xmrig | samples[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

samples.zip
Size

15.8MB
MD5

2d080d00670b2cae1d8100668362a123
SHA1

891ad45845b4d05b606be13fe16af281397f986a
SHA256

92bf6e2a8db3590447a9716df738a2b9074a1e09407f0540abfe3d65bc9405c1
SHA512

40e10d02dea78559215443e17886d71ecfb4c72e53bc639307eb2af879bdf6589a40de94308a05148e12023663aaf7b6746852c0c3d958443e3b76b85373b86e
SSDEEP

393216:/wv+zxLNULYHSEQFXn6hAM6DbKrW1RIRqeXL5z3e16k4+OQ:42zxLlHSEQFXMAMQ+W0Rqe9z39bQ

Score

10^/10

pdf link upx miner xmrig

Malware Config

Signatures

XMRig Miner payload 5 IoCs

miner

resource	yara_rule
static1/unpack001/samples/gold.vir	xmrig
static1/unpack001/samples/qak.vir	xmrig
static1/unpack001/samples/viruem.vir	xmrig
static1/unpack001/samples/w2o.vir	xmrig
static1/unpack001/samples/world.vir	xmrig

Xmrig family
xmrig

UPX packed file 6 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/samples/claw.vir	upx
static1/unpack001/samples/gold.vir	upx
static1/unpack001/samples/qak.vir	upx
static1/unpack001/samples/viruem.vir	upx
static1/unpack001/samples/w2o.vir	upx
static1/unpack001/samples/world.vir	upx

One or more HTTP URLs in PDF identified
Detects presence of HTTP links in PDF files.
pdf link

Unsigned PE 22 IoCs

Checks for missing Authenticode signature.

resource
unpack001/samples/2i2i.vir
unpack001/samples/Antivirus.vir
unpack001/samples/INVOICE Q023.vir
unpack001/samples/claw.vir
unpack001/samples/dlw.vir
unpack001/samples/dns.vir
unpack001/samples/fm.vir
unpack001/samples/gold.vir
unpack001/samples/info.vir
unpack001/samples/notice.vir
unpack001/samples/pdf.vir
unpack001/samples/qak.vir
unpack001/samples/ql.vir
unpack001/samples/qo1o.vir
unpack001/samples/runi.vir
unpack001/samples/runme.vir
unpack001/samples/sar.vir
unpack001/samples/sk.vir
unpack001/samples/viruem.vir
unpack001/samples/virwi.vir
unpack001/samples/w2o.vir
unpack001/samples/world.vir

Files

samples.zip
.zip
samples/1919.vir
.pdf
- http://sequelscribes.com/file/UlpFNnFHVDArbE03RGZpRm5HZ1ordDBBdjlacXdNSlVTT0tGV1JPUGE1NFE3c1FXalN3cmg5SUJ5YjdoYnpOcHZOVlZxRU1VZmV6MU9BS29pTHJoUFBjY0d0L0NBSHJtbGxJZ3F2YnBKVHdleU5qNlkyTHJ3N0xUVml0anBnRlVJMTFuVFc0eDFNTkxaLytlTy9kcnlhRFZ1M0k2SG9QeFpjc2tGVmlpa3RpdUJneVJqVWlCSENzK2RkeXRJZXZuTFgvNHVRWUt6dGxyUzZRRWM1Um1BWU9vekgrZEZ6WEdyeG5CaUh4d2JKVkI1OVdZUm51UXI4VHdEeWVjSGYxTmpvbmF1dTNNSURlQ21JSnBwSWppaXF2Ly9FSlJLNnQ4N0lFNS8yQkJpdXVrb25iZnJaWkoxdXpKcVJpVVNYOThsMHRiclFad3hFWUNrNGswZ0hpelBBPT0=:f4.pdf
- http://sequelscribes.com/The%20Life%20Changing%20Magic%20And%20Habits%20Of%20Spiritual%20Mastery.pdf?k=R2w0RzdvTnVYUXdLd1BSRW5TaGRSOE5mUXp1bm1DNHZrYUNNdVpVTnlqSDMyU1IrdEludVJCK0ZUNXJLbUVRYjRjZS9QZGp2TklSNm9EUEZGb0RyNnR4N0hCVWpqRHV6N2wwaThmRnBXTWNMU08xTHRNN2hRQklVNWRSRVBBYzRWSlpNYzNvNTBBeWZUd3pBTkFEeUp2VVZnM3FucUZuOTZWYytyc05wTjkvdTgrVDdSSHZUV1pVWWJkczhPRWxh:f4
- http://sequelscribes.com/This%20Tenor%20or%20Soprano%20Soloist%20with%20New%20English%20Lyrics%20Full%20Score%20and%20Parts%20is%20the%20Perfect%20Addition%20to%20your%20Christmas%20Celebration%21.pdf?k=dnQxdlJuMm1YbllIZ0taY1Y0a2loWnFNaVNhTTZtRmpLTkN1QlJ6cXplNkRWclErU3VrbXZ3WldaVmlyaDk5Q3pNY0E2QmhNOWRrbGJtb3NkcW5LR3RkZFNadGx2akZHRG1xeVBEZ25qbmNwVTU2OFduL2JaZzU0bkhuLzlyOVFqWk9mbFlCOGFsMUFQMU1OVHBWUFNQNmsyZGpaMnFmdi9EYVVxVlFTaWlVeXFYNnZVbmMrOFJxejNTb1U2ODgrRW5PYjMxTC9hN2dINDRVS1F2aXFKN1ZmVjVSOU9OZm5sS2VNNjA4bWtkeXFzbm5wYzNkUjJDYlBhQmtLaHJXZg==:f4
- http://sequelscribes.com/Experience%20the%20Mesmerizing%20Flute%20Solos%20Level%20Piano%20Accompaniment.pdf?k=WEFtYjRLa3RYbFdDaVM3ZmJKRWVqeFBFTFAraldsUGE4WXZyUFh5TVczTHdseHRzbDN3QWFVR2FXL1FjeHUrbg==:f4
- http://sequelscribes.com/The%20Extraordinary%20Life%20of%20Marifran%20Korb%20%E2%80%93%20A%20Tale%20of%20Passion%2C%20Talent%2C%20and%20Achievement.pdf?k=K1ZJcGFqWW1PVjI4WjRhakhPZVRwclZPSnhZQjVrZlo1T2hELzJqNFpuYz0=:f4
- http://sequelscribes.com/The%20Enigmatic%20Poetry%20of%20Dh%20Lawrence%20A%20Journey%20into%20the%20Depth%20of%20Human%20Emotions.pdf
- http://sequelscribes.com/What%20Do%20You%20Do%20When%20Students%20Say%20Think%20I%27m%20Worthless%20Shut%20the%20Fu%20Up%21%20I%27m%20Afraid%20Of.pdf
- http://sequelscribes.com/The%20Dialogue%20Of%20Two%20Snails%20A%20Captivating%20Penguin%20Modern.pdf
- http://sequelscribes.com/The%20Graham%20Brothers%20A%20Sweet%20Small%20Town%20Romantic%20Comedy.pdf
samples/1br.vir
.pdf
- https://byltly.com/295vqh
- https://fdocuments.in/document/unity-asset-ngui-next-gen-ui-v3-9-2akdunity-asset-ngui-next-gen-ui-v3-9-2akdl.html
- https://seesaawiki.jp/zenblapafen/d/Detective Conan Download
- https://www.homify.in/ideabooks/8483878/spca1528-v2220-msetupexe-download-1
- https://docs.google.com/viewerng/viewer?url=www.soonaradio.com//read-blog/1090
- https://uploads.strikinglycdn.com/files/5d8b9010-d96c-4951-b956-ea323d37edfb/7pentecostalpioneerspdfdownload.pdf
- https://bansingthrowli.weebly.com/uploads/1/3/9/2/139245498/panasonic-viera-channel-list-editor-download-chip.pdf
- https://wakelet.com/wake/DXjUtxOYR1dnDYkR-gSZf
- https://assets.pinshape.com/uploads/image/file/418026/Sloboda-Musical-Mindpdf.pdf
- http://sporchariber.blo.gg/2021/november/flick-quarterback-20-american-pro-football-unlocked.html
- https://cdn.thingiverse.com/assets/14/fe/4e/ad/5f/tamil-Chehra-Maut-Ka-download.html
- http://www.tcpdf.org
- Show all
samples/1o9.vir
.pdf
- http://getpdf.pw/book?res=weby&isbn=9780792386834&kwd=Information%20Systems%20Analysis%20and%20Modeling%20:%20An%20Informational%20Macrodynamics%20Approach
- https://static.s123-cdn-static-d.com/uploads/4659276/normal_61ada027950db.pdf
- https://cdn-cms.f-static.net/uploads/4659484/normal_61adacc5cdc62.pdf
- https://static.s123-cdn-static-d.com/uploads/4659361/normal_61ada2a217d5f.pdf
- https://files8.webydo.com/9588826/UploadedFiles/45C8DCC0-A6F2-E903-C3BA-736FF55FDC31.pdf
- https://cdn-cms.f-static.net/uploads/4659395/normal_61ad4f43c4c70.pdf
- https://static.s123-cdn.com/uploads/4659235/normal_61adc9589a4a5.pdf
- https://static.s123-cdn-static.com/uploads/4659576/normal_61ad5ba0ce3f0.pdf
samples/2i2i.vir
.exe windows x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 512B - Virtual size: 40B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 73B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
samples/Antivirus.vir
.dll windows x86

9e08c1ff93104173e6a3e0d700fcc248

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

vr@s;6&`hi

trusaj|bS

hdwomh;6*aod

DdqLg`}haCjdlHbkaV
KddqLa{pvjz
KddqKvmep`
KddqNvma
KddqIhdkg
DdqQzkkE`aqmzu
DdqLg`}haMbfmjfQ
T`luNkzWmkddlIalabv
DdqUmixTeqk_
DdqDfravkknmgrUgvhc`lgW
@s``|aXvkff{zQ
DdqGahmEpqqakswcwV
OddwmGzmpl`ieUfephml
FoqdzGzmpl`ieUfephml
Joluaedm~`@z`rjeemQgcvigf
DdqWgh}iaLmnftngphmlW
DdqVajlksvGa{c`rks{U
DdqBgixqp`qFhkfQ
@s``|aEqp`{_
Onf`dBzaa
Lq`oEq|a|R
DdqB}vzajqW`{cbb
DdqMgcageiGz`pfUpsklgqW
DdqEzm~aP|sm^
WdwlajipaQkzlgg
DdqB}vzajqSzfefuwHf
Ssjbmw{M`Ql[lupokoKf
JrUsggmwwjqNlgwsvdRpeqef|
JrAdjqocawSzlufhp
Vom`f`da`@{klvwokoDklvez
PdqTflij`iflL~`ctukmnDid|`q
WdwlajipaUqgjcpu
PdqMiw|Avwlz
Ddq@KT
GdfnlaXkmkwm{
DdqUagcGkpm|
Joluaedm~`@z`rjeemQgcvigfDmeZy`fCiqou
WmvFmp^ehpf
WmvRmp^ehpf
Es`dDmjvewz
OndeDmjvewzMqQ
OBH`xW|vmkd_
Gdid|aKvmqjkhjPcgukmn
JrS`dmlGkafXhaf
DdqBXMfbk
Q`lrmApgauwafh
FyluXvggavp
DdqLg`}haMbfmjfC|V
EhkeKhgwa
EhkeFappBlom^
EhkeNmzwpCjdlQ
PdqGahmPmhf
DdqGahmWmfMq
@s``|aNmh`T
DdqGahmPmhf
orqskixmS
TslumBaha
DdqGahmWmf
DdqMiw|Avwlz
DdqB}vzajqSzfefuw
ThadKlivPjN}erjD}ug
NtiuaFqpaQl_`bfEl`p
PdqGahmTklm|ltF~
QddeNmda
Uhwu}edBv`f
Uhwu}edEhilk
@s``|a\lv`bl
QdidiwmIqqfp
@mjrmLij`if
Fylu\lzaea
Pm`dx
DdqRqw|aiAfnhsorH`leIF
TslumGgjwjom^
PdqR|`@ejaom
DdqBgj{kh`Ngmc
DdqBgj{kh`@X
Empr`BahaGvnocqu
QuiTfsaj`
DdqT{az@acb}erOgjfKF
DdqT{az@acb}erVOH`leucgm
DdqR|vajcQzxlQ
DdqNMIKT

bes@xm;6*aod

DdqOiim`W``}{owModmW
DdqRa`[qfDv|aiqopx
Lq`oXvggavp\fmfh
DdqRa`[qfDv|aiqopxAmult
Puds|Wmvrl`m^
@idooa[avsjklElhbheU
Lq`o[azrmff_
Rt`sqWmvrl`mJim`mfU
DdqDptdmglwMgrqoarDpooAkdR
Onjj}tXvmsjdlafPemwgW
Beot{p\ko`mX{ouohdegs
Lq`o\lzaeaWgbcm
PdqOiim`W``}{owModmW
DdqUgomjMkeg{kbrmnl
@mjrmWmvrl`mAgmbhd
Fopl[azrmff{ZrbrqrGzW
Lq`o[GEejddm{Q
PdqRmg}vmqzLlu`tmqvmrFakd
Joluaedm~`PmjsqopxFgsaraxqls
PdqDfpzmavJfHeoQ
Bminke|aEkgAgowoemkxeQil
Es`d[ml
DdqT{azJehf_

thki\px*`io

ThkI|pxVaffacQcwqmlsg
ThkI|pxKt`m
ThkI|pxKt`mZlwvcwu
ThkI|pxWakgZlwvcwu
ThkI|pxGkkmmjr
ThkI|pxE`aQmxsfupIgcdgr{
ThkI|pxUq`qqMgwgEwcklcbdm
ThkI|pxVadgLhrb
ThkI|pxGhjpmAgmbhd

@s\q\7:*`io

@s|q|W|vmkd\fDjhes{C

muamd*lhh

Qui@ln}wpUqaooccd
MuTtmvqW}vwmdOm`ksoctkof
MuJqmj\lv`bl
MuLlxazwkkb|lRkta`f
MuJqmj\lv`bl]ihcjDz
MuDebq{pTwj~`jfaarVmkgn
MuFmgwm
QuiHxr<E`aqmzuWiWupkneW
QuiDyqihQkjkfbfUpsklg
QuiHfm|Qjl`gmcPrvhle

nqw/lhd

TO`uMj}iV`pg|t`cS
TO`uI`lGkkmmjrjijV
TO`uGtmjAkve^
TO`uKefgai@gghfephmlW
TO`uKhgwa@m}d

pdftz7:*`io

OrdFmpDkcjm[lupokoFctc
OrdDfqeavdwmEidijRgqskof{
OrdGzamVaqvzgDv`bdp

piivita*`io

PuwR|vAS
S`qi]jyqkqf[yg`cwV
S`qiZaekr`BznuT

gov@xm&`hi

GovGzam
GovP}az}[R

Exports

Exports

_a@4

Sections

.text
Size: 290KB - Virtual size: 292KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 84KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 13KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
samples/INVOICE Q023.vir
.exe windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Sections

.text
Size: 81KB - Virtual size: 81KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 633KB - Virtual size: 632KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: - Virtual size: 9KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 156KB - Virtual size: 156KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.text
Size: 9KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
samples/aaa.vir
.js
samples/ala.vir
.dll windows x86

7b33197423f08d5868758b0f560fae0b

Code Sign

70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bf
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

29/01/1996, 00:00

Not After

01/08/2028, 23:59

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

2e:db:a8:50:21:ee:00:c9:73:b5:c5:39:8b:2e:11:55
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

08/12/2009, 00:00

Not After

07/01/2012, 23:59

Subject

CN=Lenovo (Beijing) Limited,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=IT,O=Lenovo (Beijing) Limited,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

37:45:0a:4b:e4:71:d9:02:a2:b2:d0:95:a9:0e:07:6b:30:cd:7c:bc
Signer

Actual PE Digest

37:45:0a:4b:e4:71:d9:02:a2:b2:d0:95:a9:0e:07:6b:30:cd:7c:bc

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetCurrentThreadId
GetCommandLineA
HeapFree
GetVersionExA
HeapAlloc
GetProcessHeap
GetProcAddress
GetModuleHandleA
ExitProcess
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetLastError
InterlockedDecrement
Sleep
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
UnhandledExceptionFilter
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
WriteFile
LeaveCriticalSection
EnterCriticalSection
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
IsDebuggerPresent
LoadLibraryA
InitializeCriticalSection
GetCPInfo
GetACP
GetOEMCP
VirtualAlloc
HeapReAlloc
RtlUnwind
HeapSize
MultiByteToWideChar
GetLocaleInfoA
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW

Sections

.text
Size: 28KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
samples/cie.vir
.pdf
samples/claw.vir
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 2.4MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

UPX1
Size: 2.7MB - Virtual size: 2.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 32KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
samples/discord.vir
.exe windows x86

b34f154ec913d2d2c435cbd644e91687

Code Sign

09:fa:2e:e5:d3:d4:88:59:b0:1b:b1:38:07:9f:be:dd
Certificate

Issuer

CN=CARoot

Not Before

15/06/2020, 09:57

Not After

31/12/2039, 23:59

Subject

CN=CARoot

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9d
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

29/03/2022, 00:00

Not After

14/03/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

09:fa:2e:e5:d3:d4:88:59:b0:1b:b1:38:07:9f:be:dd
Certificate

Issuer

CN=CARoot

Not Before

15/06/2020, 09:57

Not After

31/12/2039, 23:59

Subject

CN=CARoot

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9d
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

29/03/2022, 00:00

Not After

14/03/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

f7:dc:ac:dd:1a:21:b3:1a:22:7e:6f:ee:34:68:eb:b8:8f:72:a2:a5:c8:49:52:40:1a:75:e7:6c:31:cb:86:54
Signer

Actual PE Digest

f7:dc:ac:dd:1a:21:b3:1a:22:7e:6f:ee:34:68:eb:b8:8f:72:a2:a5:c8:49:52:40:1a:75:e7:6c:31:cb:86:54

Digest Algorithm

sha256

PE Digest Matches

true

3f:77:09:b7:5e:d4:aa:86:a6:b8:c5:28:c5:f3:e6:d6:55:81:10:49
Signer

Actual PE Digest

3f:77:09:b7:5e:d4:aa:86:a6:b8:c5:28:c5:f3:e6:d6:55:81:10:49

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetEnvironmentVariableW
SetFileAttributesW
Sleep
GetTickCount
GetFileSize
GetModuleFileNameW
GetCurrentProcess
CopyFileW
SetCurrentDirectoryW
GetFileAttributesW
GetWindowsDirectoryW
GetTempPathW
GetCommandLineW
GetVersion
SetErrorMode
lstrlenW
lstrcpynW
GetDiskFreeSpaceW
ExitProcess
GetShortPathNameW
CreateThread
GetLastError
CreateDirectoryW
CreateProcessW
RemoveDirectoryW
lstrcmpiA
CreateFileW
GetTempFileNameW
WriteFile
lstrcpyA
MoveFileExW
lstrcatW
GetSystemDirectoryW
GetProcAddress
GetModuleHandleA
GetExitCodeProcess
WaitForSingleObject
lstrcmpiW
MoveFileW
GetFullPathNameW
SetFileTime
SearchPathW
CompareFileTime
lstrcmpW
CloseHandle
ExpandEnvironmentStringsW
GlobalFree
GlobalLock
GlobalUnlock
GlobalAlloc
FindFirstFileW
FindNextFileW
DeleteFileW
SetFilePointer
ReadFile
FindClose
lstrlenA
MulDiv
MultiByteToWideChar
WideCharToMultiByte
GetPrivateProfileStringW
WritePrivateProfileStringW
FreeLibrary
LoadLibraryExW
GetModuleHandleW

user32

GetSystemMenu
SetClassLongW
EnableMenuItem
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongW
SetCursor
LoadCursorW
CheckDlgButton
GetMessagePos
LoadBitmapW
CallWindowProcW
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
ScreenToClient
GetWindowRect
GetDlgItem
GetSystemMetrics
SetDlgItemTextW
GetDlgItemTextW
MessageBoxIndirectW
CharPrevW
CharNextA
wsprintfA
DispatchMessageW
PeekMessageW
ReleaseDC
EnableWindow
InvalidateRect
SendMessageW
DefWindowProcW
BeginPaint
GetClientRect
FillRect
DrawTextW
EndDialog
RegisterClassW
SystemParametersInfoW
CreateWindowExW
GetClassInfoW
DialogBoxParamW
CharNextW
ExitWindowsEx
DestroyWindow
GetDC
SetTimer
SetWindowTextW
LoadImageW
SetForegroundWindow
ShowWindow
IsWindow
SetWindowLongW
FindWindowExW
TrackPopupMenu
AppendMenuW
CreatePopupMenu
EndPaint
CreateDialogParamW
SendMessageTimeoutW
wsprintfW
PostQuitMessage

gdi32

SelectObject
SetBkMode
CreateFontIndirectW
SetTextColor
DeleteObject
GetDeviceCaps
CreateBrushIndirect
SetBkColor

shell32

SHGetSpecialFolderLocation
ShellExecuteExW
SHGetPathFromIDListW
SHBrowseForFolderW
SHGetFileInfoW
SHFileOperationW

advapi32

AdjustTokenPrivileges
RegCreateKeyExW
RegOpenKeyExW
SetFileSecurityW
OpenProcessToken
LookupPrivilegeValueW
RegEnumValueW
RegDeleteKeyW
RegDeleteValueW
RegCloseKey
RegSetValueExW
RegQueryValueExW
RegEnumKeyW

comctl32

ImageList_Create
ImageList_AddMasked
ImageList_Destroy
ord17

ole32

OleUninitialize
OleInitialize
CoTaskMemFree
CoCreateInstance

Sections

.text
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 451KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 992KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 60KB - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
samples/dlw.vir
.exe windows x86

df9d0b2ba4ebcb48c0f6de36e9e8d593

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

oleaut32

SysFreeString
SysReAllocStringLen
SysAllocStringLen
CreateErrorInfo
GetErrorInfo
SetErrorInfo
GetActiveObject
SysFreeString
SafeArrayPtrOfIndex
SafeArrayPutElement
SafeArrayGetElement
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayCreate
VariantChangeType
VariantCopyInd
VariantCopy
VariantClear
VariantInit

advapi32

RegQueryValueExW
RegOpenKeyExW
RegCloseKey
SetSecurityDescriptorDacl
RegSetValueExA
RegSetValueExW
RegQueryValueExA
RegQueryValueExW
RegQueryInfoKeyA
RegQueryInfoKeyW
RegOpenKeyExA
RegOpenKeyExW
RegFlushKey
RegEnumKeyA
RegEnumKeyExW
RegDeleteValueA
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExA
RegCreateKeyExW
RegCloseKey
OpenProcessToken
LookupPrivilegeValueW
LookupAccountSidW
InitializeSecurityDescriptor
GetUserNameA
GetUserNameW
GetTokenInformation
FreeSid
DuplicateTokenEx
AllocateAndInitializeSid
AdjustTokenPrivileges
UnlockServiceDatabase
StartServiceW
QueryServiceStatus
QueryServiceLockStatusW
OpenServiceW
OpenSCManagerW
ChangeServiceConfigW

user32

GetKeyboardType
LoadStringW
MessageBoxA
CharNextW
CreateWindowExA
CreateWindowExW
WindowFromPoint
WaitMessage
UpdateLayeredWindow
UpdateWindow
UnregisterClassA
UnregisterClassW
UnionRect
UnhookWindowsHookEx
TranslateMessage
TranslateMDISysAccel
TrackPopupMenu
SystemParametersInfoW
ShowWindow
ShowScrollBar
ShowOwnedPopups
SetWindowRgn
SetWindowsHookExW
SetWindowTextA
SetWindowTextW
SetWindowPos
SetWindowPlacement
SetWindowLongA
SetWindowLongW
SetTimer
SetScrollRange
SetScrollPos
SetScrollInfo
SetRect
SetPropW
SetParent
SetMenuItemInfoW
SetMenu
SetForegroundWindow
SetFocus
SetCursor
SetClipboardData
SetClassLongW
SetCapture
SetActiveWindow
SendMessageTimeoutA
SendMessageA
SendMessageW
ScrollWindow
ScreenToClient
RemovePropW
RemoveMenu
ReleaseDC
ReleaseCapture
RegisterWindowMessageW
RegisterClipboardFormatW
RegisterClassA
RegisterClassW
RedrawWindow
PtInRect
PostThreadMessageA
PostThreadMessageW
PostQuitMessage
PostMessageA
PostMessageW
PeekMessageA
PeekMessageW
OpenClipboard
OffsetRect
MsgWaitForMultipleObjectsEx
MsgWaitForMultipleObjects
MessageBoxA
MessageBoxW
MessageBeep
MapWindowPoints
MapVirtualKeyW
LoadStringW
LoadKeyboardLayoutW
LoadImageA
LoadImageW
LoadIconW
LoadCursorW
LoadBitmapW
KillTimer
IsZoomed
IsWindowVisible
IsWindowUnicode
IsWindowEnabled
IsWindow
IsRectEmpty
IsIconic
IsDialogMessageA
IsDialogMessageW
IsClipboardFormatAvailable
IsChild
InvalidateRect
IntersectRect
InsertMenuItemW
InsertMenuW
InflateRect
GetWindowThreadProcessId
GetWindowTextA
GetWindowTextW
GetWindowRect
GetWindowPlacement
GetWindowLongA
GetWindowLongW
GetWindowDC
GetTopWindow
GetSystemMetrics
GetSystemMenu
GetSysColorBrush
GetSysColor
GetSubMenu
GetScrollRange
GetScrollPos
GetScrollInfo
GetScrollBarInfo
GetPropW
GetParent
GetWindow
GetMessagePos
GetMessageA
GetMessageW
GetMenuStringW
GetMenuState
GetMenuItemInfoW
GetMenuItemID
GetMenuItemCount
GetMenu
GetLastActivePopup
GetKeyboardState
GetKeyboardLayoutNameW
GetKeyboardLayoutList
GetKeyboardLayout
GetKeyState
GetKeyNameTextW
GetIconInfo
GetForegroundWindow
GetFocus
GetDlgItem
GetDesktopWindow
GetDCEx
GetDC
GetCursorPos
GetCursor
GetClipboardData
GetClientRect
GetClassNameA
GetClassNameW
GetClassLongW
GetClassInfoW
GetCapture
GetActiveWindow
FrameRect
FindWindowExW
FindWindowA
FindWindowW
FillRect
ExitWindowsEx
EqualRect
EnumWindows
EnumThreadWindows
EnumClipboardFormats
EnumChildWindows
EndPaint
EnableWindow
EnableScrollBar
EnableMenuItem
EmptyClipboard
DrawTextExW
DrawTextA
DrawTextW
DrawMenuBar
DrawIconEx
DrawIcon
DrawFrameControl
DrawFocusRect
DrawEdge
DispatchMessageA
DispatchMessageW
DestroyWindow
DestroyMenu
DestroyIcon
DestroyCursor
DeleteMenu
DefWindowProcA
DefWindowProcW
DefMDIChildProcW
DefFrameProcW
CreatePopupMenu
CreateMenu
CreateIcon
CloseClipboard
ClientToScreen
ChildWindowFromPoint
CheckMenuItem
CharUpperBuffW
CharToOemW
CharNextW
CharLowerBuffW
CharLowerW
CallWindowProcA
CallWindowProcW
CallNextHookEx
BringWindowToTop
BeginPaint
AttachThreadInput
AdjustWindowRectEx
ActivateKeyboardLayout

kernel32

GetACP
Sleep
VirtualFree
VirtualAlloc
GetSystemInfo
GetTickCount
QueryPerformanceCounter
GetVersion
GetCurrentThreadId
VirtualQuery
WideCharToMultiByte
SetCurrentDirectoryW
MultiByteToWideChar
lstrlenW
lstrcpynW
LoadLibraryExW
GetThreadLocale
GetStartupInfoA
GetProcAddress
GetModuleHandleW
GetModuleFileNameW
GetLocaleInfoW
GetLastError
GetCurrentDirectoryW
GetCommandLineW
FreeLibrary
FindFirstFileW
FindClose
ExitProcess
ExitThread
CreateThread
CompareStringW
WriteFile
UnhandledExceptionFilter
SetFilePointer
SetEndOfFile
RtlUnwind
ReadFile
RaiseException
GetStdHandle
GetFileSize
GetFileType
CreateFileW
CloseHandle
TlsSetValue
TlsGetValue
LocalAlloc
GetModuleHandleW
lstrlenW
lstrcpyW
lstrcmpiW
lstrcmpA
lstrcmpW
WriteProcessMemory
WritePrivateProfileStringW
WriteFile
WideCharToMultiByte
WaitForSingleObject
WaitForMultipleObjectsEx
VirtualQueryEx
VirtualQuery
VirtualProtect
VirtualFree
VirtualAlloc
UnmapViewOfFile
TryEnterCriticalSection
TerminateThread
TerminateProcess
SystemTimeToFileTime
SwitchToThread
SuspendThread
Sleep
SizeofResource
SignalObjectAndWait
SetUnhandledExceptionFilter
SetThreadPriority
SetThreadLocale
SetLastError
SetFilePointer
SetFileAttributesA
SetFileAttributesW
SetEvent
SetErrorMode
SetEndOfFile
SearchPathW
ResumeThread
ResetEvent
RemoveDirectoryA
RemoveDirectoryW
ReleaseMutex
ReadProcessMemory
ReadFile
RaiseException
QueryPerformanceFrequency
QueryPerformanceCounter
OutputDebugStringW
OpenProcess
OpenMutexW
OpenFileMappingA
OpenFileMappingW
MultiByteToWideChar
MulDiv
MoveFileW
MapViewOfFile
LockResource
LocalSize
LocalFree
LocalAlloc
LoadResource
LoadLibraryExA
LoadLibraryA
LoadLibraryW
LeaveCriticalSection
IsValidLocale
IsBadWritePtr
IsBadReadPtr
InitializeCriticalSection
HeapFree
HeapDestroy
HeapCreate
HeapAlloc
GlobalUnlock
GlobalSize
GlobalMemoryStatus
GlobalHandle
GlobalLock
GlobalFree
GlobalFindAtomW
GlobalDeleteAtom
GlobalAlloc
GlobalAddAtomW
GetWindowsDirectoryA
GetWindowsDirectoryW
GetVersionExA
GetVersionExW
GetVersion
GetTimeZoneInformation
GetTickCount
GetThreadPriority
GetThreadLocale
GetThreadContext
GetTempPathA
GetTempPathW
GetSystemTimeAsFileTime
GetSystemTime
GetSystemInfo
GetSystemDirectoryW
GetSystemDefaultLangID
GetStdHandle
GetProcAddress
GetPrivateProfileStringW
GetPriorityClass
GetModuleHandleA
GetModuleHandleW
GetModuleFileNameA
GetModuleFileNameW
GetLocaleInfoA
GetLocaleInfoW
GetLocalTime
GetLastError
GetFullPathNameW
GetFileTime
GetFileSize
GetFileAttributesExW
GetFileAttributesA
GetFileAttributesW
GetExitCodeThread
GetExitCodeProcess
GetDriveTypeW
GetDiskFreeSpaceExA
GetDiskFreeSpaceExW
GetDiskFreeSpaceA
GetDiskFreeSpaceW
GetDateFormatW
GetCurrentThreadId
GetCurrentThread
GetCurrentProcessId
GetCurrentProcess
GetCurrentDirectoryA
GetCurrentDirectoryW
GetComputerNameA
GetComputerNameW
GetCommandLineA
GetCommandLineW
GetCPInfo
FreeResource
InterlockedIncrement
InterlockedExchangeAdd
InterlockedExchange
InterlockedDecrement
InterlockedCompareExchange
FreeLibrary
FormatMessageA
FormatMessageW
FlushInstructionCache
FindResourceA
FindResourceW
FindNextFileA
FindNextFileW
FindFirstFileA
FindFirstFileW
FindClose
FileTimeToSystemTime
FileTimeToLocalFileTime
FileTimeToDosDateTime
ExpandEnvironmentStringsA
ExpandEnvironmentStringsW
ExitThread
ExitProcess
EnumCalendarInfoA
EnterCriticalSection
DuplicateHandle
DeleteFileA
DeleteFileW
DeleteCriticalSection
CreateThread
CreateProcessA
CreateProcessW
CreatePipe
CreateMutexA
CreateMutexW
CreateFileMappingA
CreateFileMappingW
CreateFileA
CreateFileW
CreateEventA
CreateEventW
CreateDirectoryA
CreateDirectoryW
CopyFileA
CopyFileW
CompareStringA
CompareStringW
CloseHandle
Beep
RtlUnwind
Sleep
GetUserDefaultUILanguage
ProcessIdToSessionId

msimg32

TransparentBlt
AlphaBlend

gdi32

UnrealizeObject
TextOutA
TextOutW
StretchDIBits
StretchBlt
StartPage
StartDocA
StartDocW
SetWindowOrgEx
SetWinMetaFileBits
SetViewportOrgEx
SetTextColor
SetStretchBltMode
SetROP2
SetPixel
SetMapMode
SetEnhMetaFileBits
SetDIBColorTable
SetBrushOrgEx
SetBkMode
SetBkColor
SelectPalette
SelectObject
SelectClipRgn
SaveDC
RestoreDC
ResizePalette
Rectangle
RectVisible
RealizePalette
PtInRegion
Polyline
PlgBlt
PlayEnhMetaFile
PatBlt
MoveToEx
MaskBlt
LineTo
IntersectClipRect
GetWindowOrgEx
GetWinMetaFileBits
GetViewportOrgEx
GetTextMetricsW
GetTextFaceA
GetTextExtentPoint32A
GetTextExtentPoint32W
GetTextExtentExPointW
GetSystemPaletteEntries
GetStockObject
GetRgnBox
GetPixel
GetPaletteEntries
GetObjectType
GetObjectA
GetObjectW
GetNearestPaletteIndex
GetEnhMetaFilePaletteEntries
GetEnhMetaFileHeader
GetEnhMetaFileBits
GetDeviceCaps
GetDIBits
GetDIBColorTable
GetDCOrgEx
GetCurrentPositionEx
GetCurrentObject
GetClipBox
GetBrushOrgEx
GetBitmapBits
GdiFlush
FrameRgn
ExtTextOutW
ExcludeClipRect
EndPage
EndDoc
Ellipse
DeleteObject
DeleteEnhMetaFile
DeleteDC
CreateSolidBrush
CreateRectRgnIndirect
CreateRectRgn
CreatePenIndirect
CreatePen
CreatePalette
CreateHalftonePalette
CreateFontIndirectW
CreateFontA
CreateFontW
CreateDIBitmap
CreateDIBSection
CreateDCW
CreateCompatibleDC
CreateCompatibleBitmap
CreateBrushIndirect
CreateBitmap
CopyEnhMetaFileW
CombineRgn
BitBlt

version

VerQueryValueA
VerQueryValueW
GetFileVersionInfoSizeA
GetFileVersionInfoSizeW
GetFileVersionInfoA
GetFileVersionInfoW

wsock32

WSACleanup
WSAStartup
WSAGetLastError
gethostbyname
socket
setsockopt
sendto
send
select
recvfrom
recv
ioctlsocket
inet_addr
htons
connect
closesocket
bind

shell32

Shell_NotifyIconW
ShellExecuteExA
ShellExecuteA
ShellExecuteW
SHGetFileInfoW
ExtractIconExW
SHGetSpecialFolderPathW
SHGetSpecialFolderLocation
SHGetPathFromIDListW
SHBrowseForFolderW
SHGetPathFromIDListA
SHGetSpecialFolderLocation
SHGetMalloc

ole32

CreateStreamOnHGlobal
OleUninitialize
OleInitialize
CoTaskMemFree
CoTaskMemAlloc
ProgIDFromCLSID
StringFromCLSID
CoCreateInstance
CoInitializeSecurity
CoUninitialize
CoInitialize
IsEqualGUID
CLSIDFromString
CoTaskMemFree
StringFromCLSID
CoCreateGuid

wininet

InternetReadFile
InternetQueryOptionW
InternetOpenUrlW
InternetOpenW
InternetCrackUrlW
InternetConnectW
InternetCloseHandle
HttpSendRequestW
HttpOpenRequestW
HttpAddRequestHeadersW

comctl32

InitializeFlatSB
FlatSB_SetScrollProp
FlatSB_SetScrollPos
FlatSB_SetScrollInfo
FlatSB_GetScrollPos
FlatSB_GetScrollInfo
_TrackMouseEvent
ImageList_SetIconSize
ImageList_GetIconSize
ImageList_Write
ImageList_Read
ImageList_GetDragImage
ImageList_DragShowNolock
ImageList_DragMove
ImageList_DragLeave
ImageList_DragEnter
ImageList_EndDrag
ImageList_BeginDrag
ImageList_GetIcon
ImageList_Remove
ImageList_DrawEx
ImageList_Replace
ImageList_Draw
ImageList_GetBkColor
ImageList_SetBkColor
ImageList_Add
ImageList_SetImageCount
ImageList_GetImageCount
ImageList_Destroy
ImageList_Create
InitCommonControls

comdlg32

PrintDlgW
GetSaveFileNameA
GetSaveFileNameW
GetOpenFileNameW

powrprof

SetSuspendState

winmm

timeGetTime

userenv

DestroyEnvironmentBlock
CreateEnvironmentBlock

wtsapi32

WTSFreeMemory
WTSQuerySessionInformationW

msvcrt

free
malloc
strchr
isxdigit
isupper
isspace
ispunct
isprint
islower
isgraph
isdigit
iscntrl
isalpha
isalnum
toupper
tolower
strlen
memcmp
strncmp
memset
memmove
memcpy

Exports

Exports

madTraceProcess

Sections

.text
Size: 3.0MB - Virtual size: 3.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 148KB - Virtual size: 148KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 227KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 82B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: - Virtual size: 592B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 180KB - Virtual size: 180KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 4.6MB - Virtual size: 4.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
samples/dnekwi.vir
.pdf
samples/dns.vir
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 227KB - Virtual size: 226KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 103KB - Virtual size: 102KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.wixburn
Size: 512B - Virtual size: 56B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
samples/eikr.vir
.exe windows x86

01db19e879342435a36b1a5b43f21710

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

20:a9:47:94:7e:70:33:91:c3:00:8b:62:66:06:fa:8f
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

30/03/2015, 00:00

Not After

18/04/2018, 23:59

Subject

CN=Canon Inc.,OU=Inkjet System Development Center,O=Canon Inc.,L=Kawasaki-shi,ST=Kanagawa,C=JP

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

6b:64:8e:af:46:04:ee:3c:f3:aa:24:4b:02:86:f1:61
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

07/09/2015, 00:00

Not After

18/04/2018, 23:59

Subject

CN=Canon Inc.,OU=Inkjet System Development Center,O=Canon Inc.,L=Kawasaki-shi,ST=Kanagawa,C=JP

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

55:45:ca:02:24:61:90:d9:79:ee:b4:0d:b9:ff:bc:18
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

11/06/2015, 00:00

Not After

29/12/2020, 23:59

Subject

CN=GeoTrust 2048-bit Timestamping Signer 3,O=GeoTrust Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

01/01/1997, 00:00

Not After

31/12/2020, 23:59

Subject

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

09:5d:ac:dc:2f:16:7b:42:52:be:7b:71:7a:e1:f5:38:71:9d:36:c2:25:5f:1d:15:1f:20:82:4a:83:72:0f:2d
Signer

Actual PE Digest

09:5d:ac:dc:2f:16:7b:42:52:be:7b:71:7a:e1:f5:38:71:9d:36:c2:25:5f:1d:15:1f:20:82:4a:83:72:0f:2d

Digest Algorithm

sha256

PE Digest Matches

false

27:df:1f:7e:f8:4d:35:30:6b:cd:3a:04:20:a5:77:f2:c3:2f:42:72
Signer

Actual PE Digest

27:df:1f:7e:f8:4d:35:30:6b:cd:3a:04:20:a5:77:f2:c3:2f:42:72

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetStringTypeW
GetTimeZoneInformation
GetConsoleCP
GetConsoleMode
ReadConsoleW
SetFilePointerEx
OutputDebugStringW
IsValidCodePage
LCMapStringW
WriteConsoleW
SetEnvironmentVariableA
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetStartupInfoW
GetStdHandle
GetFileType
SetStdHandle
GetSystemTimeAsFileTime
VirtualQuery
VirtualAlloc
GetSystemInfo
HeapQueryInformation
HeapSize
GetUserDefaultUILanguage
IsProcessorFeaturePresent
IsDebuggerPresent
HeapReAlloc
RaiseException
ExitThread
GetModuleHandleExW
ExitProcess
RtlUnwind
GetCommandLineW
FindResourceExW
GetWindowsDirectoryW
SearchPathW
GetProfileIntW
Sleep
VirtualProtect
GetTempPathW
GetTempFileNameW
GetTickCount
GetFileTime
GetFileSizeEx
GetFileAttributesExW
FileTimeToLocalFileTime
SetErrorMode
FileTimeToSystemTime
GlobalGetAtomNameW
lstrcmpiW
GetCurrentProcess
DuplicateHandle
UnlockFile
SetEndOfFile
LockFile
GetVolumeInformationW
GetCPInfo
GetOEMCP
CreateThread
GetACP
GetFullPathNameW
FlushFileBuffers
FindFirstFileW
FindClose
VerifyVersionInfoW
VerSetConditionMask
GetThreadLocale
GlobalFlags
GetSystemDefaultUILanguage
GetLocaleInfoW
CompareStringW
GetCurrentDirectoryW
InterlockedIncrement
InterlockedDecrement
LocalReAlloc
LocalAlloc
GlobalHandle
GlobalReAlloc
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSection
CopyFileW
FormatMessageW
MulDiv
LocalFree
GlobalSize
GlobalFindAtomW
GetSystemDirectoryW
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
DecodePointer
EncodePointer
GetCurrentProcessId
GlobalAddAtomW
ResumeThread
SetThreadPriority
WaitForSingleObject
GlobalUnlock
WritePrivateProfileStringW
GetPrivateProfileIntW
LoadLibraryW
LoadLibraryA
GetProcAddress
GetModuleHandleW
GetModuleHandleA
GetVersion
SetLastError
OutputDebugStringA
GetFileAttributesW
lstrcpyW
GlobalFree
FreeResource
lstrcmpW
lstrcmpA
GlobalDeleteAtom
GlobalLock
GlobalAlloc
LoadLibraryExW
FreeLibrary
GetVersionExW
GetCurrentThreadId
GetCurrentThread
InterlockedExchange
InitializeCriticalSectionEx
WideCharToMultiByte
MultiByteToWideChar
DeleteFileW
GetLastError
WriteFile
SetFilePointer
lstrlenW
SetFileAttributesW
HeapFree
ReadFile
GetProcessHeap
HeapAlloc
GetFileSize
CloseHandle
CreateFileW
GetPrivateProfileStringW
GetModuleFileNameW
FindResourceW
LoadResource
LockResource
SizeofResource

user32

GetKeyboardState
GetKeyboardLayout
ToUnicodeEx
RegisterClipboardFormatW
UnregisterClassW
ReuseDDElParam
UnpackDDElParam
InsertMenuItemW
TranslateAcceleratorW
LoadAcceleratorsW
UpdateLayeredWindow
GetUpdateRect
SetClassLongW
DestroyAcceleratorTable
ModifyMenuW
IsMenu
SetMenuDefaultItem
GetMenuDefaultItem
GetMenuItemInfoW
CopyIcon
GetIconInfo
GetDoubleClickTime
EnableScrollBar
DestroyMenu
LockWindowUpdate
CreatePopupMenu
BringWindowToTop
UnionRect
SetCursorPos
NotifyWinEvent
GetSystemMenu
GetAsyncKeyState
CharUpperW
IsZoomed
TrackMouseEvent
LoadImageW
DestroyIcon
EmptyClipboard
SetClipboardData
CloseClipboard
OpenClipboard
MonitorFromPoint
SetParent
EnumDisplayMonitors
SetRectEmpty
SetLayeredWindowAttributes
MessageBeep
GetNextDlgGroupItem
IntersectRect
SetRect
InvalidateRgn
CopyAcceleratorTableW
CharNextW
KillTimer
SetTimer
RealChildWindowFromPoint
DeleteMenu
SystemParametersInfoW
CopyImage
LoadCursorW
ReleaseCapture
SetCapture
WaitMessage
SendDlgItemMessageA
ClientToScreen
EndPaint
BeginPaint
ReleaseDC
GetWindowDC
GetDC
TabbedTextOutW
GrayStringW
DrawTextExW
DrawTextW
RemoveMenu
AppendMenuW
InsertMenuW
GetMenuState
GetMenuStringW
IsDialogMessageW
SetWindowTextW
CheckDlgButton
MoveWindow
ShowWindow
GetMonitorInfoW
MonitorFromWindow
WinHelpW
GetScrollInfo
SetScrollInfo
LoadIconW
UnhookWindowsHookEx
GetTopWindow
GetClassLongW
SetWindowLongW
PtInRect
EqualRect
CopyRect
ScreenToClient
AdjustWindowRectEx
GetWindowTextLengthW
GetWindowTextW
RemovePropW
GetPropW
SetPropW
ShowScrollBar
GetScrollRange
SetScrollRange
GetScrollPos
SetScrollPos
ScrollWindow
SetForegroundWindow
GetForegroundWindow
TrackPopupMenu
GetMenuItemCount
GetMenuItemID
GetSubMenu
SetMenu
GetMenu
GetCapture
SetFocus
GetDlgCtrlID
EndDeferWindowPos
DeferWindowPos
BeginDeferWindowPos
SetWindowPlacement
GetWindowPlacement
IsChild
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
CallWindowProcW
DefWindowProcW
GetMessageTime
GetMessagePos
GetClassNameW
InvalidateRect
UpdateWindow
GetLastActivePopup
GetWindowThreadProcessId
MessageBoxW
SetCursor
ShowOwnedPopups
CallNextHookEx
SetWindowsHookExW
GetCursorPos
ValidateRect
GetKeyState
PeekMessageW
DispatchMessageW
TranslateMessage
GetMessageW
DrawIcon
GetWindowRgn
DestroyCursor
CreateMenu
InvertRect
HideCaret
GetComboBoxInfo
TranslateMDISysAccel
DefMDIChildProcW
DefFrameProcW
DrawMenuBar
MapVirtualKeyExW
IsCharLowerW
LoadBitmapW
SetMenuItemInfoW
PostThreadMessageW
IsClipboardFormatAvailable
FrameRect
CharUpperBuffW
SubtractRect
GetKeyNameTextW
CreateAcceleratorTableW
LoadMenuW
MapVirtualKeyW
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
EnableMenuItem
CheckMenuItem
GetDesktopWindow
GetWindowLongW
SetActiveWindow
IsWindowEnabled
GetActiveWindow
GetNextDlgTabItem
GetDlgItem
EndDialog
CreateDialogIndirectParamW
DestroyWindow
IsWindow
DrawIconEx
IsRectEmpty
OffsetRect
InflateRect
FillRect
DrawFocusRect
GetSysColorBrush
GetSysColor
MapWindowPoints
GetWindowRect
RedrawWindow
SetWindowRgn
DrawStateW
GetFocus
IsWindowVisible
DrawFrameControl
DrawEdge
RegisterWindowMessageW
MapDialogRect
GetWindow
GetParent
SetWindowContextHelpId
SetWindowPos
PostQuitMessage
PostMessageW
GetClientRect
GetSystemMetrics
IsIconic
SendMessageW
EnableWindow
WindowFromPoint

gdi32

MoveToEx
TextOutW
SetViewportExtEx
SetViewportOrgEx
SetWindowExtEx
SetWindowOrgEx
OffsetViewportOrgEx
OffsetWindowOrgEx
ScaleViewportExtEx
ScaleWindowExtEx
GetRgnBox
CreateFontIndirectW
GetMapMode
SetRectRgn
DPtoLP
CreateCompatibleBitmap
CreateDIBitmap
EnumFontFamiliesW
GetTextCharsetInfo
RealizePalette
SetPixel
StretchBlt
CreateDIBSection
SetDIBColorTable
CreateRoundRectRgn
Rectangle
OffsetRgn
CreatePalette
GetPaletteEntries
GetNearestPaletteIndex
GetSystemPaletteEntries
EnumFontFamiliesExW
ExtFloodFill
SetPaletteEntries
FillRgn
FrameRgn
GetBoundsRect
PtInRegion
GetViewportOrgEx
LPtoDP
GetWindowOrgEx
SetPixelV
GetTextFaceW
SelectClipRgn
SaveDC
RestoreDC
RectVisible
SetTextAlign
ExtSelectClipRgn
SetROP2
SetPolyFillMode
GetLayout
SetLayout
SetMapMode
SetBkMode
SelectPalette
RoundRect
CombineRgn
PtVisible
LineTo
IntersectClipRect
GetWindowExtEx
GetViewportExtEx
GetPixel
GetObjectType
GetClipBox
ExcludeClipRect
Escape
DeleteDC
CreatePatternBrush
CreatePen
CreateCompatibleDC
BitBlt
GetDeviceCaps
CreateDCW
CopyMetaFileW
SetTextColor
SetBkColor
GetObjectW
GetStockObject
DeleteObject
CreateBitmap
GetTextMetricsW
Polyline
Polygon
CreatePolygonRgn
ExtTextOutW
PatBlt
GetTextExtentPoint32W
GetTextColor
GetBkColor
Ellipse
CreateSolidBrush
CreateRectRgnIndirect
CreateRectRgn
CreateHatchBrush
CreateEllipticRgn
SelectObject

msimg32

AlphaBlend
TransparentBlt

winspool.drv

ClosePrinter
OpenPrinterW
DocumentPropertiesW

advapi32

RegEnumKeyW
RegEnumKeyExW
RegEnumValueW
RegQueryValueW
RegCloseKey
RegSetValueExW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
RegQueryValueExW
RegOpenKeyExW

shell32

DragQueryFileW
ord165
SHGetMalloc
SHGetPathFromIDListW
SHGetSpecialFolderLocation
SHBrowseForFolderW
SHGetDesktopFolder
ShellExecuteW
DragFinish
SHGetFolderPathW
SHGetFileInfoW
SHAppBarMessage

comctl32

InitCommonControlsEx

shlwapi

PathFindExtensionW
PathFindFileNameW
PathIsUNCW
PathStripToRootW
StrFormatKBSizeW
PathFileExistsW
PathRemoveFileSpecW

uxtheme

GetThemeColor
GetWindowTheme
GetThemeSysColor
IsThemeBackgroundPartiallyTransparent
OpenThemeData
CloseThemeData
DrawThemeBackground
GetThemePartSize
DrawThemeParentBackground
GetCurrentThemeName
IsAppThemed
DrawThemeText

ole32

OleFlushClipboard
OleUninitialize
OleInitialize
CoFreeUnusedLibraries
CreateStreamOnHGlobal
CreateILockBytesOnHGlobal
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CoGetClassObject
OleDuplicateData
OleIsCurrentClipboard
CoTaskMemFree
CoTaskMemAlloc
CoInitialize
CoCreateInstance
CLSIDFromProgID
CLSIDFromString
CoCreateGuid
CoUninitialize
IsAccelerator
OleTranslateAccelerator
OleDestroyMenuDescriptor
OleCreateMenuDescriptor
CoRegisterMessageFilter
CoRevokeClassObject
CoInitializeEx
OleLockRunning
RevokeDragDrop
RegisterDragDrop
CoLockObjectExternal
OleGetClipboard
ReleaseStgMedium
DoDragDrop

oleaut32

SysAllocString
VarBstrFromDate
VariantCopy
SafeArrayDestroy
VariantTimeToSystemTime
SystemTimeToVariantTime
SysStringLen
OleCreateFontIndirect
VariantChangeType
VariantClear
VariantInit
SysAllocStringLen
SysFreeString

oledlg

OleUIBusyW

gdiplus

GdipSetInterpolationMode
GdipCreateFromHDC
GdipCreateBitmapFromHBITMAP
GdipDrawImageI
GdipDeleteGraphics
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipCreateBitmapFromStream
GdipGetImagePaletteSize
GdipGetImagePalette
GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth
GdipGetImageGraphicsContext
GdipDisposeImage
GdipCloneImage
GdiplusShutdown
GdiplusStartup
GdipFree
GdipAlloc
GdipDrawImageRectI

oleacc

CreateStdAccessibleObject
AccessibleObjectFromWindow
LresultFromObject

imm32

ImmReleaseContext
ImmGetContext
ImmGetOpenStatus

winmm

PlaySoundW

Sections

.text
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 324KB - Virtual size: 323KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 26KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 391KB - Virtual size: 391KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
samples/ekei.vir
.pdf
samples/fjf.vir
.pdf
samples/fjfj.vir
.pdf
samples/fm.vir
.exe windows x86

b5bf74bb8542feb9870a7cf9357dfe6c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

gdi32

DPtoLP
SetWindowOrgEx
SetViewportOrgEx
ModifyWorldTransform
SetGraphicsMode
SaveDC
BitBlt
CreateSolidBrush
CreateCompatibleBitmap
CreateFontIndirectW
GetStockObject
SetTextColor
SetBkMode
GetObjectA
GetObjectW
DeleteDC
SetLayout
CreateBitmap
SelectObject
GetTextMetricsW
DeleteObject
GetDeviceCaps
RestoreDC
CreateCompatibleDC

user32

UnregisterClassA
GetFocus
GetKeyState
DrawIcon
EnableWindow
IsWindowVisible
SendNotifyMessageW
SetScrollInfo
GetScrollInfo
SetScrollPos
ScrollWindowEx
ScrollWindow
GetScrollPos
SetFocus
DestroyWindow
SetRect
GetDlgItem
TrackMouseEvent
IsWindowEnabled
GetParent
ScreenToClient
DrawTextW
InvalidateRect
MoveWindow
GetWindowTextLengthW
GetWindowTextW
BeginPaint
EndPaint
IsIconic
GetLastActivePopup
GetAncestor
GetWindowRect
MapWindowPoints
FillRect
SystemParametersInfoW
GetSysColor
GetSystemMetrics
LoadImageW
PeekMessageW
MsgWaitForMultipleObjectsEx
KillTimer
GetCursorPos
CreatePopupMenu
AppendMenuW
SetMenuItemInfoW
SetMenuDefaultItem
TrackPopupMenu
DestroyMenu
BringWindowToTop
GetDC
ReleaseDC
LoadStringW
CharNextW
SetTimer
DestroyIcon
SetForegroundWindow
LoadIconW
RegisterWindowMessageW
GetMessageW
TranslateMessage
DispatchMessageW
FindWindowExW
IsWindow
GetClientRect
PostQuitMessage
PostMessageW
GetWindowLongW
CallWindowProcW
CreateWindowExW
RegisterClassExW
DefWindowProcW
LoadCursorW
GetClassInfoExW
ShowWindow
UpdateWindow
SetWindowTextW
SetWindowLongW
SendMessageW

msvcrt

_CxxThrowException
swprintf_s
__CxxFrameHandler3
_purecall
free
memmove_s
memcpy_s
_onexit
_lock
__dllonexit
_unlock
_except_handler4_common
_errno
realloc
?terminate@@YAXXZ
??1type_info@@UAE@XZ
__set_app_type
__p__fmode
__p__commode
__setusermatherr
_amsg_exit
_initterm
_wcmdln
exit
_XcptFilter
_exit
_cexit
__wgetmainargs
_callnewh
??0exception@@QAE@ABV0@@Z
??1exception@@UAE@XZ
?what@exception@@UBEPBDXZ
??0exception@@QAE@XZ
_vsnwprintf
_resetstkoflw
wcscat_s
towupper
wcschr
wcsstr
iswspace
wcstol
_wtof
_ftol2_sse
wcscpy_s
wcsncpy_s
vswprintf_s
_vscwprintf
memset
malloc
_controlfp

ntdll

EtwGetTraceEnableLevel
EtwGetTraceLoggerHandle
EtwRegisterTraceGuidsW
EtwUnregisterTraceGuids
EtwGetTraceEnableFlags
EtwTraceMessage

api-ms-win-security-base-l1-1-0

CheckTokenMembership
AllocateAndInitializeSid
FreeSid

gdiplus

GdipDrawPath
GdipDrawImageRectI
GdipFillPath
GdipCreateLineBrushFromRectWithAngleI
GdipCreateSolidFill
GdipCreateBitmapFromHICON
GdipDeletePath
GdipCreatePath
GdipDeletePen
GdipCreatePen1
GdipCloneImage
GdipCloneBrush
GdipCreateFontFromLogfontA
GdipCreateFontFromDC
GdipDrawImageRectRectI
GdipMeasureString
GdipFillRectangleI
GdipSetSmoothingMode
GdipCreateFromHDC
GdipCreateLineBrushFromRectI
GdipGetImageHeight
GdipGetImageWidth
GdipDisposeImage
GdipLoadImageFromFile
GdipDeleteFont
GdipDeleteGraphics
GdipDeleteStringFormat
GdipCreateStringFormat
GdipAlloc
GdipFree
GdipDeleteBrush
GdipAddPathArcI
GdipAddPathLineI
GdipClosePathFigure
GdiplusStartup
GdiplusShutdown

comctl32

ord344

kernel32

GetCurrentThreadId
SetLastError
lstrlenW
GetModuleFileNameW
HeapFree
RaiseException
GetProcessHeap
GetUserDefaultUILanguage
SizeofResource
LockResource
LoadResource
FindResourceW
DeleteCriticalSection
InitializeCriticalSection
GetLastError
HeapSetInformation
CloseHandle
CreateMutexW
CreateProcessW
FormatMessageW
InterlockedExchange
GlobalFree
GetCommandLineW
SetEvent
WaitForSingleObject
FindResourceExW
CreateThread
CreateEventW
FreeLibrary
InterlockedIncrement
InterlockedDecrement
LoadLibraryW
GetProcAddress
GetModuleHandleW
RegDeleteValueW
RegCloseKey
RegCreateKeyExW
RegOpenKeyExW
EnterCriticalSection
LeaveCriticalSection
FlushInstructionCache
HeapAlloc
RegSetValueExW
lstrcmpiW
RegQueryInfoKeyW
RegEnumKeyExW
MultiByteToWideChar
LoadLibraryExW
RegQueryValueExW
GetLocaleInfoW
SetProcessWorkingSetSize
GetUserPreferredUILanguages
CheckElevationEnabled
GetTimeFormatW
GetDateFormatW
FileTimeToSystemTime
FileTimeToLocalFileTime
DeleteFileW
MoveFileExW
WriteFile
CreateFileW
GetTempFileNameW
GetTempPathW
GetSystemDefaultLangID
LocalFree
GetSystemTimeAsFileTime
DelayLoadFailureHook
InterlockedCompareExchange
LoadLibraryExA
GetVersionExA
HeapDestroy
HeapReAlloc
HeapSize
GetCurrentProcess
UnhandledExceptionFilter
TerminateProcess
OutputDebugStringA
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetModuleHandleA
SetUnhandledExceptionFilter
GetStartupInfoW
Sleep
VirtualAlloc
VirtualFree
LoadLibraryA

Sections

.text
Size: 119KB - Virtual size: 119KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 139KB - Virtual size: 139KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
samples/gold.vir
.exe windows x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

UPX0
Size: - Virtual size: 3.4MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

UPX1
Size: 525KB - Virtual size: 528KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
samples/info.vir
.exe windows x86

1639b1e17656fed4f63bac94cbb79cec

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

MethCallEngine
ord593
ord594
ord595
ord598
ord525
ord526
EVENT_SINK_AddRef
ord529
DllFunctionCall
ord670
EVENT_SINK_Release
ord600
ord601
EVENT_SINK_QueryInterface
__vbaExceptHandler
ord607
ord608
ord530
ord716
ProcCallEngine
ord537
ord645
ord570
ord685
ord100
ord616
ord546
ord547
ord580

Sections

.text
Size: 44KB - Virtual size: 40KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

��H
Size: 4KB - Virtual size:

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
samples/mal.vir
.pdf
samples/mk.vir
.pdf
samples/motic.vir
.pdf
samples/notice.vir
.exe windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Sections

.MPRESS1
Size: 56KB - Virtual size: 224KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.MPRESS2
Size: 1024B - Virtual size: 800B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
samples/obr.vir
.dll windows x86

841cd8dad96381ce9cfc40ddd0184cd7

Code Sign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

05:e6:a9:70:86:b9:c5:67:5a:af:89:c5:8f:fb:21:b8
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

21/03/2023, 00:00

Not After

17/05/2026, 23:59

Subject

CN=ADLINK TECHNOLOGY INC,OU=研發部,O=ADLINK TECHNOLOGY INC,ST=Taoyuan City,C=TW

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

de:dc:26:80:8d:5d:b4:d8:00:0f:1b:5a:ff:34:89:ef:47:04:32:bb:06:a6:38:7d:7f:a5:4e:c8:23:e8:18:ef
Signer

Actual PE Digest

de:dc:26:80:8d:5d:b4:d8:00:0f:1b:5a:ff:34:89:ef:47:04:32:bb:06:a6:38:7d:7f:a5:4e:c8:23:e8:18:ef

Digest Algorithm

sha256

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

WaitForMultipleObjects
CreateThread
CreateEventA
SetEvent
DeviceIoControl
GlobalFree
GlobalUnlock
GlobalUnfix
GlobalFix
GlobalLock
GlobalAlloc
WaitForSingleObject
CreateFileA
GetProcAddress
GetModuleHandleA
GetTimeFormatA
GetLocalTime
VirtualAlloc
VirtualFree
ResetEvent
CloseHandle
GetVersionExA
Sleep
RtlUnwind
ReadFile
SetEndOfFile
GetStringTypeW
GetStringTypeA
HeapFree
HeapAlloc
GetCommandLineA
GetVersion
EnterCriticalSection
LeaveCriticalSection
GetLastError
WriteFile
SetFilePointer
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
InitializeCriticalSection
HeapDestroy
HeapCreate
ExitProcess
HeapReAlloc
RaiseException
InterlockedDecrement
InterlockedIncrement
TerminateProcess
GetCurrentProcess
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
SetStdHandle
FlushFileBuffers
GetCPInfo
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetACP
GetOEMCP
LoadLibraryA

user32

wsprintfA
MessageBoxA

advapi32

RegEnumValueA
RegCloseKey
RegQueryInfoKeyA

setupapi

SetupDiDestroyDeviceInfoList
SetupDiGetClassDevsA

winmm

timeBeginPeriod
timeEndPeriod

Exports

Exports

AF_Erase
AF_Rd_Data
AF_Rd_Status
AF_Sector_Erase
AF_Wr_Byte
AF_Wr_Page
AF_Wr_Status
DSA_AI_9527_ConfigChannel
DSA_AI_9527_ConfigSampleRate
DSA_AI_9529_ConfigChannel
DSA_AI_AsyncCheck
DSA_AI_AsyncClear
DSA_AI_AsyncDblBufferHalfReady
DSA_AI_AsyncDblBufferHandled
DSA_AI_AsyncDblBufferMode
DSA_AI_AsyncDblBufferOverrun
DSA_AI_AsyncDblBufferToFile
DSA_AI_AsyncReTrigNextReady
DSA_AI_ContBufferReset
DSA_AI_ContBufferSetup
DSA_AI_ContReadChannel
DSA_AI_ContReadChannelToFile
DSA_AI_ContStatus
DSA_AI_ContVScale
DSA_AI_DataScaler
DSA_AI_EventCallBack
DSA_AI_EventCallBackWithArg
DSA_AI_InitialMemoryAllocated
DSA_AI_SetTimeOut
DSA_AI_Status
DSA_AO_9527_ConfigChannel
DSA_AO_9527_ConfigSampleRate
DSA_AO_AsyncCheck
DSA_AO_AsyncClear
DSA_AO_AsyncDblBufferHalfReady
DSA_AO_AsyncDblBufferMode
DSA_AO_ContBufferReset
DSA_AO_ContBufferSetup
DSA_AO_ContStatus
DSA_AO_ContWriteChannel
DSA_AO_ContWriteMultiChannels
DSA_AO_EventCallBack
DSA_AO_EventCallBackWithArg
DSA_AO_InitialMemoryAllocated
DSA_AO_SetTimeOut
DSA_AO_VoltScale
DSA_Auto_Calibration_ALL
DSA_Buffer_Alloc
DSA_Buffer_Free
DSA_CAL_LoadFromBank
DSA_CAL_SaveToUserBank
DSA_CAL_SetDefaultBank
DSA_ConfigSpeedRate
DSA_Device_Scan
DSA_GetAIEvent
DSA_GetAOEvent
DSA_GetActualRate
DSA_GetBaseAddr
DSA_GetCardActualRate
DSA_GetDeviceProperties
DSA_GetFPGAVersion
DSA_GetGeoAddr
DSA_GetLCRAddr
DSA_GetSerialNumber
DSA_QC_AIGainTestMode
DSA_QC_Calibration
DSA_QC_EEPROM_Clear_ALL
DSA_QC_EEPROM_Update_ALL
DSA_QC_EnableREF5V
DSA_QC_SetRefVolt
DSA_Register_Card
DSA_Register_Card_ByID
DSA_Release_Card
DSA_ResetSampleRate
DSA_SYN_CheckMultiCardStatus
DSA_SYN_ConfigMultiCard
DSA_SYN_SyncStart
DSA_SetSerialNumber
DSA_SetTimebase
DSA_TRG_Config
DSA_TRG_ConfigAnalogTrigger
DSA_TRG_GenTrigger
DSA_TRG_SoftTriggerGen
DSA_TRG_SourceClear
DSA_TRG_SourceConn
DSA_TRG_SourceDisConn
GetRegValue
GetRegValueByte
GetRegValueDWord
GetRegValueWord
SetRegValue
SetRegValueByte
SetRegValueDWord
SetRegValueWord
_9529_I2C_Control
_9529_I2C_EEReadDWord
_9529_I2C_EEWriteDWord
_9529_InitEEPROM
_9529_PrintCALConst
_9529_SaveGoldenBank
_9529_TestMode
_DSA_CAL_SetRefVoltage
_DSA_CAL_SwitchRefSrc

Sections

.text
Size: 140KB - Virtual size: 136KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
samples/pdf.vir
.exe windows x86

1639b1e17656fed4f63bac94cbb79cec

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

MethCallEngine
ord593
ord594
ord595
ord598
ord525
ord526
EVENT_SINK_AddRef
ord529
DllFunctionCall
ord670
EVENT_SINK_Release
ord600
ord601
EVENT_SINK_QueryInterface
__vbaExceptHandler
ord607
ord608
ord530
ord716
ProcCallEngine
ord537
ord645
ord570
ord685
ord100
ord616
ord546
ord547
ord580

Sections

.text
Size: 44KB - Virtual size: 40KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

��H
Size: 4KB - Virtual size:

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
samples/qak.vir
.exe windows x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

UPX0
Size: - Virtual size: 3.4MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

UPX1
Size: 525KB - Virtual size: 528KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
samples/qh.vir
samples/ql.vir
.exe windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Sections

.text
Size: 2.7MB - Virtual size: 2.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 96KB - Virtual size: 187KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.symtab
Size: 512B - Virtual size: 4B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
samples/qo1o.vir
.dll windows x86

47b95eaa8a92898962a601a6fb44ee48

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

_adjust_fdiv
free
malloc
_initterm

kernel32

DisableThreadLibraryCalls

Exports

Exports

LD_lookup

Sections

.text
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 580KB - Virtual size: 578KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 552B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
samples/ren.vir
.pdf
samples/runi.vir
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Sections

.MPRESS1
Size: 682KB - Virtual size: 2.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.MPRESS2
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 61KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
samples/runme.vir
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.sdata
Size: 512B - Virtual size: 170B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
samples/sample.vir
.pdf
samples/sar.vir
.dll windows x64

bd93999460f3e9b5ee3baa22db4b8bdf

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

python311

_Py_Dealloc
PyCapsule_GetPointer
PyImport_ImportModule
_PyArg_ParseTuple_SizeT
PyModule_Create2
PyObject_GetAttrString
PyErr_NoMemory
PyCapsule_Type
PyExc_ImportError
PyErr_Print
PyEval_RestoreThread
PyErr_SetString
PyErr_Format
PyExc_AttributeError
PyExc_RuntimeError
PyEval_SaveThread

kernel32

InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
IsDebuggerPresent
DisableThreadLibraryCalls

vcruntime140

memset
memcpy
__C_specific_handler
__std_type_info_destroy_list

api-ms-win-crt-heap-l1-1-0

malloc
free

api-ms-win-crt-runtime-l1-1-0

_configure_narrow_argv
_cexit
_execute_onexit_table
_initialize_onexit_table
_initialize_narrow_environment
_seh_filter_dll
_initterm_e
_initterm

api-ms-win-crt-math-l1-1-0

sqrt
fma

Exports

Exports

PyInit__pocketfft_internal

Sections

.text
Size: 95KB - Virtual size: 95KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 248B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 60B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
samples/shu.vir
.pdf
samples/sk.vir
.dll windows x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Sections

.text
Size: 45KB - Virtual size: 44KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 792B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
samples/slwl.vir
.exe windows x86

b696542cade53789c2cbed09ce287013

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:44:18:e2:de:de:36:dd:29:74:c3:44:3a:fb:5c:e5
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

02/07/2021, 00:00

Not After

10/07/2024, 23:59

Subject

CN=Google LLC,O=Google LLC,L=Mountain View,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21/09/2022, 00:00

Not After

21/11/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

b7:05:58:f4:0d:3a:98:3d:e1:50:3e:f2:75:d2:0f:13:d8:7f:27:8d:dd:26:4c:ff:26:7a:f9:c8:0f:34:fe:c0
Signer

Actual PE Digest

b7:05:58:f4:0d:3a:98:3d:e1:50:3e:f2:75:d2:0f:13:d8:7f:27:8d:dd:26:4c:ff:26:7a:f9:c8:0f:34:fe:c0

Digest Algorithm

sha256

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegOpenKeyExW

kernel32

SizeofResource
HeapFree
GetCommandLineW
GetModuleFileNameW
InitializeCriticalSectionAndSpinCount
HeapSize
GetLastError
GetFileAttributesExW
LockResource
HeapReAlloc
RaiseException
FindResourceExW
LoadResource
FindResourceW
HeapAlloc
DecodePointer
HeapDestroy
GetProcAddress
DeleteCriticalSection
GetProcessHeap
GetModuleHandleW
FreeLibrary
LoadLibraryExW
CloseHandle
CreateFileW
SetFilePointerEx
GetConsoleMode
GetConsoleOutputCP
FlushFileBuffers
GetStringTypeW
SetStdHandle
IsDebuggerPresent
OutputDebugStringW
EnterCriticalSection
LeaveCriticalSection
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
GetStartupInfoW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
SetLastError
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
RtlUnwind
EncodePointer
ExitProcess
GetModuleHandleExW
GetStdHandle
WriteFile
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
MultiByteToWideChar
WideCharToMultiByte
GetEnvironmentStringsW
FreeEnvironmentStringsW
LCMapStringW
GetFileType
WriteConsoleW

shell32

SHGetFolderPathW

user32

CharLowerBuffW

shlwapi

SHQueryValueExW
PathAppendW
PathRemoveFileSpecW

Sections

.text
Size: 81KB - Virtual size: 80KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 2KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 57KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
samples/viruem.vir
.exe windows x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

UPX0
Size: - Virtual size: 3.4MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

UPX1
Size: 525KB - Virtual size: 528KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
samples/virunf.vir
.pdf
samples/virwi.vir
.dll windows x86

f3b95daa521f7b92d73d4818bf2d8ee5

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

_initterm
malloc
_adjust_fdiv
__dllonexit
_onexit
free

Sections

.text
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 530B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 172KB - Virtual size: 171KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 456B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
samples/w2o.vir
.exe windows x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

UPX0
Size: - Virtual size: 3.4MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

UPX1
Size: 525KB - Virtual size: 528KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
samples/want.vir
.pdf
samples/win.vir
.dll windows x86

8e1e263a3ab14ee8da35acbdb59d3b02

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1b:09:3b:78:60:96:da:37:bb:a4:51:94:46:c8:96:78
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

06:6a:58:d7:fa:22:35:12:35:00:09:37:e2:56:aa:54
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

02/03/2018, 00:00

Not After

01/04/2019, 23:59

Subject

CN=北京鼎普科技股份有限公司,OU=品质管理部,O=北京鼎普科技股份有限公司,L=北京,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1b:09:3b:78:60:96:da:37:bb:a4:51:94:46:c8:96:78
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7f:09:b3:b8:92:48:7b:9c:64:ec:0f:4b:53:9c:7c:7c
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

06/03/2018, 00:00

Not After

02/04/2019, 23:59

Subject

CN=北京鼎普科技股份有限公司,OU=品质管理部,O=北京鼎普科技股份有限公司,L=北京,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

54:58:f2:aa:d7:41:d6:44:bc:84:a9:7b:a0:96:52:e6
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

02/01/2017, 00:00

Not After

01/04/2028, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

5b:49:38:77:2f:0c:f7:f6:4a:38:9a:b5:d0:61:0b:8c:dd:2b:3d:9a:49:7b:fe:df:11:2c:b0:a3:3d:37:c4:77
Signer

Actual PE Digest

5b:49:38:77:2f:0c:f7:f6:4a:38:9a:b5:d0:61:0b:8c:dd:2b:3d:9a:49:7b:fe:df:11:2c:b0:a3:3d:37:c4:77

Digest Algorithm

sha256

PE Digest Matches

true

82:ba:fa:ca:f7:b3:c6:db:80:0c:3c:2d:87:8f:c2:f6:ba:2b:1f:e7
Signer

Actual PE Digest

82:ba:fa:ca:f7:b3:c6:db:80:0c:3c:2d:87:8f:c2:f6:ba:2b:1f:e7

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mfc42d

ord4123
ord1164
ord333
ord719
ord1114
ord1179
ord684
ord485
ord721
ord1787
ord4258
ord5086
ord2636
ord1510
ord590
ord1100
ord880
ord342

msvcrtd

_initterm
__CxxFrameHandler
_purecall
memset
??1type_info@@UAE@XZ
_free_dbg
_chkesp
_malloc_dbg
_adjust_fdiv
__dllonexit
_onexit

Exports

Exports

decrybuf
decryfile
encrybuf
encryfile

Sections

.text
Size: 96KB - Virtual size: 93KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 959B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
samples/wlwl.vir
.pdf
samples/world.vir
.exe windows x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

UPX0
Size: - Virtual size: 3.4MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

UPX1
Size: 525KB - Virtual size: 528KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

Headers

File Characteristics

Sections

CODE Size: 4KB - Virtual size: 4KB

DATA Size: 512B - Virtual size: 40B

BSS Size: - Virtual size: 73B

.idata Size: 14KB - Virtual size: 14KB

.reloc Size: 1KB - Virtual size: 1KB

.rsrc Size: 2KB - Virtual size: 2KB

9e08c1ff93104173e6a3e0d700fcc248

Headers

DLL Characteristics

File Characteristics

Imports

vr@s;6&`hi

hdwomh;6*aod

bes@xm;6*aod

thki\px*`io

@s\q\7:*`io

muamd*lhh

nqw/lhd

pdftz7:*`io

piivita*`io

gov@xm&`hi

Exports

Exports

Sections

.text Size: 290KB - Virtual size: 292KB

.rdata Size: 84KB - Virtual size: 84KB

.data Size: 6KB - Virtual size: 12KB

.gfids Size: 512B - Virtual size: 4KB

.reloc Size: 13KB - Virtual size: 16KB

Headers

File Characteristics

Sections

.text Size: 81KB - Virtual size: 81KB

.data Size: 4KB - Virtual size: 4KB

.rdata Size: 633KB - Virtual size: 632KB

.pdata Size: - Virtual size: 9KB

.CRT Size: 512B - Virtual size: 12B

.text Size: 2KB - Virtual size: 2KB

.rsrc Size: 156KB - Virtual size: 156KB

.rsrc Size: 4KB - Virtual size: 4KB

.idata Size: 512B - Virtual size: 4KB

.idata Size: 512B - Virtual size: 4KB

.idata Size: 512B - Virtual size: 4KB

.idata Size: 1024B - Virtual size: 4KB

.data Size: 5KB - Virtual size: 8KB

.text Size: 9KB - Virtual size: 12KB

.idata Size: 512B - Virtual size: 4KB

.idata Size: 512B - Virtual size: 4KB

7b33197423f08d5868758b0f560fae0b

Code Sign

70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bfCertificate

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate

Extended Key Usages

Key Usages

2e:db:a8:50:21:ee:00:c9:73:b5:c5:39:8b:2e:11:55Certificate

Extended Key Usages

Key Usages

37:45:0a:4b:e4:71:d9:02:a2:b2:d0:95:a9:0e:07:6b:30:cd:7c:bcSigner

Headers

File Characteristics

Imports

kernel32

Sections

.text Size: 28KB - Virtual size: 24KB

.rdata Size: 8KB - Virtual size: 6KB

.data Size: 4KB - Virtual size: 6KB

CODE
Size: 4KB - Virtual size: 4KB

DATA
Size: 512B - Virtual size: 40B

BSS
Size: - Virtual size: 73B

.idata
Size: 14KB - Virtual size: 14KB

.reloc
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 2KB - Virtual size: 2KB

.text
Size: 290KB - Virtual size: 292KB

.rdata
Size: 84KB - Virtual size: 84KB

.data
Size: 6KB - Virtual size: 12KB

.gfids
Size: 512B - Virtual size: 4KB

.reloc
Size: 13KB - Virtual size: 16KB

.text
Size: 81KB - Virtual size: 81KB

.data
Size: 4KB - Virtual size: 4KB

.rdata
Size: 633KB - Virtual size: 632KB

.pdata
Size: - Virtual size: 9KB

.CRT
Size: 512B - Virtual size: 12B

.text
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 156KB - Virtual size: 156KB

.rsrc
Size: 4KB - Virtual size: 4KB

.idata
Size: 512B - Virtual size: 4KB

.idata
Size: 512B - Virtual size: 4KB

.idata
Size: 512B - Virtual size: 4KB

.idata
Size: 1024B - Virtual size: 4KB

.data
Size: 5KB - Virtual size: 8KB

.text
Size: 9KB - Virtual size: 12KB

.idata
Size: 512B - Virtual size: 4KB

.idata
Size: 512B - Virtual size: 4KB

70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bf
Certificate

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

2e:db:a8:50:21:ee:00:c9:73:b5:c5:39:8b:2e:11:55
Certificate

37:45:0a:4b:e4:71:d9:02:a2:b2:d0:95:a9:0e:07:6b:30:cd:7c:bc
Signer

.text
Size: 28KB - Virtual size: 24KB

.rdata
Size: 8KB - Virtual size: 6KB

.data
Size: 4KB - Virtual size: 6KB

.rsrc
Size: 32KB - Virtual size: 31KB

.reloc
Size: 4KB - Virtual size: 3KB

UPX0
Size: - Virtual size: 2.4MB

UPX1
Size: 2.7MB - Virtual size: 2.7MB

.rsrc
Size: 32KB - Virtual size: 36KB

09:fa:2e:e5:d3:d4:88:59:b0:1b:b1:38:07:9f:be:dd
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9d
Certificate

09:fa:2e:e5:d3:d4:88:59:b0:1b:b1:38:07:9f:be:dd
Certificate

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9d
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

f7:dc:ac:dd:1a:21:b3:1a:22:7e:6f:ee:34:68:eb:b8:8f:72:a2:a5:c8:49:52:40:1a:75:e7:6c:31:cb:86:54
Signer

3f:77:09:b7:5e:d4:aa:86:a6:b8:c5:28:c5:f3:e6:d6:55:81:10:49
Signer

.text
Size: 26KB - Virtual size: 25KB

.rdata
Size: 5KB - Virtual size: 5KB

.data
Size: 1KB - Virtual size: 451KB

.ndata
Size: - Virtual size: 992KB

.rsrc
Size: 60KB - Virtual size: 59KB