samples1[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

samples1.zip
Size

15.3MB
MD5

06a84ad83f15ea02a83aa253ffa99318
SHA1

04341a9ae82749d4cee4a30a3a1855c0b6c25e4b
SHA256

03af084044608967ed35a4eee50c53d4e61a3dbbd5886366f6599990a3ec57cc
SHA512

0df57cafb20608a0b71fda8b81ae9c53e3d28c74a4763a1333a97e7a60e908bf52c05d2085d5045ed4b56b17af9f53a8fba6b7dcef00a0ba6b0ce527d52e52d0
SSDEEP

393216:KXmn+beOxZcT10/BlNuoQ2BqUimSDQ52aTYce/nK:KXQ+beOy0pve2OmSDSXu/nK

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/3e63a8e13c2363bb3002c04152cbbc908f237b9ca487b3f0681a09e8aa9451fd	upx

Unsigned PE 24 IoCs

Checks for missing Authenticode signature.

resource
unpack001/0c64f168ae10631fe4d70483174f9cdfc1d3d2ae9b7cb68e8fb117873d0006ec
unpack001/262d50c999845b2eeef49247b0b83f284d84db9017fbf7666c21ec6ae35697d5
unpack001/307327d31a49b82e973348e74e388d513e858f537bb3568e67132c3bf9e3a4ed
unpack001/3d6e16086adf8c09811b353829db8168d0354959ea51199e01fd354627c6273f
unpack001/3e63a8e13c2363bb3002c04152cbbc908f237b9ca487b3f0681a09e8aa9451fd
unpack002/out.upx
unpack001/4175dae9b268fe5b4f96055ea0376417b5ddc2518d3bd11e20f0f8255bb4621e
unpack001/67893c87b2afb9ad023ff6f8287ff96c86ac46231e49bad75a553fc557a8301e
unpack001/79b62f41b82f7ea0028f599e4a2fa9c0a56ea16ba68a9d1e738b18a95b306e40
unpack001/7d6744791e5957431ece9b5a523aceb7de9d4819f0ec58572d47faa9c8f18d94
unpack001/8c974f92bb51bacd41c22b44a1cee16138b047b3b834995f24a832539f877b11
unpack001/8e88cf3a627d31906aa1bb38c77a320bfe00632148425e50569f56ae40d7f06f
unpack001/98f0d0cd1a12ca5bb3416b2f023c09c05b1043f963d79256a67a2398b08abe4b
unpack001/a7e426dc46a92d8358ab196a0f4f907b78887538cd78d447fee47b50cdc0410c
unpack001/bdac68df9f3a2f4af6700e3121d596669287fe0cf92d964e285410c134494f3b
unpack001/c9ece7b4166c4fe2eeacdf9e21b921553581087673b6129785f9faf123eb2e78
unpack001/ca321702e80fc4162d9ccb17616389de813c75ad2810c9bec6a83d634e7b8638
unpack001/d07c1285063c9f68ce0901c70342930b877a1882d408ad42a426ddd9a5030036
unpack001/d551a474ecf0b7d1ba6dda319e3b77fdecf39489eaf14b7d8837002f2d31387b
unpack001/d80f2a4f8b328520fbbf6a347e74fa9a4970f5882e95354452fbfcffb401dd6a
unpack001/d9549f0e95d1be5c17a101e9d85abbfb930aaa3d49e4869202b1f6783dcb4fc6
unpack001/dd770daf014ed78e8a209d05b632b3d859e299daa32bac1855734da275cec03c
unpack001/ea980e5c696051d7045bdb42183506eeb755a19b449d13b4ecafb16b6974c965
unpack001/f9a647a6b8e2a922e086637ced33dbc68b24663976b62b1724524f1ab6aee555

Files

samples1.zip
.zip
0c64f168ae10631fe4d70483174f9cdfc1d3d2ae9b7cb68e8fb117873d0006ec
.exe windows:5 windows x86 arch:x86

10e69ccb2b5525307fd649876c125123

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP
IMAGE_FILE_BYTES_REVERSED_HI

Imports

oleaut32

SysFreeString
SysReAllocStringLen
SysAllocStringLen
SafeArrayPtrOfIndex
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayCreate
VariantChangeType
VariantCopyInd
VariantCopy
VariantClear
VariantInit

advapi32

RegQueryValueExW
RegOpenKeyExW
RegCloseKey
GetUserNameW
CryptGenRandom
CryptReleaseContext
CryptAcquireContextW

user32

CharNextW
LoadStringW
PeekMessageW
MsgWaitForMultipleObjects
MessageBoxW
LoadStringW
GetSystemMetrics
CharUpperBuffW
CharUpperW
CharLowerBuffW

kernel32

Sleep
VirtualFree
VirtualAlloc
lstrlenW
VirtualQuery
GetTickCount
GetSystemInfo
GetVersion
CompareStringW
IsDBCSLeadByteEx
IsValidLocale
SetThreadLocale
GetSystemDefaultUILanguage
GetUserDefaultUILanguage
GetLocaleInfoW
WideCharToMultiByte
MultiByteToWideChar
GetConsoleOutputCP
GetConsoleCP
GetACP
LoadLibraryExW
GetStartupInfoW
GetProcAddress
GetModuleHandleW
GetModuleFileNameW
GetCommandLineW
FreeLibrary
GetLastError
UnhandledExceptionFilter
RtlUnwind
RaiseException
ExitProcess
ExitThread
SwitchToThread
GetCurrentThreadId
CreateThread
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
FindFirstFileW
FindClose
WriteFile
SetFilePointer
SetEndOfFile
ReadFile
GetFileType
GetFileSize
CreateFileW
GetStdHandle
CloseHandle
GetProcAddress
RaiseException
LoadLibraryA
GetLastError
TlsSetValue
TlsGetValue
LocalFree
LocalAlloc
GetModuleHandleW
FreeLibrary
WriteFile
WideCharToMultiByte
WaitForSingleObject
VirtualQueryEx
VirtualQuery
VirtualProtect
VirtualFree
VerSetConditionMask
VerifyVersionInfoW
UnmapViewOfFile
SystemTimeToTzSpecificLocalTime
SwitchToThread
SuspendThread
Sleep
SizeofResource
SetThreadPriority
SetLastError
SetFilePointer
SetFileAttributesW
SetEvent
SetEndOfFile
SetConsoleCursorPosition
ResumeThread
ResetEvent
RemoveDirectoryW
ReadFile
QueryPerformanceFrequency
QueryPerformanceCounter
QueryDosDeviceW
MultiByteToWideChar
MoveFileW
MapViewOfFile
LockResource
LocalFree
LoadResource
LoadLibraryW
LeaveCriticalSection
LCMapStringW
IsValidLocale
InitializeCriticalSection
HeapFree
HeapDestroy
HeapCreate
HeapAlloc
GetVolumeInformationW
GetVersionExW
GetTickCount
GetThreadPriority
GetThreadLocale
GetSystemTimeAsFileTime
GetSystemInfo
GetStdHandle
GetProcAddress
GetModuleHandleW
GetModuleFileNameW
GetLogicalDriveStringsW
GetLocaleInfoW
GetLocalTime
GetLastError
GetFullPathNameW
GetFileSize
GetFileAttributesExW
GetFileAttributesW
GetExitCodeThread
GetDriveTypeW
GetDiskFreeSpaceW
GetDateFormatW
GetCurrentThreadId
GetCurrentThread
GetCurrentProcess
GetConsoleScreenBufferInfo
GetComputerNameW
GetCPInfoExW
GetCPInfo
GetACP
FreeResource
FreeLibrary
FreeConsole
FormatMessageW
FindResourceW
FindNextFileW
FindFirstFileW
FindClose
FillConsoleOutputCharacterW
FileTimeToSystemTime
FileTimeToLocalFileTime
FileTimeToDosDateTime
EnumCalendarInfoW
EnterCriticalSection
DeleteFileW
DeleteCriticalSection
CreateFileMappingW
CreateFileW
CreateEventW
CompareStringW
CloseHandle
AllocConsole
Sleep

version

VerQueryValueA
VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

netapi32

NetApiBufferFree
NetWkstaGetInfo

shell32

ShellExecuteW

Exports

Exports

TMethodImplementationIntercept
__dbk_fcall_wrapper
dbkFCallWrapperAddr

Sections

.text
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 52KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.didata
Size: 1024B - Virtual size: 580B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 149B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: - Virtual size: 40B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 92B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
1ee5bd0ea0a747187f9432bdba76309461fc24b378f53513d1b53fadec4ebccc
.jar
262d50c999845b2eeef49247b0b83f284d84db9017fbf7666c21ec6ae35697d5
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 575KB - Virtual size: 574KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 99KB - Virtual size: 99KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
307327d31a49b82e973348e74e388d513e858f537bb3568e67132c3bf9e3a4ed
.exe windows:6 windows x86 arch:x86

feda136874bd914333747d88b45187dd

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

WSAGetLastError
WSAStartup
WSACleanup
WSAAddressToStringW
GetAddrInfoW
FreeAddrInfoW

netapi32

NetUseEnum
NetApiBufferAllocate
NetApiBufferFree
NetApiBufferReallocate

mpr

WNetGetConnectionW
WNetCancelConnection2W
WNetAddConnection2W
WNetOpenEnumW
WNetCloseEnum
WNetEnumResourceW

wtsapi32

WTSFreeMemory
WTSQueryUserToken
WTSEnumerateSessionsW

kernel32

IsValidCodePage
GetStdHandle
GetFileAttributesW
WriteFile
GetLastError
CreateMutexA
Sleep
GetCurrentProcessId
GetCurrentThreadId
GetDynamicTimeZoneInformation
WideCharToMultiByte
GetConsoleMode
WriteConsoleA
GetConsoleScreenBufferInfo
SetConsoleTextAttribute
CloseHandle
TerminateProcess
OpenProcess
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
GetFinalPathNameByHandleW
SetFileAttributesW
GetCurrentProcess
GetModuleHandleW
GetProcAddress
GetACP
GetDriveTypeW
ExitProcess
GetCurrentThread
GetProfileStringW
FormatMessageA
FreeConsole
FreeLibrary
SetStdHandle
HeapReAlloc
GetTimeZoneInformation
GetFileSizeEx
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
TlsFree
TlsSetValue
TlsGetValue
CompareStringW
GetOEMCP
GetEnvironmentStringsW
LoadLibraryExW
CreateThread
ExitThread
FreeLibraryAndExitThread
GetModuleHandleExW
GetFileType
FlushFileBuffers
ReadFile
ReadConsoleW
GetConsoleOutputCP
GetModuleFileNameW
GetCommandLineA
FreeEnvironmentStringsW
SetEnvironmentVariableW
GetProcessHeap
HeapSize
WriteConsoleW
GetCommandLineW
HeapAlloc
HeapFree
GetDateFormatW
LocalFree
DeleteCriticalSection
QueryPerformanceCounter
QueryPerformanceFrequency
WaitForSingleObjectEx
GetExitCodeThread
GetNativeSystemInfo
InitializeSRWLock
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
TryEnterCriticalSection
TlsAlloc
InitializeConditionVariable
WakeConditionVariable
WakeAllConditionVariable
SleepConditionVariableCS
SleepConditionVariableSRW
MultiByteToWideChar
GetStringTypeW
CreateDirectoryW
CreateFileW
FindClose
FindFirstFileExW
FindNextFileW
GetFileAttributesExW
SetEndOfFile
SetFileInformationByHandle
SetFilePointerEx
AreFileApisANSI
MoveFileExW
GetFileInformationByHandleEx
GetSystemTimeAsFileTime
EncodePointer
DecodePointer
LCMapStringEx
CompareStringEx
GetCPInfo
GetLocaleInfoEx
InitializeCriticalSectionAndSpinCount
SetEvent
ResetEvent
CreateEventW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
InitializeSListHead
RaiseException
RtlUnwind
SetLastError
GetTimeFormatW

shell32

ShellExecuteW

ole32

CoSetProxyBlanket
CoCreateInstance
CoInitializeEx
CoUninitialize

oleaut32

VariantInit
SysFreeString
SysAllocString

advapi32

LookupPrivilegeValueA
CryptGenRandom
CryptReleaseContext
CryptAcquireContextA
LogonUserW
ImpersonateLoggedOnUser
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
RevertToSelf
DuplicateTokenEx
SetThreadToken
SetNamedSecurityInfoW
SetEntriesInAclW
LookupPrivilegeValueW
FreeSid
AllocateAndInitializeSid
AdjustTokenPrivileges
OpenProcessToken
QueryServiceStatusEx
OpenServiceW
OpenSCManagerW
EnumServicesStatusExW
EnumDependentServicesW
ControlService
CloseServiceHandle

Sections

.text
Size: 728KB - Virtual size: 727KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 162KB - Virtual size: 162KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
3d6e16086adf8c09811b353829db8168d0354959ea51199e01fd354627c6273f
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 177KB - Virtual size: 176KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 369KB - Virtual size: 369KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
3e63a8e13c2363bb3002c04152cbbc908f237b9ca487b3f0681a09e8aa9451fd
.exe windows:6 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 1.7MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 570KB - Virtual size: 572KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:6 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 434KB - Virtual size: 434KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 53KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 92KB - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
4175dae9b268fe5b4f96055ea0376417b5ddc2518d3bd11e20f0f8255bb4621e
.exe windows:5 windows x86 arch:x86

def8e03a24c84ba4e0594fac174b03f7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ReadFile
GetFileSizeEx
GetFileAttributesW
SetFileAttributesW
SetFilePointerEx
MoveFileExW
FindFirstFileW
FindNextFileW
FindClose
GetCurrentProcess
GetDiskFreeSpaceW
GetUserDefaultLangID
GetUserDefaultUILanguage
GetLocaleInfoA
GetCurrentThread
GetThreadContext
IsDebuggerPresent
GetComputerNameA
CheckRemoteDebuggerPresent
WriteConsoleW
HeapSize
GetConsoleMode
GetConsoleCP
FlushFileBuffers
SetStdHandle
GetEnvironmentVariableW
FreeEnvironmentStringsW
WriteFile
GetTickCount
OpenMutexW
CreateProcessW
CloseHandle
Process32FirstW
GetSystemWow64DirectoryW
GetLastError
Sleep
CreateToolhelp32Snapshot
OpenProcess
WaitForSingleObject
CreateMutexW
TerminateProcess
InterlockedDecrement
WideCharToMultiByte
MultiByteToWideChar
FindNextVolumeW
GetVolumePathNamesForVolumeNameW
FindVolumeClose
SetVolumeMountPointW
FindFirstVolumeW
QueryDosDeviceW
GetLogicalDrives
GetProcessHeap
HeapAlloc
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
IsValidCodePage
FindFirstFileExW
GetFileType
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
Process32NextW
CreateFileW
HeapReAlloc
GetACP
GetStdHandle
ExitProcess
RtlUnwind
LoadLibraryW
HeapFree
EncodePointer
DecodePointer
RaiseException
GetCurrentThreadId
IsProcessorFeaturePresent
QueueUserWorkItem
GetModuleHandleExW
FormatMessageW
EnterCriticalSection
LeaveCriticalSection
TryEnterCriticalSection
DeleteCriticalSection
GetStringTypeW
SetLastError
InitializeCriticalSectionAndSpinCount
CreateEventW
SwitchToThread
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
GetModuleHandleW
GetProcAddress
DuplicateHandle
WaitForSingleObjectEx
QueryPerformanceCounter
GetCPInfo
CompareStringW
LCMapStringW
GetLocaleInfoW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
SetEvent
ResetEvent
GetStartupInfoW
GetCurrentProcessId
InitializeSListHead
LocalFree
CreateTimerQueue
SignalObjectAndWait
CreateThread
SetThreadPriority
GetThreadPriority
GetLogicalProcessorInformation
CreateTimerQueueTimer
ChangeTimerQueueTimer
DeleteTimerQueueTimer
GetNumaHighestNodeNumber
GetProcessAffinityMask
SetThreadAffinityMask
RegisterWaitForSingleObject
UnregisterWait
GetThreadTimes
FreeLibrary
FreeLibraryAndExitThread
GetModuleFileNameW
GetModuleHandleA
LoadLibraryExW
GetVersionExW
VirtualAlloc
VirtualProtect
VirtualFree
ReleaseSemaphore
InterlockedPopEntrySList
InterlockedPushEntrySList
InterlockedFlushSList
QueryDepthSList
UnregisterWaitEx

winspool.drv

EnumPrintersW
EndDocPrinter
EndPagePrinter
StartDocPrinterW
ClosePrinter
StartPagePrinter
WritePrinter
OpenPrinterW

advapi32

DeleteService
CryptGenKey
CryptDuplicateKey
CryptSetKeyParam
CryptEncrypt
CryptGenRandom
CryptImportKey
RegQueryValueExW
RegCloseKey
CloseServiceHandle
ClearEventLogW
OpenSCManagerW
CloseEventLog
CryptReleaseContext
ControlService
EnumDependentServicesW
RegSetValueExW
OpenEventLogW
RegOpenKeyExW
OpenServiceW
QueryServiceStatusEx
CryptDestroyKey
CryptAcquireContextW
CryptExportKey

shell32

SHEmptyRecycleBinW

ole32

CoCreateInstance
CoSetProxyBlanket
CoInitialize

oleaut32

SysFreeString
SysAllocString
VariantClear

mpr

WNetGetConnectionW

netapi32

NetApiBufferFree
NetDfsEnum
NetShareEnum

iphlpapi

SendARP

ws2_32

gethostbyname
WSAStartup
WSACleanup
inet_addr
inet_ntoa
gethostname
htons
getnameinfo

crypt32

CryptStringToBinaryA

Sections

.text
Size: 327KB - Virtual size: 326KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 108KB - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 488B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
67893c87b2afb9ad023ff6f8287ff96c86ac46231e49bad75a553fc557a8301e
.exe windows:5 windows x86 arch:x86

027ea80e8125c6dda271246922d4c3b0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetLastError
SetLastError
GetCurrentProcess
DeviceIoControl
SetFileTime
CloseHandle
CreateDirectoryW
RemoveDirectoryW
CreateFileW
DeleteFileW
CreateHardLinkW
GetShortPathNameW
GetLongPathNameW
MoveFileW
GetFileType
GetStdHandle
WriteFile
ReadFile
FlushFileBuffers
SetEndOfFile
SetFilePointer
SetFileAttributesW
GetFileAttributesW
FindClose
FindFirstFileW
FindNextFileW
GetVersionExW
GetCurrentDirectoryW
GetFullPathNameW
FoldStringW
GetModuleFileNameW
GetModuleHandleW
FindResourceW
FreeLibrary
GetProcAddress
GetCurrentProcessId
ExitProcess
SetThreadExecutionState
Sleep
LoadLibraryW
GetSystemDirectoryW
CompareStringW
AllocConsole
FreeConsole
AttachConsole
WriteConsoleW
GetProcessAffinityMask
CreateThread
SetThreadPriority
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
SetEvent
ResetEvent
ReleaseSemaphore
WaitForSingleObject
CreateEventW
CreateSemaphoreW
GetSystemTime
SystemTimeToTzSpecificLocalTime
TzSpecificLocalTimeToSystemTime
SystemTimeToFileTime
FileTimeToLocalFileTime
LocalFileTimeToFileTime
FileTimeToSystemTime
GetCPInfo
IsDBCSLeadByte
MultiByteToWideChar
WideCharToMultiByte
GlobalAlloc
GetTickCount
SetCurrentDirectoryW
GetExitCodeProcess
GetLocalTime
MapViewOfFile
UnmapViewOfFile
CreateFileMappingW
OpenFileMappingW
GetCommandLineW
SetEnvironmentVariableW
ExpandEnvironmentStringsW
GetTempPathW
MoveFileExW
GetLocaleInfoW
GetTimeFormatW
GetDateFormatW
GetNumberFormatW
RaiseException
GetSystemInfo
VirtualProtect
VirtualQuery
LoadLibraryExA
IsProcessorFeaturePresent
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
QueryPerformanceCounter
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
TerminateProcess
RtlUnwind
EncodePointer
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
QueryPerformanceFrequency
GetModuleHandleExW
GetModuleFileNameA
GetACP
HeapFree
HeapAlloc
HeapReAlloc
GetStringTypeW
LCMapStringW
FindFirstFileExA
FindNextFileA
IsValidCodePage
GetOEMCP
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetProcessHeap
SetStdHandle
HeapSize
GetConsoleCP
GetConsoleMode
SetFilePointerEx
DecodePointer

Sections

.text
Size: 184KB - Virtual size: 183KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 38KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 126KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 240B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
79b62f41b82f7ea0028f599e4a2fa9c0a56ea16ba68a9d1e738b18a95b306e40
.exe .ps1 windows:4 windows x86 arch:x86 polyglot

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.sdata
Size: 512B - Virtual size: 194B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 157KB - Virtual size: 156KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
7d6744791e5957431ece9b5a523aceb7de9d4819f0ec58572d47faa9c8f18d94
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 163KB - Virtual size: 162KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
8c974f92bb51bacd41c22b44a1cee16138b047b3b834995f24a832539f877b11
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 554KB - Virtual size: 553KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
8e88cf3a627d31906aa1bb38c77a320bfe00632148425e50569f56ae40d7f06f
.exe windows:6 windows x86 arch:x86

3fc59c5b61bcc91f06a07a72be55ccff

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mpr

WNetOpenEnumW
WNetCancelConnection2W
WNetAddConnection2W
WNetEnumResourceW
WNetCloseEnum

wtsapi32

WTSFreeMemory
WTSQueryUserToken
WTSEnumerateSessionsW

kernel32

WriteFile
GetLastError
CreateMutexA
GetCurrentProcessId
GetCurrentThreadId
GetDynamicTimeZoneInformation
WideCharToMultiByte
GetConsoleMode
WriteConsoleA
GetConsoleScreenBufferInfo
SetConsoleTextAttribute
CloseHandle
Sleep
TerminateProcess
OpenProcess
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
GetFinalPathNameByHandleW
SetFileAttributesW
GetCurrentProcess
GetModuleHandleW
GetProcAddress
GetStdHandle
GetDriveTypeW
GetCurrentThread
FormatMessageA
GetModuleHandleExW
SetStdHandle
GetFileSizeEx
HeapReAlloc
GetTimeZoneInformation
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
FreeLibraryAndExitThread
ExitThread
CompareStringW
IsValidCodePage
GetACP
GetOEMCP
GetEnvironmentStringsW
GetFileType
FlushFileBuffers
ReadFile
ReadConsoleW
GetConsoleOutputCP
ExitProcess
GetModuleFileNameW
GetCommandLineA
FreeEnvironmentStringsW
SetEnvironmentVariableW
GetProcessHeap
HeapSize
WriteConsoleW
GetCommandLineW
HeapAlloc
HeapFree
GetDateFormatW
LocalFree
GetStringTypeW
QueryPerformanceCounter
WaitForSingleObjectEx
GetExitCodeThread
GetNativeSystemInfo
InitializeSRWLock
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
TryEnterCriticalSection
DeleteCriticalSection
InitializeConditionVariable
WakeConditionVariable
WakeAllConditionVariable
SleepConditionVariableCS
SleepConditionVariableSRW
MultiByteToWideChar
CreateThread
CreateFileW
FindClose
FindFirstFileExW
FindNextFileW
GetFileAttributesW
GetFileAttributesExW
SetEndOfFile
SetFileInformationByHandle
SetFilePointerEx
AreFileApisANSI
MoveFileExW
GetFileInformationByHandleEx
GetSystemTimeAsFileTime
EncodePointer
DecodePointer
LCMapStringEx
CompareStringEx
GetCPInfo
GetLocaleInfoEx
InitializeCriticalSectionAndSpinCount
SetEvent
ResetEvent
CreateEventW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
InitializeSListHead
RaiseException
RtlUnwind
SetLastError
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
GetTimeFormatW

shell32

ShellExecuteW

ole32

CoSetProxyBlanket
CoCreateInstance
CoInitializeEx
CoUninitialize

oleaut32

VariantInit
SysFreeString
SysAllocString

advapi32

LookupPrivilegeValueA
CryptGenRandom
CryptReleaseContext
CryptAcquireContextA
RevertToSelf
DuplicateTokenEx
SetThreadToken
SetNamedSecurityInfoW
SetEntriesInAclW
LookupPrivilegeValueW
FreeSid
AllocateAndInitializeSid
AdjustTokenPrivileges
OpenProcessToken
QueryServiceStatusEx
OpenServiceW
OpenSCManagerW
EnumServicesStatusExW
EnumDependentServicesW
ControlService
CloseServiceHandle

Sections

.text
Size: 679KB - Virtual size: 678KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 163KB - Virtual size: 163KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 18KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
98f0d0cd1a12ca5bb3416b2f023c09c05b1043f963d79256a67a2398b08abe4b
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.sdata
Size: 512B - Virtual size: 194B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 351KB - Virtual size: 350KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
a7e426dc46a92d8358ab196a0f4f907b78887538cd78d447fee47b50cdc0410c
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
bdac68df9f3a2f4af6700e3121d596669287fe0cf92d964e285410c134494f3b
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 575KB - Virtual size: 575KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
c9ece7b4166c4fe2eeacdf9e21b921553581087673b6129785f9faf123eb2e78
.exe windows:5 windows x86 arch:x86

bf5a4aa99e5b160f8521cadd6bfe73b8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

RaiseException
GetLastError
MultiByteToWideChar
lstrlenA
InterlockedDecrement
GetProcAddress
LoadLibraryA
FreeResource
SizeofResource
LockResource
LoadResource
FindResourceA
GetModuleHandleA
Module32Next
CloseHandle
Module32First
CreateToolhelp32Snapshot
GetCurrentProcessId
SetEndOfFile
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
GetLocaleInfoA
HeapFree
GetProcessHeap
HeapAlloc
GetCommandLineA
HeapCreate
VirtualFree
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
VirtualAlloc
HeapReAlloc
HeapSize
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetModuleHandleW
Sleep
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
WideCharToMultiByte
GetConsoleCP
GetConsoleMode
ReadFile
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
FlushFileBuffers
SetFilePointer
SetHandleCount
GetFileType
GetStartupInfoA
RtlUnwind
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
InitializeCriticalSectionAndSpinCount
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
CompareStringA
CompareStringW
SetEnvironmentVariableA
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetStdHandle
CreateFileA

ole32

OleInitialize

oleaut32

SafeArrayCreate
SafeArrayAccessData
SafeArrayUnaccessData
SafeArrayDestroy
SafeArrayCreateVector
VariantClear
VariantInit
SysFreeString
SysAllocString

Sections

.text
Size: 102KB - Virtual size: 101KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 380KB - Virtual size: 380KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
ca321702e80fc4162d9ccb17616389de813c75ad2810c9bec6a83d634e7b8638
.exe windows:5 windows x86 arch:x86

f071bbbdc5f30da26351a7d3601bf8cb

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

gdiplus

GdiplusShutdown
GdipGetImageEncoders
GdipCloneImage
GdiplusStartup
GdipCreateBitmapFromHBITMAP
GdipDisposeImage
GdipFree
GdipGetImageEncodersSize
GdipSaveImageToFile
GdipAlloc

kernel32

SetPriorityClass
FindNextFileW
GetCurrentProcess
WriteFile
TerminateProcess
SetErrorMode
SetFilePointer
GetTempPathW
CreateMutexW
FindClose
CreateFileW
GetFileAttributesW
OpenProcess
SetFileAttributesW
GetLogicalDriveStringsW
CreateToolhelp32Snapshot
Sleep
GetLastError
Process32NextW
GlobalAlloc
DeleteFileW
Process32FirstW
GlobalFree
CloseHandle
GetSystemInfo
GetFileSizeEx
GetProcAddress
GetFileSize
ExitProcess
VerSetConditionMask
GetCurrentProcessId
WideCharToMultiByte
VerifyVersionInfoW
OpenMutexW
WaitNamedPipeW
GetDriveTypeW
EnterCriticalSection
FindNextFileA
LeaveCriticalSection
DeleteCriticalSection
QueryPerformanceCounter
SetFilePointerEx
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetTimeFormatW
GetDateFormatW
GetFileType
FindFirstFileW
SetNamedPipeHandleState
ReadFile
FindFirstFileExA
IsValidCodePage
GetOEMCP
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
SetStdHandle
WriteConsoleW
HeapSize
SetEndOfFile
LoadLibraryW
GetConsoleMode
GetConsoleCP
FlushFileBuffers
GetTimeZoneInformation
GetProcessHeap
GetACP
GetStdHandle
GetModuleFileNameA
ReadConsoleW
HeapReAlloc
GetModuleHandleExW
ExitThread
HeapFree
HeapAlloc
RaiseException
RtlUnwind
DuplicateHandle
WaitForSingleObjectEx
GetCurrentThread
GetCurrentThreadId
GetExitCodeThread
GetNativeSystemInfo
MultiByteToWideChar
GetStringTypeW
TryEnterCriticalSection
SetLastError
InitializeCriticalSectionAndSpinCount
CreateEventW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
GetTickCount
GetModuleHandleW
EncodePointer
DecodePointer
GetCPInfo
CompareStringW
LCMapStringW
GetLocaleInfoW
SetEvent
ResetEvent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
InitializeSListHead
CreateTimerQueue
SignalObjectAndWait
SwitchToThread
CreateThread
SetThreadPriority
GetThreadPriority
GetLogicalProcessorInformation
CreateTimerQueueTimer
ChangeTimerQueueTimer
DeleteTimerQueueTimer
GetNumaHighestNodeNumber
GetProcessAffinityMask
SetThreadAffinityMask
RegisterWaitForSingleObject
UnregisterWait
GetThreadTimes
FreeLibrary
FreeLibraryAndExitThread
GetModuleFileNameW
GetModuleHandleA
LoadLibraryExW
GetVersionExW
VirtualAlloc
VirtualProtect
VirtualFree
ReleaseSemaphore
InterlockedPopEntrySList
InterlockedPushEntrySList
InterlockedFlushSList
QueryDepthSList
UnregisterWaitEx

user32

GetSystemMetrics
GetDC
wsprintfW

gdi32

CreateCompatibleBitmap
SelectObject
CreateCompatibleDC
DeleteObject
BitBlt

advapi32

CryptGenRandom
CryptReleaseContext
GetCurrentHwProfileW
RegCloseKey
RegQueryInfoKeyW
RegEnumKeyExW
OpenProcessToken
RegOpenKeyExW
RegOpenKeyW
RegQueryValueExW
GetTokenInformation
CryptAcquireContextW

shell32

SHGetSpecialFolderPathW

shlwapi

PathFindExtensionW

mpr

WNetCloseEnum
WNetEnumResourceW
WNetOpenEnumW
WNetGetConnectionW

wininet

HttpSendRequestA
InternetCloseHandle
InternetOpenA
HttpOpenRequestA
InternetConnectA

Sections

.text
Size: 433KB - Virtual size: 432KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 114KB - Virtual size: 114KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
d07c1285063c9f68ce0901c70342930b877a1882d408ad42a426ddd9a5030036
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 369KB - Virtual size: 368KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 224KB - Virtual size: 223KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
d551a474ecf0b7d1ba6dda319e3b77fdecf39489eaf14b7d8837002f2d31387b
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
d80f2a4f8b328520fbbf6a347e74fa9a4970f5882e95354452fbfcffb401dd6a
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 938KB - Virtual size: 937KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
d9549f0e95d1be5c17a101e9d85abbfb930aaa3d49e4869202b1f6783dcb4fc6
.exe windows:4 windows x86 arch:x86

1a758b416c101d1f8b1d171dd1443728

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

_CIcos
_adj_fptan
__vbaVarMove
__vbaFreeVar
__vbaStrVarMove
ord697
__vbaEnd
__vbaFreeVarList
_adj_fdiv_m64
_adj_fprem1
ord519
__vbaSetSystemError
__vbaHresultCheckObj
_adj_fdiv_m32
__vbaAryDestruct
__vbaOnError
_adj_fdiv_m16i
_adj_fdivr_m16i
ord598
_CIsin
ord631
ord632
__vbaChkstk
EVENT_SINK_AddRef
__vbaStrCmp
DllFunctionCall
ord670
_adj_fpatan
__vbaLateIdCallLd
EVENT_SINK_Release
_CIsqrt
EVENT_SINK_QueryInterface
__vbaExceptHandler
_adj_fprem
_adj_fdivr_m64
__vbaFPException
ord538
_CIlog
__vbaNew2
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaStrCopy
_adj_fdivr_m32
_adj_fdiv_r
ord100
__vbaI4Var
ord613
_CIatan
__vbaStrMove
ord618
ord543
_allmul
__vbaLateIdSt
_CItan
ord546
_CIexp
__vbaFreeObj
__vbaFreeStr

Sections

.text
Size: 548KB - Virtual size: 544KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 196KB - Virtual size: 192KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
dd770daf014ed78e8a209d05b632b3d859e299daa32bac1855734da275cec03c
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 565KB - Virtual size: 564KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ea980e5c696051d7045bdb42183506eeb755a19b449d13b4ecafb16b6974c965
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
f9a647a6b8e2a922e086637ced33dbc68b24663976b62b1724524f1ab6aee555
.exe windows:5 windows x86 arch:x86

94ba7e736181fb813316e7e50cb9c233

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetExitCodeProcess
FindNextVolumeW
IsProcessorFeaturePresent
SetTimeZoneInformation
GetBinaryTypeA
IsBadWritePtr
EnumResourceLanguagesA
GetMailslotInfo
lstrcatA
QueryInformationJobObject
ExitThread
GetVolumePathNameA
lstrlenW
SetConsoleTitleA
VirtualUnlock
InterlockedExchange
GetCPInfoExW
FreeLibraryAndExitThread
SetLastError
GetThreadLocale
GetComputerNameExW
GlobalFree
GetSystemTimeAdjustment
LocalAlloc
DeleteTimerQueue
AddVectoredExceptionHandler
FindFirstVolumeMountPointW
GlobalMemoryStatusEx
GetCommMask
SetCommMask
CreateIoCompletionPort
FatalExit
EnumResourceNamesA
CreateMailslotA
BuildCommDCBA
VirtualProtect
CompareStringA
_lopen
GetDiskFreeSpaceExW
ReadConsoleInputW
LocalSize
GetWindowsDirectoryW
EnumResourceLanguagesW
GetPrivateProfileSectionW
SetSystemTimeAdjustment
GetPrivateProfileStructW
GetLocaleInfoW
GetConsoleCP
EnumResourceTypesA
FormatMessageA
OutputDebugStringW
SetTapeParameters
BackupSeek
GetProfileStringW
SetHandleInformation
SetDefaultCommConfigW
SetConsoleActiveScreenBuffer
GetCommState
MoveFileExW
DeleteVolumeMountPointA
MoveFileExA
GetConsoleAliasesLengthW
UnregisterWait
WriteConsoleOutputCharacterW
GetNativeSystemInfo
FindFirstFileW
HeapReAlloc
GetDiskFreeSpaceW
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
MultiByteToWideChar
GetStartupInfoW
RaiseException
RtlUnwind
HeapAlloc
GetLastError
HeapFree
ReadFile
GetModuleHandleW
GetProcAddress
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
GetCurrentThreadId
InterlockedDecrement
GetCurrentThread
EnterCriticalSection
LeaveCriticalSection
SetFilePointer
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
Sleep
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
GetModuleFileNameW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
DeleteCriticalSection
HeapCreate
HeapDestroy
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
FatalAppExitA
VirtualAlloc
CloseHandle
CreateFileA
InitializeCriticalSectionAndSpinCount
SetStdHandle
WideCharToMultiByte
GetConsoleMode
FlushFileBuffers
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetTimeFormatA
GetDateFormatA
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
GetModuleHandleA
HeapSize
SetConsoleCtrlHandler
FreeLibrary
LoadLibraryA
SetEndOfFile
GetProcessHeap
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetTimeZoneInformation
CompareStringW
SetEnvironmentVariableA

advapi32

InitializeSid
CloseEventLog
RegSetValueExW
AdjustTokenPrivileges
ControlService
RegLoadKeyA
RegQueryValueA
SetKernelObjectSecurity
RegConnectRegistryW
RegQueryInfoKeyA
RegOpenKeyExA
RegDeleteKeyW
RegSetValueExA
GetTokenInformation
LookupPrivilegeNameA
MapGenericMask
SetSecurityDescriptorControl
LogonUserW
OpenThreadToken
DeleteService
ObjectOpenAuditAlarmA
GetSidSubAuthority
OpenServiceA

Exports

Exports

_MyFunc124@4

Sections

.text
Size: 727KB - Virtual size: 727KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.fobosrf
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.fobosdf
Size: 1KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 27KB - Virtual size: 450KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

10e69ccb2b5525307fd649876c125123

Headers

File Characteristics

Imports

oleaut32

advapi32

user32

kernel32

version

netapi32

shell32

Exports

Exports

Sections

.text Size: 1.0MB - Virtual size: 1.0MB

.itext Size: 6KB - Virtual size: 5KB

.data Size: 22KB - Virtual size: 22KB

.bss Size: - Virtual size: 52KB

.idata Size: 6KB - Virtual size: 5KB

.didata Size: 1024B - Virtual size: 580B

.edata Size: 512B - Virtual size: 149B

.tls Size: - Virtual size: 40B

.rdata Size: 512B - Virtual size: 92B

.rsrc Size: 15KB - Virtual size: 15KB

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 575KB - Virtual size: 574KB

.rsrc Size: 99KB - Virtual size: 99KB

.reloc Size: 512B - Virtual size: 12B

feda136874bd914333747d88b45187dd

Headers

DLL Characteristics

File Characteristics

Imports

ws2_32

netapi32

mpr

wtsapi32

kernel32

shell32

ole32

oleaut32

advapi32

Sections

.text Size: 728KB - Virtual size: 727KB

.rdata Size: 162KB - Virtual size: 162KB

.data Size: 9KB - Virtual size: 14KB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 27KB - Virtual size: 26KB

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

File Characteristics

Imports

mscoree

Sections

.text Size: 177KB - Virtual size: 176KB

.rsrc Size: 369KB - Virtual size: 369KB

.reloc Size: 512B - Virtual size: 12B

Headers

DLL Characteristics

File Characteristics

Sections

UPX0 Size: - Virtual size: 1.7MB

UPX1 Size: 570KB - Virtual size: 572KB

.rsrc Size: 1KB - Virtual size: 4KB

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 1.7MB - Virtual size: 1.7MB

.text
Size: 1.0MB - Virtual size: 1.0MB

.itext
Size: 6KB - Virtual size: 5KB

.data
Size: 22KB - Virtual size: 22KB

.bss
Size: - Virtual size: 52KB

.idata
Size: 6KB - Virtual size: 5KB

.didata
Size: 1024B - Virtual size: 580B

.edata
Size: 512B - Virtual size: 149B

.tls
Size: - Virtual size: 40B

.rdata
Size: 512B - Virtual size: 92B

.rsrc
Size: 15KB - Virtual size: 15KB

.text
Size: 575KB - Virtual size: 574KB

.rsrc
Size: 99KB - Virtual size: 99KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 728KB - Virtual size: 727KB

.rdata
Size: 162KB - Virtual size: 162KB

.data
Size: 9KB - Virtual size: 14KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 27KB - Virtual size: 26KB

.text
Size: 177KB - Virtual size: 176KB

.rsrc
Size: 369KB - Virtual size: 369KB

.reloc
Size: 512B - Virtual size: 12B

UPX0
Size: - Virtual size: 1.7MB

UPX1
Size: 570KB - Virtual size: 572KB

.rsrc
Size: 1KB - Virtual size: 4KB

.text
Size: 1.7MB - Virtual size: 1.7MB

.rdata
Size: 434KB - Virtual size: 434KB

.data
Size: 53KB - Virtual size: 72KB

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 92KB - Virtual size: 92KB

.text
Size: 327KB - Virtual size: 326KB

.rdata
Size: 108KB - Virtual size: 107KB

.data
Size: 12KB - Virtual size: 16KB

.rsrc
Size: 512B - Virtual size: 488B

.reloc
Size: 19KB - Virtual size: 18KB

.text
Size: 184KB - Virtual size: 183KB

.rdata
Size: 38KB - Virtual size: 38KB

.data
Size: 3KB - Virtual size: 126KB

.gfids
Size: 512B - Virtual size: 240B

.rsrc
Size: 18KB - Virtual size: 18KB

.reloc
Size: 8KB - Virtual size: 7KB

.text
Size: 1.7MB - Virtual size: 1.7MB

.sdata
Size: 512B - Virtual size: 194B

.rsrc
Size: 157KB - Virtual size: 156KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 1.2MB - Virtual size: 1.2MB

.rsrc
Size: 163KB - Virtual size: 162KB

.reloc
Size: 512B - Virtual size: 12B