medusalocker | samples (2) (2)[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

samples (2) (2).zip
Size

11.5MB
MD5

3103452bf9094d6f3ec5ddee144b821a
SHA1

1995b4171447b7e11302682b29c34bba4c5939f9
SHA256

8ed183df76d08024f15e051f4f5711535dde6372ff4beafecfff07f82e846800
SHA512

3559e9e28f7ba881207ba01fd0c2eedf29f91d88b7c44c938fbec73e756a39ab0e072f88072bb82365e7476f6247658f8d59147e64eee6fb825003085b4edb6f
SSDEEP

196608:1g0w+y495NuivJ1dlbNm5IemCPIurAW58NFfApXHUxcSeVIDF/je3ZSEMIVab0gx:1g0w+F5NuivJFbN4mCz5Uip0OFVuepWn

Score

10^/10

agilenet medusalocker

Malware Config

Signatures

MedusaLocker payload 1 IoCs

Processes:

resource	yara_rule
static1/unpack001/3538750cfe06d8fe364bc4f396229bfd08c9856f17477b0f8444d35a7f89775f	family_medusalocker

Medusalocker family
medusalocker

Obfuscated with Agile.Net obfuscator 1 IoCs

Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.

agilenet

Processes:

resource	yara_rule
static1/unpack001/a4dfaa8bbce586a593a86aa0e8e6c3e799d2a18b7e02d20284e83ff6f723c0d9	agile_net

Unsigned PE 24 IoCs

Checks for missing Authenticode signature.

Processes:

resource
unpack001/083e147374de04930caa882acaeda6df4821b75f869edb7386281f684e573c08
unpack001/12437a49d298941af8d087a1ff478a68ab4c312654153e17d598ff1c87be6b3d
unpack001/1945c44901e7aa9dd5b6e7e6e07a777d57f7e76120a3ca5a46a0f983d30ce37e
unpack001/2040fa2a3c5b16d74442d41d224a6ab16e0290a30f0535b18cb50de6a59686d4
unpack001/2b5109e9a249a795a412a3961aae3e5b576a233d9681f5ec0b4d88ce009b6ed9
unpack001/3538750cfe06d8fe364bc4f396229bfd08c9856f17477b0f8444d35a7f89775f
unpack001/5d96952d473d386285f01726073d8f1ec46c983fe4c9d657babe9272330d655f
unpack001/63fb410fc5267c61c5099927af714a8f5f4ba6dcdeeb1f297b022879767c7222
unpack001/6e5678ebd457353b7c095af806f92b5f54341bbfa2c8d3f5ab03b84483013271
unpack001/71506a3322b0e0bc6fc2c1a1f0ac844a82a8c3fbbfeb4e6452013b4ade7610fb
unpack001/734b9974ec7f673460deb7ae17af4eed0ad6fae862f0765068430050fc44d66d
unpack001/81a27b3dcfbd52ceb68043465a9aaa3ff6a2e4d04e487197bb23db5c76eec740
unpack001/a1bd0fa8ada1da0181b8d108ca72a41795b55060613e0182f2cbbc592f857f46
unpack001/a465bc08714bc760130a3f150a704df2f08af083b2aaf0c931e714019f3769e3
unpack001/a4dfaa8bbce586a593a86aa0e8e6c3e799d2a18b7e02d20284e83ff6f723c0d9
unpack001/ae6f3869929b1d021a10bd51dc1aace28bec1a4b000085b477c1e470b73e77fe
unpack001/bdd9dbc6d72ecc5ea0a063a1fc99e414a4cff177ec8726da0011134d8589c7d2
unpack001/c475b20ef38d5ef011235eeaf75db5686a5fef724e3eb2fa3e8d4b056096fbb6
unpack001/d57ee4f41d4df716e6270a147e098aabb6cac69a1d5812b1f21f0bf17a9c7db5
unpack001/d68e18e28f3ba8db95da24be50e918d9254214079f1394eb55ce53f772041664
unpack001/dd6ac617529eed1916db34c8875f09f127ba3d2ff304352df29fdef4802143fd
unpack001/e1bc3d93383ffb9540f20a1b58e4b3bb77ba24d247a1177030be6fe93d912136
unpack001/ea62bfae07927cc7fd706948ae7e474f4c0d7ed2afcb7c73c388e5f6936f5c29
unpack001/f2cafb550a0b7c248847d2548389379d0d8954335d81d60991a4d1e7333745b4

NSIS installer 2 IoCs

installer

Processes:

resource	yara_rule
static1/unpack001/12437a49d298941af8d087a1ff478a68ab4c312654153e17d598ff1c87be6b3d	nsis_installer_1
static1/unpack001/12437a49d298941af8d087a1ff478a68ab4c312654153e17d598ff1c87be6b3d	nsis_installer_2

Files

samples (2) (2).zip
.zip
083e147374de04930caa882acaeda6df4821b75f869edb7386281f684e573c08
.exe windows:5 windows x86 arch:x86

4b932974a1b8b4dec33cf044302323ec

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

recv
ntohl
gethostname
sendto
recvfrom
freeaddrinfo
getaddrinfo
select
__WSAFDIsSet
ioctlsocket
listen
htonl
accept
WSACleanup
WSAStartup
WSAIoctl
WSASetLastError
socket
setsockopt
ntohs
htons
getsockopt
getsockname
getpeername
connect
bind
WSAGetLastError
send
closesocket

normaliz

IdnToAscii

wldap32

ord30
ord79
ord35
ord33
ord32
ord27
ord26
ord301
ord41
ord50
ord45
ord60
ord211
ord46
ord217
ord143
ord200
ord22

crypt32

CertFreeCertificateChain
CertGetCertificateChain
CertFreeCertificateChainEngine
CertCreateCertificateChainEngine
CryptQueryObject
CertGetNameStringA
CertFindExtension
CertAddCertificateContextToStore
CryptDecodeObjectEx
PFXImportCertStore
CryptStringToBinaryA
CertFreeCertificateContext
CertFindCertificateInStore
CertEnumCertificatesInStore
CertCloseStore
CertOpenStore

advapi32

CryptEncrypt
CryptImportKey
CryptDestroyKey
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptGenRandom
CryptGetHashParam
CryptReleaseContext
CryptAcquireContextA

kernel32

HeapFree
HeapAlloc
GetConsoleCP
ReadConsoleW
GetConsoleMode
GetACP
GetCommandLineW
GetCommandLineA
WriteFile
GetModuleFileNameA
GetDateFormatW
SetFilePointerEx
GetModuleHandleExW
ExitThread
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
GetDriveTypeW
RaiseException
RtlUnwind
WaitForSingleObject
LoadLibraryW
GetTimeFormatW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
FlushFileBuffers
GetExitCodeProcess
CreateProcessA
SetStdHandle
GetTimeZoneInformation
HeapReAlloc
HeapSize
FindFirstFileExA
IsValidCodePage
FindNextFileA
GetOEMCP
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
GetProcessHeap
WriteConsoleW
SetEndOfFile
ExitProcess
CreateFileW
GetLogicalDrives
FindFirstFileW
Process32First
FindNextFileW
TerminateProcess
GetDriveTypeA
FindClose
OpenProcess
CreateToolhelp32Snapshot
Process32Next
CloseHandle
FreeConsole
lstrcmpW
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
GetLastError
SleepEx
QueryPerformanceFrequency
GetSystemDirectoryA
FreeLibrary
GetModuleHandleA
GetProcAddress
LoadLibraryA
QueryPerformanceCounter
GetTickCount
Sleep
MultiByteToWideChar
WideCharToMultiByte
MoveFileExA
WaitForSingleObjectEx
GetEnvironmentVariableA
GetStdHandle
GetFileType
ReadFile
PeekNamedPipe
WaitForMultipleObjects
SetLastError
FormatMessageA
VerSetConditionMask
VerifyVersionInfoA
CreateFileA
GetFileSizeEx
GetCurrentThread
GetThreadTimes
UnregisterWaitEx
GetCurrentDirectoryW
CreateDirectoryW
DeleteFileW
FindFirstFileExW
GetDiskFreeSpaceExW
GetFileAttributesExW
GetFileInformationByHandle
GetFullPathNameW
AreFileApisANSI
GetModuleHandleW
CopyFileW
MoveFileExW
FormatMessageW
GetStringTypeW
TryEnterCriticalSection
GetCurrentThreadId
DuplicateHandle
GetCurrentProcess
SwitchToThread
GetExitCodeThread
InitializeCriticalSectionAndSpinCount
CreateEventW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
EncodePointer
DecodePointer
CompareStringW
LCMapStringW
GetLocaleInfoW
GetCPInfo
SetEvent
ResetEvent
InitializeSListHead
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
GetCurrentProcessId
CreateTimerQueue
SignalObjectAndWait
CreateThread
SetThreadPriority
GetThreadPriority
GetLogicalProcessorInformation
CreateTimerQueueTimer
ChangeTimerQueueTimer
DeleteTimerQueueTimer
GetNumaHighestNodeNumber
GetProcessAffinityMask
SetThreadAffinityMask
RegisterWaitForSingleObject
UnregisterWait
FreeLibraryAndExitThread
GetModuleFileNameW
LoadLibraryExW
GetVersionExW
VirtualAlloc
VirtualProtect
VirtualFree
ReleaseSemaphore
InterlockedPopEntrySList
InterlockedPushEntrySList
InterlockedFlushSList
QueryDepthSList

Sections

.text
Size: 954KB - Virtual size: 954KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 215KB - Virtual size: 214KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 27KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 54KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
12437a49d298941af8d087a1ff478a68ab4c312654153e17d598ff1c87be6b3d
.exe windows:4 windows x86 arch:x86

e160ef8e55bb9d162da4e266afd9eef3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetTickCount
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
SearchPathA
GetShortPathNameA
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
SetEnvironmentVariableA
GetWindowsDirectoryA
GetTempPathA
Sleep
CloseHandle
LoadLibraryA
lstrlenA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
CreateFileA
GetTempFileNameA
ReadFile
lstrcpyA
lstrcatA
GetSystemDirectoryA
GetVersion
GetProcAddress
GlobalAlloc
CompareFileTime
SetFileTime
ExpandEnvironmentStringsA
lstrcmpiA
lstrcmpA
WaitForSingleObject
GlobalFree
GetExitCodeProcess
GetModuleHandleA
SetErrorMode
GetCommandLineA
LoadLibraryExA
FindFirstFileA
FindNextFileA
DeleteFileA
SetFilePointer
WriteFile
FindClose
WritePrivateProfileStringA
MultiByteToWideChar
MulDiv
GetPrivateProfileStringA
FreeLibrary

user32

CreateWindowExA
EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
GetDC
SystemParametersInfoA
RegisterClassA
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
ReleaseDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
GetClassInfoA
DialogBoxParamA
CharNextA
ExitWindowsEx
DestroyWindow
CreateDialogParamA
SetTimer
GetDlgItem
wsprintfA
SetForegroundWindow
ShowWindow
IsWindow
LoadImageA
SetWindowLongA
SetClipboardData
EmptyClipboard
OpenClipboard
EndPaint
PostQuitMessage
FindWindowExA
SendMessageTimeoutA
SetWindowTextA

gdi32

SelectObject
SetBkMode
CreateFontIndirectA
SetTextColor
DeleteObject
GetDeviceCaps
CreateBrushIndirect
SetBkColor

shell32

SHGetSpecialFolderLocation
SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA

advapi32

RegCloseKey
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegEnumValueA
RegCreateKeyExA
RegSetValueExA
RegQueryValueExA
RegEnumKeyA

comctl32

ImageList_Create
ImageList_AddMasked
ImageList_Destroy
ord17

ole32

CoCreateInstance
CoTaskMemFree
OleInitialize
OleUninitialize

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 105KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 32KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
1945c44901e7aa9dd5b6e7e6e07a777d57f7e76120a3ca5a46a0f983d30ce37e
.exe windows:4 windows x86 arch:x86

a08952b00a788686a5ccda8fc072094a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

opengl32

wglGetCurrentDC
wglGetCurrentContext
wglMakeCurrent

kernel32

OpenFile
GetSystemTime
WaitForSingleObject
WriteFile
GetStartupInfoA
SetHandleInformation
CreatePipe
GetStdHandle
CloseHandle
CreateThread
GlobalFree
GetFileInformationByHandle
TlsGetValue
ExitProcess
HeapCreate
HeapDestroy
GetCommandLineA
GetFileTime
GetSystemInfo
VirtualProtect
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
HeapReAlloc
GetSystemTimeAsFileTime
VirtualFree
IsProcessorFeaturePresent
HeapAlloc
GetProcessHeap
HeapFree
InterlockedCompareExchange
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
VirtualQuery
FileTimeToSystemTime
SystemTimeToFileTime
RtlUnwind
TlsSetValue
TlsFree
HeapSize
GetCPInfo
VirtualAlloc
TlsAlloc
FormatMessageA
CreateEventA
GetOEMCP
IsValidCodePage
GetStringTypeA
GetStringTypeW
GetConsoleCP
GetConsoleMode
FlushFileBuffers
Sleep
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
QueryPerformanceCounter
GetTickCount
GetTimeZoneInformation
CreateIoCompletionPort
SetConsoleCtrlHandler
PostQueuedCompletionStatus
WaitForMultipleObjects
GetComputerNameA
GetSystemDirectoryA
GetWindowsDirectoryA
ExpandEnvironmentStringsA
EnumDateFormatsA
OutputDebugStringA
DebugBreak
LockResource
GetCurrentProcessId
LoadLibraryA
GetProcAddress
LoadLibraryExA
FindResourceA
LoadResource
SizeofResource
FreeLibrary
GlobalAlloc
GlobalLock
GlobalUnlock
GetModuleFileNameA
MulDiv
lstrcmpA
SetFilePointer
LCMapStringA
LCMapStringW
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
SetLastError
SetEndOfFile
IsDBCSLeadByte
lstrcmpiA
lstrlenA
InterlockedDecrement
InterlockedIncrement
GetLastError
lstrlenW
WideCharToMultiByte
GetCurrentThreadId
GetModuleHandleA
GetCurrentProcess
ReadFile
CompareStringA
CompareStringW
SetEnvironmentVariableA
FlushInstructionCache
GetVersionExA
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
RaiseException
MultiByteToWideChar
VirtualUnlock

user32

SetScrollInfo
GetScrollInfo
ScrollWindow
DrawFocusRect
EnableMenuItem
SetDlgItemTextA
IsDialogMessageA
GetSystemMenu
GetWindowTextLengthA
MessageBoxW
SetWindowTextA
CreateDialogParamA
DialogBoxParamA
EndDialog
IsDlgButtonChecked
CheckDlgButton
CheckMenuRadioItem
RemoveMenu
AppendMenuA
LoadBitmapA
GetWindowTextA
LoadStringW
GetWindowRect
TranslateAcceleratorA
SetMenuDefaultItem
SetMenu
GetMenu
GetSubMenu
PtInRect
IsMenu
SetWindowsHookExA
OffsetRect
CallNextHookEx
GetSysColorBrush
GetKeyState
CharLowerA
UnhookWindowsHookEx
InflateRect
SetRectEmpty
RegisterWindowMessageA
GetWindowDC
TrackPopupMenuEx
GetMessagePos
WindowFromPoint
MessageBeep
DrawEdge
FrameRect
ModifyMenuA
MonitorFromPoint
GetMonitorInfoA
DrawFrameControl
DrawTextA
SetMenuItemInfoA
GetMenuItemInfoA
GetMenuItemID
GetMenuItemCount
GetActiveWindow
GetWindowThreadProcessId
IsWindowEnabled
IsWindowVisible
UpdateWindow
MapWindowPoints
PostMessageA
LoadStringA
LoadMenuA
LoadAcceleratorsA
DestroyMenu
CreateAcceleratorTableA
GetDesktopWindow
GetFocus
GetWindow
DestroyAcceleratorTable
BeginPaint
EndPaint
FillRect
ReleaseCapture
GetClassNameA
GetParent
IsChild
SetCapture
RedrawWindow
InvalidateRgn
ReleaseDC
GetDC
ScreenToClient
ClientToScreen
SetWindowPos
GetSysColor
CreateWindowExA
SystemParametersInfoA
CallWindowProcA
SetFocus
EnableWindow
InvalidateRect
MoveWindow
GetClassInfoExA
LoadCursorA
GetSystemMetrics
LoadImageA
RegisterClassExA
DestroyWindow
CharNextA
PeekMessageA
GetMessageA
TranslateMessage
DispatchMessageA
DefWindowProcA
CreateMenu
CreatePopupMenu
GetClientRect
LoadIconA
SendMessageA
GetDlgItem
IsWindow
ShowWindow
GetWindowLongA
SetWindowLongA
PostQuitMessage
UnregisterClassA

gdi32

CreateDIBSection
CreateCompatibleDC
CreateCompatibleBitmap
BitBlt
GetDeviceCaps
GetObjectA
GetStockObject
SetBkMode
SetTextColor
SetBrushOrgEx
DeleteObject
CreateSolidBrush
CreateRectRgn
CombineRgn
StartPage
GetTextMetricsA
StartDocA
TextOutA
CreateFontIndirectA
CreatePatternBrush
GetCurrentObject
EndDoc
SelectObject
EndPage
SetBkColor
PatBlt
CreateBitmap
DeleteDC

comdlg32

ChooseColorA
PrintDlgA
ChooseFontA

advapi32

GetUserNameA
RegEnumKeyExA
RegQueryInfoKeyA
RegSetValueExA
RegOpenKeyExA
RegCreateKeyExA
RegCloseKey
RegDeleteValueA
RegDeleteKeyA
ImpersonateLoggedOnUser

shell32

SHGetFolderPathW

ole32

CreateStreamOnHGlobal
CLSIDFromString
CLSIDFromProgID
CoGetClassObject
OleLockRunning
StringFromGUID2
CoTaskMemFree
CoCreateInstance
CoTaskMemRealloc
CoTaskMemAlloc
OleInitialize
CoUninitialize
OleUninitialize
CoInitialize

oleaut32

SysAllocString
VarUI4FromStr
SysStringByteLen
VariantInit
SysAllocStringLen
OleCreateFontIndirect
LoadRegTypeLi
LoadTypeLi
SysStringLen
SysFreeString
VariantClear

crypt32

CertGetNameStringA

comctl32

InitCommonControlsEx
ord6
ImageList_Destroy
ImageList_GetImageCount
ImageList_Draw
ImageList_DrawIndirect
ImageList_LoadImageA
ord8
ImageList_Create
ImageList_AddMasked
ord413

wininet

FtpGetCurrentDirectoryA
FtpFindFirstFileA

ws2_32

htonl
htons
bind
closesocket
listen
accept
inet_ntoa
WSASocketA
shutdown
WSACleanup
WSAGetLastError
socket
WSAStartup

netapi32

NetUserDel
NetUserAdd
NetLocalGroupAddMembers

winmm

mmioSetInfo
mmioSeek
mmioDescend
mmioGetInfo

imm32

ImmGetConversionListA
ImmGetContext
ImmGetConversionStatus

Sections

.text
Size: 184KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 40KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 392KB - Virtual size: 390KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
2040fa2a3c5b16d74442d41d224a6ab16e0290a30f0535b18cb50de6a59686d4
.exe windows:4 windows x86 arch:x86

284c9d70850d445a2194446d5ac9dded

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

_CIcos
_adj_fptan
_adj_fdiv_m64
_adj_fprem1
__vbaHresultCheckObj
__vbaLenBstrB
_adj_fdiv_m32
__vbaExitProc
__vbaOnError
_adj_fdiv_m16i
__vbaObjSetAddref
_adj_fdivr_m16i
_CIsin
__vbaChkstk
EVENT_SINK_AddRef
DllFunctionCall
__vbaRedimPreserve
_adj_fpatan
EVENT_SINK_Release
_CIsqrt
EVENT_SINK_QueryInterface
__vbaExceptHandler
_adj_fprem
_adj_fdivr_m64
__vbaFPException
_CIlog
__vbaNew2
_adj_fdiv_m32i
_adj_fdivr_m32i
_adj_fdivr_m32
_adj_fdiv_r
ord100
__vbaLateMemCall
_CIatan
_allmul
_CItan
_CIexp
__vbaFreeObj

Sections

.text
Size: 388KB - Virtual size: 386KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
2b5109e9a249a795a412a3961aae3e5b576a233d9681f5ec0b4d88ce009b6ed9
.exe windows:5 windows x86 arch:x86

a90cc1b6f902761feb40477393138296

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ReadConsoleInputW
VerifyVersionInfoW
GetCPInfoExA
CreateEventW
GetSystemDirectoryW
GetProcAddress
GlobalAlloc
DeleteTimerQueueTimer
OpenWaitableTimerA
GetFileAttributesW
EnumResourceTypesW
GetLongPathNameW
GetModuleHandleW
CreateTimerQueue
InterlockedCompareExchange
FindNextFileA
LocalFlags
WaitCommEvent
SleepEx
GetConsoleAliasW
WritePrivateProfileSectionW
PulseEvent
SetLastError
GetConsoleMode
lstrcmpA
SetCalendarInfoA
GetSystemWindowsDirectoryA
GetComputerNameW
EnumTimeFormatsA
AddAtomA
SetSystemTime
_llseek
GetShortPathNameW
EnumCalendarInfoA
EnumCalendarInfoExW
FindNextFileW
CreateActCtxW
SetStdHandle
GetWindowsDirectoryW
FindFirstVolumeMountPointW
WriteProfileSectionW
LoadLibraryA
WriteConsoleW
CloseHandle
GetLastError
HeapReAlloc
HeapAlloc
MoveFileA
DeleteFileA
GetCommandLineW
HeapSetInformation
GetStartupInfoW
EncodePointer
DecodePointer
HeapCreate
HeapFree
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameW
EnterCriticalSection
LeaveCriticalSection
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
TerminateProcess
GetCurrentProcess
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
InitializeCriticalSectionAndSpinCount
GetFileType
DeleteCriticalSection
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
GetCurrentThreadId
InterlockedDecrement
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
LoadLibraryW
Sleep
RtlUnwind
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
MultiByteToWideChar
WideCharToMultiByte
HeapSize
GetConsoleCP
FlushFileBuffers
IsProcessorFeaturePresent
LCMapStringW
GetStringTypeW
ReadFile
SetFilePointer
CreateFileW

user32

LoadMenuW
GetComboBoxInfo
DefDlgProcA
GetListBoxInfo

gdi32

GetCharWidth32A

advapi32

LookupAccountSidW

shell32

FindExecutableA

Sections

.text
Size: 52KB - Virtual size: 51KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 585KB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 63KB - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
3538750cfe06d8fe364bc4f396229bfd08c9856f17477b0f8444d35a7f89775f
.exe windows:6 windows x86 arch:x86

f22bc6a616927c119c37738048bc1cc5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

crypt32

CryptStringToBinaryW
CryptBinaryToStringW

shlwapi

StrStrIW
PathIsUNCW
PathFindExtensionW

rstrtmgr

RmShutdown
RmGetList
RmRegisterResources
RmEndSession
RmStartSession

mpr

WNetGetConnectionW
WNetAddConnection2W

kernel32

GetLogicalDrives
FindFirstVolumeW
SetVolumeMountPointW
FindVolumeClose
GetVolumePathNamesForVolumeNameW
DeleteVolumeMountPointW
FindNextVolumeW
GetDriveTypeW
ReadFile
FindFirstFileExW
FindNextFileW
WriteFile
FindClose
CreateFileW
SetFileAttributesW
SubmitThreadpoolWork
SetFilePointerEx
GetConsoleWindow
lstrcmpiW
GetWindowsDirectoryW
SetConsoleTitleW
MoveFileW
CreateThreadpoolWork
SizeofResource
GetCurrentProcess
AssignProcessToJobObject
InitializeProcThreadAttributeList
CreatePipe
PeekNamedPipe
WaitForSingleObject
OpenProcess
MultiByteToWideChar
UpdateProcThreadAttribute
LockResource
LoadResource
FindResourceW
CreateProcessW
GetModuleHandleW
WideCharToMultiByte
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
GetFileSizeEx
GetFileAttributesExW
GetExitCodeProcess
CloseHandle
GetLastError
CreateJobObjectW
SetInformationJobObject
SetEnvironmentVariableW
GetProcessHeap
SetStdHandle
GetStringTypeW
FlushFileBuffers
GetConsoleOutputCP
GetConsoleMode
HeapSize
HeapReAlloc
DecodePointer
WriteConsoleW
QueryDosDeviceW
LocalFree
FormatMessageA
GetLocaleInfoEx
RaiseException
WaitForSingleObjectEx
Sleep
GetCurrentThreadId
GetExitCodeThread
IsProcessorFeaturePresent
FreeLibraryWhenCallbackReturns
CloseThreadpoolWork
GetModuleHandleExW
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
WakeAllConditionVariable
SleepConditionVariableSRW
GetProcAddress
InitializeConditionVariable
WakeConditionVariable
QueryPerformanceCounter
QueryPerformanceFrequency
InitOnceComplete
InitOnceBeginInitialize
ReleaseSRWLockShared
AcquireSRWLockShared
TryAcquireSRWLockExclusive
InitializeSRWLock
InitializeCriticalSectionEx
GetSystemTimeAsFileTime
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
SetEvent
ResetEvent
CreateEventW
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
GetCurrentProcessId
InitializeSListHead
TerminateProcess
RtlUnwind
SetLastError
EncodePointer
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
CreateThread
ExitThread
FreeLibraryAndExitThread
ExitProcess
GetModuleFileNameW
GetStdHandle
GetCommandLineA
GetCommandLineW
HeapFree
HeapAlloc
GetFileType
CompareStringW
LCMapStringW

user32

IsWindowVisible
ShowWindow
GetWindowThreadProcessId
RegisterWindowMessageW
GetShellWindow
GetAsyncKeyState

advapi32

CryptGenRandom
RegSetValueExW
OpenProcessToken
GetTokenInformation
CryptDestroyKey
CryptGetKeyParam
CryptAcquireContextW
CryptEncrypt
RegGetValueW
CryptExportKey
CryptImportKey
CryptGenKey
CryptReleaseContext
RegCloseKey
RegCreateKeyExW

shell32

SHEmptyRecycleBinW

ole32

CoGetObjectContext
CoGetApartmentType

Sections

.text
Size: 242KB - Virtual size: 241KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 61KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
5d96952d473d386285f01726073d8f1ec46c983fe4c9d657babe9272330d655f
.exe windows:5 windows x86 arch:x86

198fcdf1107e8858620b59878845e93f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetPriorityClass
GetLocaleInfoW
IsProcessInJob
SizeofResource
SetSystemTimeAdjustment
GetConsoleAliasExesLengthW
WriteConsoleOutputA
LeaveCriticalSection
GetFileAttributesA
GetFileAttributesW
GetTimeZoneInformation
lstrcatA
GetEnvironmentVariableA
GetVolumePathNameA
SetConsoleTitleA
WritePrivateProfileStringW
CreateJobObjectA
GetHandleInformation
GetLastError
GetCurrentDirectoryW
GetCompressedFileSizeW
HeapSize
BeginUpdateResourceW
EnumDateFormatsExA
CreateMemoryResourceNotification
GetAtomNameA
LoadLibraryA
LocalAlloc
SetCalendarInfoW
GetProfileStringA
SetCommMask
GetModuleFileNameA
GetModuleHandleA
VirtualProtect
WaitForDebugEvent
GetCurrentProcessId
SetFileAttributesW
LCMapStringW
CompareStringW
CompareStringA
GetConsoleAliasesLengthA
GetModuleHandleW
FreeEnvironmentStringsA
InitializeSListHead
WriteConsoleOutputCharacterA
SetFilePointer
GetLongPathNameW
SetDefaultCommConfigA
Sleep
GetProcAddress
ExitProcess
GetStartupInfoW
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
SetStdHandle
EnterCriticalSection
GetFileType
WriteFile
WideCharToMultiByte
GetConsoleCP
GetConsoleMode
HeapAlloc
RtlUnwind
HeapFree
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
GetCurrentThread
GetStdHandle
DeleteCriticalSection
FatalAppExitA
SetConsoleCtrlHandler
FreeLibrary
InterlockedExchange
InitializeCriticalSectionAndSpinCount
GetModuleFileNameW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
SetHandleCount
GetStartupInfoA
HeapCreate
HeapDestroy
VirtualFree
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
MultiByteToWideChar
VirtualAlloc
HeapReAlloc
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
CloseHandle
CreateFileA
RaiseException
GetLocaleInfoA
LCMapStringA
GetStringTypeA
GetStringTypeW
GetTimeFormatA
GetDateFormatA
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
FlushFileBuffers
SetEndOfFile
GetProcessHeap
ReadFile
SetEnvironmentVariableA

user32

GetProcessDefaultLayout

advapi32

OpenEventLogA
RegCreateKeyA
GetPrivateObjectSecurity
EqualPrefixSid
EqualSid
GetServiceKeyNameW
PrivilegedServiceAuditAlarmW

Sections

.text
Size: 691KB - Virtual size: 690KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.wutedij
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
63fb410fc5267c61c5099927af714a8f5f4ba6dcdeeb1f297b022879767c7222
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 824KB - Virtual size: 824KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 99KB - Virtual size: 98KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
67beeb7a196a91ffdb77af4e53143e75a157ea6cf3432a2e14e1c55d11ef2f08
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Code Sign

39:4f:2c:22:62:cc:2d:b9:2b:fe:ae:20:59:3b:f1:74
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

29-03-2018 00:00

Not After

29-03-2020 23:59

Subject

CN=Amazon Services LLC,OU=Software Services,O=Amazon Services LLC,L=Seattle,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10-11-2006 00:00

Not After

10-11-2021 00:00

Subject

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageEmailProtection
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

Issuer

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22-10-2014 00:00

Not After

22-10-2024 00:00

Subject

CN=DigiCert Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

39:4f:2c:22:62:cc:2d:b9:2b:fe:ae:20:59:3b:f1:74
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

29-03-2018 00:00

Not After

29-03-2020 23:59

Subject

CN=Amazon Services LLC,OU=Software Services,O=Amazon Services LLC,L=Seattle,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

09:c0:fc:46:c8:04:42:13:b5:59:8b:af:28:4f:4e:41
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

04-01-2017 00:00

Not After

18-01-2028 00:00

Subject

CN=DigiCert SHA2 Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07-01-2016 12:00

Not After

07-01-2031 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

5b:8f:d3:2e:b2:c6:47:40:7b:45:16:98:c2:75:b6:78:ad:c2:08:e6:a8:63:68:fc:22:b8:16:a2:68:2f:40:5e
Signer

Actual PE Digest

5b:8f:d3:2e:b2:c6:47:40:7b:45:16:98:c2:75:b6:78:ad:c2:08:e6:a8:63:68:fc:22:b8:16:a2:68:2f:40:5e

Digest Algorithm

sha256

PE Digest Matches

false

01:11:67:c6:a1:7e:a0:a0:54:0c:86:5a:32:19:de:58:2f:51:e2:9d
Signer

Actual PE Digest

01:11:67:c6:a1:7e:a0:a0:54:0c:86:5a:32:19:de:58:2f:51:e2:9d

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 238KB - Virtual size: 238KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 166KB - Virtual size: 166KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
6e5678ebd457353b7c095af806f92b5f54341bbfa2c8d3f5ab03b84483013271
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 576KB - Virtual size: 575KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
71506a3322b0e0bc6fc2c1a1f0ac844a82a8c3fbbfeb4e6452013b4ade7610fb
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 595KB - Virtual size: 595KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
734b9974ec7f673460deb7ae17af4eed0ad6fae862f0765068430050fc44d66d
.exe windows:5 windows x86 arch:x86

ccdfcfe3b09ab1ac2d74e3c88d512281

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

WaitForSingleObject
SetComputerNameW
AddConsoleAliasW
GetComputerNameW
GetModuleHandleW
EnumCalendarInfoExW
GetConsoleAliasesA
GetNumberFormatA
GetConsoleTitleA
GetWindowsDirectoryA
GetConsoleAliasExesW
EnumTimeFormatsA
EnumTimeFormatsW
CreateActCtxW
SetProcessPriorityBoost
FindResourceExA
GetCalendarInfoW
GetSystemWindowsDirectoryA
FindNextVolumeW
Beep
GetConsoleFontSize
lstrlenW
GlobalUnlock
GetShortPathNameA
GetCPInfoExW
SetLastError
GetProcAddress
GetLongPathNameA
VirtualAlloc
HeapSize
IsBadHugeWritePtr
QueryDosDeviceA
EnumSystemCodePagesW
SetThreadPriorityBoost
LoadLibraryA
WriteConsoleA
InterlockedExchangeAdd
LocalAlloc
RemoveDirectoryW
WriteProfileSectionW
AddAtomA
FindAtomA
EnumResourceTypesW
GetModuleFileNameA
GetOEMCP
GetDefaultCommConfigA
SetConsoleCursorInfo
GetConsoleTitleW
WriteConsoleOutputAttribute
GetDiskFreeSpaceExW
WriteFileEx
DeleteTimerQueueTimer
SuspendThread
RaiseException
GetModuleHandleA
GetLocaleInfoA
GetConsoleAliasA
ReadConsoleA
lstrlenA
SystemTimeToFileTime
BeginUpdateResourceW
FindResourceA
MultiByteToWideChar
GetCommandLineA
GetStartupInfoA
HeapAlloc
GetLastError
HeapFree
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
GetCurrentThreadId
InterlockedDecrement
Sleep
ExitProcess
GetCPInfo
GetACP
IsValidCodePage
SetUnhandledExceptionFilter
WriteFile
GetStdHandle
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
SetHandleCount
GetFileType
DeleteCriticalSection
HeapCreate
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
IsDebuggerPresent
LeaveCriticalSection
EnterCriticalSection
HeapReAlloc
InitializeCriticalSectionAndSpinCount
RtlUnwind
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW

user32

ToAsciiEx
ChangeMenuA
CharLowerBuffW
CreateAcceleratorTableW
GetWindowLongW
GetSysColorBrush
SetCaretPos
ModifyMenuA
IsCharAlphaNumericA
GetKeyNameTextA

gdi32

GetCharWidthA
GetCharABCWidthsW
CreateHalftonePalette

advapi32

BackupEventLogA

Sections

.text
Size: 642KB - Virtual size: 642KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 75KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 154KB - Virtual size: 154KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
81a27b3dcfbd52ceb68043465a9aaa3ff6a2e4d04e487197bb23db5c76eec740
.exe windows:5 windows x86 arch:x86

1f9568b44e21b4f75fdcd8e1b27ff01b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleFileNameW
SetErrorMode
WaitForMultipleObjectsEx
FindClose
GetFileAttributesW
GetSystemDirectoryW
GetComputerNameExW
MultiByteToWideChar
FormatMessageW
GetLastError
SetEvent
GetDiskFreeSpaceExW
WaitForSingleObjectEx
CloseHandle
HeapAlloc
GetLogicalDriveStringsA
GetProcAddress
LocalFree
ReleaseSemaphore
GlobalMemoryStatusEx
GetModuleHandleW
CopyFileW
WideCharToMultiByte
GetConsoleWindow
FormatMessageA
CreateSemaphoreA
CreateEventA
lstrcmpW
SetConsoleTitleW
SetLastError
QueryPerformanceCounter
QueryPerformanceFrequency
GetCurrentThread
GetThreadTimes
WriteConsoleW
SetStdHandle
SetEnvironmentVariableA
FreeEnvironmentStringsW
FindNextFileW
HeapFree
FindFirstFileW
GetProcessHeap
CreateDirectoryW
GetEnvironmentStringsW
GetOEMCP
IsValidCodePage
FindNextFileA
FindFirstFileExA
GetTimeZoneInformation
HeapSize
HeapReAlloc
ReadConsoleW
ReadFile
CreatePipe
GetExitCodeProcess
GetConsoleMode
GetConsoleCP
FlushFileBuffers
GetStringTypeW
EnterCriticalSection
LeaveCriticalSection
TryEnterCriticalSection
DeleteCriticalSection
GetCurrentThreadId
InitializeCriticalSectionAndSpinCount
CreateEventW
SwitchToThread
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
GetTickCount
EncodePointer
DecodePointer
CompareStringW
LCMapStringW
GetLocaleInfoW
GetCPInfo
CreateFileW
DeleteFileW
GetFileAttributesExW
SetEndOfFile
SetFilePointerEx
DeviceIoControl
MoveFileExW
AreFileApisANSI
ResetEvent
OpenEventA
SetWaitableTimer
Sleep
GetCurrentProcessId
ResumeThread
GetLogicalProcessorInformation
GetModuleHandleA
CreateWaitableTimerA
InitializeSListHead
IsProcessorFeaturePresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsDebuggerPresent
GetStartupInfoW
SignalObjectAndWait
CreateThread
SetThreadPriority
GetThreadPriority
CreateTimerQueueTimer
ChangeTimerQueueTimer
DeleteTimerQueueTimer
GetNumaHighestNodeNumber
GetProcessAffinityMask
SetThreadAffinityMask
RegisterWaitForSingleObject
UnregisterWait
FreeLibrary
FreeLibraryAndExitThread
LoadLibraryExW
GetVersionExW
VirtualAlloc
VirtualProtect
VirtualFree
DuplicateHandle
InterlockedPopEntrySList
InterlockedPushEntrySList
InterlockedFlushSList
QueryDepthSList
UnregisterWaitEx
CreateTimerQueue
LoadLibraryW
WaitForSingleObject
RtlUnwind
RaiseException
ExitProcess
GetModuleHandleExW
CreateProcessA
ExitThread
GetModuleFileNameA
GetStdHandle
WriteFile
GetCommandLineA
GetCommandLineW
GetACP
GetDateFormatW
GetTimeFormatW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetFileType

user32

ShowWindow
GetWindowTextA
EnumWindows
GetWindowTextLengthA

advapi32

CryptReleaseContext
CryptAcquireContextA
GetUserNameW
CryptGenRandom

shell32

ShellExecuteW

ws2_32

socket
send
WSAStartup
connect
gethostbyname
closesocket
WSACleanup
recv
htons

shlwapi

PathIsNetworkPathA

netapi32

DsRoleGetPrimaryDomainInformation
NetUserEnum
NetApiBufferFree

Sections

.text
Size: 809KB - Virtual size: 809KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 239KB - Virtual size: 239KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 32KB - Virtual size: 65KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 50KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
a1bd0fa8ada1da0181b8d108ca72a41795b55060613e0182f2cbbc592f857f46
.exe windows:5 windows x86 arch:x86

cda48ebb1fe57d9b31da3a94fc154bf3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateFileA
FindFirstChangeNotificationW
GetConsoleAliasesLengthW
PeekNamedPipe
SetEndOfFile
CancelWaitableTimer
CreateHardLinkA
FreeEnvironmentStringsA
GetTickCount
GetDateFormatA
ReadConsoleInputA
SizeofResource
GetFileAttributesW
FileTimeToSystemTime
GlobalUnlock
GetShortPathNameA
FindFirstFileA
GetLogicalDriveStringsA
GetLastError
SetLastError
GetTempFileNameW
AttachConsole
VirtualAlloc
BeginUpdateResourceW
LoadLibraryA
SetConsoleCtrlHandler
SetFileApisToANSI
OpenJobObjectW
FoldStringA
GetModuleHandleA
SetCalendarInfoA
FindFirstVolumeW
ReadConsoleOutputCharacterW
GetLocaleInfoA
GetProcAddress
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetStartupInfoW
RaiseException
RtlUnwind
HeapAlloc
HeapFree
GetModuleHandleW
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
GetCurrentThreadId
InterlockedDecrement
Sleep
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
GetModuleFileNameW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
DeleteCriticalSection
HeapCreate
VirtualFree
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
LeaveCriticalSection
EnterCriticalSection
HeapReAlloc
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
HeapSize
InitializeCriticalSectionAndSpinCount
LCMapStringA
WideCharToMultiByte
MultiByteToWideChar
LCMapStringW
GetStringTypeA
GetStringTypeW

user32

LoadMenuA
DdeQueryStringW
GetClassInfoExW
GetKeyNameTextW
CharToOemBuffW
GetMessageExtraInfo

gdi32

CreateDCA

Sections

.text
Size: 652KB - Virtual size: 652KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 31.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 39KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
a465bc08714bc760130a3f150a704df2f08af083b2aaf0c931e714019f3769e3
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 403KB - Virtual size: 403KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.sdata
Size: 512B - Virtual size: 154B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
a4dfaa8bbce586a593a86aa0e8e6c3e799d2a18b7e02d20284e83ff6f723c0d9
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 378KB - Virtual size: 377KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 67KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ae6f3869929b1d021a10bd51dc1aace28bec1a4b000085b477c1e470b73e77fe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 302KB - Virtual size: 301KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
bdd9dbc6d72ecc5ea0a063a1fc99e414a4cff177ec8726da0011134d8589c7d2
.exe windows:5 windows x86 arch:x86

aa822b1bc62e9f028a1a5882deaba84c

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

oleaut32

SysFreeString
SysReAllocStringLen
SysAllocStringLen
SafeArrayPtrOfIndex
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayCreate
VariantChangeType
VariantCopy
VariantClear
VariantInit
GetErrorInfo

advapi32

RegQueryValueExW
RegOpenKeyExW
RegCloseKey
GetUserNameA
CryptGenRandom
CryptReleaseContext
CryptAcquireContextW

user32

MessageBoxA
CharNextW
LoadStringW
PeekMessageW
MsgWaitForMultipleObjects
MessageBoxW
GetSystemMetrics
CharUpperBuffW
CharUpperW
CharLowerBuffW

kernel32

Sleep
VirtualFree
VirtualAlloc
lstrlenW
VirtualQuery
GetTickCount
GetSystemInfo
GetVersion
CompareStringW
IsDBCSLeadByteEx
IsValidLocale
SetThreadLocale
GetSystemDefaultUILanguage
GetUserDefaultUILanguage
GetLocaleInfoW
WideCharToMultiByte
MultiByteToWideChar
GetConsoleOutputCP
GetConsoleCP
GetACP
LoadLibraryExW
GetStartupInfoW
GetProcAddress
GetModuleHandleW
GetModuleFileNameW
GetCommandLineW
FreeLibrary
GetLastError
UnhandledExceptionFilter
RtlUnwind
RaiseException
ExitProcess
ExitThread
SwitchToThread
GetCurrentThreadId
CreateThread
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
FindFirstFileW
FindClose
WriteFile
SetFilePointer
SetEndOfFile
ReadFile
GetFileType
GetFileSize
CreateFileW
GetStdHandle
CloseHandle
LoadLibraryA
TlsSetValue
TlsGetValue
LocalFree
LocalAlloc
WaitForSingleObject
WaitForMultipleObjects
VirtualQueryEx
VirtualProtect
VerSetConditionMask
VerifyVersionInfoW
SuspendThread
SizeofResource
SetThreadPriority
SetLastError
SetEvent
SetErrorMode
ResumeThread
ResetEvent
ReleaseMutex
QueryPerformanceFrequency
QueryPerformanceCounter
OpenMutexW
MoveFileExW
LockResource
LoadResource
LoadLibraryW
HeapFree
HeapDestroy
HeapCreate
HeapAlloc
GetVolumeInformationW
GetVersionExW
GetThreadTimes
GetThreadPriority
GetThreadLocale
GetSystemTimes
GetProcessTimes
GetLocalTime
GetFullPathNameW
GetFileAttributesW
GetExitCodeThread
GetDriveTypeW
GetDiskFreeSpaceW
GetDateFormatW
GetCurrentThread
GetCurrentProcessId
GetCurrentProcess
GetComputerNameA
GetCPInfoExW
GetCPInfo
FreeResource
InterlockedCompareExchange
FormatMessageW
FindResourceW
FindNextFileW
EnumSystemLocalesW
EnumCalendarInfoW
DeleteFileW
CreateProcessW
CreateMutexW
CreateEventW

ole32

CoUninitialize
CoInitialize

shell32

SHGetSpecialFolderPathW

wsock32

WSACleanup
WSAStartup
gethostname
gethostbyname
inet_ntoa

netapi32

NetShareEnum
NetApiBufferFree

Exports

Exports

TMethodImplementationIntercept

Sections

.text
Size: 811KB - Virtual size: 811KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 24KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.didata
Size: 512B - Virtual size: 250B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 100B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: - Virtual size: 20B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 93B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 270KB - Virtual size: 270KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
c475b20ef38d5ef011235eeaf75db5686a5fef724e3eb2fa3e8d4b056096fbb6
.exe windows:5 windows x86 arch:x86

a4559d1602669b68de352c9c26c5d967

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetConsoleAliasExesLengthA
GetCommState
WaitNamedPipeA
GetLogicalDriveStringsW
GlobalSize
CreateHardLinkA
WaitForSingleObjectEx
ReadConsoleW
EnumResourceTypesA
SetHandleCount
LoadLibraryW
GetConsoleMode
InterlockedPopEntrySList
GetWriteWatch
GetFileAttributesW
WriteConsoleW
GetModuleFileNameW
GetCompressedFileSizeA
CreateActCtxA
WritePrivateProfileStringW
GetConsoleAliasesW
GetStdHandle
SetLastError
GetProcAddress
VirtualAlloc
BeginUpdateResourceW
EnumSystemCodePagesW
CreateMemoryResourceNotification
FindResourceExW
GetNumaHighestNodeNumber
LoadLibraryA
LocalAlloc
DnsHostnameToComputerNameA
WriteProfileSectionW
FoldStringA
GetModuleHandleA
GetCommTimeouts
FreeEnvironmentStringsW
GetConsoleTitleW
GetShortPathNameW
DeleteTimerQueueTimer
GlobalAddAtomW
DebugBreak
ReadConsoleOutputCharacterW
EnumCalendarInfoExA
DeleteFileA
FlushFileBuffers
CloseHandle
CreateFileA
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetLocaleInfoW
GetConsoleCP
lstrcpynA
IsBadStringPtrW
FindVolumeClose
SearchPathA
SetDefaultCommConfigA
InterlockedIncrement
InterlockedDecrement
Sleep
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetLastError
HeapFree
MultiByteToWideChar
TerminateProcess
GetCurrentProcess
IsDebuggerPresent
GetStartupInfoW
RtlUnwind
RaiseException
LCMapStringA
WideCharToMultiByte
LCMapStringW
GetCPInfo
GetModuleHandleW
ExitProcess
WriteFile
GetModuleFileNameA
HeapAlloc
HeapCreate
VirtualFree
HeapReAlloc
GetACP
GetOEMCP
IsValidCodePage
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
GetCurrentThreadId
GetEnvironmentStringsW
GetCommandLineW
GetFileType
GetStartupInfoA
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
HeapSize
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
GetStringTypeA
GetStringTypeW
InitializeCriticalSectionAndSpinCount
SetFilePointer

user32

RealChildWindowFromPoint
ScreenToClient
GetKeyNameTextA
LoadMenuA
MessageBoxIndirectA
GetDC
GetKBCodePage
GetScrollInfo
SetMenuDefaultItem
GetShellWindow

gdi32

GetCharABCWidthsA
CreateDiscardableBitmap
GetCharWidthI

advapi32

GetEventLogInformation

Sections

.text
Size: 692KB - Virtual size: 692KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 2.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 29KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
d57ee4f41d4df716e6270a147e098aabb6cac69a1d5812b1f21f0bf17a9c7db5
.exe windows:5 windows x86 arch:x86

6847c4a23533c8db62ddf8eb8d214ba0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetVolumeNameForVolumeMountPointA
GlobalFix
CreateFileA
SetDefaultCommConfigA
GetDriveTypeW
AllocConsole
InterlockedIncrement
SystemTimeToFileTime
EnumCalendarInfoW
GetProfileSectionA
GetUserDefaultLCID
MoveFileWithProgressA
GetModuleHandleW
GetTickCount
ReadConsoleW
TzSpecificLocalTimeToSystemTime
SetHandleCount
AllocateUserPhysicalPages
GlobalAlloc
GetPrivateProfileIntA
AddRefActCtx
SetFileShortNameW
LoadLibraryW
IsProcessInJob
GetCalendarInfoW
SetVolumeMountPointA
GetConsoleAliasExesLengthW
GetFileAttributesA
GetFileAttributesW
GetOverlappedResult
GetVolumePathNameA
GetStringTypeExA
GetProfileIntA
ReleaseActCtx
SetLastError
GetProcAddress
SetComputerNameA
SearchPathA
GetTempFileNameA
LoadLibraryA
WriteConsoleA
MoveFileA
FindFirstVolumeMountPointW
RemoveDirectoryW
BeginUpdateResourceA
AddAtomA
GlobalWire
GetModuleFileNameA
FindNextFileA
SetLocaleInfoW
lstrcatW
FreeEnvironmentStringsW
GetConsoleTitleW
GetCurrentDirectoryA
EnumDateFormatsW
CompareStringA
SetCalendarInfoA
SetThreadAffinityMask
DeleteFileW
DebugBreak
EnumSystemLocalesW
AreFileApisANSI
InterlockedDecrement
EncodePointer
DecodePointer
Sleep
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetLastError
HeapFree
DeleteFileA
ExitProcess
GetCommandLineA
HeapSetInformation
GetStartupInfoW
RaiseException
RtlUnwind
HeapAlloc
WideCharToMultiByte
LCMapStringW
MultiByteToWideChar
GetCPInfo
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
TerminateProcess
GetCurrentProcess
IsProcessorFeaturePresent
HeapCreate
HeapSize
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetCurrentThreadId
InitializeCriticalSectionAndSpinCount
GetLocaleInfoW
WriteFile
GetStdHandle
GetModuleFileNameW
GetEnvironmentStringsW
GetFileType
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetACP
GetOEMCP
IsValidCodePage
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
GetStringTypeW
HeapReAlloc
GetConsoleCP
GetConsoleMode
FlushFileBuffers
SetFilePointer
CloseHandle
WriteConsoleW
SetStdHandle
CreateFileW

Sections

.text
Size: 107KB - Virtual size: 106KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 616KB - Virtual size: 3.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 112KB - Virtual size: 111KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
d68e18e28f3ba8db95da24be50e918d9254214079f1394eb55ce53f772041664
.exe windows:5 windows x86 arch:x86

ef163fd1a1dfd01940ab083fe4660afa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FindFirstFileW
SetThreadContext
FindFirstChangeNotificationW
PeekNamedPipe
SetEndOfFile
LoadResource
SetConsoleTextAttribute
GetLogicalDriveStringsW
FreeEnvironmentStringsA
GetModuleHandleW
GetTickCount
GetDateFormatA
LoadLibraryW
IsValidLocale
ReadConsoleInputA
GetFileAttributesA
FileTimeToSystemTime
GlobalUnlock
GetShortPathNameA
GetLastError
GetProcAddress
VirtualAlloc
CreateFileA
BackupWrite
GetTempFileNameA
CreateHardLinkW
OpenJobObjectW
FoldStringA
GetModuleHandleA
FindFirstVolumeA
ReadConsoleOutputCharacterW
CloseHandle
HeapSize
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
RaiseException
LoadLibraryA
BeginUpdateResourceW
HeapFree
MultiByteToWideChar
GetStartupInfoW
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapAlloc
HeapCreate
VirtualFree
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
HeapReAlloc
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetCurrentThreadId
SetFilePointer
Sleep
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
GetModuleFileNameW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
InitializeCriticalSectionAndSpinCount
RtlUnwind
LCMapStringA
WideCharToMultiByte
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
SetStdHandle
GetConsoleCP
GetConsoleMode
FlushFileBuffers

user32

CharToOemBuffA
GetKeyNameTextA
GetClassInfoExA
GetMessageExtraInfo
ChangeMenuA
LoadBitmapA
GetParent
LoadMenuA
DdeQueryStringW
CopyIcon
FlashWindow

gdi32

GetCharWidthI

Sections

.text
Size: 642KB - Virtual size: 641KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 319KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 34KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
dd6ac617529eed1916db34c8875f09f127ba3d2ff304352df29fdef4802143fd
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 390KB - Virtual size: 390KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.sdata
Size: 512B - Virtual size: 108B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 138KB - Virtual size: 138KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
e1bc3d93383ffb9540f20a1b58e4b3bb77ba24d247a1177030be6fe93d912136
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 981KB - Virtual size: 981KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.sdata
Size: 512B - Virtual size: 312B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ea62bfae07927cc7fd706948ae7e474f4c0d7ed2afcb7c73c388e5f6936f5c29
.exe windows:5 windows x86 arch:x86

4b932974a1b8b4dec33cf044302323ec

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

recv
ntohl
gethostname
sendto
recvfrom
freeaddrinfo
getaddrinfo
select
__WSAFDIsSet
ioctlsocket
listen
htonl
accept
WSACleanup
WSAStartup
WSAIoctl
WSASetLastError
socket
setsockopt
ntohs
htons
getsockopt
getsockname
getpeername
connect
bind
WSAGetLastError
send
closesocket

normaliz

IdnToAscii

wldap32

ord30
ord79
ord35
ord33
ord32
ord27
ord26
ord301
ord41
ord50
ord45
ord60
ord211
ord46
ord217
ord143
ord200
ord22

crypt32

CertFreeCertificateChain
CertGetCertificateChain
CertFreeCertificateChainEngine
CertCreateCertificateChainEngine
CryptQueryObject
CertGetNameStringA
CertFindExtension
CertAddCertificateContextToStore
CryptDecodeObjectEx
PFXImportCertStore
CryptStringToBinaryA
CertFreeCertificateContext
CertFindCertificateInStore
CertEnumCertificatesInStore
CertCloseStore
CertOpenStore

advapi32

CryptEncrypt
CryptImportKey
CryptDestroyKey
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptGenRandom
CryptGetHashParam
CryptReleaseContext
CryptAcquireContextA

kernel32

HeapFree
HeapAlloc
GetConsoleCP
ReadConsoleW
GetConsoleMode
GetACP
GetCommandLineW
GetCommandLineA
WriteFile
GetModuleFileNameA
GetDateFormatW
SetFilePointerEx
GetModuleHandleExW
ExitThread
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
GetDriveTypeW
RaiseException
RtlUnwind
WaitForSingleObject
LoadLibraryW
GetTimeFormatW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
FlushFileBuffers
GetExitCodeProcess
CreateProcessA
SetStdHandle
GetTimeZoneInformation
HeapReAlloc
HeapSize
FindFirstFileExA
IsValidCodePage
FindNextFileA
GetOEMCP
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
GetProcessHeap
WriteConsoleW
SetEndOfFile
ExitProcess
CreateFileW
GetLogicalDrives
FindFirstFileW
Process32First
FindNextFileW
TerminateProcess
GetDriveTypeA
FindClose
OpenProcess
CreateToolhelp32Snapshot
Process32Next
CloseHandle
FreeConsole
lstrcmpW
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
GetLastError
SleepEx
QueryPerformanceFrequency
GetSystemDirectoryA
FreeLibrary
GetModuleHandleA
GetProcAddress
LoadLibraryA
QueryPerformanceCounter
GetTickCount
Sleep
MultiByteToWideChar
WideCharToMultiByte
MoveFileExA
WaitForSingleObjectEx
GetEnvironmentVariableA
GetStdHandle
GetFileType
ReadFile
PeekNamedPipe
WaitForMultipleObjects
SetLastError
FormatMessageA
VerSetConditionMask
VerifyVersionInfoA
CreateFileA
GetFileSizeEx
GetCurrentThread
GetThreadTimes
UnregisterWaitEx
GetCurrentDirectoryW
CreateDirectoryW
DeleteFileW
FindFirstFileExW
GetDiskFreeSpaceExW
GetFileAttributesExW
GetFileInformationByHandle
GetFullPathNameW
AreFileApisANSI
GetModuleHandleW
CopyFileW
MoveFileExW
FormatMessageW
GetStringTypeW
TryEnterCriticalSection
GetCurrentThreadId
DuplicateHandle
GetCurrentProcess
SwitchToThread
GetExitCodeThread
InitializeCriticalSectionAndSpinCount
CreateEventW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
EncodePointer
DecodePointer
CompareStringW
LCMapStringW
GetLocaleInfoW
GetCPInfo
SetEvent
ResetEvent
InitializeSListHead
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
GetCurrentProcessId
CreateTimerQueue
SignalObjectAndWait
CreateThread
SetThreadPriority
GetThreadPriority
GetLogicalProcessorInformation
CreateTimerQueueTimer
ChangeTimerQueueTimer
DeleteTimerQueueTimer
GetNumaHighestNodeNumber
GetProcessAffinityMask
SetThreadAffinityMask
RegisterWaitForSingleObject
UnregisterWait
FreeLibraryAndExitThread
GetModuleFileNameW
LoadLibraryExW
GetVersionExW
VirtualAlloc
VirtualProtect
VirtualFree
ReleaseSemaphore
InterlockedPopEntrySList
InterlockedPushEntrySList
InterlockedFlushSList
QueryDepthSList

Sections

.text
Size: 954KB - Virtual size: 954KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 215KB - Virtual size: 214KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 27KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 54KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
f2cafb550a0b7c248847d2548389379d0d8954335d81d60991a4d1e7333745b4
.exe windows:4 windows x86 arch:x86

ac131d702ee16feb46717282d66c3824

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

_CIcos
_adj_fptan
__vbaLenBstr
_adj_fdiv_m64
_adj_fprem1
__vbaHresultCheckObj
_adj_fdiv_m32
_adj_fdiv_m16i
__vbaObjSetAddref
_adj_fdivr_m16i
_CIsin
__vbaChkstk
EVENT_SINK_AddRef
__vbaStrCmp
DllFunctionCall
__vbaRedimPreserve
_adj_fpatan
__vbaRedim
EVENT_SINK_Release
_CIsqrt
EVENT_SINK_QueryInterface
__vbaExceptHandler
_adj_fprem
_adj_fdivr_m64
__vbaFPException
_CIlog
__vbaNew2
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaFreeStrList
_adj_fdivr_m32
_adj_fdiv_r
ord100
_CIatan
_allmul
_CItan
_CIexp
__vbaFreeObj

Sections

.text
Size: 384KB - Virtual size: 383KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4b932974a1b8b4dec33cf044302323ec

Headers

DLL Characteristics

File Characteristics

Imports

ws2_32

normaliz

wldap32

crypt32

advapi32

kernel32

Sections

.text Size: 954KB - Virtual size: 954KB

.rdata Size: 215KB - Virtual size: 214KB

.data Size: 27KB - Virtual size: 42KB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 54KB - Virtual size: 54KB

e160ef8e55bb9d162da4e266afd9eef3

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 23KB - Virtual size: 22KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 1024B - Virtual size: 105KB

.ndata Size: - Virtual size: 32KB

.rsrc Size: 3KB - Virtual size: 2KB

a08952b00a788686a5ccda8fc072094a

Headers

DLL Characteristics

File Characteristics

Imports

opengl32

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

crypt32

comctl32

wininet

ws2_32

netapi32

winmm

imm32

Sections

.text Size: 184KB - Virtual size: 180KB

.rdata Size: 40KB - Virtual size: 37KB

.data Size: 20KB - Virtual size: 26KB

.rsrc Size: 392KB - Virtual size: 390KB

284c9d70850d445a2194446d5ac9dded

Headers

File Characteristics

Imports

msvbvm60

Sections

.text Size: 388KB - Virtual size: 386KB

.data Size: 4KB - Virtual size: 10KB

.rsrc Size: 4KB - Virtual size: 2KB

a90cc1b6f902761feb40477393138296

Headers

DLL Characteristics

File Characteristics

.text
Size: 954KB - Virtual size: 954KB

.rdata
Size: 215KB - Virtual size: 214KB

.data
Size: 27KB - Virtual size: 42KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 54KB - Virtual size: 54KB

.text
Size: 23KB - Virtual size: 22KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 1024B - Virtual size: 105KB

.ndata
Size: - Virtual size: 32KB

.rsrc
Size: 3KB - Virtual size: 2KB

.text
Size: 184KB - Virtual size: 180KB

.rdata
Size: 40KB - Virtual size: 37KB

.data
Size: 20KB - Virtual size: 26KB

.rsrc
Size: 392KB - Virtual size: 390KB

.text
Size: 388KB - Virtual size: 386KB

.data
Size: 4KB - Virtual size: 10KB

.rsrc
Size: 4KB - Virtual size: 2KB

.text
Size: 52KB - Virtual size: 51KB

.data
Size: 585KB - Virtual size: 1.1MB

.rsrc
Size: 63KB - Virtual size: 62KB

.text
Size: 242KB - Virtual size: 241KB

.rdata
Size: 61KB - Virtual size: 60KB

.data
Size: 10KB - Virtual size: 29KB

.rsrc
Size: 6KB - Virtual size: 5KB

.reloc
Size: 12KB - Virtual size: 11KB

.text
Size: 691KB - Virtual size: 690KB

.rdata
Size: 15KB - Virtual size: 14KB

.data
Size: 8KB - Virtual size: 21KB

.wutedij
Size: 1024B - Virtual size: 4KB

.rsrc
Size: 16KB - Virtual size: 15KB

.text
Size: 824KB - Virtual size: 824KB

.rsrc
Size: 99KB - Virtual size: 98KB

.reloc
Size: 512B - Virtual size: 12B

39:4f:2c:22:62:cc:2d:b9:2b:fe:ae:20:59:3b:f1:74
Certificate

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

39:4f:2c:22:62:cc:2d:b9:2b:fe:ae:20:59:3b:f1:74
Certificate

09:c0:fc:46:c8:04:42:13:b5:59:8b:af:28:4f:4e:41
Certificate