cobaltstrike | WinX[.]OperationDianxun[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

WinX.OperationDianxun.zip
Size

3.2MB
MD5

5151bba22faaa41af6b96287c82b3351
SHA1

a9bd15eb42f12a8592f048255af7433cdc5340b5
SHA256

f353353f5f7f7551088cdda2f58ae9ff6aaa923b3a238f2426e1ccdf4a3ae1b4
SHA512

bdcacf9bd402d9dbf9c27c515ee49358c59132aa58b319606f50205c00f8c01437082c0f2655c27101f75b4772ea0e8433d49645abad0f89d7261e850c17cfe8
SSDEEP

98304:X6u0mmxKPkIrE99UhWQohq3xjmBChfq06Aa/:X692YqhW9qzqn/

Score

10^/10

305419896 cobaltstrike

Malware Config

Extracted

Family

cobaltstrike

Botnet

305419896

http://update1.jscachecdn.com:443/s/ref=nb_sb_noss_1/264-84198498-9827145/field-keywords=woman

Attributes

access_type
512
beacon_type
2048
host
update1.jscachecdn.com,/s/ref=nb_sb_noss_1/264-84198498-9827145/field-keywords=woman
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAABAAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy1aS2ZWTnJUdUpQMDlFRzlGeno5SXwyMDgzMTUyMTM0MzE1AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAQAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz04OTY3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
jitter
3584
maxdns
245
polling_time
6800
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrylu1nawNqTnchDFZwhM5rPX9/kaphE5BDrR8bk5ALmoLJi/2cEd9JZrC2SYYnb5T77fX3x626TxdJ5G+/97opftYZbdE8iL2E3+TfmbpIPQ1euTNHG80msizEFGH4FHkFaTQNi0LQKy3bAotTH3bB6Tyl68jiQUZGDqIrK4J0QIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N9185/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1)
watermark
305419896

Signatures

Cobaltstrike family
cobaltstrike

Unsigned PE 13 IoCs

Checks for missing Authenticode signature.

resource
unpack001/0d7d4dc173c88c4f72c8f9f419ae8473d044f4b3e8f32e4a0f34fe4bbc698776
unpack001/260ebbf392498d00d767a5c5ba695e1a124057c1c01fff2ae76db7853fe4255b
unpack001/2779937398506e8ad207f5b291ae53d8af82b9f2739b0508ae3e0cfc40ced092
unpack001/740992d40b84b10aa9640214a4a490e989ea7b869cea27dbbdef544bb33b1048
unpack001/75b30164a31d305f47f2c3c2121432e6d7b316cfb3deb6b39f78180168bc9472
unpack001/9ccb4ed133be5c9c554027347ad8b722f0b4c3f14bfd947edfe75a015bf085e5
unpack001/9d4b4c39106f8e2fd036e798fc67bbd7b98284121724c0f845bca0a6d2ae3999
unpack001/b7f36159aec7f3512e00bfa8aa189cbb97f9cc4752a635bc272c7a5ac1710e0b
unpack001/cf4bf26b2d6f1c6055534bbe9decb579ef0180e0f8c467c1a26e2ead7567058a
unpack001/cf65cc6e4b2b0c3f602b16398c8c30c277b8cfaed689fe7cb61b92560d4e5b1b
unpack001/d2642d3731508b52efa34adf57701f18e2f8b70addf31e33e445e75b9a909822
unpack001/db36ad77875bbf622d96ae8086f44924c37034dd95e9eb6d6369cc6accd2a40d
unpack001/e784e95fb5b0188f0c7c82add9a3c89c5bc379eaf356a4d3876d9493a986e343

Files

WinX.OperationDianxun.zip
.zip

Password: infected
0d7d4dc173c88c4f72c8f9f419ae8473d044f4b3e8f32e4a0f34fe4bbc698776
.exe windows:4 windows x86 arch:x86

Password: infected

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
260ebbf392498d00d767a5c5ba695e1a124057c1c01fff2ae76db7853fe4255b
.exe windows:6 windows x64 arch:x64

Password: infected

fa131ae3f0b2aecd572c532c89cf6976

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ws2_32

WSAStartup
ntohl
htonl
ioctlsocket
listen
accept
sendto
recvfrom
freeaddrinfo
getaddrinfo
WSAIoctl
setsockopt
ntohs
htons
getsockopt
getsockname
getpeername
connect
closesocket
bind
send
recv
WSASetLastError
select
__WSAFDIsSet
socket
WSAGetLastError
WSACleanup
gethostname

wldap32

ord143
ord301
ord200
ord30
ord79
ord35
ord33
ord32
ord27
ord26
ord22
ord41
ord50
ord45
ord60
ord211
ord46
ord217

crypt32

CertFreeCertificateChain
CertGetCertificateChain
CertFreeCertificateChainEngine
CertCreateCertificateChainEngine
CryptQueryObject
CertGetNameStringA
CertAddCertificateContextToStore
CryptStringToBinaryA
CertFreeCertificateContext
CertFindCertificateInStore
CertEnumCertificatesInStore
CertCloseStore
CertOpenStore

normaliz

IdnToAscii

kernel32

HeapAlloc
HeapFree
GetConsoleCP
ReadConsoleW
GetConsoleMode
SetFilePointerEx
FreeLibraryAndExitThread
CreateThread
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
GetFileInformationByHandle
GetDriveTypeW
GetModuleHandleExW
ExitProcess
LoadLibraryExW
RaiseException
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetFileAttributesExW
HeapReAlloc
GetFullPathNameW
SetStdHandle
FlushFileBuffers
GetTimeZoneInformation
FindClose
ExitThread
FindFirstFileExW
RtlPcToFileHeader
RtlUnwindEx
InitializeSListHead
DeviceIoControl
FindNextFileW
Sleep
LoadLibraryA
LoadLibraryW
GetProcAddress
GlobalMemoryStatusEx
GetCommandLineW
MultiByteToWideChar
CreateFileA
LocalFree
ReadFile
WriteFile
GetModuleFileNameW
SetFilePointer
CloseHandle
GetCurrentDirectoryW
GetLastError
VirtualProtect
VirtualFree
VirtualAlloc
UnmapViewOfFile
GetModuleHandleW
CreateFileMappingW
MapViewOfFile
SetLastError
FormatMessageA
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
SleepEx
VerSetConditionMask
QueryPerformanceFrequency
GetSystemDirectoryA
FreeLibrary
GetModuleHandleA
VerifyVersionInfoA
QueryPerformanceCounter
GetTickCount
WaitForSingleObjectEx
ExpandEnvironmentStringsA
GetStdHandle
GetFileType
PeekNamedPipe
WaitForMultipleObjects
GetFileSizeEx
WideCharToMultiByte
GetCurrentThreadId
GetCurrentProcessId
GetStartupInfoW
IsValidCodePage
GetACP
RtlUnwind
GetOEMCP
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
GetProcessHeap
SetEndOfFile
HeapSize
WriteConsoleW
CreateFileW
IsDebuggerPresent
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetCPInfo
GetStringTypeW
GetLocaleInfoW
LCMapStringW
CompareStringW
GetSystemTimeAsFileTime
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
DecodePointer
EncodePointer

advapi32

CryptAcquireContextA
CryptEncrypt
CryptImportKey
CryptDestroyKey
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptGenRandom
CryptGetHashParam
CryptReleaseContext
GetUserNameA

shell32

CommandLineToArgvW

ole32

CoInitializeEx
CoCreateInstance
CoUninitialize

oleaut32

SafeArrayAccessData
SafeArrayCreateVector
SafeArrayCreate
SysFreeString
SysAllocString
SafeArrayPutElement
SafeArrayUnaccessData

shlwapi

ord176

winhttp

WinHttpSendRequest
WinHttpConnect
WinHttpCrackUrl
WinHttpReadData
WinHttpQueryDataAvailable
WinHttpCloseHandle
WinHttpReceiveResponse
WinHttpOpen
WinHttpOpenRequest

Sections

.text
Size: 644KB - Virtual size: 644KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 171KB - Virtual size: 171KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 35KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 148B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 39KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
2779937398506e8ad207f5b291ae53d8af82b9f2739b0508ae3e0cfc40ced092
.dll windows:6 windows x64 arch:x64

Password: infected

0f275d628096389203c13780013332e4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

GetLastError
InitializeCriticalSectionEx
DeleteCriticalSection
GetEnvironmentVariableA
LocalFree
FormatMessageA
MultiByteToWideChar
GetProcAddress
LoadLibraryA
OutputDebugStringW
IsDebuggerPresent
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead

user32

wsprintfA

oleaut32

VariantInit
VariantClear
SysAllocString

msvcp140

?_Xlength_error@std@@YAXPEBD@Z
?_Xbad_alloc@std@@YAXXZ
?_Xout_of_range@std@@YAXPEBD@Z

vcruntime140

memmove
__CxxFrameHandler3
memset
__C_specific_handler
__telemetry_main_invoke_trigger
memcpy
__std_exception_copy
__std_type_info_destroy_list
_CxxThrowException
__std_exception_destroy
__telemetry_main_return_trigger

api-ms-win-crt-heap-l1-1-0

malloc
free
_callnewh

api-ms-win-crt-runtime-l1-1-0

_initterm
_cexit
_crt_atexit
_execute_onexit_table
_initterm_e
_initialize_onexit_table
_initialize_narrow_environment
_seh_filter_dll
_invalid_parameter_noinfo_noreturn
_resetstkoflw
_register_onexit_function

Exports

Exports

Go

Sections

.text
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1024B - Virtual size: 984B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 76B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
740992d40b84b10aa9640214a4a490e989ea7b869cea27dbbdef544bb33b1048
.dll windows:6 windows x64 arch:x64

Password: infected

afced76612f55d0f0fbaa98a6e0ec144

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

InitializeCriticalSectionEx
DeleteCriticalSection
GetEnvironmentVariableA
GetLastError
FormatMessageA
MultiByteToWideChar
GetProcAddress
LoadLibraryA
LocalFree
RaiseException
CreateFileW
WriteConsoleW
CloseHandle
WideCharToMultiByte
IsDebuggerPresent
OutputDebugStringW
EnterCriticalSection
LeaveCriticalSection
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
GetStartupInfoW
GetModuleHandleW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
RtlPcToFileHeader
EncodePointer
RtlUnwindEx
GetModuleFileNameW
InterlockedFlushSList
SetLastError
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
GetSystemInfo
VirtualAlloc
VirtualProtect
VirtualQuery
ExitProcess
GetModuleHandleExW
HeapFree
HeapAlloc
LCMapStringW
HeapSize
HeapReAlloc
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetProcessHeap
GetStdHandle
GetFileType
GetCommandLineA
GetCommandLineW
GetStringTypeW
SetStdHandle
WriteFile
FlushFileBuffers
GetConsoleCP
GetConsoleMode
SetFilePointerEx

user32

wsprintfA

oleaut32

VariantClear
VariantInit
SysAllocString

advapi32

SystemFunction036

Exports

Exports

Go

Sections

.text
Size: 53KB - Virtual size: 52KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 39KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
75b30164a31d305f47f2c3c2121432e6d7b316cfb3deb6b39f78180168bc9472
.exe windows:6 windows x64 arch:x64

Password: infected

0bcdf8cb02b1ea5928789faf16f42f6f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ws2_32

socket
__WSAFDIsSet
select
ntohl
htonl
gethostname
ioctlsocket
listen
accept
sendto
recvfrom
freeaddrinfo
getaddrinfo
WSACleanup
WSAStartup
WSAIoctl
setsockopt
ntohs
htons
getsockopt
getsockname
getpeername
connect
closesocket
bind
send
recv
WSASetLastError
WSAGetLastError

wldap32

ord217
ord143
ord46
ord301
ord200
ord30
ord79
ord35
ord33
ord32
ord27
ord26
ord22
ord41
ord50
ord45
ord60
ord211

crypt32

CertFreeCertificateChain
CertGetCertificateChain
CertFreeCertificateChainEngine
CertCreateCertificateChainEngine
CryptQueryObject
CertGetNameStringA
CertAddCertificateContextToStore
CryptStringToBinaryA
CertFreeCertificateContext
CertFindCertificateInStore
CertEnumCertificatesInStore
CertCloseStore
CertOpenStore

normaliz

IdnToAscii

kernel32

HeapAlloc
HeapFree
GetConsoleOutputCP
ReadConsoleW
GetConsoleMode
SetFilePointerEx
FreeLibraryAndExitThread
CreateThread
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
GetFileInformationByHandle
GetDriveTypeW
VirtualQuery
GetSystemInfo
GetModuleHandleExW
ExitProcess
LoadLibraryExW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetFileAttributesExW
FlushFileBuffers
HeapReAlloc
GetFullPathNameW
SetStdHandle
HeapSize
GetTimeZoneInformation
ExitThread
FindClose
RtlPcToFileHeader
RtlUnwindEx
GetModuleFileNameW
GetEnvironmentVariableW
InitializeCriticalSectionEx
GetLastError
RaiseException
DecodePointer
DeleteCriticalSection
FindFirstFileExW
Sleep
VirtualProtect
VirtualAlloc
CreateFileW
CloseHandle
LoadLibraryW
GetModuleHandleW
FormatMessageW
LocalFree
CreateFileA
GetProcAddress
GetTickCount
GetCommandLineW
ReadFile
WriteFile
SetFilePointer
OutputDebugStringW
GetCurrentDirectoryW
MultiByteToWideChar
SetLastError
FormatMessageA
EnterCriticalSection
LeaveCriticalSection
SleepEx
VerSetConditionMask
QueryPerformanceFrequency
GetSystemDirectoryA
FreeLibrary
GetModuleHandleA
LoadLibraryA
VerifyVersionInfoA
QueryPerformanceCounter
WaitForSingleObjectEx
ExpandEnvironmentStringsA
GetStdHandle
GetFileType
PeekNamedPipe
WaitForMultipleObjects
GetFileSizeEx
WideCharToMultiByte
EncodePointer
InitializeSListHead
GetCurrentThreadId
GetCurrentProcessId
GetStartupInfoW
IsProcessorFeaturePresent
TerminateProcess
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
GetProcessHeap
SetEndOfFile
WriteConsoleW
CopyFileW
RtlUnwind
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetCPInfo
GetStringTypeW
GetLocaleInfoW
LCMapStringW
CompareStringW
GetSystemTimeAsFileTime
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
IsDebuggerPresent

user32

wsprintfW

advapi32

CryptEncrypt
CryptImportKey
CryptDestroyKey
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptGenRandom
CryptGetHashParam
CryptReleaseContext
CryptAcquireContextA

shell32

CommandLineToArgvW

oleaut32

SysAllocString
VariantClear
VariantInit

Sections

.text
Size: 532KB - Virtual size: 532KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 172KB - Virtual size: 171KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 148B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
9ccb4ed133be5c9c554027347ad8b722f0b4c3f14bfd947edfe75a015bf085e5
.exe windows:6 windows x64 arch:x64

Password: infected

5f7ca61a772049e7c494c6c74d69484c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ws2_32

WSAStartup
WSACleanup
WSAGetLastError
socket
__WSAFDIsSet
ntohl
htonl
ioctlsocket
listen
accept
sendto
recvfrom
freeaddrinfo
getaddrinfo
WSAIoctl
setsockopt
ntohs
htons
getsockopt
getsockname
getpeername
connect
closesocket
bind
send
recv
WSASetLastError
select
gethostname

wldap32

ord46
ord143
ord217
ord211
ord60
ord301
ord200
ord30
ord79
ord35
ord33
ord32
ord27
ord26
ord22
ord41
ord50
ord45

crypt32

CertFreeCertificateChain
CertGetCertificateChain
CertFreeCertificateChainEngine
CertCreateCertificateChainEngine
CryptQueryObject
CertGetNameStringA
CertAddCertificateContextToStore
CryptStringToBinaryA
CertFreeCertificateContext
CertFindCertificateInStore
CertEnumCertificatesInStore
CertCloseStore
CertOpenStore

normaliz

IdnToAscii

kernel32

EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
HeapAlloc
HeapFree
GetConsoleCP
ReadConsoleW
GetFileAttributesExW
SetFilePointerEx
FreeLibraryAndExitThread
ExitThread
CreateThread
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
GetFileInformationByHandle
GetDriveTypeW
GetModuleHandleExW
ExitProcess
HeapReAlloc
GetFullPathNameW
SetStdHandle
FlushFileBuffers
GetTimeZoneInformation
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetConsoleMode
GetCommandLineA
TlsFree
TlsSetValue
TlsGetValue
GetEnvironmentStringsW
FindClose
CreateFileA
CloseHandle
GetSystemInfo
GlobalMemoryStatusEx
WideCharToMultiByte
GetTickCount
LoadLibraryW
GetProcAddress
GetCommandLineW
MultiByteToWideChar
LocalFree
ReadFile
WriteFile
GetModuleFileNameW
SetFilePointer
CreateFileW
GetCurrentDirectoryW
GetLastError
SetLastError
FormatMessageA
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
SleepEx
VerSetConditionMask
QueryPerformanceFrequency
GetSystemDirectoryA
FreeLibrary
GetModuleHandleA
LoadLibraryA
VerifyVersionInfoA
QueryPerformanceCounter
WaitForSingleObjectEx
ExpandEnvironmentStringsA
GetStdHandle
GetFileType
PeekNamedPipe
WaitForMultipleObjects
GetFileSizeEx
TlsAlloc
LoadLibraryExW
FreeEnvironmentStringsW
SetEnvironmentVariableW
GetProcessHeap
SwitchToThread
SetEndOfFile
HeapSize
WriteConsoleW
GetSystemTimeAsFileTime
GetModuleHandleW
EncodePointer
DecodePointer
CompareStringW
Sleep
RaiseException
RtlPcToFileHeader
RtlUnwindEx
InitializeSListHead
GetCurrentThreadId
GetCurrentProcessId
InitializeCriticalSectionAndSpinCount
GetLocaleInfoW
GetStringTypeW
GetCPInfo
RtlCaptureContext
GetStartupInfoW
IsDebuggerPresent
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
LCMapStringW

advapi32

CryptReleaseContext
CryptEncrypt
CryptImportKey
CryptDestroyKey
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptGenRandom
CryptGetHashParam
CryptAcquireContextA
GetUserNameA

shell32

CommandLineToArgvW

ole32

CoCreateInstance
CoUninitialize
CoInitializeEx

oleaut32

SafeArrayCreateVector
SafeArrayAccessData
SafeArrayCreate
SafeArrayUnaccessData
SafeArrayPutElement
SysAllocString
SysFreeString

shlwapi

ord176

winhttp

WinHttpQueryDataAvailable
WinHttpSendRequest
WinHttpCloseHandle
WinHttpOpenRequest
WinHttpCrackUrl
WinHttpConnect
WinHttpOpen
WinHttpReceiveResponse
WinHttpReadData

Sections

.text
Size: 632KB - Virtual size: 631KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 181KB - Virtual size: 181KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 34KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 39KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
9d4b4c39106f8e2fd036e798fc67bbd7b98284121724c0f845bca0a6d2ae3999
.exe windows:6 windows x64 arch:x64

Password: infected

6f40c4c8bf0dd224f80339a8e10ba2e1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ws2_32

WSAStartup
ntohl
htonl
ioctlsocket
listen
accept
sendto
recvfrom
freeaddrinfo
getaddrinfo
WSAIoctl
setsockopt
ntohs
htons
getsockopt
getsockname
getpeername
connect
closesocket
bind
send
recv
WSASetLastError
select
__WSAFDIsSet
socket
WSAGetLastError
WSACleanup
gethostname

wldap32

ord143
ord301
ord200
ord30
ord79
ord35
ord33
ord32
ord27
ord26
ord22
ord41
ord50
ord45
ord60
ord211
ord46
ord217

crypt32

CertFreeCertificateChain
CertGetCertificateChain
CertFreeCertificateChainEngine
CertCreateCertificateChainEngine
CryptQueryObject
CertGetNameStringA
CertAddCertificateContextToStore
CryptStringToBinaryA
CertFreeCertificateContext
CertFindCertificateInStore
CertEnumCertificatesInStore
CertCloseStore
CertOpenStore

normaliz

IdnToAscii

kernel32

HeapFree
HeapAlloc
GetConsoleCP
ReadConsoleW
GetConsoleMode
ExitProcess
SetFilePointerEx
GetModuleHandleExW
FreeLibraryAndExitThread
ExitThread
CreateThread
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
GetFileInformationByHandle
GetDriveTypeW
LoadLibraryExW
RaiseException
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
FlushFileBuffers
HeapReAlloc
GetFullPathNameW
SetStdHandle
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
RtlPcToFileHeader
RtlUnwindEx
GetCPInfo
VirtualProtect
VirtualFree
VirtualAlloc
CreateFileW
GetACP
CloseHandle
LoadLibraryW
GetModuleHandleW
CreateFileMappingW
MapViewOfFile
GetLastError
LocalFree
FindFirstFileW
DeviceIoControl
Sleep
CreateFileA
GetProcAddress
GlobalMemoryStatusEx
GetTickCount
GetCommandLineW
MultiByteToWideChar
ReadFile
WriteFile
GetModuleFileNameW
SetFilePointer
GetCurrentDirectoryW
SetLastError
FormatMessageA
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
SleepEx
VerSetConditionMask
QueryPerformanceFrequency
GetSystemDirectoryA
FreeLibrary
GetModuleHandleA
LoadLibraryA
VerifyVersionInfoA
QueryPerformanceCounter
WaitForSingleObjectEx
ExpandEnvironmentStringsA
GetStdHandle
GetFileType
PeekNamedPipe
WaitForMultipleObjects
GetFileSizeEx
WideCharToMultiByte
GetStringTypeW
GetLocaleInfoW
LCMapStringW
CompareStringW
TlsFree
TlsSetValue
RtlUnwind
GetOEMCP
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
GetProcessHeap
GetFileAttributesExW
SetEndOfFile
GetTimeZoneInformation
HeapSize
WriteConsoleW
UnmapViewOfFile
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
DecodePointer
EncodePointer
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
GetStartupInfoW
IsDebuggerPresent
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

advapi32

RegOpenKeyW
CryptEncrypt
CryptImportKey
CryptDestroyKey
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptGenRandom
CryptGetHashParam
CryptReleaseContext
CryptAcquireContextA
GetUserNameA
RegOpenKeyExW

shell32

CommandLineToArgvW

ole32

CoInitializeEx
CoCreateInstance
CoUninitialize

oleaut32

SysAllocString
SysFreeString
SafeArrayAccessData
SafeArrayPutElement
SafeArrayUnaccessData
SafeArrayCreate
SafeArrayCreateVector

shlwapi

ord176

winhttp

WinHttpOpen
WinHttpReceiveResponse
WinHttpCloseHandle
WinHttpConnect
WinHttpCrackUrl
WinHttpQueryDataAvailable
WinHttpReadData
WinHttpOpenRequest
WinHttpSendRequest

Sections

.text
Size: 547KB - Virtual size: 547KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 161KB - Virtual size: 160KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 256B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 39KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
b7f36159aec7f3512e00bfa8aa189cbb97f9cc4752a635bc272c7a5ac1710e0b
.exe windows:6 windows x64 arch:x64

Password: infected

6314b882e0fe3c722488db14d97812d6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ws2_32

WSAStartup
ntohl
htonl
ioctlsocket
listen
accept
sendto
recvfrom
freeaddrinfo
getaddrinfo
WSAIoctl
setsockopt
ntohs
htons
getsockopt
getsockname
getpeername
connect
closesocket
bind
send
recv
WSASetLastError
select
__WSAFDIsSet
socket
WSAGetLastError
WSACleanup
gethostname

wldap32

ord143
ord301
ord200
ord30
ord79
ord35
ord33
ord32
ord27
ord26
ord22
ord41
ord50
ord45
ord60
ord211
ord46
ord217

crypt32

CertFreeCertificateChain
CertGetCertificateChain
CertFreeCertificateChainEngine
CertCreateCertificateChainEngine
CryptQueryObject
CertGetNameStringA
CertAddCertificateContextToStore
CryptStringToBinaryA
CertFreeCertificateContext
CertFindCertificateInStore
CertEnumCertificatesInStore
CertCloseStore
CertOpenStore

normaliz

IdnToAscii

kernel32

HeapFree
HeapAlloc
GetConsoleCP
ReadConsoleW
GetConsoleMode
ExitProcess
SetFilePointerEx
GetModuleHandleExW
FreeLibraryAndExitThread
ExitThread
CreateThread
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
GetFileInformationByHandle
GetDriveTypeW
LoadLibraryExW
RaiseException
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
FlushFileBuffers
HeapReAlloc
GetFullPathNameW
SetStdHandle
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
RtlPcToFileHeader
RtlUnwindEx
GetCPInfo
VirtualProtect
VirtualFree
VirtualAlloc
CreateFileW
GetACP
CloseHandle
LoadLibraryW
GetModuleHandleW
CreateFileMappingW
MapViewOfFile
GetLastError
LocalFree
FindFirstFileW
DeviceIoControl
Sleep
CreateFileA
GetProcAddress
GlobalMemoryStatusEx
GetTickCount
GetCommandLineW
MultiByteToWideChar
ReadFile
WriteFile
GetModuleFileNameW
SetFilePointer
GetCurrentDirectoryW
SetLastError
FormatMessageA
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
SleepEx
VerSetConditionMask
QueryPerformanceFrequency
GetSystemDirectoryA
FreeLibrary
GetModuleHandleA
LoadLibraryA
VerifyVersionInfoA
QueryPerformanceCounter
WaitForSingleObjectEx
ExpandEnvironmentStringsA
GetStdHandle
GetFileType
PeekNamedPipe
WaitForMultipleObjects
GetFileSizeEx
WideCharToMultiByte
GetStringTypeW
GetLocaleInfoW
LCMapStringW
CompareStringW
TlsFree
TlsSetValue
GetOEMCP
RtlUnwind
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
GetProcessHeap
GetFileAttributesExW
SetEndOfFile
GetTimeZoneInformation
HeapSize
WriteConsoleW
UnmapViewOfFile
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
DecodePointer
EncodePointer
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
GetStartupInfoW
IsDebuggerPresent
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

advapi32

RegOpenKeyExW
CryptEncrypt
CryptImportKey
CryptDestroyKey
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptGenRandom
CryptGetHashParam
CryptReleaseContext
CryptAcquireContextA
GetUserNameA
RegOpenKeyW

shell32

CommandLineToArgvW

ole32

CoInitializeEx
CoCreateInstance
CoUninitialize

oleaut32

SysAllocString
SysFreeString
SafeArrayAccessData
SafeArrayPutElement
SafeArrayUnaccessData
SafeArrayCreate
SafeArrayCreateVector

shlwapi

ord176

Sections

.text
Size: 543KB - Virtual size: 542KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 160KB - Virtual size: 160KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 256B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 39KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
cf4bf26b2d6f1c6055534bbe9decb579ef0180e0f8c467c1a26e2ead7567058a
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 29KB - Virtual size: 29KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
cf65cc6e4b2b0c3f602b16398c8c30c277b8cfaed689fe7cb61b92560d4e5b1b
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
d0dd9c624bb2b33de96c29b0ccb5aa5b43ce83a54e2842f1643247811487f8d9
.exe windows:6 windows x64 arch:x64

faaa332605e536ebdebf6a0f58e1b286

Code Sign

96:74:ab:47:90:79:8a:1e:26:2e:b4:5b:94:ab:9c:e1
Certificate

Issuer

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

01/02/2020, 00:00

Not After

29/01/2021, 23:59

Subject

CN=Michael Balloni,O=Michael Balloni,POSTALCODE=92126,L=San Diego,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/11/2018, 00:00

Not After

31/12/2030, 23:59

Subject

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

82:a1:1e:eb:ec:01:e5:31:3a:d4:ab:1c:07:31:c0:14:83:52:2f:fc
Signer

Actual PE Digest

82:a1:1e:eb:ec:01:e5:31:3a:d4:ab:1c:07:31:c0:14:83:52:2f:fc

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ws2_32

htonl
ioctlsocket
listen
accept
sendto
recvfrom
freeaddrinfo
getaddrinfo
WSAIoctl
setsockopt
ntohs
htons
getsockopt
getsockname
getpeername
connect
closesocket
bind
send
recv
WSASetLastError
select
__WSAFDIsSet
socket
WSAGetLastError
WSACleanup
WSAStartup
ntohl
gethostname

wldap32

ord200
ord301
ord79
ord35
ord33
ord32
ord27
ord26
ord22
ord41
ord50
ord45
ord60
ord211
ord46
ord217
ord143
ord30

crypt32

CertFreeCertificateChain
CertGetCertificateChain
CertFreeCertificateChainEngine
CertCreateCertificateChainEngine
CryptQueryObject
CertGetNameStringA
CertAddCertificateContextToStore
CryptStringToBinaryA
CertFreeCertificateContext
CertFindCertificateInStore
CertEnumCertificatesInStore
CertCloseStore
CertOpenStore

normaliz

IdnToAscii

kernel32

HeapAlloc
HeapFree
GetConsoleCP
ReadConsoleW
GetConsoleMode
SetFilePointerEx
FreeLibraryAndExitThread
ExitThread
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
GetFileInformationByHandle
GetDriveTypeW
GetModuleHandleExW
ExitProcess
LoadLibraryExW
RaiseException
RtlPcToFileHeader
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetFileAttributesExW
HeapReAlloc
GetFullPathNameW
SetStdHandle
FlushFileBuffers
GetTimeZoneInformation
CreateThread
FindFirstFileExW
RtlUnwindEx
InitializeSListHead
GetCurrentThreadId
FindNextFileW
FindClose
CreateFileA
CloseHandle
GetSystemInfo
GlobalMemoryStatusEx
WideCharToMultiByte
GetTickCount
LoadLibraryW
GetProcAddress
GetCommandLineW
MultiByteToWideChar
LocalFree
ReadFile
WriteFile
GetModuleFileNameW
SetFilePointer
CreateFileW
GetCurrentDirectoryW
GetLastError
SetLastError
FormatMessageA
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
SleepEx
VerSetConditionMask
QueryPerformanceFrequency
GetSystemDirectoryA
FreeLibrary
GetModuleHandleA
LoadLibraryA
VerifyVersionInfoA
QueryPerformanceCounter
WaitForSingleObjectEx
ExpandEnvironmentStringsA
GetStdHandle
GetFileType
PeekNamedPipe
WaitForMultipleObjects
GetFileSizeEx
GetCurrentProcessId
GetStartupInfoW
IsDebuggerPresent
IsValidCodePage
GetACP
GetOEMCP
RtlUnwind
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
GetProcessHeap
SetEndOfFile
HeapSize
WriteConsoleW
Sleep
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetCPInfo
GetStringTypeW
GetLocaleInfoW
LCMapStringW
CompareStringW
GetModuleHandleW
GetSystemTimeAsFileTime
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
DecodePointer
EncodePointer

advapi32

CryptReleaseContext
CryptEncrypt
CryptImportKey
CryptDestroyKey
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptGenRandom
CryptGetHashParam
CryptAcquireContextA
GetUserNameA

shell32

CommandLineToArgvW

ole32

CoInitializeEx
CoCreateInstance
CoUninitialize

oleaut32

SafeArrayCreateVector
SafeArrayCreate
SafeArrayUnaccessData
SysFreeString
SysAllocString
SafeArrayPutElement
SafeArrayAccessData

shlwapi

ord176

winhttp

WinHttpSendRequest
WinHttpConnect
WinHttpCrackUrl
WinHttpQueryDataAvailable
WinHttpCloseHandle
WinHttpOpenRequest
WinHttpReadData
WinHttpOpen
WinHttpReceiveResponse

Sections

.text
Size: 525KB - Virtual size: 525KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 156KB - Virtual size: 156KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 256B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 39KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
d2642d3731508b52efa34adf57701f18e2f8b70addf31e33e445e75b9a909822
.exe windows:4 windows x86 arch:x86

829da329ce140d873b4a8bde2cbfaa7e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

CreateThread
DeleteCriticalSection
EnterCriticalSection
FreeLibrary
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetLastError
GetModuleHandleA
GetProcAddress
GetStartupInfoA
GetSystemTimeAsFileTime
GetTickCount
InitializeCriticalSection
LeaveCriticalSection
LoadLibraryA
LoadLibraryW
QueryPerformanceCounter
SetUnhandledExceptionFilter
Sleep
TerminateProcess
TlsGetValue
UnhandledExceptionFilter
VirtualAlloc
VirtualProtect
VirtualQuery

msvcrt

__dllonexit
__getmainargs
__initenv
__lconv_init
__set_app_type
__setusermatherr
_acmdln
_amsg_exit
_cexit
_fmode
_initterm
_iob
_lock
_onexit
_unlock
_winmajor
abort
calloc
exit
fprintf
free
fwrite
malloc
memcpy
signal
strlen
strncmp
vfprintf

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 1024B - Virtual size: 720B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 52B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tdqp
Size: 205KB - Virtual size: 205KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
db36ad77875bbf622d96ae8086f44924c37034dd95e9eb6d6369cc6accd2a40d
.exe windows:6 windows x64 arch:x64

3baa9e2a3313377196f4864fb04c6780

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ws2_32

WSAStartup
WSACleanup
WSAGetLastError
socket
__WSAFDIsSet
select
WSASetLastError
ntohl
htonl
ioctlsocket
listen
accept
sendto
recvfrom
freeaddrinfo
getaddrinfo
WSAIoctl
setsockopt
ntohs
htons
getsockopt
getsockname
getpeername
connect
closesocket
bind
send
recv
gethostname

wldap32

ord46
ord211
ord60
ord45
ord217
ord143
ord50
ord301
ord200
ord30
ord79
ord35
ord33
ord32
ord27
ord26
ord22
ord41

crypt32

CertFreeCertificateChain
CertGetCertificateChain
CertFreeCertificateChainEngine
CertCreateCertificateChainEngine
CryptQueryObject
CertGetNameStringA
CertAddCertificateContextToStore
CryptStringToBinaryA
CertFreeCertificateContext
CertFindCertificateInStore
CertEnumCertificatesInStore
CertCloseStore
CertOpenStore

normaliz

IdnToAscii

kernel32

FlushFileBuffers
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
HeapFree
HeapAlloc
ExitProcess
HeapReAlloc
FreeLibraryAndExitThread
ExitThread
CreateThread
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
GetFileInformationByHandle
GetDriveTypeW
GetConsoleCP
ReadConsoleW
SetStdHandle
SetEndOfFile
GetFullPathNameW
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCommandLineA
GetEnvironmentStringsW
GetModuleHandleExW
FreeEnvironmentStringsW
GetCurrentThreadId
GetCurrentProcessId
GetStartupInfoW
VirtualProtect
VirtualFree
VirtualAlloc
SetEnvironmentVariableW
UnmapViewOfFile
CloseHandle
LoadLibraryW
GetModuleHandleW
CreateFileMappingW
MapViewOfFile
GetLastError
LocalFree
FindFirstFileW
DeviceIoControl
Sleep
CreateFileA
GetProcAddress
GlobalMemoryStatusEx
GetTickCount
GetCommandLineW
ReadFile
WriteFile
GetModuleFileNameW
SetFilePointer
GetCurrentDirectoryW
SetLastError
FormatMessageA
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
SleepEx
VerSetConditionMask
QueryPerformanceFrequency
GetSystemDirectoryA
FreeLibrary
GetModuleHandleA
LoadLibraryA
VerifyVersionInfoA
QueryPerformanceCounter
WaitForSingleObjectEx
ExpandEnvironmentStringsA
GetStdHandle
GetFileType
PeekNamedPipe
WaitForMultipleObjects
GetFileSizeEx
MultiByteToWideChar
WideCharToMultiByte
IsDebuggerPresent
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
GetConsoleMode
GetProcessHeap
GetFileAttributesExW
GetTimeZoneInformation
WriteConsoleW
HeapSize
GetSystemTimeAsFileTime
InitializeSListHead
EncodePointer
DecodePointer
InitializeCriticalSectionAndSpinCount
CreateFileW
RtlUnwind
UnhandledExceptionFilter
RtlVirtualUnwind
SetFilePointerEx
LoadLibraryExW
RaiseException
RtlPcToFileHeader
RtlLookupFunctionEntry
RtlCaptureContext
TlsAlloc
RtlUnwindEx
GetCPInfo
GetStringTypeW
GetLocaleInfoW
LCMapStringW
CompareStringW
TlsFree
TlsSetValue
TlsGetValue

advapi32

CryptEncrypt
CryptImportKey
CryptDestroyKey
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptGenRandom
CryptGetHashParam
CryptReleaseContext
CryptAcquireContextA
GetUserNameA
RegOpenKeyExW
RegOpenKeyW

shell32

CommandLineToArgvW

Sections

.text
Size: 589KB - Virtual size: 589KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 175KB - Virtual size: 174KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 256B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 39KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
e784e95fb5b0188f0c7c82add9a3c89c5bc379eaf356a4d3876d9493a986e343
.exe windows:6 windows x64 arch:x64

a2299d0f3dc7ceb58a9cb48d7495fffb

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ws2_32

WSAStartup
WSACleanup
WSAGetLastError
ntohl
htonl
ioctlsocket
listen
accept
sendto
recvfrom
freeaddrinfo
getaddrinfo
WSAIoctl
setsockopt
ntohs
htons
getsockopt
getsockname
getpeername
connect
closesocket
bind
send
recv
WSASetLastError
select
__WSAFDIsSet
socket
gethostname

wldap32

ord143
ord217
ord46
ord301
ord200
ord30
ord79
ord35
ord33
ord32
ord27
ord26
ord22
ord41
ord50
ord45
ord60
ord211

crypt32

CertFreeCertificateChain
CertGetCertificateChain
CertFreeCertificateChainEngine
CertCreateCertificateChainEngine
CryptQueryObject
CertGetNameStringA
CertAddCertificateContextToStore
CryptStringToBinaryA
CertFreeCertificateContext
CertFindCertificateInStore
CertEnumCertificatesInStore
CertCloseStore
CertOpenStore

normaliz

IdnToAscii

kernel32

HeapFree
HeapAlloc
GetConsoleOutputCP
ReadConsoleW
GetConsoleMode
ExitProcess
SetFilePointerEx
GetModuleHandleExW
FreeLibraryAndExitThread
ExitThread
CreateThread
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
GetFileInformationByHandle
GetDriveTypeW
LoadLibraryExW
RaiseException
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
FlushFileBuffers
HeapReAlloc
GetFullPathNameW
SetStdHandle
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
RtlPcToFileHeader
RtlUnwindEx
GetCPInfo
VirtualProtect
VirtualFree
VirtualAlloc
CreateFileW
GetACP
CloseHandle
LoadLibraryW
GetModuleHandleW
CreateFileMappingW
MapViewOfFile
GetLastError
LocalFree
FindFirstFileW
DeviceIoControl
Sleep
CreateFileA
GetProcAddress
GlobalMemoryStatusEx
GetTickCount
GetCommandLineW
MultiByteToWideChar
ReadFile
WriteFile
GetModuleFileNameW
SetFilePointer
GetCurrentDirectoryW
GetModuleHandleA
LoadLibraryA
FormatMessageA
SetLastError
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
SleepEx
VerSetConditionMask
QueryPerformanceFrequency
GetSystemDirectoryA
FreeLibrary
VerifyVersionInfoA
QueryPerformanceCounter
WaitForSingleObjectEx
ExpandEnvironmentStringsA
GetStdHandle
GetFileType
PeekNamedPipe
WaitForMultipleObjects
GetFileSizeEx
WideCharToMultiByte
GetStringTypeW
GetLocaleInfoW
LCMapStringW
CompareStringW
TlsFree
TlsSetValue
GetOEMCP
GetCommandLineA
RtlUnwind
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
GetProcessHeap
GetFileAttributesExW
SetEndOfFile
GetTimeZoneInformation
HeapSize
WriteConsoleW
UnmapViewOfFile
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
DecodePointer
EncodePointer
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
GetStartupInfoW
IsDebuggerPresent
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

advapi32

GetUserNameA
CryptEncrypt
CryptImportKey
CryptDestroyKey
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptGenRandom
CryptGetHashParam
CryptReleaseContext
CryptAcquireContextA
RegOpenKeyExW
RegOpenKeyW

shell32

CommandLineToArgvW

ole32

CoCreateInstance
CoInitializeEx
CoUninitialize

oleaut32

SysAllocString
SysFreeString
SafeArrayAccessData
SafeArrayCreateVector
SafeArrayCreate
SafeArrayPutElement
SafeArrayUnaccessData

shlwapi

ord176

Sections

.text
Size: 547KB - Virtual size: 547KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 175KB - Virtual size: 174KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 148B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 39KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Password: infected

Password: infected

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 32KB - Virtual size: 32KB

.rsrc Size: 4KB - Virtual size: 3KB

.reloc Size: 512B - Virtual size: 12B

Password: infected

fa131ae3f0b2aecd572c532c89cf6976

Headers

DLL Characteristics

File Characteristics

Imports

ws2_32

wldap32

crypt32

normaliz

kernel32

advapi32

shell32

ole32

oleaut32

shlwapi

winhttp

Sections

.text Size: 644KB - Virtual size: 644KB

.rdata Size: 171KB - Virtual size: 171KB

.data Size: 7KB - Virtual size: 14KB

.pdata Size: 35KB - Virtual size: 35KB

_RDATA Size: 512B - Virtual size: 148B

.rsrc Size: 39KB - Virtual size: 39KB

.reloc Size: 5KB - Virtual size: 4KB

Password: infected

0f275d628096389203c13780013332e4

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

oleaut32

msvcp140

vcruntime140

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-runtime-l1-1-0

Exports

Exports

Sections

.text Size: 12KB - Virtual size: 11KB

.rdata Size: 7KB - Virtual size: 7KB

.data Size: 512B - Virtual size: 1KB

.pdata Size: 1024B - Virtual size: 984B

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 512B - Virtual size: 76B

Password: infected

afced76612f55d0f0fbaa98a6e0ec144

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

oleaut32

advapi32

Exports

Exports

Sections

.text Size: 53KB - Virtual size: 52KB

.rdata Size: 39KB - Virtual size: 39KB

.text
Size: 32KB - Virtual size: 32KB

.rsrc
Size: 4KB - Virtual size: 3KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 644KB - Virtual size: 644KB

.rdata
Size: 171KB - Virtual size: 171KB

.data
Size: 7KB - Virtual size: 14KB

.pdata
Size: 35KB - Virtual size: 35KB

_RDATA
Size: 512B - Virtual size: 148B

.rsrc
Size: 39KB - Virtual size: 39KB

.reloc
Size: 5KB - Virtual size: 4KB

.text
Size: 12KB - Virtual size: 11KB

.rdata
Size: 7KB - Virtual size: 7KB

.data
Size: 512B - Virtual size: 1KB

.pdata
Size: 1024B - Virtual size: 984B

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 512B - Virtual size: 76B

.text
Size: 53KB - Virtual size: 52KB

.rdata
Size: 39KB - Virtual size: 39KB

.data
Size: 3KB - Virtual size: 6KB

.pdata
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 2KB - Virtual size: 1KB

.text
Size: 532KB - Virtual size: 532KB

.rdata
Size: 172KB - Virtual size: 171KB

.data
Size: 5KB - Virtual size: 12KB

.pdata
Size: 24KB - Virtual size: 24KB

_RDATA
Size: 512B - Virtual size: 148B

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 5KB - Virtual size: 4KB

.text
Size: 632KB - Virtual size: 631KB

.rdata
Size: 181KB - Virtual size: 181KB

.data
Size: 6KB - Virtual size: 13KB

.pdata
Size: 34KB - Virtual size: 33KB

.rsrc
Size: 39KB - Virtual size: 39KB

.reloc
Size: 5KB - Virtual size: 4KB

.text
Size: 547KB - Virtual size: 547KB