ToAscii
ToUnicode
TrackMouseEvent
TrackPopupMenu
TrackPopupMenuEx
TranslateMessage
UnhookWindowsHookEx
UnregisterClassW
UnregisterDeviceNotification
UnregisterTouchWindow
UpdateLayeredWindow
UpdateLayeredWindowIndirect
WindowFromPoint

Exports

Exports

FT_Activate_Size
FT_Add_Default_Modules
FT_Add_Module
FT_Angle_Diff
FT_Atan2
FT_Attach_File
FT_Attach_Stream
FT_Bitmap_Convert
FT_Bitmap_Copy
FT_Bitmap_Done
FT_Bitmap_Embolden
FT_Bitmap_Init
FT_Bitmap_New
FT_CeilFix
FT_Cos
FT_DivFix
FT_Done_Face
FT_Done_FreeType
FT_Done_Library
FT_Done_Size
FT_Face_GetCharVariantIndex
FT_Face_GetCharVariantIsDefault
FT_Face_GetCharsOfVariant
FT_Face_GetVariantSelectors
FT_Face_GetVariantsOfChar
FT_Face_Properties
FT_FloorFix
FT_Get_Advance
FT_Get_Advances
FT_Get_CMap_Format
FT_Get_CMap_Language_ID
FT_Get_Char_Index
FT_Get_Charmap_Index
FT_Get_First_Char
FT_Get_Font_Format
FT_Get_Glyph_Name
FT_Get_Kerning
FT_Get_Module
FT_Get_Name_Index
FT_Get_Next_Char
FT_Get_PS_Font_Info
FT_Get_PS_Font_Private
FT_Get_PS_Font_Value
FT_Get_Postscript_Name
FT_Get_Renderer
FT_Get_Sfnt_LangTag
FT_Get_Sfnt_Name
FT_Get_Sfnt_Name_Count
FT_Get_Sfnt_Table
FT_Get_SubGlyph_Info
FT_Get_Track_Kerning
FT_Get_TrueType_Engine_Type
FT_Get_X11_Font_Format
FT_GlyphSlot_Embolden
FT_GlyphSlot_Oblique
FT_GlyphSlot_Own_Bitmap
FT_Gzip_Uncompress
FT_Has_PS_Glyph_Names
FT_Init_FreeType
FT_Library_SetLcdFilter
FT_Library_SetLcdFilterWeights
FT_Library_Version
FT_List_Add
FT_List_Finalize
FT_List_Find
FT_List_Insert
FT_List_Iterate
FT_List_Remove
FT_List_Up
FT_Load_Char
FT_Load_Glyph
FT_Load_Sfnt_Table
FT_Matrix_Invert
FT_Matrix_Multiply
FT_MulDiv
FT_MulFix
FT_New_Face
FT_New_Library
FT_New_Memory_Face
FT_New_Size
FT_Open_Face
FT_Outline_Check
FT_Outline_Copy
FT_Outline_Decompose
FT_Outline_Done
FT_Outline_Done_Internal
FT_Outline_Embolden
FT_Outline_EmboldenXY
FT_Outline_Get_Bitmap
FT_Outline_Get_CBox
FT_Outline_Get_Orientation
FT_Outline_New
FT_Outline_New_Internal
FT_Outline_Render
FT_Outline_Reverse
FT_Outline_Transform
FT_Outline_Translate
FT_Property_Get
FT_Property_Set
FT_Reference_Face
FT_Reference_Library
FT_Remove_Module
FT_Render_Glyph
FT_Request_Size
FT_RoundFix
FT_Select_Charmap
FT_Select_Size
FT_Set_Char_Size
FT_Set_Charmap
FT_Set_Debug_Hook
FT_Set_Default_Properties
FT_Set_Pixel_Sizes
FT_Set_Renderer
FT_Set_Transform
FT_Sfnt_Table_Info
FT_Sin
FT_Stream_OpenGzip
FT_Stream_OpenLZW
FT_Tan
FT_Vector_From_Polar
FT_Vector_Length
FT_Vector_Polarize
FT_Vector_Rotate
FT_Vector_Transform
FT_Vector_Unit
TT_New_Context
TT_RunIns

Sections

.text
Size: 13.5MB - Virtual size: 13.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 100KB - Virtual size: 100KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 3.7MB - Virtual size: 3.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.qtmetad
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 472KB - Virtual size: 472KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 576KB - Virtual size: 576KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 7KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 112B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 73KB - Virtual size: 73KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Newcopperstealer10_browsingExe.exe
.exe windows x86

8c6cf8123d4782167f2c0c00c889a02a

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

29:12:c7:0c:9a:2b:8a:3e:f6:f6:07:46:62:d6:8b:8d
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

29-01-2014 00:00

Not After

29-01-2016 23:59

Subject

CN=Google Inc,OU=Digital ID Class 3 - Java Object Signing+OU=Digital ID Class 3 - Java Object Signing,O=Google Inc,L=Mountain View,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08-02-2010 00:00

Not After

07-02-2020 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

33:ff:c6:47:27:ed:09:1c:a9:6b:63:2b:d4:39:aa:6a:10:9c:7c:04
Signer

Actual PE Digest

33:ff:c6:47:27:ed:09:1c:a9:6b:63:2b:d4:39:aa:6a:10:9c:7c:04

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

Sleep
EnterCriticalSection
LeaveCriticalSection
InterlockedCompareExchange
HeapFree
HeapAlloc
GetCommandLineA
GetVersionExA
GetProcessHeap
GetStartupInfoA
GetModuleHandleA
GetProcAddress
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetCurrentThread
RaiseException
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapSize
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
HeapDestroy
HeapCreate
VirtualFree
DeleteCriticalSection
VirtualAlloc
HeapReAlloc
SetHandleCount
GetFileType
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
RtlUnwind
LCMapStringA
MultiByteToWideChar
LCMapStringW
GetStringTypeA
GetStringTypeW
GetTimeFormatA
GetDateFormatA
GetUserDefaultLCID
GetLocaleInfoA
CreateMutexA
FreeLibrary
InterlockedExchange
LoadLibraryA
InitializeCriticalSection
ReadFile
GetTimeZoneInformation
GetConsoleCP
GetConsoleMode
FlushFileBuffers
SetFilePointer
SetStdHandle
CloseHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
CompareStringA
CompareStringW
SetEnvironmentVariableA
LocalFree
LoadLibraryExA
OutputDebugStringA
GlobalFree
FormatMessageA
GetFileSize
QueryPerformanceFrequency
TerminateThread
SetThreadPriority
GetThreadPriority
WaitForMultipleObjects
ResetEvent
GetModuleFileNameW
GetLongPathNameW
GetLongPathNameA
GetSystemDirectoryA
SearchPathA
SetErrorMode
GetVersion
DebugBreak
GetShortPathNameW
CreateFileW
GetDriveTypeA
DeviceIoControl
GetTempPathW
GetTempPathA
FindResourceA
SizeofResource
LoadResource
LockResource
DeleteFileA
LoadLibraryExW
CreateDirectoryW
FindFirstFileW
CreateDirectoryExW
RemoveDirectoryA
FindFirstFileA
SetFileAttributesA
GetFileAttributesExA
FindFirstFileExW
CreateProcessA
FindFirstFileExA
GetShortPathNameA
FindNextFileW
FindNextFileA
SetFileAttributesW
GetFileAttributesExW
CreateDirectoryA
CopyFileW
MoveFileW
CreateDirectoryExA
MoveFileExW
GetDateFormatW
CopyFileA
GetTimeFormatW
RemoveDirectoryW
MoveFileA
MoveFileExA
CopyFileExW
CreateProcessW
MoveFileWithProgressW
FindFirstChangeNotificationW
CopyFileExA
FindFirstChangeNotificationA
MoveFileWithProgressA
GetModuleHandleW
GetFileAttributesW
GetFileAttributesA
LoadLibraryW
DeleteFileW
VirtualQuery
TzSpecificLocalTimeToSystemTime
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
CreateThread
FindClose
SetEndOfFile
CreateFileMappingA
MapViewOfFile
UnmapViewOfFile
GetSystemInfo
GetSystemDefaultLCID
CreateToolhelp32Snapshot
Module32First
Module32Next
GetProcessTimes
GlobalAlloc
ReleaseMutex
OpenMutexA
WaitForSingleObject
GetLastError
OpenEventA
InterlockedIncrement
SetEvent
GetCurrentThreadId
CreateEventA
InterlockedDecrement
ExitThread

user32

MsgWaitForMultipleObjects
GetCursor
UnhookWindowsHookEx
CallNextHookEx
SetWindowsHookExA
GetForegroundWindow
PeekMessageA
IsDialogMessageA
TranslateAcceleratorA
TranslateMessage
SetMenuItemInfoW
GetMenuItemInfoW
InsertMenuItemW
AppendMenuW
MessageBoxW
CreateWindowExA
CallWindowProcA
SetWindowLongW
GetWindowLongW
RegisterClassA
CallWindowProcW
UnregisterClassA
SetMenuItemInfoA
GetMenuItemInfoA
RegisterClassW
UnregisterClassW
SetClassLongA
GetClassInfoA
InsertMenuItemA
SetClassLongW
SetWindowTextA
SetWindowTextW
GetWindowTextA
AppendMenuA
GetWindowTextW
DialogBoxParamW
DialogBoxParamA
SetCursor
SendMessageW
SetDlgItemTextW
SetDlgItemTextA
DefWindowProcW
CreateDialogParamW
DefWindowProcA
CreateDialogParamA
CreateWindowExW
SetCapture
SetParent
GetTopWindow
AdjustWindowRectEx
SetFocus
GetMenu
GetDC
ReleaseDC
ClientToScreen
RedrawWindow
ScreenToClient
GetWindowTextLengthW
GetWindowTextLengthA
EnableWindow
DialogBoxIndirectParamA
GetWindowLongA
GetFocus
IsWindowVisible
SetWindowLongA
EndDialog
MoveWindow
GetWindowRect
GetDlgItem
GetSystemMetrics
LoadCursorA
DispatchMessageA
GetAsyncKeyState
BeginPaint
PostQuitMessage
GetParent
FlashWindowEx
LoadIconA
GetActiveWindow
SetWindowPos
ReleaseCapture
GetClientRect
IsWindow
SystemParametersInfoA
DestroyWindow
EnumThreadWindows
MessageBeep
LoadImageA
ShowWindow
IsIconic
SetForegroundWindow
FindWindowExA
SendMessageA
PostMessageA
SetActiveWindow
GetClassNameA
GetWindow
EndPaint
GetDesktopWindow
MessageBoxA

shell32

SHBrowseForFolderA
SHGetPathFromIDListA
DragQueryFileW
DragQueryFileA
SHFileOperationW
SHGetMalloc
SHGetSpecialFolderPathW
ShellExecuteW
ShellExecuteExW
Shell_NotifyIconW
SHFileOperationA
SHGetFileInfoA
SHBrowseForFolderW
SHGetSpecialFolderPathA
SHGetPathFromIDListW
Shell_NotifyIconA
ShellExecuteExA
ShellExecuteA
SHGetFileInfoW

comctl32

PropertySheetA
CreatePropertySheetPageA
PropertySheetW
InitCommonControlsEx
CreatePropertySheetPageW

mscms

GetColorDirectoryA

urlmon

FindMimeFromData

version

GetFileVersionInfoSizeA
GetFileVersionInfoSizeW
GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoW

wininet

InternetCrackUrlA
InternetSetStatusCallback
InternetConnectA
HttpSendRequestExA
HttpSendRequestA
HttpAddRequestHeadersA
HttpQueryInfoA
InternetOpenA
InternetGetConnectedStateEx
InternetCloseHandle
InternetGetConnectedState
InternetQueryOptionA
InternetSetOptionA
HttpOpenRequestA
HttpEndRequestA
InternetReadFile
InternetWriteFile
InternetErrorDlg

winmm

mciSendCommandA

ws2_32

gethostbyname

gdi32

GetTextExtentPoint32W
ExtTextOutW
TextOutW
GetTextExtentPoint32A
ExtTextOutA
TextOutA
SelectObject
CreateFontIndirectA
DeleteDC
GetDeviceCaps
CreateCompatibleDC
GetStockObject
GetKerningPairsA
GetGlyphOutlineA
GetGlyphOutlineW
SetBkMode
GetICMProfileA
CreateDIBSection
BitBlt
DeleteObject
Rectangle
CreatePen

comdlg32

GetSaveFileNameA
GetOpenFileNameW
GetSaveFileNameW
GetOpenFileNameA

advapi32

RegEnumKeyExW
ReportEventA
DeregisterEventSource
CryptAcquireContextA
CryptCreateHash
CryptHashData
CryptDeriveKey
CryptEncrypt
CryptReleaseContext
CryptDecrypt
RegCloseKey
RegQueryValueExA
RegSetValueExA
RegEnumKeyExA
RegEnumValueA
RegCreateKeyExW
FreeSid
CheckTokenMembership
AllocateAndInitializeSid
RegOpenKeyExA
RegCreateKeyExA
RegEnumValueW
RegisterEventSourceA
RegOpenKeyExW
RegQueryValueExW
RegSetValueExW

oleaut32

SystemTimeToVariantTime
VariantTimeToSystemTime

Sections

.text
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 216KB - Virtual size: 215KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 64KB - Virtual size: 165KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 280KB - Virtual size: 279KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Newlogforshell18_browsingExe.exe
.exe windows x64

4f2b9ad89041fedc43298c09c8e7b948

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

secur32

LsaFreeReturnBuffer
LsaGetLogonSessionData
LsaEnumerateLogonSessions

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

kernel32

FileTimeToSystemTime
LoadLibraryW
GetSystemDirectoryW
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
GetFileType
GetModuleFileNameW
LocalAlloc
LocalFree
GetStdHandle
FileTimeToLocalFileTime
LCMapStringW
GetStringTypeW
WriteConsoleW
DeviceIoControl
OpenProcess
CreateFileW
FindResourceW
GetModuleHandleW
SizeofResource
CloseHandle
SetLastError
LoadResource
GetLastError
GetCurrentProcess
GetProcAddress
LockResource
OutputDebugStringW
ReadConsoleW
HeapSize
SetEndOfFile
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetCommandLineW
HeapAlloc
GetSystemTimeAsFileTime
SetFilePointerEx
GetCurrentProcessId
QueryPerformanceCounter
LoadLibraryExW
HeapFree
TlsFree
HeapReAlloc
EnterCriticalSection
LeaveCriticalSection
RtlLookupFunctionEntry
RtlUnwindEx
SetStdHandle
EncodePointer
DecodePointer
ExitProcess
GetModuleHandleExW
MultiByteToWideChar
WideCharToMultiByte
GetConsoleMode
ReadConsoleInputA
SetConsoleMode
IsDebuggerPresent
IsProcessorFeaturePresent
WriteFile
GetConsoleCP
RtlPcToFileHeader
RaiseException
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCurrentThreadId
GetProcessHeap
DeleteCriticalSection
GetStartupInfoW
FlushFileBuffers
ReadFile
RtlCaptureContext
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
Sleep
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue

user32

SetCursor
SetWindowTextW
GetSysColorBrush
EndDialog
DialogBoxIndirectParamW
SendMessageW
InflateRect
LoadCursorW
GetDlgItem

gdi32

StartPage
EndDoc
StartDocW
SetMapMode
GetDeviceCaps
EndPage

comdlg32

PrintDlgW

advapi32

RegOpenKeyExW
RegOpenKeyW
ConvertSidToStringSidW
GetTokenInformation
RegSetValueExW
RegDeleteKeyW
RegCreateKeyW
RegCloseKey
LookupPrivilegeValueW
AdjustTokenPrivileges
OpenProcessToken
RegQueryValueExW

oleaut32

VariantChangeType
VariantClear
VariantInit
SystemTimeToVariantTime
SysAllocStringByteLen
SysStringLen
SysAllocString
SysFreeString

Sections

.text
Size: 87KB - Virtual size: 86KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 64KB - Virtual size: 63KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 535KB - Virtual size: 535KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Purecrypter12_browsingExe.exe
.dll windows x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mscoree

_CorDllMain

Sections

.text
Size: 5.0MB - Virtual size: 5.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 878B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Purecrypter16_browsingExe.exe
.dll windows x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mscoree

_CorDllMain

Sections

.text
Size: 289KB - Virtual size: 288KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 878B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Purecrypter28_browsingExe.exe
.dll windows x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mscoree

_CorDllMain

Sections

.text
Size: 289KB - Virtual size: 288KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 878B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Purecrypter3_browsing7Exe.exe
.iso
Purecrypter3_browsing7Exe_2.exe
.dll windows x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mscoree

_CorDllMain

Sections

.text
Size: 295KB - Virtual size: 294KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 910B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Purecrypter45_browsingExe.exe
.dll windows x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mscoree

_CorDllMain

Sections

.text
Size: 6.9MB - Virtual size: 6.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 868B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Purecrypter50_browsingExe.exe
.dll windows x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mscoree

_CorDllMain

Sections

.text
Size: 340KB - Virtual size: 339KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 884B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Ratelbgfhajhjcd11_browsingIso.iso
.iso
Ratelbgfhajhjcd13_browsingIso.iso
.iso
Redeembgfighcgda1_browsingExe.exe
.exe windows x86

f5ef0d41a45190c75da2aad4b1525290

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

TlsGetValue
TlsSetValue
TlsFree
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetStdHandle
GetEnvironmentVariableW
GetFileType
WriteFile
GetModuleHandleW
GetProcAddress
MultiByteToWideChar
DeleteFiber
ConvertFiberToThread
FreeLibrary
LoadLibraryA
LoadLibraryW
WideCharToMultiByte
GetConsoleMode
SetConsoleMode
ReadConsoleA
ReadConsoleW
HeapSize
WriteConsoleW
TlsAlloc
GetModuleFileNameW
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
IsValidCodePage
FindFirstFileExW
GetTimeZoneInformation
GetProcessHeap
SetStdHandle
GetFullPathNameW
GetCurrentDirectoryW
SetFilePointerEx
ReadFile
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetCurrentThreadId
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
GetModuleHandleExW
SetLastError
GlobalUnlock
GlobalLock
GetModuleHandleA
CopyFileW
CloseHandle
GlobalAlloc
GetLastError
FindClose
GetCurrentProcess
FindNextFileW
FindFirstFileW
GetConsoleCP
FlushFileBuffers
GetACP
HeapFree
HeapReAlloc
HeapAlloc
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
PeekNamedPipe
GetDriveTypeW
CreateFileW
EncodePointer
DecodePointer
CreateEventW
CompareStringW
LCMapStringW
GetLocaleInfoW
GetStringTypeW
GetCPInfo
SetEvent
ResetEvent
WaitForSingleObjectEx
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
InitializeSListHead
RaiseException
RtlUnwind
LoadLibraryExW
ExitProcess
SetConsoleCtrlHandler
SetEndOfFile

user32

GetWindowTextW
GetUserObjectInformationW
GetProcessWindowStation
GetWindowTextLengthW
DefWindowProcW
GetMessageA
LoadImageA
DispatchMessageA
LoadCursorA
SetWindowPos
MessageBoxW
CreateWindowExW
SendMessageW
GetSystemMetrics
SetWindowTextW
ShowWindow
OpenClipboard
SetWindowLongA
CloseClipboard
GetWindowTextA
RegisterClassW
GetWindowLongA
SetWindowTextA
SetMenu
IsDlgButtonChecked
TranslateMessage
SendMessageA
SetClipboardData
LoadIconA
AppendMenuW
DrawTextW
CheckDlgButton
PostQuitMessage
CreateMenu

gdi32

GetStockObject
SetTextColor
SetBkMode
SetDCBrushColor
SetBkColor
CreateSolidBrush
RoundRect
SelectObject

comdlg32

GetSaveFileNameW
GetOpenFileNameW

advapi32

ReportEventW
RegisterEventSourceW
DeregisterEventSource

shlwapi

PathRemoveFileSpecW

bcrypt

BCryptGenRandom

Sections

.text
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 446KB - Virtual size: 445KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 1024B - Virtual size: 776B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 663KB - Virtual size: 663KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 53KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Xfourk15_browsingExe.exe
.dll windows x64

23ae38e1cd9e878e8381818cafabbf61

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

DeleteCriticalSection
EnterCriticalSection
GetLastError
InitializeCriticalSection
LeaveCriticalSection
Sleep
TlsGetValue
VirtualProtect
VirtualQuery
WinExec

msvcrt

__iob_func
_amsg_exit
_initterm
_lock
_unlock
abort
calloc
free
fwrite
realloc
strlen
strncmp
vfprintf

Exports

Exports

DllMain
_Z12initCallbackv

Sections

.text
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 112B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 512B - Virtual size: 456B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 512B - Virtual size: 308B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 272B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 104B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 1024B - Virtual size: 900B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 88B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 96B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/4
Size: 1024B - Virtual size: 640B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/19
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/31
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/45
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/57
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/70
Size: 1024B - Virtual size: 669B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/81
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/92
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Xfourk19_browsingExe.exe
.dll windows x64

2b85eda5e2ca4805e05003741ab3fe72

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

DeleteCriticalSection
EnterCriticalSection
GetLastError
GetModuleHandleA
GetProcAddress
InitializeCriticalSection
LeaveCriticalSection
Sleep
TlsGetValue
VirtualProtect
VirtualQuery

msvcrt

__iob_func
_amsg_exit
_initterm
_lock
_unlock
abort
calloc
free
fwrite
memmove
realloc
strlen
strncmp
vfprintf

Exports

Exports

rotIhZgil

Sections

.text
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 512B - Virtual size: 468B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 512B - Virtual size: 316B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 272B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 72B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 1024B - Virtual size: 976B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 88B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 96B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/4
Size: 1024B - Virtual size: 720B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/19
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/31
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/45
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/57
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/70
Size: 1024B - Virtual size: 812B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/81
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/92
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Xfourk35_browsingExe.exe
.dll .ps1 windows x64

Sharing

General

Malware Config

Signatures

Files

ae76f6354c75c58b47b250b7fb349fb3

Code Sign

01:1f:39:a2:26:1a:99:3d:d1:51:76:da:6f:e4:fb:eaCertificate

Extended Key Usages

Key Usages

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5cCertificate

Extended Key Usages

Key Usages

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:ddCertificate

Extended Key Usages

Key Usages

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15Certificate

Extended Key Usages

Key Usages

42:c3:b6:a3:c7:d2:4c:c0:c4:d7:4a:ed:2b:c2:0a:43:fb:25:78:f0:65:4e:04:da:aa:50:0b:fe:0a:2f:71:25Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

msvcp140

shlwapi

vcruntime140

vcruntime140_1

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 89KB - Virtual size: 89KB

.rdata Size: 32KB - Virtual size: 32KB

.data Size: 1KB - Virtual size: 3KB

.pdata Size: 5KB - Virtual size: 4KB

.rsrc Size: 43KB - Virtual size: 42KB

.reloc Size: 512B - Virtual size: 256B

Headers

DLL Characteristics

File Characteristics

Exports

Exports

Sections

.text Size: 62KB - Virtual size: 62KB

.rdata Size: 16KB - Virtual size: 16KB

.data Size: 1024B - Virtual size: 2KB

.pdata Size: 3KB - Virtual size: 2KB

_RDATA Size: 512B - Virtual size: 244B

.rsrc Size: 1024B - Virtual size: 1016B

.reloc Size: 4KB - Virtual size: 4KB

6af15efcf8b02fb0f30aba51e0286183

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

oleaut32

cabinet

mscoree

Exports

Exports

Sections

.text Size: 57KB - Virtual size: 57KB

.rdata Size: 38KB - Virtual size: 37KB

.data Size: 3KB - Virtual size: 7KB

.pdata Size: 4KB - Virtual size: 3KB

_RDATA Size: 512B - Virtual size: 252B

.reloc Size: 2KB - Virtual size: 1KB

37791ed07fb74bfe504edfe9d52f4e3a

01:1f:39:a2:26:1a:99:3d:d1:51:76:da:6f:e4:fb:ea
Certificate

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

42:c3:b6:a3:c7:d2:4c:c0:c4:d7:4a:ed:2b:c2:0a:43:fb:25:78:f0:65:4e:04:da:aa:50:0b:fe:0a:2f:71:25
Signer

.text
Size: 89KB - Virtual size: 89KB

.rdata
Size: 32KB - Virtual size: 32KB

.data
Size: 1KB - Virtual size: 3KB

.pdata
Size: 5KB - Virtual size: 4KB

.rsrc
Size: 43KB - Virtual size: 42KB

.reloc
Size: 512B - Virtual size: 256B

.text
Size: 62KB - Virtual size: 62KB

.rdata
Size: 16KB - Virtual size: 16KB

.data
Size: 1024B - Virtual size: 2KB

.pdata
Size: 3KB - Virtual size: 2KB

_RDATA
Size: 512B - Virtual size: 244B

.rsrc
Size: 1024B - Virtual size: 1016B

.reloc
Size: 4KB - Virtual size: 4KB

.text
Size: 57KB - Virtual size: 57KB

.rdata
Size: 38KB - Virtual size: 37KB

.data
Size: 3KB - Virtual size: 7KB

.pdata
Size: 4KB - Virtual size: 3KB

_RDATA
Size: 512B - Virtual size: 252B

.reloc
Size: 2KB - Virtual size: 1KB

.text
Size: 104KB - Virtual size: 103KB

.rdata
Size: 45KB - Virtual size: 44KB

.data
Size: 3KB - Virtual size: 7KB

.pdata
Size: 6KB - Virtual size: 5KB

.gfids
Size: 512B - Virtual size: 216B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 2KB - Virtual size: 1KB

.text
Size: 21KB - Virtual size: 20KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 1.0MB - Virtual size: 1.0MB

.rdata
Size: 318KB - Virtual size: 317KB

.data
Size: 42KB - Virtual size: 59KB

.pdata
Size: 65KB - Virtual size: 65KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 5KB - Virtual size: 4KB