laplas | malware[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

malware.zip
Size

75.2MB
MD5

9c5d4fde9036434c02da795d079f0651
SHA1

e57b24f74086c01f46b4d814688415c27a5e0068
SHA256

ffb44a5388958cda3be00af5170e3fa51c5bc59e7b6ea659836417a17594d18c
SHA512

1f956bf4f628553e88850d045cea9a5e09fb43c2a00b6311c4df2245535acfdaf6c5256ece4104df07ed9c69e15a033a2748ad2eaa4f17634ab6e8c32cffda0f
SSDEEP

1572864:jO3K/oykFae+/XkNwJ3ncS9pLkFg4FR40rbvXFahEvRY/Qj:K3K/jkFLobLkl40PvXpK/q

Score

10^/10

rat laplas rhadamanthys aurora dcrat agenttesla

Malware Config

Extracted

Family

laplas

clipper.guru

Attributes

api_key
5ef1aac7b3430729f6cbc95fb4d2d2a62582e7382955ffc87026077cb28ab31e

Extracted

Family

rhadamanthys

http://195.3.223.120/blob/fullidao.tk

http://195.3.223.120/blob/fulliano.tk

http://195.3.223.120/blob/luciano.tk

http://195.3.223.120/blob/gotto.tk

Extracted

Family

aurora

185.239.239.194:8081

Extracted

Family

agenttesla

https://discord.com/api/webhooks/1052047387167838281/ckxOZHqDK9Fs6wm9uehtyNosd3HZGLhQFPhbdBDnWi6cl945WnENSlc0bCmlN0xY5VHH

Signatures

Agenttesla family
agenttesla
Aurora family
aurora

Contains code to disable Windows Defender 1 IoCs

A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.

Processes:

resource	yara_rule
static1/unpack001/PolymodXT.exe	disable_win_def

DCRat payload 2 IoCs

Detects payload of DCRat, commonly dropped by NSIS installers.

rat

Processes:

resource	yara_rule
static1/unpack001/devalt.exe	dcrat
static1/unpack001/limalt.exe	dcrat

Dcrat family
dcrat
Laplas family
laplas
Rhadamanthys family
rhadamanthys

Unsigned PE 25 IoCs

Checks for missing Authenticode signature.

Processes:

resource
unpack001/6523.exe
unpack001/CLEP.exe
unpack001/DCKA.exe
unpack001/DEV.exe
unpack001/DEVMin.exe
unpack001/DevSt.exe
unpack001/Documents-EnemyFrauz.exe
unpack001/IqXYLXKzl6.exe
unpack001/LEMON.exe
unpack001/LIMMin.exe
unpack001/LIMSt.exe
unpack001/LK2.exe
unpack001/NINJA.exe
unpack001/PolymodXT.exe
unpack001/bebra.exe
unpack001/build3.exe
unpack001/devalt.exe
unpack001/limalt.exe
unpack001/miner.exe
unpack001/minerxd.exe
unpack001/purchaseorder.exe
unpack001/svcrun.exe
unpack001/toolspub4.exe
unpack001/upd.exe
unpack001/xxb.exe

Files

malware.zip
.zip
6523.exe
.exe windows x86

d8c39d5ff6edc55fa56f3300f617117e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetConsoleAliasesLengthW
GetNumaProcessorNode
MoveFileExA
SystemTimeToTzSpecificLocalTime
InterlockedDecrement
SetDefaultCommConfigW
GetEnvironmentStringsW
SetConsoleScreenBufferSize
SetVolumeMountPointW
BackupSeek
GetModuleHandleW
GetNumberFormatA
SetFileTime
GetConsoleAliasExesW
GetCommandLineA
GetDriveTypeA
GetEnvironmentStrings
GetPrivateProfileIntA
LoadLibraryW
TerminateThread
FatalAppExitW
ReadConsoleInputA
CopyFileW
SetConsoleCP
GetVolumePathNameA
GetStartupInfoW
CreateJobObjectA
FindFirstFileW
GetCurrentDirectoryW
SetLastError
EnumSystemCodePagesW
LoadLibraryA
OpenMutexA
GetProcessId
LocalAlloc
GetFileType
IsSystemResumeAutomatic
RemoveDirectoryW
GetProfileStringA
FindNextChangeNotification
FindAtomA
GetModuleHandleA
FreeEnvironmentStringsW
FindNextFileW
VirtualProtect
GetCurrentDirectoryA
EnumDateFormatsW
GetShortPathNameW
OpenSemaphoreW
FindAtomW
GetWindowsDirectoryW
FindFirstVolumeW
AddConsoleAliasA
CreateFileW
EnumResourceNamesW
GetComputerNameA
GetLastError
GetCommandLineW
CloseHandle
FlushFileBuffers
MoveFileA
HeapFree
HeapAlloc
GetProcAddress
ExitProcess
DecodePointer
EncodePointer
HeapSetInformation
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
TerminateProcess
GetCurrentProcess
HeapCreate
WriteFile
GetStdHandle
GetModuleFileNameW
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
GetCurrentThreadId
Sleep
HeapSize
SetHandleCount
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
SetFilePointer
WideCharToMultiByte
GetConsoleCP
GetConsoleMode
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
RtlUnwind
HeapReAlloc
SetStdHandle
WriteConsoleW
MultiByteToWideChar
LCMapStringW
GetStringTypeW
IsProcessorFeaturePresent

user32

CharUpperW
GetListBoxInfo

gdi32

SelectPalette
GetTextFaceW
GetCharWidthW

shell32

DragFinish

winhttp

WinHttpWriteData

Sections

.text
Size: 193KB - Virtual size: 193KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 2.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 60KB - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
APP PW 2023.rar
.rar
Amdau.exe
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Code Sign

1f:9f:d6:f1:13:dc:f4:be:4c:10:3b:73:75:e3:d6:c9
Certificate

Issuer

CN=%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_

Not Before

06-08-2023 18:28

Not After

07-08-2033 18:28

Subject

CN=%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_.%_%_%_

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

03-05-2023 00:00

Not After

02-08-2034 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #4,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02-05-2019 00:00

Not After

18-01-2038 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

5e:45:9f:d8:49:a0:e3:9e:fc:ee:22:be:da:d5:8a:ac:30:c6:14:9c:a8:79:cb:61:b0:38:e0:7b:e8:47:8b:4e
Signer

Actual PE Digest

5e:45:9f:d8:49:a0:e3:9e:fc:ee:22:be:da:d5:8a:ac:30:c6:14:9c:a8:79:cb:61:b0:38:e0:7b:e8:47:8b:4e

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 2.2MB - Virtual size: 2.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 983KB - Virtual size: 982KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
CLEP.exe
.exe windows x86

9cbefe68f395e67356e2a5d8d1b285c0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

WriteFile
WriteConsoleW
WaitForMultipleObjects
WaitForSingleObject
VirtualQuery
VirtualFree
VirtualAlloc
SwitchToThread
SuspendThread
SetWaitableTimer
SetUnhandledExceptionFilter
SetProcessPriorityBoost
SetEvent
SetErrorMode
SetConsoleCtrlHandler
ResumeThread
PostQueuedCompletionStatus
LoadLibraryA
LoadLibraryW
SetThreadContext
GetThreadContext
GetSystemInfo
GetSystemDirectoryA
GetStdHandle
GetQueuedCompletionStatusEx
GetProcessAffinityMask
GetProcAddress
GetEnvironmentStringsW
GetConsoleMode
FreeEnvironmentStringsW
ExitProcess
DuplicateHandle
CreateWaitableTimerExW
CreateThread
CreateIoCompletionPort
CreateFileA
CreateEventA
CloseHandle
AddVectoredExceptionHandler

Sections

.text
Size: 2.3MB - Virtual size: 2.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2.0MB - Virtual size: 2.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 211KB - Virtual size: 401KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1024B - Virtual size: 988B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 93KB - Virtual size: 93KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.symtab
Size: 512B - Virtual size: 4B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
DCKA.exe
.exe windows x86

f214c5f744673db93dec4b219265fbc2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetLastError
CloseHandle
IsBadStringPtrA
IsBadCodePtr
GetModuleHandleA
GetQueuedCompletionStatus
FlushFileBuffers
HeapSize
WriteConsoleW
SetStdHandle
RtlUnwind
IsBadReadPtr
VirtualQuery
GetSystemInfo
CreateIoCompletionPort
HeapDestroy
GetProcessHeap
HeapCreate
ExitProcess
GetTickCount
lstrlenA
HeapReAlloc
HeapFree
HeapAlloc
InterlockedIncrement
LoadLibraryW
OutputDebugStringW
LoadLibraryExW
LCMapStringEx
GetStringTypeW
GetCommandLineA
IsDebuggerPresent
EncodePointer
DecodePointer
IsProcessorFeaturePresent
SetLastError
InterlockedDecrement
GetCurrentThreadId
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
MultiByteToWideChar
GetModuleHandleExW
GetProcAddress
GetStdHandle
WriteFile
GetModuleFileNameW
GetFileType
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
InitOnceExecuteOnce
GetStartupInfoW
GetModuleFileNameA
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetTickCount64
GetEnvironmentStringsW
FreeEnvironmentStringsW
WideCharToMultiByte
UnhandledExceptionFilter
SetUnhandledExceptionFilter
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
GetCurrentProcess
TerminateProcess
GetModuleHandleW
EnterCriticalSection
LeaveCriticalSection
GetConsoleCP
GetConsoleMode
SetFilePointerEx
Sleep
CreateFileW

user32

DrawTextW
TranslateMessage
GetMessageW
DispatchMessageW

gdi32

CreateCompatibleDC
SelectPalette
CreatePen
DeleteObject
SetROP2
BitBlt
CreateRectRgn
PathToRegion
CreateCompatibleBitmap
CreateBitmap
DeleteDC

advapi32

GetUserNameW
IsTextUnicode

shell32

CommandLineToArgvW
SHGetFolderPathW
SHGetSpecialFolderPathW

ole32

CoUninitialize
CoInitialize
CoTaskMemFree
CoCreateInstance

shlwapi

PathCompactPathExW
PathMakeSystemFolderW

winmm

PlaySoundW
waveOutGetNumDevs

Sections

.text
Size: 51KB - Virtual size: 51KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 118KB - Virtual size: 117KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
DEV.exe
.exe windows x86

f214c5f744673db93dec4b219265fbc2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetLastError
CloseHandle
IsBadStringPtrA
IsBadCodePtr
GetModuleHandleA
GetQueuedCompletionStatus
FlushFileBuffers
HeapSize
WriteConsoleW
SetStdHandle
RtlUnwind
IsBadReadPtr
VirtualQuery
GetSystemInfo
CreateIoCompletionPort
HeapDestroy
GetProcessHeap
HeapCreate
ExitProcess
GetTickCount
lstrlenA
HeapReAlloc
HeapFree
HeapAlloc
InterlockedIncrement
LoadLibraryW
OutputDebugStringW
LoadLibraryExW
LCMapStringEx
GetStringTypeW
GetCommandLineA
IsDebuggerPresent
EncodePointer
DecodePointer
IsProcessorFeaturePresent
SetLastError
InterlockedDecrement
GetCurrentThreadId
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
MultiByteToWideChar
GetModuleHandleExW
GetProcAddress
GetStdHandle
WriteFile
GetModuleFileNameW
GetFileType
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
InitOnceExecuteOnce
GetStartupInfoW
GetModuleFileNameA
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetTickCount64
GetEnvironmentStringsW
FreeEnvironmentStringsW
WideCharToMultiByte
UnhandledExceptionFilter
SetUnhandledExceptionFilter
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
GetCurrentProcess
TerminateProcess
GetModuleHandleW
EnterCriticalSection
LeaveCriticalSection
GetConsoleCP
GetConsoleMode
SetFilePointerEx
Sleep
CreateFileW

user32

DrawTextW
TranslateMessage
GetMessageW
DispatchMessageW

gdi32

CreateCompatibleDC
SelectPalette
CreatePen
DeleteObject
SetROP2
BitBlt
CreateRectRgn
PathToRegion
CreateCompatibleBitmap
CreateBitmap
DeleteDC

advapi32

GetUserNameW
IsTextUnicode

shell32

CommandLineToArgvW
SHGetFolderPathW
SHGetSpecialFolderPathW

ole32

CoUninitialize
CoInitialize
CoTaskMemFree
CoCreateInstance

shlwapi

PathCompactPathExW
PathMakeSystemFolderW

winmm

PlaySoundW
waveOutGetNumDevs

Sections

.text
Size: 51KB - Virtual size: 51KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 118KB - Virtual size: 117KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
DEVMin.exe
.exe windows x64

c24ea937b2b0d62e829e8a8faeff5a8d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

CreateSemaphoreW
DeleteCriticalSection
EnterCriticalSection
GetLastError
GetModuleFileNameW
GetStartupInfoW
InitializeCriticalSection
IsDBCSLeadByteEx
LeaveCriticalSection
MultiByteToWideChar
ReleaseSemaphore
SetLastError
SetUnhandledExceptionFilter
Sleep
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
VirtualProtect
VirtualQuery
WaitForSingleObject

msvcrt

__C_specific_handler
___lc_codepage_func
___mb_cur_max_func
__iob_func
__set_app_type
__setusermatherr
__wgetmainargs
__winitenv
_amsg_exit
_assert
_cexit
_commode
_errno
_fmode
_initterm
_onexit
_wcmdln
_wcsicmp
_wgetenv
abort
calloc
exit
fprintf
fputwc
free
fwprintf
fwrite
localeconv
malloc
memcpy
memset
realloc
signal
strcat
strerror
strlen
strncmp
strstr
vfprintf
wcscat
wcscpy
wcslen
wcsncmp
wcsstr

Sections

.text
Size: 62KB - Virtual size: 61KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3.5MB - Virtual size: 3.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 3KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 104B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 904B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 148B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
DevSt.exe
.exe windows x64

9cbefe68f395e67356e2a5d8d1b285c0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

WriteFile
WriteConsoleW
WaitForMultipleObjects
WaitForSingleObject
VirtualQuery
VirtualFree
VirtualAlloc
SwitchToThread
SuspendThread
SetWaitableTimer
SetUnhandledExceptionFilter
SetProcessPriorityBoost
SetEvent
SetErrorMode
SetConsoleCtrlHandler
ResumeThread
PostQueuedCompletionStatus
LoadLibraryA
LoadLibraryW
SetThreadContext
GetThreadContext
GetSystemInfo
GetSystemDirectoryA
GetStdHandle
GetQueuedCompletionStatusEx
GetProcessAffinityMask
GetProcAddress
GetEnvironmentStringsW
GetConsoleMode
FreeEnvironmentStringsW
ExitProcess
DuplicateHandle
CreateWaitableTimerExW
CreateThread
CreateIoCompletionPort
CreateFileA
CreateEventA
CloseHandle
AddVectoredExceptionHandler

Sections

.text
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 224KB - Virtual size: 610KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.symtab
Size: 512B - Virtual size: 4B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Documents-EnemyFrauz.exe
.exe windows x64

4dc7a7765a97318d45b0210b0d408b04

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

WriteProcessMemory
WaitForSingleObject
ResumeThread
LoadLibraryA
GetModuleFileNameA
GetProcAddress
FreeLibrary
SetThreadContext
HeapSize
VirtualAlloc
GetThreadContext
VirtualFree
SetStdHandle
WideCharToMultiByte
GetLastError
GetModuleHandleExW
CreateFileW
FindClose
FindFirstFileExW
FindNextFileW
CloseHandle
GetModuleHandleW
MultiByteToWideChar
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
WakeAllConditionVariable
SleepConditionVariableSRW
IsProcessorFeaturePresent
RtlPcToFileHeader
RaiseException
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
EncodePointer
DecodePointer
LCMapStringEx
InitializeSRWLock
TryAcquireSRWLockExclusive
GetCurrentThreadId
InitializeConditionVariable
WakeConditionVariable
QueryPerformanceCounter
GetStringTypeW
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
GetSystemTimeAsFileTime
GetCPInfo
InitializeCriticalSectionAndSpinCount
CreateEventW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
GetCurrentProcessId
InitializeSListHead
GetCurrentProcess
TerminateProcess
RtlUnwindEx
SetLastError
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
RtlUnwind
ExitProcess
GetModuleFileNameW
GetStdHandle
WriteFile
HeapAlloc
HeapFree
GetFileType
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
FlushFileBuffers
GetConsoleOutputCP
GetConsoleMode
ReadFile
GetFileSizeEx
SetFilePointerEx
ReadConsoleW
HeapReAlloc
IsValidCodePage
GetACP
GetOEMCP
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetProcessHeap
WriteConsoleW

advapi32

RegOpenKeyExW
RegCloseKey

wininet

InternetGetConnectedState

Sections

.text
Size: 181KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 199KB - Virtual size: 198KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.byteSec
Size: 733KB - Virtual size: 733KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IqXYLXKzl6.exe
.exe windows x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

.text
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
LEMON.exe
.exe windows x86

f214c5f744673db93dec4b219265fbc2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetLastError
CloseHandle
IsBadStringPtrA
IsBadCodePtr
GetModuleHandleA
GetQueuedCompletionStatus
FlushFileBuffers
HeapSize
WriteConsoleW
SetStdHandle
RtlUnwind
IsBadReadPtr
VirtualQuery
GetSystemInfo
CreateIoCompletionPort
HeapDestroy
GetProcessHeap
HeapCreate
ExitProcess
GetTickCount
lstrlenA
HeapReAlloc
HeapFree
HeapAlloc
InterlockedIncrement
LoadLibraryW
OutputDebugStringW
LoadLibraryExW
LCMapStringEx
GetStringTypeW
GetCommandLineA
IsDebuggerPresent
EncodePointer
DecodePointer
IsProcessorFeaturePresent
SetLastError
InterlockedDecrement
GetCurrentThreadId
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
MultiByteToWideChar
GetModuleHandleExW
GetProcAddress
GetStdHandle
WriteFile
GetModuleFileNameW
GetFileType
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
InitOnceExecuteOnce
GetStartupInfoW
GetModuleFileNameA
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetTickCount64
GetEnvironmentStringsW
FreeEnvironmentStringsW
WideCharToMultiByte
UnhandledExceptionFilter
SetUnhandledExceptionFilter
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
GetCurrentProcess
TerminateProcess
GetModuleHandleW
EnterCriticalSection
LeaveCriticalSection
GetConsoleCP
GetConsoleMode
SetFilePointerEx
Sleep
CreateFileW

user32

DrawTextW
TranslateMessage
GetMessageW
DispatchMessageW

gdi32

CreateCompatibleDC
SelectPalette
CreatePen
DeleteObject
SetROP2
BitBlt
CreateRectRgn
PathToRegion
CreateCompatibleBitmap
CreateBitmap
DeleteDC

advapi32

GetUserNameW
IsTextUnicode

shell32

CommandLineToArgvW
SHGetFolderPathW
SHGetSpecialFolderPathW

ole32

CoUninitialize
CoInitialize
CoTaskMemFree
CoCreateInstance

shlwapi

PathCompactPathExW
PathMakeSystemFolderW

winmm

PlaySoundW
waveOutGetNumDevs

Sections

.text
Size: 51KB - Virtual size: 51KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 118KB - Virtual size: 117KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
LIMMin.exe
.exe windows x64

c24ea937b2b0d62e829e8a8faeff5a8d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

CreateSemaphoreW
DeleteCriticalSection
EnterCriticalSection
GetLastError
GetModuleFileNameW
GetStartupInfoW
InitializeCriticalSection
IsDBCSLeadByteEx
LeaveCriticalSection
MultiByteToWideChar
ReleaseSemaphore
SetLastError
SetUnhandledExceptionFilter
Sleep
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
VirtualProtect
VirtualQuery
WaitForSingleObject

msvcrt

__C_specific_handler
___lc_codepage_func
___mb_cur_max_func
__iob_func
__set_app_type
__setusermatherr
__wgetmainargs
__winitenv
_amsg_exit
_assert
_cexit
_commode
_errno
_fmode
_initterm
_onexit
_wcmdln
_wcsicmp
_wgetenv
abort
calloc
exit
fprintf
fputwc
free
fwprintf
fwrite
localeconv
malloc
memcpy
memset
realloc
signal
strcat
strerror
strlen
strncmp
strstr
vfprintf
wcscat
wcscpy
wcslen
wcsncmp
wcsstr

Sections

.text
Size: 62KB - Virtual size: 61KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3.5MB - Virtual size: 3.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 3KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 104B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 904B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 148B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
LIMSt.exe
.exe windows x64

9cbefe68f395e67356e2a5d8d1b285c0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

WriteFile
WriteConsoleW
WaitForMultipleObjects
WaitForSingleObject
VirtualQuery
VirtualFree
VirtualAlloc
SwitchToThread
SuspendThread
SetWaitableTimer
SetUnhandledExceptionFilter
SetProcessPriorityBoost
SetEvent
SetErrorMode
SetConsoleCtrlHandler
ResumeThread
PostQueuedCompletionStatus
LoadLibraryA
LoadLibraryW
SetThreadContext
GetThreadContext
GetSystemInfo
GetSystemDirectoryA
GetStdHandle
GetQueuedCompletionStatusEx
GetProcessAffinityMask
GetProcAddress
GetEnvironmentStringsW
GetConsoleMode
FreeEnvironmentStringsW
ExitProcess
DuplicateHandle
CreateWaitableTimerExW
CreateThread
CreateIoCompletionPort
CreateFileA
CreateEventA
CloseHandle
AddVectoredExceptionHandler

Sections

.text
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 224KB - Virtual size: 610KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.symtab
Size: 512B - Virtual size: 4B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
LK2.exe
.exe windows x86

f214c5f744673db93dec4b219265fbc2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetLastError
CloseHandle
IsBadStringPtrA
IsBadCodePtr
GetModuleHandleA
GetQueuedCompletionStatus
FlushFileBuffers
HeapSize
WriteConsoleW
SetStdHandle
RtlUnwind
IsBadReadPtr
VirtualQuery
GetSystemInfo
CreateIoCompletionPort
HeapDestroy
GetProcessHeap
HeapCreate
ExitProcess
GetTickCount
lstrlenA
HeapReAlloc
HeapFree
HeapAlloc
InterlockedIncrement
LoadLibraryW
OutputDebugStringW
LoadLibraryExW
LCMapStringEx
GetStringTypeW
GetCommandLineA
IsDebuggerPresent
EncodePointer
DecodePointer
IsProcessorFeaturePresent
SetLastError
InterlockedDecrement
GetCurrentThreadId
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
MultiByteToWideChar
GetModuleHandleExW
GetProcAddress
GetStdHandle
WriteFile
GetModuleFileNameW
GetFileType
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
InitOnceExecuteOnce
GetStartupInfoW
GetModuleFileNameA
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetTickCount64
GetEnvironmentStringsW
FreeEnvironmentStringsW
WideCharToMultiByte
UnhandledExceptionFilter
SetUnhandledExceptionFilter
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
GetCurrentProcess
TerminateProcess
GetModuleHandleW
EnterCriticalSection
LeaveCriticalSection
GetConsoleCP
GetConsoleMode
SetFilePointerEx
Sleep
CreateFileW

user32

DrawTextW
TranslateMessage
GetMessageW
DispatchMessageW

gdi32

CreateCompatibleDC
SelectPalette
CreatePen
DeleteObject
SetROP2
BitBlt
CreateRectRgn
PathToRegion
CreateCompatibleBitmap
CreateBitmap
DeleteDC

advapi32

GetUserNameW
IsTextUnicode

shell32

CommandLineToArgvW
SHGetFolderPathW
SHGetSpecialFolderPathW

ole32

CoUninitialize
CoInitialize
CoTaskMemFree
CoCreateInstance

shlwapi

PathCompactPathExW
PathMakeSystemFolderW

winmm

PlaySoundW
waveOutGetNumDevs

Sections

.text
Size: 51KB - Virtual size: 51KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 118KB - Virtual size: 117KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
NINJA.exe
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Sections

aHc
Size: - Virtual size: 956KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Security
Size: 360KB - Virtual size: 364KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 456KB - Virtual size: 456KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
PolymodXT.exe
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 548KB - Virtual size: 547KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Screen Recorder.zip
.zip
UM.exe
.exe windows x64

3f4cad0f6f9ab5e448d0c4645ddf2b58

Code Sign

d6:bc:8c:30:ad:7b:b6:46:8a:ad:f3:a2:91:e8:25:96
Certificate

Issuer

CN=Installrox Inc\ ,C=CN

Not Before

16-09-2023 06:55

Not After

16-09-2024 06:55

Subject

CN=Installrox Inc\ ,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

03-05-2023 00:00

Not After

02-08-2034 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #4,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02-05-2019 00:00

Not After

18-01-2038 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

bd:ca:60:cb:40:7a:4e:21:14:26:b8:92:f3:0a:4b:22:79:a7:f4:88:9b:1d:a9:a6:7d:73:9b:20:0a:3a:0c:80
Signer

Actual PE Digest

bd:ca:60:cb:40:7a:4e:21:14:26:b8:92:f3:0a:4b:22:79:a7:f4:88:9b:1d:a9:a6:7d:73:9b:20:0a:3a:0c:80

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

TerminateProcess
Wow64SetThreadContext
Wow64GetThreadContext
GetModuleHandleA
GetProcAddress
VirtualAllocEx
CreateProcessA
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
EncodePointer
DecodePointer
MultiByteToWideChar
WideCharToMultiByte
LCMapStringEx
GetStringTypeW
GetCPInfo
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
CreateFileW
RtlPcToFileHeader
RaiseException
RtlUnwindEx
GetLastError
SetLastError
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
RtlUnwind
GetStdHandle
WriteFile
GetModuleFileNameW
ExitProcess
GetModuleHandleExW
GetCommandLineA
GetCommandLineW
HeapFree
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
HeapAlloc
GetFileType
CloseHandle
FlushFileBuffers
GetConsoleOutputCP
GetConsoleMode
ReadFile
GetFileSizeEx
SetFilePointerEx
ReadConsoleW
HeapReAlloc
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
SetStdHandle
GetProcessHeap
HeapSize
WriteConsoleW

Sections

.text
Size: 1.9MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 70KB - Virtual size: 69KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Use_1234_As_PassWord.rar
.rar
bebra.exe
.exe windows x64

57c9b357ae0cb2f414b0a5873e2f216d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

AddVectoredExceptionHandler
AreFileApisANSI
CloseHandle
CreateEventA
CreateFileA
CreateFileMappingA
CreateFileMappingW
CreateFileW
CreateIoCompletionPort
CreateMutexW
CreateThread
CreateWaitableTimerA
CreateWaitableTimerExW
DeleteCriticalSection
DeleteFileA
DeleteFileW
DuplicateHandle
EnterCriticalSection
ExitProcess
FlushFileBuffers
FlushViewOfFile
FormatMessageA
FormatMessageW
FreeEnvironmentStringsW
FreeLibrary
GetConsoleMode
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetDiskFreeSpaceA
GetDiskFreeSpaceW
GetEnvironmentStringsW
GetFileAttributesA
GetFileAttributesExW
GetFileAttributesW
GetFileSize
GetFullPathNameA
GetFullPathNameW
GetLastError
GetProcAddress
GetProcessAffinityMask
GetProcessHeap
GetQueuedCompletionStatusEx
GetStartupInfoA
GetStdHandle
GetSystemDirectoryA
GetSystemInfo
GetSystemTime
GetSystemTimeAsFileTime
GetTempPathA
GetTempPathW
GetThreadContext
GetTickCount
GetVersionExA
GetVersionExW
HeapAlloc
HeapCompact
HeapCreate
HeapDestroy
HeapFree
HeapReAlloc
HeapSize
HeapValidate
InitializeCriticalSection
LeaveCriticalSection
LoadLibraryA
LoadLibraryW
LocalFree
LockFile
LockFileEx
MapViewOfFile
MultiByteToWideChar
OutputDebugStringA
OutputDebugStringW
PostQueuedCompletionStatus
QueryPerformanceCounter
ReadFile
ResumeThread
RtlAddFunctionTable
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
SetConsoleCtrlHandler
SetEndOfFile
SetErrorMode
SetEvent
SetFilePointer
SetProcessPriorityBoost
SetThreadContext
SetUnhandledExceptionFilter
SetWaitableTimer
Sleep
SuspendThread
SwitchToThread
SystemTimeToFileTime
TerminateProcess
TlsGetValue
TryEnterCriticalSection
UnhandledExceptionFilter
UnlockFile
UnlockFileEx
UnmapViewOfFile
VirtualAlloc
VirtualFree
VirtualProtect
VirtualQuery
WaitForMultipleObjects
WaitForSingleObject
WaitForSingleObjectEx
WideCharToMultiByte
WriteConsoleW
WriteFile
__C_specific_handler

msvcrt

__getmainargs
__initenv
__iob_func
__lconv_init
__set_app_type
__setusermatherr
_acmdln
_amsg_exit
_beginthread
_beginthreadex
_cexit
_endthreadex
_errno
_fmode
_initterm
_localtime64
_onexit
abort
calloc
exit
fprintf
free
fwrite
malloc
memcmp
memcpy
memmove
memset
qsort
realloc
signal
strcmp
strcspn
strlen
strncmp
strrchr
vfprintf

Exports

Exports

_cgo_dummy_export
authorizerTrampoline
callbackTrampoline
commitHookTrampoline
compareTrampoline
doneTrampoline
preUpdateHookTrampoline
rollbackHookTrampoline
stepTrampoline
updateHookTrampoline

Sections

.text
Size: 5.6MB - Virtual size: 5.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 279KB - Virtual size: 278KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 7.8MB - Virtual size: 7.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 424KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 345B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 104B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 103KB - Virtual size: 102KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
build3.exe
.exe windows x86

d9015199fc550f4d12cfbd6fab74e595

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LoadLibraryW
GetProcAddress
WaitForSingleObject
CloseHandle
ExitProcess
CreateProcessW
CopyFileW
Sleep
GlobalFree

shell32

SHGetFolderPathW

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 96B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 556B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
desktopditor.exe
.exe windows x86

c8e7d8e8eda3f0c9c15232c22130645b

Code Sign

48:1b:6a:07:a9:42:4c:1e:aa:fe:f3:cd:f1:0f
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

15-06-2016 00:00

Not After

15-06-2024 00:00

Subject

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageOCSPSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

46:2b:7a:9b:55:45:2a:7a:d4:9b:eb:73
Certificate

Issuer

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Not Before

14-01-2021 16:44

Not After

15-01-2024 16:44

Subject

SERIALNUMBER=0831950,CN=TRACKER SOFTWARE PRODUCTS (CANADA) LIMITED,O=TRACKER SOFTWARE PRODUCTS (CANADA) LIMITED,STREET=9622 Chemainus Rd,L=Chemainus,ST=British Columbia,C=CA,1.3.6.1.4.1.311.60.2.1.2=#13104272697469736820436f6c756d626961,1.3.6.1.4.1.311.60.2.1.3=#13024341,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-01-2021 00:00

Not After

06-01-2031 00:00

Subject

CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07-01-2016 12:00

Not After

07-01-2031 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

48:1b:6a:07:a9:42:4c:1e:aa:fe:f3:cd:f1:0f
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

15-06-2016 00:00

Not After

15-06-2024 00:00

Subject

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageOCSPSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

46:2b:7a:9b:55:45:2a:7a:d4:9b:eb:73
Certificate

Issuer

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Not Before

14-01-2021 16:44

Not After

15-01-2024 16:44

Subject

SERIALNUMBER=0831950,CN=TRACKER SOFTWARE PRODUCTS (CANADA) LIMITED,O=TRACKER SOFTWARE PRODUCTS (CANADA) LIMITED,STREET=9622 Chemainus Rd,L=Chemainus,ST=British Columbia,C=CA,1.3.6.1.4.1.311.60.2.1.2=#13104272697469736820436f6c756d626961,1.3.6.1.4.1.311.60.2.1.3=#13024341,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-01-2021 00:00

Not After

06-01-2031 00:00

Subject

CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07-01-2016 12:00

Not After

07-01-2031 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

8d:d4:0c:26:cc:65:e6:96:5f:54:53:12:d7:37:ee:64:4f:85:89:f6:80:cf:87:4f:4c:5a:93:6c:73:ce:b0:8c
Signer

Actual PE Digest

8d:d4:0c:26:cc:65:e6:96:5f:54:53:12:d7:37:ee:64:4f:85:89:f6:80:cf:87:4f:4c:5a:93:6c:73:ce:b0:8c

Digest Algorithm

sha256

PE Digest Matches

false

fc:91:43:1f:f3:08:8b:9b:4e:1c:04:10:24:06:99:e7:71:a4:82:d0
Signer

Actual PE Digest

fc:91:43:1f:f3:08:8b:9b:4e:1c:04:10:24:06:99:e7:71:a4:82:d0

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrcmpA
WriteConsoleW
AttachConsole
FreeConsole
MultiByteToWideChar
SystemTimeToFileTime
lstrlenW
SetThreadPriority
lstrcpyA
IsBadReadPtr
lstrcmpiW
LocalFree
LoadLibraryExW
GetProcAddress
GetModuleHandleW
IsBadWritePtr
GlobalSize
SetFilePointer
DuplicateHandle
SetCriticalSectionSpinCount
EnumSystemLocalesEx
LocaleNameToLCID
TryAcquireSRWLockShared
TryAcquireSRWLockExclusive
AcquireSRWLockShared
ReleaseSRWLockShared
CreateFileMappingW
MoveFileW
GetOverlappedResult
GetModuleFileNameW
FreeLibrary
GetSystemTime
CloseHandle
GetStdHandle
InitializeCriticalSectionEx
GetLastError
RaiseException
DecodePointer
GetUserDefaultLangID
GetLocaleInfoW
GlobalFree
GlobalLock
GlobalUnlock
GlobalAlloc
FindResourceW
VirtualAlloc
VirtualFree
InitializeCriticalSection
GetModuleHandleA
FormatMessageA
FormatMessageW
WideCharToMultiByte
ReleaseMutex
WaitForSingleObject
CreateMutexA
GetCurrentProcessId
GetSystemInfo
MapViewOfFile
UnmapViewOfFile
CreateFileMappingA
GetNumberFormatW
GetCurrentProcess
GetVersionExA
VirtualQuery
CreateDirectoryW
DeleteFileW
FindClose
FindFirstFileW
FindNextFileW
SizeofResource
RemoveDirectoryW
GetTempPathW
CreateMutexW
GetCurrentThread
GetSystemTimeAsFileTime
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
GetTimeZoneInformation
GetDateFormatW
GetTimeFormatW
CompareStringW
QueryPerformanceCounter
lstrlenA
MulDiv
SetLastError
GetTickCount
FileTimeToDosDateTime
GetComputerNameExW
ExpandEnvironmentStringsW
SetFileAttributesW
Sleep
CopyFileExW
GetDiskFreeSpaceExW
GetFileTime
GetTempFileNameW
SetFileTime
CopyFileW
MoveFileExW
FileTimeToLocalFileTime
DosDateTimeToFileTime
LoadLibraryW
TryEnterCriticalSection
SetEvent
ResetEvent
CreateEventW
WaitForMultipleObjects
GlobalReAlloc
FindResourceExW
lstrcmpW
CompareFileTime
CreateFileW
GetFileSizeEx
ReadFile
SetEndOfFile
WriteFile
IsDebuggerPresent
OutputDebugStringW
EncodePointer
InitializeSListHead
InterlockedPopEntrySList
InterlockedPushEntrySList
FlushInstructionCache
IsProcessorFeaturePresent
LoadLibraryExA
GetStringTypeW
WaitForSingleObjectEx
InitializeSRWLock
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
InitializeConditionVariable
WakeConditionVariable
WakeAllConditionVariable
SleepConditionVariableCS
SleepConditionVariableSRW
GetCPInfo
QueryPerformanceFrequency
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
GetStartupInfoW
RtlUnwind
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
CreateThread
ExitThread
FreeLibraryAndExitThread
GetModuleHandleExW
VirtualProtect
ExitProcess
GetFileType
LCMapStringW
SetFilePointerEx
FindFirstFileExW
IsValidCodePage
GetACP
GetOEMCP
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
SetStdHandle
FlushFileBuffers
GetConsoleOutputCP
GetConsoleMode
ReadConsoleW
LockResource
LoadResource
FreeResource
GetCurrentThreadId
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
GetFileAttributesW
HeapDestroy

user32

EmptyClipboard
SetClipboardData
CloseClipboard
OpenClipboard
wsprintfW
PeekMessageW
GetMessageW
InsertMenuW
GetSubMenu
UnregisterClassW
DefWindowProcW
DestroyWindow
CharNextW
DestroyMenu
CreatePopupMenu
LoadMenuW
MessageBoxW
FillRect
SetCursor
GetSystemMetrics
IsWindowEnabled
ScreenToClient
ClientToScreen
TrackPopupMenu
RedrawWindow
InvalidateRect
LoadCursorW
BeginPaint
ReleaseDC
GetWindowDC
GetDC
TrackPopupMenuEx
SetFocus
LoadImageW
wsprintfA
DialogBoxParamW
SetWindowLongW
GetDesktopWindow
IsWindow
EndDialog
IsWindowVisible
MoveWindow
ShowWindow
CreateWindowExW
GetClassInfoExW
RegisterClassExW
CallWindowProcW
PostMessageW
GetMonitorInfoW
MonitorFromWindow
GetWindow
GetParent
GetWindowLongW
MapWindowPoints
GetWindowRect
GetClientRect
SetWindowTextW
GetSysColorBrush
GetSysColor
SetMenuDefaultItem
GetDlgCtrlID
EnableWindow
SetForegroundWindow
MonitorFromPoint
DrawIconEx
DestroyIcon
CheckMenuRadioItem
GetClassLongW
OffsetRect
IsClipboardFormatAvailable
RegisterClipboardFormatW
GetClipboardData
CharLowerBuffA
InflateRect
EndPaint
GetDlgItem
SetWindowPos
SendMessageW
CopyRect
GetActiveWindow
IntersectRect
PostThreadMessageW

advapi32

RegEnumValueW
LsaLookupNames2
RegSetValueExW
RegQueryInfoKeyW
RegOpenKeyExW
RegEnumKeyExW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
RegCloseKey
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
OpenProcessToken
OpenThreadToken
GetSidIdentifierAuthority
GetSidSubAuthority
GetTokenInformation
RegQueryValueExW
RegDeleteTreeW
RegSetValueExA
GetLengthSid
LsaFreeMemory
LsaClose
LsaOpenPolicy

shell32

SHGetFolderPathW
SHBrowseForFolderW
SHGetPathFromIDListW
SHFileOperationW
ord727
SHGetFileInfoW
CommandLineToArgvW

ole32

CoTaskMemFree
CoInitialize
CoSetProxyBlanket
CoInitializeEx
IIDFromString
CreateStreamOnHGlobal
CoGetApartmentType
CoCreateGuid
CoInitializeSecurity
OleRun
CLSIDFromProgID
GetHGlobalFromStream
CoUninitialize
CoCreateInstance
CoTaskMemAlloc
StringFromGUID2
CoTaskMemRealloc

oleaut32

SafeArrayUnaccessData
GetErrorInfo
VarDecCmp
VarDecFromStr
VarDateFromStr
VarR8FromStr
VarI4FromStr
SysStringByteLen
SysAllocStringLen
SysAllocStringByteLen
LoadRegTypeLi
LoadTypeLi
VariantChangeType
VariantCopy
VariantClear
VariantInit
SysStringLen
SafeArrayAccessData
VarUI4FromStr
SysFreeString
VariantCopyInd
SysAllocString

shlwapi

PathIsURLW
SHDeleteKeyW
StrToIntW
StrRChrW
ord156
StrStrIW
PathCanonicalizeW
StrFormatByteSizeW

comctl32

_TrackMouseEvent
ImageList_LoadImageW
InitCommonControlsEx

uxtheme

GetThemeInt
OpenThemeData
SetWindowTheme
DrawThemeParentBackground
CloseThemeData
IsThemeActive
DrawThemeBackground

rpcrt4

UuidFromStringW

wininet

InternetAttemptConnect
InternetSetCookieW
HttpEndRequestW
HttpSendRequestExW
HttpAddRequestHeadersW
FtpOpenFileW
InternetSetStatusCallbackW
InternetQueryOptionW
InternetQueryDataAvailable
InternetWriteFile
FtpRemoveDirectoryW
FtpCreateDirectoryW
FtpRenameFileW
FtpDeleteFileW
FtpPutFileW
FtpFindFirstFileW
InternetFindNextFileW
InternetCrackUrlW
HttpQueryInfoW
HttpSendRequestW
HttpOpenRequestW
InternetGetLastResponseInfoW
InternetCloseHandle
InternetConnectW
InternetOpenW
InternetSetOptionW
InternetReadFile

gdi32

GetMetaFileBitsEx
RealizePalette
SelectPalette
SetDIBitsToDevice
GetDeviceCaps
StretchDIBits
GetEnhMetaFileBits
GetDIBits
CreateRectRgnIndirect
BitBlt
CreatePalette
StretchBlt
Polygon
CreatePen
CreateCompatibleDC
CreateCompatibleBitmap
GetTextMetricsW
SelectObject
GetStockObject
ExcludeClipRect
DeleteObject
DeleteDC
CombineRgn
ExtTextOutW
SetBkColor
CopyEnhMetaFileW
SetStretchBltMode
SetWinMetaFileBits
GetEnhMetaFileHeader
SetEnhMetaFileBits
DeleteEnhMetaFile
GdiFlush
LPtoDP
DPtoLP
GetObjectW
CreateDIBSection
PlayEnhMetaFile

comdlg32

CommDlgExtendedError
GetSaveFileNameW
GetOpenFileNameW

Sections

.text
Size: 2.5MB - Virtual size: 2.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 882KB - Virtual size: 881KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 27KB - Virtual size: 469KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 100KB - Virtual size: 100KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
devalt.exe
.exe windows x86

fcf1390e9ce472c7270447fc5c61a0c1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetLastError
SetLastError
FormatMessageW
GetCurrentProcess
DeviceIoControl
SetFileTime
CloseHandle
CreateDirectoryW
RemoveDirectoryW
CreateFileW
DeleteFileW
CreateHardLinkW
GetShortPathNameW
GetLongPathNameW
MoveFileW
GetFileType
GetStdHandle
WriteFile
ReadFile
FlushFileBuffers
SetEndOfFile
SetFilePointer
SetFileAttributesW
GetFileAttributesW
FindClose
FindFirstFileW
FindNextFileW
GetVersionExW
GetCurrentDirectoryW
GetFullPathNameW
FoldStringW
GetModuleFileNameW
GetModuleHandleW
FindResourceW
FreeLibrary
GetProcAddress
GetCurrentProcessId
ExitProcess
SetThreadExecutionState
Sleep
LoadLibraryW
GetSystemDirectoryW
CompareStringW
AllocConsole
FreeConsole
AttachConsole
WriteConsoleW
GetProcessAffinityMask
CreateThread
SetThreadPriority
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
SetEvent
ResetEvent
ReleaseSemaphore
WaitForSingleObject
CreateEventW
CreateSemaphoreW
GetSystemTime
SystemTimeToTzSpecificLocalTime
TzSpecificLocalTimeToSystemTime
SystemTimeToFileTime
FileTimeToLocalFileTime
LocalFileTimeToFileTime
FileTimeToSystemTime
GetCPInfo
IsDBCSLeadByte
MultiByteToWideChar
WideCharToMultiByte
GlobalAlloc
LockResource
GlobalLock
GlobalUnlock
GlobalFree
LoadResource
SizeofResource
SetCurrentDirectoryW
GetExitCodeProcess
GetLocalTime
GetTickCount
MapViewOfFile
UnmapViewOfFile
CreateFileMappingW
OpenFileMappingW
GetCommandLineW
SetEnvironmentVariableW
ExpandEnvironmentStringsW
GetTempPathW
MoveFileExW
GetLocaleInfoW
GetTimeFormatW
GetDateFormatW
GetNumberFormatW
SetFilePointerEx
GetConsoleMode
GetConsoleCP
HeapSize
SetStdHandle
GetProcessHeap
RaiseException
GetSystemInfo
VirtualProtect
VirtualQuery
LoadLibraryExA
IsProcessorFeaturePresent
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
QueryPerformanceCounter
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
TerminateProcess
RtlUnwind
EncodePointer
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
QueryPerformanceFrequency
GetModuleHandleExW
GetModuleFileNameA
GetACP
HeapFree
HeapAlloc
HeapReAlloc
GetStringTypeW
LCMapStringW
FindFirstFileExA
FindNextFileA
IsValidCodePage
GetOEMCP
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
DecodePointer

gdiplus

GdiplusShutdown
GdiplusStartup
GdipCreateHBITMAPFromBitmap
GdipCreateBitmapFromStreamICM
GdipCreateBitmapFromStream
GdipDisposeImage
GdipCloneImage
GdipFree
GdipAlloc

Sections

.text
Size: 196KB - Virtual size: 196KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 42KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 141KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.didat
Size: 512B - Virtual size: 392B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 56KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
get3.exe
.exe windows x64

3f4cad0f6f9ab5e448d0c4645ddf2b58

Code Sign

94:bf:0b:6d:c6:34:da:ee:b4:70:0a:e9:38:eb:56:80
Certificate

Issuer

CN=Installrox Inc\ ,C=CN

Not Before

16-09-2023 06:59

Not After

16-09-2024 06:59

Subject

CN=Installrox Inc\ ,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

03-05-2023 00:00

Not After

02-08-2034 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #4,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02-05-2019 00:00

Not After

18-01-2038 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

a9:4e:51:47:1d:01:d6:87:83:44:f3:5f:8b:8e:bb:4b:29:ba:59:0d:8a:a6:bc:a8:f5:f4:61:de:fb:fd:da:83
Signer

Actual PE Digest

a9:4e:51:47:1d:01:d6:87:83:44:f3:5f:8b:8e:bb:4b:29:ba:59:0d:8a:a6:bc:a8:f5:f4:61:de:fb:fd:da:83

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

TerminateProcess
Wow64SetThreadContext
Wow64GetThreadContext
GetModuleHandleA
GetProcAddress
VirtualAllocEx
CreateProcessA
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
EncodePointer
DecodePointer
MultiByteToWideChar
WideCharToMultiByte
LCMapStringEx
GetStringTypeW
GetCPInfo
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
CreateFileW
RtlPcToFileHeader
RaiseException
RtlUnwindEx
GetLastError
SetLastError
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
RtlUnwind
GetStdHandle
WriteFile
GetModuleFileNameW
ExitProcess
GetModuleHandleExW
GetCommandLineA
GetCommandLineW
HeapFree
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
HeapAlloc
GetFileType
CloseHandle
FlushFileBuffers
GetConsoleOutputCP
GetConsoleMode
ReadFile
GetFileSizeEx
SetFilePointerEx
ReadConsoleW
HeapReAlloc
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
SetStdHandle
GetProcessHeap
HeapSize
WriteConsoleW

Sections

.text
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 70KB - Virtual size: 69KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
limalt.exe
.exe windows x86

fcf1390e9ce472c7270447fc5c61a0c1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetLastError
SetLastError
FormatMessageW
GetCurrentProcess
DeviceIoControl
SetFileTime
CloseHandle
CreateDirectoryW
RemoveDirectoryW
CreateFileW
DeleteFileW
CreateHardLinkW
GetShortPathNameW
GetLongPathNameW
MoveFileW
GetFileType
GetStdHandle
WriteFile
ReadFile
FlushFileBuffers
SetEndOfFile
SetFilePointer
SetFileAttributesW
GetFileAttributesW
FindClose
FindFirstFileW
FindNextFileW
GetVersionExW
GetCurrentDirectoryW
GetFullPathNameW
FoldStringW
GetModuleFileNameW
GetModuleHandleW
FindResourceW
FreeLibrary
GetProcAddress
GetCurrentProcessId
ExitProcess
SetThreadExecutionState
Sleep
LoadLibraryW
GetSystemDirectoryW
CompareStringW
AllocConsole
FreeConsole
AttachConsole
WriteConsoleW
GetProcessAffinityMask
CreateThread
SetThreadPriority
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
SetEvent
ResetEvent
ReleaseSemaphore
WaitForSingleObject
CreateEventW
CreateSemaphoreW
GetSystemTime
SystemTimeToTzSpecificLocalTime
TzSpecificLocalTimeToSystemTime
SystemTimeToFileTime
FileTimeToLocalFileTime
LocalFileTimeToFileTime
FileTimeToSystemTime
GetCPInfo
IsDBCSLeadByte
MultiByteToWideChar
WideCharToMultiByte
GlobalAlloc
LockResource
GlobalLock
GlobalUnlock
GlobalFree
LoadResource
SizeofResource
SetCurrentDirectoryW
GetExitCodeProcess
GetLocalTime
GetTickCount
MapViewOfFile
UnmapViewOfFile
CreateFileMappingW
OpenFileMappingW
GetCommandLineW
SetEnvironmentVariableW
ExpandEnvironmentStringsW
GetTempPathW
MoveFileExW
GetLocaleInfoW
GetTimeFormatW
GetDateFormatW
GetNumberFormatW
SetFilePointerEx
GetConsoleMode
GetConsoleCP
HeapSize
SetStdHandle
GetProcessHeap
RaiseException
GetSystemInfo
VirtualProtect
VirtualQuery
LoadLibraryExA
IsProcessorFeaturePresent
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
QueryPerformanceCounter
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
TerminateProcess
RtlUnwind
EncodePointer
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
QueryPerformanceFrequency
GetModuleHandleExW
GetModuleFileNameA
GetACP
HeapFree
HeapAlloc
HeapReAlloc
GetStringTypeW
LCMapStringW
FindFirstFileExA
FindNextFileA
IsValidCodePage
GetOEMCP
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
DecodePointer

gdiplus

GdiplusShutdown
GdiplusStartup
GdipCreateHBITMAPFromBitmap
GdipCreateBitmapFromStreamICM
GdipCreateBitmapFromStream
GdipDisposeImage
GdipCloneImage
GdipFree
GdipAlloc

Sections

.text
Size: 196KB - Virtual size: 196KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 42KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 141KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.didat
Size: 512B - Virtual size: 392B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 56KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
miner.exe
.exe windows x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

.text
Size: 566KB - Virtual size: 565KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
minerxd.exe
.exe windows x64

0fdd3d21d2193b717f076a70dfaa659c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

DeleteCriticalSection
EnterCriticalSection
GetLastError
InitializeCriticalSection
LeaveCriticalSection
SetUnhandledExceptionFilter
Sleep
TlsGetValue
VirtualProtect
VirtualQuery

msvcrt

__C_specific_handler
__getmainargs
__initenv
__iob_func
__set_app_type
__setusermatherr
_amsg_exit
_cexit
_commode
_fmode
_initterm
_onexit
abort
calloc
exit
fprintf
fputs
free
malloc
memset
signal
strlen
strncmp
vfprintf
wcscat
wcscpy
wcslen
wcsncmp
wcsstr
_wcsnicmp
_wcsicmp

Sections

.text
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 5.1MB - Virtual size: 5.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 5KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 96B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 896B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 120B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
purchaseorder.exe
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 47KB - Virtual size: 47KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
svcrun.exe
.exe windows x64

26a0aebf0f5e36abcef047214b3b5956

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

shell32

PathMakeUniqueName

mscoree

_CorExeMain

advapi32

GetUserNameA

user32

CreateMenu

kernel32

GetModuleHandleA

Sections

.rsrc
Size: - Virtual size: 871KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 373KB - Virtual size: 372KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 102KB - Virtual size: 101KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
toolspub4.exe
.exe windows x86

d8c39d5ff6edc55fa56f3300f617117e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetConsoleAliasesLengthW
GetNumaProcessorNode
MoveFileExA
SystemTimeToTzSpecificLocalTime
InterlockedDecrement
SetDefaultCommConfigW
GetEnvironmentStringsW
SetConsoleScreenBufferSize
SetVolumeMountPointW
BackupSeek
GetModuleHandleW
GetNumberFormatA
SetFileTime
GetConsoleAliasExesW
GetCommandLineA
GetDriveTypeA
GetEnvironmentStrings
GetPrivateProfileIntA
LoadLibraryW
TerminateThread
FatalAppExitW
ReadConsoleInputA
CopyFileW
SetConsoleCP
GetVolumePathNameA
GetStartupInfoW
CreateJobObjectA
FindFirstFileW
GetCurrentDirectoryW
SetLastError
EnumSystemCodePagesW
LoadLibraryA
OpenMutexA
GetProcessId
LocalAlloc
GetFileType
IsSystemResumeAutomatic
RemoveDirectoryW
GetProfileStringA
FindNextChangeNotification
FindAtomA
GetModuleHandleA
FreeEnvironmentStringsW
FindNextFileW
VirtualProtect
GetCurrentDirectoryA
EnumDateFormatsW
GetShortPathNameW
OpenSemaphoreW
FindAtomW
GetWindowsDirectoryW
FindFirstVolumeW
AddConsoleAliasA
CreateFileW
EnumResourceNamesW
GetComputerNameA
GetLastError
GetCommandLineW
CloseHandle
FlushFileBuffers
MoveFileA
HeapFree
HeapAlloc
GetProcAddress
ExitProcess
DecodePointer
EncodePointer
HeapSetInformation
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
TerminateProcess
GetCurrentProcess
HeapCreate
WriteFile
GetStdHandle
GetModuleFileNameW
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
GetCurrentThreadId
Sleep
HeapSize
SetHandleCount
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
SetFilePointer
WideCharToMultiByte
GetConsoleCP
GetConsoleMode
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
RtlUnwind
HeapReAlloc
SetStdHandle
WriteConsoleW
MultiByteToWideChar
LCMapStringW
GetStringTypeW
IsProcessorFeaturePresent

user32

CharUpperW
GetListBoxInfo

gdi32

SelectPalette
GetTextFaceW
GetCharWidthW

shell32

DragFinish

winhttp

WinHttpWriteData

Sections

.text
Size: 193KB - Virtual size: 193KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 2.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 60KB - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
upd.exe
.exe windows x86

fc6316c96fc105fcdafe08845aa690ab

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

Sleep
FreeConsole
MultiByteToWideChar
GetStringTypeW
WideCharToMultiByte
GetCurrentThreadId
CloseHandle
WaitForSingleObjectEx
GetExitCodeThread
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
EncodePointer
DecodePointer
LCMapStringEx
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetModuleHandleW
GetProcAddress
GetCPInfo
IsProcessorFeaturePresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetCurrentProcessId
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
CreateFileW
RaiseException
RtlUnwind
GetLastError
SetLastError
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
CreateThread
ExitThread
FreeLibraryAndExitThread
GetModuleHandleExW
GetStdHandle
WriteFile
GetModuleFileNameW
ExitProcess
GetCommandLineA
GetCommandLineW
HeapAlloc
HeapFree
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetFileType
GetFileSizeEx
SetFilePointerEx
FlushFileBuffers
GetConsoleOutputCP
GetConsoleMode
ReadFile
HeapReAlloc
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
SetStdHandle
GetProcessHeap
ReadConsoleW
HeapSize
WriteConsoleW

Exports

Exports

_yusyutceawuy@24

Sections

.text
Size: 151KB - Virtual size: 151KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 54KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: 175KB - Virtual size: 174KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
xxb.exe
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 161KB - Virtual size: 161KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Extracted

Extracted

Extracted

Signatures

Files

d8c39d5ff6edc55fa56f3300f617117e

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

winhttp

Sections

.text Size: 193KB - Virtual size: 193KB

.data Size: 16KB - Virtual size: 2.8MB

.rsrc Size: 60KB - Virtual size: 59KB

f34d5f2d4577ed6d9ceec516c1f5a744

Code Sign

1f:9f:d6:f1:13:dc:f4:be:4c:10:3b:73:75:e3:d6:c9Certificate

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4Certificate

Extended Key Usages

Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

5e:45:9f:d8:49:a0:e3:9e:fc:ee:22:be:da:d5:8a:ac:30:c6:14:9c:a8:79:cb:61:b0:38:e0:7b:e8:47:8b:4eSigner

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 2.2MB - Virtual size: 2.2MB

.rsrc Size: 983KB - Virtual size: 982KB

.reloc Size: 512B - Virtual size: 12B

9cbefe68f395e67356e2a5d8d1b285c0

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

Sections

.text Size: 2.3MB - Virtual size: 2.3MB

.rdata Size: 2.0MB - Virtual size: 2.0MB

.data Size: 211KB - Virtual size: 401KB

.idata Size: 1024B - Virtual size: 988B

.reloc Size: 93KB - Virtual size: 93KB

.symtab Size: 512B - Virtual size: 4B

f214c5f744673db93dec4b219265fbc2

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

shlwapi

winmm

Sections

.text Size: 51KB - Virtual size: 51KB

.rdata Size: 118KB - Virtual size: 117KB

.data Size: 4KB - Virtual size: 13KB

.reloc Size: 4KB - Virtual size: 4KB

f214c5f744673db93dec4b219265fbc2

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

.text
Size: 193KB - Virtual size: 193KB

.data
Size: 16KB - Virtual size: 2.8MB

.rsrc
Size: 60KB - Virtual size: 59KB

1f:9f:d6:f1:13:dc:f4:be:4c:10:3b:73:75:e3:d6:c9
Certificate

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

5e:45:9f:d8:49:a0:e3:9e:fc:ee:22:be:da:d5:8a:ac:30:c6:14:9c:a8:79:cb:61:b0:38:e0:7b:e8:47:8b:4e
Signer

.text
Size: 2.2MB - Virtual size: 2.2MB

.rsrc
Size: 983KB - Virtual size: 982KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 2.3MB - Virtual size: 2.3MB

.rdata
Size: 2.0MB - Virtual size: 2.0MB

.data
Size: 211KB - Virtual size: 401KB

.idata
Size: 1024B - Virtual size: 988B

.reloc
Size: 93KB - Virtual size: 93KB

.symtab
Size: 512B - Virtual size: 4B

.text
Size: 51KB - Virtual size: 51KB

.rdata
Size: 118KB - Virtual size: 117KB

.data
Size: 4KB - Virtual size: 13KB

.reloc
Size: 4KB - Virtual size: 4KB

.text
Size: 51KB - Virtual size: 51KB

.rdata
Size: 118KB - Virtual size: 117KB

.data
Size: 4KB - Virtual size: 13KB

.reloc
Size: 4KB - Virtual size: 4KB

.text
Size: 62KB - Virtual size: 61KB

.data
Size: 3.5MB - Virtual size: 3.5MB

.rdata
Size: 5KB - Virtual size: 5KB

.pdata
Size: 4KB - Virtual size: 3KB

.xdata
Size: 3KB - Virtual size: 3KB

.bss
Size: - Virtual size: 3KB

.idata
Size: 2KB - Virtual size: 2KB

.CRT
Size: 512B - Virtual size: 104B

.tls
Size: 512B - Virtual size: 16B

.rsrc
Size: 1024B - Virtual size: 904B

.reloc
Size: 512B - Virtual size: 148B

.text
Size: 1.4MB - Virtual size: 1.4MB

.rdata
Size: 1.2MB - Virtual size: 1.2MB

.data
Size: 224KB - Virtual size: 610KB

.idata
Size: 1KB - Virtual size: 1KB

.reloc
Size: 26KB - Virtual size: 26KB

.symtab
Size: 512B - Virtual size: 4B

.text
Size: 181KB - Virtual size: 180KB

.rdata
Size: 199KB - Virtual size: 198KB

.data
Size: 5KB - Virtual size: 12KB

.pdata
Size: 10KB - Virtual size: 9KB

_RDATA
Size: 512B - Virtual size: 348B

.byteSec
Size: 733KB - Virtual size: 733KB

.reloc
Size: 3KB - Virtual size: 2KB

.text
Size: 15KB - Virtual size: 14KB

.rsrc
Size: 2KB - Virtual size: 1KB