medusalocker | samples2[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

samples2.zip
Size

4.6MB
MD5

2e6f74d2c52a3c209bee0f46ed5cf877
SHA1

aecb04ae16e4d8882f58f4c5460660d8cd5858a7
SHA256

77a164b6f3112876b7b2b2c8a7b9ee57997ddde6f4e6cd5235f41c1cd5478621
SHA512

3e9298f2758604d868250285f363b023496435fa6df05e41853207d47d5ebcbab01f73d1e8d0b7f850eb81a21fbb2b3ce3a7fd0f946b245293afdb627d5e2e5e
SSDEEP

98304:wAw/1bUx9oAEEsk+GF7RoimhvGQtFHFxwEi0mD:wACFAfskbRJmh9HTwEbA

Score

10^/10

agilenet upx medusalocker

Malware Config

Signatures

MedusaLocker payload 1 IoCs

resource	yara_rule
static1/unpack001/c1d4014e65a8d79e555378dbf8e5db5786e3b6e4c841f7f64a3f40318bb59e60	family_medusalocker

Medusalocker family
medusalocker

Obfuscated with Agile.Net obfuscator 1 IoCs

Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.

agilenet

resource	yara_rule
static1/unpack001/5e7d11d6bd11b09c4cc0c4ba54ebea19dcc06ae585d0508d3d8dba251075f4c6	agile_net

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/951961520f980767e863bb3c881f860075d7e3cda5031c39c611ef0ec82c6e34	upx

Unsigned PE 25 IoCs

Checks for missing Authenticode signature.

resource
unpack001/032e2e00ebb50fcd0c1b56a4cfb9479683e15de23e336556ea3783038e18b536
unpack001/07e98c92e1f9859a16b31df6aa5bc83c0d11d4f5f9d8a8ce5d7ddc1a0655a73b
unpack001/0a045d39cbae62c5e73639b6a5a6bdc7948e13d5e960978d22b687d95e599b35
unpack001/2d713e13f7941f69ff7978a16736aac4019955895a79636eed1738c1f6a3e0d3
unpack001/37a83fd6b1048433907502f8e50aabdcbae822388ea284e81e9ea1b199674732
unpack001/390b31934a8c6923fca53127953406a98231e4437a8523f242c072b0c38bb756
unpack001/4dc6bd447edc955f853e3d624be982a77e219a0d8d78c9009ecfd0b6bf18049d
unpack001/5300d7456183c470a40267da9cd1771d6147445b203d8eb02437348bf3169e0d
unpack001/5e7d11d6bd11b09c4cc0c4ba54ebea19dcc06ae585d0508d3d8dba251075f4c6
unpack001/64c7d9f709c2e8f059e695db2b1dd84db7b1061ea0a445046603291749fb0920
unpack001/7db03ff8a8f7a96bff02870cd5975b06ac52f2816a7c4ee8f2473a301bea133a
unpack001/81cb6442c2562274be3b9bc33c6fc5a4c5c43b0569494f857157eef1e9613178
unpack001/8629ec2aedcf3d482ced397406a20fc49e64adf5eb52b717fa331730404de411
unpack001/8b13ff52ff84eff160a5c0b8c80c7bd336e5bcfef7730ce7a5c499f112632bab
unpack001/90b4871229a8654c4258d4d470475e891b7db88407f53653a110de8d70fa4811
unpack001/951961520f980767e863bb3c881f860075d7e3cda5031c39c611ef0ec82c6e34
unpack002/out.upx
unpack001/97674aa4e53c8d6d20a83159ab54b4e789180bf4ff9c04225125ec10af4d42cb
unpack001/a7fdc0bf2f201d81e417f3b17567ab129315738ba951e04288fc226c9dc2d452
unpack001/bd9eb64eca2cbf7c481e3272dcce27639aff6c04252779d68bfdf8c9b4074eb7
unpack001/c1d4014e65a8d79e555378dbf8e5db5786e3b6e4c841f7f64a3f40318bb59e60
unpack001/c1dfd24fc912e5e7ea66f21ff43cb03765e5828a5b880e7115d75eeda04ca0cc
unpack001/deb898788cb5d64fc8c5fa8fce683704e3d6a7d9766c2f02d3fedcdf92cd3491
unpack001/e5a1aaeadefde13887db902f3b3d4e1740bb300fa43bb2b968935673b8351b9c
unpack001/f9554e243c37ba9004879c3e05997639e5735f2a84775230d712fe9437101d52

Files

samples2.zip
.zip
032e2e00ebb50fcd0c1b56a4cfb9479683e15de23e336556ea3783038e18b536
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 455KB - Virtual size: 455KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
07e98c92e1f9859a16b31df6aa5bc83c0d11d4f5f9d8a8ce5d7ddc1a0655a73b
.exe windows:4 windows x86 arch:x86

90bc04cd771dd9666e2f7a223698dc3b

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleHandleA
MoveFileExA
GetCurrentProcess
GetDriveTypeA
GetModuleFileNameA
GetVersionExA
GetVersion
CompareStringA
GetTimeZoneInformation
IsBadCodePtr
IsBadReadPtr
SetUnhandledExceptionFilter
GetStringTypeW
GetStringTypeA
GetFileType
GetStdHandle
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetOEMCP
GetACP
FormatMessageA
LCMapStringW
LCMapStringA
IsBadWritePtr
HeapReAlloc
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
GetEnvironmentVariableA
GetCommandLineA
GetStartupInfoA
FileTimeToLocalFileTime
FileTimeToSystemTime
FindNextFileA
RemoveDirectoryA
MoveFileA
RtlUnwind
DeleteFileA
SetEnvironmentVariableA
CreateDirectoryA
HeapFree
HeapAlloc
HeapCompact
TerminateProcess
ExitProcess
CopyFileA
SetFileTime
OpenFile
GetFileAttributesA
SetFileAttributesA
SetErrorMode
GetPrivateProfileStringA
WritePrivateProfileStringA
LoadLibraryExA
FindResourceA
GetTickCount
GetFullPathNameA
MultiByteToWideChar
WideCharToMultiByte
GetLocalTime
GetTempPathA
GetShortPathNameA
GetExitCodeProcess
CompareStringW
GetCurrentDirectoryA
SetCurrentDirectoryA
CreateProcessA
Sleep
lstrcatA
lstrlenA
WinExec
LoadLibraryA
GetProcAddress
FreeLibrary
GetDiskFreeSpaceA
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
CloseHandle
SetFilePointer
WriteFile
ReadFile
CreateFileA
GetLastError
FindFirstFileA
FindClose
GetWindowsDirectoryA
GetCPInfo
GetSystemDirectoryA

user32

ExitWindowsEx
IsIconic
PostQuitMessage
DefWindowProcA
AdjustWindowRectEx
DialogBoxParamA
EndDialog
CheckDlgButton
SetTimer
KillTimer
SendDlgItemMessageA
GetFocus
BringWindowToTop
GetLastActivePopup
SendMessageA
GetWindow
FindWindowA
LoadCursorA
LoadIconA
PostMessageA
GetSysColor
ScreenToClient
GetWindowRect
GetDlgItem
EndPaint
BeginPaint
GetClientRect
FillRect
DrawTextA
GetSystemMetrics
GetDlgItemTextA
IsClipboardFormatAvailable
OpenClipboard
GetClipboardData
CloseClipboard
IsDlgButtonChecked
CheckRadioButton
SetFocus
GetParent
UpdateWindow
IsWindowVisible
InvalidateRect
CreateDialogParamA
RedrawWindow
PeekMessageA
GetMessageA
IsDialogMessageA
TranslateMessage
DispatchMessageA
SetDlgItemTextA
SetWindowTextA
SetWindowPos
ShowWindow
DestroyWindow
CreateWindowExA
GetWindowLongA
IsWindowEnabled
CallWindowProcA
ValidateRect
SetWindowLongA
GetClassNameA
MessageBoxA
EnableWindow
SendMessageTimeoutA
wsprintfA
RegisterClassA

gdi32

CreatePalette
SetBkColor
ExtTextOutA
GetSystemPaletteEntries
AddFontResourceA
RemoveFontResourceA
GetStockObject
GetDeviceCaps
DeleteDC
DeleteObject
BitBlt
SelectObject
CreateCompatibleBitmap
CreateCompatibleDC
RealizePalette
SelectPalette
CreateHalftonePalette
CreateDIBPatternBrush
CreateSolidBrush
SetBrushOrgEx
SetStretchBltMode
StretchDIBits
CreateFontIndirectA
SetBkMode
SetTextColor

comdlg32

GetOpenFileNameA

advapi32

RegCreateKeyExA
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
RegCreateKeyA
RegEnumKeyExA
RegDeleteKeyA
RegCloseKey
RegDeleteValueA
RegOpenKeyA
RegSetValueExA
RegQueryValueA
RegOpenKeyExA
RegQueryValueExA

shell32

DragQueryFileA
DragFinish
ShellExecuteA
SHBrowseForFolderA
SHGetSpecialFolderLocation
SHGetPathFromIDListA
SHGetMalloc
DragAcceptFiles

ole32

CoGetMalloc
CoCreateInstance
OleInitialize
OleUninitialize

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA
VerFindFileA

comctl32

ord17

Sections

.text
Size: 136KB - Virtual size: 134KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 132KB - Virtual size: 131KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
0a045d39cbae62c5e73639b6a5a6bdc7948e13d5e960978d22b687d95e599b35
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 223KB - Virtual size: 222KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
2d713e13f7941f69ff7978a16736aac4019955895a79636eed1738c1f6a3e0d3
.exe windows:5 windows x86 arch:x86

bf5a4aa99e5b160f8521cadd6bfe73b8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

RaiseException
GetLastError
MultiByteToWideChar
lstrlenA
InterlockedDecrement
GetProcAddress
LoadLibraryA
FreeResource
SizeofResource
LockResource
LoadResource
FindResourceA
GetModuleHandleA
Module32Next
CloseHandle
Module32First
CreateToolhelp32Snapshot
GetCurrentProcessId
SetEndOfFile
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
GetLocaleInfoA
HeapFree
GetProcessHeap
HeapAlloc
GetCommandLineA
HeapCreate
VirtualFree
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
VirtualAlloc
HeapReAlloc
HeapSize
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetModuleHandleW
Sleep
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
WideCharToMultiByte
GetConsoleCP
GetConsoleMode
ReadFile
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
FlushFileBuffers
SetFilePointer
SetHandleCount
GetFileType
GetStartupInfoA
RtlUnwind
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
InitializeCriticalSectionAndSpinCount
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
CompareStringA
CompareStringW
SetEnvironmentVariableA
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetStdHandle
CreateFileA

ole32

OleInitialize

oleaut32

SafeArrayCreate
SafeArrayAccessData
SafeArrayUnaccessData
SafeArrayDestroy
SafeArrayCreateVector
VariantClear
VariantInit
SysFreeString
SysAllocString

Sections

.text
Size: 102KB - Virtual size: 101KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 163KB - Virtual size: 162KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
37a83fd6b1048433907502f8e50aabdcbae822388ea284e81e9ea1b199674732
.exe windows:5 windows x86 arch:x86

5322617f33cf7cb687e39f110c8e3f88

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

WriteFile
GetDriveTypeA
GetSystemWindowsDirectoryA
GetFileAttributesA
GetExitCodeProcess
GetFileAttributesW
CreateProcessA
ReadFile
GetLastError
GetTempFileNameA
DeviceIoControl
GetDiskFreeSpaceExA
GetTempPathA
DeleteFileA
SetFilePointer
FindFirstFileW
GetComputerNameW
FindClose
FindNextFileA
FindNextFileW
SetFileAttributesW
GetTickCount
GetConsoleWindow
GetLocalTime
GetSystemTime
GetSystemInfo
WinExec
GetSystemDirectoryA
GetFileSize
FormatMessageA
CreateFileW
WaitForSingleObject
GetSystemWindowsDirectoryW
CreateFileA
GetModuleFileNameA
GetModuleFileNameW
CloseHandle
CreateToolhelp32Snapshot
Process32NextW
Process32FirstW
GetProcAddress
TerminateProcess
Sleep
LoadLibraryW
OpenProcess
FindFirstFileA
GetModuleHandleW
SetEndOfFile
HeapSize
WriteConsoleW
FlushFileBuffers
SetEnvironmentVariableW
QueryPerformanceCounter
CreateThread
ExitThread
ResumeThread
HeapFree
HeapAlloc
EnterCriticalSection
LeaveCriticalSection
IsDebuggerPresent
IsProcessorFeaturePresent
DeleteFileW
SetStdHandle
GetFileType
MultiByteToWideChar
MoveFileExW
GetCommandLineA
EncodePointer
DecodePointer
SetLastError
GetCurrentThreadId
ExitProcess
GetModuleHandleExW
AreFileApisANSI
WideCharToMultiByte
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
GetCurrentProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStartupInfoW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetProcessHeap
GetStdHandle
DeleteCriticalSection
GetEnvironmentStringsW
FreeEnvironmentStringsW
RtlUnwind
GetConsoleMode
ReadConsoleW
GetConsoleCP
SetFilePointerEx
GetCurrentProcessId
GetSystemTimeAsFileTime
LoadLibraryExW
HeapReAlloc
GetStringTypeW
CompareStringW
LCMapStringW
OutputDebugStringW
RaiseException

user32

ShowWindow

advapi32

CryptAcquireContextW
ControlService
QueryServiceConfigA
OpenSCManagerA
QueryServiceStatus
RegQueryValueExA
EnumServicesStatusA
CloseServiceHandle
OpenServiceA
RegCloseKey
RegOpenKeyExA
RegCreateKeyExA
RegSetValueExA
CryptReleaseContext
CryptGenRandom

shell32

ShellExecuteA

netapi32

NetUserGetLocalGroups
NetUserEnum
NetApiBufferFree

Sections

.text
Size: 194KB - Virtual size: 194KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 61KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
390b31934a8c6923fca53127953406a98231e4437a8523f242c072b0c38bb756
.exe windows:6 windows x64 arch:x64

6b261c4cce2ada1073ce81c108ed97fa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

VirtualAlloc
GetProcAddress
FormatMessageA
GetProcessHeap
CreateFileW
FlushFileBuffers
WideCharToMultiByte
WriteConsoleW
HeapSize
GetStringTypeW
SetStdHandle
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCurrentProcessId
HeapFree
HeapReAlloc
HeapAlloc
VirtualFree
GetFileSizeEx
FindNextFileA
FindFirstFileA
FindClose
CreateDirectoryA
MoveFileA
QueryPerformanceCounter
FreeLibrary
TerminateProcess
GetCurrentProcess
GetLastError
CloseHandle
WriteFile
ReadFile
CreateFileA
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
MultiByteToWideChar
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
RtlUnwindEx
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
RaiseException
GetStdHandle
GetModuleFileNameW
ExitProcess
GetModuleHandleExW
GetCommandLineA
GetCommandLineW
GetConsoleCP
GetConsoleMode
SetFilePointerEx
GetFileType
CompareStringW
LCMapStringW

shell32

SHCreateDirectoryExA
SHGetFolderPathA

ntdll

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

Sections

.text
Size: 75KB - Virtual size: 75KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 42KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 127KB - Virtual size: 131KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 148B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
4dc6bd447edc955f853e3d624be982a77e219a0d8d78c9009ecfd0b6bf18049d
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 193KB - Virtual size: 193KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.sdata
Size: 512B - Virtual size: 174B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 126KB - Virtual size: 125KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
5300d7456183c470a40267da9cd1771d6147445b203d8eb02437348bf3169e0d
.exe windows:5 windows x86 arch:x86

50247f5be73619ffd52a606a1c7865ee

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateFileW
GetSystemWow64DirectoryW
ReadFile
GetFileSizeEx
GetFileAttributesW
SetFileAttributesW
SetFilePointerEx
MoveFileExW
FindFirstFileW
FindNextFileW
FindClose
GetCurrentProcess
GetUserDefaultLangID
GetUserDefaultUILanguage
GetCurrentThread
GetThreadContext
IsDebuggerPresent
CheckRemoteDebuggerPresent
WriteConsoleW
HeapSize
GetConsoleMode
GetConsoleCP
FlushFileBuffers
SetStdHandle
GetTickCount
FreeEnvironmentStringsW
OpenMutexW
CreateProcessW
CloseHandle
Process32FirstW
Process32NextW
GetEnvironmentVariableW
Sleep
CreateToolhelp32Snapshot
OpenProcess
WaitForSingleObject
CreateMutexW
TerminateProcess
InterlockedDecrement
WideCharToMultiByte
MultiByteToWideChar
FindNextVolumeW
GetVolumePathNamesForVolumeNameW
FindVolumeClose
SetVolumeMountPointW
FindFirstVolumeW
QueryDosDeviceW
GetLogicalDrives
GetProcessHeap
HeapAlloc
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
IsValidCodePage
FindFirstFileExW
GetFileType
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLastError
WriteFile
HeapReAlloc
GetACP
GetStdHandle
ExitProcess
RtlUnwind
LoadLibraryW
HeapFree
EncodePointer
DecodePointer
RaiseException
GetCurrentThreadId
IsProcessorFeaturePresent
QueueUserWorkItem
GetModuleHandleExW
FormatMessageW
EnterCriticalSection
LeaveCriticalSection
TryEnterCriticalSection
DeleteCriticalSection
GetStringTypeW
SetLastError
InitializeCriticalSectionAndSpinCount
CreateEventW
SwitchToThread
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
GetModuleHandleW
GetProcAddress
DuplicateHandle
WaitForSingleObjectEx
QueryPerformanceCounter
GetCPInfo
CompareStringW
LCMapStringW
GetLocaleInfoW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
SetEvent
ResetEvent
GetStartupInfoW
GetCurrentProcessId
InitializeSListHead
LocalFree
CreateTimerQueue
SignalObjectAndWait
CreateThread
SetThreadPriority
GetThreadPriority
GetLogicalProcessorInformation
CreateTimerQueueTimer
ChangeTimerQueueTimer
DeleteTimerQueueTimer
GetNumaHighestNodeNumber
GetProcessAffinityMask
SetThreadAffinityMask
RegisterWaitForSingleObject
UnregisterWait
GetThreadTimes
FreeLibrary
FreeLibraryAndExitThread
GetModuleFileNameW
GetModuleHandleA
LoadLibraryExW
GetVersionExW
VirtualAlloc
VirtualProtect
VirtualFree
ReleaseSemaphore
InterlockedPopEntrySList
InterlockedPushEntrySList
InterlockedFlushSList
QueryDepthSList
UnregisterWaitEx

winspool.drv

EnumPrintersW
EndDocPrinter
EndPagePrinter
StartDocPrinterW
ClosePrinter
StartPagePrinter
WritePrinter
OpenPrinterW

advapi32

ControlService
CryptGenKey
CryptEncrypt
CryptGenRandom
CryptImportKey
RegQueryValueExW
RegCloseKey
CloseServiceHandle
ClearEventLogW
OpenSCManagerW
CloseEventLog
DeleteService
CryptReleaseContext
EnumDependentServicesW
RegSetValueExW
OpenEventLogW
RegOpenKeyExW
OpenServiceW
QueryServiceStatusEx
CryptDestroyKey
CryptAcquireContextW
CryptExportKey

shell32

SHEmptyRecycleBinW

ole32

CoCreateInstance
CoSetProxyBlanket
CoInitialize

oleaut32

SysFreeString
SysAllocString
VariantClear

mpr

WNetGetConnectionW

netapi32

NetApiBufferFree
NetDfsEnum
NetShareEnum

iphlpapi

SendARP

ws2_32

gethostbyname
WSAStartup
WSACleanup
inet_addr
inet_ntoa
gethostname
htons
getnameinfo

crypt32

CryptStringToBinaryA

Sections

.text
Size: 313KB - Virtual size: 312KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 107KB - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 488B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
5e7d11d6bd11b09c4cc0c4ba54ebea19dcc06ae585d0508d3d8dba251075f4c6
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 265KB - Virtual size: 265KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 82KB - Virtual size: 82KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
64c7d9f709c2e8f059e695db2b1dd84db7b1061ea0a445046603291749fb0920
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 337KB - Virtual size: 337KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.sdata
Size: 512B - Virtual size: 162B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
7db03ff8a8f7a96bff02870cd5975b06ac52f2816a7c4ee8f2473a301bea133a
.exe windows:6 windows x64 arch:x64

96cc98468ed325b3857363887597bc67

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

advapi32

RegQueryValueExW
RegCloseKey
FreeSid
GetLengthSid
AddAccessAllowedAce
InitializeAcl
InitializeSecurityDescriptor
RegOpenKeyExW
MakeSelfRelativeSD
AllocateAndInitializeSid
LookupAccountNameW
MapGenericMask
GetSecurityDescriptorLength
GetSecurityDescriptorControl
RegQueryValueExA
SetSecurityDescriptorDacl
RegConnectRegistryW
RegOpenKeyExA

kernel32

CreateDirectoryW
LocalAlloc
GlobalAlloc
GetFileAttributesW
GetComputerNameExW
lstrcmpiW
GetDriveTypeW
GetLogicalDriveStringsW
FormatMessageW
GetProcAddress
LocalFree
LoadLibraryA
ExpandEnvironmentStringsA
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
HeapSetInformation
RegisterApplicationRestart
lstrlenW
GetComputerNameW
GetLastError
Sleep
GetStartupInfoW
SetUnhandledExceptionFilter
GetModuleHandleW
QueryPerformanceCounter
GetTickCount
FreeLibrary
LoadLibraryW

gdi32

CreateFontIndirectW
GetDeviceCaps
DeleteObject

user32

MessageBoxW
RegisterClipboardFormatW
EnableWindow
SendMessageW
GetParent
GetActiveWindow
ReleaseDC
PostMessageW
LoadImageW
SystemParametersInfoW
GetDC

mfc42u

ord6708
ord1126
ord4436
ord1122
ord4601
ord1463
ord2856
ord1284
ord1287
ord3916
ord4770
ord4983
ord4371
ord3164
ord4077
ord4083
ord4082
ord3046
ord3166
ord3052
ord3366
ord3231
ord4815
ord3362
ord3243
ord3049
ord6053
ord5711
ord5730
ord5065
ord4368
ord6705
ord5724
ord5722
ord3468
ord2412
ord5615
ord1388
ord4191
ord6071
ord2515
ord2559
ord4836
ord624
ord1907
ord552
ord999
ord4582
ord5077
ord3182
ord2906
ord3177
ord2661
ord5382
ord1677
ord2408
ord2676
ord1574
ord286
ord6351
ord4771
ord4988
ord5699
ord2140
ord2457
ord5683
ord1736
ord5484
ord3933
ord6814
ord2060
ord2670
ord4789
ord5227
ord4017
ord5709
ord4694
ord6812
ord5586
ord2399
ord5663
ord4752
ord1777
ord4365
ord6437
ord2517
ord5406
ord5246
ord4722
ord5687
ord4699
ord5352
ord5114
ord5304
ord5583
ord5585
ord5584
ord6328
ord6216
ord6050
ord621
ord1286
ord6632
ord620
ord6021
ord3003
ord1787
ord1259
ord4521
ord2846
ord2781
ord5979
ord1366
ord4473
ord562
ord6886
ord6887
ord2629
ord1040
ord626
ord1063
ord659
ord4598
ord1584
ord6813
ord2752

msvcrt

_cexit
?terminate@@YAXXZ
calloc
wcsncmp
free
__wgetmainargs
towupper
_exit
exit
_XcptFilter
__C_specific_handler
__CxxFrameHandler3
??1type_info@@UEAA@XZ
_onexit
_lock
__dllonexit
_unlock
__set_app_type
_fmode
_commode
__setusermatherr
_amsg_exit
_initterm
_wcmdln
memset
memmove
_wcsnicmp
wcschr
wcsrchr
iswspace
memcpy

comctl32

DestroyPropertySheetPage
PropertySheetW
ord17

ole32

CoInitializeEx
CoCreateInstance
CoUninitialize

netutils

NetApiBufferFree
NetpwPathType
NetpIsRemote
NetpwNameValidate

srvcli

NetShareAdd
NetShareEnum
NetpsNameValidate
NetServerGetInfo
NetServerDiskEnum
NetShareSetInfo
NetShareGetInfo

aclui

ord1

ws2_32

WSACleanup
WSAStringToAddressW
WSAStartup

shell32

ord190
ord155
ord152
ord17
ord16
ord18
SHChangeNotify
SHBrowseForFolderW
SHGetSpecialFolderLocation
SHGetDesktopFolder
SHGetMalloc
SHGetPathFromIDListW

Sections

.text
Size: 49KB - Virtual size: 49KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 340KB - Virtual size: 344KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
81cb6442c2562274be3b9bc33c6fc5a4c5c43b0569494f857157eef1e9613178
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 382KB - Virtual size: 382KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
8629ec2aedcf3d482ced397406a20fc49e64adf5eb52b717fa331730404de411
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 391KB - Virtual size: 390KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
8b13ff52ff84eff160a5c0b8c80c7bd336e5bcfef7730ce7a5c499f112632bab
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 159KB - Virtual size: 158KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 79KB - Virtual size: 79KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
90b4871229a8654c4258d4d470475e891b7db88407f53653a110de8d70fa4811
.exe windows:5 windows x86 arch:x86

09d0478591d4f788cb3e5ea416c25237

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

Sections

.text
Size: 241KB - Virtual size: 876KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 71KB - Virtual size: 72KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
951961520f980767e863bb3c881f860075d7e3cda5031c39c611ef0ec82c6e34
.exe windows:6 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 448KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 262KB - Virtual size: 264KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:6 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 451KB - Virtual size: 450KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 148KB - Virtual size: 148KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 29KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 33KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
97674aa4e53c8d6d20a83159ab54b4e789180bf4ff9c04225125ec10af4d42cb
.exe windows:5 windows x86 arch:x86

aaa6047b19e2776a90dbf480d8288edd

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetFileAttributesW
GetWindowsDirectoryW
CreateFileA
SetFilePointer
WriteFile
FindFirstFileW
FindFirstFileA
GetLastError
FindClose
FindNextFileA
FindNextFileW
GetSystemWindowsDirectoryA
GetTickCount
GetConsoleWindow
GetLocalTime
GetSystemTime
GetWindowsDirectoryA
GetSystemDirectoryA
GetSystemInfo
WinExec
CreateFileW
GetDriveTypeA
GetComputerNameW
GetSystemWindowsDirectoryW
GetModuleFileNameA
GetModuleFileNameW
CloseHandle
CreateToolhelp32Snapshot
Process32NextW
Process32FirstW
GetProcAddress
TerminateProcess
Sleep
LoadLibraryW
OpenProcess
SetFileAttributesW
SetEndOfFile
HeapSize
WriteConsoleW
FlushFileBuffers
SetEnvironmentVariableW
OutputDebugStringW
QueryPerformanceCounter
CreateThread
ExitThread
ResumeThread
HeapFree
HeapAlloc
EnterCriticalSection
LeaveCriticalSection
IsDebuggerPresent
IsProcessorFeaturePresent
DeleteFileW
SetStdHandle
GetFileType
MoveFileExW
GetSystemTimeAsFileTime
GetCommandLineA
ReadFile
EncodePointer
DecodePointer
SetLastError
GetCurrentThreadId
ExitProcess
GetModuleHandleExW
AreFileApisANSI
MultiByteToWideChar
WideCharToMultiByte
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
GetCurrentProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStartupInfoW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetProcessHeap
GetStdHandle
DeleteCriticalSection
GetEnvironmentStringsW
FreeEnvironmentStringsW
RtlUnwind
GetConsoleMode
ReadConsoleW
GetConsoleCP
SetFilePointerEx
GetCurrentProcessId
LoadLibraryExW
HeapReAlloc
GetStringTypeW
CompareStringW
LCMapStringW
GetModuleHandleW

user32

ShowWindow

advapi32

CryptGenRandom
ControlService
QueryServiceConfigA
OpenSCManagerA
QueryServiceStatus
RegQueryValueExA
EnumServicesStatusA
CloseServiceHandle
OpenServiceA
RegCloseKey
RegOpenKeyExA
RegCreateKeyExA
RegSetValueExA
CryptAcquireContextW
CryptReleaseContext

netapi32

NetUserGetLocalGroups
NetUserEnum
NetApiBufferFree

Sections

.text
Size: 174KB - Virtual size: 174KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 56KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
a7fdc0bf2f201d81e417f3b17567ab129315738ba951e04288fc226c9dc2d452
.exe windows:5 windows x86 arch:x86

37dea4e03ee0a0de0ff50aa571b34471

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetHandleInformation
GetTickCount
CreateMailslotA
lstrcpyA
lstrcatA
lstrlenA
_lclose
TlsGetValue
OpenFileMappingA
LoadLibraryW
ExpandEnvironmentStringsA
DuplicateHandle
GetTempPathW
GetCurrentDirectoryA
SearchPathW
GetNumaProcessorNode
SetLocaleInfoW
GetCurrencyFormatW
PeekConsoleInputW
GetNumberOfConsoleMouseButtons
ReadFile
SetEndOfFile
WriteConsoleW
CloseHandle
GetFileTime
CheckRemoteDebuggerPresent
IsDebuggerPresent
GetProcessHeap
SetThreadIdealProcessor
VirtualQueryEx
GlobalAlloc
GetProcAddress
GetPrivateProfileIntW
InitializeSListHead
SetFilePointerEx
HeapReAlloc
HeapSize
DecodePointer
CreateFileW
GetConsoleMode
GetConsoleCP
FlushFileBuffers
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
GetStartupInfoW
GetModuleHandleW
RaiseException
RtlUnwind
GetLastError
SetLastError
EncodePointer
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
GetStdHandle
WriteFile
GetModuleFileNameW
MultiByteToWideChar
WideCharToMultiByte
ExitProcess
GetModuleHandleExW
GetACP
HeapFree
HeapAlloc
LCMapStringW
GetFileType
GetStringTypeW
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetStdHandle
ReadConsoleW

user32

GetPropA
CreateWindowStationW

gdi32

SetTextJustification
SetMapMode
SetMapperFlags
GetFontLanguageInfo
UpdateColors

advapi32

ImpersonateLoggedOnUser
GetSidIdentifierAuthority
ClearEventLogA
StartServiceCtrlDispatcherW

winhttp

WinHttpOpen
WinHttpCrackUrl
WinHttpReadData
WinHttpQueryDataAvailable
WinHttpAddRequestHeaders
WinHttpCloseHandle

msimg32

GradientFill

Sections

.text
Size: 141KB - Virtual size: 140KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 136KB - Virtual size: 576KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.wox
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pomer
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.zodayaj
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.yonoy
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 284B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 44KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
bd9eb64eca2cbf7c481e3272dcce27639aff6c04252779d68bfdf8c9b4074eb7
.exe windows:6 windows x86 arch:x86

55feabc79a5c78feb777955aed76ec98

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetStdHandle
GetCommandLineA
FindNextFileW
FindFirstFileExW
DecodePointer
OutputDebugStringW
DeleteFileW
ReadConsoleW
GetConsoleMode
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
LCMapStringW
WriteConsoleW
GetModuleFileNameW
GetFileType
GetStdHandle
GetTickCount
GetStringTypeW
FreeLibrary
TlsFree
FlushFileBuffers
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
VirtualQuery
EncodePointer
SetLastError
RtlUnwind
RaiseException
GetCommandLineW
GetModuleHandleW
IsProcessorFeaturePresent
GetStartupInfoW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
QueryPerformanceCounter
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
MulDiv
LoadLibraryExW
GetFileSizeEx
CreateProcessW
GetModuleHandleA
GetConsoleCP
HeapSize
Module32NextW
GetModuleFileNameA
LoadLibraryA
OpenEventA
CreateEventA
Module32FirstW
CreateToolhelp32Snapshot
SetConsoleCtrlHandler
GetTimeFormatA
WideCharToMultiByte
MultiByteToWideChar
AllocateUserPhysicalPages
GetFileAttributesA
CreateFileW
GetFullPathNameW
RemoveDirectoryA
CreateDirectoryW
GetWindowsDirectoryA
GetTempPathW
WritePrivateProfileStringA
GetPrivateProfileStringA
FindResourceA
TlsSetValue
OutputDebugStringA
CloseHandle
GetFileTime
FindClose
ReadFile
WriteFile
LocalAlloc
GetFileSize
SizeofResource
LoadResource
Sleep
WaitForSingleObject
ResumeThread
SuspendThread
GetLastError
CreateThread
GetExitCodeProcess
ExitProcess
GetCurrentProcessId
GetCurrentProcess
GetProcessHeap
HeapFree
HeapAlloc
GlobalFree
GlobalUnlock
GlobalLock
GlobalSize
GlobalAlloc
GetProcAddress
LockResource
FindNextFileA
FindFirstFileA
CreateFileA
SetFilePointerEx
SetEndOfFile
lstrcpyA
TerminateProcess
FormatMessageW
LocalFree
GetModuleHandleExW
HeapReAlloc

user32

LoadIconA
LoadImageA
GetIconInfo
GetScrollInfo
GetCursorInfo
GetWindowInfo
GetAncestor
DrawEdge
DrawFrameControl
TranslateMessage
DispatchMessageA
PeekMessageA
SendMessageA
LoadCursorA
GetWindow
PostMessageA
DefWindowProcA
PostQuitMessage
RegisterClassExA
CreateWindowExA
DestroyWindow
GetParent
GetDesktopWindow
GetWindowLongA
InflateRect
FillRect
DrawFocusRect
GetSysColor
GetCursorPos
SetCursor
MessageBeep
GetWindowRect
GetClientRect
GetWindowTextA
SetWindowTextA
RemovePropA
LockWindowUpdate
InvalidateRect
EndPaint
BeginPaint
ReleaseDC
GetDC
UpdateWindow
DrawStateA
DrawTextExA
EnableMenuItem
GetSystemMenu
LoadMenuA
GetSystemMetrics
EnableWindow
ReleaseCapture
SetCapture
SetFocus
CharToOemA
IsClipboardFormatAvailable
EmptyClipboard
GetClipboardData
SetClipboardData
CloseClipboard
OpenClipboard
DefDlgProcA
GetDialogBaseUnits
SendDlgItemMessageA
GetDlgItemTextA
SetDlgItemTextA
SetDlgItemInt
GetDlgItem
EndDialog
SetWindowPos

gdi32

SetStretchBltMode
StretchBlt
SetPixel
SetMapMode
SelectObject
SaveDC
GetStockObject
SetTextAlign
EnumFontsA
DeleteObject
DeleteDC
CreateMetaFileA
CreateFontW
CreateCompatibleDC
CreateCompatibleBitmap
BitBlt
GetObjectA
GetPixel
TextOutA

comdlg32

ChooseFontA

advapi32

GetUserNameA
CreateWellKnownSid
GetSidSubAuthority
SetNamedSecurityInfoA
GetNamedSecurityInfoA
SetEntriesInAclA
CryptDuplicateKey
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptGenRandom
CryptGetHashParam
CryptSetKeyParam
CryptDestroyKey
CryptDeriveKey
CryptGenKey
CryptReleaseContext
CryptAcquireContextA
LookupPrivilegeValueA
SetSecurityDescriptorDacl
IsValidSecurityDescriptor
InitializeSecurityDescriptor
CopySid
GetLengthSid
FreeSid
AllocateAndInitializeSid
AdjustTokenPrivileges
GetTokenInformation
OpenProcessToken
RevertToSelf
CheckTokenMembership
LookupAccountNameA
LookupAccountSidA
GetSidSubAuthorityCount

shell32

ShellExecuteA
SHCreateDirectoryExW
CommandLineToArgvW
SHParseDisplayName
SHGetFolderPathA

ole32

RevokeDragDrop
CoInitialize
CoGetCallContext
CoLockObjectExternal
CreateFileMoniker
CoCreateInstance
CoUninitialize

oleaut32

VariantInit
VariantCopy
SysAllocStringLen
VarUI1FromR8
VarUI1FromCy
SysStringLen
SysFreeString
VarUI1FromR4

netapi32

NetShareEnum
NetApiBufferFree

mpr

WNetCloseEnum
WNetEnumResourceA
WNetOpenEnumA

msvfw32

ICCompressorChoose

avifil32

AVIMakeCompressedStream
AVIStreamSetFormat

winscard

SCardGetProviderIdW

shlwapi

PathIsDirectoryW
PathAppendA
PathFileExistsW
PathIsDirectoryEmptyW
PathRemoveFileSpecA

comctl32

ImageList_DrawEx

opengl32

glViewport
glClearDepth
glColor4fv
glEnable
glClearColor
glBindTexture
glLoadIdentity
glMaterialf
glTranslatef
glMaterialfv
glShadeModel
glRotatef
glMatrixMode
glOrtho
glPushMatrix
glPopMatrix

glu32

gluPerspective

dbghelp

SymLoadModule
SymGetTypeInfo

authz

AuthzInitializeResourceManager
AuthzFreeResourceManager

Sections

.text
Size: 172KB - Virtual size: 172KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 40KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 18KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 168KB - Virtual size: 167KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
c1d4014e65a8d79e555378dbf8e5db5786e3b6e4c841f7f64a3f40318bb59e60
.exe windows:6 windows x86 arch:x86

e9333030d13d212366770942e0dbc7be

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

crypt32

CryptStringToBinaryW
CryptBinaryToStringW

shlwapi

StrStrIW
PathFindExtensionW
PathIsUNCW

rstrtmgr

RmRegisterResources
RmGetList
RmStartSession
RmShutdown
RmEndSession

mpr

WNetGetConnectionW
WNetAddConnection2W

kernel32

GetLogicalDrives
FindFirstVolumeW
SetVolumeMountPointW
FindVolumeClose
GetVolumePathNamesForVolumeNameW
DeleteVolumeMountPointW
FindNextVolumeW
GetDriveTypeW
ReadFile
CloseThreadpool
CreateThreadpool
FindFirstFileExW
FindNextFileW
WriteFile
GetSystemTimes
FindClose
CreateFileW
SetThreadpoolThreadMinimum
SetFileAttributesW
CloseThreadpoolCleanupGroup
CloseThreadpoolCleanupGroupMembers
Sleep
SetThreadpoolThreadMaximum
CreateThreadpoolCleanupGroup
SubmitThreadpoolWork
GetConsoleWindow
lstrcmpiW
SetConsoleTitleW
GetWindowsDirectoryW
CreateThreadpoolWork
SizeofResource
GetCurrentProcess
AssignProcessToJobObject
InitializeProcThreadAttributeList
CreatePipe
PeekNamedPipe
WaitForSingleObject
OpenProcess
MultiByteToWideChar
UpdateProcThreadAttribute
LockResource
LoadResource
FindResourceW
CreateProcessW
GetModuleHandleW
WideCharToMultiByte
GetEnvironmentStringsW
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
SetFilePointerEx
GetFileSizeEx
GetFileAttributesExW
GetExitCodeProcess
CloseHandle
GetLastError
CreateJobObjectW
SetInformationJobObject
FreeEnvironmentStringsW
SetEnvironmentVariableW
GetProcessHeap
SetStdHandle
GetStringTypeW
FlushFileBuffers
GetConsoleOutputCP
GetConsoleMode
HeapSize
HeapReAlloc
DecodePointer
QueryDosDeviceW
MoveFileW
LocalFree
FormatMessageA
GetLocaleInfoEx
RaiseException
WaitForSingleObjectEx
GetCurrentThreadId
GetExitCodeThread
GetNativeSystemInfo
IsProcessorFeaturePresent
FreeLibraryWhenCallbackReturns
CloseThreadpoolWork
GetModuleHandleExW
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
WakeAllConditionVariable
SleepConditionVariableSRW
GetProcAddress
InitializeConditionVariable
WakeConditionVariable
QueryPerformanceCounter
QueryPerformanceFrequency
InitOnceComplete
InitOnceBeginInitialize
ReleaseSRWLockShared
AcquireSRWLockShared
TryAcquireSRWLockExclusive
InitializeSRWLock
InitializeCriticalSectionEx
GetSystemTimeAsFileTime
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
SetEvent
ResetEvent
CreateEventW
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
GetCurrentProcessId
InitializeSListHead
TerminateProcess
RtlUnwind
SetLastError
EncodePointer
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
CreateThread
ExitThread
FreeLibraryAndExitThread
ExitProcess
GetModuleFileNameW
GetStdHandle
GetCommandLineA
GetCommandLineW
HeapFree
HeapAlloc
GetFileType
CompareStringW
LCMapStringW
WriteConsoleW

user32

GetForegroundWindow
RegisterWindowMessageW
GetWindowThreadProcessId
ShowWindow
IsWindowVisible
GetAsyncKeyState
GetShellWindow

advapi32

CryptGenRandom
RegSetValueExW
OpenProcessToken
GetTokenInformation
CryptDestroyKey
CryptGetKeyParam
CryptAcquireContextW
CryptEncrypt
RegGetValueW
CryptExportKey
CryptImportKey
CryptGenKey
CryptReleaseContext
RegCloseKey
RegCreateKeyExW

shell32

SHEmptyRecycleBinW

Sections

.text
Size: 245KB - Virtual size: 245KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 61KB - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
c1dfd24fc912e5e7ea66f21ff43cb03765e5828a5b880e7115d75eeda04ca0cc
.exe windows:5 windows x86 arch:x86

9dd8c0ff4fc84287e5b766563240f983

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

RaiseException
GetLastError
MultiByteToWideChar
lstrlenA
InterlockedDecrement
GetProcAddress
LoadLibraryA
FreeResource
SizeofResource
LockResource
LoadResource
FindResourceA
GetModuleHandleA
Module32Next
CloseHandle
Module32First
CreateToolhelp32Snapshot
GetCurrentProcessId
SetEndOfFile
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
GetLocaleInfoA
CreateFileA
HeapFree
GetProcessHeap
HeapAlloc
GetCommandLineA
HeapCreate
VirtualFree
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
VirtualAlloc
HeapReAlloc
HeapSize
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetModuleHandleW
Sleep
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
WideCharToMultiByte
GetConsoleCP
GetConsoleMode
ReadFile
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
FlushFileBuffers
SetFilePointer
SetHandleCount
GetFileType
GetStartupInfoA
RtlUnwind
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
InitializeCriticalSectionAndSpinCount
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
CompareStringA
CompareStringW
SetEnvironmentVariableA
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetStdHandle

ole32

OleInitialize

oleaut32

VariantInit
SafeArrayCreate
SafeArrayAccessData
SafeArrayUnaccessData
SafeArrayDestroy
SafeArrayCreateVector
VariantClear
SysFreeString
SysAllocString

mscoree

CorBindToRuntimeEx

Sections

.text
Size: 102KB - Virtual size: 101KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 265KB - Virtual size: 265KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
deb898788cb5d64fc8c5fa8fce683704e3d6a7d9766c2f02d3fedcdf92cd3491
.exe windows:5 windows x86 arch:x86

fc41fa4147c5e75ec0753b5b30bbd7f4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetSystemWindowsDirectoryW
QueryDosDeviceA
GetTickCount
EnumCalendarInfoExW
ReadConsoleW
CreateActCtxW
AddRefActCtx
LoadLibraryW
SetCommConfig
GetConsoleWindow
SetConsoleMode
IsBadWritePtr
GetOverlappedResult
InterlockedIncrement
GetProcAddress
GetProcessHeaps
ResetEvent
WriteConsoleA
LocalAlloc
CreateEventW
lstrcatW
EndUpdateResourceA
GetCPInfo
EnumDateFormatsExW
lstrlenA
GetStringTypeExA
FindFirstChangeNotificationW
HeapValidate
IsBadReadPtr
RaiseException
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetModuleFileNameW
GetModuleHandleW
Sleep
InterlockedDecrement
ExitProcess
TlsGetValue
TlsSetValue
GetCurrentThreadId
SetLastError
GetLastError
HeapAlloc
GetModuleFileNameA
HeapReAlloc
HeapFree
VirtualFree
VirtualAlloc
GetACP
GetOEMCP
IsValidCodePage
InitializeCriticalSectionAndSpinCount
WriteFile
GetStdHandle
DebugBreak
OutputDebugStringA
WriteConsoleW
GetFileType
OutputDebugStringW
RtlUnwind
LoadLibraryA
WideCharToMultiByte
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
SetFilePointer
GetConsoleCP
GetConsoleMode
SetStdHandle
GetConsoleOutputCP
CreateFileA
CloseHandle
FlushFileBuffers
GetModuleHandleA

user32

GetCursor

Exports

Exports

@dfyldfg@0

Sections

.text
Size: 179KB - Virtual size: 179KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 81KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
e5a1aaeadefde13887db902f3b3d4e1740bb300fa43bb2b968935673b8351b9c
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
f8ba7a8962c1c450ec244820f3f91b1d5a415a02a5bfd2cb1ba0eab787feb5c7
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Code Sign

01:45:4b:e4:84:61:3b:4d:15:1f:0c:63:b3:43:93:19
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

16-09-2014 00:00

Not After

22-11-2017 12:00

Subject

CN=Spotify AB,O=Spotify AB,L=Stockholm,ST=Stockholm,C=SE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22-10-2013 12:00

Not After

22-10-2028 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10-11-2006 00:00

Not After

10-11-2021 00:00

Subject

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageEmailProtection
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

Issuer

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22-10-2014 00:00

Not After

22-10-2024 00:00

Subject

CN=DigiCert Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

be:69:f4:ef:3e:45:f0:2f:f7:8f:de:51:70:4d:cb:3d:5c:98:fd:fe
Signer

Actual PE Digest

be:69:f4:ef:3e:45:f0:2f:f7:8f:de:51:70:4d:cb:3d:5c:98:fd:fe

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 233KB - Virtual size: 233KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.sdata
Size: 512B - Virtual size: 496B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
f9554e243c37ba9004879c3e05997639e5735f2a84775230d712fe9437101d52
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 231KB - Virtual size: 231KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 455KB - Virtual size: 455KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 12B

90bc04cd771dd9666e2f7a223698dc3b

Headers

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

version

comctl32

Sections

.text Size: 136KB - Virtual size: 134KB

.rdata Size: 12KB - Virtual size: 8KB

.data Size: 24KB - Virtual size: 24KB

.rsrc Size: 132KB - Virtual size: 131KB

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 223KB - Virtual size: 222KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 12B

bf5a4aa99e5b160f8521cadd6bfe73b8

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

ole32

oleaut32

Sections

.text Size: 102KB - Virtual size: 101KB

.rdata Size: 27KB - Virtual size: 27KB

.data Size: 5KB - Virtual size: 12KB

.rsrc Size: 163KB - Virtual size: 162KB

5322617f33cf7cb687e39f110c8e3f88

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

netapi32

Sections

.text Size: 194KB - Virtual size: 194KB

.rdata Size: 61KB - Virtual size: 60KB

.data Size: 5KB - Virtual size: 61KB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 10KB - Virtual size: 10KB

6b261c4cce2ada1073ce81c108ed97fa

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

shell32

ntdll

.text
Size: 455KB - Virtual size: 455KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 136KB - Virtual size: 134KB

.rdata
Size: 12KB - Virtual size: 8KB

.data
Size: 24KB - Virtual size: 24KB

.rsrc
Size: 132KB - Virtual size: 131KB

.text
Size: 223KB - Virtual size: 222KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 102KB - Virtual size: 101KB

.rdata
Size: 27KB - Virtual size: 27KB

.data
Size: 5KB - Virtual size: 12KB

.rsrc
Size: 163KB - Virtual size: 162KB

.text
Size: 194KB - Virtual size: 194KB

.rdata
Size: 61KB - Virtual size: 60KB

.data
Size: 5KB - Virtual size: 61KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 10KB - Virtual size: 10KB

.text
Size: 75KB - Virtual size: 75KB

.rdata
Size: 42KB - Virtual size: 41KB

.data
Size: 127KB - Virtual size: 131KB

.pdata
Size: 4KB - Virtual size: 4KB

_RDATA
Size: 512B - Virtual size: 148B

.reloc
Size: 2KB - Virtual size: 1KB

.text
Size: 193KB - Virtual size: 193KB

.sdata
Size: 512B - Virtual size: 174B

.rsrc
Size: 126KB - Virtual size: 125KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 313KB - Virtual size: 312KB

.rdata
Size: 107KB - Virtual size: 107KB

.data
Size: 12KB - Virtual size: 16KB

.rsrc
Size: 512B - Virtual size: 488B

.reloc
Size: 19KB - Virtual size: 18KB

.text
Size: 265KB - Virtual size: 265KB

.rsrc
Size: 82KB - Virtual size: 82KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 337KB - Virtual size: 337KB

.sdata
Size: 512B - Virtual size: 162B

.rsrc
Size: 3KB - Virtual size: 2KB

.reloc
Size: 512B - Virtual size: 12B