redline | 2023-08-13-07[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

2023-08-13-07.zip
Size

67.8MB
MD5

82880c280bd2f28133e9bf5104fe0b28
SHA1

4a2194c2c296b60cc2de475edebe4fdcb4642539
SHA256

a1f23acb5b4f73ab636d3435dc97347e12c2b4dc8480192335030e804eda672f
SHA512

ef45be0a5670fa27477645256cb2f8b70783cbc8e4ffc70bca3eeb43567163bf99fb0e97ca933f7eee384e1179f24e664c0c5a762fd62b44fa81ca07243b5b5c
SSDEEP

1572864:r1QaIKvbms2K43amdKQi8rATB362DZ1HKnIqr:jIKvbms2K43amchUAVK2d9KnP

Score

10^/10

vmprotect ai1 upx redline

Malware Config

Extracted

Family

redline

Botnet

ai1

80.85.157.78:28552

Attributes

auth_value
6bcebe43e888caa4243aba18539ee98b

Signatures

Redline family
redline

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/7fec2debd3328b70221dc4f0eaeef39845a9a8f8f8aa88ef9ecfc4318ed7a24e.exe	upx
static1/unpack001/8e34aec81247dc38b7835b549b571d1b8554cae6d543d7eed9c4bfd5cdd41167.exe	upx

VMProtect packed file 3 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
static1/unpack001/49d073c438dd2e922ebebb413a2cf4d561bbbfd18c597dccee127e12ea19dbaa.exe	vmprotect
static1/unpack001/9688a1c6e23579bb9a09014d830a3717a86fb62cbf3a7a05484d29367161e6c1.exe	vmprotect
static1/unpack001/f46e2285a892b886eb5ee03e863c3bf4ed02d00a8111dbf72cb7c59f5fc87e74.exe	vmprotect

Unsigned PE 48 IoCs

Checks for missing Authenticode signature.

resource
unpack001/0043ce08603751d94a911c887c9fbd583a0914542daec18a75f2055588974d68.exe
unpack001/03a6a15e8d8ca8d46a26826150fae2cf1d0e942d6e2905349c27bded38da0b7e.exe
unpack001/04622bd2ce96e922178c66bd9003aa93eb4255da281511bb48eb851ba9fbae37.exe
unpack001/0f79c810b527680620ee78e5edb24f483dd23bfca240d0f0849ae0362d5d6e81.exe
unpack001/1122887f30d015128797428ab7c878ab97030d1d0f9365a2ca144a4c5fa1f2f0.exe
unpack001/120efb48724487028465fb5d25db17b9398f56bad7116e54299ab5087104e69b.exe
unpack001/17dcdc4a57f3bd6701846121f75e951b317499356a63a1f98545413a6d9c6bff.exe
unpack001/1c511d52c2365d6a9be37c9c547fe1132e16736538e34c9f0498884b67877119.exe
unpack001/1cf8dee2b9563a6861c46ca56e9b79949ef48cc63bf2a9448bfe1b6f48681a92.exe
unpack001/24bbf11a36131de85b7ae52d1c933faa3e4294a461bdab1951fc0f6ad50d3e45.exe
unpack001/26cae4cdeef032aea2bd4ea1c5b88fbfb876bb3dd35a54076356195969fe3611.exe
unpack001/2b688e9118d1b99bc5ba4e363ddb95d357f499e6fcc1c16189e3e62f2606ff7d.exe
unpack001/38193ba739ad20227de4306108de61f4a9a671266ed6a748260de4507501bf1f.exe
unpack001/391210b85b13f4cc289a1243f0716c4c243a61073d370fe3dbb06e89e2335019.exe
unpack001/3be33385d62b7ee8c02fc33a0d438423b22b6239e125ba77558265c0fbb48b7a.exe
unpack001/3c9874475203f4d2f0588bf4b4129c078f4cac9e295da6aec02fe0ae1eb81d83.exe
unpack001/3cc94d59e65f8e8c3f59471d33d534173d892cc64866859f56c16ea092253f51.exe
unpack001/49d073c438dd2e922ebebb413a2cf4d561bbbfd18c597dccee127e12ea19dbaa.exe
unpack001/4a22fc716c42511a85dfd04a3a117cdbad3bac5db4494255c64acef5c84c8fe8.exe
unpack001/4a8b6a3e837ed8d977973cc385a5cda8ef78157994323d152e157eea714d05ad.exe
unpack001/5072ed5c16cbc6929b8d9ac82dba2a10f84e14530a11eb374141e630d722e261.exe
unpack001/648a24a4513a5923536c5993a9289458a372e73b2f75709059d0123f1ceb8198.exe
unpack001/651a4c3e35b647788a3eb33862d90bc7d58912e6e99ffb8a7bd4c759634fe67b.exe
unpack001/67cb319846957d5e7ee3f43e7075c6a7fd4a5275d89f1326bc05c3295baa57ca.exe
unpack001/726ed206c2957e9b6bcc0d47c61818de9ef7c12a06a87f4d9426286ae019c6d5.exe
unpack001/7dfc00c107c0896da7f2b6cccd7493d7d1f0b760f32983c71219ae736e2b36d5.exe
unpack001/7e98ed033f3ad3896990dec26ed5f0aef2317f844d8a4a0ba92114d136211eb3.exe
unpack001/7fec2debd3328b70221dc4f0eaeef39845a9a8f8f8aa88ef9ecfc4318ed7a24e.exe
unpack001/8169cd35ac84069d5e1e101dc22a6e9cb2fcaffa0c357972ad5fbbd5c3d7c8e0.exe
unpack001/86706e3bf9afefd55a0c2d7d98c163ca63e1eb4214951f789fbb596973ae7a6e.exe
unpack001/8e34aec81247dc38b7835b549b571d1b8554cae6d543d7eed9c4bfd5cdd41167.exe
unpack001/8f596cd8f3eece70335d5a654b61ffab24e57658e70cf259399930497af63112.exe
unpack001/95d565bb86a4ed3ca5de3c574bc0a61e0c85b9e923a0d8374a59cce9270e1bd6.exe
unpack001/9688a1c6e23579bb9a09014d830a3717a86fb62cbf3a7a05484d29367161e6c1.exe
unpack001/984d259100002cbd8af8a6af213e46adab523821c32e089908b39989ab03b620.exe
unpack001/9a86c400c754a8a5d191bc77855f398dae45defb82c8821542b7ccd49370a179.exe
unpack001/9fe249dcf9427f8108078fa84ca1d2f16c31936b3457027bb424eadb689aea3e.exe
unpack001/a456a0fcdedef851458b225f6bae02f6ee4e9ff6e1d479376d3766497aea8ac2.exe
unpack001/a526b47da47812b1353ae38b8e051f2f62fb93b55bcbadbdaaa51df3b5c22e4e.exe
unpack001/ac4620769b15f5a7ccbeda9891ab788e46fe418e8129b2d54a64452467ac9eb0.exe
unpack001/af97e135bd09cfd969ea9987c4ee6d3efe6f6ea0e0cd9feb76e6af36e243720b.exe
unpack001/b3325327f0ae9d4c4feef6a4fa9f7a488f63cf073d8b3c18d574c02eb06bc8f4.exe
unpack001/b99d353cf8e5d32f4e336e036ca2bac4b53ec239d0f95770835493ae0db25c45.exe
unpack001/cc42e2ffc8bbf84b78ea9a888563cbdc59ad12bd45c8aa1d554527428cdfe4ed.exe
unpack001/d085497cb6b122fc1ba456aff7becbc74bf8b4f9c2bc895932821a60a4536cb2.exe
unpack001/d5e86fc6eaefa53483c312faedc12df8947110589b5cdfa14d5a6833a1f32284.exe
unpack001/f064653fb4b2d463961af7fe3234c034a068d382f0df1eada6e7090dc7c288c8.exe
unpack001/f46e2285a892b886eb5ee03e863c3bf4ed02d00a8111dbf72cb7c59f5fc87e74.exe

Files

2023-08-13-07.zip
.zip

Password: infected
0043ce08603751d94a911c887c9fbd583a0914542daec18a75f2055588974d68.exe
.exe windows x86

99e0faa4a816f66aee7c760f482140b5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetConsoleAliasesLengthW
InterlockedDecrement
InterlockedCompareExchange
GetComputerNameW
SetEvent
GetTickCount
GetCurrentThread
CreateActCtxW
LoadLibraryW
ReadConsoleInputA
TransactNamedPipe
GetNamedPipeInfo
HeapValidate
GetModuleFileNameW
GetACP
DisconnectNamedPipe
GetConsoleAliasesW
GetProfileIntA
GetLastError
WriteConsoleInputW
VirtualAlloc
LoadLibraryA
DeleteTimerQueue
Module32FirstW
FoldStringW
FindNextFileA
HeapSetInformation
UpdateResourceW
WriteProfileStringW
TlsAlloc
AreFileApisANSI
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetProcAddress
FillConsoleOutputCharacterA
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
GetCurrentProcess
IsDebuggerPresent
GetModuleHandleW
Sleep
ExitProcess
GetStartupInfoW
RaiseException
RtlUnwind
WriteFile
GetStdHandle
GetModuleFileNameA
HeapAlloc
HeapFree
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
EnterCriticalSection
LeaveCriticalSection
SetFilePointer
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
HeapCreate
VirtualFree
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
HeapReAlloc
GetCPInfo
GetOEMCP
IsValidCodePage
WideCharToMultiByte
CloseHandle
CreateFileA
GetModuleHandleA
SetStdHandle
GetConsoleCP
GetConsoleMode
FlushFileBuffers
HeapSize
GetLocaleInfoA
GetStringTypeA
MultiByteToWideChar
GetStringTypeW
LCMapStringA
LCMapStringW
SetEndOfFile
GetProcessHeap
ReadFile

user32

LoadMenuA
CharLowerBuffW
CreateAcceleratorTableA
CharToOemBuffW
CharUpperBuffW

gdi32

GetColorAdjustment

Sections

.text
Size: 385KB - Virtual size: 384KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 20.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 40KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
03a6a15e8d8ca8d46a26826150fae2cf1d0e942d6e2905349c27bded38da0b7e.exe
.exe windows x86

f14eb02bc6e4e96d4b116ed67da9e223

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FillConsoleOutputCharacterA
WriteConsoleInputW
GetConsoleAliasesLengthW
InterlockedIncrement
InterlockedCompareExchange
GetTickCount
GetCurrentThread
CreateActCtxW
LoadLibraryW
ReadConsoleInputA
TransactNamedPipe
GetNamedPipeInfo
HeapValidate
GetACP
DisconnectNamedPipe
GetConsoleAliasesW
GetProfileIntA
GetLastError
GetProcAddress
GetDateFormatW
LoadLibraryA
DeleteTimerQueue
Module32FirstW
FoldStringW
CreatePipe
EnumResourceTypesW
FindNextFileA
HeapSetInformation
UpdateResourceW
TlsAlloc
AreFileApisANSI
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
VirtualAlloc
GetComputerNameA
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
GetCurrentProcess
IsDebuggerPresent
GetModuleHandleW
Sleep
ExitProcess
GetStartupInfoW
RaiseException
RtlUnwind
WriteFile
GetStdHandle
GetModuleFileNameA
HeapAlloc
HeapFree
TlsGetValue
TlsSetValue
TlsFree
SetLastError
GetCurrentThreadId
InterlockedDecrement
EnterCriticalSection
LeaveCriticalSection
SetFilePointer
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
GetModuleFileNameW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
HeapCreate
VirtualFree
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
HeapReAlloc
GetCPInfo
GetOEMCP
IsValidCodePage
WideCharToMultiByte
CloseHandle
CreateFileA
GetModuleHandleA
SetStdHandle
GetConsoleCP
GetConsoleMode
FlushFileBuffers
HeapSize
GetLocaleInfoA
GetStringTypeA
MultiByteToWideChar
GetStringTypeW
LCMapStringA
LCMapStringW
SetEndOfFile
GetProcessHeap
ReadFile

user32

LoadMenuA
CharLowerBuffW
CreateAcceleratorTableA
CharToOemBuffW
CharUpperBuffW

gdi32

GetColorAdjustment

Sections

.text
Size: 385KB - Virtual size: 384KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 20.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 40KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
04622bd2ce96e922178c66bd9003aa93eb4255da281511bb48eb851ba9fbae37.exe
.exe windows x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 326KB - Virtual size: 326KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 3KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 16B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 3.7MB - Virtual size: 3.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
0f79c810b527680620ee78e5edb24f483dd23bfca240d0f0849ae0362d5d6e81.exe
.exe windows x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

.text
Size: 3.3MB - Virtual size: 3.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 72KB - Virtual size: 2.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 131KB - Virtual size: 131KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RANDOMX
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

_SHA3_25
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

_TEXT_CN
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

_TEXT_CN
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 148B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 34KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
1122887f30d015128797428ab7c878ab97030d1d0f9365a2ca144a4c5fa1f2f0.exe
.exe windows x86

ed5b2a553081ac99075a67ace09b6e18

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FillConsoleOutputCharacterA
WriteConsoleInputW
GetConsoleAliasesLengthW
InterlockedDecrement
InterlockedCompareExchange
GetComputerNameW
SetEvent
GetTickCount
GetCurrentThread
CreateActCtxW
LoadLibraryW
ReadConsoleInputA
TransactNamedPipe
GetNamedPipeInfo
HeapValidate
GetModuleFileNameW
GetACP
DisconnectNamedPipe
GetConsoleAliasesW
GetProfileIntA
GetLastError
GetProcAddress
VirtualAlloc
LoadLibraryA
DeleteTimerQueue
Module32FirstW
FoldStringW
FindNextFileA
HeapSetInformation
UpdateResourceW
WriteProfileStringW
TlsAlloc
AreFileApisANSI
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
GetCurrentProcess
IsDebuggerPresent
GetModuleHandleW
Sleep
ExitProcess
GetStartupInfoW
RaiseException
RtlUnwind
WriteFile
GetStdHandle
GetModuleFileNameA
HeapAlloc
HeapFree
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
EnterCriticalSection
LeaveCriticalSection
SetFilePointer
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
HeapCreate
VirtualFree
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
HeapReAlloc
GetCPInfo
GetOEMCP
IsValidCodePage
WideCharToMultiByte
CloseHandle
CreateFileA
GetModuleHandleA
SetStdHandle
GetConsoleCP
GetConsoleMode
FlushFileBuffers
HeapSize
GetLocaleInfoA
GetStringTypeA
MultiByteToWideChar
GetStringTypeW
LCMapStringA
LCMapStringW
SetEndOfFile
GetProcessHeap
ReadFile

user32

LoadMenuA
CharLowerBuffW
CreateAcceleratorTableA
CharToOemBuffW
CharUpperBuffW

Sections

.text
Size: 384KB - Virtual size: 384KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 20.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 55KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 40KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
120efb48724487028465fb5d25db17b9398f56bad7116e54299ab5087104e69b.exe
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 834KB - Virtual size: 834KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
17dcdc4a57f3bd6701846121f75e951b317499356a63a1f98545413a6d9c6bff.exe
.exe windows x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Sections

.text
Size: 9.4MB - Virtual size: 9.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 10.2MB - Virtual size: 10.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 579KB - Virtual size: 1.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 194KB - Virtual size: 194KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.symtab
Size: 512B - Virtual size: 4B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
1c511d52c2365d6a9be37c9c547fe1132e16736538e34c9f0498884b67877119.exe
.exe windows x86

b843f9632af58019508eefd6a2b3c3d6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetDateFormatW
FillConsoleOutputCharacterA
WriteConsoleInputW
GetConsoleAliasesLengthW
InterlockedIncrement
InterlockedCompareExchange
GetComputerNameW
GetTickCount
GetCurrentThread
CreateActCtxW
LoadLibraryW
ReadConsoleInputA
TransactNamedPipe
GetNamedPipeInfo
HeapValidate
GetACP
DisconnectNamedPipe
GetConsoleAliasesW
GetProfileIntA
GetLastError
GetProcAddress
VirtualAlloc
LoadLibraryA
DeleteTimerQueue
Module32FirstW
FoldStringW
CreatePipe
EnumResourceTypesW
FindNextFileA
HeapSetInformation
UpdateResourceW
TlsAlloc
AreFileApisANSI
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
ReadFile
InterlockedDecrement
Sleep
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
UnhandledExceptionFilter
SetUnhandledExceptionFilter
HeapFree
TerminateProcess
GetCurrentProcess
IsDebuggerPresent
GetModuleHandleW
ExitProcess
GetStartupInfoW
RtlUnwind
RaiseException
LCMapStringA
WideCharToMultiByte
MultiByteToWideChar
LCMapStringW
GetCPInfo
WriteFile
GetStdHandle
GetModuleFileNameA
HeapAlloc
HeapCreate
VirtualFree
HeapReAlloc
TlsGetValue
TlsSetValue
TlsFree
SetLastError
GetCurrentThreadId
SetFilePointer
InitializeCriticalSectionAndSpinCount
GetModuleFileNameW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
HeapSize
GetOEMCP
IsValidCodePage
GetLocaleInfoA
GetStringTypeA
GetStringTypeW
CloseHandle
CreateFileA
GetModuleHandleA
SetStdHandle
GetConsoleCP
GetConsoleMode
FlushFileBuffers
SetEndOfFile
GetProcessHeap

user32

LoadMenuA
CharLowerBuffW
CreateAcceleratorTableA
CharToOemBuffW
CharUpperBuffW

Sections

.text
Size: 2.6MB - Virtual size: 2.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 20.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 31KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 46KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
1cf8dee2b9563a6861c46ca56e9b79949ef48cc63bf2a9448bfe1b6f48681a92.exe
.exe windows x86

99e0faa4a816f66aee7c760f482140b5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetConsoleAliasesLengthW
InterlockedDecrement
InterlockedCompareExchange
GetComputerNameW
SetEvent
GetTickCount
GetCurrentThread
CreateActCtxW
LoadLibraryW
ReadConsoleInputA
TransactNamedPipe
GetNamedPipeInfo
HeapValidate
GetModuleFileNameW
GetACP
DisconnectNamedPipe
GetConsoleAliasesW
GetProfileIntA
GetLastError
WriteConsoleInputW
VirtualAlloc
LoadLibraryA
DeleteTimerQueue
Module32FirstW
FoldStringW
FindNextFileA
HeapSetInformation
UpdateResourceW
WriteProfileStringW
TlsAlloc
AreFileApisANSI
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetProcAddress
FillConsoleOutputCharacterA
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
GetCurrentProcess
IsDebuggerPresent
GetModuleHandleW
Sleep
ExitProcess
GetStartupInfoW
RaiseException
RtlUnwind
WriteFile
GetStdHandle
GetModuleFileNameA
HeapAlloc
HeapFree
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
EnterCriticalSection
LeaveCriticalSection
SetFilePointer
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
HeapCreate
VirtualFree
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
HeapReAlloc
GetCPInfo
GetOEMCP
IsValidCodePage
WideCharToMultiByte
CloseHandle
CreateFileA
GetModuleHandleA
SetStdHandle
GetConsoleCP
GetConsoleMode
FlushFileBuffers
HeapSize
GetLocaleInfoA
GetStringTypeA
MultiByteToWideChar
GetStringTypeW
LCMapStringA
LCMapStringW
SetEndOfFile
GetProcessHeap
ReadFile

user32

LoadMenuA
CharLowerBuffW
CreateAcceleratorTableA
CharToOemBuffW
CharUpperBuffW

gdi32

GetColorAdjustment

Sections

.text
Size: 384KB - Virtual size: 384KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 20.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 40KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
24bbf11a36131de85b7ae52d1c933faa3e4294a461bdab1951fc0f6ad50d3e45.exe
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 592KB - Virtual size: 592KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 976B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
26cae4cdeef032aea2bd4ea1c5b88fbfb876bb3dd35a54076356195969fe3611.exe
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
2b688e9118d1b99bc5ba4e363ddb95d357f499e6fcc1c16189e3e62f2606ff7d.exe
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.textbss
Size: - Virtual size: 2.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 4.9MB - Virtual size: 4.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

PAGE
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 37KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 731KB - Virtual size: 730KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 134KB - Virtual size: 134KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 82KB - Virtual size: 82KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 262KB - Virtual size: 262KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
38193ba739ad20227de4306108de61f4a9a671266ed6a748260de4507501bf1f.exe
.exe windows x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 326KB - Virtual size: 326KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 3KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 16B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 3.7MB - Virtual size: 3.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
391210b85b13f4cc289a1243f0716c4c243a61073d370fe3dbb06e89e2335019.exe
.exe windows x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

.text
Size: 2.2MB - Virtual size: 2.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.sdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 298KB - Virtual size: 298KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
3be33385d62b7ee8c02fc33a0d438423b22b6239e125ba77558265c0fbb48b7a.exe
.exe windows x64

9822cfebd7c974bd9454a866d6256f96

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

advapi32

OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges
EnumerateTraceGuidsEx
EventSetInformation
EventUnregister
EventActivityIdControl
RegCloseKey
EventRegister
EventWriteTransfer
RegEnumKeyExW
RegEnumValueW
RegOpenKeyExW
RegQueryValueExW
EventWrite
EventEnabled

ncrypt

BCryptSetProperty
BCryptOpenAlgorithmProvider
BCryptGenRandom
BCryptCloseAlgorithmProvider
BCryptDestroyKey
BCryptImportKey
BCryptDecrypt
BCryptEncrypt

kernel32

RtlUnwind
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
EncodePointer
RaiseException
RtlPcToFileHeader
SetLastError
FormatMessageW
GetLastError
GetCPInfoExW
GetConsoleMode
GetFileType
ReadFile
ReadConsoleW
WriteFile
WriteConsoleW
GetConsoleOutputCP
GetStdHandle
MultiByteToWideChar
WideCharToMultiByte
CreateProcessW
VirtualAllocEx
CloseHandle
GetExitCodeProcess
TerminateProcess
OpenProcess
K32EnumProcesses
GetProcessId
DuplicateHandle
GetCurrentProcess
GetCurrentProcessId
TzSpecificLocalTimeToSystemTime
SystemTimeToFileTime
FileTimeToSystemTime
GetSystemTime
GetCalendarInfoEx
CompareStringOrdinal
CompareStringEx
FindNLSStringEx
GetLocaleInfoEx
ResolveLocaleName
GetUserPreferredUILanguages
FindStringOrdinal
GetTickCount64
GetCurrentProcessorNumber
GetCurrentThread
Sleep
InitializeCriticalSection
InitializeConditionVariable
DeleteCriticalSection
LocalFree
EnterCriticalSection
SleepConditionVariableCS
LeaveCriticalSection
WakeConditionVariable
WaitForMultipleObjectsEx
GetFullPathNameW
GetLongPathNameW
LocalAlloc
GetProcAddress
RaiseFailFastException
LocaleNameToLCID
LCMapStringEx
EnumTimeFormatsEx
EnumCalendarInfoExEx
ExpandEnvironmentStringsW
FindClose
FindFirstFileExW
FreeLibrary
GetFileAttributesExW
GetSystemDirectoryW
LoadLibraryExW
SetThreadErrorMode
GetThreadPriority
GetDynamicTimeZoneInformation
GetTimeZoneInformation
SetEvent
CreateEventExW
GetEnvironmentVariableW
FlushProcessWriteBuffers
QueryPerformanceCounter
QueryPerformanceFrequency
GetCurrentThreadId
WaitForSingleObjectEx
VirtualQuery
RtlCaptureContext
RtlRestoreContext
AddVectoredExceptionHandler
FlsAlloc
FlsGetValue
FlsSetValue
CreateEventW
SwitchToThread
CreateThread
SetThreadPriority
SuspendThread
ResumeThread
GetThreadContext
SetThreadContext
FlushInstructionCache
VirtualAlloc
VirtualProtect
VirtualFree
QueryInformationJobObject
GetModuleHandleW
GetModuleHandleExW
GetProcessAffinityMask
InitializeContext
GetEnabledXStateFeatures
SetXStateFeaturesMask
InitializeCriticalSectionEx
GetSystemTimeAsFileTime
ResetEvent
DebugBreak
WaitForSingleObject
SleepEx
GlobalMemoryStatusEx
GetSystemInfo
GetTickCount
GetLogicalProcessorInformation
GetLogicalProcessorInformationEx
GetLargePageMinimum
VirtualUnlock
GetWriteWatch
ResetWriteWatch
VirtualAllocExNuma
IsProcessInJob
GetNumaHighestNodeNumber
GetProcessGroupAffinity
K32GetProcessMemoryInfo
RtlUnwindEx
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
InitializeSListHead
InitializeCriticalSectionAndSpinCount

ole32

CoUninitialize
CoInitializeEx
CoWaitForMultipleHandles
CoGetApartmentType

user32

LoadStringW

api-ms-win-crt-heap-l1-1-0

malloc
_callnewh
_set_new_mode
calloc
free

api-ms-win-crt-math-l1-1-0

__setusermatherr
cos
modf
tan
sin
pow
floor
ceil

api-ms-win-crt-string-l1-1-0

wcsncmp
strncpy_s
strcpy_s
strcmp
_stricmp
_wcsicmp

api-ms-win-crt-runtime-l1-1-0

_exit
__p___argc
_initterm_e
terminate
_crt_atexit
_register_onexit_function
_initialize_onexit_table
exit
_initterm
_get_initial_wide_environment
abort
__p___wargv
_register_thread_local_exe_atexit_callback
_c_exit
_cexit
_seh_filter_exe
_set_app_type
_initialize_wide_environment
_configure_wide_argv

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vsprintf_s
__p__commode
__stdio_common_vfprintf
__stdio_common_vsscanf
_set_fmode
__acrt_iob_func

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Exports

Exports

DotNetRuntimeDebugHeader

Sections

.text
Size: 457KB - Virtual size: 456KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.managed
Size: 1014KB - Virtual size: 1013KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 126KB - Virtual size: 178KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 94KB - Virtual size: 93KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 49KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 115KB - Virtual size: 115KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
3c9874475203f4d2f0588bf4b4129c078f4cac9e295da6aec02fe0ae1eb81d83.exe
.exe windows x86

d7b081df5aeced7021cc9bd078a5fcbc

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetDateFormatW
FillConsoleOutputCharacterA
WriteConsoleInputW
GetConsoleAliasesLengthW
InterlockedIncrement
InterlockedCompareExchange
GetComputerNameW
GetCurrentThread
CreateActCtxW
LoadLibraryW
TransactNamedPipe
GetNamedPipeInfo
HeapValidate
GetACP
DisconnectNamedPipe
GetConsoleAliasesW
GetProfileIntA
GetLastError
GetProcAddress
VirtualAlloc
LoadLibraryA
DeleteTimerQueue
FoldStringW
CreatePipe
EnumResourceTypesW
FindNextFileA
HeapSetInformation
UpdateResourceW
Module32NextW
ReadConsoleInputW
TlsAlloc
AreFileApisANSI
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
ReadFile
InterlockedDecrement
Sleep
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
UnhandledExceptionFilter
SetUnhandledExceptionFilter
HeapFree
TerminateProcess
GetCurrentProcess
IsDebuggerPresent
MultiByteToWideChar
GetModuleHandleW
ExitProcess
GetStartupInfoW
RtlUnwind
RaiseException
LCMapStringA
WideCharToMultiByte
LCMapStringW
GetCPInfo
WriteFile
GetStdHandle
GetModuleFileNameA
HeapAlloc
HeapCreate
VirtualFree
HeapReAlloc
TlsGetValue
TlsSetValue
TlsFree
SetLastError
GetCurrentThreadId
GetOEMCP
IsValidCodePage
InitializeCriticalSectionAndSpinCount
GetModuleFileNameW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
HeapSize
GetLocaleInfoA
GetStringTypeA
GetStringTypeW
CloseHandle
CreateFileA
GetModuleHandleA
GetConsoleCP
GetConsoleMode
FlushFileBuffers
SetFilePointer
SetStdHandle
SetEndOfFile
GetProcessHeap

user32

LoadMenuA
CreateAcceleratorTableA
CharLowerBuffA
CharToOemBuffW
CharUpperBuffW

Sections

.text
Size: 2.6MB - Virtual size: 2.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 20.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 31KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 46KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
3cc94d59e65f8e8c3f59471d33d534173d892cc64866859f56c16ea092253f51.exe
.exe windows x86

ed5b2a553081ac99075a67ace09b6e18

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FillConsoleOutputCharacterA
WriteConsoleInputW
GetConsoleAliasesLengthW
InterlockedDecrement
InterlockedCompareExchange
GetComputerNameW
SetEvent
GetTickCount
GetCurrentThread
CreateActCtxW
LoadLibraryW
ReadConsoleInputA
TransactNamedPipe
GetNamedPipeInfo
HeapValidate
GetModuleFileNameW
GetACP
DisconnectNamedPipe
GetConsoleAliasesW
GetProfileIntA
GetLastError
GetProcAddress
VirtualAlloc
LoadLibraryA
DeleteTimerQueue
Module32FirstW
FoldStringW
FindNextFileA
HeapSetInformation
UpdateResourceW
WriteProfileStringW
TlsAlloc
AreFileApisANSI
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
GetCurrentProcess
IsDebuggerPresent
GetModuleHandleW
Sleep
ExitProcess
GetStartupInfoW
RaiseException
RtlUnwind
WriteFile
GetStdHandle
GetModuleFileNameA
HeapAlloc
HeapFree
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
EnterCriticalSection
LeaveCriticalSection
SetFilePointer
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
HeapCreate
VirtualFree
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
HeapReAlloc
GetCPInfo
GetOEMCP
IsValidCodePage
WideCharToMultiByte
CloseHandle
CreateFileA
GetModuleHandleA
SetStdHandle
GetConsoleCP
GetConsoleMode
FlushFileBuffers
HeapSize
GetLocaleInfoA
GetStringTypeA
MultiByteToWideChar
GetStringTypeW
LCMapStringA
LCMapStringW
SetEndOfFile
GetProcessHeap
ReadFile

user32

LoadMenuA
CharLowerBuffW
CreateAcceleratorTableA
CharToOemBuffW
CharUpperBuffW

Sections

.text
Size: 327KB - Virtual size: 326KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 20.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 55KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 40KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
49d073c438dd2e922ebebb413a2cf4d561bbbfd18c597dccee127e12ea19dbaa.exe
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: - Virtual size: 156KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 3.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp2
Size: 6.3MB - Virtual size: 6.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 681KB - Virtual size: 681KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
4a22fc716c42511a85dfd04a3a117cdbad3bac5db4494255c64acef5c84c8fe8.exe
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 590KB - Virtual size: 589KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 113KB - Virtual size: 113KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11.0MB - Virtual size: 11.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.didat
Size: 1024B - Virtual size: 793B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 278KB - Virtual size: 277KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
4a8b6a3e837ed8d977973cc385a5cda8ef78157994323d152e157eea714d05ad.exe
.exe windows x64

a7a19cad0c2c193feb43fc00c1b6b502

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

advapi32

RegOpenKeyExW
RegQueryValueExW
RegCloseKey
EventWrite
EventRegister
EventUnregister
RegCreateKeyExW
RegSetValueExW

kernel32

GetLastError
HeapFree
GetProcessHeap
HeapAlloc
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
GetModuleHandleW
SetUnhandledExceptionFilter
GetStartupInfoW
Sleep
LocalFree
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
CreateMutexW
GetTickCount64
VerifyVersionInfoW
VerSetConditionMask
MulDiv
CloseHandle
GetCurrentProcessId

gdi32

Polyline
SetBkColor
CreateSolidBrush
CreatePen
DeleteObject
GetDeviceCaps
CreateFontIndirectW
GetObjectW
CreateCompatibleDC
SelectObject
GdiAlphaBlend
BitBlt
DeleteDC
GetStockObject
GdiSetBatchLimit
SetTextColor
GetTextMetricsW
PatBlt
CreateCompatibleBitmap
SetStretchBltMode
StretchBlt
SetBkMode

user32

IsDlgButtonChecked
CheckRadioButton
EnumDisplaySettingsW
EnumDisplayDevicesW
ChangeDisplaySettingsExW
GetSysColor
CopyImage
LoadBitmapW
DestroyWindow
CreateWindowExW
DrawTextW
CheckDlgButton
MapWindowPoints
FillRect
RedrawWindow
IsCharAlphaNumericW
MessageBoxW
SystemParametersInfoW
SetFocus
SetWindowLongW
GetParent
PostMessageW
EnableWindow
ShowWindow
DialogBoxParamW
KillTimer
SetTimer
EndDialog
SetForegroundWindow
FindWindowW
RegisterClassExW
LoadCursorW
DefWindowProcW
SetWindowTextW
SendMessageW
EndPaint
GetSysColorBrush
FrameRect
BeginPaint
DrawFocusRect
GetWindowLongW
GetFocus
InvalidateRect
SetWindowLongPtrW
SetDlgItemTextW
GetDlgItem
GetClientRect
MapDialogRect
SendDlgItemMessageW
SendMessageTimeoutW
SetWindowPos
PtInRect
GetWindowRect
GetSystemMetrics
GetProcessDefaultLayout
ReleaseDC
LoadStringW
GetDC
GetWindowLongPtrW
TrackMouseEvent

msvcrt

_wtoi
__set_app_type
_fmode
memcpy
__setusermatherr
_amsg_exit
_initterm
memset
_unlock
__dllonexit
_lock
_onexit
??1type_info@@UEAA@XZ
?terminate@@YAXXZ
_commode
_acmdln
exit
_cexit
memcmp
_vsnwprintf
_purecall
free
realloc
wcschr
??0exception@@QEAA@AEBQEBDH@Z
?what@exception@@UEBAPEBDXZ
_ismbblead
_exit
_XcptFilter
__C_specific_handler
__getmainargs
_callnewh
malloc
_CxxThrowException
??0exception@@QEAA@AEBV0@@Z
??1exception@@UEAA@XZ

ntdll

WinSqmAddToStream
WinSqmIncrementDWORD

setupapi

SetupDiDestroyDeviceInfoList
SetupDiGetDeviceInstanceIdW
SetupDiGetDeviceInterfaceDetailW
SetupDiGetClassDevsW
SetupDiOpenDeviceInterfaceW

uxtheme

CloseThemeData
GetThemeSysFont
GetThemeSysColor
GetThemeColor
GetThemeFont
OpenThemeData
IsThemeActive
DrawThemeParentBackground

oleacc

CreateStdAccessibleObject
LresultFromObject

ole32

CoInitializeSecurity
CoUninitialize
CoInitializeEx
CoSetProxyBlanket
StringFromGUID2
CoGetObject
CoCreateInstance

oleaut32

SafeArrayGetLBound
SysAllocString
SysFreeString
SafeArrayGetUBound
SafeArrayGetElement
VariantInit
VariantClear

comctl32

PropertySheetW
ord381
InitCommonControlsEx

dwrite

DWriteCreateFactory

Sections

.text
Size: 73KB - Virtual size: 72KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 263KB - Virtual size: 264KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
5072ed5c16cbc6929b8d9ac82dba2a10f84e14530a11eb374141e630d722e261.exe
.exe windows x86

646167cce332c1c252cdcb1839e0cf48

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

GetTokenInformation
RegDeleteValueA
RegOpenKeyExA
RegQueryInfoKeyA
FreeSid
OpenProcessToken
RegSetValueExA
RegCreateKeyExA
LookupPrivilegeValueA
AllocateAndInitializeSid
RegQueryValueExA
EqualSid
RegCloseKey
AdjustTokenPrivileges

kernel32

_lopen
_llseek
CompareStringA
GetLastError
GetFileAttributesA
GetSystemDirectoryA
LoadLibraryA
DeleteFileA
GlobalAlloc
GlobalFree
CloseHandle
WritePrivateProfileStringA
IsDBCSLeadByte
GetWindowsDirectoryA
SetFileAttributesA
GetProcAddress
GlobalLock
LocalFree
RemoveDirectoryA
FreeLibrary
_lclose
CreateDirectoryA
GetPrivateProfileIntA
GetPrivateProfileStringA
GlobalUnlock
ReadFile
SizeofResource
WriteFile
GetDriveTypeA
lstrcmpA
SetFileTime
SetFilePointer
FindResourceA
CreateMutexA
GetVolumeInformationA
ExpandEnvironmentStringsA
GetCurrentDirectoryA
FreeResource
GetVersion
SetCurrentDirectoryA
GetTempPathA
LocalFileTimeToFileTime
CreateFileA
SetEvent
TerminateThread
GetVersionExA
LockResource
GetSystemInfo
CreateThread
ResetEvent
LoadResource
ExitProcess
GetModuleHandleW
CreateProcessA
FormatMessageA
GetTempFileNameA
DosDateTimeToFileTime
CreateEventA
GetExitCodeProcess
FindNextFileA
LocalAlloc
GetShortPathNameA
MulDiv
GetDiskFreeSpaceA
EnumResourceLanguagesA
GetTickCount
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetStartupInfoW
Sleep
FindClose
GetCurrentProcess
FindFirstFileA
WaitForSingleObject
GetModuleFileNameA
LoadLibraryExA

gdi32

GetDeviceCaps

user32

SetWindowLongA
GetDlgItemTextA
DialogBoxIndirectParamA
ShowWindow
MsgWaitForMultipleObjects
SetWindowPos
GetDC
GetWindowRect
DispatchMessageA
GetDesktopWindow
CharUpperA
SetDlgItemTextA
ExitWindowsEx
MessageBeep
EndDialog
CharPrevA
LoadStringA
CharNextA
EnableWindow
ReleaseDC
SetForegroundWindow
PeekMessageA
GetDlgItem
SendMessageA
SendDlgItemMessageA
MessageBoxA
SetWindowTextA
GetWindowLongA
CallWindowProcA
GetSystemMetrics

msvcrt

_controlfp
?terminate@@YAXXZ
_acmdln
_initterm
__setusermatherr
_except_handler4_common
memcpy
_ismbblead
__p__fmode
_cexit
_exit
exit
__set_app_type
__getmainargs
_amsg_exit
__p__commode
_XcptFilter
memcpy_s
_vsnprintf
memset

comctl32

ord17

cabinet

ord22
ord23
ord21
ord20

version

GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeA

Sections

.text
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 689KB - Virtual size: 692KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
648a24a4513a5923536c5993a9289458a372e73b2f75709059d0123f1ceb8198.exe
.exe windows x86

646167cce332c1c252cdcb1839e0cf48

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

GetTokenInformation
RegDeleteValueA
RegOpenKeyExA
RegQueryInfoKeyA
FreeSid
OpenProcessToken
RegSetValueExA
RegCreateKeyExA
LookupPrivilegeValueA
AllocateAndInitializeSid
RegQueryValueExA
EqualSid
RegCloseKey
AdjustTokenPrivileges

kernel32

_lopen
_llseek
CompareStringA
GetLastError
GetFileAttributesA
GetSystemDirectoryA
LoadLibraryA
DeleteFileA
GlobalAlloc
GlobalFree
CloseHandle
WritePrivateProfileStringA
IsDBCSLeadByte
GetWindowsDirectoryA
SetFileAttributesA
GetProcAddress
GlobalLock
LocalFree
RemoveDirectoryA
FreeLibrary
_lclose
CreateDirectoryA
GetPrivateProfileIntA
GetPrivateProfileStringA
GlobalUnlock
ReadFile
SizeofResource
WriteFile
GetDriveTypeA
lstrcmpA
SetFileTime
SetFilePointer
FindResourceA
CreateMutexA
GetVolumeInformationA
ExpandEnvironmentStringsA
GetCurrentDirectoryA
FreeResource
GetVersion
SetCurrentDirectoryA
GetTempPathA
LocalFileTimeToFileTime
CreateFileA
SetEvent
TerminateThread
GetVersionExA
LockResource
GetSystemInfo
CreateThread
ResetEvent
LoadResource
ExitProcess
GetModuleHandleW
CreateProcessA
FormatMessageA
GetTempFileNameA
DosDateTimeToFileTime
CreateEventA
GetExitCodeProcess
FindNextFileA
LocalAlloc
GetShortPathNameA
MulDiv
GetDiskFreeSpaceA
EnumResourceLanguagesA
GetTickCount
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetStartupInfoW
Sleep
FindClose
GetCurrentProcess
FindFirstFileA
WaitForSingleObject
GetModuleFileNameA
LoadLibraryExA

gdi32

GetDeviceCaps

user32

SetWindowLongA
GetDlgItemTextA
DialogBoxIndirectParamA
ShowWindow
MsgWaitForMultipleObjects
SetWindowPos
GetDC
GetWindowRect
DispatchMessageA
GetDesktopWindow
CharUpperA
SetDlgItemTextA
ExitWindowsEx
MessageBeep
EndDialog
CharPrevA
LoadStringA
CharNextA
EnableWindow
ReleaseDC
SetForegroundWindow
PeekMessageA
GetDlgItem
SendMessageA
SendDlgItemMessageA
MessageBoxA
SetWindowTextA
GetWindowLongA
CallWindowProcA
GetSystemMetrics

msvcrt

_controlfp
?terminate@@YAXXZ
_acmdln
_initterm
__setusermatherr
_except_handler4_common
memcpy
_ismbblead
__p__fmode
_cexit
_exit
exit
__set_app_type
__getmainargs
_amsg_exit
__p__commode
_XcptFilter
memcpy_s
_vsnprintf
memset

comctl32

ord17

cabinet

ord22
ord23
ord21
ord20

version

GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeA

Sections

.text
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 564KB - Virtual size: 564KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
651a4c3e35b647788a3eb33862d90bc7d58912e6e99ffb8a7bd4c759634fe67b.exe
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 672KB - Virtual size: 672KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
67cb319846957d5e7ee3f43e7075c6a7fd4a5275d89f1326bc05c3295baa57ca.exe
.exe windows x86

c86d6a34baf2a5c1b8ca9dd9a8da7d3c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FillConsoleOutputCharacterA
WriteConsoleInputW
GetConsoleAliasesLengthW
InterlockedDecrement
InterlockedCompareExchange
GetComputerNameW
SetEvent
GetTickCount
GetCurrentThread
CreateActCtxW
LoadLibraryW
ReadConsoleInputA
TransactNamedPipe
GetNamedPipeInfo
HeapValidate
GetModuleFileNameW
GetACP
DisconnectNamedPipe
GetConsoleAliasesW
GetProfileIntA
GetLastError
GetProcAddress
VirtualAlloc
LoadLibraryA
DeleteTimerQueue
Module32FirstW
FoldStringW
FindNextFileA
GetModuleHandleA
HeapSetInformation
UpdateResourceW
WriteProfileStringW
TlsAlloc
AreFileApisANSI
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
GetCurrentProcess
IsDebuggerPresent
GetModuleHandleW
Sleep
ExitProcess
GetStartupInfoW
RaiseException
RtlUnwind
WriteFile
GetStdHandle
GetModuleFileNameA
HeapAlloc
HeapFree
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
EnterCriticalSection
LeaveCriticalSection
SetFilePointer
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
HeapCreate
VirtualFree
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
HeapReAlloc
GetCPInfo
GetOEMCP
IsValidCodePage
WideCharToMultiByte
CloseHandle
CreateFileA
SetStdHandle
GetConsoleCP
GetConsoleMode
FlushFileBuffers
HeapSize
GetLocaleInfoA
GetStringTypeA
MultiByteToWideChar
GetStringTypeW
LCMapStringA
LCMapStringW
SetEndOfFile
GetProcessHeap
ReadFile

user32

LoadMenuA
CharLowerBuffW
CreateAcceleratorTableA
CharToOemBuffW
CharUpperBuffW

Sections

.text
Size: 385KB - Virtual size: 385KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 20.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 63KB - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 40KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
6dd8ef7779d0c814cced732476bb249b561ebc3abb39f747a1104a4cfe58036f.apk
.apk android

com.minlas.ascool.livewallpaper

com.minlas.ascool.livewallpaper.OpenApp

Activities

com.minlas.ascool.livewallpaper.OpenApp

android.intent.action.MAIN

com.minlas.ascool.livewallpaper.WallpaperSettings

android.intent.action.MAIN

Permissions

android.permission.INTERNET
android.permission.ACCESS_NETWORK_STATE
android.permission.CHANGE_NETWORK_STATE
com.google.android.finsky.permission.BIND_GET_INSTALL_REFERRER_SERVICE

Services

com.minlas.ascool.livewallpaper.WallpaperService

android.service.wallpaper.WallpaperService
726ed206c2957e9b6bcc0d47c61818de9ef7c12a06a87f4d9426286ae019c6d5.exe
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 117KB - Virtual size: 116KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 39KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
7dfc00c107c0896da7f2b6cccd7493d7d1f0b760f32983c71219ae736e2b36d5.exe
.exe windows x86

646167cce332c1c252cdcb1839e0cf48

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

GetTokenInformation
RegDeleteValueA
RegOpenKeyExA
RegQueryInfoKeyA
FreeSid
OpenProcessToken
RegSetValueExA
RegCreateKeyExA
LookupPrivilegeValueA
AllocateAndInitializeSid
RegQueryValueExA
EqualSid
RegCloseKey
AdjustTokenPrivileges

kernel32

_lopen
_llseek
CompareStringA
GetLastError
GetFileAttributesA
GetSystemDirectoryA
LoadLibraryA
DeleteFileA
GlobalAlloc
GlobalFree
CloseHandle
WritePrivateProfileStringA
IsDBCSLeadByte
GetWindowsDirectoryA
SetFileAttributesA
GetProcAddress
GlobalLock
LocalFree
RemoveDirectoryA
FreeLibrary
_lclose
CreateDirectoryA
GetPrivateProfileIntA
GetPrivateProfileStringA
GlobalUnlock
ReadFile
SizeofResource
WriteFile
GetDriveTypeA
lstrcmpA
SetFileTime
SetFilePointer
FindResourceA
CreateMutexA
GetVolumeInformationA
ExpandEnvironmentStringsA
GetCurrentDirectoryA
FreeResource
GetVersion
SetCurrentDirectoryA
GetTempPathA
LocalFileTimeToFileTime
CreateFileA
SetEvent
TerminateThread
GetVersionExA
LockResource
GetSystemInfo
CreateThread
ResetEvent
LoadResource
ExitProcess
GetModuleHandleW
CreateProcessA
FormatMessageA
GetTempFileNameA
DosDateTimeToFileTime
CreateEventA
GetExitCodeProcess
FindNextFileA
LocalAlloc
GetShortPathNameA
MulDiv
GetDiskFreeSpaceA
EnumResourceLanguagesA
GetTickCount
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetStartupInfoW
Sleep
FindClose
GetCurrentProcess
FindFirstFileA
WaitForSingleObject
GetModuleFileNameA
LoadLibraryExA

gdi32

GetDeviceCaps

user32

SetWindowLongA
GetDlgItemTextA
DialogBoxIndirectParamA
ShowWindow
MsgWaitForMultipleObjects
SetWindowPos
GetDC
GetWindowRect
DispatchMessageA
GetDesktopWindow
CharUpperA
SetDlgItemTextA
ExitWindowsEx
MessageBeep
EndDialog
CharPrevA
LoadStringA
CharNextA
EnableWindow
ReleaseDC
SetForegroundWindow
PeekMessageA
GetDlgItem
SendMessageA
SendDlgItemMessageA
MessageBoxA
SetWindowTextA
GetWindowLongA
CallWindowProcA
GetSystemMetrics

msvcrt

_controlfp
?terminate@@YAXXZ
_acmdln
_initterm
__setusermatherr
_except_handler4_common
memcpy
_ismbblead
__p__fmode
_cexit
_exit
exit
__set_app_type
__getmainargs
_amsg_exit
__p__commode
_XcptFilter
memcpy_s
_vsnprintf
memset

comctl32

ord17

cabinet

ord22
ord23
ord21
ord20

version

GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeA

Sections

.text
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 697KB - Virtual size: 700KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
7e98ed033f3ad3896990dec26ed5f0aef2317f844d8a4a0ba92114d136211eb3.exe
.exe windows x86

d7b081df5aeced7021cc9bd078a5fcbc

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetDateFormatW
FillConsoleOutputCharacterA
WriteConsoleInputW
GetConsoleAliasesLengthW
InterlockedIncrement
InterlockedCompareExchange
GetComputerNameW
GetCurrentThread
CreateActCtxW
LoadLibraryW
TransactNamedPipe
GetNamedPipeInfo
HeapValidate
GetACP
DisconnectNamedPipe
GetConsoleAliasesW
GetProfileIntA
GetLastError
GetProcAddress
VirtualAlloc
LoadLibraryA
DeleteTimerQueue
FoldStringW
CreatePipe
EnumResourceTypesW
FindNextFileA
HeapSetInformation
UpdateResourceW
Module32NextW
ReadConsoleInputW
TlsAlloc
AreFileApisANSI
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
ReadFile
InterlockedDecrement
Sleep
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
UnhandledExceptionFilter
SetUnhandledExceptionFilter
HeapFree
TerminateProcess
GetCurrentProcess
IsDebuggerPresent
MultiByteToWideChar
GetModuleHandleW
ExitProcess
GetStartupInfoW
RtlUnwind
RaiseException
LCMapStringA
WideCharToMultiByte
LCMapStringW
GetCPInfo
WriteFile
GetStdHandle
GetModuleFileNameA
HeapAlloc
HeapCreate
VirtualFree
HeapReAlloc
TlsGetValue
TlsSetValue
TlsFree
SetLastError
GetCurrentThreadId
GetOEMCP
IsValidCodePage
InitializeCriticalSectionAndSpinCount
GetModuleFileNameW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
HeapSize
GetLocaleInfoA
GetStringTypeA
GetStringTypeW
CloseHandle
CreateFileA
GetModuleHandleA
GetConsoleCP
GetConsoleMode
FlushFileBuffers
SetFilePointer
SetStdHandle
SetEndOfFile
GetProcessHeap

user32

LoadMenuA
CreateAcceleratorTableA
CharLowerBuffA
CharToOemBuffW
CharUpperBuffW

Sections

.text
Size: 2.6MB - Virtual size: 2.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 20.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 46KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
7fec2debd3328b70221dc4f0eaeef39845a9a8f8f8aa88ef9ecfc4318ed7a24e.exe
.exe windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Sections

UPX0
Size: - Virtual size: 7.2MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 5.1MB - Virtual size: 5.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 40KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
8169cd35ac84069d5e1e101dc22a6e9cb2fcaffa0c357972ad5fbbd5c3d7c8e0.exe
.exe windows x86

fcf1390e9ce472c7270447fc5c61a0c1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetLastError
SetLastError
FormatMessageW
GetCurrentProcess
DeviceIoControl
SetFileTime
CloseHandle
CreateDirectoryW
RemoveDirectoryW
CreateFileW
DeleteFileW
CreateHardLinkW
GetShortPathNameW
GetLongPathNameW
MoveFileW
GetFileType
GetStdHandle
WriteFile
ReadFile
FlushFileBuffers
SetEndOfFile
SetFilePointer
SetFileAttributesW
GetFileAttributesW
FindClose
FindFirstFileW
FindNextFileW
GetVersionExW
GetCurrentDirectoryW
GetFullPathNameW
FoldStringW
GetModuleFileNameW
GetModuleHandleW
FindResourceW
FreeLibrary
GetProcAddress
GetCurrentProcessId
ExitProcess
SetThreadExecutionState
Sleep
LoadLibraryW
GetSystemDirectoryW
CompareStringW
AllocConsole
FreeConsole
AttachConsole
WriteConsoleW
GetProcessAffinityMask
CreateThread
SetThreadPriority
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
SetEvent
ResetEvent
ReleaseSemaphore
WaitForSingleObject
CreateEventW
CreateSemaphoreW
GetSystemTime
SystemTimeToTzSpecificLocalTime
TzSpecificLocalTimeToSystemTime
SystemTimeToFileTime
FileTimeToLocalFileTime
LocalFileTimeToFileTime
FileTimeToSystemTime
GetCPInfo
IsDBCSLeadByte
MultiByteToWideChar
WideCharToMultiByte
GlobalAlloc
LockResource
GlobalLock
GlobalUnlock
GlobalFree
LoadResource
SizeofResource
SetCurrentDirectoryW
GetExitCodeProcess
GetLocalTime
GetTickCount
MapViewOfFile
UnmapViewOfFile
CreateFileMappingW
OpenFileMappingW
GetCommandLineW
SetEnvironmentVariableW
ExpandEnvironmentStringsW
GetTempPathW
MoveFileExW
GetLocaleInfoW
GetTimeFormatW
GetDateFormatW
GetNumberFormatW
SetFilePointerEx
GetConsoleMode
GetConsoleCP
HeapSize
SetStdHandle
GetProcessHeap
RaiseException
GetSystemInfo
VirtualProtect
VirtualQuery
LoadLibraryExA
IsProcessorFeaturePresent
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
QueryPerformanceCounter
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
TerminateProcess
RtlUnwind
EncodePointer
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
QueryPerformanceFrequency
GetModuleHandleExW
GetModuleFileNameA
GetACP
HeapFree
HeapAlloc
HeapReAlloc
GetStringTypeW
LCMapStringW
FindFirstFileExA
FindNextFileA
IsValidCodePage
GetOEMCP
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
DecodePointer

gdiplus

GdiplusShutdown
GdiplusStartup
GdipCreateHBITMAPFromBitmap
GdipCreateBitmapFromStreamICM
GdipCreateBitmapFromStream
GdipDisposeImage
GdipCloneImage
GdipFree
GdipAlloc

Sections

.text
Size: 196KB - Virtual size: 196KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 42KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 141KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.didat
Size: 512B - Virtual size: 392B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 56KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
86706e3bf9afefd55a0c2d7d98c163ca63e1eb4214951f789fbb596973ae7a6e.exe
.exe windows x86

646167cce332c1c252cdcb1839e0cf48

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

GetTokenInformation
RegDeleteValueA
RegOpenKeyExA
RegQueryInfoKeyA
FreeSid
OpenProcessToken
RegSetValueExA
RegCreateKeyExA
LookupPrivilegeValueA
AllocateAndInitializeSid
RegQueryValueExA
EqualSid
RegCloseKey
AdjustTokenPrivileges

kernel32

_lopen
_llseek
CompareStringA
GetLastError
GetFileAttributesA
GetSystemDirectoryA
LoadLibraryA
DeleteFileA
GlobalAlloc
GlobalFree
CloseHandle
WritePrivateProfileStringA
IsDBCSLeadByte
GetWindowsDirectoryA
SetFileAttributesA
GetProcAddress
GlobalLock
LocalFree
RemoveDirectoryA
FreeLibrary
_lclose
CreateDirectoryA
GetPrivateProfileIntA
GetPrivateProfileStringA
GlobalUnlock
ReadFile
SizeofResource
WriteFile
GetDriveTypeA
lstrcmpA
SetFileTime
SetFilePointer
FindResourceA
CreateMutexA
GetVolumeInformationA
ExpandEnvironmentStringsA
GetCurrentDirectoryA
FreeResource
GetVersion
SetCurrentDirectoryA
GetTempPathA
LocalFileTimeToFileTime
CreateFileA
SetEvent
TerminateThread
GetVersionExA
LockResource
GetSystemInfo
CreateThread
ResetEvent
LoadResource
ExitProcess
GetModuleHandleW
CreateProcessA
FormatMessageA
GetTempFileNameA
DosDateTimeToFileTime
CreateEventA
GetExitCodeProcess
FindNextFileA
LocalAlloc
GetShortPathNameA
MulDiv
GetDiskFreeSpaceA
EnumResourceLanguagesA
GetTickCount
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetStartupInfoW
Sleep
FindClose
GetCurrentProcess
FindFirstFileA
WaitForSingleObject
GetModuleFileNameA
LoadLibraryExA

gdi32

GetDeviceCaps

user32

SetWindowLongA
GetDlgItemTextA
DialogBoxIndirectParamA
ShowWindow
MsgWaitForMultipleObjects
SetWindowPos
GetDC
GetWindowRect
DispatchMessageA
GetDesktopWindow
CharUpperA
SetDlgItemTextA
ExitWindowsEx
MessageBeep
EndDialog
CharPrevA
LoadStringA
CharNextA
EnableWindow
ReleaseDC
SetForegroundWindow
PeekMessageA
GetDlgItem
SendMessageA
SendDlgItemMessageA
MessageBoxA
SetWindowTextA
GetWindowLongA
CallWindowProcA
GetSystemMetrics

msvcrt

_controlfp
?terminate@@YAXXZ
_acmdln
_initterm
__setusermatherr
_except_handler4_common
memcpy
_ismbblead
__p__fmode
_cexit
_exit
exit
__set_app_type
__getmainargs
_amsg_exit
__p__commode
_XcptFilter
memcpy_s
_vsnprintf
memset

comctl32

ord17

cabinet

ord22
ord23
ord21
ord20

version

GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeA

Sections

.text
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 690KB - Virtual size: 692KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
8e34aec81247dc38b7835b549b571d1b8554cae6d543d7eed9c4bfd5cdd41167.exe
.exe windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_AGGRESIVE_WS_TRIM
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 76KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 21KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
8f596cd8f3eece70335d5a654b61ffab24e57658e70cf259399930497af63112.exe
.exe windows x86

646167cce332c1c252cdcb1839e0cf48

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

GetTokenInformation
RegDeleteValueA
RegOpenKeyExA
RegQueryInfoKeyA
FreeSid
OpenProcessToken
RegSetValueExA
RegCreateKeyExA
LookupPrivilegeValueA
AllocateAndInitializeSid
RegQueryValueExA
EqualSid
RegCloseKey
AdjustTokenPrivileges

kernel32

_lopen
_llseek
CompareStringA
GetLastError
GetFileAttributesA
GetSystemDirectoryA
LoadLibraryA
DeleteFileA
GlobalAlloc
GlobalFree
CloseHandle
WritePrivateProfileStringA
IsDBCSLeadByte
GetWindowsDirectoryA
SetFileAttributesA
GetProcAddress
GlobalLock
LocalFree
RemoveDirectoryA
FreeLibrary
_lclose
CreateDirectoryA
GetPrivateProfileIntA
GetPrivateProfileStringA
GlobalUnlock
ReadFile
SizeofResource
WriteFile
GetDriveTypeA
lstrcmpA
SetFileTime
SetFilePointer
FindResourceA
CreateMutexA
GetVolumeInformationA
ExpandEnvironmentStringsA
GetCurrentDirectoryA
FreeResource
GetVersion
SetCurrentDirectoryA
GetTempPathA
LocalFileTimeToFileTime
CreateFileA
SetEvent
TerminateThread
GetVersionExA
LockResource
GetSystemInfo
CreateThread
ResetEvent
LoadResource
ExitProcess
GetModuleHandleW
CreateProcessA
FormatMessageA
GetTempFileNameA
DosDateTimeToFileTime
CreateEventA
GetExitCodeProcess
FindNextFileA
LocalAlloc
GetShortPathNameA
MulDiv
GetDiskFreeSpaceA
EnumResourceLanguagesA
GetTickCount
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetStartupInfoW
Sleep
FindClose
GetCurrentProcess
FindFirstFileA
WaitForSingleObject
GetModuleFileNameA
LoadLibraryExA

gdi32

GetDeviceCaps

user32

SetWindowLongA
GetDlgItemTextA
DialogBoxIndirectParamA
ShowWindow
MsgWaitForMultipleObjects
SetWindowPos
GetDC
GetWindowRect
DispatchMessageA
GetDesktopWindow
CharUpperA
SetDlgItemTextA
ExitWindowsEx
MessageBeep
EndDialog
CharPrevA
LoadStringA
CharNextA
EnableWindow
ReleaseDC
SetForegroundWindow
PeekMessageA
GetDlgItem
SendMessageA
SendDlgItemMessageA
MessageBoxA
SetWindowTextA
GetWindowLongA
CallWindowProcA
GetSystemMetrics

msvcrt

_controlfp
?terminate@@YAXXZ
_acmdln
_initterm
__setusermatherr
_except_handler4_common
memcpy
_ismbblead
__p__fmode
_cexit
_exit
exit
__set_app_type
__getmainargs
_amsg_exit
__p__commode
_XcptFilter
memcpy_s
_vsnprintf
memset

comctl32

ord17

cabinet

ord22
ord23
ord21
ord20

version

GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeA

Sections

.text
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 530KB - Virtual size: 532KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
95d565bb86a4ed3ca5de3c574bc0a61e0c85b9e923a0d8374a59cce9270e1bd6.exe
.exe windows x86

646167cce332c1c252cdcb1839e0cf48

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

GetTokenInformation
RegDeleteValueA
RegOpenKeyExA
RegQueryInfoKeyA
FreeSid
OpenProcessToken
RegSetValueExA
RegCreateKeyExA
LookupPrivilegeValueA
AllocateAndInitializeSid
RegQueryValueExA
EqualSid
RegCloseKey
AdjustTokenPrivileges

kernel32

_lopen
_llseek
CompareStringA
GetLastError
GetFileAttributesA
GetSystemDirectoryA
LoadLibraryA
DeleteFileA
GlobalAlloc
GlobalFree
CloseHandle
WritePrivateProfileStringA
IsDBCSLeadByte
GetWindowsDirectoryA
SetFileAttributesA
GetProcAddress
GlobalLock
LocalFree
RemoveDirectoryA
FreeLibrary
_lclose
CreateDirectoryA
GetPrivateProfileIntA
GetPrivateProfileStringA
GlobalUnlock
ReadFile
SizeofResource
WriteFile
GetDriveTypeA
lstrcmpA
SetFileTime
SetFilePointer
FindResourceA
CreateMutexA
GetVolumeInformationA
ExpandEnvironmentStringsA
GetCurrentDirectoryA
FreeResource
GetVersion
SetCurrentDirectoryA
GetTempPathA
LocalFileTimeToFileTime
CreateFileA
SetEvent
TerminateThread
GetVersionExA
LockResource
GetSystemInfo
CreateThread
ResetEvent
LoadResource
ExitProcess
GetModuleHandleW
CreateProcessA
FormatMessageA
GetTempFileNameA
DosDateTimeToFileTime
CreateEventA
GetExitCodeProcess
FindNextFileA
LocalAlloc
GetShortPathNameA
MulDiv
GetDiskFreeSpaceA
EnumResourceLanguagesA
GetTickCount
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetStartupInfoW
Sleep
FindClose
GetCurrentProcess
FindFirstFileA
WaitForSingleObject
GetModuleFileNameA
LoadLibraryExA

gdi32

GetDeviceCaps

user32

SetWindowLongA
GetDlgItemTextA
DialogBoxIndirectParamA
ShowWindow
MsgWaitForMultipleObjects
SetWindowPos
GetDC
GetWindowRect
DispatchMessageA
GetDesktopWindow
CharUpperA
SetDlgItemTextA
ExitWindowsEx
MessageBeep
EndDialog
CharPrevA
LoadStringA
CharNextA
EnableWindow
ReleaseDC
SetForegroundWindow
PeekMessageA
GetDlgItem
SendMessageA
SendDlgItemMessageA
MessageBoxA
SetWindowTextA
GetWindowLongA
CallWindowProcA
GetSystemMetrics

msvcrt

_controlfp
?terminate@@YAXXZ
_acmdln
_initterm
__setusermatherr
_except_handler4_common
memcpy
_ismbblead
__p__fmode
_cexit
_exit
exit
__set_app_type
__getmainargs
_amsg_exit
__p__commode
_XcptFilter
memcpy_s
_vsnprintf
memset

comctl32

ord17

cabinet

ord22
ord23
ord21
ord20

version

GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeA

Sections

.text
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 564KB - Virtual size: 568KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
9688a1c6e23579bb9a09014d830a3717a86fb62cbf3a7a05484d29367161e6c1.exe
.dll windows x64

531372f8fed94a7a0e3b8ef647c7fcb7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

user32

wsprintfA
GetUserObjectInformationW
GetProcessWindowStation
GetUserObjectInformationW

ws2_32

getaddrinfo

advapi32

GetTokenInformation

kernel32

WriteFile
GetSystemTimeAsFileTime
LocalAlloc
LocalFree
GetModuleFileNameW
GetProcessAffinityMask
SetProcessAffinityMask
SetThreadAffinityMask
Sleep
ExitProcess
FreeLibrary
LoadLibraryA
GetModuleHandleA
GetProcAddress

secur32

GetUserNameExA

ole32

CoUninitialize

wtsapi32

WTSSendMessageW

Exports

Exports

rundll

Sections

.text
Size: - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 595B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: - Virtual size: 432B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: - Virtual size: 4.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 5.9MB - Virtual size: 5.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 148B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
984d259100002cbd8af8a6af213e46adab523821c32e089908b39989ab03b620.exe
.exe windows x86

d7b081df5aeced7021cc9bd078a5fcbc

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetDateFormatW
FillConsoleOutputCharacterA
WriteConsoleInputW
GetConsoleAliasesLengthW
InterlockedIncrement
InterlockedCompareExchange
GetComputerNameW
GetCurrentThread
CreateActCtxW
LoadLibraryW
TransactNamedPipe
GetNamedPipeInfo
HeapValidate
GetACP
DisconnectNamedPipe
GetConsoleAliasesW
GetProfileIntA
GetLastError
GetProcAddress
VirtualAlloc
LoadLibraryA
DeleteTimerQueue
FoldStringW
CreatePipe
EnumResourceTypesW
FindNextFileA
HeapSetInformation
UpdateResourceW
Module32NextW
ReadConsoleInputW
TlsAlloc
AreFileApisANSI
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
ReadFile
InterlockedDecrement
Sleep
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
UnhandledExceptionFilter
SetUnhandledExceptionFilter
HeapFree
TerminateProcess
GetCurrentProcess
IsDebuggerPresent
MultiByteToWideChar
GetModuleHandleW
ExitProcess
GetStartupInfoW
RtlUnwind
RaiseException
LCMapStringA
WideCharToMultiByte
LCMapStringW
GetCPInfo
WriteFile
GetStdHandle
GetModuleFileNameA
HeapAlloc
HeapCreate
VirtualFree
HeapReAlloc
TlsGetValue
TlsSetValue
TlsFree
SetLastError
GetCurrentThreadId
GetOEMCP
IsValidCodePage
InitializeCriticalSectionAndSpinCount
GetModuleFileNameW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
HeapSize
GetLocaleInfoA
GetStringTypeA
GetStringTypeW
CloseHandle
CreateFileA
GetModuleHandleA
GetConsoleCP
GetConsoleMode
FlushFileBuffers
SetFilePointer
SetStdHandle
SetEndOfFile
GetProcessHeap

user32

LoadMenuA
CreateAcceleratorTableA
CharLowerBuffA
CharToOemBuffW
CharUpperBuffW

Sections

.text
Size: 674KB - Virtual size: 673KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 20.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 46KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
9a86c400c754a8a5d191bc77855f398dae45defb82c8821542b7ccd49370a179.exe
.exe windows x86

f14eb02bc6e4e96d4b116ed67da9e223

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FillConsoleOutputCharacterA
WriteConsoleInputW
GetConsoleAliasesLengthW
InterlockedIncrement
InterlockedCompareExchange
GetTickCount
GetCurrentThread
CreateActCtxW
LoadLibraryW
ReadConsoleInputA
TransactNamedPipe
GetNamedPipeInfo
HeapValidate
GetACP
DisconnectNamedPipe
GetConsoleAliasesW
GetProfileIntA
GetLastError
GetProcAddress
GetDateFormatW
LoadLibraryA
DeleteTimerQueue
Module32FirstW
FoldStringW
CreatePipe
EnumResourceTypesW
FindNextFileA
HeapSetInformation
UpdateResourceW
TlsAlloc
AreFileApisANSI
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
VirtualAlloc
GetComputerNameA
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
GetCurrentProcess
IsDebuggerPresent
GetModuleHandleW
Sleep
ExitProcess
GetStartupInfoW
RaiseException
RtlUnwind
WriteFile
GetStdHandle
GetModuleFileNameA
HeapAlloc
HeapFree
TlsGetValue
TlsSetValue
TlsFree
SetLastError
GetCurrentThreadId
InterlockedDecrement
EnterCriticalSection
LeaveCriticalSection
SetFilePointer
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
GetModuleFileNameW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
HeapCreate
VirtualFree
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
HeapReAlloc
GetCPInfo
GetOEMCP
IsValidCodePage
WideCharToMultiByte
CloseHandle
CreateFileA
GetModuleHandleA
SetStdHandle
GetConsoleCP
GetConsoleMode
FlushFileBuffers
HeapSize
GetLocaleInfoA
GetStringTypeA
MultiByteToWideChar
GetStringTypeW
LCMapStringA
LCMapStringW
SetEndOfFile
GetProcessHeap
ReadFile

user32

LoadMenuA
CharLowerBuffW
CreateAcceleratorTableA
CharToOemBuffW
CharUpperBuffW

gdi32

GetColorAdjustment

Sections

.text
Size: 385KB - Virtual size: 384KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 20.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 40KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
9ed1f8270523792c01e73ea62820f328703a04b1ed9c1fea2d6f948e398a2c2b.apk
.apk android arch:arm64 arch:arm

com.minlas.ascool.livewallpaper

com.minlas.ascool.livewallpaper.OpenApp

Activities

com.minlas.ascool.livewallpaper.OpenApp

android.intent.action.MAIN

com.minlas.ascool.livewallpaper.WallpaperSettings

android.intent.action.MAIN

Permissions

android.permission.INTERNET
android.permission.ACCESS_NETWORK_STATE
android.permission.CHANGE_NETWORK_STATE
com.google.android.finsky.permission.BIND_GET_INSTALL_REFERRER_SERVICE

Services

com.minlas.ascool.livewallpaper.WallpaperService

android.service.wallpaper.WallpaperService
9fe249dcf9427f8108078fa84ca1d2f16c31936b3457027bb424eadb689aea3e.exe
.exe windows x86

99e0faa4a816f66aee7c760f482140b5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetConsoleAliasesLengthW
InterlockedDecrement
InterlockedCompareExchange
GetComputerNameW
SetEvent
GetTickCount
GetCurrentThread
CreateActCtxW
LoadLibraryW
ReadConsoleInputA
TransactNamedPipe
GetNamedPipeInfo
HeapValidate
GetModuleFileNameW
GetACP
DisconnectNamedPipe
GetConsoleAliasesW
GetProfileIntA
GetLastError
WriteConsoleInputW
VirtualAlloc
LoadLibraryA
DeleteTimerQueue
Module32FirstW
FoldStringW
FindNextFileA
HeapSetInformation
UpdateResourceW
WriteProfileStringW
TlsAlloc
AreFileApisANSI
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetProcAddress
FillConsoleOutputCharacterA
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
GetCurrentProcess
IsDebuggerPresent
GetModuleHandleW
Sleep
ExitProcess
GetStartupInfoW
RaiseException
RtlUnwind
WriteFile
GetStdHandle
GetModuleFileNameA
HeapAlloc
HeapFree
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
EnterCriticalSection
LeaveCriticalSection
SetFilePointer
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
HeapCreate
VirtualFree
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
HeapReAlloc
GetCPInfo
GetOEMCP
IsValidCodePage
WideCharToMultiByte
CloseHandle
CreateFileA
GetModuleHandleA
SetStdHandle
GetConsoleCP
GetConsoleMode
FlushFileBuffers
HeapSize
GetLocaleInfoA
GetStringTypeA
MultiByteToWideChar
GetStringTypeW
LCMapStringA
LCMapStringW
SetEndOfFile
GetProcessHeap
ReadFile

user32

LoadMenuA
CharLowerBuffW
CreateAcceleratorTableA
CharToOemBuffW
CharUpperBuffW

gdi32

GetColorAdjustment

Sections

.text
Size: 384KB - Virtual size: 384KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 20.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 40KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
a456a0fcdedef851458b225f6bae02f6ee4e9ff6e1d479376d3766497aea8ac2.exe
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 689KB - Virtual size: 688KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
a526b47da47812b1353ae38b8e051f2f62fb93b55bcbadbdaaa51df3b5c22e4e.exe
.exe windows x86

d7b081df5aeced7021cc9bd078a5fcbc

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetDateFormatW
FillConsoleOutputCharacterA
WriteConsoleInputW
GetConsoleAliasesLengthW
InterlockedIncrement
InterlockedCompareExchange
GetComputerNameW
GetCurrentThread
CreateActCtxW
LoadLibraryW
TransactNamedPipe
GetNamedPipeInfo
HeapValidate
GetACP
DisconnectNamedPipe
GetConsoleAliasesW
GetProfileIntA
GetLastError
GetProcAddress
VirtualAlloc
LoadLibraryA
DeleteTimerQueue
FoldStringW
CreatePipe
EnumResourceTypesW
FindNextFileA
HeapSetInformation
UpdateResourceW
Module32NextW
ReadConsoleInputW
TlsAlloc
AreFileApisANSI
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
ReadFile
InterlockedDecrement
Sleep
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
UnhandledExceptionFilter
SetUnhandledExceptionFilter
HeapFree
TerminateProcess
GetCurrentProcess
IsDebuggerPresent
MultiByteToWideChar
GetModuleHandleW
ExitProcess
GetStartupInfoW
RtlUnwind
RaiseException
LCMapStringA
WideCharToMultiByte
LCMapStringW
GetCPInfo
WriteFile
GetStdHandle
GetModuleFileNameA
HeapAlloc
HeapCreate
VirtualFree
HeapReAlloc
TlsGetValue
TlsSetValue
TlsFree
SetLastError
GetCurrentThreadId
GetOEMCP
IsValidCodePage
InitializeCriticalSectionAndSpinCount
GetModuleFileNameW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
HeapSize
GetLocaleInfoA
GetStringTypeA
GetStringTypeW
CloseHandle
CreateFileA
GetModuleHandleA
GetConsoleCP
GetConsoleMode
FlushFileBuffers
SetFilePointer
SetStdHandle
SetEndOfFile
GetProcessHeap

user32

LoadMenuA
CreateAcceleratorTableA
CharLowerBuffA
CharToOemBuffW
CharUpperBuffW

Sections

.text
Size: 2.6MB - Virtual size: 2.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 20.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 31KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 46KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ac4620769b15f5a7ccbeda9891ab788e46fe418e8129b2d54a64452467ac9eb0.exe
.exe windows x64

a7a19cad0c2c193feb43fc00c1b6b502

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

advapi32

RegOpenKeyExW
RegQueryValueExW
RegCloseKey
EventWrite
EventRegister
EventUnregister
RegCreateKeyExW
RegSetValueExW

kernel32

GetLastError
HeapFree
GetProcessHeap
HeapAlloc
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
GetModuleHandleW
SetUnhandledExceptionFilter
GetStartupInfoW
Sleep
LocalFree
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
CreateMutexW
GetTickCount64
VerifyVersionInfoW
VerSetConditionMask
MulDiv
CloseHandle
GetCurrentProcessId

gdi32

Polyline
SetBkColor
CreateSolidBrush
CreatePen
DeleteObject
GetDeviceCaps
CreateFontIndirectW
GetObjectW
CreateCompatibleDC
SelectObject
GdiAlphaBlend
BitBlt
DeleteDC
GetStockObject
GdiSetBatchLimit
SetTextColor
GetTextMetricsW
PatBlt
CreateCompatibleBitmap
SetStretchBltMode
StretchBlt
SetBkMode

user32

IsDlgButtonChecked
CheckRadioButton
EnumDisplaySettingsW
EnumDisplayDevicesW
ChangeDisplaySettingsExW
GetSysColor
CopyImage
LoadBitmapW
DestroyWindow
CreateWindowExW
DrawTextW
CheckDlgButton
MapWindowPoints
FillRect
RedrawWindow
IsCharAlphaNumericW
MessageBoxW
SystemParametersInfoW
SetFocus
SetWindowLongW
GetParent
PostMessageW
EnableWindow
ShowWindow
DialogBoxParamW
KillTimer
SetTimer
EndDialog
SetForegroundWindow
FindWindowW
RegisterClassExW
LoadCursorW
DefWindowProcW
SetWindowTextW
SendMessageW
EndPaint
GetSysColorBrush
FrameRect
BeginPaint
DrawFocusRect
GetWindowLongW
GetFocus
InvalidateRect
SetWindowLongPtrW
SetDlgItemTextW
GetDlgItem
GetClientRect
MapDialogRect
SendDlgItemMessageW
SendMessageTimeoutW
SetWindowPos
PtInRect
GetWindowRect
GetSystemMetrics
GetProcessDefaultLayout
ReleaseDC
LoadStringW
GetDC
GetWindowLongPtrW
TrackMouseEvent

msvcrt

_wtoi
__set_app_type
_fmode
memcpy
__setusermatherr
_amsg_exit
_initterm
memset
_unlock
__dllonexit
_lock
_onexit
??1type_info@@UEAA@XZ
?terminate@@YAXXZ
_commode
_acmdln
exit
_cexit
memcmp
_vsnwprintf
_purecall
free
realloc
wcschr
??0exception@@QEAA@AEBQEBDH@Z
?what@exception@@UEBAPEBDXZ
_ismbblead
_exit
_XcptFilter
__C_specific_handler
__getmainargs
_callnewh
malloc
_CxxThrowException
??0exception@@QEAA@AEBV0@@Z
??1exception@@UEAA@XZ

ntdll

WinSqmAddToStream
WinSqmIncrementDWORD

setupapi

SetupDiDestroyDeviceInfoList
SetupDiGetDeviceInstanceIdW
SetupDiGetDeviceInterfaceDetailW
SetupDiGetClassDevsW
SetupDiOpenDeviceInterfaceW

uxtheme

CloseThemeData
GetThemeSysFont
GetThemeSysColor
GetThemeColor
GetThemeFont
OpenThemeData
IsThemeActive
DrawThemeParentBackground

oleacc

CreateStdAccessibleObject
LresultFromObject

ole32

CoInitializeSecurity
CoUninitialize
CoInitializeEx
CoSetProxyBlanket
StringFromGUID2
CoGetObject
CoCreateInstance

oleaut32

SafeArrayGetLBound
SysAllocString
SysFreeString
SafeArrayGetUBound
SafeArrayGetElement
VariantInit
VariantClear

comctl32

PropertySheetW
ord381
InitCommonControlsEx

dwrite

DWriteCreateFactory

Sections

.text
Size: 73KB - Virtual size: 72KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 263KB - Virtual size: 264KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
af97e135bd09cfd969ea9987c4ee6d3efe6f6ea0e0cd9feb76e6af36e243720b.exe
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.textbss
Size: - Virtual size: 2.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 4.9MB - Virtual size: 4.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

PAGE
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 37KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 731KB - Virtual size: 730KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 134KB - Virtual size: 134KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 82KB - Virtual size: 82KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 262KB - Virtual size: 262KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
b3325327f0ae9d4c4feef6a4fa9f7a488f63cf073d8b3c18d574c02eb06bc8f4.exe
.exe windows x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

.text
Size: 562KB - Virtual size: 562KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
b99d353cf8e5d32f4e336e036ca2bac4b53ec239d0f95770835493ae0db25c45.exe
.exe windows x86

646167cce332c1c252cdcb1839e0cf48

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

GetTokenInformation
RegDeleteValueA
RegOpenKeyExA
RegQueryInfoKeyA
FreeSid
OpenProcessToken
RegSetValueExA
RegCreateKeyExA
LookupPrivilegeValueA
AllocateAndInitializeSid
RegQueryValueExA
EqualSid
RegCloseKey
AdjustTokenPrivileges

kernel32

_lopen
_llseek
CompareStringA
GetLastError
GetFileAttributesA
GetSystemDirectoryA
LoadLibraryA
DeleteFileA
GlobalAlloc
GlobalFree
CloseHandle
WritePrivateProfileStringA
IsDBCSLeadByte
GetWindowsDirectoryA
SetFileAttributesA
GetProcAddress
GlobalLock
LocalFree
RemoveDirectoryA
FreeLibrary
_lclose
CreateDirectoryA
GetPrivateProfileIntA
GetPrivateProfileStringA
GlobalUnlock
ReadFile
SizeofResource
WriteFile
GetDriveTypeA
lstrcmpA
SetFileTime
SetFilePointer
FindResourceA
CreateMutexA
GetVolumeInformationA
ExpandEnvironmentStringsA
GetCurrentDirectoryA
FreeResource
GetVersion
SetCurrentDirectoryA
GetTempPathA
LocalFileTimeToFileTime
CreateFileA
SetEvent
TerminateThread
GetVersionExA
LockResource
GetSystemInfo
CreateThread
ResetEvent
LoadResource
ExitProcess
GetModuleHandleW
CreateProcessA
FormatMessageA
GetTempFileNameA
DosDateTimeToFileTime
CreateEventA
GetExitCodeProcess
FindNextFileA
LocalAlloc
GetShortPathNameA
MulDiv
GetDiskFreeSpaceA
EnumResourceLanguagesA
GetTickCount
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetStartupInfoW
Sleep
FindClose
GetCurrentProcess
FindFirstFileA
WaitForSingleObject
GetModuleFileNameA
LoadLibraryExA

gdi32

GetDeviceCaps

user32

SetWindowLongA
GetDlgItemTextA
DialogBoxIndirectParamA
ShowWindow
MsgWaitForMultipleObjects
SetWindowPos
GetDC
GetWindowRect
DispatchMessageA
GetDesktopWindow
CharUpperA
SetDlgItemTextA
ExitWindowsEx
MessageBeep
EndDialog
CharPrevA
LoadStringA
CharNextA
EnableWindow
ReleaseDC
SetForegroundWindow
PeekMessageA
GetDlgItem
SendMessageA
SendDlgItemMessageA
MessageBoxA
SetWindowTextA
GetWindowLongA
CallWindowProcA
GetSystemMetrics

msvcrt

_controlfp
?terminate@@YAXXZ
_acmdln
_initterm
__setusermatherr
_except_handler4_common
memcpy
_ismbblead
__p__fmode
_cexit
_exit
exit
__set_app_type
__getmainargs
_amsg_exit
__p__commode
_XcptFilter
memcpy_s
_vsnprintf
memset

comctl32

ord17

cabinet

ord22
ord23
ord21
ord20

version

GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeA

Sections

.text
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 526KB - Virtual size: 528KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
cc42e2ffc8bbf84b78ea9a888563cbdc59ad12bd45c8aa1d554527428cdfe4ed.exe
.exe windows x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 326KB - Virtual size: 326KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 3KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 16B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 3.7MB - Virtual size: 3.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
d085497cb6b122fc1ba456aff7becbc74bf8b4f9c2bc895932821a60a4536cb2.exe
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 654KB - Virtual size: 654KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
d5e86fc6eaefa53483c312faedc12df8947110589b5cdfa14d5a6833a1f32284.exe
.exe windows x86

0139538a651a21148db92c7ae213c5f3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

WriteFile
GetLastError
WriteConsoleW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
GetModuleHandleW
GetCurrentProcess
TerminateProcess
RtlUnwind
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
EncodePointer
RaiseException
GetStdHandle
GetModuleFileNameW
ExitProcess
GetModuleHandleExW
HeapFree
HeapAlloc
HeapReAlloc
LCMapStringW
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
MultiByteToWideChar
WideCharToMultiByte
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetStdHandle
GetFileType
GetStringTypeW
GetProcessHeap
HeapSize
FlushFileBuffers
GetConsoleOutputCP
GetConsoleMode
SetFilePointerEx
CreateFileW
CloseHandle
DecodePointer

Sections

.text
Size: 107KB - Virtual size: 106KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
f064653fb4b2d463961af7fe3234c034a068d382f0df1eada6e7090dc7c288c8.exe
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 380KB - Virtual size: 379KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 215KB - Virtual size: 214KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
f46e2285a892b886eb5ee03e863c3bf4ed02d00a8111dbf72cb7c59f5fc87e74.exe
.dll windows x64

531372f8fed94a7a0e3b8ef647c7fcb7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

user32

wsprintfA
GetUserObjectInformationW
GetProcessWindowStation
GetUserObjectInformationW

ws2_32

getaddrinfo

advapi32

GetTokenInformation

kernel32

WriteFile
GetSystemTimeAsFileTime
LocalAlloc
LocalFree
GetModuleFileNameW
GetProcessAffinityMask
SetProcessAffinityMask
SetThreadAffinityMask
Sleep
ExitProcess
FreeLibrary
LoadLibraryA
GetModuleHandleA
GetProcAddress

secur32

GetUserNameExA

ole32

CoUninitialize

wtsapi32

WTSSendMessageW

Exports

Exports

rundll

Sections

.text
Size: - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 595B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: - Virtual size: 432B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: - Virtual size: 4.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 6.4MB - Virtual size: 6.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 168B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Password: infected

99e0faa4a816f66aee7c760f482140b5

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

Sections

.text Size: 385KB - Virtual size: 384KB

.data Size: 8KB - Virtual size: 20.5MB

.rsrc Size: 23KB - Virtual size: 23KB

.reloc Size: 40KB - Virtual size: 40KB

f14eb02bc6e4e96d4b116ed67da9e223

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

Sections

.text Size: 385KB - Virtual size: 384KB

.data Size: 8KB - Virtual size: 20.5MB

.rsrc Size: 23KB - Virtual size: 23KB

.reloc Size: 40KB - Virtual size: 40KB

Headers

File Characteristics

Sections

CODE Size: 326KB - Virtual size: 326KB

DATA Size: 6KB - Virtual size: 6KB

BSS Size: - Virtual size: 3KB

.idata Size: 8KB - Virtual size: 7KB

.tls Size: - Virtual size: 16B

.rdata Size: 512B - Virtual size: 24B

.reloc Size: 24KB - Virtual size: 24KB

.rsrc Size: 3.7MB - Virtual size: 3.7MB

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 3.3MB - Virtual size: 3.3MB

.rdata Size: 1.2MB - Virtual size: 1.2MB

.data Size: 72KB - Virtual size: 2.7MB

.pdata Size: 131KB - Virtual size: 131KB

_RANDOMX Size: 3KB - Virtual size: 3KB

_SHA3_25 Size: 2KB - Virtual size: 2KB

_TEXT_CN Size: 8KB - Virtual size: 7KB

_TEXT_CN Size: 4KB - Virtual size: 4KB

_RDATA Size: 512B - Virtual size: 148B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 34KB - Virtual size: 34KB

ed5b2a553081ac99075a67ace09b6e18

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

Sections

.text Size: 384KB - Virtual size: 384KB

.data Size: 8KB - Virtual size: 20.5MB

.rsrc Size: 55KB - Virtual size: 55KB

.reloc Size: 40KB - Virtual size: 40KB

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 834KB - Virtual size: 834KB

.rsrc Size: 1KB - Virtual size: 1KB

.text
Size: 385KB - Virtual size: 384KB

.data
Size: 8KB - Virtual size: 20.5MB

.rsrc
Size: 23KB - Virtual size: 23KB

.reloc
Size: 40KB - Virtual size: 40KB

.text
Size: 385KB - Virtual size: 384KB

.data
Size: 8KB - Virtual size: 20.5MB

.rsrc
Size: 23KB - Virtual size: 23KB

.reloc
Size: 40KB - Virtual size: 40KB

CODE
Size: 326KB - Virtual size: 326KB

DATA
Size: 6KB - Virtual size: 6KB

BSS
Size: - Virtual size: 3KB

.idata
Size: 8KB - Virtual size: 7KB

.tls
Size: - Virtual size: 16B

.rdata
Size: 512B - Virtual size: 24B

.reloc
Size: 24KB - Virtual size: 24KB

.rsrc
Size: 3.7MB - Virtual size: 3.7MB

.text
Size: 3.3MB - Virtual size: 3.3MB

.rdata
Size: 1.2MB - Virtual size: 1.2MB

.data
Size: 72KB - Virtual size: 2.7MB

.pdata
Size: 131KB - Virtual size: 131KB

_RANDOMX
Size: 3KB - Virtual size: 3KB

_SHA3_25
Size: 2KB - Virtual size: 2KB

_TEXT_CN
Size: 8KB - Virtual size: 7KB

_TEXT_CN
Size: 4KB - Virtual size: 4KB

_RDATA
Size: 512B - Virtual size: 148B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 34KB - Virtual size: 34KB

.text
Size: 384KB - Virtual size: 384KB

.data
Size: 8KB - Virtual size: 20.5MB

.rsrc
Size: 55KB - Virtual size: 55KB

.reloc
Size: 40KB - Virtual size: 40KB

.text
Size: 834KB - Virtual size: 834KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 9.4MB - Virtual size: 9.4MB

.rdata
Size: 10.2MB - Virtual size: 10.2MB

.data
Size: 579KB - Virtual size: 1.0MB

.idata
Size: 1KB - Virtual size: 1KB

.reloc
Size: 194KB - Virtual size: 194KB

.symtab
Size: 512B - Virtual size: 4B

.rsrc
Size: 6KB - Virtual size: 6KB

.text
Size: 2.6MB - Virtual size: 2.6MB

.data
Size: 8KB - Virtual size: 20.5MB

.rsrc
Size: 31KB - Virtual size: 30KB

.reloc
Size: 46KB - Virtual size: 45KB

.text
Size: 384KB - Virtual size: 384KB

.data
Size: 8KB - Virtual size: 20.5MB

.rsrc
Size: 23KB - Virtual size: 23KB

.reloc
Size: 40KB - Virtual size: 40KB

.text
Size: 592KB - Virtual size: 592KB

.rsrc
Size: 1024B - Virtual size: 976B

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 1.1MB - Virtual size: 1.1MB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B

.textbss
Size: - Virtual size: 2.4MB

.text
Size: 4.9MB - Virtual size: 4.9MB

PAGE
Size: 19KB - Virtual size: 18KB

.bss
Size: - Virtual size: 37KB

.rdata
Size: 731KB - Virtual size: 730KB