2023-03-22-Emotet-malware-samples[.]zip

Resubmissions

13-09-2023 20:47

230913-zk1mnahe68 10

13-09-2023 19:55

230913-ym9snsef2y 10

13-09-2023 19:49

230913-yjtbhshc66 3

Sharing

Copy URL

Twitter E-mail

General

Target

2023-03-22-Emotet-malware-samples.zip
Size

1.9MB
MD5

dd96bc22ea8919bcc30d7c3313b29103
SHA1

eede57aad77bb1737e9c37b90afee1ea3931e8ec
SHA256

52380fa4188daab8d7e884c71da9e39e80048d7cfe373d0a5e197bd14fb43521
SHA512

ef17e4fa93445efcc0e2376dbe37d183e8b5663fe1f39a3b6851c465ec230651eb2595bb60999590bf9f367a99ba28de19fb2043028dd83a8c4d7e7a482c6368
SSDEEP

49152:OKW7tMAJ3GGKDTGiIyFHw3J+IriiGJ+6GO:TW7tMkqT7Hw3J+ein86GO

Score

3^/10

Malware Config

Signatures

Unsigned PE 3 IoCs

Checks for missing Authenticode signature.

Processes:

resource
unpack002/q7BQAFT0.dll
unpack004/RAddjxpwj24w2YPhNNlkljCCW1mNl.dll
unpack006/HPKhTEMLxAwWRn14Bn9w1Sj9aW00.dll

Files

2023-03-22-Emotet-malware-samples.zip
.zip

Password: infected
2023-03-22-example-of-zip-from-erkaradyator.com.tr.bin
.zip

Password: infected
q7BQAFT0.dll
.dll regsvr32 windows x64

Password: infected

d76ae4775a3b5cab14b414b04192c713

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

LCMapStringW
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
FreeLibrary
HeapReAlloc
MultiByteToWideChar
EnterCriticalSection
FatalAppExitA
LeaveCriticalSection
LoadLibraryW
SetConsoleCtrlHandler
RaiseException
GetSystemTimeAsFileTime
GetCurrentProcessId
GetStringTypeW
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
HeapAlloc
ExitProcess
GetTickCount
QueryPerformanceCounter
HeapDestroy
HeapCreate
GetVersion
HeapSetInformation
GetEnvironmentStringsW
WideCharToMultiByte
FreeEnvironmentStringsW
GetModuleFileNameA
DeleteCriticalSection
DecodePointer
EncodePointer
GetCurrentThreadId
FlsSetValue
GetCommandLineA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
WriteFile
GetStdHandle
GetModuleFileNameW
GetLocaleInfoW
GetLastError
Sleep
HeapSize
GetProcAddress
GetModuleHandleW
FlsGetValue
FlsFree
SetLastError
GetCurrentThread
FlsAlloc
HeapFree
SetHandleCount
InitializeCriticalSectionAndSpinCount
GetFileType
GetStartupInfoW
IsValidLocale

user32

CloseGestureInfoHandle
InvalidateRect
GetGestureInfo
ScreenToClient
DispatchMessageW
DefWindowProcW
UpdateWindow
CreateWindowExW
ShowWindow
LoadStringW
EndPaint
DestroyWindow
SetGestureConfig
TranslateAcceleratorW
GetMessageW
PostQuitMessage
LoadCursorW
BeginPaint
TranslateMessage
RegisterClassExW

gdi32

LineTo
DeleteObject
SelectObject
Polyline
CreatePen
MoveToEx

ntdll

NtAllocateVirtualMemory
NtTestAlert
ZwOpenSymbolicLinkObject
LdrAccessResource
NtQueueApcThread
LdrFindResource_U
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
RtlUnwindEx

Exports

Exports

AAKXCK
ABBmjS
ABhobFkZqijtpQLlOilhSr
ACQJqCGujLpCRT
ADnSvIfRovy
AGkcJjGwVOjivSLsXRoY
AGulqJqHsYzdE
AIZgcVIEpbJDLg
AKHjmBorbZqtXL
AKuzwgaryBHSGoMJlKn
ANxfLrupS
ASUUEPTLlJauNWuykN
AUobsouPSgyQnXhlrBcYEGig
AWYKMtwwjbiEtKxCcFFyXW
AYrLyrRdhxvPYjkTZ
AZvELZPUezr
AaTXhqzIimjQo
AcKPciJXTHFNSeEClUhbYAk
AehpcFCqSICdREqbGfVt
AgdpAVTMFEWPRg
AjSXWoTDLpspvSTAVby
AqmpZtQpqIjjYewnMkrFkD
AtXyhSDUvMqVVWMxwPYMPgoWk
AuRAEFQy
AwKRKFPkZdIvWt
AxkwKIhEUHErDwblsxUnWuUJVL
AyZhLFvSdYoV
AzbqboaoXz
AzyxqaSnFXdT
BADenfpkKtjryvI
BAiwJfGCfEnYgQTFzwtzZYda
BCqNcZ
BDaSttbx
BEQbkuLjhEyCLUEzu
BFPwAMfigDHPNVetb
BMcmvgRGTGouTg
BOGQGlFGpRIUekukNAAxBkiifw
BRwvooTSrmSHkcp
BSOpTM
BSnOshRuFapjXMPvBrVfmhBK
BURXLgtw
BYyUqNBIg
BaKQpUuhHlxXCPVA
BeCPtVLVUZlsjEQRar
BkSdPBPxjuSxMIw
BmAARiXYSqMi
BnTufpMRGoPXNXvlxuxVt
BpTjBMboixPCftPfDUYRSuVg
Brangcx
BrflplHGvoeghTBjuqscUghxTc
BrxDAiSMUeEFXmSo
BsKsYPKtTeoKSYFxP
BtuhIchVWCbKcvKSGgXrWTNPXu
BvHrdPmrgIqGQrUvt
BwpOtWWCBFUbQMf
CDxJQgnjMpwbMbJplLvbypejqS
CJQUCBvShdsaLF
CNLIgHow
CRYgANrnLtPFrDFrE
CRxqdr
CSBkGngk
CTmlUyywZyiPAzcAcqskm
CUAsZTwJJFsBZVbkvNyaEw
CUnfyVhqGmpYJQ
CcgfAfmHih
CgaidZSf
CsAHglhiLQFKfiV
CsKyzmuGNsOUtSHVF
CswQijP
CswUmucOmDMNkAy
DAWkRohpCXkMZyGtfVCstDRu
DBpaxnIvZUmZUA
DCCZhQQQJwWcrcsTmubk
DCgkFBSZHuQWbLfkzePX
DGneCmBLCRZxxuXwNvzizA
DKrlzOFCX
DNUzvlTntdCaQMcz
DOCanLO
DPJzrGYjjynfnKM
DQHVqDmeYNLIGjzumWJnGk
DRswhdwJgZGPGwhxKtSpNDlL
DUWAmtReGCVuaofdnfY
DVPqahvFn
DWxdnhkgoMOXA
DXEJvyRDZ
DZBlbnAuvUzaSymO
DdsTLRCzhLcmQ
DeKuDrDhATuaYiTAAqoO
DfmwtJbHVm
DjCasZInJmrYSkvAMdxqxF
DjyLMpXDKYuK
DkvPTuvhYIzniFUTMGJQBAvBW
DllRegisterServer
DpczXu
DrbvsvwdgSvtzfrrmvUn
DrxZnDXDqGxHd
DsgXKxAAzJzxweAVFZ
DvncvtBrJLKuegnujepkfnUv
DwrCKysdYe
DxVjbgRmRPLZEKjBoIu
DxhcSBDIXcydOfnxO
DzxtcS
EAupEjTqbySTA
EBbwlfAVMYvthCjY
EFAEbKynHVoPzWMfFOFgD
EIsdsrtIsiYxUqUsxajRCJ
EKjKoDFOcxmKCJAoHFvnoMH
EOBUntDf
ESUdfBOYKlEKjxE
ETkIPjqbyCE
EUMfjwvZlIIzqSVeCEfkz
EUrFLZOcdYNP
EbzeKOsEuPbkUcsz
EcCNaTmPimCWgWrlGTIM
EfKQVAaXDocWSgSg
EfXlpFuygrKnZJlBgls
EfxoIpTIPweOQwHQI
EixlKbASZ
EmMrqlKmtiLXMtJVy
EnCKhwkgRna
EoHmRnv
ErOqPntAsROkTVelNSumpo
EypSwyAnSP
FABfPi
FFHuQYWWEKB
FGlyQnjn
FGvjLGfyqHlCzCIsbf
FIFBSMZTvhNaldADznpGe
FJEmZnzopqFwzfrQwbRM
FNeAUOEdKgNKdLobJQjEeYT
FOdbZLRcImB
FRyjZANSwXTYoyHVJzUJwH
FWhOAubhykfNRJvcpM
FXqphaMFMscEjiKtexTWBln
FcnkdSoWNtDsqfj
FerNIjpe
FkQjsdMJ
FmfAfnquLuoJNBMSD
FoSmffUUfTILxiezATILMAnd
FoZTfUiYEBBCev
FrTeqxVCHDkIxDgyzY
FtJZxp
FtghpsPCaYtATGQVxV
FwAtvLedceqMiljic
FwueUWgxtRJbKkfWNJb
FxJndGTjp
GAXNrTxYERzFXPPYYyKlw
GMDGiVSwREhDBf
GNAKJr
GRrCQVAcRUf
GTVhShWLETuPUGwnDAohuq
GZRQrLEfAosXGFZV
GaGcOgY
GclKSpAwXMlQCRoQzLS
GeObmRL
GecVQiSciVMeAsEibFp
GeeXiFhaMx
GexbjmIvkILUsSu
GgeihiAdpwAADaEzbPhk
GghoewjNle
GiEEqQeQEHKsXF
GkzUkkwVHrXkcpUHsbBsiyp
GlRkhIzIFpQdMtQNHSTbe
GmJcIteOqBHrsGhh
GoKdZK
GqogvqZaSXn
GshbdMOnpoWwFfFvqYlpzx
GtICjZkPjcgzZVbYlmrqAruIYi
GuGTnKqlAdiVyc
GwZHFofmtxBvW
HBBbucgLIZwMlGcAQrFQ
HDJXomKKqauQGFvYdHRctyiRK
HFqPRjfVSEATNdTxK
HGAYalETZZcXwxP
HKieolMHqIDLtwseWeWXO
HLcKdgYrEugyGOpvdyjRbEmq
HMlkYvEsIlyDzYdkptJKudPB
HMrNcTXYNQLwwbVNOavK
HMyHzhpgAMpUkftTjWlLl
HPEoDCnThwUkUyK
HQKUXlJKtthlwbHmXEOpVxYlTm
HSyanOyQpcTupxdPiU
HUgVLuEMtIsBQMPXRcBq
HWQrTuZMQpfAa
HXhwzJ
HZNVzlgdAnHuGebpELqvIbZqzU
HazTiDLBviTZgmJSDRnvJGJ
HdyMFmf
HhKlhvmzSsFovoZNckRADrVFV
HjgvfxcAsSHpFtipCWGO
HsdAOWIYEGCEE
HtKEpUlliwbe
HwAXHqLHwPrXPPvAsBtsV
HwzbVVEjHwJNt
HzFOEhsyOh
HzlbZRLkZXWmKEGdjv
IBLjMOmkMx
IITzTBorVHkpLfN
IKoOBNqiHCDSHXSsJ
ILczhULsMPSh
ILlHufGzXhd
IPGygyvQvnzszxduWPu
IPXxROqeTMZFNsVjgbYVIwYYfl
IRsTbauOLuZvmxZw
IUfLGcKlybpkdS
IWGfnjIwPnuM
IXCQevqrRiyIopVkGETjnS
IZZVdaohBGduEXQv
IaPjPOE
IbwfBTnGROucjZrk
IgPUfFQUkFYM
IgQXFDcAaDzhSBMomFT
IgZbuKqobHktBXFVkxO
IiMhjMjchttPmkPEo
IlTPkRPQPndGC
IlnOhhsYu
IpDDTlabfRrTKtJvBoH
IpVwayOPAFgbXKbFFsM
IsHuPteigg
IskmWJomw
ItLibhCUPiFLqIMdAICeiNv
ItYGHrkPIBgeCvddmndDlHPcK
JDhwrKnLfGpOHlQrX
JFeBqrhkqwgXChnX
JMboDSaSGlZjXsNG
JMsDjZlmyouqJYGXEWmqmPJH
JRKxiKkRpaJzoIJZwWeFuR
JSSqgSkIvVPQtzgmpjRtjJpJg
JVcsGpDttbJ
JVgIWTIqZwHhaxS
JVlCCqtfEoWhmTd
JXHtscY
JXvzDUKjFfpngKEXwKl
JXzrxGVQGelx
JZZHgenAtk
JZauCfvvNxCPK
JcsbkWjxgUKsxBpWHF
JfXnjNWKJlZuMsfpOljIVjL
JiixwRDCIrqSqdtjQwJUUZAaL
JiudzFIgGwVCxGOVcY
JjQxlQCrukTcHVYpaYrvwhAwbk
JkaUppXrgTjKvrPvUWQVRpVsK
JldUZACoXhhjZghkWUhQBDts
JoUsyRpXKjIOfTPCElEPRFDrk
JqdiAtVoTzSbhyZl
JtVxaZYmRnMXvzcSQNDvRvTWM
JvuMgqIPNjpGPsvTwMqFXoOyt
JxPXGWFTMSEepZiRyTLYrX
JyLIHz
KBvrOAvarwxzjiat
KCdtjkGmlUZFHhRGtxonm
KDreWTAYjPtFAklDU
KEuzPoGYkCYAznieKsAFdvi
KImbTRBjXqONrBobYN
KNmnIWPYBWKywivJIMt
KQfjbORwtrHrnSG
KVVehbUwNUDScYrvO
KVWdkD
KWbaqlVaCEzgAks
KYUYXRXVKSQAtujSDBO
KaVCfpcHZpL
KbgQFDbJUjoPdEXsEYaNknoxUV
KcJDSKSZlOjj
KcJhwFXotSiGdMPYRI
KdTqSokzZsIF
KdbHzxlc
KdurJceXKltppet
KeGrdHphrraFZjbwYpsGcioceZ
KeNCQMjS
KhrsLbzHkpEHqyHCNQyRZd
KiQmeuHORVCPqYhYoJ
KjgkriVQLmctq
KjsUJWuK
KkEHGYKGBrvYkuwNJwQcHVB
KmtptqyWLUpBACt
KpkzILlieHuU
KsQUCyjwZvqGNTfyuj
KvnCqSCdz
KyHsatOfn
KzEYLKLglEPPlBvj
KzpjgkDCkXMCcI
LBXjUmpFmwE
LGPFhJwfczHGkMxSp
LGgzlAtkRROoKgfWoKNQX
LHlBSGxZmbzUPSg
LJpaCDTsLBdRkFJrXISI
LKieACPTkRDhiXoajfJHZcx
LLLzgxthGejswfBu
LManZVLBuWiWSaHfdogslbQeU
LNsKncrCPTIrchcroGNjGEEgh
LSKGsoYlftGySwikM
LXBTuOgsJPYkKCGfB
LXiejnyNuMYnMnLQ
LYJNrhtGZnN
LZdRbOyYkSXsELj
LZmqhmoaHYGDJssngYdofZYL
LaEuolhkgy
LbofCxIEMDlInhBugLCr
Lemhfcr
LhcBAyoztlNOuAcSJdBZp
LiaakemiTlaancTRvzd
LkYPgHvKwQlVmdlLvLnWX
LmZpmCJdhnWkDhWb
LnsslCQkOUaKvadyWMPQUdNP
LoDzrBRLFGR
LpSTfs
LvuthxDEAmJCZhtjBOB
LxWmdMJaybmBaXBLKSz
LylImoVyMflKSYIkeK
MAxjGmbpfIJDwwLyQqLw
MCsUOULGVgBHPqHXEWcgtzwnY
MHUXNdjYDzHFPCZ
MHdGeZFxYreLBffLP
MJcqmCgfkrVTTqPIGQ
MJzOdbLZHcdAdqhC
MKFVEYgPupXwkyg
MKwehHYxwEQwlOnrFJiiI
MLMWKAmGwakirgxdEmgDGS
MNlVdeYyV
MOdPxPPRmIFV
MOeyPvTyAIw
MPUjfpqkEjekEBOxnNIo
MPxNKDPoeIzVvHqOOgvZpY
MQARgovWtOqXdwZrkztF
MRNLbxIWsEKdxvfShkYDcXXt
MRdEYSayNFpEzUa
MVCcABPLz
MWPxOLHGbiuzXXFVFplCjO
MXPQDykvlUNWbHnR
MYOHSJSNGIlDeWstupLqV
MYSPaF
MYcPqHvoLarO
MZzMIWa
MaZiGeeMkdkzbuApzKnEF
MdXVOoQxFBhlxxAbr
MeJHKYcyXb
MfgDmU
MfnuXwsvTcHrcPQnchVwkyfwn
MgXaoSJ
MjEGvKWDvQ
MlVTkbkKiAxIRevRXXzmv
MlfcmNDFSheMTLdiTIUEzX
MlnhzOda
MmGsdDq
MmowSUzs
MopAsGHIPpkwXcdPCn
MwBkFuK
MwHlpFQciZATNhZ
MyCjgEXbETh
MzYNdxlsxnCiIxOOmqro
NDXIMoMqyFlweQNXUTSA
NGfTwXKyxW
NGxSzWKDRIpToKV
NJzWCdtrikuBPkrmztCV
NKdgsQJZtWxzqLNuzjKURvHZT
NLKHLSf
NQEuYRIRXMmzeiYFFNduElkUda
NRwpJLxUVgyHuyHAQWHNpjsrgc
NUJLqhmhfh
NabuNhWwjrxJjelLyyh
NbVOlkyFPQFhs
NbwFICqFKVmlyXEWldKfAcSNbl
NfNUWMAwVKYwaOfoLUUF
NfxavbdiSpLYXRijsHmyzBed
NgjiBlcmYodJIarpCqkQ
NhbfUvMRYWLSQUKTzhHUGVx
NiUuFHxdDwcKqplKDSg
NttZhCwMCzHPPbA
NuHrpCvELpdHxtnnyr
NvuqQVtFqhJXnkjrTW
NyVQMLPHnNBiXGihoZb
NykURZhsInvUMlePO
NzgQLwz
OCBdPtMQImnhnIvuYvuu
OHhVOYwFRf
OMYhSuHGEQdRbvIC
OMbrbSCioZrxolm
OOrDAoUtlFpODoRHHoUOO
OQcOhtDEXqbdW
OTCgWumoNdzaTciA
OTRMXnfqORJdboYk
OVUIMfYagEfxXyOlnoB
OVfOjpUPtdQrBiBByL
OYybubPZOoqnftJgGkdHlFXpw
OboRcQrvLeO
OdJhfCizrTZeEbrSNxKhyMM
OdYRzGkbqADCB
OgZCqlrIbyeNMN
OhKKYSKmMWqcSSqFbGjkpVt
OhRCsS
OjQstpVyyC
OkDBvdlARbsmHVYowIKrWo
OmGqMDsiBsSzvvJqv
OnGwIjOOtn
OpFQPgrFnQ
OtRgQbhWOaAllHRCbaURQJQ
OwwzdqpCjRJbitHWcWLsj
PCweJZlQCYv
PECCLuyBeV
PGoWbsRVxAuztgCNZJNeUWYU
PHQIzrwGgZklZMLU
PIUvawORcStRYU
PIiuEwwUawoZRrBJedNYv
PJPHzejjWjPTYyphomLjFrVVC
PKPUXkvBEAVJlNc
PLzzDkCbMebUWws
PNkkqSzNHj
POZmkGOkVLTKJdLqUFL
PPWhMkaYwpTczBMocHr
PPukkDxubHNjImNjXe
PSsOWYuUcAfFsWFlOHT
PTUuHCKILcVVKjljdVzZc
PUwAErcPzylm
PVVzPFThRFGlnKxP
PVoRjho
PYRCoJRCEIkeQFJpCj
PYsXTrzfjuPItodsiPUoNmdmZ
PZlqzoKMeqkpfHuDzlawwKBh
PbMAvMrLfgAq
PegQSwvHkiENRdC
PfEvgMAQ
PisdxxiNOyonouro
PlQacZpjneO
PnDiUHReXTNDjZRWYuht
PpFHMQpQMF
PtVYoG
PuByAKOoq
PuRBNaOGTpTTuKrkALrxFGto
PumQEpgqPs
PumsEJjdSRcUnARDbo
PuotqGRg
PyoOrn
PyveLmLxocZYw
QBNcFVazktVESBx
QBZVRHiNMsHX
QBvmdsG
QDZLndvavftxdIEgai
QGZhhKJLzVZVARj
QLtzNPsIptXqWuUHCJt
QPFvnFLtvosBggjbZne
QQUhSSwFhooWCCHRInFheIks
QRiFSyAoptcPwfs
QRjBNrlfzHDmSIQOc
QUITjylossdsyJzHTYK
QURIevcjKFznzsKesSpdDgLt
QWhFWTEZcRVkjBwQmnyPZ
QXQKFGzjEkQMP
QZKGedXYdsFmNVd
QbnzQmJCTmxYCtC
QebTkqLUVcKgqxg
QgSfZZtkhqiLIVvJNRyWbceqU
QhJvlVUNQpZPqDXfWwp
QjXjQXc
QjicNGW
QlbJtLyzYZIARKMrZQzaSQJXf
QopjlGspRyfCCCSXBmnS
QpAXkFapsglngeMLUWsLZwq
QrOFQUYCrcutgvzbIrosQjxDN
QrmXPuZO
QsqARrlYzHW
QuNECkWPOQ
QwYBLjSrkGBOF
QxMERBgoFmAPScCmrrPzWtZh
RAaNnmvaTvCzViFGFOEXvA
RBlXNkWYxjfEKCLuiaTwg
RCvKaHDIiKuOXFlix
REcQWwGRrCsM
RHzyvCPtZPDtlxrjuQgf
RIUHpoIHUV
RJTuZisodGMGspMPd
RJaFdmDroJbpdgxmY
RKOQQONvBezvTf
RLbIkVOflkKayFQRfGvSFvJu
ROIUAAroN
ROhmwgUfsalGsrxPOwQqKK
RTcDaFo
RTlONvhPpqkqK
RZbzQcpiGcHfJFjcAx
RcKWJNOL
RdNYKvqGtRfYtRL
RfGDtnbI
RfobdJRGmootC
RgiPoV
RglZEUdUPVaAWtFYRBGQMR
RjdpdKAs
RoOcQSejjEGzAPZ
RtQLoUHThdtkhtW
RxqygvZsKFu
RyyAQBcKgUscB
RzJfpEnTOsoSwkFMLGopbMQhZ
SCKrFxnYFPzAp
SDrsafTJnKKUGfOYAxO
SGEhiKEhC
SINRoucXULwAKnmgdKmidB
SJJAWNjHYObwrkSLaYdDpz
SKAYuedvVVUXDnmVBPmXzFWk
SLajGpcscWcOmkRiXNfI
SLgogmmcisYTiMyGBQfpXYVyn
SOEMehNAelKrrBvd
SQPCCoMsAOnEvoVlDBphYC

Sections

.text
Size: 129KB - Virtual size: 129KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 62KB - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE

.rsrc
Size: 748KB - Virtual size: 748KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
2023-03-22-example-of-zip-from-esentai-gourmet.kz.bin
.zip

Password: infected
RAddjxpwj24w2YPhNNlkljCCW1mNl.dll
.dll regsvr32 windows x64

Password: infected

d76ae4775a3b5cab14b414b04192c713

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

LCMapStringW
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
FreeLibrary
HeapReAlloc
MultiByteToWideChar
EnterCriticalSection
FatalAppExitA
LeaveCriticalSection
LoadLibraryW
SetConsoleCtrlHandler
RaiseException
GetSystemTimeAsFileTime
GetCurrentProcessId
GetStringTypeW
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
HeapAlloc
ExitProcess
GetTickCount
QueryPerformanceCounter
HeapDestroy
HeapCreate
GetVersion
HeapSetInformation
GetEnvironmentStringsW
WideCharToMultiByte
FreeEnvironmentStringsW
GetModuleFileNameA
DeleteCriticalSection
DecodePointer
EncodePointer
GetCurrentThreadId
FlsSetValue
GetCommandLineA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
WriteFile
GetStdHandle
GetModuleFileNameW
GetLocaleInfoW
GetLastError
Sleep
HeapSize
GetProcAddress
GetModuleHandleW
FlsGetValue
FlsFree
SetLastError
GetCurrentThread
FlsAlloc
HeapFree
SetHandleCount
InitializeCriticalSectionAndSpinCount
GetFileType
GetStartupInfoW
IsValidLocale

user32

CloseGestureInfoHandle
InvalidateRect
GetGestureInfo
ScreenToClient
DispatchMessageW
DefWindowProcW
UpdateWindow
CreateWindowExW
ShowWindow
LoadStringW
EndPaint
DestroyWindow
SetGestureConfig
TranslateAcceleratorW
GetMessageW
PostQuitMessage
LoadCursorW
BeginPaint
TranslateMessage
RegisterClassExW

gdi32

LineTo
DeleteObject
SelectObject
Polyline
CreatePen
MoveToEx

ntdll

NtAllocateVirtualMemory
NtTestAlert
ZwOpenSymbolicLinkObject
LdrAccessResource
NtQueueApcThread
LdrFindResource_U
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
RtlUnwindEx

Exports

Exports

AAKXCK
ABBmjS
ABhobFkZqijtpQLlOilhSr
ACQJqCGujLpCRT
ADnSvIfRovy
AGkcJjGwVOjivSLsXRoY
AGulqJqHsYzdE
AIZgcVIEpbJDLg
AKHjmBorbZqtXL
AKuzwgaryBHSGoMJlKn
ANxfLrupS
ASUUEPTLlJauNWuykN
AUobsouPSgyQnXhlrBcYEGig
AWYKMtwwjbiEtKxCcFFyXW
AYrLyrRdhxvPYjkTZ
AZvELZPUezr
AaTXhqzIimjQo
AcKPciJXTHFNSeEClUhbYAk
AehpcFCqSICdREqbGfVt
AgdpAVTMFEWPRg
AjSXWoTDLpspvSTAVby
AqmpZtQpqIjjYewnMkrFkD
AtXyhSDUvMqVVWMxwPYMPgoWk
AuRAEFQy
AwKRKFPkZdIvWt
AxkwKIhEUHErDwblsxUnWuUJVL
AyZhLFvSdYoV
AzbqboaoXz
AzyxqaSnFXdT
BADenfpkKtjryvI
BAiwJfGCfEnYgQTFzwtzZYda
BCqNcZ
BDaSttbx
BEQbkuLjhEyCLUEzu
BFPwAMfigDHPNVetb
BMcmvgRGTGouTg
BOGQGlFGpRIUekukNAAxBkiifw
BRwvooTSrmSHkcp
BSOpTM
BSnOshRuFapjXMPvBrVfmhBK
BURXLgtw
BYyUqNBIg
BaKQpUuhHlxXCPVA
BeCPtVLVUZlsjEQRar
BkSdPBPxjuSxMIw
BmAARiXYSqMi
BnTufpMRGoPXNXvlxuxVt
BpTjBMboixPCftPfDUYRSuVg
Brangcx
BrflplHGvoeghTBjuqscUghxTc
BrxDAiSMUeEFXmSo
BsKsYPKtTeoKSYFxP
BtuhIchVWCbKcvKSGgXrWTNPXu
BvHrdPmrgIqGQrUvt
BwpOtWWCBFUbQMf
CDxJQgnjMpwbMbJplLvbypejqS
CJQUCBvShdsaLF
CNLIgHow
CRYgANrnLtPFrDFrE
CRxqdr
CSBkGngk
CTmlUyywZyiPAzcAcqskm
CUAsZTwJJFsBZVbkvNyaEw
CUnfyVhqGmpYJQ
CcgfAfmHih
CgaidZSf
CsAHglhiLQFKfiV
CsKyzmuGNsOUtSHVF
CswQijP
CswUmucOmDMNkAy
DAWkRohpCXkMZyGtfVCstDRu
DBpaxnIvZUmZUA
DCCZhQQQJwWcrcsTmubk
DCgkFBSZHuQWbLfkzePX
DGneCmBLCRZxxuXwNvzizA
DKrlzOFCX
DNUzvlTntdCaQMcz
DOCanLO
DPJzrGYjjynfnKM
DQHVqDmeYNLIGjzumWJnGk
DRswhdwJgZGPGwhxKtSpNDlL
DUWAmtReGCVuaofdnfY
DVPqahvFn
DWxdnhkgoMOXA
DXEJvyRDZ
DZBlbnAuvUzaSymO
DdsTLRCzhLcmQ
DeKuDrDhATuaYiTAAqoO
DfmwtJbHVm
DjCasZInJmrYSkvAMdxqxF
DjyLMpXDKYuK
DkvPTuvhYIzniFUTMGJQBAvBW
DllRegisterServer
DpczXu
DrbvsvwdgSvtzfrrmvUn
DrxZnDXDqGxHd
DsgXKxAAzJzxweAVFZ
DvncvtBrJLKuegnujepkfnUv
DwrCKysdYe
DxVjbgRmRPLZEKjBoIu
DxhcSBDIXcydOfnxO
DzxtcS
EAupEjTqbySTA
EBbwlfAVMYvthCjY
EFAEbKynHVoPzWMfFOFgD
EIsdsrtIsiYxUqUsxajRCJ
EKjKoDFOcxmKCJAoHFvnoMH
EOBUntDf
ESUdfBOYKlEKjxE
ETkIPjqbyCE
EUMfjwvZlIIzqSVeCEfkz
EUrFLZOcdYNP
EbzeKOsEuPbkUcsz
EcCNaTmPimCWgWrlGTIM
EfKQVAaXDocWSgSg
EfXlpFuygrKnZJlBgls
EfxoIpTIPweOQwHQI
EixlKbASZ
EmMrqlKmtiLXMtJVy
EnCKhwkgRna
EoHmRnv
ErOqPntAsROkTVelNSumpo
EypSwyAnSP
FABfPi
FFHuQYWWEKB
FGlyQnjn
FGvjLGfyqHlCzCIsbf
FIFBSMZTvhNaldADznpGe
FJEmZnzopqFwzfrQwbRM
FNeAUOEdKgNKdLobJQjEeYT
FOdbZLRcImB
FRyjZANSwXTYoyHVJzUJwH
FWhOAubhykfNRJvcpM
FXqphaMFMscEjiKtexTWBln
FcnkdSoWNtDsqfj
FerNIjpe
FkQjsdMJ
FmfAfnquLuoJNBMSD
FoSmffUUfTILxiezATILMAnd
FoZTfUiYEBBCev
FrTeqxVCHDkIxDgyzY
FtJZxp
FtghpsPCaYtATGQVxV
FwAtvLedceqMiljic
FwueUWgxtRJbKkfWNJb
FxJndGTjp
GAXNrTxYERzFXPPYYyKlw
GMDGiVSwREhDBf
GNAKJr
GRrCQVAcRUf
GTVhShWLETuPUGwnDAohuq
GZRQrLEfAosXGFZV
GaGcOgY
GclKSpAwXMlQCRoQzLS
GeObmRL
GecVQiSciVMeAsEibFp
GeeXiFhaMx
GexbjmIvkILUsSu
GgeihiAdpwAADaEzbPhk
GghoewjNle
GiEEqQeQEHKsXF
GkzUkkwVHrXkcpUHsbBsiyp
GlRkhIzIFpQdMtQNHSTbe
GmJcIteOqBHrsGhh
GoKdZK
GqogvqZaSXn
GshbdMOnpoWwFfFvqYlpzx
GtICjZkPjcgzZVbYlmrqAruIYi
GuGTnKqlAdiVyc
GwZHFofmtxBvW
HBBbucgLIZwMlGcAQrFQ
HDJXomKKqauQGFvYdHRctyiRK
HFqPRjfVSEATNdTxK
HGAYalETZZcXwxP
HKieolMHqIDLtwseWeWXO
HLcKdgYrEugyGOpvdyjRbEmq
HMlkYvEsIlyDzYdkptJKudPB
HMrNcTXYNQLwwbVNOavK
HMyHzhpgAMpUkftTjWlLl
HPEoDCnThwUkUyK
HQKUXlJKtthlwbHmXEOpVxYlTm
HSyanOyQpcTupxdPiU
HUgVLuEMtIsBQMPXRcBq
HWQrTuZMQpfAa
HXhwzJ
HZNVzlgdAnHuGebpELqvIbZqzU
HazTiDLBviTZgmJSDRnvJGJ
HdyMFmf
HhKlhvmzSsFovoZNckRADrVFV
HjgvfxcAsSHpFtipCWGO
HsdAOWIYEGCEE
HtKEpUlliwbe
HwAXHqLHwPrXPPvAsBtsV
HwzbVVEjHwJNt
HzFOEhsyOh
HzlbZRLkZXWmKEGdjv
IBLjMOmkMx
IITzTBorVHkpLfN
IKoOBNqiHCDSHXSsJ
ILczhULsMPSh
ILlHufGzXhd
IPGygyvQvnzszxduWPu
IPXxROqeTMZFNsVjgbYVIwYYfl
IRsTbauOLuZvmxZw
IUfLGcKlybpkdS
IWGfnjIwPnuM
IXCQevqrRiyIopVkGETjnS
IZZVdaohBGduEXQv
IaPjPOE
IbwfBTnGROucjZrk
IgPUfFQUkFYM
IgQXFDcAaDzhSBMomFT
IgZbuKqobHktBXFVkxO
IiMhjMjchttPmkPEo
IlTPkRPQPndGC
IlnOhhsYu
IpDDTlabfRrTKtJvBoH
IpVwayOPAFgbXKbFFsM
IsHuPteigg
IskmWJomw
ItLibhCUPiFLqIMdAICeiNv
ItYGHrkPIBgeCvddmndDlHPcK
JDhwrKnLfGpOHlQrX
JFeBqrhkqwgXChnX
JMboDSaSGlZjXsNG
JMsDjZlmyouqJYGXEWmqmPJH
JRKxiKkRpaJzoIJZwWeFuR
JSSqgSkIvVPQtzgmpjRtjJpJg
JVcsGpDttbJ
JVgIWTIqZwHhaxS
JVlCCqtfEoWhmTd
JXHtscY
JXvzDUKjFfpngKEXwKl
JXzrxGVQGelx
JZZHgenAtk
JZauCfvvNxCPK
JcsbkWjxgUKsxBpWHF
JfXnjNWKJlZuMsfpOljIVjL
JiixwRDCIrqSqdtjQwJUUZAaL
JiudzFIgGwVCxGOVcY
JjQxlQCrukTcHVYpaYrvwhAwbk
JkaUppXrgTjKvrPvUWQVRpVsK
JldUZACoXhhjZghkWUhQBDts
JoUsyRpXKjIOfTPCElEPRFDrk
JqdiAtVoTzSbhyZl
JtVxaZYmRnMXvzcSQNDvRvTWM
JvuMgqIPNjpGPsvTwMqFXoOyt
JxPXGWFTMSEepZiRyTLYrX
JyLIHz
KBvrOAvarwxzjiat
KCdtjkGmlUZFHhRGtxonm
KDreWTAYjPtFAklDU
KEuzPoGYkCYAznieKsAFdvi
KImbTRBjXqONrBobYN
KNmnIWPYBWKywivJIMt
KQfjbORwtrHrnSG
KVVehbUwNUDScYrvO
KVWdkD
KWbaqlVaCEzgAks
KYUYXRXVKSQAtujSDBO
KaVCfpcHZpL
KbgQFDbJUjoPdEXsEYaNknoxUV
KcJDSKSZlOjj
KcJhwFXotSiGdMPYRI
KdTqSokzZsIF
KdbHzxlc
KdurJceXKltppet
KeGrdHphrraFZjbwYpsGcioceZ
KeNCQMjS
KhrsLbzHkpEHqyHCNQyRZd
KiQmeuHORVCPqYhYoJ
KjgkriVQLmctq
KjsUJWuK
KkEHGYKGBrvYkuwNJwQcHVB
KmtptqyWLUpBACt
KpkzILlieHuU
KsQUCyjwZvqGNTfyuj
KvnCqSCdz
KyHsatOfn
KzEYLKLglEPPlBvj
KzpjgkDCkXMCcI
LBXjUmpFmwE
LGPFhJwfczHGkMxSp
LGgzlAtkRROoKgfWoKNQX
LHlBSGxZmbzUPSg
LJpaCDTsLBdRkFJrXISI
LKieACPTkRDhiXoajfJHZcx
LLLzgxthGejswfBu
LManZVLBuWiWSaHfdogslbQeU
LNsKncrCPTIrchcroGNjGEEgh
LSKGsoYlftGySwikM
LXBTuOgsJPYkKCGfB
LXiejnyNuMYnMnLQ
LYJNrhtGZnN
LZdRbOyYkSXsELj
LZmqhmoaHYGDJssngYdofZYL
LaEuolhkgy
LbofCxIEMDlInhBugLCr
Lemhfcr
LhcBAyoztlNOuAcSJdBZp
LiaakemiTlaancTRvzd
LkYPgHvKwQlVmdlLvLnWX
LmZpmCJdhnWkDhWb
LnsslCQkOUaKvadyWMPQUdNP
LoDzrBRLFGR
LpSTfs
LvuthxDEAmJCZhtjBOB
LxWmdMJaybmBaXBLKSz
LylImoVyMflKSYIkeK
MAxjGmbpfIJDwwLyQqLw
MCsUOULGVgBHPqHXEWcgtzwnY
MHUXNdjYDzHFPCZ
MHdGeZFxYreLBffLP
MJcqmCgfkrVTTqPIGQ
MJzOdbLZHcdAdqhC
MKFVEYgPupXwkyg
MKwehHYxwEQwlOnrFJiiI
MLMWKAmGwakirgxdEmgDGS
MNlVdeYyV
MOdPxPPRmIFV
MOeyPvTyAIw
MPUjfpqkEjekEBOxnNIo
MPxNKDPoeIzVvHqOOgvZpY
MQARgovWtOqXdwZrkztF
MRNLbxIWsEKdxvfShkYDcXXt
MRdEYSayNFpEzUa
MVCcABPLz
MWPxOLHGbiuzXXFVFplCjO
MXPQDykvlUNWbHnR
MYOHSJSNGIlDeWstupLqV
MYSPaF
MYcPqHvoLarO
MZzMIWa
MaZiGeeMkdkzbuApzKnEF
MdXVOoQxFBhlxxAbr
MeJHKYcyXb
MfgDmU
MfnuXwsvTcHrcPQnchVwkyfwn
MgXaoSJ
MjEGvKWDvQ
MlVTkbkKiAxIRevRXXzmv
MlfcmNDFSheMTLdiTIUEzX
MlnhzOda
MmGsdDq
MmowSUzs
MopAsGHIPpkwXcdPCn
MwBkFuK
MwHlpFQciZATNhZ
MyCjgEXbETh
MzYNdxlsxnCiIxOOmqro
NDXIMoMqyFlweQNXUTSA
NGfTwXKyxW
NGxSzWKDRIpToKV
NJzWCdtrikuBPkrmztCV
NKdgsQJZtWxzqLNuzjKURvHZT
NLKHLSf
NQEuYRIRXMmzeiYFFNduElkUda
NRwpJLxUVgyHuyHAQWHNpjsrgc
NUJLqhmhfh
NabuNhWwjrxJjelLyyh
NbVOlkyFPQFhs
NbwFICqFKVmlyXEWldKfAcSNbl
NfNUWMAwVKYwaOfoLUUF
NfxavbdiSpLYXRijsHmyzBed
NgjiBlcmYodJIarpCqkQ
NhbfUvMRYWLSQUKTzhHUGVx
NiUuFHxdDwcKqplKDSg
NttZhCwMCzHPPbA
NuHrpCvELpdHxtnnyr
NvuqQVtFqhJXnkjrTW
NyVQMLPHnNBiXGihoZb
NykURZhsInvUMlePO
NzgQLwz
OCBdPtMQImnhnIvuYvuu
OHhVOYwFRf
OMYhSuHGEQdRbvIC
OMbrbSCioZrxolm
OOrDAoUtlFpODoRHHoUOO
OQcOhtDEXqbdW
OTCgWumoNdzaTciA
OTRMXnfqORJdboYk
OVUIMfYagEfxXyOlnoB
OVfOjpUPtdQrBiBByL
OYybubPZOoqnftJgGkdHlFXpw
OboRcQrvLeO
OdJhfCizrTZeEbrSNxKhyMM
OdYRzGkbqADCB
OgZCqlrIbyeNMN
OhKKYSKmMWqcSSqFbGjkpVt
OhRCsS
OjQstpVyyC
OkDBvdlARbsmHVYowIKrWo
OmGqMDsiBsSzvvJqv
OnGwIjOOtn
OpFQPgrFnQ
OtRgQbhWOaAllHRCbaURQJQ
OwwzdqpCjRJbitHWcWLsj
PCweJZlQCYv
PECCLuyBeV
PGoWbsRVxAuztgCNZJNeUWYU
PHQIzrwGgZklZMLU
PIUvawORcStRYU
PIiuEwwUawoZRrBJedNYv
PJPHzejjWjPTYyphomLjFrVVC
PKPUXkvBEAVJlNc
PLzzDkCbMebUWws
PNkkqSzNHj
POZmkGOkVLTKJdLqUFL
PPWhMkaYwpTczBMocHr
PPukkDxubHNjImNjXe
PSsOWYuUcAfFsWFlOHT
PTUuHCKILcVVKjljdVzZc
PUwAErcPzylm
PVVzPFThRFGlnKxP
PVoRjho
PYRCoJRCEIkeQFJpCj
PYsXTrzfjuPItodsiPUoNmdmZ
PZlqzoKMeqkpfHuDzlawwKBh
PbMAvMrLfgAq
PegQSwvHkiENRdC
PfEvgMAQ
PisdxxiNOyonouro
PlQacZpjneO
PnDiUHReXTNDjZRWYuht
PpFHMQpQMF
PtVYoG
PuByAKOoq
PuRBNaOGTpTTuKrkALrxFGto
PumQEpgqPs
PumsEJjdSRcUnARDbo
PuotqGRg
PyoOrn
PyveLmLxocZYw
QBNcFVazktVESBx
QBZVRHiNMsHX
QBvmdsG
QDZLndvavftxdIEgai
QGZhhKJLzVZVARj
QLtzNPsIptXqWuUHCJt
QPFvnFLtvosBggjbZne
QQUhSSwFhooWCCHRInFheIks
QRiFSyAoptcPwfs
QRjBNrlfzHDmSIQOc
QUITjylossdsyJzHTYK
QURIevcjKFznzsKesSpdDgLt
QWhFWTEZcRVkjBwQmnyPZ
QXQKFGzjEkQMP
QZKGedXYdsFmNVd
QbnzQmJCTmxYCtC
QebTkqLUVcKgqxg
QgSfZZtkhqiLIVvJNRyWbceqU
QhJvlVUNQpZPqDXfWwp
QjXjQXc
QjicNGW
QlbJtLyzYZIARKMrZQzaSQJXf
QopjlGspRyfCCCSXBmnS
QpAXkFapsglngeMLUWsLZwq
QrOFQUYCrcutgvzbIrosQjxDN
QrmXPuZO
QsqARrlYzHW
QuNECkWPOQ
QwYBLjSrkGBOF
QxMERBgoFmAPScCmrrPzWtZh
RAaNnmvaTvCzViFGFOEXvA
RBlXNkWYxjfEKCLuiaTwg
RCvKaHDIiKuOXFlix
REcQWwGRrCsM
RHzyvCPtZPDtlxrjuQgf
RIUHpoIHUV
RJTuZisodGMGspMPd
RJaFdmDroJbpdgxmY
RKOQQONvBezvTf
RLbIkVOflkKayFQRfGvSFvJu
ROIUAAroN
ROhmwgUfsalGsrxPOwQqKK
RTcDaFo
RTlONvhPpqkqK
RZbzQcpiGcHfJFjcAx
RcKWJNOL
RdNYKvqGtRfYtRL
RfGDtnbI
RfobdJRGmootC
RgiPoV
RglZEUdUPVaAWtFYRBGQMR
RjdpdKAs
RoOcQSejjEGzAPZ
RtQLoUHThdtkhtW
RxqygvZsKFu
RyyAQBcKgUscB
RzJfpEnTOsoSwkFMLGopbMQhZ
SCKrFxnYFPzAp
SDrsafTJnKKUGfOYAxO
SGEhiKEhC
SINRoucXULwAKnmgdKmidB
SJJAWNjHYObwrkSLaYdDpz
SKAYuedvVVUXDnmVBPmXzFWk
SLajGpcscWcOmkRiXNfI
SLgogmmcisYTiMyGBQfpXYVyn
SOEMehNAelKrrBvd
SQPCCoMsAOnEvoVlDBphYC

Sections

.text
Size: 129KB - Virtual size: 129KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 62KB - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE

.rsrc
Size: 748KB - Virtual size: 748KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
2023-03-22-example-of-zip-from-panel.chatzy.in.bin
.zip

Password: infected
HPKhTEMLxAwWRn14Bn9w1Sj9aW00.dll
.dll regsvr32 windows x64

Password: infected

d76ae4775a3b5cab14b414b04192c713

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

LCMapStringW
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
FreeLibrary
HeapReAlloc
MultiByteToWideChar
EnterCriticalSection
FatalAppExitA
LeaveCriticalSection
LoadLibraryW
SetConsoleCtrlHandler
RaiseException
GetSystemTimeAsFileTime
GetCurrentProcessId
GetStringTypeW
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
HeapAlloc
ExitProcess
GetTickCount
QueryPerformanceCounter
HeapDestroy
HeapCreate
GetVersion
HeapSetInformation
GetEnvironmentStringsW
WideCharToMultiByte
FreeEnvironmentStringsW
GetModuleFileNameA
DeleteCriticalSection
DecodePointer
EncodePointer
GetCurrentThreadId
FlsSetValue
GetCommandLineA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
WriteFile
GetStdHandle
GetModuleFileNameW
GetLocaleInfoW
GetLastError
Sleep
HeapSize
GetProcAddress
GetModuleHandleW
FlsGetValue
FlsFree
SetLastError
GetCurrentThread
FlsAlloc
HeapFree
SetHandleCount
InitializeCriticalSectionAndSpinCount
GetFileType
GetStartupInfoW
IsValidLocale

user32

CloseGestureInfoHandle
InvalidateRect
GetGestureInfo
ScreenToClient
DispatchMessageW
DefWindowProcW
UpdateWindow
CreateWindowExW
ShowWindow
LoadStringW
EndPaint
DestroyWindow
SetGestureConfig
TranslateAcceleratorW
GetMessageW
PostQuitMessage
LoadCursorW
BeginPaint
TranslateMessage
RegisterClassExW

gdi32

LineTo
DeleteObject
SelectObject
Polyline
CreatePen
MoveToEx

ntdll

NtAllocateVirtualMemory
NtTestAlert
ZwOpenSymbolicLinkObject
LdrAccessResource
NtQueueApcThread
LdrFindResource_U
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
RtlUnwindEx

Exports

Exports

AAKXCK
ABBmjS
ABhobFkZqijtpQLlOilhSr
ACQJqCGujLpCRT
ADnSvIfRovy
AGkcJjGwVOjivSLsXRoY
AGulqJqHsYzdE
AIZgcVIEpbJDLg
AKHjmBorbZqtXL
AKuzwgaryBHSGoMJlKn
ANxfLrupS
ASUUEPTLlJauNWuykN
AUobsouPSgyQnXhlrBcYEGig
AWYKMtwwjbiEtKxCcFFyXW
AYrLyrRdhxvPYjkTZ
AZvELZPUezr
AaTXhqzIimjQo
AcKPciJXTHFNSeEClUhbYAk
AehpcFCqSICdREqbGfVt
AgdpAVTMFEWPRg
AjSXWoTDLpspvSTAVby
AqmpZtQpqIjjYewnMkrFkD
AtXyhSDUvMqVVWMxwPYMPgoWk
AuRAEFQy
AwKRKFPkZdIvWt
AxkwKIhEUHErDwblsxUnWuUJVL
AyZhLFvSdYoV
AzbqboaoXz
AzyxqaSnFXdT
BADenfpkKtjryvI
BAiwJfGCfEnYgQTFzwtzZYda
BCqNcZ
BDaSttbx
BEQbkuLjhEyCLUEzu
BFPwAMfigDHPNVetb
BMcmvgRGTGouTg
BOGQGlFGpRIUekukNAAxBkiifw
BRwvooTSrmSHkcp
BSOpTM
BSnOshRuFapjXMPvBrVfmhBK
BURXLgtw
BYyUqNBIg
BaKQpUuhHlxXCPVA
BeCPtVLVUZlsjEQRar
BkSdPBPxjuSxMIw
BmAARiXYSqMi
BnTufpMRGoPXNXvlxuxVt
BpTjBMboixPCftPfDUYRSuVg
Brangcx
BrflplHGvoeghTBjuqscUghxTc
BrxDAiSMUeEFXmSo
BsKsYPKtTeoKSYFxP
BtuhIchVWCbKcvKSGgXrWTNPXu
BvHrdPmrgIqGQrUvt
BwpOtWWCBFUbQMf
CDxJQgnjMpwbMbJplLvbypejqS
CJQUCBvShdsaLF
CNLIgHow
CRYgANrnLtPFrDFrE
CRxqdr
CSBkGngk
CTmlUyywZyiPAzcAcqskm
CUAsZTwJJFsBZVbkvNyaEw
CUnfyVhqGmpYJQ
CcgfAfmHih
CgaidZSf
CsAHglhiLQFKfiV
CsKyzmuGNsOUtSHVF
CswQijP
CswUmucOmDMNkAy
DAWkRohpCXkMZyGtfVCstDRu
DBpaxnIvZUmZUA
DCCZhQQQJwWcrcsTmubk
DCgkFBSZHuQWbLfkzePX
DGneCmBLCRZxxuXwNvzizA
DKrlzOFCX
DNUzvlTntdCaQMcz
DOCanLO
DPJzrGYjjynfnKM
DQHVqDmeYNLIGjzumWJnGk
DRswhdwJgZGPGwhxKtSpNDlL
DUWAmtReGCVuaofdnfY
DVPqahvFn
DWxdnhkgoMOXA
DXEJvyRDZ
DZBlbnAuvUzaSymO
DdsTLRCzhLcmQ
DeKuDrDhATuaYiTAAqoO
DfmwtJbHVm
DjCasZInJmrYSkvAMdxqxF
DjyLMpXDKYuK
DkvPTuvhYIzniFUTMGJQBAvBW
DllRegisterServer
DpczXu
DrbvsvwdgSvtzfrrmvUn
DrxZnDXDqGxHd
DsgXKxAAzJzxweAVFZ
DvncvtBrJLKuegnujepkfnUv
DwrCKysdYe
DxVjbgRmRPLZEKjBoIu
DxhcSBDIXcydOfnxO
DzxtcS
EAupEjTqbySTA
EBbwlfAVMYvthCjY
EFAEbKynHVoPzWMfFOFgD
EIsdsrtIsiYxUqUsxajRCJ
EKjKoDFOcxmKCJAoHFvnoMH
EOBUntDf
ESUdfBOYKlEKjxE
ETkIPjqbyCE
EUMfjwvZlIIzqSVeCEfkz
EUrFLZOcdYNP
EbzeKOsEuPbkUcsz
EcCNaTmPimCWgWrlGTIM
EfKQVAaXDocWSgSg
EfXlpFuygrKnZJlBgls
EfxoIpTIPweOQwHQI
EixlKbASZ
EmMrqlKmtiLXMtJVy
EnCKhwkgRna
EoHmRnv
ErOqPntAsROkTVelNSumpo
EypSwyAnSP
FABfPi
FFHuQYWWEKB
FGlyQnjn
FGvjLGfyqHlCzCIsbf
FIFBSMZTvhNaldADznpGe
FJEmZnzopqFwzfrQwbRM
FNeAUOEdKgNKdLobJQjEeYT
FOdbZLRcImB
FRyjZANSwXTYoyHVJzUJwH
FWhOAubhykfNRJvcpM
FXqphaMFMscEjiKtexTWBln
FcnkdSoWNtDsqfj
FerNIjpe
FkQjsdMJ
FmfAfnquLuoJNBMSD
FoSmffUUfTILxiezATILMAnd
FoZTfUiYEBBCev
FrTeqxVCHDkIxDgyzY
FtJZxp
FtghpsPCaYtATGQVxV
FwAtvLedceqMiljic
FwueUWgxtRJbKkfWNJb
FxJndGTjp
GAXNrTxYERzFXPPYYyKlw
GMDGiVSwREhDBf
GNAKJr
GRrCQVAcRUf
GTVhShWLETuPUGwnDAohuq
GZRQrLEfAosXGFZV
GaGcOgY
GclKSpAwXMlQCRoQzLS
GeObmRL
GecVQiSciVMeAsEibFp
GeeXiFhaMx
GexbjmIvkILUsSu
GgeihiAdpwAADaEzbPhk
GghoewjNle
GiEEqQeQEHKsXF
GkzUkkwVHrXkcpUHsbBsiyp
GlRkhIzIFpQdMtQNHSTbe
GmJcIteOqBHrsGhh
GoKdZK
GqogvqZaSXn
GshbdMOnpoWwFfFvqYlpzx
GtICjZkPjcgzZVbYlmrqAruIYi
GuGTnKqlAdiVyc
GwZHFofmtxBvW
HBBbucgLIZwMlGcAQrFQ
HDJXomKKqauQGFvYdHRctyiRK
HFqPRjfVSEATNdTxK
HGAYalETZZcXwxP
HKieolMHqIDLtwseWeWXO
HLcKdgYrEugyGOpvdyjRbEmq
HMlkYvEsIlyDzYdkptJKudPB
HMrNcTXYNQLwwbVNOavK
HMyHzhpgAMpUkftTjWlLl
HPEoDCnThwUkUyK
HQKUXlJKtthlwbHmXEOpVxYlTm
HSyanOyQpcTupxdPiU
HUgVLuEMtIsBQMPXRcBq
HWQrTuZMQpfAa
HXhwzJ
HZNVzlgdAnHuGebpELqvIbZqzU
HazTiDLBviTZgmJSDRnvJGJ
HdyMFmf
HhKlhvmzSsFovoZNckRADrVFV
HjgvfxcAsSHpFtipCWGO
HsdAOWIYEGCEE
HtKEpUlliwbe
HwAXHqLHwPrXPPvAsBtsV
HwzbVVEjHwJNt
HzFOEhsyOh
HzlbZRLkZXWmKEGdjv
IBLjMOmkMx
IITzTBorVHkpLfN
IKoOBNqiHCDSHXSsJ
ILczhULsMPSh
ILlHufGzXhd
IPGygyvQvnzszxduWPu
IPXxROqeTMZFNsVjgbYVIwYYfl
IRsTbauOLuZvmxZw
IUfLGcKlybpkdS
IWGfnjIwPnuM
IXCQevqrRiyIopVkGETjnS
IZZVdaohBGduEXQv
IaPjPOE
IbwfBTnGROucjZrk
IgPUfFQUkFYM
IgQXFDcAaDzhSBMomFT
IgZbuKqobHktBXFVkxO
IiMhjMjchttPmkPEo
IlTPkRPQPndGC
IlnOhhsYu
IpDDTlabfRrTKtJvBoH
IpVwayOPAFgbXKbFFsM
IsHuPteigg
IskmWJomw
ItLibhCUPiFLqIMdAICeiNv
ItYGHrkPIBgeCvddmndDlHPcK
JDhwrKnLfGpOHlQrX
JFeBqrhkqwgXChnX
JMboDSaSGlZjXsNG
JMsDjZlmyouqJYGXEWmqmPJH
JRKxiKkRpaJzoIJZwWeFuR
JSSqgSkIvVPQtzgmpjRtjJpJg
JVcsGpDttbJ
JVgIWTIqZwHhaxS
JVlCCqtfEoWhmTd
JXHtscY
JXvzDUKjFfpngKEXwKl
JXzrxGVQGelx
JZZHgenAtk
JZauCfvvNxCPK
JcsbkWjxgUKsxBpWHF
JfXnjNWKJlZuMsfpOljIVjL
JiixwRDCIrqSqdtjQwJUUZAaL
JiudzFIgGwVCxGOVcY
JjQxlQCrukTcHVYpaYrvwhAwbk
JkaUppXrgTjKvrPvUWQVRpVsK
JldUZACoXhhjZghkWUhQBDts
JoUsyRpXKjIOfTPCElEPRFDrk
JqdiAtVoTzSbhyZl
JtVxaZYmRnMXvzcSQNDvRvTWM
JvuMgqIPNjpGPsvTwMqFXoOyt
JxPXGWFTMSEepZiRyTLYrX
JyLIHz
KBvrOAvarwxzjiat
KCdtjkGmlUZFHhRGtxonm
KDreWTAYjPtFAklDU
KEuzPoGYkCYAznieKsAFdvi
KImbTRBjXqONrBobYN
KNmnIWPYBWKywivJIMt
KQfjbORwtrHrnSG
KVVehbUwNUDScYrvO
KVWdkD
KWbaqlVaCEzgAks
KYUYXRXVKSQAtujSDBO
KaVCfpcHZpL
KbgQFDbJUjoPdEXsEYaNknoxUV
KcJDSKSZlOjj
KcJhwFXotSiGdMPYRI
KdTqSokzZsIF
KdbHzxlc
KdurJceXKltppet
KeGrdHphrraFZjbwYpsGcioceZ
KeNCQMjS
KhrsLbzHkpEHqyHCNQyRZd
KiQmeuHORVCPqYhYoJ
KjgkriVQLmctq
KjsUJWuK
KkEHGYKGBrvYkuwNJwQcHVB
KmtptqyWLUpBACt
KpkzILlieHuU
KsQUCyjwZvqGNTfyuj
KvnCqSCdz
KyHsatOfn
KzEYLKLglEPPlBvj
KzpjgkDCkXMCcI
LBXjUmpFmwE
LGPFhJwfczHGkMxSp
LGgzlAtkRROoKgfWoKNQX
LHlBSGxZmbzUPSg
LJpaCDTsLBdRkFJrXISI
LKieACPTkRDhiXoajfJHZcx
LLLzgxthGejswfBu
LManZVLBuWiWSaHfdogslbQeU
LNsKncrCPTIrchcroGNjGEEgh
LSKGsoYlftGySwikM
LXBTuOgsJPYkKCGfB
LXiejnyNuMYnMnLQ
LYJNrhtGZnN
LZdRbOyYkSXsELj
LZmqhmoaHYGDJssngYdofZYL
LaEuolhkgy
LbofCxIEMDlInhBugLCr
Lemhfcr
LhcBAyoztlNOuAcSJdBZp
LiaakemiTlaancTRvzd
LkYPgHvKwQlVmdlLvLnWX
LmZpmCJdhnWkDhWb
LnsslCQkOUaKvadyWMPQUdNP
LoDzrBRLFGR
LpSTfs
LvuthxDEAmJCZhtjBOB
LxWmdMJaybmBaXBLKSz
LylImoVyMflKSYIkeK
MAxjGmbpfIJDwwLyQqLw
MCsUOULGVgBHPqHXEWcgtzwnY
MHUXNdjYDzHFPCZ
MHdGeZFxYreLBffLP
MJcqmCgfkrVTTqPIGQ
MJzOdbLZHcdAdqhC
MKFVEYgPupXwkyg
MKwehHYxwEQwlOnrFJiiI
MLMWKAmGwakirgxdEmgDGS
MNlVdeYyV
MOdPxPPRmIFV
MOeyPvTyAIw
MPUjfpqkEjekEBOxnNIo
MPxNKDPoeIzVvHqOOgvZpY
MQARgovWtOqXdwZrkztF
MRNLbxIWsEKdxvfShkYDcXXt
MRdEYSayNFpEzUa
MVCcABPLz
MWPxOLHGbiuzXXFVFplCjO
MXPQDykvlUNWbHnR
MYOHSJSNGIlDeWstupLqV
MYSPaF
MYcPqHvoLarO
MZzMIWa
MaZiGeeMkdkzbuApzKnEF
MdXVOoQxFBhlxxAbr
MeJHKYcyXb
MfgDmU
MfnuXwsvTcHrcPQnchVwkyfwn
MgXaoSJ
MjEGvKWDvQ
MlVTkbkKiAxIRevRXXzmv
MlfcmNDFSheMTLdiTIUEzX
MlnhzOda
MmGsdDq
MmowSUzs
MopAsGHIPpkwXcdPCn
MwBkFuK
MwHlpFQciZATNhZ
MyCjgEXbETh
MzYNdxlsxnCiIxOOmqro
NDXIMoMqyFlweQNXUTSA
NGfTwXKyxW
NGxSzWKDRIpToKV
NJzWCdtrikuBPkrmztCV
NKdgsQJZtWxzqLNuzjKURvHZT
NLKHLSf
NQEuYRIRXMmzeiYFFNduElkUda
NRwpJLxUVgyHuyHAQWHNpjsrgc
NUJLqhmhfh
NabuNhWwjrxJjelLyyh
NbVOlkyFPQFhs
NbwFICqFKVmlyXEWldKfAcSNbl
NfNUWMAwVKYwaOfoLUUF
NfxavbdiSpLYXRijsHmyzBed
NgjiBlcmYodJIarpCqkQ
NhbfUvMRYWLSQUKTzhHUGVx
NiUuFHxdDwcKqplKDSg
NttZhCwMCzHPPbA
NuHrpCvELpdHxtnnyr
NvuqQVtFqhJXnkjrTW
NyVQMLPHnNBiXGihoZb
NykURZhsInvUMlePO
NzgQLwz
OCBdPtMQImnhnIvuYvuu
OHhVOYwFRf
OMYhSuHGEQdRbvIC
OMbrbSCioZrxolm
OOrDAoUtlFpODoRHHoUOO
OQcOhtDEXqbdW
OTCgWumoNdzaTciA
OTRMXnfqORJdboYk
OVUIMfYagEfxXyOlnoB
OVfOjpUPtdQrBiBByL
OYybubPZOoqnftJgGkdHlFXpw
OboRcQrvLeO
OdJhfCizrTZeEbrSNxKhyMM
OdYRzGkbqADCB
OgZCqlrIbyeNMN
OhKKYSKmMWqcSSqFbGjkpVt
OhRCsS
OjQstpVyyC
OkDBvdlARbsmHVYowIKrWo
OmGqMDsiBsSzvvJqv
OnGwIjOOtn
OpFQPgrFnQ
OtRgQbhWOaAllHRCbaURQJQ
OwwzdqpCjRJbitHWcWLsj
PCweJZlQCYv
PECCLuyBeV
PGoWbsRVxAuztgCNZJNeUWYU
PHQIzrwGgZklZMLU
PIUvawORcStRYU
PIiuEwwUawoZRrBJedNYv
PJPHzejjWjPTYyphomLjFrVVC
PKPUXkvBEAVJlNc
PLzzDkCbMebUWws
PNkkqSzNHj
POZmkGOkVLTKJdLqUFL
PPWhMkaYwpTczBMocHr
PPukkDxubHNjImNjXe
PSsOWYuUcAfFsWFlOHT
PTUuHCKILcVVKjljdVzZc
PUwAErcPzylm
PVVzPFThRFGlnKxP
PVoRjho
PYRCoJRCEIkeQFJpCj
PYsXTrzfjuPItodsiPUoNmdmZ
PZlqzoKMeqkpfHuDzlawwKBh
PbMAvMrLfgAq
PegQSwvHkiENRdC
PfEvgMAQ
PisdxxiNOyonouro
PlQacZpjneO
PnDiUHReXTNDjZRWYuht
PpFHMQpQMF
PtVYoG
PuByAKOoq
PuRBNaOGTpTTuKrkALrxFGto
PumQEpgqPs
PumsEJjdSRcUnARDbo
PuotqGRg
PyoOrn
PyveLmLxocZYw
QBNcFVazktVESBx
QBZVRHiNMsHX
QBvmdsG
QDZLndvavftxdIEgai
QGZhhKJLzVZVARj
QLtzNPsIptXqWuUHCJt
QPFvnFLtvosBggjbZne
QQUhSSwFhooWCCHRInFheIks
QRiFSyAoptcPwfs
QRjBNrlfzHDmSIQOc
QUITjylossdsyJzHTYK
QURIevcjKFznzsKesSpdDgLt
QWhFWTEZcRVkjBwQmnyPZ
QXQKFGzjEkQMP
QZKGedXYdsFmNVd
QbnzQmJCTmxYCtC
QebTkqLUVcKgqxg
QgSfZZtkhqiLIVvJNRyWbceqU
QhJvlVUNQpZPqDXfWwp
QjXjQXc
QjicNGW
QlbJtLyzYZIARKMrZQzaSQJXf
QopjlGspRyfCCCSXBmnS
QpAXkFapsglngeMLUWsLZwq
QrOFQUYCrcutgvzbIrosQjxDN
QrmXPuZO
QsqARrlYzHW
QuNECkWPOQ
QwYBLjSrkGBOF
QxMERBgoFmAPScCmrrPzWtZh
RAaNnmvaTvCzViFGFOEXvA
RBlXNkWYxjfEKCLuiaTwg
RCvKaHDIiKuOXFlix
REcQWwGRrCsM
RHzyvCPtZPDtlxrjuQgf
RIUHpoIHUV
RJTuZisodGMGspMPd
RJaFdmDroJbpdgxmY
RKOQQONvBezvTf
RLbIkVOflkKayFQRfGvSFvJu
ROIUAAroN
ROhmwgUfsalGsrxPOwQqKK
RTcDaFo
RTlONvhPpqkqK
RZbzQcpiGcHfJFjcAx
RcKWJNOL
RdNYKvqGtRfYtRL
RfGDtnbI
RfobdJRGmootC
RgiPoV
RglZEUdUPVaAWtFYRBGQMR
RjdpdKAs
RoOcQSejjEGzAPZ
RtQLoUHThdtkhtW
RxqygvZsKFu
RyyAQBcKgUscB
RzJfpEnTOsoSwkFMLGopbMQhZ
SCKrFxnYFPzAp
SDrsafTJnKKUGfOYAxO
SGEhiKEhC
SINRoucXULwAKnmgdKmidB
SJJAWNjHYObwrkSLaYdDpz
SKAYuedvVVUXDnmVBPmXzFWk
SLajGpcscWcOmkRiXNfI
SLgogmmcisYTiMyGBQfpXYVyn
SOEMehNAelKrrBvd
SQPCCoMsAOnEvoVlDBphYC

Sections

.text
Size: 129KB - Virtual size: 129KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 62KB - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE

.rsrc
Size: 748KB - Virtual size: 748KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
2023-03-22-some-IOCs-for-Emotet-E4-activity.txt
Electronic form 03.22.2023.one
.one .vbs
W-9 Dt 03.22.2023.one
.one .vbs
doc_0322.one
.one .vbs
form 03.22.2023 Gmail.one
.one .vbs
press to unblock document.vbs
.vbs

Resubmissions

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

Password: infected

d76ae4775a3b5cab14b414b04192c713

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

ntdll

Exports

Exports

Sections

.text Size: 129KB - Virtual size: 129KB

.rdata Size: 62KB - Virtual size: 62KB

.data Size: 6KB - Virtual size: 11KB

.pdata Size: 5KB - Virtual size: 5KB

text Size: 2KB - Virtual size: 2KB

.rsrc Size: 748KB - Virtual size: 748KB

.reloc Size: 3KB - Virtual size: 3KB

Password: infected

Password: infected

d76ae4775a3b5cab14b414b04192c713

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

ntdll

Exports

Exports

Sections

.text Size: 129KB - Virtual size: 129KB

.rdata Size: 62KB - Virtual size: 62KB

.data Size: 6KB - Virtual size: 11KB

.pdata Size: 5KB - Virtual size: 5KB

text Size: 2KB - Virtual size: 2KB

.rsrc Size: 748KB - Virtual size: 748KB

.reloc Size: 3KB - Virtual size: 3KB

Password: infected

Password: infected

d76ae4775a3b5cab14b414b04192c713

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

ntdll

Exports

Exports

Sections

.text Size: 129KB - Virtual size: 129KB

.rdata Size: 62KB - Virtual size: 62KB

.data Size: 6KB - Virtual size: 11KB

.pdata Size: 5KB - Virtual size: 5KB

text Size: 2KB - Virtual size: 2KB

.rsrc Size: 748KB - Virtual size: 748KB

.reloc Size: 3KB - Virtual size: 3KB

.text
Size: 129KB - Virtual size: 129KB

.rdata
Size: 62KB - Virtual size: 62KB

.data
Size: 6KB - Virtual size: 11KB

.pdata
Size: 5KB - Virtual size: 5KB

text
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 748KB - Virtual size: 748KB

.reloc
Size: 3KB - Virtual size: 3KB

.text
Size: 129KB - Virtual size: 129KB

.rdata
Size: 62KB - Virtual size: 62KB

.data
Size: 6KB - Virtual size: 11KB

.pdata
Size: 5KB - Virtual size: 5KB

text
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 748KB - Virtual size: 748KB

.reloc
Size: 3KB - Virtual size: 3KB

.text
Size: 129KB - Virtual size: 129KB

.rdata
Size: 62KB - Virtual size: 62KB

.data
Size: 6KB - Virtual size: 11KB

.pdata
Size: 5KB - Virtual size: 5KB

text
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 748KB - Virtual size: 748KB

.reloc
Size: 3KB - Virtual size: 3KB