samples4 (2)[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

samples4 (2).zip
Size

42.6MB
MD5

9b57ef7e531dfa8a0e22d741ace7d11f
SHA1

f8dd7cd98c4ae3c49e6ee85ad94265d661ecdad3
SHA256

27ee59c2aa3a020f2966d4946845edf9449e9f2e2ce5fdccbfe31fb2ba5d69d7
SHA512

2cd6dec3f56b656aaa2638b90d6fb61a005d1bd9304d2bb37b0f344ab699d4061beaaaf8d208e175b3ff9528d634a730d2be8731510342a4f731166877da45bb
SSDEEP

786432:9nEppsCB2TE+tUUHqsX5ATG6NtJiGoI341+dC16tzO1Zi43ktj386ChLc654jZUZ:9EQCB2T7BF5AjJiEdvY3ZhLd4lYB

Score

7^/10

pyinstaller agilenet upx

Malware Config

Signatures

Obfuscated with Agile.Net obfuscator 1 IoCs

Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.

agilenet

resource	yara_rule
static1/unpack001/bf01d97d76a6bb8f3cfbf4a697403f4b686d43fabb429a7bf9427aa70371df78	agile_net

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/f0c292785905838d08b27bb99ab260b43fd8de580de80017fdaaab3c3d53d8a6	upx

Detects Pyinstaller 3 IoCs

pyinstaller

resource	yara_rule
static1/unpack001/b3ed13c61bfb6c80ff059cb8199d2c9ff457e05053f7301748e0605bd1fcd7f3	pyinstaller
static1/unpack001/e81bfaf195654662bf867c6be7115433e394a170e04f169558d294bbc93b3f94	pyinstaller
static1/unpack001/f0c292785905838d08b27bb99ab260b43fd8de580de80017fdaaab3c3d53d8a6	pyinstaller

Unsigned PE 12 IoCs

Checks for missing Authenticode signature.

resource
unpack001/052012a941d98920e0fed58649ccfa3b092344630d366889678fa94a26ecc300
unpack001/7005535e034576fdb66b5b32eb198b48d7755758e77bd66909f8dd7288c1e069
unpack001/ab65ada82bc55b7fb26b76eb5ed2e38ae19ff9b76c3693026f782e9f170e1706
unpack001/b0f8ff9688e743ae2fcb54a39910d02bb7687ba6821321cfe2ed44499a7e2b9a
unpack001/b3ed13c61bfb6c80ff059cb8199d2c9ff457e05053f7301748e0605bd1fcd7f3
unpack001/bf01d97d76a6bb8f3cfbf4a697403f4b686d43fabb429a7bf9427aa70371df78
unpack001/c6d3a10c9cad46abc555e4f5d605eab6164756acf995c7d9d123c2b46fb62b75
unpack001/e81bfaf195654662bf867c6be7115433e394a170e04f169558d294bbc93b3f94
unpack001/ee9f2533600c091f246273960b5a2a1b7ceba7697edc5f23d4f6a980e7304485
unpack001/f0c292785905838d08b27bb99ab260b43fd8de580de80017fdaaab3c3d53d8a6
unpack001/f2dcd2308c18fdb56a22b7db44e60cdb9118043830e03df02dac34e4c4752587
unpack001/f89ee06ed27ff00fa5d8f6a5811a9e57063c72c9ec7d478321cdf2a2f018866f

Files

samples4 (2).zip
.zip
052012a941d98920e0fed58649ccfa3b092344630d366889678fa94a26ecc300
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 3.0MB - Virtual size: 3.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.sdata
Size: 512B - Virtual size: 185B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
7005535e034576fdb66b5b32eb198b48d7755758e77bd66909f8dd7288c1e069
.exe windows:4 windows x64 arch:x64

96c44fa1eee2c4e9b9e77d7bf42d59e6

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Imports

winmm

timeEndPeriod
timeBeginPeriod

ws2_32

WSAGetOverlappedResult

kernel32

WriteFile
WriteConsoleW
WaitForSingleObject
VirtualFree
VirtualAlloc
SwitchToThread
SetWaitableTimer
SetUnhandledExceptionFilter
SetProcessPriorityBoost
SetEvent
SetErrorMode
SetConsoleCtrlHandler
LoadLibraryA
LoadLibraryW
GetSystemInfo
GetStdHandle
GetQueuedCompletionStatus
GetProcessAffinityMask
GetProcAddress
GetEnvironmentStringsW
GetConsoleMode
FreeEnvironmentStringsW
ExitProcess
DuplicateHandle
CreateThread
CreateIoCompletionPort
CreateEventA
CloseHandle
AddVectoredExceptionHandler

Sections

.text
Size: 3.5MB - Virtual size: 3.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 212KB - Virtual size: 349KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

/4
Size: 512B - Virtual size: 278B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/18
Size: 191KB - Virtual size: 190KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/30
Size: 196KB - Virtual size: 195KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/43
Size: 78KB - Virtual size: 77KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/59
Size: 121KB - Virtual size: 120KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/75
Size: 512B - Virtual size: 48B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/90
Size: 512B - Virtual size: 34B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/109
Size: 776KB - Virtual size: 776KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.idata
Size: 1024B - Virtual size: 1022B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.symtab
Size: 320KB - Virtual size: 319KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ab65ada82bc55b7fb26b76eb5ed2e38ae19ff9b76c3693026f782e9f170e1706
.exe windows:5 windows x64 arch:x64

ce1fa8d1883a5972127fde5d7d4115cb

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
CreateFileA
CloseHandle
GetComputerNameA
HeapCreate
TryEnterCriticalSection
CreateThread
ResumeThread
OpenThread
GetFileAttributesA
FindFirstFileA
FindNextFileA
FindClose
ReadFile
WaitForMultipleObjects
GetCurrentThread
ExitProcess
VirtualAlloc
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
GetModuleHandleW
RtlUnwindEx
GetLastError
SetLastError
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
GetCurrentProcess
TerminateProcess
GetStdHandle
WriteFile
GetModuleFileNameW
MultiByteToWideChar
WideCharToMultiByte
GetModuleHandleExW
GetACP
HeapFree
HeapAlloc
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
LCMapStringW
SetStdHandle
GetFileType
GetStringTypeW
GetProcessHeap
HeapSize
HeapReAlloc
FlushFileBuffers
GetConsoleCP
GetConsoleMode
SetFilePointerEx
WriteConsoleW
CreateFileW
RaiseException

Sections

.text
Size: 57KB - Virtual size: 56KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2.2MB - Virtual size: 2.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 781KB - Virtual size: 785KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 512B - Virtual size: 160B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
b0f8ff9688e743ae2fcb54a39910d02bb7687ba6821321cfe2ed44499a7e2b9a
.exe windows:6 windows x64 arch:x64

26177787fb967c78f6b37f2b52a90593

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

advapi32

OpenProcessToken
AdjustTokenPrivileges
LookupPrivilegeValueW
GetTokenInformation
DuplicateTokenEx
OpenThreadToken
RevertToSelf
ImpersonateLoggedOnUser
CheckTokenMembership
RegCloseKey
RegEnumKeyExW
RegEnumValueW
RegOpenKeyExW
RegQueryValueExW
EventWrite
EventRegister
EventEnabled

bcrypt

BCryptDestroyKey
BCryptCloseAlgorithmProvider
BCryptDestroyHash
BCryptGenRandom
BCryptSetProperty
BCryptImportKeyPair
BCryptImportKey
BCryptHashData
BCryptCreateHash
BCryptEncrypt
BCryptDecrypt
BCryptFinalizeKeyPair
BCryptFinishHash
BCryptGenerateKeyPair
BCryptGetProperty
BCryptOpenAlgorithmProvider

kernel32

RtlUnwind
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
EncodePointer
RaiseException
RtlPcToFileHeader
RtlUnwindEx
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
SetLastError
GetDriveTypeW
GetLastError
GetLogicalDrives
K32EnumProcessModulesEx
FormatMessageW
CloseHandle
IsWow64Process
GetExitCodeProcess
CreateProcessW
TerminateProcess
GetCurrentProcess
OpenProcess
K32GetModuleInformation
K32GetModuleBaseNameW
K32GetModuleFileNameExW
GetProcessId
DuplicateHandle
CreatePipe
GetCPInfoExW
WideCharToMultiByte
MultiByteToWideChar
GetStdHandle
GetConsoleCP
GetConsoleOutputCP
K32EnumProcesses
GetTickCount64
GetConsoleMode
GetFileType
WriteFile
ReadConsoleInputW
ReadFile
ReadConsoleW
WriteConsoleW
GetCurrentThread
LocalFree
CloseThreadpoolIo
SetThreadErrorMode
GetCurrentProcessId
TzSpecificLocalTimeToSystemTime
SystemTimeToFileTime
LoadLibraryExW
FileTimeToSystemTime
GetSystemTime
GetCalendarInfoEx
GetLocaleInfoEx
EnumCalendarInfoExEx
LCMapStringEx
FindStringOrdinal
CompareStringOrdinal
CompareStringEx
FindNLSStringEx
LocaleNameToLCID
ResolveLocaleName
GetUserPreferredUILanguages
WaitForSingleObject
Sleep
GetCurrentProcessorNumberEx
CreateThreadpoolWork
CloseThreadpoolWork
SubmitThreadpoolWork
CreateThreadpoolWait
SetThreadpoolWait
WaitForThreadpoolWaitCallbacks
CloseThreadpoolWait
InitializeCriticalSection
InitializeConditionVariable
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
SleepConditionVariableCS
WakeConditionVariable
QueryPerformanceCounter
LocalAlloc
WaitForMultipleObjectsEx
QueryPerformanceFrequency
GetFileAttributesExW
GetFullPathNameW
GetLongPathNameW
GetProcAddress
RaiseFailFastException
CreateThreadpoolIo
StartThreadpoolIo
CancelThreadpoolIo
EnumTimeFormatsEx
CreateFileW
DeleteFileW
DeviceIoControl
ExpandEnvironmentStringsW
FindClose
FindFirstFileExW
FlushFileBuffers
FreeLibrary
GetCurrentDirectoryW
GetFileInformationByHandleEx
GetOverlappedResult
GetSystemDirectoryW
MoveFileExW
SetFileInformationByHandle
SetFilePointerEx
CreateThread
ResumeThread
GetThreadPriority
SetThreadPriority
GetDynamicTimeZoneInformation
GetTimeZoneInformation
SetEvent
ResetEvent
CreateEventExW
GetEnvironmentVariableW
CreateMutexExW
ReleaseMutex
ExitProcess
FlushProcessWriteBuffers
GetCurrentThreadId
WaitForSingleObjectEx
RtlCaptureContext
RtlRestoreContext
AddVectoredExceptionHandler
FlsAlloc
FlsGetValue
FlsSetValue
CreateEventW
SwitchToThread
SuspendThread
GetThreadContext
SetThreadContext
FlushInstructionCache
VirtualAlloc
VirtualProtect
VirtualFree
QueryInformationJobObject
GetModuleHandleW
GetModuleHandleExW
GetProcessAffinityMask
InitializeContext
GetEnabledXStateFeatures
SetXStateFeaturesMask
VirtualQuery
InitializeCriticalSectionEx
GetSystemTimeAsFileTime
DebugBreak
SleepEx
GlobalMemoryStatusEx
GetSystemInfo
GetLogicalProcessorInformation
GetLogicalProcessorInformationEx
GetLargePageMinimum
VirtualUnlock
VirtualAllocExNuma
IsProcessInJob
GetNumaHighestNodeNumber
GetProcessGroupAffinity
K32GetProcessMemoryInfo
RtlVirtualUnwind
RtlLookupFunctionEntry
InitializeSListHead

ole32

CoCreateGuid
CoInitializeEx
CoGetApartmentType
CoWaitForMultipleHandles
CoTaskMemFree
CoTaskMemAlloc
CoUninitialize

user32

LoadStringW

api-ms-win-crt-heap-l1-1-0

_set_new_mode
malloc
calloc
_callnewh
free

api-ms-win-crt-math-l1-1-0

tan
modf
sin
ceil
cos
pow
floor
__setusermatherr

api-ms-win-crt-string-l1-1-0

_stricmp
_wcsicmp
strncpy_s
wcsncmp
strcmp
strcpy_s

api-ms-win-crt-runtime-l1-1-0

abort
_register_thread_local_exe_atexit_callback
_c_exit
_register_onexit_function
_initialize_onexit_table
_cexit
__p___wargv
__p___argc
terminate
_exit
exit
_initterm_e
_initterm
_get_initial_wide_environment
_initialize_wide_environment
_configure_wide_argv
_crt_atexit
_set_app_type
_seh_filter_exe

api-ms-win-crt-stdio-l1-1-0

__acrt_iob_func
__stdio_common_vfprintf
__stdio_common_vsprintf_s
__stdio_common_vsscanf
__p__commode
_set_fmode

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Exports

Exports

DotNetRuntimeDebugHeader

Sections

.text
Size: 466KB - Virtual size: 465KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.managed
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

hydrated
Size: - Virtual size: 643KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 71KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 119KB - Virtual size: 118KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 58KB - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
b3ed13c61bfb6c80ff059cb8199d2c9ff457e05053f7301748e0605bd1fcd7f3
.exe windows:5 windows x64 arch:x64

69eb46a9f63edcc604b0bdaaa8e0f2f5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

GetCommandLineW
GetEnvironmentVariableW
SetEnvironmentVariableW
ExpandEnvironmentStringsW
CreateDirectoryW
GetTempPathW
WaitForSingleObject
Sleep
GetExitCodeProcess
CreateProcessW
GetStartupInfoW
LoadLibraryExW
SetConsoleCtrlHandler
FindClose
FindFirstFileExW
CloseHandle
GetCurrentProcess
LocalFree
FormatMessageW
MultiByteToWideChar
WideCharToMultiByte
SetEndOfFile
GetProcAddress
GetModuleFileNameW
SetDllDirectoryW
FreeLibrary
GetLastError
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetModuleHandleW
RtlUnwindEx
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
EncodePointer
RaiseException
RtlPcToFileHeader
GetCommandLineA
CreateFileW
GetDriveTypeW
GetFileInformationByHandle
GetFileType
PeekNamedPipe
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
GetFullPathNameW
RemoveDirectoryW
FindNextFileW
SetStdHandle
DeleteFileW
ReadFile
GetStdHandle
WriteFile
ExitProcess
GetModuleHandleExW
HeapFree
GetConsoleMode
ReadConsoleW
SetFilePointerEx
GetConsoleOutputCP
GetFileSizeEx
HeapAlloc
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
CompareStringW
LCMapStringW
GetCurrentDirectoryW
FlushFileBuffers
HeapReAlloc
GetFileAttributesExW
GetStringTypeW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetProcessHeap
GetTimeZoneInformation
HeapSize
WriteConsoleW

advapi32

ConvertSidToStringSidW
GetTokenInformation
OpenProcessToken
ConvertStringSecurityDescriptorToSecurityDescriptorW

Sections

.text
Size: 162KB - Virtual size: 161KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 74KB - Virtual size: 73KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 60KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
lockbit.pyc
bf01d97d76a6bb8f3cfbf4a697403f4b686d43fabb429a7bf9427aa70371df78
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 3.8MB - Virtual size: 3.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
c6d3a10c9cad46abc555e4f5d605eab6164756acf995c7d9d123c2b46fb62b75
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 2.6MB - Virtual size: 2.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 292KB - Virtual size: 292KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
e81bfaf195654662bf867c6be7115433e394a170e04f169558d294bbc93b3f94
.exe windows:4 windows x86 arch:x86

4e3e7ce958acceeb80e70eeb7d75870e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

CreateProcessW
DeleteCriticalSection
EnterCriticalSection
ExpandEnvironmentStringsW
FormatMessageA
GetCommandLineW
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetEnvironmentVariableW
GetExitCodeProcess
GetLastError
GetModuleFileNameW
GetModuleHandleA
GetProcAddress
GetShortPathNameW
GetStartupInfoW
GetSystemTimeAsFileTime
GetTempPathW
GetTickCount
InitializeCriticalSection
LeaveCriticalSection
LoadLibraryA
LoadLibraryExW
MultiByteToWideChar
QueryPerformanceCounter
SetDllDirectoryW
SetEnvironmentVariableW
SetUnhandledExceptionFilter
Sleep
TerminateProcess
TlsGetValue
UnhandledExceptionFilter
VirtualProtect
VirtualQuery
WaitForSingleObject
WideCharToMultiByte

msvcrt

__argc
__dllonexit
__lconv_init
__set_app_type
__setusermatherr
__wargv
__wgetmainargs
__winitenv
_amsg_exit
_cexit
_findclose
_fileno
_fmode
_fullpath
_get_osfhandle
_getpid
_initterm
_iob
_lock
_onexit
_setmode
_stat
_strdup
_unlock
_vsnprintf
_vsnwprintf
_wcmdln
_wfindfirst
_wfindnext
_wfopen
_wmkdir
_wremove
_wrmdir
_wstat
_wtempnam
abort
calloc
clearerr
exit
fclose
feof
ferror
fflush
fprintf
fread
free
fseek
ftell
fwrite
getenv
malloc
mbstowcs
memcpy
setbuf
setlocale
signal
sprintf
strcat
strchr
strcmp
strcpy
strlen
strncat
strncmp
strncpy
strrchr
strtok
vfprintf
wcscat
wcscmp
wcscpy
wcslen

ws2_32

ntohl

Sections

.text
Size: 39KB - Virtual size: 39KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 52B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 49KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 52B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 40KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
hc9.pyc
ee9f2533600c091f246273960b5a2a1b7ceba7697edc5f23d4f6a980e7304485
.exe windows:5 windows x86 arch:x86

1ef5c73d2259a1af3cc2b0ea3d4467c8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetOEMCP
GetStringTypeW
GetConsoleCP
GetConsoleMode
SetFilePointerEx
GetTimeZoneInformation
ReadConsoleW
OutputDebugStringW
GetDateFormatW
LCMapStringW
IsValidLocale
EnumSystemLocalesW
WriteConsoleW
SetEnvironmentVariableA
UnhandledExceptionFilter
FreeEnvironmentStringsW
UnregisterWaitEx
QueryDepthSList
InterlockedFlushSList
GetEnvironmentStringsW
GetACP
InitializeSListHead
ReleaseSemaphore
FreeLibraryAndExitThread
UnregisterWait
RegisterWaitForSingleObject
SetThreadAffinityMask
GetProcessAffinityMask
GetNumaHighestNodeNumber
DeleteTimerQueueTimer
ChangeTimerQueueTimer
CreateTimerQueueTimer
GetLogicalProcessorInformation
GetThreadPriority
SwitchToThread
SignalObjectAndWait
WaitForSingleObjectEx
CreateTimerQueue
FormatMessageA
GetThreadTimes
IsValidCodePage
CreateSemaphoreW
InterlockedPopEntrySList
SetUnhandledExceptionFilter
QueryPerformanceCounter
GetStartupInfoW
GetStdHandle
GetFileType
SetStdHandle
VirtualQuery
GetSystemInfo
GetSystemTimeAsFileTime
HeapQueryInformation
IsProcessorFeaturePresent
IsDebuggerPresent
ExitThread
AreFileApisANSI
GetModuleHandleExW
ExitProcess
RtlUnwind
GetCPInfo
GetUserDefaultLCID
FindResourceExW
VirtualProtect
GetFileTime
GetFileSizeEx
GetFileAttributesExW
FileTimeToLocalFileTime
GetProfileIntW
SearchPathW
GetWindowsDirectoryW
GetTempPathW
GetTempFileNameW
GetStringTypeExW
lstrcmpiW
DuplicateHandle
UnlockFile
SetEndOfFile
LockFile
GetVolumeInformationW
GetFullPathNameW
FindClose
GetFileAttributesW
DeleteFileW
GetCurrentDirectoryW
GlobalFlags
GetUserDefaultUILanguage
GetSystemDefaultUILanguage
GetLocaleInfoW
CompareStringW
VerifyVersionInfoW
VerSetConditionMask
GetThreadLocale
FileTimeToSystemTime
GlobalGetAtomNameW
LocalReAlloc
GlobalHandle
GlobalReAlloc
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSection
WritePrivateProfileStringW
GetPrivateProfileStringW
GetPrivateProfileIntW
ResumeThread
SetThreadPriority
CreateEventW
lstrcpyW
lstrcmpA
GetVersionExW
GetCurrentThread
GetCurrentProcessId
GlobalFindAtomW
GlobalAddAtomW
LoadLibraryW
LoadLibraryA
lstrcmpW
GlobalDeleteAtom
LoadLibraryExW
GetProcAddress
GetModuleHandleA
FreeResource
FreeLibrary
GetSystemDirectoryW
GetCurrentThreadId
EncodePointer
OutputDebugStringA
CopyFileW
MulDiv
GlobalUnlock
GlobalLock
GlobalSize
DeleteCriticalSection
DecodePointer
EnterCriticalSection
HeapSize
RaiseException
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
GetProcessHeap
HeapFree
HeapAlloc
HeapReAlloc
SetEvent
GetComputerNameW
MoveFileExW
GetModuleHandleW
CreateThread
CreateProcessW
TerminateProcess
GetExitCodeProcess
WaitForSingleObject
LocalFree
lstrcpynW
LocalSize
lstrlenW
LocalAlloc
FormatMessageW
MultiByteToWideChar
WideCharToMultiByte
CreateProcessA
SetLastError
FlushFileBuffers
CreateFileA
DeleteFileA
GetEnvironmentVariableA
GetModuleFileNameA
GetTimeFormatW
GetDriveTypeA
SetErrorMode
GetLogicalDrives
FindNextFileW
FindFirstFileW
VirtualFree
WriteFile
ReadFile
SetFilePointer
VirtualAlloc
MoveFileW
GetFileSize
CreateFileW
Process32NextW
OpenProcess
Process32FirstW
CreateToolhelp32Snapshot
Sleep
GetTickCount
GetLastError
GetModuleFileNameW
GlobalAlloc
CloseHandle
GetCurrentProcess
GlobalFree
FindResourceW
LoadResource
LockResource
SizeofResource
InterlockedPushEntrySList
GetCommandLineW

user32

RealChildWindowFromPoint
CopyImage
GetMenuItemInfoW
DestroyMenu
EnumDisplayMonitors
SystemParametersInfoW
SetRectEmpty
SetLayeredWindowAttributes
LoadCursorW
SetCursor
ShowOwnedPopups
TranslateMessage
GetMessageW
MapVirtualKeyW
GetKeyNameTextW
DrawIconEx
IsRectEmpty
OffsetRect
InflateRect
DrawFocusRect
GetSysColorBrush
SetWindowRgn
GetSystemMetrics
DrawFrameControl
DrawEdge
MapDialogRect
SetWindowContextHelpId
PostQuitMessage
SendDlgItemMessageA
GetCursorPos
ClientToScreen
EndPaint
BeginPaint
ReleaseDC
GetWindowDC
GetDC
TabbedTextOutW
GrayStringW
DrawTextExW
DrawTextW
GetWindowThreadProcessId
GetDesktopWindow
GetActiveWindow
GetNextDlgTabItem
EndDialog
CreateDialogIndirectParamW
LoadMenuW
SetMenuItemInfoW
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
EnableMenuItem
CheckMenuItem
IsDialogMessageW
SetWindowTextW
IsWindowEnabled
CheckDlgButton
MoveWindow
GetMonitorInfoW
MonitorFromWindow
WinHelpW
GetScrollInfo
SetScrollInfo
LoadIconW
GetWindow
GetLastActivePopup
GetTopWindow
GetParent
GetClassLongW
SetWindowLongW
GetWindowLongW
PtInRect
EqualRect
GetSysColor
MapWindowPoints
ScreenToClient
AdjustWindowRectEx
GetWindowTextLengthW
GetWindowTextW
RemovePropW
GetPropW
SetPropW
ShowScrollBar
GetScrollRange
IntersectRect
TrackMouseEvent
IsIconic
SendMessageW
PeekMessageW
LoadStringW
DispatchMessageW
SetScrollRange
GetScrollPos
SetScrollPos
ScrollWindow
RedrawWindow
ValidateRect
GetForegroundWindow
SetActiveWindow
TrackPopupMenu
SetMenu
GetMenu
GetCapture
GetKeyState
GetFocus
SetFocus
GetDlgCtrlID
GetDlgItem
EndDeferWindowPos
DeferWindowPos
BeginDeferWindowPos
SetWindowPlacement
GetWindowPlacement
SetWindowPos
DestroyWindow
IsChild
CreateWindowExW
IsZoomed
CharUpperW
GetAsyncKeyState
SetCapture
ReleaseCapture
SetTimer
KillTimer
GetSystemMenu
DeleteMenu
MessageBeep
WindowFromPoint
NotifyWinEvent
CreatePopupMenu
GetMenuDefaultItem
SetMenuDefaultItem
GetClassInfoExW
GetClassInfoW
LoadAcceleratorsW
IsMenu
UpdateLayeredWindow
EnableScrollBar
UnionRect
MonitorFromPoint
WaitMessage
CharNextW
CopyAcceleratorTableW
InvalidateRgn
SetRect
GetNextDlgGroupItem
MessageBoxW
EnableWindow
SetWindowsHookExW
UnhookWindowsHookEx
PostThreadMessageW
IsWindowVisible
ShowWindow
SetForegroundWindow
CallNextHookEx
GetWindowRect
GetClientRect
IsWindow
UnregisterClassW
GetMenuStringW
GetMenuState
GetSubMenu
GetMenuItemID
GetMenuItemCount
InsertMenuW
AppendMenuW
RemoveMenu
DrawStateW
UpdateWindow
InvalidateRect
FillRect
GetClassNameW
LoadBitmapW
RegisterWindowMessageW
GetMessagePos
GetMessageTime
PostMessageW
DefWindowProcW
CallWindowProcW
RegisterClassW
SetParent
OpenClipboard
CloseClipboard
SetClipboardData
EmptyClipboard
DestroyIcon
LoadImageW
SetCursorPos
BringWindowToTop
LockWindowUpdate
GetDoubleClickTime
GetIconInfo
CopyIcon
ModifyMenuW
DestroyAcceleratorTable
SetClassLongW
GetUpdateRect
ToUnicodeEx
GetKeyboardLayout
DrawIcon
GetWindowRgn
GetKeyboardState
CreateMenu
GetComboBoxInfo
TranslateMDISysAccel
DefMDIChildProcW
DefFrameProcW
DrawMenuBar
MapVirtualKeyExW
IsCharLowerW
IsClipboardFormatAvailable
SubtractRect
InvertRect
HideCaret
FrameRect
ReuseDDElParam
UnpackDDElParam
InsertMenuItemW
TranslateAcceleratorW
CharUpperBuffW
RegisterClipboardFormatW
CreateAcceleratorTableW
CopyRect
DestroyCursor

gdi32

RectVisible
RestoreDC
SaveDC
SelectClipRgn
ExtSelectClipRgn
SelectObject
SelectPalette
SetBkMode
SetMapMode
SetLayout
GetLayout
SetPolyFillMode
SetROP2
SetTextAlign
MoveToEx
TextOutW
ExtTextOutW
SetViewportExtEx
SetViewportOrgEx
SetWindowExtEx
SetWindowOrgEx
OffsetViewportOrgEx
OffsetWindowOrgEx
ScaleViewportExtEx
ScaleWindowExtEx
CombineRgn
CreateEllipticRgn
CreateRectRgnIndirect
Ellipse
GetBkColor
GetTextColor
GetTextExtentPoint32W
PatBlt
CreatePolygonRgn
Polygon
Polyline
CreateCompatibleBitmap
CreateDIBitmap
CreateFontIndirectW
EnumFontFamiliesW
GetTextCharsetInfo
GetMapMode
SetRectRgn
DPtoLP
CreateRoundRectRgn
CreateDIBSection
GetRgnBox
PtVisible
SetPixel
StretchBlt
SetDIBColorTable
Rectangle
OffsetRgn
RoundRect
CreatePalette
GetPaletteEntries
GetNearestPaletteIndex
GetSystemPaletteEntries
ExtFloodFill
SetPaletteEntries
EnumFontFamiliesExW
FillRgn
FrameRgn
GetBoundsRect
PtInRegion
GetViewportOrgEx
LPtoDP
GetWindowOrgEx
SetPixelV
GetTextFaceW
LineTo
IntersectClipRect
GetWindowExtEx
GetViewportExtEx
GetPixel
GetObjectType
GetClipBox
ExcludeClipRect
Escape
CreateRectRgn
CreatePatternBrush
CreatePen
CreateHatchBrush
CreateCompatibleDC
BitBlt
CreateBitmap
SetTextColor
SetBkColor
GetObjectW
GetStockObject
DeleteObject
CreateSolidBrush
GetDeviceCaps
CreateDCW
RealizePalette
DeleteDC
CopyMetaFileW
GetTextMetricsW

msimg32

TransparentBlt
AlphaBlend

winspool.drv

OpenPrinterW
DocumentPropertiesW
ClosePrinter

advapi32

RegEnumKeyExW
RegEnumValueW
RegQueryValueW
RegEnumKeyW
RegSetValueExW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
DeleteService
ControlService
QueryServiceStatusEx
OpenServiceW
CloseServiceHandle
OpenSCManagerW

shell32

CommandLineToArgvW
ShellExecuteExW
ShellExecuteW
SHGetMalloc
SHGetPathFromIDListW
SHGetSpecialFolderLocation
SHBrowseForFolderW
SHGetDesktopFolder
DragFinish
DragQueryFileW
SHGetFileInfoW
SHAppBarMessage

comctl32

InitCommonControlsEx

shlwapi

PathFileExistsA
StrTrimW
PathAppendW
PathFileExistsW
PathRemoveFileSpecW
PathFindFileNameW
PathIsUNCW
StrFormatKBSizeW
PathStripToRootW
PathFindExtensionW

uxtheme

GetWindowTheme
GetThemeSysColor
IsThemeBackgroundPartiallyTransparent
GetThemePartSize
IsAppThemed
OpenThemeData
CloseThemeData
DrawThemeBackground
GetThemeColor
GetCurrentThemeName
DrawThemeParentBackground
DrawThemeText

ole32

DoDragDrop
CoFreeUnusedLibraries
OleInitialize
OleUninitialize
OleGetClipboard
CoLockObjectExternal
RegisterDragDrop
RevokeDragDrop
OleLockRunning
CoInitializeEx
OleCreateMenuDescriptor
OleDestroyMenuDescriptor
OleTranslateAccelerator
IsAccelerator
CoRevokeClassObject
CoRegisterMessageFilter
OleIsCurrentClipboard
OleFlushClipboard
CreateStreamOnHGlobal
CreateILockBytesOnHGlobal
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CoGetClassObject
CoDisconnectObject
CoInitialize
CoCreateInstance
CLSIDFromProgID
CLSIDFromString
CoCreateGuid
CoUninitialize
ReleaseStgMedium
OleDuplicateData
CoTaskMemFree
CoTaskMemAlloc

oleaut32

SysStringLen
SystemTimeToVariantTime
VariantTimeToSystemTime
SafeArrayDestroy
VariantChangeType
VariantCopy
VarBstrFromDate
OleCreateFontIndirect
VariantClear
VariantInit
SysAllocStringLen
LoadTypeLi
SysAllocString
SysFreeString

oledlg

OleUIBusyW

gdiplus

GdipDrawImageRectI
GdipSetInterpolationMode
GdipCreateFromHDC
GdipCreateBitmapFromHBITMAP
GdipDrawImageI
GdipDeleteGraphics
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipCreateBitmapFromStream
GdipGetImagePaletteSize
GdipGetImagePalette
GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth
GdipGetImageGraphicsContext
GdipDisposeImage
GdipCloneImage
GdiplusStartup
GdipFree
GdipAlloc
GdiplusShutdown

winmm

PlaySoundW
timeGetTime

mpr

WNetEnumResourceW
WNetCloseEnum
WNetOpenEnumW

oleacc

AccessibleObjectFromWindow
LresultFromObject
CreateStdAccessibleObject

imm32

ImmGetContext
ImmGetOpenStatus
ImmReleaseContext

Sections

.text
Size: 1.9MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 451KB - Virtual size: 451KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 44KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 89KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 149KB - Virtual size: 149KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
f0c292785905838d08b27bb99ab260b43fd8de580de80017fdaaab3c3d53d8a6
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Sections

UPX0
Size: - Virtual size: 132KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 33KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Main.pyc
f2dcd2308c18fdb56a22b7db44e60cdb9118043830e03df02dac34e4c4752587
.exe windows:4 windows x86 arch:x86

4bfde2b54a136b5337a61402f0aacb79

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

comctl32

_TrackMouseEvent

comdlg32

GetOpenFileNameA
GetOpenFileNameW
GetSaveFileNameA
GetSaveFileNameW

gdi32

BitBlt
ChoosePixelFormat
GetDeviceCaps
SetPixelFormat
SwapBuffers

kernel32

CloseHandle
CreateEventA
CreatePipe
CreateProcessA
CreateProcessW
CreateSemaphoreA
CreateThread
CreateToolhelp32Snapshot
DeleteCriticalSection
DuplicateHandle
EnterCriticalSection
ExitProcess
FlushFileBuffers
FormatMessageA
FreeLibrary
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetDriveTypeA
GetExitCodeProcess
GetExitCodeThread
GetFileAttributesA
GetFileAttributesW
GetFullPathNameA
GetFullPathNameW
GetLastError
GetLogicalDriveStringsA
GetModuleFileNameA
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleW
GetProcAddress
GetThreadContext
GetTickCount
GetVersionExA
GlobalAlloc
GlobalFree
GlobalLock
GlobalUnlock
InitializeCriticalSection
InterlockedDecrement
InterlockedExchange
InterlockedIncrement
LeaveCriticalSection
LoadLibraryA
OpenProcess
PeekNamedPipe
Process32First
Process32Next
ReadFile
ReleaseSemaphore
ResumeThread
SetLastError
SetUnhandledExceptionFilter
Sleep
SuspendThread
TerminateProcess
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
TryEnterCriticalSection
VirtualProtect
VirtualQuery
WaitForSingleObject
WideCharToMultiByte
WriteFile

msvcrt

_putenv
_write
__getmainargs
__p__environ
__p__fmode
__set_app_type
_cexit
_chdir
_chmod
_errno
_findclose
_findfirst
_findnext
_fullpath
_getcwd
_iob
_mkdir
_onexit
_osver
_pclose
_popen
_putws
_rmdir
_setjmp
_setmode
_stat
_wchdir
_wchmod
_wfindfirst
_wfindnext
_wfopen
_wfullpath
_wgetcwd
_wgetenv
_winmajor
_wmkdir
_wputenv
_wremove
_wrename
_wrmdir
_wstat
abort
atexit
atof
atol
calloc
clearerr
clock
cosh
difftime
exit
fclose
feof
fflush
fgets
fopen
fprintf
fputc
fputs
fputws
fread
free
freopen
frexp
fscanf
fseek
ftell
fwrite
getc
getchar
getenv
getwchar
gmtime
isalnum
isalpha
iscntrl
islower
ispunct
isspace
isupper
isxdigit
localeconv
localtime
longjmp
malloc
memchr
memcmp
memcpy
memmove
memset
mktime
modf
perror
pow
printf
puts
qsort
rand
realloc
remove
rename
setlocale
setvbuf
signal
sinh
sprintf
srand
sscanf
strcat
strchr
strcmp
strcoll
strcpy
strcspn
strerror
strftime
strncat
strncmp
strncpy
strpbrk
strrchr
strstr
strtoul
system
tanh
time
tmpfile
tmpnam
tolower
toupper
ungetc
vfprintf
wcscat
wcscpy
wcslen
wcsrchr

opengl32

glAlphaFunc
glBegin
glBindTexture
glBitmap
glBlendFunc
glClear
glClearColor
glColor4ubv
glDeleteTextures
glDisable
glDrawPixels
glEnable
glEnd
glGenTextures
glGetDoublev
glGetIntegerv
glGetString
glGetTexLevelParameteriv
glLineWidth
glLoadIdentity
glLoadMatrixd
glMatrixMode
glOrtho
glPixelStorei
glPixelZoom
glPopAttrib
glPushAttrib
glRasterPos2i
glReadPixels
glScissor
glTexCoord2f
glTexImage2D
glTexParameteri
glTexSubImage2D
glVertex2f
glVertex2i
glViewport
wglCreateContext
wglDeleteContext
wglGetCurrentDC
wglGetProcAddress
wglMakeCurrent
wglShareLists

shell32

SHBrowseForFolderA
SHBrowseForFolderW
SHGetPathFromIDList
SHGetPathFromIDListA
SHGetPathFromIDListW
SHGetSpecialFolderLocation
ShellExecuteA
ShellExecuteW

user32

AdjustWindowRect
AdjustWindowRectEx
CallNextHookEx
ChangeDisplaySettingsA
ClientToScreen
CloseClipboard
CreateWindowExA
CreateWindowExW
DefWindowProcA
DefWindowProcW
DestroyWindow
DispatchMessageA
EmptyClipboard
EnumDisplaySettingsA
GetActiveWindow
GetClientRect
GetClipboardData
GetCursorPos
GetDC
GetDesktopWindow
GetFocus
GetForegroundWindow
GetKeyState
GetParent
GetWindowLongA
GetWindowRect
GetWindowThreadProcessId
IsDialogMessageA
IsIconic
LoadCursorA
LoadCursorW
MessageBoxA
MessageBoxW
MsgWaitForMultipleObjects
OpenClipboard
PeekMessageA
PostThreadMessageA
RegisterClassA
RegisterClassExA
RegisterClassExW
RegisterClassW
ReleaseCapture
ScreenToClient
SendMessageA
SendMessageW
SetCapture
SetClipboardData
SetCursorPos
SetFocus
SetWindowsHookExA
ShowCursor
ShowWindow
TranslateMessage
ValidateRect

winmm

joyGetDevCapsA
joyGetNumDevs
joyGetPos
joyGetPosEx
timeBeginPeriod
timeEndPeriod
timeGetTime
timeKillEvent
timeSetEvent
waveOutClose
waveOutGetPosition
waveOutOpen
waveOutPrepareHeader
waveOutReset
waveOutUnprepareHeader
waveOutWrite

ws2_32

WSACleanup
WSAGetLastError
WSARecvFrom
WSASendTo
WSAStartup
__WSAFDIsSet
accept
bind
closesocket
connect
gethostbyaddr
gethostbyname
getpeername
getsockname
getsockopt
htonl
htons
ioctlsocket
listen
ntohl
ntohs
recv
recvfrom
select
send
sendto
setsockopt
shutdown
socket

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

code
Size: 499KB - Virtual size: 499KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE

.data
Size: 86KB - Virtual size: 86KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

data
Size: 956KB - Virtual size: 955KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_WRITE

.rdata
Size: 183KB - Virtual size: 183KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.eh_fram
Size: 140KB - Virtual size: 139KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 53KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
f89ee06ed27ff00fa5d8f6a5811a9e57063c72c9ec7d478321cdf2a2f018866f
.exe windows:6 windows x64 arch:x64

9cbefe68f395e67356e2a5d8d1b285c0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

WriteFile
WriteConsoleW
WaitForMultipleObjects
WaitForSingleObject
VirtualQuery
VirtualFree
VirtualAlloc
SwitchToThread
SuspendThread
SetWaitableTimer
SetUnhandledExceptionFilter
SetProcessPriorityBoost
SetEvent
SetErrorMode
SetConsoleCtrlHandler
ResumeThread
PostQueuedCompletionStatus
LoadLibraryA
LoadLibraryW
SetThreadContext
GetThreadContext
GetSystemInfo
GetSystemDirectoryA
GetStdHandle
GetQueuedCompletionStatusEx
GetProcessAffinityMask
GetProcAddress
GetEnvironmentStringsW
GetConsoleMode
FreeEnvironmentStringsW
ExitProcess
DuplicateHandle
CreateWaitableTimerExW
CreateThread
CreateIoCompletionPort
CreateFileA
CreateEventA
CloseHandle
AddVectoredExceptionHandler

Sections

.text
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 147KB - Virtual size: 523KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

/4
Size: 512B - Virtual size: 295B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/19
Size: 262KB - Virtual size: 261KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/32
Size: 51KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/46
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/65
Size: 595KB - Virtual size: 594KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/78
Size: 325KB - Virtual size: 324KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/90
Size: 82KB - Virtual size: 82KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.idata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.symtab
Size: 256KB - Virtual size: 256KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 3.0MB - Virtual size: 3.0MB

.sdata Size: 512B - Virtual size: 185B

.rsrc Size: 3KB - Virtual size: 2KB

.reloc Size: 512B - Virtual size: 12B

96c44fa1eee2c4e9b9e77d7bf42d59e6

Headers

File Characteristics

Imports

winmm

ws2_32

kernel32

Sections

.text Size: 3.5MB - Virtual size: 3.5MB

.data Size: 212KB - Virtual size: 349KB

/4 Size: 512B - Virtual size: 278B

/18 Size: 191KB - Virtual size: 190KB

/30 Size: 196KB - Virtual size: 195KB

/43 Size: 78KB - Virtual size: 77KB

/59 Size: 121KB - Virtual size: 120KB

/75 Size: 512B - Virtual size: 48B

/90 Size: 512B - Virtual size: 34B

/109 Size: 776KB - Virtual size: 776KB

.idata Size: 1024B - Virtual size: 1022B

.symtab Size: 320KB - Virtual size: 319KB

ce1fa8d1883a5972127fde5d7d4115cb

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

Sections

.text Size: 57KB - Virtual size: 56KB

.rdata Size: 2.2MB - Virtual size: 2.2MB

.data Size: 781KB - Virtual size: 785KB

.pdata Size: 3KB - Virtual size: 3KB

.gfids Size: 512B - Virtual size: 160B

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 2KB - Virtual size: 1KB

26177787fb967c78f6b37f2b52a90593

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

bcrypt

kernel32

ole32

user32

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-locale-l1-1-0

Exports

Exports

Sections

.text Size: 466KB - Virtual size: 465KB

.managed Size: 1.4MB - Virtual size: 1.4MB

hydrated Size: - Virtual size: 643KB

.rdata Size: 1.2MB - Virtual size: 1.2MB

.data Size: 11KB - Virtual size: 71KB

.pdata Size: 119KB - Virtual size: 118KB

_RDATA Size: 512B - Virtual size: 348B

.rsrc Size: 58KB - Virtual size: 57KB

.reloc Size: 2KB - Virtual size: 1KB

69eb46a9f63edcc604b0bdaaa8e0f2f5

Headers

.text
Size: 3.0MB - Virtual size: 3.0MB

.sdata
Size: 512B - Virtual size: 185B

.rsrc
Size: 3KB - Virtual size: 2KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 3.5MB - Virtual size: 3.5MB

.data
Size: 212KB - Virtual size: 349KB

/4
Size: 512B - Virtual size: 278B

/18
Size: 191KB - Virtual size: 190KB

/30
Size: 196KB - Virtual size: 195KB

/43
Size: 78KB - Virtual size: 77KB

/59
Size: 121KB - Virtual size: 120KB

/75
Size: 512B - Virtual size: 48B

/90
Size: 512B - Virtual size: 34B

/109
Size: 776KB - Virtual size: 776KB

.idata
Size: 1024B - Virtual size: 1022B

.symtab
Size: 320KB - Virtual size: 319KB

.text
Size: 57KB - Virtual size: 56KB

.rdata
Size: 2.2MB - Virtual size: 2.2MB

.data
Size: 781KB - Virtual size: 785KB

.pdata
Size: 3KB - Virtual size: 3KB

.gfids
Size: 512B - Virtual size: 160B

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 2KB - Virtual size: 1KB

.text
Size: 466KB - Virtual size: 465KB

.managed
Size: 1.4MB - Virtual size: 1.4MB

hydrated
Size: - Virtual size: 643KB

.rdata
Size: 1.2MB - Virtual size: 1.2MB

.data
Size: 11KB - Virtual size: 71KB

.pdata
Size: 119KB - Virtual size: 118KB

_RDATA
Size: 512B - Virtual size: 348B

.rsrc
Size: 58KB - Virtual size: 57KB

.reloc
Size: 2KB - Virtual size: 1KB

.text
Size: 162KB - Virtual size: 161KB

.rdata
Size: 74KB - Virtual size: 73KB

.data
Size: 3KB - Virtual size: 64KB

.pdata
Size: 8KB - Virtual size: 8KB

_RDATA
Size: 512B - Virtual size: 348B

.rsrc
Size: 60KB - Virtual size: 60KB

.reloc
Size: 2KB - Virtual size: 1KB

.text
Size: 3.8MB - Virtual size: 3.8MB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 2.6MB - Virtual size: 2.6MB

.rsrc
Size: 292KB - Virtual size: 292KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 39KB - Virtual size: 39KB

.data
Size: 512B - Virtual size: 52B

.rdata
Size: 20KB - Virtual size: 19KB

.bss
Size: - Virtual size: 49KB

.idata
Size: 3KB - Virtual size: 2KB

.CRT
Size: 512B - Virtual size: 52B

.tls
Size: 512B - Virtual size: 32B

.rsrc
Size: 40KB - Virtual size: 40KB