44cf98853b30767d8d0ffb595cc44c2a

Sharing

Copy URL Twitter E-mail

General

Target

44cf98853b30767d8d0ffb595cc44c2a
Size

1.7MB
MD5

44cf98853b30767d8d0ffb595cc44c2a
SHA1

b93fd97c3e056107908658c7662560680f663f52
SHA256

5383d81bc6f5535de414c3448b424aa55b7cb234b35bf97e1e0c5addd2944eca
SHA512

daba6058018f8a38b0f76a925d9022753dd7e3fdb8a2f780331be5976217af99fb4500d794e89a201761bc8bd7d0960d4c57c5a0486c7b9a8b04a7d46417f049
SSDEEP

49152:hOFD6cnG2l3+QBxVgC7mhlgE0+eacAssNgUMyP:KucnG2h+QBpMgE0+/c9s+9k

Score

3^/10

Malware Config

Signatures

Unsigned PE 16 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Debug/fgdump.exe
unpack001/PwDump.exe
unpack001/Release/fgdump.exe
unpack001/cachedump.exe
unpack001/cachedump/cachedump.exe
unpack001/cachedump64.exe
unpack001/fgexec.exe
unpack001/fgexec/Debug/fgexec.exe
unpack001/fgexec/Release/fgexec.exe
unpack001/lsremora.dll
unpack001/lsremora64.dll
unpack001/pstgdump.exe
unpack001/pstgdump/Debug/pstgdump.exe
unpack001/pstgdump/Release/pstgdump.exe
unpack001/servpw.exe
unpack001/servpw64.exe

Files

44cf98853b30767d8d0ffb595cc44c2a
.zip
AUTHORS
AVStatus.h
AntiSpywareControl.cpp
.js
AntiSpywareControl.h
COPYING
CacheDumpControl.cpp
.js
CacheDumpControl.h
Debug/fgdump.exe
.exe windows:4 windows x86 arch:x86

c8a6cf8c1bec90b627bdb6937e0a4d96

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

netapi32

NetShareEnum
NetApiBufferFree

mpr

WNetCancelConnection2A
WNetAddConnection2A

kernel32

GetTempPathA
LeaveCriticalSection
SetEvent
ResetEvent
WaitForMultipleObjects
EnterCriticalSection
GetCurrentThreadId
CreateThread
CreateEventA
GetSystemTime
CopyFileA
DeleteFileA
InterlockedIncrement
GetCommandLineA
GetLocalTime
CloseHandle
DuplicateHandle
GetLastError
CreatePipe
GetStdHandle
CreateProcessA
ReadFile
GetCurrentDirectoryA
FreeResource
SizeofResource
LockResource
LoadResource
FindResourceA
Sleep
CreateMutexA
ReleaseMutex
GetDriveTypeA
GetDateFormatA
GetTimeFormatA
DeleteCriticalSection
InitializeCriticalSection
LoadLibraryExA
FormatMessageA
FreeLibrary
WaitForSingleObject
GetLocaleInfoW
SetEndOfFile
GetTimeZoneInformation
CompareStringA
CompareStringW
GetCurrentProcess
TerminateProcess
InterlockedExchange
GetSystemTimeAsFileTime
GetCurrentProcessId
RtlUnwind
IsBadWritePtr
IsBadReadPtr
HeapValidate
RaiseException
SetEnvironmentVariableA
ExitProcess
GetProcAddress
GetModuleHandleA
WriteConsoleA
ReadConsoleInputA
SetConsoleMode
GetConsoleMode
PeekConsoleInputA
GetNumberOfConsoleInputEvents
MultiByteToWideChar
WideCharToMultiByte
GetVersionExA
LCMapStringA
LCMapStringW
GetCPInfo
DebugBreak
WriteFile
InterlockedDecrement
OutputDebugStringA
LoadLibraryA
GetModuleFileNameA
SetFilePointer
FlushFileBuffers
HeapAlloc
HeapReAlloc
HeapFree
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
SetUnhandledExceptionFilter
CreateFileA
VirtualProtect
GetSystemInfo
VirtualQuery
SetHandleCount
GetFileType
GetStartupInfoA
GetACP
GetOEMCP
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetStringTypeA
GetStringTypeW
IsValidLocale
IsValidCodePage
GetLocaleInfoA
EnumSystemLocalesA
GetUserDefaultLCID
IsBadCodePtr
SetConsoleCtrlHandler
GetProcessHeap
SetStdHandle
QueryPerformanceCounter
GetTickCount

user32

wsprintfA

advapi32

CreateServiceA
ControlService
StartServiceA
OpenSCManagerA
OpenServiceA
CloseServiceHandle
QueryServiceStatus
RegConnectRegistryA
RegOpenKeyA
RegCloseKey
RegQueryValueExA
DeleteService

ole32

CoCreateGuid
StringFromGUID2

Sections

.textbss
Size: - Virtual size: 133KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 296KB - Virtual size: 293KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 988KB - Virtual size: 987KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
ErrorHandler.cpp
ErrorHandler.h
HostDumper.cpp
.js
HostDumper.h
INSTALL
Impersonator.cpp
Impersonator.h
LogBase.cpp
LogBase.h
LogFailedWriter.cpp
LogFailedWriter.h
LogWriter.cpp
LogWriter.h
Main.cpp
McAfeeControl.cpp
McAfeeControl.h
NetUse.cpp
NetUse.h
PWDumpControl.cpp
.js
PWDumpControl.h
Process.cpp
Process.h
ProtectedStorageControl.cpp
.js
ProtectedStorageControl.h
PwDump.exe
.exe windows:4 windows x86 arch:x86

1781f06048a7e58b323f0b9259be798b

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mpr

WNetAddConnection2A
WNetCancelConnection2A

netapi32

NetApiBufferFree
NetShareGetInfo
NetShareEnum

kernel32

GlobalReAlloc
GlobalAlloc
ReadFile
SetNamedPipeHandleState
CreateFileA
Sleep
GetLastError
WaitNamedPipeA
CloseHandle
GlobalFree
WaitForSingleObject
QueryPerformanceCounter
GetCurrentDirectoryA
CopyFileA
GetModuleFileNameA
SetStdHandle
HeapSize
GetLocaleInfoW
SetEndOfFile
DeleteFileA
HeapDestroy
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
HeapFree
GetSystemTimeAsFileTime
EnterCriticalSection
LeaveCriticalSection
WideCharToMultiByte
MultiByteToWideChar
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RaiseException
RtlUnwind
ExitThread
GetCurrentThreadId
CreateThread
HeapAlloc
ReadConsoleInputA
SetConsoleMode
GetConsoleMode
GetCommandLineA
GetVersionExA
GetProcessHeap
CreateFileW
HeapCreate
VirtualFree
DeleteCriticalSection
VirtualAlloc
HeapReAlloc
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetProcAddress
GetModuleHandleA
ExitProcess
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
InterlockedDecrement
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
WriteFile
GetConsoleCP
FlushFileBuffers
SetFilePointer
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetTickCount
GetCurrentProcessId
InitializeCriticalSection
LoadLibraryA
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetUserDefaultLCID

user32

wsprintfA

advapi32

CreateServiceA
OpenServiceA
StartServiceA
QueryServiceStatus
DeleteService
CloseServiceHandle
OpenSCManagerA

ole32

CoCreateGuid
StringFromGUID2

Sections

.text
Size: 100KB - Virtual size: 99KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 832B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
README
RegQuery.cpp
RegQuery.h
Release/fgdump.exe
.exe windows:4 windows x86 arch:x86

fd35e4db9753c3fb74671af9bb4e4e64

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

netapi32

NetShareEnum
NetApiBufferFree

mpr

WNetCancelConnection2A
WNetAddConnection2A

kernel32

ResetEvent
LeaveCriticalSection
WaitForMultipleObjects
EnterCriticalSection
GetSystemTime
GetCurrentThreadId
CreateThread
CreateEventA
GetLastError
GetTempPathA
CopyFileA
DeleteFileA
InterlockedIncrement
GetCommandLineA
GetLocalTime
CloseHandle
CreateProcessA
SetEvent
DuplicateHandle
GetCurrentProcess
CreatePipe
GetStdHandle
GetCurrentDirectoryA
FreeResource
SizeofResource
LockResource
LoadResource
FindResourceA
Sleep
CreateMutexA
GetLocaleInfoW
DeleteCriticalSection
InitializeCriticalSection
LoadLibraryExA
FormatMessageA
FreeLibrary
WaitForSingleObject
SetEndOfFile
ReadFile
ExitProcess
InterlockedExchange
LoadLibraryA
SetStdHandle
HeapFree
RtlUnwind
RaiseException
GetProcAddress
GetModuleHandleA
TerminateProcess
HeapAlloc
WriteConsoleA
ReadConsoleInputA
SetConsoleMode
GetConsoleMode
MultiByteToWideChar
WideCharToMultiByte
GetVersionExA
LCMapStringA
LCMapStringW
GetCPInfo
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
IsBadWritePtr
SetUnhandledExceptionFilter
WriteFile
FlushFileBuffers
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
GetModuleFileNameA
SetFilePointer
CreateFileA
VirtualProtect
GetSystemInfo
VirtualQuery
SetHandleCount
GetFileType
GetStartupInfoA
HeapSize
GetACP
GetOEMCP
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetLocaleInfoA
GetStringTypeA
GetStringTypeW
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
IsValidCodePage
IsBadReadPtr
IsBadCodePtr

user32

wsprintfA

advapi32

CreateServiceA
ControlService
StartServiceA
OpenSCManagerA
OpenServiceA
CloseServiceHandle
QueryServiceStatus
RegConnectRegistryA
RegOpenKeyA
RegQueryValueExA
RegCloseKey
DeleteService

ole32

CoCreateGuid
StringFromGUID2

Sections

.text
Size: 88KB - Virtual size: 85KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 824KB - Virtual size: 822KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
ResourceLoader.cpp
.js
ResourceLoader.h
ServiceControl.cpp
ServiceControl.h
ShareFinder.cpp
ShareFinder.h
SophosControl.cpp
SophosControl.h
StringArray.cpp
StringArray.h
SymantecAVControl.cpp
SymantecAVControl.h
TrendControl.cpp
TrendControl.h
XGetopt.cpp
XGetopt.h
cachedump.exe
.exe windows:4 windows x86 arch:x86

bddfe6be997296991b781fdb913371cb

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcAddress
LoadLibraryA
ReadProcessMemory
OpenProcess
GetCurrentProcess
ExitThread
FreeLibrary
WriteFile
CreateFileA
WaitNamedPipeA
CreateThread
CompareStringW
CompareStringA
GetModuleFileNameA
CreateNamedPipeA
CloseHandle
ConnectNamedPipe
ReadFile
DisconnectNamedPipe
Sleep
HeapCreate
GetProcessHeap
HeapAlloc
ExitProcess
GetLastError
FlushFileBuffers
FormatMessageA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetLocaleInfoW
HeapFree
GetCommandLineA
GetVersionExA
EnterCriticalSection
LeaveCriticalSection
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
GetModuleHandleA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetCurrentThreadId
GetCurrentThread
LCMapStringA
WideCharToMultiByte
MultiByteToWideChar
LCMapStringW
DeleteCriticalSection
FatalAppExitA
VirtualFree
VirtualAlloc
HeapReAlloc
HeapDestroy
GetStdHandle
RtlUnwind
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
GetStartupInfoA
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
GetStringTypeA
GetStringTypeW
GetTimeFormatA
GetDateFormatA
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
InitializeCriticalSection
SetConsoleCtrlHandler
InterlockedExchange
SetFilePointer
GetConsoleCP
GetConsoleMode
GetTimeZoneInformation
HeapSize
SetEnvironmentVariableA

user32

wsprintfA

advapi32

RegOpenKeyExA
RegQueryValueExA
SetServiceStatus
OpenServiceA
CreateServiceA
StartServiceA
QueryServiceStatus
ControlService
DeleteService
CloseServiceHandle
OpenSCManagerA
StartServiceCtrlDispatcherA
RegisterServiceCtrlHandlerA

ole32

StringFromGUID2
CoCreateGuid

psapi

GetModuleInformation

Sections

.text
Size: 96KB - Virtual size: 94KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
cachedump/autocash.pl
cachedump/cachedump.cpp
cachedump/cachedump.exe
.exe windows:4 windows x86 arch:x86

b6bdadddfdf2339497981a90c3884563

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

HeapAlloc
GetProcessHeap
Sleep
ReadFile
ConnectNamedPipe
HeapCreate
GetModuleFileNameA
FreeLibrary
ReadProcessMemory
OpenProcess
GetCurrentProcess
ExitProcess
FormatMessageA
CreateThread
WaitNamedPipeA
CreateFileA
LoadLibraryA
GetProcAddress
GetLastError
WriteFile
FlushFileBuffers
DisconnectNamedPipe
CloseHandle
CreateNamedPipeA
ExitThread
SetStdHandle
GetOEMCP
HeapFree
HeapReAlloc
RtlUnwind
GetModuleHandleA
GetCommandLineA
GetVersionExA
HeapDestroy
VirtualFree
VirtualAlloc
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
LCMapStringA
WideCharToMultiByte
MultiByteToWideChar
LCMapStringW
InterlockedExchange
VirtualQuery
TerminateProcess
GetStdHandle
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
GetStartupInfoA
SetFilePointer
GetLocaleInfoA
GetCPInfo
VirtualProtect
GetSystemInfo
GetStringTypeA
GetStringTypeW
GetACP
HeapSize

advapi32

CreateServiceA
StartServiceA
ControlService
QueryServiceStatus
DeleteService
CloseServiceHandle
OpenSCManagerA
StartServiceCtrlDispatcherA
RegisterServiceCtrlHandlerA
RegOpenKeyExA
RegQueryValueExA
SetServiceStatus
OpenServiceA

psapi

GetModuleInformation

Sections

.text
Size: 32KB - Virtual size: 29KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
cachedump/cachedump.h
cachedump/cachedump.sln
cachedump/cachedump.vcproj
.xml
cachedump/getpid.cpp
cachedump/getpid.h
cachedump/lsastuff.cpp
cachedump/md5.c
cachedump/md5.h
cachedump/rc4.c
cachedump/rc4.h
cachedump/readme.txt
cachedump/service.cpp
cachedump/version.txt
cachedump64.exe
.exe windows:4 windows x64 arch:x64

fd79fe570f68ca17237c03003519d3b1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

GetProcAddress
LoadLibraryA
__C_specific_handler
ReadProcessMemory
OpenProcess
GetCurrentProcess
ExitThread
FreeLibrary
WriteFile
CreateFileA
WaitNamedPipeA
CreateThread
CompareStringW
CompareStringA
GetModuleFileNameA
CreateNamedPipeA
CloseHandle
ConnectNamedPipe
ReadFile
DisconnectNamedPipe
Sleep
HeapCreate
GetProcessHeap
HeapAlloc
ExitProcess
GetLastError
FlushFileBuffers
FormatMessageA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetLocaleInfoW
HeapFree
GetCommandLineA
GetVersionExA
EnterCriticalSection
LeaveCriticalSection
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlCaptureContext
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
GetModuleHandleA
FlsGetValue
TlsAlloc
FlsSetValue
TlsFree
FlsFree
SetLastError
GetCurrentThreadId
TlsSetValue
GetCurrentThread
FlsAlloc
LCMapStringA
WideCharToMultiByte
MultiByteToWideChar
LCMapStringW
RtlVirtualUnwind
RtlLookupFunctionEntry
GetStdHandle
HeapSetInformation
HeapDestroy
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
GetStartupInfoA
DeleteCriticalSection
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
FatalAppExitA
GetStringTypeA
GetStringTypeW
GetDateFormatA
GetTimeFormatA
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
SetConsoleCtrlHandler
InitializeCriticalSection
SetFilePointer
GetConsoleCP
GetConsoleMode
HeapReAlloc
GetTimeZoneInformation
HeapSize
SetEnvironmentVariableA

user32

wsprintfA

advapi32

RegOpenKeyExA
RegQueryValueExA
SetServiceStatus
OpenServiceA
CreateServiceA
StartServiceA
QueryServiceStatus
ControlService
DeleteService
CloseServiceHandle
OpenSCManagerA
StartServiceCtrlDispatcherA
RegisterServiceCtrlHandlerA

ole32

StringFromGUID2
CoCreateGuid

psapi

GetModuleInformation

Sections

.text
Size: 128KB - Virtual size: 128KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
fgdump.cpp
fgdump.h
fgdump.rc
fgdump.sln
fgdump.vcproj
.xml
fgexec.exe
.exe windows:4 windows x86 arch:x86

5652942959a5cb6994ae8b6d76cdbf00

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

DisconnectNamedPipe
FlushFileBuffers
WriteFile
ReadFile
GetLastError
ConnectNamedPipe
CreateNamedPipeA
CloseHandle
CallNamedPipeA
CreateProcessA
DuplicateHandle
GetCurrentProcess
CreatePipe
GetStdHandle
SetEvent
CreateFileA
CreateEventA
WaitForSingleObject
RtlUnwind
ExitProcess
GetModuleHandleA
GetCommandLineA
GetVersionExA
HeapAlloc
RaiseException
HeapFree
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
GetModuleFileNameA
GetACP
GetOEMCP
GetCPInfo
GetProcAddress
TerminateProcess
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
SetHandleCount
GetFileType
GetStartupInfoA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
IsBadWritePtr
HeapSize
SetUnhandledExceptionFilter
IsBadReadPtr
IsBadCodePtr
SetFilePointer
LoadLibraryA
InterlockedExchange
VirtualQuery
LCMapStringA
MultiByteToWideChar
LCMapStringW
GetStringTypeA
GetStringTypeW
SetStdHandle
GetLocaleInfoA
VirtualProtect
GetSystemInfo

advapi32

RegisterServiceCtrlHandlerA
SetServiceStatus
StartServiceCtrlDispatcherA

Sections

.text
Size: 32KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
fgexec/AUTHORS
fgexec/COPYING
fgexec/Debug/fgexec.exe
.exe windows:4 windows x86 arch:x86

1453fbc48f97e1c7fe3909a06d21ab7c

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

DisconnectNamedPipe
FlushFileBuffers
WriteFile
ReadFile
GetLastError
ConnectNamedPipe
CreateNamedPipeA
CloseHandle
CallNamedPipeA
DuplicateHandle
GetCurrentProcess
CreatePipe
GetStdHandle
CreateProcessA
SetEvent
CreateFileA
CreateEventA
WaitForSingleObject
RtlUnwind
GetCommandLineA
GetVersionExA
GetModuleHandleA
IsBadWritePtr
IsBadReadPtr
HeapValidate
RaiseException
DebugBreak
GetProcAddress
LoadLibraryA
InterlockedDecrement
OutputDebugStringA
InterlockedIncrement
GetModuleFileNameA
GetCPInfo
GetACP
GetOEMCP
TerminateProcess
ExitProcess
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
SetHandleCount
GetFileType
GetStartupInfoA
HeapDestroy
HeapCreate
HeapFree
VirtualFree
HeapAlloc
HeapReAlloc
VirtualAlloc
SetUnhandledExceptionFilter
IsBadCodePtr
GetProcessHeap
FreeLibrary
SetFilePointer
SetConsoleCtrlHandler
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
VirtualQuery
InterlockedExchange
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
SetStdHandle
VirtualProtect
GetSystemInfo
GetLocaleInfoA

advapi32

RegisterServiceCtrlHandlerA
SetServiceStatus
StartServiceCtrlDispatcherA

Sections

.textbss
Size: - Virtual size: 64KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 104KB - Virtual size: 101KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
fgexec/INSTALL
fgexec/Process.cpp
fgexec/Process.h
fgexec/README
fgexec/Release/fgexec.exe
.exe windows:4 windows x86 arch:x86

f5ca537c40e7246de506f3cadd1c9d5a

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCurrentProcess
CreatePipe
GetStdHandle
WaitForSingleObject
CreateFileA
SetEvent
DisconnectNamedPipe
DuplicateHandle
WriteFile
GetLastError
ConnectNamedPipe
CreateNamedPipeA
CreateEventA
CallNamedPipeA
ReadFile
CreateProcessA
FlushFileBuffers
CloseHandle
RtlUnwind
ExitProcess
GetModuleHandleA
GetCommandLineA
GetVersionExA
HeapAlloc
RaiseException
GetACP
GetOEMCP
GetCPInfo
HeapFree
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
GetModuleFileNameA
GetProcAddress
TerminateProcess
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
SetHandleCount
GetFileType
GetStartupInfoA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
IsBadWritePtr
HeapSize
SetUnhandledExceptionFilter
LCMapStringA
MultiByteToWideChar
LCMapStringW
GetStringTypeA
GetStringTypeW
IsBadReadPtr
IsBadCodePtr
SetFilePointer
LoadLibraryA
InterlockedExchange
VirtualQuery
GetLocaleInfoA
VirtualProtect
GetSystemInfo
SetStdHandle

advapi32

RegisterServiceCtrlHandlerA
SetServiceStatus
StartServiceCtrlDispatcherA

Sections

.text
Size: 32KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
fgexec/XGetopt.cpp
fgexec/XGetopt.h
fgexec/fgexec.cpp
.js
fgexec/fgexec.vcproj
.xml
fgexec/stdafx.cpp
fgexec/stdafx.h
lsremora.dll
.dll windows:4 windows x86 arch:x86

bb5e3a676545eeb9803b748c9238b292

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CloseHandle
LocalFree
FreeLibrary
LoadLibraryA
GetCurrentProcess
WriteFile
FlushFileBuffers
DisconnectNamedPipe
ConnectNamedPipe
GetLastError
GetProcAddress
CreateNamedPipeA
HeapFree
HeapAlloc
GetCurrentThreadId
GetCommandLineA
GetVersionExA
GetProcessHeap
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapDestroy
HeapCreate
VirtualFree
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
VirtualAlloc
HeapReAlloc
GetModuleHandleA
ExitProcess
GetStdHandle
GetModuleFileNameA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
InterlockedDecrement
Sleep
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
SetFilePointer
GetConsoleCP
GetConsoleMode
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
InitializeCriticalSection
RtlUnwind
MultiByteToWideChar
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
HeapSize
CreateFileA

advapi32

LookupPrivilegeValueA
AdjustTokenPrivileges
LsaOpenPolicy
LsaQueryInformationPolicy
LsaClose
OpenProcessToken

Exports

Exports

GetHash
SetAccessPriv

Sections

.text
Size: 44KB - Virtual size: 41KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
lsremora64.dll
.dll windows:4 windows x64 arch:x64

50e89823e32eb1d31266289c86e014e8

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

CloseHandle
LocalFree
FreeLibrary
LoadLibraryA
GetCurrentProcess
WriteFile
FlushFileBuffers
DisconnectNamedPipe
ConnectNamedPipe
GetLastError
GetProcAddress
CreateNamedPipeA
HeapFree
HeapAlloc
GetCurrentThreadId
FlsSetValue
GetCommandLineA
GetVersionExA
GetProcessHeap
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlCaptureContext
RtlVirtualUnwind
RtlLookupFunctionEntry
HeapSetInformation
HeapCreate
HeapDestroy
GetModuleHandleA
ExitProcess
GetStdHandle
GetModuleFileNameA
FlsGetValue
TlsFree
FlsFree
SetLastError
TlsSetValue
FlsAlloc
Sleep
SetHandleCount
GetFileType
GetStartupInfoA
DeleteCriticalSection
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
RtlUnwindEx
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
SetFilePointer
GetConsoleCP
GetConsoleMode
EnterCriticalSection
LeaveCriticalSection
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
InitializeCriticalSection
MultiByteToWideChar
HeapReAlloc
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
HeapSize
CreateFileA

advapi32

LookupPrivilegeValueA
AdjustTokenPrivileges
LsaOpenPolicy
LsaQueryInformationPolicy
LsaClose
OpenProcessToken

Exports

Exports

GetHash
SetAccessPriv

Sections

.text
Size: 51KB - Virtual size: 50KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 688B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
pstgdump.exe
.exe windows:4 windows x86 arch:x86

f38a14b98597618926f15856879f2f5f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

crypt32

CryptUnprotectData

kernel32

GetLocaleInfoA
GetSystemInfo
GetLastError
CloseHandle
LoadLibraryA
GetProcAddress
lstrcpyA
VirtualProtect
LocalFree
HeapFree
HeapReAlloc
HeapAlloc
ExitProcess
RtlUnwind
GetModuleHandleA
TerminateProcess
GetCurrentProcess
GetCommandLineA
GetVersionExA
RaiseException
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
GetModuleFileNameA
GetACP
GetOEMCP
GetCPInfo
WriteFile
GetStdHandle
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
SetHandleCount
GetFileType
GetStartupInfoA
SetUnhandledExceptionFilter
InterlockedExchange
VirtualQuery
SetFilePointer
IsBadReadPtr
IsBadCodePtr
HeapSize
LCMapStringA
MultiByteToWideChar
LCMapStringW
GetStringTypeA
GetStringTypeW
FlushFileBuffers
SetStdHandle

user32

wsprintfA
IsCharAlphaNumericA

advapi32

RegQueryValueExA
LogonUserA
ImpersonateLoggedOnUser
RevertToSelf
RegOpenKeyExA
RegEnumKeyExA
RegCloseKey

oleaut32

GetErrorInfo

Sections

.text
Size: 40KB - Virtual size: 37KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
pstgdump/AUTHORS
pstgdump/COPYING
pstgdump/Debug/pstgdump.exe
.exe windows:4 windows x86 arch:x86

a90c02abb8e70055e03e9c555fc4eb35

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

crypt32

CryptUnprotectData

kernel32

GetLocaleInfoA
SetStdHandle
GetLastError
CloseHandle
LoadLibraryA
GetProcAddress
lstrcpyA
FlushFileBuffers
LocalFree
lstrlenW
IsBadWritePtr
IsBadReadPtr
HeapValidate
RtlUnwind
TerminateProcess
GetCurrentProcess
ExitProcess
GetModuleHandleA
GetCommandLineA
GetVersionExA
RaiseException
HeapAlloc
DebugBreak
GetStdHandle
WriteFile
InterlockedDecrement
OutputDebugStringA
InterlockedIncrement
GetModuleFileNameA
HeapReAlloc
HeapFree
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
GetCPInfo
GetACP
GetOEMCP
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
SetHandleCount
GetFileType
GetStartupInfoA
SetUnhandledExceptionFilter
VirtualQuery
InterlockedExchange
SetConsoleCtrlHandler
MultiByteToWideChar
GetStringTypeA
GetStringTypeW
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
GetProcessHeap
FreeLibrary
IsBadCodePtr
SetFilePointer
LCMapStringA
LCMapStringW
VirtualProtect
GetSystemInfo

user32

wsprintfA
IsCharAlphaNumericA

advapi32

RegQueryValueExA
LogonUserA
ImpersonateLoggedOnUser
RevertToSelf
RegOpenKeyExA
RegEnumKeyExA
RegCloseKey

oleaut32

VariantClear
CreateErrorInfo
SysFreeString
GetErrorInfo
VariantChangeType
VariantInit
SetErrorInfo

Sections

.textbss
Size: - Virtual size: 64KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 128KB - Virtual size: 124KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
pstgdump/INSTALL
pstgdump/ProtectedStorage.cpp
pstgdump/ProtectedStorage.h
pstgdump/README
pstgdump/Release/pstgdump.exe
.exe windows:4 windows x86 arch:x86

f38a14b98597618926f15856879f2f5f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

crypt32

CryptUnprotectData

kernel32

GetLocaleInfoA
GetSystemInfo
GetLastError
CloseHandle
LoadLibraryA
GetProcAddress
lstrcpyA
VirtualProtect
LocalFree
HeapFree
HeapReAlloc
HeapAlloc
ExitProcess
RtlUnwind
GetModuleHandleA
TerminateProcess
GetCurrentProcess
GetCommandLineA
GetVersionExA
RaiseException
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
GetModuleFileNameA
GetACP
GetOEMCP
GetCPInfo
WriteFile
GetStdHandle
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
SetHandleCount
GetFileType
GetStartupInfoA
SetUnhandledExceptionFilter
InterlockedExchange
VirtualQuery
SetFilePointer
IsBadReadPtr
IsBadCodePtr
HeapSize
LCMapStringA
MultiByteToWideChar
LCMapStringW
GetStringTypeA
GetStringTypeW
FlushFileBuffers
SetStdHandle

user32

wsprintfA
IsCharAlphaNumericA

advapi32

RegQueryValueExA
LogonUserA
ImpersonateLoggedOnUser
RevertToSelf
RegOpenKeyExA
RegEnumKeyExA
RegCloseKey

oleaut32

GetErrorInfo

Sections

.text
Size: 40KB - Virtual size: 37KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
pstgdump/XGetopt.cpp
pstgdump/XGetopt.h
pstgdump/pstgdump.cpp
pstgdump/pstgdump.vcproj
.xml
pstgdump/stdafx.cpp
pstgdump/stdafx.h
pwdump6/BlowfishStringConvert.h
pwdump6/COPYING
pwdump6/LsaExt.c
pwdump6/LsaExt.vcproj
.xml
pwdump6/PwDump6.cpp
.js
pwdump6/PwDump6.sln
pwdump6/PwDump6.vcproj
.xml
pwdump6/README
pwdump6/XGetopt.c
pwdump6/XGetopt.h
pwdump6/blowfish.c
pwdump6/blowfish.h
pwdump6/config.h
pwdump6/lsassthreadstub.c
pwdump6/lsassthreadstub.h
pwdump6/pwdump.rc
pwdump6/pwservice.cpp
pwdump6/pwservice.vcproj
.xml
pwdump6/resource.h
resource.h
servpw.exe
.exe windows:4 windows x86 arch:x86

3bfb186df8e2e1fc64ca15663e6f49e8

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

lsremora

SetAccessPriv

kernel32

LoadLibraryA
VirtualFreeEx
CloseHandle
GetExitCodeThread
WaitForSingleObject
GetProcAddress
WriteProcessMemory
GetLastError
VirtualAllocEx
GetModuleFileNameA
OpenProcess
FreeLibrary
CreateRemoteThread
GetCurrentThreadId
GetCommandLineA
HeapFree
GetVersionExA
HeapAlloc
GetProcessHeap
RaiseException
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetModuleHandleA
ExitProcess
WriteFile
GetStdHandle
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
SetHandleCount
GetFileType
GetStartupInfoA
DeleteCriticalSection
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
InterlockedDecrement
HeapDestroy
HeapCreate
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
Sleep
HeapSize
LeaveCriticalSection
EnterCriticalSection
VirtualAlloc
HeapReAlloc
SetFilePointer
GetConsoleCP
GetConsoleMode
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
InitializeCriticalSection
RtlUnwind
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
CreateFileA
FlushFileBuffers

advapi32

RegisterServiceCtrlHandlerA
SetServiceStatus
StartServiceCtrlDispatcherA

Sections

.text
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
servpw64.exe
.exe windows:4 windows x64 arch:x64

5faf95f288ae5e85fff2b949ccbcc6a3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

lsremora64

SetAccessPriv

kernel32

LoadLibraryA
VirtualFreeEx
CloseHandle
GetExitCodeThread
WaitForSingleObject
GetProcAddress
WriteProcessMemory
GetLastError
VirtualAllocEx
GetModuleFileNameA
OpenProcess
FreeLibrary
CreateRemoteThread
FlsSetValue
GetCommandLineA
HeapFree
GetVersionExA
HeapAlloc
GetProcessHeap
RaiseException
RtlPcToFileHeader
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlCaptureContext
RtlVirtualUnwind
RtlLookupFunctionEntry
GetModuleHandleA
ExitProcess
WriteFile
GetStdHandle
RtlUnwindEx
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
SetHandleCount
GetFileType
GetStartupInfoA
DeleteCriticalSection
FlsGetValue
TlsFree
FlsFree
SetLastError
GetCurrentThreadId
FlsAlloc
HeapSetInformation
HeapCreate
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
Sleep
HeapSize
LeaveCriticalSection
EnterCriticalSection
SetFilePointer
GetConsoleCP
GetConsoleMode
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
InitializeCriticalSection
HeapReAlloc
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
CreateFileA
FlushFileBuffers

advapi32

RegisterServiceCtrlHandlerA
SetServiceStatus
StartServiceCtrlDispatcherA

Sections

.text
Size: 43KB - Virtual size: 42KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
stdafx.cpp
stdafx.h

Sharing

General

Malware Config

Signatures

Files

c8a6cf8c1bec90b627bdb6937e0a4d96

Headers

File Characteristics

Imports

netapi32

mpr

kernel32

user32

advapi32

ole32

Sections

.textbss Size: - Virtual size: 133KB

.text Size: 296KB - Virtual size: 293KB

.rdata Size: 44KB - Virtual size: 43KB

.data Size: 12KB - Virtual size: 16KB

.idata Size: 8KB - Virtual size: 4KB

.rsrc Size: 988KB - Virtual size: 987KB

1781f06048a7e58b323f0b9259be798b

Headers

File Characteristics

Imports

mpr

netapi32

kernel32

user32

advapi32

ole32

Sections

.text Size: 100KB - Virtual size: 99KB

.rdata Size: 28KB - Virtual size: 26KB

.data Size: 8KB - Virtual size: 16KB

.rsrc Size: 4KB - Virtual size: 832B

fd35e4db9753c3fb74671af9bb4e4e64

Headers

File Characteristics

Imports

netapi32

mpr

kernel32

user32

advapi32

ole32

Sections

.text Size: 88KB - Virtual size: 85KB

.rdata Size: 32KB - Virtual size: 28KB

.data Size: 4KB - Virtual size: 10KB

.rsrc Size: 824KB - Virtual size: 822KB

bddfe6be997296991b781fdb913371cb

Headers

File Characteristics

Imports

kernel32

user32

advapi32

ole32

psapi

Sections

.text Size: 96KB - Virtual size: 94KB

.rdata Size: 16KB - Virtual size: 13KB

.data Size: 4KB - Virtual size: 51KB

.rsrc Size: 4KB - Virtual size: 176B

b6bdadddfdf2339497981a90c3884563

Headers

File Characteristics

Imports

kernel32

advapi32

psapi

Sections

.text Size: 32KB - Virtual size: 29KB

.rdata Size: 8KB - Virtual size: 7KB

.data Size: 4KB - Virtual size: 8KB

fd79fe570f68ca17237c03003519d3b1

Headers

DLL Characteristics

.textbss
Size: - Virtual size: 133KB

.text
Size: 296KB - Virtual size: 293KB

.rdata
Size: 44KB - Virtual size: 43KB

.data
Size: 12KB - Virtual size: 16KB

.idata
Size: 8KB - Virtual size: 4KB

.rsrc
Size: 988KB - Virtual size: 987KB

.text
Size: 100KB - Virtual size: 99KB

.rdata
Size: 28KB - Virtual size: 26KB

.data
Size: 8KB - Virtual size: 16KB

.rsrc
Size: 4KB - Virtual size: 832B

.text
Size: 88KB - Virtual size: 85KB

.rdata
Size: 32KB - Virtual size: 28KB

.data
Size: 4KB - Virtual size: 10KB

.rsrc
Size: 824KB - Virtual size: 822KB

.text
Size: 96KB - Virtual size: 94KB

.rdata
Size: 16KB - Virtual size: 13KB

.data
Size: 4KB - Virtual size: 51KB

.rsrc
Size: 4KB - Virtual size: 176B

.text
Size: 32KB - Virtual size: 29KB

.rdata
Size: 8KB - Virtual size: 7KB

.data
Size: 4KB - Virtual size: 8KB

.text
Size: 128KB - Virtual size: 128KB

.rdata
Size: 26KB - Virtual size: 26KB

.data
Size: 5KB - Virtual size: 54KB

.pdata
Size: 8KB - Virtual size: 8KB

.text
Size: 32KB - Virtual size: 28KB

.rdata
Size: 8KB - Virtual size: 6KB

.data
Size: 4KB - Virtual size: 7KB

.textbss
Size: - Virtual size: 64KB

.text
Size: 104KB - Virtual size: 101KB

.rdata
Size: 16KB - Virtual size: 14KB

.data
Size: 8KB - Virtual size: 13KB

.idata
Size: 4KB - Virtual size: 2KB

.text
Size: 32KB - Virtual size: 28KB

.rdata
Size: 8KB - Virtual size: 6KB

.data
Size: 4KB - Virtual size: 7KB

.text
Size: 44KB - Virtual size: 41KB

.rdata
Size: 16KB - Virtual size: 12KB

.data
Size: 4KB - Virtual size: 14KB

.reloc
Size: 8KB - Virtual size: 4KB

.text
Size: 51KB - Virtual size: 50KB

.rdata
Size: 17KB - Virtual size: 17KB

.data
Size: 5KB - Virtual size: 17KB

.pdata
Size: 3KB - Virtual size: 3KB