gandcrab | Desktop[.]rar

Sharing

Copy URL

Twitter E-mail

General

Target

Desktop.rar
Size

5.6MB
MD5

9462bef27d5673bc39e7c6197f0b30f1
SHA1

5f4814afabbcc89a9d47b99f90b91b13b5edf250
SHA256

ad3bcb65313043b1a43b8fb210f3a20a87df8a8145ed9a18b086d0859616caa2
SHA512

f4c64d04ff64646e21abbe5d8abc828546e765e0f00817fbe70c1f11983ff46f9cc09ee94bfda335a1f0c5db01010ac1173746bee4e9dc52b802973dfc1dba7f
SSDEEP

98304:1fyslh/MRTs8LWWCxyJrMqTnucb85kcK5+u4CYtivrRFQNogZX/Tko+0+xE:Mqh0RI8LW3xkrxV9cArLQH

Score

10^/10

upx 33 360 gandcrab sodinokibi

Malware Config

Extracted

Family

gandcrab

http://gdcbghvjyqy7jclk.onion.top/

Extracted

Family

sodinokibi

Botnet

Campaign

360

Decoy

2020hindsight.info

frameshift.it

billyoart.com

omegamarbella.com

scholarquotes.com

ziliak.com

matthieupetel.fr

cardsandloyalty.com

limmortelyouth.com

solutionshosting.co.uk

gsconcretecoatings.com

annenymus.com

barbaramcfadyenjewelry.com

ciga-france.fr

ayudaespiritualtamara.com

fann.ru

paprikapod.com

galaniuklaw.com

azerbaycanas.com

testitjavertailut.net

Attributes

net
true
pid
33
prc
xfssvccon.exe
mspub.exe
tbirdconfig.exe
sqlservr.exe
dbeng50.exe
oracle.exe
excel.exe
winword.exe
synctime.exe
sqlagent.exe
encsvc.exe
msftesql.exe
mydesktopqos.exe
mysqld_nt.exe
thebat.exe
dbsnmp.exe
msaccess.exe
thebat64.exe
mydesktopservice.exe
mysqld.exe
outlook.exe
ocssd.exe
ocautoupds.exe
onenote.exe
thunderbird.exe
infopath.exe
sqbcoreservice.exe
wordpad.exe
sqlbrowser.exe
powerpnt.exe
firefoxconfig.exe
ocomm.exe
mysqld_opt.exe
sqlwriter.exe
steam.exe
agntsvc.exe
isqlplussvc.exe
visio.exe
ransom_oneliner
All of your files are encrypted! Find {EXT}-readme.txt and follow instuctions
ransom_template
---=== Welcome. Again. ===--- [+] Whats Happen? [+] Your files are encrypted, and currently unavailable. You can check it: all files on you computer has expansion {EXT}. By the way, everything is possible to recover (restore), but you need to follow our instructions. Otherwise, you cant return your data (NEVER). [+] What guarantees? [+] Its just a business. We absolutely do not care about you and your deals, except getting benefits. If we do not do our work and liabilities - nobody will not cooperate with us. Its not in our interests. To check the ability of returning files, You should go to our website. There you can decrypt one file for free. That is our guarantee. If you will not cooperate with our service - for us, its does not matter. But you will lose your time and data, cause just we have the private key. In practise - time is much more valuable than money. [+] How to get access on website? [+] You have two ways: 1) [Recommended] Using a TOR browser! a) Download and install TOR browser from this site: https://torproject.org/ b) Open our website: http://aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd.onion/{UID} 2) If TOR blocked in your country, try to use VPN! But you can use our secondary website. For this: a) Open your any browser (Chrome, Firefox, Opera, IE, Edge) b) Open our secondary website: http://decryptor.top/{UID} Warning: secondary website can be blocked, thats why first variant much better and more available. When you open our website, put the following data in the input form: Key: {KEY} Extension name: {EXT} ----------------------------------------------------------------------------------------- !!! DANGER !!! DONT try to change files by yourself, DONT use any third party software for restoring your data or antivirus solutions - its may entail damge of the private key and, as result, The Loss all data. !!! !!! !!! ONE MORE TIME: Its in your interests to get your files back. From our side, we (the best specialists) make everything for restoring, but please should not interfere. !!! !!! !!!
sub
360

Signatures

GandCrab payload 1 IoCs

Processes:

resource	yara_rule
static1/unpack001/4c9ab763001721e04e9efc44e1e97351557f8a4b1cf5471b141e7358cd1296dd	family_gandcrab

Gandcrab family
gandcrab
Sodinokibi family
sodinokibi

Sodinokibi/Revil sample 1 IoCs

Processes:

resource	yara_rule
static1/unpack001/547798defb6d577ec9f13b00fb1be293f903aaa974ddc049be16d6437aeec86e	family_sodinokobi

UPX packed file 7 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
static1/unpack001/001e9becdd7d9887c6fbe487073ad3dc068124a5300f4128d9ed32db4f63f793	upx
static1/unpack001/1a1cf2a2f6a49b8d2a84b9b5ec5f783e7d9be30b6a17a28795bc351bb3cdde31	upx
static1/unpack001/47a52afd63406238b1b5ce59a7cb282685629b14169405015b0cef20fbe4f62e	upx
static1/unpack001/8ab3db7349f38d6463a3c6a7155ab297f18d92262a098064ea2472cecc7e3103	upx
static1/unpack001/9b87457fe85670e2c059cedaa560a8a31027e96fe18b2b6a7fe610f38423b2f0	upx
static1/unpack001/ca561f9403ab4be76ca66646df1a3da826fa2cc1972dd005ad23861abb317cc5	upx
static1/unpack001/dd9ca1355ff3ddd883f9d2d0e6df9b7a8ebff650003a616c533b30554cee2a9a	upx

Unsigned PE 31 IoCs

Checks for missing Authenticode signature.

Processes:

resource
unpack001/001e9becdd7d9887c6fbe487073ad3dc068124a5300f4128d9ed32db4f63f793
unpack002/out.upx
unpack001/1a1cf2a2f6a49b8d2a84b9b5ec5f783e7d9be30b6a17a28795bc351bb3cdde31
unpack001/2eac3720bcfb4550e3093f053880b373068360bc8583f2aee059905bcad29c61
unpack001/320e3af17bb8787283fe0c4af9d3a778c191d8374f19c0bc6b6ee2f22363094c
unpack001/33bcab70334406fb3331b4b3fffbf8c51df52d93efb5d673d865b7a7496b1570
unpack001/4b24d273019579ba3c1e0ad261954c0941d114aab802fa2d1fcb14dab9f3e869
unpack001/4c481d251f29295af1af599374ea93f9fc24b6139fbb02ec115bec9f4e7bc25a
unpack001/4c9ab763001721e04e9efc44e1e97351557f8a4b1cf5471b141e7358cd1296dd
unpack001/50a04b093c8f05481eb672ebec0537f61e233071798d1f3b939e17e333b51795
unpack001/5266183553addd392a0968ea9e835c00e55a27468829ab65832cda37508c8e2f
unpack001/547798defb6d577ec9f13b00fb1be293f903aaa974ddc049be16d6437aeec86e
unpack001/5fb2242c04ce18830b84de73c4f0fc4e9c8a5e6877a14f414fcbfaa5a3948896
unpack001/63a0bf6385356dd0297449bdca2a2f171846315505800e81a4c0285f09c87312
unpack001/6a08b51e02a7b510972907c326041222ff4632ba53b89573fca7e80b59c4e168
unpack001/803d827a2cd764008783e691ce132ef853dbfa77017e5d2eeae47ceb3ca50f53
unpack001/85523c6377c27e22068a2ef347997a295981b91e103b3cf3387ed80aa0b010c3
unpack001/8ab3db7349f38d6463a3c6a7155ab297f18d92262a098064ea2472cecc7e3103
unpack001/a3c7b0df189bdd47c7e113ff3b664f26b0bcd6f4f878186e882ea199e15c28cc
unpack001/ab4fa067af1c9a107b879341e255eb9f05779608ce31217c1a2d60d28a2c8838
unpack001/b1c5c3ca41c322b47a5feb62ebb0e5daa3c1c682aa1dedb98fd3b7dff3eca57d
unpack001/ca561f9403ab4be76ca66646df1a3da826fa2cc1972dd005ad23861abb317cc5
unpack001/d278eb3d6cc29c6de4b086aaa6214412d62fe2bb850c0ead63a403c3a24b2c8f
unpack001/d3e04348f412615e23ad0aebfee1b4338f5edf99776bdedf08fbb0462868ef91
unpack001/d7e876a714e2632fa42e6636177962516736074c76f486dc34de020ec13af0c9
unpack001/dd8bf2763ce09cbeb21cdbf802b9f7475c7998e459714150fae07ffcd027bb38
unpack001/dd9ca1355ff3ddd883f9d2d0e6df9b7a8ebff650003a616c533b30554cee2a9a
unpack001/dd9d07d1f5bb4facb1b4e412ce9e52a5ca9a689f2f78c34bacf63af19f7ce127
unpack001/ef3c260fed0a71f0e679261aeb242133899f9ff03d68b5f95711a66ef919e549
unpack001/f40df86d68d075c73e1be8ed5b3201f0e55a9eccf662258a219acee35df398df
unpack001/fb861230c088dd68f1a6c782e9ad0b44a1831ccc29c0516635cc4b3de2a91a01

Files

Desktop.rar
.rar
001e9becdd7d9887c6fbe487073ad3dc068124a5300f4128d9ed32db4f63f793
.exe windows:10 windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 88KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 15KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 15KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:10 windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text
Size: 512B - Virtual size: 3KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 979B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 53KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
1a1cf2a2f6a49b8d2a84b9b5ec5f783e7d9be30b6a17a28795bc351bb3cdde31
.exe windows:8 windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: 60KB - Virtual size: 60KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 61KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
2eac3720bcfb4550e3093f053880b373068360bc8583f2aee059905bcad29c61
.exe windows:4 windows x86

86c5032ebe1784dfd13edabd0e3b62d4

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

oleaut32

SysFreeString
SysReAllocStringLen
SysAllocStringLen
CreateErrorInfo
GetErrorInfo
SetErrorInfo
GetActiveObject
SysFreeString
SafeArrayPtrOfIndex
SafeArrayPutElement
SafeArrayGetElement
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayCreate
VariantChangeType
VariantCopyInd
VariantCopy
VariantClear
VariantInit

advapi32

RegQueryValueExA
RegOpenKeyExA
RegCloseKey
RegQueryValueExA
RegOpenKeyExA
RegFlushKey
RegCreateKeyExA
RegCloseKey

user32

GetKeyboardType
DestroyWindow
LoadStringA
MessageBoxA
CharNextA
CreateWindowExA
WindowFromPoint
WaitMessage
UpdateWindow
UnregisterClassA
UnhookWindowsHookEx
TranslateMessage
TranslateMDISysAccel
TrackPopupMenu
SystemParametersInfoA
ShowWindow
ShowScrollBar
ShowOwnedPopups
SetWindowsHookExA
SetWindowPos
SetWindowPlacement
SetWindowLongW
SetWindowLongA
SetTimer
SetScrollRange
SetScrollPos
SetScrollInfo
SetRect
SetPropA
SetParent
SetMenuItemInfoA
SetMenu
SetForegroundWindow
SetFocus
SetCursor
SetClassLongA
SetCapture
SetActiveWindow
SendMessageW
SendMessageA
ScrollWindow
ScreenToClient
RemovePropA
RemoveMenu
ReleaseDC
ReleaseCapture
RegisterWindowMessageA
RegisterClipboardFormatA
RegisterClassA
RedrawWindow
PtInRect
PostQuitMessage
PostMessageA
PeekMessageW
PeekMessageA
OffsetRect
OemToCharA
MsgWaitForMultipleObjects
MessageBoxA
MapWindowPoints
MapVirtualKeyA
LoadStringA
LoadKeyboardLayoutA
LoadIconA
LoadCursorA
LoadBitmapA
KillTimer
IsZoomed
IsWindowVisible
IsWindowUnicode
IsWindowEnabled
IsWindow
IsRectEmpty
IsIconic
IsDialogMessageW
IsDialogMessageA
IsChild
InvalidateRect
IntersectRect
InsertMenuItemA
InsertMenuA
InflateRect
GetWindowThreadProcessId
GetWindowTextA
GetWindowRect
GetWindowPlacement
GetWindowLongW
GetWindowLongA
GetWindowDC
GetTopWindow
GetSystemMetrics
GetSystemMenu
GetSysColorBrush
GetSysColor
GetSubMenu
GetScrollRange
GetScrollPos
GetScrollInfo
GetPropA
GetParent
GetWindow
GetMessageTime
GetMessagePos
GetMenuStringA
GetMenuState
GetMenuItemInfoA
GetMenuItemID
GetMenuItemCount
GetMenu
GetLastActivePopup
GetKeyboardState
GetKeyboardLayoutNameA
GetKeyboardLayoutList
GetKeyboardLayout
GetKeyState
GetKeyNameTextA
GetIconInfo
GetForegroundWindow
GetFocus
GetDesktopWindow
GetDCEx
GetDC
GetCursorPos
GetCursor
GetClipboardData
GetClientRect
GetClassLongA
GetClassInfoA
GetCapture
GetActiveWindow
FrameRect
FindWindowA
FillRect
EqualRect
EnumWindows
EnumThreadWindows
EnumChildWindows
EndPaint
EnableWindow
EnableScrollBar
EnableMenuItem
DrawTextA
DrawMenuBar
DrawIconEx
DrawIcon
DrawFrameControl
DrawEdge
DispatchMessageW
DispatchMessageA
DestroyWindow
DestroyMenu
DestroyIcon
DestroyCursor
DeleteMenu
DefWindowProcA
DefMDIChildProcA
DefFrameProcA
CreatePopupMenu
CreateMenu
CreateIcon
ClientToScreen
CheckMenuItem
CharNextW
CallWindowProcA
CallNextHookEx
BeginPaint
CharNextA
CharLowerBuffA
CharLowerA
CharUpperBuffA
CharToOemA
AdjustWindowRectEx
ActivateKeyboardLayout

kernel32

GetACP
Sleep
VirtualFree
VirtualAlloc
GetCurrentThreadId
InterlockedDecrement
InterlockedIncrement
VirtualQuery
WideCharToMultiByte
MultiByteToWideChar
lstrlenA
lstrcpynA
LoadLibraryExA
GetThreadLocale
GetStartupInfoA
GetProcAddress
GetModuleHandleA
GetModuleFileNameA
GetLocaleInfoA
GetLastError
GetCommandLineA
FreeLibrary
FindFirstFileA
FindClose
ExitProcess
ExitThread
CreateThread
CompareStringA
WriteFile
UnhandledExceptionFilter
SetFilePointer
SetEndOfFile
RtlUnwind
ReadFile
RaiseException
GetStdHandle
GetFileSize
GetFileType
CreateFileA
CloseHandle
TlsSetValue
TlsGetValue
LocalAlloc
GetModuleHandleA
lstrcpyA
WriteFile
WaitForSingleObject
VirtualQuery
VirtualFree
VirtualAlloc
TerminateProcess
Sleep
SizeofResource
SetThreadLocale
SetLastError
SetFilePointer
SetEvent
SetErrorMode
SetEndOfFile
ResumeThread
ResetEvent
ReleaseMutex
ReadFile
MultiByteToWideChar
MulDiv
LockResource
LoadResource
LoadLibraryA
LeaveCriticalSection
InitializeCriticalSection
GlobalUnlock
GlobalSize
GlobalLock
GlobalFree
GlobalFindAtomA
GlobalDeleteAtom
GlobalAlloc
GlobalAddAtomA
GetVersionExA
GetVersion
GetUserDefaultLCID
GetTickCount
GetThreadLocale
GetTempPathA
GetStdHandle
GetProcAddress
GetModuleHandleA
GetModuleFileNameA
GetLocaleInfoA
GetLocalTime
GetLastError
GetFullPathNameA
GetExitCodeThread
GetDiskFreeSpaceA
GetDateFormatA
GetCurrentThreadId
GetCurrentProcessId
GetComputerNameA
GetCPInfo
FreeResource
InterlockedIncrement
InterlockedExchange
InterlockedDecrement
FreeLibrary
FormatMessageA
FindResourceA
EnumCalendarInfoA
EnterCriticalSection
DeleteCriticalSection
CreateThread
CreateFileA
CreateEventA
CompareStringW
CompareStringA
CloseHandle
Sleep
GetProcAddress
GetModuleHandleA

gdi32

UnrealizeObject
StretchBlt
SetWindowOrgEx
SetWinMetaFileBits
SetViewportOrgEx
SetTextColor
SetStretchBltMode
SetROP2
SetPixel
SetMapMode
SetEnhMetaFileBits
SetDIBColorTable
SetBrushOrgEx
SetBkMode
SetBkColor
SelectPalette
SelectObject
SaveDC
RestoreDC
RectVisible
RealizePalette
PlayEnhMetaFile
PatBlt
MoveToEx
MaskBlt
LineTo
LPtoDP
IntersectClipRect
GetWindowOrgEx
GetWinMetaFileBits
GetTextMetricsA
GetTextExtentPoint32A
GetSystemPaletteEntries
GetStockObject
GetRgnBox
GetPixel
GetPaletteEntries
GetObjectA
GetEnhMetaFilePaletteEntries
GetEnhMetaFileHeader
GetEnhMetaFileDescriptionA
GetEnhMetaFileBits
GetDeviceCaps
GetDIBits
GetDIBColorTable
GetDCOrgEx
GetCurrentPositionEx
GetClipBox
GetBrushOrgEx
GetBitmapBits
ExcludeClipRect
DeleteObject
DeleteEnhMetaFile
DeleteDC
CreateSolidBrush
CreatePenIndirect
CreatePalette
CreateHalftonePalette
CreateFontIndirectA
CreateEnhMetaFileA
CreateDIBitmap
CreateDIBSection
CreateCompatibleDC
CreateCompatibleBitmap
CreateBrushIndirect
CreateBitmap
CopyEnhMetaFileA
CloseEnhMetaFile
BitBlt

version

VerQueryValueA
GetFileVersionInfoSizeA
GetFileVersionInfoA

ole32

CreateStreamOnHGlobal
IsAccelerator
OleDraw
OleSetMenuDescriptor
CoTaskMemFree
ProgIDFromCLSID
StringFromCLSID
CoCreateInstance
CoGetClassObject
CoUninitialize
CoInitialize
IsEqualGUID

comctl32

_TrackMouseEvent
ImageList_SetIconSize
ImageList_GetIconSize
ImageList_Write
ImageList_Read
ImageList_DragShowNolock
ImageList_DragMove
ImageList_DragLeave
ImageList_DragEnter
ImageList_EndDrag
ImageList_BeginDrag
ImageList_Remove
ImageList_DrawEx
ImageList_Draw
ImageList_GetBkColor
ImageList_SetBkColor
ImageList_Add
ImageList_SetImageCount
ImageList_GetImageCount
ImageList_Destroy
ImageList_Create

Sections

.text
Size: 569KB - Virtual size: 569KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 19KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 52B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 42KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 597KB - Virtual size: 596KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
320e3af17bb8787283fe0c4af9d3a778c191d8374f19c0bc6b6ee2f22363094c
.exe windows:4 windows x86

ebdae8689983d2d4f2a5e3392ba9074c

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcAddress
GetModuleHandleA
VirtualAlloc
GetCommandLineA
CloseHandle
GetLastError
GetSystemTimeAsFileTime
LoadResource
FindResourceA
GetFileSize
LCMapStringA
GetStringTypeW
GetStringTypeA
MultiByteToWideChar
LoadLibraryA
HeapReAlloc
HeapAlloc
GetOEMCP
GetACP
GetCPInfo
WriteFile
RtlUnwind
HeapFree
VirtualFree
HeapCreate
HeapDestroy
GetFileType
GetStdHandle
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
WideCharToMultiByte
LCMapStringW
GetStartupInfoA
GetVersion
ExitProcess
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW

user32

LoadStringA
DefWindowProcA
DestroyWindow
DialogBoxParamA
BeginPaint
GetClientRect
DrawTextA
EndPaint
PostQuitMessage
EndDialog
LoadIconA
LoadCursorA
RegisterClassExA
wsprintfA
LoadAcceleratorsA
GetMessageA
TranslateAcceleratorA
TranslateMessage
DispatchMessageA
GetSystemMetrics
CreateWindowExA
ShowWindow
UpdateWindow

Sections

.text
Size: 76KB - Virtual size: 73KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 4KB - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
33bcab70334406fb3331b4b3fffbf8c51df52d93efb5d673d865b7a7496b1570
.exe windows:4 windows x86

dca093669585f7dd5cb689ef9c0b872b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

oleaut32

SysFreeString
SysReAllocStringLen
SysAllocStringLen
SafeArrayPtrOfIndex
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayCreate
VariantChangeType
VariantCopy
VariantClear
VariantInit

advapi32

RegQueryValueExA
RegOpenKeyExA
RegCloseKey
RegSetValueExA
RegQueryValueExA
RegQueryInfoKeyA
RegOpenKeyExA
RegFlushKey
RegEnumValueA
RegEnumKeyExA
RegDeleteValueA
RegDeleteKeyA
RegCreateKeyExA
RegCloseKey

user32

GetKeyboardType
DestroyWindow
LoadStringA
MessageBoxA
CharNextA
CreateWindowExA
WindowFromPoint
WaitMessage
UpdateWindow
UnregisterClassA
UnhookWindowsHookEx
TranslateMessage
TranslateMDISysAccel
TrackPopupMenu
SystemParametersInfoA
ShowWindow
ShowScrollBar
ShowOwnedPopups
SetWindowsHookExA
SetWindowTextA
SetWindowPos
SetWindowPlacement
SetWindowLongW
SetWindowLongA
SetTimer
SetScrollRange
SetScrollPos
SetScrollInfo
SetRect
SetPropA
SetParent
SetMenuItemInfoA
SetMenu
SetForegroundWindow
SetFocus
SetCursor
SetClassLongA
SetCapture
SetActiveWindow
SendMessageW
SendMessageA
ScrollWindow
ScreenToClient
RemovePropA
RemoveMenu
ReleaseDC
ReleaseCapture
RegisterWindowMessageA
RegisterClipboardFormatA
RegisterClassA
RedrawWindow
PtInRect
PostQuitMessage
PostMessageA
PeekMessageW
PeekMessageA
OffsetRect
OemToCharA
MessageBoxA
MapWindowPoints
MapVirtualKeyA
LoadStringA
LoadKeyboardLayoutA
LoadIconA
LoadCursorA
LoadBitmapA
KillTimer
IsZoomed
IsWindowVisible
IsWindowUnicode
IsWindowEnabled
IsWindow
IsRectEmpty
IsIconic
IsDialogMessageW
IsDialogMessageA
IsChild
InvalidateRect
IntersectRect
InsertMenuItemA
InsertMenuA
InflateRect
GetWindowThreadProcessId
GetWindowTextA
GetWindowRect
GetWindowPlacement
GetWindowLongW
GetWindowLongA
GetWindowDC
GetTopWindow
GetSystemMetrics
GetSystemMenu
GetSysColorBrush
GetSysColor
GetSubMenu
GetScrollRange
GetScrollPos
GetScrollInfo
GetPropA
GetParent
GetWindow
GetMessagePos
GetMenuStringA
GetMenuState
GetMenuItemInfoA
GetMenuItemID
GetMenuItemCount
GetMenu
GetLastActivePopup
GetKeyboardState
GetKeyboardLayoutNameA
GetKeyboardLayoutList
GetKeyboardLayout
GetKeyState
GetKeyNameTextA
GetIconInfo
GetForegroundWindow
GetFocus
GetDesktopWindow
GetDCEx
GetDC
GetCursorPos
GetCursor
GetClientRect
GetClassLongA
GetClassInfoA
GetCapture
GetActiveWindow
FrameRect
FindWindowA
FillRect
EqualRect
EnumWindows
EnumThreadWindows
EnumChildWindows
EndPaint
EnableWindow
EnableScrollBar
EnableMenuItem
DrawTextA
DrawMenuBar
DrawIconEx
DrawIcon
DrawFrameControl
DrawEdge
DispatchMessageW
DispatchMessageA
DestroyWindow
DestroyMenu
DestroyIcon
DestroyCursor
DeleteMenu
DefWindowProcA
DefMDIChildProcA
DefFrameProcA
CreatePopupMenu
CreateMenu
CreateIcon
ClipCursor
ClientToScreen
CheckMenuItem
CallWindowProcA
CallNextHookEx
BeginPaint
CharNextA
CharLowerA
CharToOemA
AdjustWindowRectEx
ActivateKeyboardLayout

kernel32

GetACP
Sleep
VirtualFree
VirtualAlloc
GetCurrentThreadId
InterlockedDecrement
InterlockedIncrement
VirtualQuery
WideCharToMultiByte
MultiByteToWideChar
lstrlenA
lstrcpynA
LoadLibraryExA
GetThreadLocale
GetStartupInfoA
GetProcAddress
GetModuleHandleA
GetModuleFileNameA
GetLocaleInfoA
GetLastError
GetCommandLineA
FreeLibrary
FindFirstFileA
FindClose
ExitProcess
CompareStringA
WriteFile
UnhandledExceptionFilter
SetFilePointer
SetEndOfFile
RtlUnwind
ReadFile
RaiseException
GetStdHandle
GetFileSize
GetFileType
CreateFileA
CloseHandle
TlsSetValue
TlsGetValue
LocalAlloc
GetModuleHandleA
lstrcpyA
WriteFile
WaitForSingleObject
VirtualQuery
VirtualAlloc
TerminateProcess
SizeofResource
SetThreadLocale
SetFilePointer
SetFileAttributesA
SetEvent
SetErrorMode
SetEndOfFile
ResetEvent
ReadFile
OpenProcess
MulDiv
MoveFileA
LockResource
LoadResource
LoadLibraryA
LeaveCriticalSection
InitializeCriticalSection
GlobalFindAtomA
GlobalDeleteAtom
GlobalAddAtomA
GetWindowsDirectoryA
GetVersionExA
GetVersion
GetTickCount
GetThreadLocale
GetSystemDirectoryA
GetStdHandle
GetProcAddress
GetModuleHandleA
GetModuleFileNameA
GetLocaleInfoA
GetLocalTime
GetLastError
GetFullPathNameA
GetFileAttributesA
GetDiskFreeSpaceA
GetDateFormatA
GetCurrentThreadId
GetCurrentProcessId
GetCPInfo
FreeResource
InterlockedExchange
FreeLibrary
FormatMessageA
FindResourceA
FindFirstFileA
FindClose
ExitProcess
EnumCalendarInfoA
EnterCriticalSection
DeleteCriticalSection
CreateThread
CreateFileA
CreateEventA
CopyFileA
CompareStringA
CloseHandle
Sleep

gdi32

UnrealizeObject
StretchBlt
SetWindowOrgEx
SetViewportOrgEx
SetTextColor
SetStretchBltMode
SetROP2
SetPixel
SetDIBColorTable
SetBrushOrgEx
SetBkMode
SetBkColor
SelectPalette
SelectObject
SaveDC
RestoreDC
RectVisible
RealizePalette
PatBlt
MoveToEx
MaskBlt
LineTo
IntersectClipRect
GetWindowOrgEx
GetTextMetricsA
GetTextExtentPoint32A
GetSystemPaletteEntries
GetStockObject
GetRgnBox
GetPixel
GetPaletteEntries
GetObjectA
GetDeviceCaps
GetDIBits
GetDIBColorTable
GetDCOrgEx
GetCurrentPositionEx
GetClipBox
GetBrushOrgEx
GetBitmapBits
ExcludeClipRect
DeleteObject
DeleteDC
CreateSolidBrush
CreatePenIndirect
CreatePalette
CreateHalftonePalette
CreateFontIndirectA
CreateDIBitmap
CreateDIBSection
CreateCompatibleDC
CreateCompatibleBitmap
CreateBrushIndirect
CreateBitmap
BitBlt

version

VerQueryValueA
GetFileVersionInfoSizeA
GetFileVersionInfoA

comctl32

_TrackMouseEvent
ImageList_SetIconSize
ImageList_GetIconSize
ImageList_Write
ImageList_Read
ImageList_DragShowNolock
ImageList_DragMove
ImageList_DragLeave
ImageList_DragEnter
ImageList_EndDrag
ImageList_BeginDrag
ImageList_Remove
ImageList_DrawEx
ImageList_Draw
ImageList_GetBkColor
ImageList_SetBkColor
ImageList_Add
ImageList_SetImageCount
ImageList_GetImageCount
ImageList_Destroy
ImageList_Create

shell32

ShellExecuteA

Sections

.text
Size: 364KB - Virtual size: 364KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 19KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 56B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 35KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
47a52afd63406238b1b5ce59a7cb282685629b14169405015b0cef20fbe4f62e
.exe windows:4 windows x86

Code Sign

50:e0:a5:92:ec:64:3f:b9:44:54:78:2d:4a:dd:5c:e5
Certificate

Issuer

CN=ngvifdfiw

Not Before

02-03-2011 22:01

Not After

31-12-2039 23:59

Subject

CN=ngvifdfiw

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15-06-2007 00:00

Not After

14-06-2012 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

64:ae:ce:8d:88:1d:9e:0c:ed:65:20:fb:fa:e5:a5:bc:fd:6c:07:a9
Signer

Actual PE Digest

64:ae:ce:8d:88:1d:9e:0c:ed:65:20:fb:fa:e5:a5:bc:fd:6c:07:a9

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 9.3MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 470KB - Virtual size: 472KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 218KB - Virtual size: 220KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
4b24d273019579ba3c1e0ad261954c0941d114aab802fa2d1fcb14dab9f3e869
.exe windows:4 windows x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 654KB - Virtual size: 653KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

DATA
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 16KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 20B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 45KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 41KB - Virtual size: 78KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
4c481d251f29295af1af599374ea93f9fc24b6139fbb02ec115bec9f4e7bc25a
.exe windows:4 windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 60KB - Virtual size: 57KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
4c9ab763001721e04e9efc44e1e97351557f8a4b1cf5471b141e7358cd1296dd
.exe windows:5 windows x86

40306b615af659fc1f93cfb121cc38d9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetFilePointer
GetFileAttributesW
ReadFile
GetLastError
MoveFileW
lstrcpyW
SetFileAttributesW
CreateMutexW
GetDriveTypeW
VerSetConditionMask
WaitForSingleObject
GetTickCount
InitializeCriticalSection
OpenProcess
GetSystemDirectoryW
TerminateThread
Sleep
TerminateProcess
VerifyVersionInfoW
WaitForMultipleObjects
DeleteCriticalSection
ExpandEnvironmentStringsW
lstrlenW
SetHandleInformation
lstrcatA
MultiByteToWideChar
CreatePipe
lstrcmpiA
Process32NextW
CreateToolhelp32Snapshot
LeaveCriticalSection
EnterCriticalSection
FindFirstFileW
lstrcmpW
FindClose
FindNextFileW
GetNativeSystemInfo
GetComputerNameW
GetDiskFreeSpaceW
GetWindowsDirectoryW
GetVolumeInformationW
LoadLibraryA
lstrcmpiW
VirtualFree
CreateThread
CloseHandle
lstrcatW
CreateFileMappingW
ExitThread
CreateFileW
GetModuleFileNameW
WriteFile
GetModuleHandleW
UnmapViewOfFile
MapViewOfFile
GetFileSize
GetEnvironmentVariableW
lstrcpyA
GetModuleHandleA
VirtualAlloc
Process32FirstW
GetTempPathW
GetProcAddress
GetProcessHeap
HeapFree
HeapAlloc
lstrlenA
CreateProcessW
ExitProcess
IsProcessorFeaturePresent

user32

wsprintfW
TranslateMessage
RegisterClassExW
LoadIconW
SetWindowLongW
EndPaint
BeginPaint
LoadCursorW
GetMessageW
ShowWindow
CreateWindowExW
SendMessageW
DispatchMessageW
DefWindowProcW
UpdateWindow
GetForegroundWindow
DestroyWindow

gdi32

TextOutW

advapi32

CryptExportKey
AllocateAndInitializeSid
RegSetValueExW
RegCreateKeyExW
RegCloseKey
CryptAcquireContextW
CryptGetKeyParam
CryptReleaseContext
CryptImportKey
CryptEncrypt
CryptGenKey
CryptDestroyKey
GetUserNameW
RegQueryValueExW
RegOpenKeyExW
FreeSid

shell32

SHGetSpecialFolderPathW
ShellExecuteExW
ShellExecuteW

crypt32

CryptStringToBinaryA
CryptBinaryToStringA

wininet

InternetCloseHandle
HttpAddRequestHeadersW
HttpSendRequestW
InternetConnectW
HttpOpenRequestW
InternetOpenW
InternetReadFile

psapi

EnumDeviceDrivers
GetDeviceDriverBaseNameW

Sections

.text
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 33KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
50a04b093c8f05481eb672ebec0537f61e233071798d1f3b939e17e333b51795
.dll regsvr32 windows:4 windows x86

909f624e572dcec5586bb66b15a6e2e0

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SizeofResource
LoadResource
LockResource
CreateFileW
WriteFile
CloseHandle
CreateThread
lstrcmpiW
MultiByteToWideChar
GetModuleHandleW
RaiseException
GetModuleFileNameW
InterlockedIncrement
InterlockedDecrement
GetThreadLocale
SetThreadLocale
FreeLibrary
GetVersionExW
WinExec
OpenProcess
lstrlenA
LoadLibraryW
GetProcAddress
FindResourceW
LoadLibraryExW
GetTickCount
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
GetLastError
lstrlenW
FindResourceExW
WideCharToMultiByte
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
LoadLibraryA
ExitProcess
HeapSize
Sleep
SetLastError
TlsFree
GetStdHandle
TlsSetValue
TlsAlloc
TlsGetValue
GetModuleHandleA
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
GetProcessHeap
GetVersionExA
GetCommandLineA
GetCurrentThreadId
GetSystemTimeAsFileTime
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
HeapAlloc
HeapReAlloc
InterlockedExchange
RtlUnwind
GetCurrentProcessId
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
SetHandleCount
GetOEMCP
GetACP
GetCPInfo
GetModuleFileNameA
HeapFree

user32

EnumWindows
CharNextW
MessageBoxW
CharLowerA
CharLowerW
GetWindowThreadProcessId
PostMessageW
UnregisterClassA

advapi32

IsTextUnicode
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegOpenKeyExW
RegEnumKeyExW
RegQueryInfoKeyW
RegCloseKey
RegDeleteKeyW
RegQueryValueExW

shell32

SHGetFolderPathW

ole32

CoTaskMemFree
CoTaskMemRealloc
CoTaskMemAlloc
CoGetClassObject
StringFromGUID2
CoCreateInstance

oleaut32

VarBstrCmp
RegisterTypeLi
VariantClear
SysAllocStringLen
SysFreeString
VarUI4FromStr
SysAllocString
SysStringByteLen
SysAllocStringByteLen
SysStringLen
LoadRegTypeLi
LoadTypeLi
VarBstrCat
UnRegisterTypeLi

rpcrt4

NdrOleFree
NdrStubForwardingFunction
NdrOleAllocate
NdrDllRegisterProxy
NdrDllCanUnloadNow
IUnknown_Release_Proxy
NdrCStdStubBuffer2_Release
IUnknown_AddRef_Proxy
NdrDllGetClassObject
NdrDllUnregisterProxy
IUnknown_QueryInterface_Proxy

wininet

InternetSetCookieW
InternetGetCookieW
InternetCloseHandle
InternetReadFile
HttpSendRequestW
HttpOpenRequestW
InternetConnectW
InternetCrackUrlW
InternetOpenW

urlmon

CoInternetGetSession

psapi

GetModuleBaseNameW
EnumProcesses
EnumProcessModules

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
UnInstall

Sections

.text
Size: 202KB - Virtual size: 202KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.orpc
Size: 512B - Virtual size: 148B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 35KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.shr
Size: 512B - Virtual size: 1B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 92KB - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
5266183553addd392a0968ea9e835c00e55a27468829ab65832cda37508c8e2f
.dll windows:4 windows x86

dbc85e544dca7716b13cd917d856ee32

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

_onexit
__dllonexit
_adjust_fdiv
_initterm
sprintf
__CxxFrameHandler
memmove
malloc
??3@YAXPAX@Z
??1type_info@@UAE@XZ
memchr
fclose
free

mfc42

ord668
ord2770
ord356
ord2818
ord2915
ord3178
ord4058
ord2781
ord1980
ord540
ord3181
ord6877
ord860
ord537
ord2919
ord5572
ord5683
ord4129
ord858
ord800
ord924
ord1243
ord1176
ord6467
ord1578
ord269
ord826
ord535
ord600

kernel32

LocalAlloc
LocalFree
OpenMutexA
lstrcpyA
LoadLibraryA
FreeLibrary
GetEnvironmentVariableA
WritePrivateProfileStringA
DeleteFileA
WinExec
GetModuleFileNameA
GetProcAddress
ExitProcess
DisableThreadLibraryCalls

user32

wsprintfA
MessageBoxA

advapi32

RegQueryValueExA
RegOpenKeyExA
RegSetValueExA
RegCloseKey

msvcp60

??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
??1ios_base@std@@UAE@XZ
??1?$basic_filebuf@DU?$char_traits@D@std@@@std@@UAE@XZ
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@PBDH@Z
?_Initcvt@?$basic_filebuf@DU?$char_traits@D@std@@@std@@IAEXXZ
?_Init@?$basic_filebuf@DU?$char_traits@D@std@@@std@@IAEXPAU_iobuf@@W4_Initfl@12@@Z
?__Fiopen@std@@YAPAU_iobuf@@PBDH@Z
?clear@ios_base@std@@QAEXH_N@Z
??_7?$basic_ofstream@DU?$char_traits@D@std@@@std@@6B@
??0?$basic_filebuf@DU?$char_traits@D@std@@@std@@QAE@PAU_iobuf@@@Z
?init@?$basic_ios@DU?$char_traits@D@std@@@std@@IAEXPAV?$basic_streambuf@DU?$char_traits@D@std@@@2@_N@Z
??_7?$basic_ostream@DU?$char_traits@D@std@@@std@@6B@
??_7?$basic_ios@DU?$char_traits@D@std@@@std@@6B@
??0ios_base@std@@IAE@XZ
??_8?$basic_ofstream@DU?$char_traits@D@std@@@std@@7B@
??_D?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAEXXZ

ws2_32

socket
connect
htons
recv
closesocket
WSACleanup
gethostbyname
WSAStartup
send

Exports

Exports

RD_XXXX

Sections

.text
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 960B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 860B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
547798defb6d577ec9f13b00fb1be293f903aaa974ddc049be16d6437aeec86e
.exe windows:5 windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 41KB - Virtual size: 40KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 62KB - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.s7bz
Size: 50KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
5fb2242c04ce18830b84de73c4f0fc4e9c8a5e6877a14f414fcbfaa5a3948896
.exe windows:4 windows x86

4afc596e677872a5ef6d27ddd953788c

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

msvcrt

malloc
memset
fopen
fseek
ftell
fread
strlen
fwrite
fclose
_controlfp
__set_app_type
__getmainargs
exit
_XcptFilter
_exit
_except_handler3

Sections

.text
Size: 1024B - Virtual size: 944B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 672B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
63a0bf6385356dd0297449bdca2a2f171846315505800e81a4c0285f09c87312
.exe windows:4 windows x86

0a274c5d333aa95e832cc4b84514e41e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_SYSTEM

Imports

mfc42u

ord4074
ord4692
ord5303
ord5285
ord5710
ord2977
ord3142
ord3254
ord4459
ord3131
ord3257
ord2980
ord3076
ord2971
ord3825
ord3826
ord3820
ord3074
ord4075
ord4616
ord4418
ord3733
ord561
ord825
ord815
ord1202
ord2613
ord1131
ord5261
ord4370
ord4847
ord4992
ord4704
ord2506
ord6048
ord4073
ord1767
ord4401
ord5237
ord2377
ord5157
ord2717
ord4347
ord5276
ord3793
ord4831
ord4435
ord2640
ord2047
ord6372
ord3744
ord5059
ord1720
ord5257
ord2438
ord2116
ord5273
ord4621
ord4419
ord3592
ord324
ord641
ord4229
ord1165
ord2371
ord755
ord470
ord5571
ord839
ord433
ord465
ord464
ord850
ord922
ord4124
ord5679
ord858
ord538
ord537
ord434
ord5298
ord5296
ord3341
ord2388
ord5193
ord1089
ord3917
ord5727
ord2504
ord2546
ord4480
ord6371
ord4269
ord4667
ord540
ord800
ord6370
ord4028
ord1569

msvcrt

_controlfp
_onexit
__dllonexit
_except_handler3
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__wgetmainargs
__CxxFrameHandler
_exit
_XcptFilter
exit
_wcmdln

kernel32

DeleteFileW
SetCommState
lstrcpynW
GetCommandLineW
LCMapStringA
GetModuleHandleW
GetStartupInfoW
GetOEMCP
GetModuleFileNameA
GetSystemDirectoryW
SetCurrentDirectoryW
GetModuleFileNameW
CreateFileW

user32

IsIconic
DefWindowProcW
SetWindowLongW
TrackPopupMenu
GetWindowTextA
MessageBoxA
GetSystemMetrics
GetWindowPlacement
SendMessageW
EnableWindow
SetWindowLongA
DrawIcon
GetClientRect

gdi32

Polyline
SetBkColor

advapi32

RegCreateKeyExW

oleaut32

VariantClear

Sections

.text
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 264KB - Virtual size: 260KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
6a08b51e02a7b510972907c326041222ff4632ba53b89573fca7e80b59c4e168
.exe windows:4 windows x86

f622cc721bf8c5cc1be479f646f7409a

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42u

ord2546
ord2504
ord5727
ord3917
ord1089
ord5193
ord2388
ord3341
ord5296
ord5298
ord2717
ord4074
ord4692
ord5303
ord5285
ord5710
ord2977
ord3142
ord3254
ord4459
ord3131
ord3257
ord2980
ord3076
ord2971
ord3825
ord3826
ord3820
ord3074
ord4075
ord4616
ord4418
ord3733
ord815
ord561
ord825
ord1131
ord5261
ord4370
ord4847
ord4992
ord4704
ord2506
ord6048
ord4073
ord1767
ord4401
ord5237
ord2377
ord5157
ord6370
ord4347
ord5276
ord3793
ord4831
ord4435
ord2640
ord2047
ord6372
ord3744
ord5059
ord1720
ord5257
ord2438
ord2116
ord5273
ord4621
ord4419
ord3592
ord324
ord641
ord4229
ord823
ord1817
ord4233
ord4690
ord3053
ord3060
ord6332
ord2502
ord2534
ord5239
ord5736
ord1739
ord5573
ord3167
ord5649
ord4414
ord4947
ord4852
ord2391
ord4480
ord3449
ord3193
ord6076
ord6171
ord4617
ord4420
ord338
ord652
ord4817
ord1937
ord4268
ord4583
ord4582
ord4893
ord4364
ord4886
ord5070
ord4335
ord4343
ord4717
ord4884
ord4525
ord4539
ord4537
ord4520
ord4523
ord4518
ord4958
ord4955
ord4103
ord6051
ord1768
ord5236
ord5286
ord3743
ord1719
ord4426
ord560
ord813
ord5256
ord3658
ord3614
ord3621
ord800
ord2406
ord4128
ord4292
ord540
ord5784
ord472
ord2371
ord1834
ord4237
ord2715
ord2382
ord3054
ord5094
ord5097
ord4461
ord4298
ord3345
ord5006
ord975
ord5468
ord3398
ord2874
ord2873
ord4146
ord4072
ord5233
ord5278
ord2641
ord1658
ord4430
ord4421
ord807
ord796
ord674
ord554
ord529
ord366
ord2486
ord2619
ord2618
ord5996
ord2109
ord4158
ord6617
ord4451
ord5248
ord1569
ord6371
ord4269
ord4604
ord4381
ord4606
ord1165

msvcrt

_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
__dllonexit
_onexit
_controlfp
_wcmdln
exit
_XcptFilter
_exit
_ftol
__CxxFrameHandler
__wgetmainargs

kernel32

CreateFileA
GetModuleHandleW
GetStartupInfoW
GetModuleFileNameA

user32

EnableWindow
InvalidateRect

Sections

.text
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 224KB - Virtual size: 220KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
803d827a2cd764008783e691ce132ef853dbfa77017e5d2eeae47ceb3ca50f53
.exe windows:4 windows x86

4ea4df5d94204fc550be1874e1b77ea7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetCurrentDirectoryW
GetFileAttributesW
GetFullPathNameW
Sleep
GetTickCount
CreateFileW
GetFileSize
MoveFileW
SetFileAttributesW
GetModuleFileNameW
CopyFileW
ExitProcess
SetEnvironmentVariableW
GetWindowsDirectoryW
GetTempPathW
GetCommandLineW
GetVersion
SetErrorMode
WaitForSingleObject
GetCurrentProcess
CompareFileTime
GlobalUnlock
GlobalLock
CreateThread
GetLastError
CreateDirectoryW
CreateProcessW
RemoveDirectoryW
lstrcmpiA
GetTempFileNameW
WriteFile
lstrcpyA
lstrcpyW
MoveFileExW
lstrcatW
GetSystemDirectoryW
GetProcAddress
GetModuleHandleA
GlobalFree
GlobalAlloc
GetShortPathNameW
SearchPathW
lstrcmpiW
SetFileTime
CloseHandle
ExpandEnvironmentStringsW
lstrcmpW
GetDiskFreeSpaceW
lstrlenW
lstrcpynW
GetExitCodeProcess
FindFirstFileW
FindNextFileW
DeleteFileW
SetFilePointer
ReadFile
FindClose
MulDiv
MultiByteToWideChar
lstrlenA
WideCharToMultiByte
GetPrivateProfileStringW
WritePrivateProfileStringW
FreeLibrary
LoadLibraryExW
GetModuleHandleW

user32

GetSystemMenu
SetClassLongW
IsWindowEnabled
EnableMenuItem
SetWindowPos
GetSysColor
GetWindowLongW
SetCursor
LoadCursorW
CheckDlgButton
GetMessagePos
LoadBitmapW
CallWindowProcW
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
wsprintfW
ScreenToClient
GetWindowRect
GetSystemMetrics
SetDlgItemTextW
GetDlgItemTextW
MessageBoxIndirectW
CharPrevW
CharNextA
wsprintfA
DispatchMessageW
PeekMessageW
GetDC
ReleaseDC
EnableWindow
InvalidateRect
SendMessageW
DefWindowProcW
BeginPaint
GetClientRect
FillRect
EndDialog
RegisterClassW
SystemParametersInfoW
CreateWindowExW
GetClassInfoW
DialogBoxParamW
CharNextW
ExitWindowsEx
DestroyWindow
LoadImageW
SetTimer
SetWindowTextW
PostQuitMessage
ShowWindow
GetDlgItem
IsWindow
SetWindowLongW
FindWindowExW
TrackPopupMenu
AppendMenuW
CreatePopupMenu
DrawTextW
EndPaint
CreateDialogParamW
SendMessageTimeoutW
SetForegroundWindow

gdi32

SelectObject
SetBkMode
CreateFontIndirectW
SetTextColor
DeleteObject
GetDeviceCaps
CreateBrushIndirect
SetBkColor

shell32

SHGetSpecialFolderLocation
SHGetPathFromIDListW
SHBrowseForFolderW
SHGetFileInfoW
ShellExecuteW
SHFileOperationW

advapi32

RegDeleteKeyW
SetFileSecurityW
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges
RegOpenKeyExW
RegEnumValueW
RegDeleteValueW
RegCloseKey
RegCreateKeyExW
RegSetValueExW
RegQueryValueExW
RegEnumKeyW

comctl32

ImageList_AddMasked
ord17
ImageList_Destroy
ImageList_Create

ole32

OleUninitialize
OleInitialize
CoTaskMemFree
CoCreateInstance

Sections

.text
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 128KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 144KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 58KB - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
85523c6377c27e22068a2ef347997a295981b91e103b3cf3387ed80aa0b010c3
.exe windows:4 windows x86

98c88d882f01a3f6ac1e5f7dfd761624

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ExitProcess

user32

MessageBoxA

Sections

Size: - Virtual size: 112KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 46KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
8ab3db7349f38d6463a3c6a7155ab297f18d92262a098064ea2472cecc7e3103
.exe windows:4 windows x86

aaa734bdf233e7b6248c47353f08a15f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GlobalUnlock
GlobalLock
GlobalAlloc
GetTickCount
WideCharToMultiByte
IsBadReadPtr
GlobalAddAtomA
GlobalAddAtomW
GetModuleHandleA
GlobalFree
GlobalGetAtomNameA
GlobalDeleteAtom
GlobalGetAtomNameW
FreeConsole
GetEnvironmentVariableA
VirtualProtect
VirtualAlloc
GetProcAddress
GetLastError
LoadLibraryA
SetLastError
SetThreadPriority
GetCurrentThread
CreateProcessA
GetCommandLineA
GetStartupInfoA
SetEnvironmentVariableA
ReleaseMutex
WaitForSingleObject
CreateMutexA
OpenMutexA
GetCurrentThreadId
CloseHandle
ReadFile
GetFileSize
CreateFileA
FindClose
FindFirstFileA
FindFirstFileW
VirtualQueryEx
GetExitCodeProcess
ReadProcessMemory
ContinueDebugEvent
SetThreadContext
GetThreadContext
WaitForDebugEvent
SuspendThread
CreateThread
ResumeThread
CreateProcessW
GetCommandLineW
GetStartupInfoW
MapViewOfFile
DuplicateHandle
GetCurrentProcess
CreateFileMappingA
VirtualProtectEx
WriteProcessMemory
ExitProcess
CompareStringA
FlushFileBuffers
LCMapStringW
LCMapStringA
SetStdHandle
GetOEMCP
GetACP
GetCPInfo
GetStringTypeW
GetStringTypeA
CompareStringW
MultiByteToWideChar
SetFilePointer
HeapReAlloc
WriteFile
VirtualFree
HeapCreate
HeapDestroy
GetFileType
GetStdHandle
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
HeapFree
HeapAlloc
GetVersion
GetLocalTime
GetSystemTime
GetTimeZoneInformation
RtlUnwind
TerminateProcess
Sleep
EnterCriticalSection
LeaveCriticalSection
GetVersionExA
InitializeCriticalSection
GetCurrentProcessId
GetModuleFileNameW
GetShortPathNameW
GetModuleFileNameA
DebugActiveProcess
GetShortPathNameA

user32

GetDesktopWindow
MoveWindow
SetPropA
EnumThreadWindows
GetPropA
GetMessageA
BeginPaint
EndPaint
KillTimer
GetAsyncKeyState
GetSystemMetrics
SetTimer
SetWindowTextA
GetDlgItem
CreateDialogIndirectParamA
ShowWindow
UpdateWindow
LoadStringA
LoadStringW
FindWindowA
WaitForInputIdle
DestroyWindow
MessageBoxA
InSendMessage
UnpackDDElParam
FreeDDElParam
DefWindowProcA
LoadCursorA
RegisterClassW
CreateWindowExW
RegisterClassA
CreateWindowExA
GetWindowThreadProcessId
SendMessageA
PeekMessageA
TranslateMessage
DispatchMessageA
EnumWindows
IsWindowUnicode
PackDDElParam
PostMessageW
PostMessageA
IsWindow
SendMessageW

gdi32

DeleteDC
RealizePalette
SelectPalette
CreateDCA
CreatePalette
DeleteObject
BitBlt
SelectObject
CreateCompatibleDC
CreateDIBitmap

Sections

UPX0
Size: - Virtual size: 2.9MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: - Virtual size: 128KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 268KB - Virtual size: 320KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adata
Size: 52KB - Virtual size: 64KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 40KB - Virtual size: 128KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 284KB - Virtual size: 320KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
9b87457fe85670e2c059cedaa560a8a31027e96fe18b2b6a7fe610f38423b2f0
.exe .vbs windows:4 windows x86
a3c7b0df189bdd47c7e113ff3b664f26b0bcd6f4f878186e882ea199e15c28cc
.exe windows:5 windows x86

462f63682626cfc5c88f45cce550cbee

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetSystemDirectoryW
DeleteFileW
CreateFileMappingA
InterlockedExchange
SetUnhandledExceptionFilter
GetStartupInfoA
GetTickCount
GetSystemTimeAsFileTime
GetCurrentThreadId
GetLastError
TerminateProcess
GetModuleHandleA
VirtualAlloc
GetProcAddress
GetCurrentProcess
GetCurrentProcessId
QueryPerformanceCounter

advapi32

RegOpenKeyExA
RegOpenKeyExW
RegCloseKey
RegQueryValueExA
RegQueryValueExW
WmiMofEnumerateResourcesA

wsock32

GetAddressByNameA
GetNameByTypeA
sethostname
SetServiceA
GetTypeByNameA
dn_expand
WSARecvEx
GetServiceA
NPLoadNameSpaces
gethostbyname
TransmitFile
EnumProtocolsA

Sections

.textbss
Size: - Virtual size: 108KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 55KB - Virtual size: 55KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 53KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
ab4fa067af1c9a107b879341e255eb9f05779608ce31217c1a2d60d28a2c8838
.exe windows:4 windows x86

7683d28964209698f6dd9edcf95d8e20

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
LoadLibraryA
GetLocaleInfoA
SetEndOfFile
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
FlushFileBuffers
SetStdHandle
CreateFileA
InitializeCriticalSection
Sleep
GetConsoleMode
GetConsoleCP
WideCharToMultiByte
HeapSize
ReadFile
GetModuleHandleW
SystemTimeToFileTime
GetModuleFileNameW
GetSystemTime
CloseHandle
WriteFile
CreateFileW
GetShortPathNameW
GetSystemDirectoryW
SearchPathA
WinExec
GetShortPathNameA
DeleteFileA
GetModuleFileNameA
GetCurrentThreadId
SetFilePointer
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetCommandLineW
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
MultiByteToWideChar
FreeEnvironmentStringsA
GetLastError
HeapFree
HeapAlloc
GetVersionExA
GetProcessHeap
GetStartupInfoW
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapDestroy
HeapCreate
VirtualFree
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
VirtualAlloc
HeapReAlloc
RtlUnwind
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
GetModuleHandleA
GetProcAddress
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
ExitProcess

user32

ShowWindow
RegisterHotKey
CreateWindowExW
RegisterClassExW
LoadCursorW
SetTimer
UpdateWindow
PostQuitMessage
EndPaint
MessageBoxW
BeginPaint
DefWindowProcW
GetWindowTextW
ReleaseDC
GetWindowLongW
RedrawWindow
GetClientRect
DrawTextW
GetWindowDC
GetWindowRect
GetDesktopWindow
CloseDesktop
DispatchMessageW
TranslateMessage
GetMessageW
FillRect
SwitchDesktop
SetThreadDesktop
CreateDesktopW
GetThreadDesktop

gdi32

GetDIBits
BitBlt
SelectObject
SetDIBitsToDevice
CreateCompatibleDC
CreateCompatibleBitmap
TextOutW
SetTextColor
SetBkMode
CreateFontW
LineTo
MoveToEx
DeleteObject
Rectangle
CreateSolidBrush
CreatePen
DeleteDC

advapi32

RegCloseKey
RegSetValueExW
RegOpenKeyExW
RegQueryValueExW

rpcrt4

RpcStringFreeW
UuidCreate
UuidToStringW

wininet

InternetOpenW
InternetConnectW
HttpOpenRequestW
HttpSendRequestW
InternetReadFile
InternetCloseHandle
InternetCrackUrlW

Sections

.text
Size: 56KB - Virtual size: 52KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
b1c5c3ca41c322b47a5feb62ebb0e5daa3c1c682aa1dedb98fd3b7dff3eca57d
.exe windows:5 windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 163KB - Virtual size: 162KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 264B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
ca561f9403ab4be76ca66646df1a3da826fa2cc1972dd005ad23861abb317cc5
.exe windows:4 windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Sections

UPX0
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 6KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX2
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
d278eb3d6cc29c6de4b086aaa6214412d62fe2bb850c0ead63a403c3a24b2c8f
.exe windows:4 windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 88KB - Virtual size: 85KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
d3e04348f412615e23ad0aebfee1b4338f5edf99776bdedf08fbb0462868ef91
.exe windows:4 windows x86

4864beef2287df1a1aba41c566ec3cf6

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetEndOfFile
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
HeapSize
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
CreateThread
FlushFileBuffers
SetStdHandle
GetConsoleMode
GetConsoleCP
SetFilePointer
LoadLibraryA
InitializeCriticalSection
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
GetCommandLineW
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
lstrlenW
CreateMutexW
GetLastError
GetTickCount
Sleep
ExitProcess
GetShortPathNameW
GetSystemDirectoryW
CreateProcessW
GetSystemTime
SystemTimeToFileTime
GetModuleFileNameA
DeleteFileA
GetShortPathNameA
SearchPathA
ReadFile
WinExec
GetModuleHandleW
GetModuleFileNameW
CreateFileW
WriteFile
CreateFileA
CloseHandle
FreeEnvironmentStringsA
LCMapStringW
WideCharToMultiByte
LCMapStringA
MultiByteToWideChar
RaiseException
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
GetStartupInfoA
GetFileType
HeapAlloc
HeapFree
RtlUnwind
GetVersionExA
GetProcessHeap
GetStartupInfoW
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
VirtualFree
VirtualAlloc
HeapReAlloc
HeapDestroy
HeapCreate
GetProcAddress
GetModuleHandleA
GetStdHandle
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
SetHandleCount

user32

CharNextW
MoveWindow
IsWindowVisible
SetWindowTextA
DestroyWindow
PostMessageW
GetWindowTextA
LoadCursorW
RegisterClassExW
GetMessageW
TranslateMessage
UnregisterClassW
DefWindowProcW
KillTimer
BeginPaint
EndPaint
MessageBoxW
GetDC
PostQuitMessage
GetWindowLongW
CreateWindowExW
SetLayeredWindowAttributes
ShowWindow
UpdateWindow
SetTimer
RegisterHotKey
GetClientRect
RedrawWindow
DrawTextW
DrawTextA
GetDesktopWindow
GetWindowRect
ReleaseDC
DispatchMessageW

gdi32

MoveToEx
LineTo
SetBkMode
SetTextColor
CreateFontW
CreatePen
CreateSolidBrush
Rectangle
DeleteObject
SelectObject
SetDIBitsToDevice

advapi32

RegQueryValueExW
RegOpenKeyExW
RegSetValueExW
RegCloseKey
RegCreateKeyExW

setupapi

SetupDiSetClassInstallParamsW
SetupDiCallClassInstaller
SetupDiGetDeviceInstallParamsW
SetupDiClassGuidsFromNameExW
SetupDiGetClassDevsExW
SetupDiOpenDeviceInfoW
SetupDiGetDeviceInfoListDetailW
CM_Get_Device_ID_ExW
SetupDiEnumDeviceInfo
SetupDiDestroyDeviceInfoList
SetupDiGetDeviceRegistryPropertyW
SetupDiCreateDeviceInfoListExW

Sections

.text
Size: 66KB - Virtual size: 66KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.shr
Size: 512B - Virtual size: 1B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
d7e876a714e2632fa42e6636177962516736074c76f486dc34de020ec13af0c9
.exe windows:5 windows x86

75e120c0b3ae2cd5fd452b1b18eb4bde

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_AGGRESIVE_WS_TRIM
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_SYSTEM
IMAGE_FILE_UP_SYSTEM_ONLY

Imports

kernel32

WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
HeapSize
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
LCMapStringW
MultiByteToWideChar
LCMapStringA
InitializeCriticalSectionAndSpinCount
GetConsoleMode
GetConsoleCP
SetFilePointer
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetFileType
SetHandleCount
GetEnvironmentStringsW
FlushFileBuffers
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetCurrentThreadId
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
IsValidCodePage
GetOEMCP
GetACP
InterlockedDecrement
InterlockedIncrement
GetCPInfo
WriteFile
GetModuleHandleW
CreateFileA
CloseHandle
lstrcpyA
LocalFree
FillConsoleOutputAttribute
LoadLibraryExA
GetModuleHandleA
GetModuleFileNameA
SetConsoleWindowInfo
GetProfileStringA
LocalAlloc
GetConsoleScreenBufferInfo
LoadLibraryA
GetLocalTime
LocalLock
GetProcAddress
ExitProcess
SetLastError
GetLastError
GetStdHandle
lstrcatA
MulDiv
SetConsoleCursorPosition
GetConsoleWindow
Sleep
FormatMessageA
SetConsoleScreenBufferSize
SystemTimeToFileTime
lstrcpynA
MoveFileExA
lstrlenA
FillConsoleOutputCharacterA
HeapReAlloc
VirtualAlloc
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
VirtualFree
HeapCreate
RtlUnwind
RaiseException
GetStartupInfoA
GetCommandLineA
GetSystemTimeAsFileTime
LocalUnlock
WideCharToMultiByte
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
HeapFree
HeapAlloc
TerminateProcess
GetCurrentProcess

user32

GetDialogBaseUnits
GetDlgItemTextA
MoveWindow
CheckMenuItem
CopyRect
GetSystemMetrics
DefMDIChildProcA
DispatchMessageA
AppendMenuA
EndPaint
DestroyWindow
GetSystemMenu
SetTimer
GetWindowRect
InsertMenuItemA
PostQuitMessage
GetMenuItemID
KillTimer
DrawTextA
GetPropA
GetSubMenu
DeleteMenu
GetParent
wsprintfA
GetClientRect
CreateMenu
SetFocus
SendMessageA
BeginPaint
SetScrollRange
SetWindowWord
GetDC
GetWindowWord
GetWindowTextA
SetRect
SetWindowLongA
MessageBoxA
InvalidateRect
GetWindowLongA
CreateWindowExA
SetScrollPos
ReleaseDC
EnableMenuItem
GetDlgItem
DefWindowProcA
SendDlgItemMessageW
GetSysColor
ShowWindow
SetMenu
CreatePopupMenu
DrawMenuBar

gdi32

CreateFontIndirectA
CreateSolidBrush
BitBlt
GetTextExtentPoint32A
SetTextColor
DeleteDC
CreateFontA
GetDeviceCaps
SetBkColor
SetBkMode
DeleteObject
SelectObject
CreateCompatibleDC
DPtoLP
SetMapMode
CreateCompatibleBitmap
Rectangle
GdiSetBatchLimit
StartDocA
GetMapMode
CreateBitmapIndirect
CreateRectRgn
GetTextExtentPointA
GetTextMetricsA
GetObjectA
TextOutW
GetStockObject
ExtTextOutA
TextOutA

comdlg32

FindTextA
ChooseFontA

advapi32

OpenServiceA
ControlService
OpenSCManagerA
QueryAllTracesA
CloseServiceHandle

psapi

GetModuleInformation

version

GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeA

shlwapi

wnsprintfA
PathFindFileNameA
StrToIntExA

imm32

ImmGetCompositionStringA

wtsapi32

WTSFreeMemory
WTSEnumerateSessionsA

Sections

.text
Size: 70KB - Virtual size: 70KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 104KB - Virtual size: 103KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reda
Size: 50KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.texa
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

mern
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 64KB - Virtual size: 63KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
dd8bf2763ce09cbeb21cdbf802b9f7475c7998e459714150fae07ffcd027bb38
.exe windows:4 windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 93KB - Virtual size: 92KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 549B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 85KB - Virtual size: 332KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
dd9ca1355ff3ddd883f9d2d0e6df9b7a8ebff650003a616c533b30554cee2a9a
.exe windows:4 windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

UPX0
Size: - Virtual size: 44KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 23KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
dd9d07d1f5bb4facb1b4e412ce9e52a5ca9a689f2f78c34bacf63af19f7ce127
.exe windows:4 windows x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 50KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 921B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1024B - Virtual size: 630B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 4B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 648B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
ef3c260fed0a71f0e679261aeb242133899f9ff03d68b5f95711a66ef919e549
.exe windows:5 windows x86

55cf7d46d588cca3d1dc219960711b38

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

MultiByteToWideChar
lstrcpyA
CloseHandle
WideCharToMultiByte
lstrcpynA
GetModuleHandleA
GetProcAddress
AreFileApisANSI
GetLastError
LoadLibraryA
GetModuleFileNameA
GlobalAlloc
CreateMutexA
lstrlenW
GetFileAttributesA
InterlockedDecrement
GetStartupInfoA
CreateProcessA
SetLastError
GlobalFree
ExitProcess
GetTickCount
GetACP
GetOEMCP
VirtualProtect
LocalFree
GetCurrentThreadId
FreeLibrary
GetFullPathNameA
OutputDebugStringA
lstrlenA

user32

GetDlgCtrlID
SetWindowTextA
SetForegroundWindow
DrawTextA
GetSystemMetrics
IsWindow
UpdateWindow
SendMessageA
FillRect
GetDesktopWindow
SetCapture
GetWindowRect
GetWindowTextA
TabbedTextOutA
PtInRect
GrayStringA
DefWindowProcA
EnumChildWindows
GetParent
EnableWindow
GetSystemMenu
IsWindowUnicode
GetForegroundWindow
wsprintfW
GetTopWindow
IsZoomed
OffsetRect
ReleaseCapture
SetRect

gdi32

AnimatePalette
AbortDoc
RectVisible
LPtoDP
SetRectRgn
BitBlt
TextOutA
CreateFontIndirectA
DPtoLP
CreatePolygonRgn
GetTextColor
CombineRgn
Polyline
CreatePalette
CreateRectRgn
PtInRegion
GetObjectA
SetPixel
PtVisible

advapi32

LsaFreeMemory
RegSetValueExW
CryptDestroyHash
LsaClose
RegOpenKeyExW
CryptDeriveKey
RegOpenKeyExA
RegDeleteValueA
RegDeleteValueW
CryptEncrypt
RegEnumValueA
CryptAcquireContextA
LsaOpenPolicy
EqualSid
CryptReleaseContext
RegEnumValueW
RegCreateKeyExA
FreeSid
RegCreateKeyExW
CryptCreateHash
CryptDestroyKey
CryptDecrypt
RegCloseKey
RegQueryValueExW
IsTextUnicode
RegQueryValueExA
RegDeleteKeyW
RegOpenCurrentUser
RegEnumKeyW
CryptHashData
RegSetValueExA
RegOpenKeyA

shell32

ShellExecuteA
SHGetPathFromIDListA
SHGetMalloc
SHGetDesktopFolder

ole32

CoInitialize
CLSIDFromProgID
StringFromCLSID
CoCreateInstance
CoTaskMemFree
CoUninitialize

comctl32

InitCommonControlsEx
_TrackMouseEvent

version

VerQueryValueA
GetFileVersionInfoSizeA
GetFileVersionInfoA

oledlg

OleUIBusyW

psapi

GetModuleBaseNameA

msvcrt

malloc
_mbscmp
__set_app_type
_CIcos
_XcptFilter
_initterm
_vsnprintf
_onexit
??1type_info@@UAE@XZ
_controlfp
__CxxFrameHandler
?terminate@@YAXXZ
__setusermatherr
free
__p__commode
_mbsicmp
__getmainargs
_strdup
__p__fmode
_setmbcp
_except_handler3
_splitpath
_adjust_fdiv
_CxxThrowException
exit
_exit
_acmdln
__dllonexit

Sections

.text
Size: 55KB - Virtual size: 54KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 96KB - Virtual size: 95KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
f40df86d68d075c73e1be8ed5b3201f0e55a9eccf662258a219acee35df398df
.exe windows:4 windows x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 1024B - Virtual size: 720B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 1KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 8B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 15KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
fb861230c088dd68f1a6c782e9ad0b44a1831ccc29c0516635cc4b3de2a91a01
.exe windows:4 windows x86

3c4aced1f950f10bbfafe22fe8451575

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

hlink

ord22
ord20
ord23
ord18
ord16

loadperf

InstallPerfDllA
UpdatePerfNameFilesA

msdmo

MoCopyMediaType
DMOEnum

ntdsapi

DsCrackNamesA
DsFreeNameResultA
DsFreePasswordCredentials
DsListServersInSiteA
DsMakeSpnA
DsMapSchemaGuidsA
DsQuoteRdnValueA

kernel32

LCMapStringW
GetStringTypeW
GetStringTypeA
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
HeapSize
GetOEMCP
GetACP
LoadLibraryA
InterlockedExchange
RtlUnwind
GetCPInfo
GetLocaleInfoA
IsBadWritePtr
HeapReAlloc
VirtualFree
HeapCreate
WriteConsoleW
GetTempPathA
lstrlenA
GetModuleHandleA
GetCommandLineA
GetVersionExA
HeapAlloc
HeapFree
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
LCMapStringA
WideCharToMultiByte
MultiByteToWideChar
GetLastError
ExitProcess
GetProcAddress
TerminateProcess
GetCurrentProcess
WriteFile
GetStdHandle
GetModuleFileNameA
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
GetStartupInfoA
HeapDestroy

Sections

.text
Size: 32KB - Virtual size: 30KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 108KB - Virtual size: 104KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 76KB - Virtual size: 830KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 584B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Extracted

Signatures

Files

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 88KB

UPX1 Size: 15KB - Virtual size: 16KB

.rsrc Size: 15KB - Virtual size: 16KB

Headers

File Characteristics

Sections

.text Size: 6KB - Virtual size: 6KB

.text Size: 512B - Virtual size: 3KB

.idata Size: 512B - Virtual size: 979B

.rdata Size: 5KB - Virtual size: 4KB

.data Size: 53KB - Virtual size: 52KB

.rsrc Size: 16KB - Virtual size: 16KB

Headers

File Characteristics

Sections

UPX0 Size: 60KB - Virtual size: 60KB

UPX1 Size: 61KB - Virtual size: 64KB

.rsrc Size: 2KB - Virtual size: 4KB

86c5032ebe1784dfd13edabd0e3b62d4

Headers

File Characteristics

Imports

oleaut32

advapi32

user32

kernel32

gdi32

version

ole32

comctl32

Sections

.text Size: 569KB - Virtual size: 569KB

.itext Size: 5KB - Virtual size: 5KB

.data Size: 11KB - Virtual size: 10KB

.bss Size: - Virtual size: 19KB

.idata Size: 11KB - Virtual size: 11KB

.tls Size: - Virtual size: 52B

.rdata Size: 512B - Virtual size: 24B

.reloc Size: 42KB - Virtual size: 42KB

.rsrc Size: 597KB - Virtual size: 596KB

ebdae8689983d2d4f2a5e3392ba9074c

Headers

File Characteristics

Imports

kernel32

user32

Sections

.text Size: 76KB - Virtual size: 73KB

.rdata Size: 4KB - Virtual size: 2KB

.data Size: 4KB - Virtual size: 5KB

.tls Size: 4KB - Virtual size: 4B

.rsrc Size: 4KB - Virtual size: 2KB

dca093669585f7dd5cb689ef9c0b872b

Headers

File Characteristics

Imports

oleaut32

advapi32

user32

kernel32

gdi32

version

comctl32

shell32

Sections

.text Size: 364KB - Virtual size: 364KB

.itext Size: 2KB - Virtual size: 1KB

.data Size: 7KB - Virtual size: 6KB

.bss Size: - Virtual size: 19KB

.idata Size: 10KB - Virtual size: 9KB

UPX0
Size: - Virtual size: 88KB

UPX1
Size: 15KB - Virtual size: 16KB

.rsrc
Size: 15KB - Virtual size: 16KB

.text
Size: 6KB - Virtual size: 6KB

.text
Size: 512B - Virtual size: 3KB

.idata
Size: 512B - Virtual size: 979B

.rdata
Size: 5KB - Virtual size: 4KB

.data
Size: 53KB - Virtual size: 52KB

.rsrc
Size: 16KB - Virtual size: 16KB

UPX0
Size: 60KB - Virtual size: 60KB

UPX1
Size: 61KB - Virtual size: 64KB

.rsrc
Size: 2KB - Virtual size: 4KB

.text
Size: 569KB - Virtual size: 569KB

.itext
Size: 5KB - Virtual size: 5KB

.data
Size: 11KB - Virtual size: 10KB

.bss
Size: - Virtual size: 19KB

.idata
Size: 11KB - Virtual size: 11KB

.tls
Size: - Virtual size: 52B

.rdata
Size: 512B - Virtual size: 24B

.reloc
Size: 42KB - Virtual size: 42KB

.rsrc
Size: 597KB - Virtual size: 596KB

.text
Size: 76KB - Virtual size: 73KB

.rdata
Size: 4KB - Virtual size: 2KB

.data
Size: 4KB - Virtual size: 5KB

.tls
Size: 4KB - Virtual size: 4B

.rsrc
Size: 4KB - Virtual size: 2KB

.text
Size: 364KB - Virtual size: 364KB

.itext
Size: 2KB - Virtual size: 1KB

.data
Size: 7KB - Virtual size: 6KB

.bss
Size: - Virtual size: 19KB

.idata
Size: 10KB - Virtual size: 9KB

.tls
Size: - Virtual size: 56B

.rdata
Size: 512B - Virtual size: 24B

.reloc
Size: 25KB - Virtual size: 24KB

.rsrc
Size: 35KB - Virtual size: 35KB

50:e0:a5:92:ec:64:3f:b9:44:54:78:2d:4a:dd:5c:e5
Certificate

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

64:ae:ce:8d:88:1d:9e:0c:ed:65:20:fb:fa:e5:a5:bc:fd:6c:07:a9
Signer

UPX0
Size: - Virtual size: 9.3MB

UPX1
Size: 470KB - Virtual size: 472KB

.rsrc
Size: 218KB - Virtual size: 220KB

CODE
Size: 654KB - Virtual size: 653KB

DATA
Size: 12KB - Virtual size: 12KB

BSS
Size: - Virtual size: 16KB

.idata
Size: 11KB - Virtual size: 11KB

.tls
Size: - Virtual size: 20B

.rdata
Size: 512B - Virtual size: 24B

.reloc
Size: 45KB - Virtual size: 45KB

.rsrc
Size: 41KB - Virtual size: 78KB

.text
Size: 60KB - Virtual size: 57KB

.data
Size: 4KB - Virtual size: 2KB

.rsrc
Size: 8KB - Virtual size: 5KB

.text
Size: 32KB - Virtual size: 32KB

.rdata
Size: 33KB - Virtual size: 36KB

.data
Size: 3KB - Virtual size: 4KB

.CRT
Size: 512B - Virtual size: 4KB

.rsrc
Size: 512B - Virtual size: 4KB

.reloc
Size: 3KB - Virtual size: 4KB