Extracted

• 6e57d1fc4d14e7e7c2216085e41c393c9f117b0b5f8ce639ac78795d18dba730.bin.sample.gz

  .gz
• sample

  .exe windows:4 windows x86

  b83b4c7be0b1cdd8e117bba9096d9768

  
  

  Headers

  File Characteristics

  IMAGE_FILE_RELOCS_STRIPPED

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_LINE_NUMS_STRIPPED

  IMAGE_FILE_LOCAL_SYMS_STRIPPED

  IMAGE_FILE_32BIT_MACHINE

  Imports

  user32

  GetMessageA

  GetWindowTextA

  GetWindowThreadProcessId

  LoadCursorA

  LoadIconA

  CreateWindowExA

  RegisterClassA

  SendMessageA

  ShowWindow

  TranslateMessage

  UpdateWindow

  GetClassNameA

  EnumWindows

  DispatchMessageA

  DefWindowProcA

  wsprintfA

  kernel32

  ResetEvent

  SetEvent

  SetFilePointer

  OpenProcess

  RemoveDirectoryA

  LocalAlloc

  WriteFile

  WaitForSingleObject

  VirtualFree

  VirtualAlloc

  SystemTimeToFileTime

  CloseHandle

  CopyFileA

  CreateDirectoryA

  CreateEventA

  CreateFileA

  CreateMutexA

  CreateThread

  CreateToolhelp32Snapshot

  DeleteFileA

  ExitProcess

  FileTimeToSystemTime

  GetCommandLineW

  GetCurrentProcess

  GetCurrentProcessId

  GetEnvironmentVariableA

  GetLastError

  GetLocalTime

  GetModuleFileNameA

  GetModuleHandleA

  GetTempPathA

  GetVolumeInformationA

  LocalFree

  Sleep

  advapi32

  GetSidSubAuthority

  GetUserNameW

  OpenProcessToken

  GetTokenInformation

  wsock32

  htons

  inet_addr

  inet_ntoa

  recv

  select

  send

  setsockopt

  shutdown

  socket

  connect

  closesocket

  ioctlsocket

  WSAStartup

  WSACleanup

  shell32

  CommandLineToArgvW

  ws2_32

  freeaddrinfo

  WSAIoctl

  getaddrinfo

  ole32

  CoUninitialize

  CoInitialize

  CoCreateInstance

  secur32

  GetUserNameExW

  QueryContextAttributesA

  AcquireCredentialsHandleA

  DecryptMessage

  DeleteSecurityContext

  EncryptMessage

  FreeContextBuffer

  FreeCredentialsHandle

  GetUserNameExA

  InitializeSecurityContextA

  psapi

  GetModuleFileNameExA

  Sections

  .text

  Size: 11KB - Virtual size: 11KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 2KB - Virtual size: 2KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 1024B - Virtual size: 812B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE