raccoon | 231107-bz5yxsbb62_pw_infected[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

231107-bz5yxsbb62_pw_infected.zip
Size

198.7MB
MD5

ddcebc8ed5bf63482fa43256738ababa
SHA1

4d4dc2548b990fa958d4f7f6628c2e4e1d5d1bca
SHA256

1afe857d1b5f2c0ff48ebbd2f32abf11f9b310416b1273e77adc7ee37f001ff8
SHA512

6aa9b10beaead4abd9404b5cb63e7214748127ef5f3e7d89929a70b534c4d98633fee7fd6b8082feac806f540128d08d152cb763383a0bd8c2b6ab19554b2eef
SSDEEP

6291456:rW9ezadSq+3+rgYYQFO8G8W0a8cvsny/mvvLwpJzX0:MBs+vU8nNy/tHk

Score

10^/10

vmprotect 5ba094fed1175cc7d1abb03fa165c23c loader upx raccoon privateloader socelars zgrat snakekeylogger stealc

Malware Config

Extracted

Family

raccoon

Botnet

5ba094fed1175cc7d1abb03fa165c23c

http://79.137.207.53/

Attributes

user_agent
901785252112

xor.plain

Extracted

Family

privateloader

http://45.133.1.107/server.txt

pastebin.com/raw/A7dSG1te

http://wfsdragon.ru/api/setStats.php

51.178.186.149

http://45.133.1.182/proxies.txt

45.133.1.60

Attributes

payload_url
https://vipsofts.xyz/files/mega.bmp

Extracted

Family

socelars

http://www.iyiqian.com/

http://www.hbgents.top/

http://www.rsnzhy.com/

http://www.znsjis.top/

Extracted

Family

stealc

http://robertjohnson.top

Attributes

url_path
/e9c345fc99a4e67e.php

rc4.plain

Signatures

Detect ZGRat V1 3 IoCs

Processes:

resource	yara_rule
static1/unpack002/Samples 5/050506129490bf4fc71dfedbf612532a669ea9b02f2d6b8311428601e915763e.exe	family_zgrat_v1
static1/unpack002/Samples 6/bd4e2dd3ffc3977b2ca8f818c2e51c421a1f4772b4fe11a1aa8448dc50fddab2.exe	family_zgrat_v1
static1/unpack002/Samples 6/c6befd3879040aeca88afd9b461177c9a3fc830f2020f2878696ddca0cea994e.exe	family_zgrat_v1

Privateloader family
privateloader

Raccoon Stealer V2 payload 1 IoCs

Processes:

resource	yara_rule
static1/unpack002/Samples 2/6c48e39183dda2dbdc8c92592c72feef6c6688c7b9e033ffe55581be572858e5.exe	family_raccoon_v2

Raccoon family
raccoon

Snake Keylogger payload 1 IoCs

Processes:

resource	yara_rule
static1/unpack004/out.upx	family_snakekeylogger

Snakekeylogger family
snakekeylogger
Socelars family
socelars

Socelars payload 1 IoCs

Processes:

resource	yara_rule
static1/unpack002/Samples 4/9797a37016362ce602e53046e32a596c186a489976d38a7e2e9113344415c71a.exe	family_socelars

Stealc family
stealc
Zgrat family
zgrat

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
static1/unpack002/Samples 5/448140b0da950c59905b373bc96a0cefce7bce665c2727f416353d035f35583d.exe	upx
static1/unpack002/Samples 5/b6b789bb154eaee918cb7eec069e9a80ca1e7596d27a2a8495ddee5e800259ed.exe	upx

VMProtect packed file 2 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

Processes:

resource	yara_rule
static1/unpack002/Samples 1/2a6e81706ec02af2afc1254ac19dcf89203bc0cefd6d6df5cf57cd9c70526c6c.exe	vmprotect
static1/unpack002/Samples 6/c76d7f244175880387474af937c59ad2cbfec2f4bdfdefdf0a9d1def029faa31.exe	vmprotect

AutoIT Executable 1 IoCs

AutoIT scripts compiled to PE executables.

Processes:

resource	yara_rule
static1/unpack002/Samples 1/5cc02305d7b5cb0675f2ac65422a115aa44d8f28e5a2b759470d17d6bf851a3a.exe	autoit_exe

Unsigned PE 99 IoCs

Checks for missing Authenticode signature.

Processes:

resource
unpack002/Samples 1/0d69cafe700a952a621c9b5981504e30c939c3d6cc34452691fce67b2eb6c1cd.exe
unpack002/Samples 1/0dc8b4659b84d8d9b96e544279da980b36301253912a043b5e48c9bd7bb6e09f.exe
unpack002/Samples 1/1d21da7ca3f1105e0fba4c64281c4199a1d2788bf2fd5ed975529e7a7ea6d695.exe
unpack002/Samples 1/1f2a3d598734fe566de2054f3c73fd2245fc6023f0740bdbae88a076f508ebd2.exe
unpack002/Samples 1/2bee29bac294615a9d1b613ba775972cda26781938e3ae3aa60ad9737f1fbde8.exe
unpack002/Samples 1/2c17c6ecd63459b4442629093178ca786b4754244e1d879cef8520ce3e471d4f.exe
unpack002/Samples 1/3bb40bab103c5f34e08a2c179ea379abd37d9861d7f6ac3d56d5c0d693b4260a.exe
unpack002/Samples 1/3c5720111b5562bdbcef0ac01a7d4fcf47ad75af43f84220129c0a1abb5e65f4.exe
unpack002/Samples 1/3d52822949346df4385fc98bf246b67f2667b4959cf15e490072ba00bbff59c3.exe
unpack002/Samples 1/4de3272c8195c4473cfa3c3abaaf682c7975ee0dc02f555fb5ac8588dcf3af26.exe
unpack002/Samples 1/5cc02305d7b5cb0675f2ac65422a115aa44d8f28e5a2b759470d17d6bf851a3a.exe
unpack002/Samples 1/5e6e5fe247e96c09a7297b32c31880847a6827762b9afdbb7d7b46e3c0071a91.exe
unpack002/Samples 2/18f74890fef60f1e18d5b1d0b43f100c69b430445187d672bbedf46aff687d09.exe
unpack002/Samples 2/23c81c824177bc39dc8131bb8c25661ffecf0026501a7d074b49ff0eabc10b25.exe
unpack002/Samples 2/5eff7e99184b9c8352125aaf8aa9d72e33049c52dc4eb7a69d509da3e7004cb2.exe
unpack002/Samples 2/5fca14e334abfa6aefad9d409d44e951f14231ae0a0f91b7af0ce392726be3ad.exe
unpack002/Samples 2/6b53de90d4c71ace801f6208d6a38c6e59a7e5d50de83544b9ef7f20c5296de2.exe
unpack002/Samples 2/6b8687e4a9ec832619d1e0477cc54e1709e25251c79571e697f6b43c4785fc29.exe
unpack002/Samples 2/6bd2d5f2630ce91d3d93d5a686d0ea381b6efa2b25d0dbd0f509a17f7ed3788d.exe
unpack002/Samples 2/6c48e39183dda2dbdc8c92592c72feef6c6688c7b9e033ffe55581be572858e5.exe
unpack002/Samples 2/8b70ca880f25f4e03bcac422fb2e6044369bf25d45d9b846db546728d66618a6.exe
unpack002/Samples 2/8ce95aee92cffc56420902fa657bc82a44574450ada63eb864d11e404a59a078.exe
unpack002/Samples 2/9cf8a802217928175088777f3f886dde3cba71c0a5c427ed169e24581e1c7a9b.exe
unpack002/Samples 2/9d0863c76aa5212eee67a9d8e8fa25547d9c99e9c47286027637fb50812a1110.exe
unpack002/Samples 3/081a3d200edb928e18cfac98d151d6af21b7fc1fb017f066a1ce428929c5da9b.exe
unpack002/Samples 3/093ea014b7458f9388f4c76b758c08b6a34e713736330f97fa49c99d71e2b371.exe
unpack002/Samples 3/095acff5fceaebcb8026d5dc628953ac226c8bf66aa1fbd929b2b569c9b937d2.exe
unpack002/Samples 3/179a03ea134385e1a80aaa05703d70008024d8771d836f62595c5b9187138723.exe
unpack002/Samples 3/209dc352ae660c94c7bd22fc9e97420bebfc56840e237e0d60cc42f734bfa386.exe
unpack002/Samples 3/31e7e054709f5b627f50b6b26f95c6e0536c7d03361c16c9677c70fe327a7181.exe
unpack002/Samples 3/56e26fd1b4bb65afbfccfcd02b594270030f800f0270068d00c3eb6c31553323.exe
unpack002/Samples 3/61a764045daabe15243e13405d418e3f60b6671ee7a1e325c6021204920f741c.exe
unpack002/Samples 3/74bafd56c1fb3cdebf0a63de4ffb6f16dc1d5cee38e11ab0d2bc2614538da65f.exe
unpack002/Samples 3/74f60be5e412a3af9701289707be3aa8e6e321283a0280c20cb437ac25d8d90e.exe
unpack002/Samples 3/77bdc94b3e90f3d4df5ca299e563e8425b6dd7ec50e0fe6fa697e87b1926f778.exe
unpack002/Samples 3/80db68b4b0216a5371497f59d688d88108efe0bbf3d3fea1b969cde9ce8d4168.exe
unpack002/Samples 3/91bbe97818559d7e7f7c35b60c152e6e2db4f42e3f9c6f80421bbdfb646e7068.exe
unpack002/Samples 3/94dbf6089ceccafd34ec1011941f18682361d71a9fbc54d1495dc0f9ec52169e.exe
unpack002/Samples 3/96b3a6f88bebb213230bd38f95804466296c238e0774861ceec6ad4424dcfb45.exe
unpack002/Samples 4/0532a82db5727b773fd280a5bc3ffa8b3be3be05bf5a9c125dbdf5f1e9fa63ce.exe
unpack002/Samples 4/0600f0c29e7513b060c4634804b2a2ad7e636c8372f7ee927b9e20e72e2bc807.exe
unpack002/Samples 4/25540f55ae5a200dd9635f60a3b62458b6d95386d0d92eab2282facc6f51084e.exe
unpack002/Samples 4/4051eb7216e002cc6d827d781527d7556f4eb0f47bf092fc1a58b41b365252ec.exe
unpack002/Samples 4/569cf42b940d1e5d5d4d675f6172542a8ac01596c7bc69a8b65dbe7f9ff7ed25.exe
unpack002/Samples 4/5774f205b3abcd5adc225b26b5ce546c2e7eb3490d03aa13c15234370dc42e27.exe
unpack002/Samples 4/65350ee5de866f54845c13472cc7e0257b55715560ff9696ba2d4dc0494991e6.exe
unpack002/Samples 4/6577f5c5150e1dc818be87c2483db10b3af00effc2faf5c1acd174a8db760001.exe
unpack002/Samples 4/7755e890ecb6b60a9cbed072a609fbe099968b1fbda51f1d1f940bbc581c9f70.exe
unpack002/Samples 4/81539fb95214aadc076c01161cdce901fc57b6cc8d82e27bae4915c512d9baad.exe
unpack002/Samples 4/87876acd533b5e473c1f27bf24ad26a9b6d0e6859186e00ac3efa334711b8f4a.exe
unpack002/Samples 4/8896b158ac271c269cfea637cd9402db48676eeef02b9d694d5c9f0eaeb3dbb0.exe
unpack002/Samples 4/9797a37016362ce602e53046e32a596c186a489976d38a7e2e9113344415c71a.exe
unpack002/Samples 4/995d009e2fa6b510a0251895e0e71d0709ebfdeac782eae91caa3b4ee30bd29b.exe
unpack002/Samples 5/1391748ce1bffd2513a95275adeb87105e963ef9452ea26798edd2dbd0126f2e.exe
unpack002/Samples 5/210353e2c687a7e1e94408ca27cf59fbbec44495d75a3e466ae528a1a33a53ea.exe
unpack002/Samples 5/448140b0da950c59905b373bc96a0cefce7bce665c2727f416353d035f35583d.exe
unpack002/Samples 5/618969df2d98c660836fc0c94f95d93c8c561f19f106c56eca3f5aa9930cbba8.exe
unpack002/Samples 5/640241afe83f23ed74de217149943294fb612ba8a283edb5049c23f059414a8a.exe
unpack002/Samples 5/836486fba787ca151a90548a0ebe5d6bfc006c52133bf6a349a266c8ccf4f79b.exe
unpack002/Samples 5/a5e6cd875238850ec701202134a00d276574d623ac52383f4a96e26650ceac77.exe
unpack002/Samples 5/aa5e9ff271143c3cd205988c3100f1bb844d70d2930f04a2b2002e9c0951a74e.exe
unpack002/Samples 5/af74c04a2c7ab70c4b5e3c12ed698d0220be1324f341bd9d4e38d83a9f49adc6.exe
unpack002/Samples 5/b554bb8695c6674175bb3493f8f34c3d1d5b7f4cbb6da4c2e8431bd03acb4351.exe
unpack002/Samples 5/b6b789bb154eaee918cb7eec069e9a80ca1e7596d27a2a8495ddee5e800259ed.exe

NSIS installer 2 IoCs

installer

Processes:

resource	yara_rule
static1/unpack002/Samples 2/15e3a34b2bd7ad520d87fe902eee65f35049cc5bc3579bbb5182dfb91e3fd289.exe	nsis_installer_1
static1/unpack002/Samples 2/15e3a34b2bd7ad520d87fe902eee65f35049cc5bc3579bbb5182dfb91e3fd289.exe	nsis_installer_2

Files

231107-bz5yxsbb62_pw_infected.zip
.zip

Password: infected
Divided Threats.zip
.zip
Samples 1/0d69cafe700a952a621c9b5981504e30c939c3d6cc34452691fce67b2eb6c1cd.exe
.exe windows:4 windows x86 arch:x86

c05041e01f84e1ccca9c4451f3b6a383

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegCreateKeyExW
RegEnumKeyW
RegQueryValueExW
RegSetValueExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
SetFileSecurityW
RegOpenKeyExW
RegEnumValueW

shell32

SHGetSpecialFolderLocation
SHFileOperationW
SHBrowseForFolderW
SHGetPathFromIDListW
ShellExecuteExW
SHGetFileInfoW

ole32

OleInitialize
OleUninitialize
CoCreateInstance
IIDFromString
CoTaskMemFree

comctl32

ord17
ImageList_Create
ImageList_Destroy
ImageList_AddMasked

user32

GetClientRect
EndPaint
DrawTextW
IsWindowEnabled
DispatchMessageW
wsprintfA
CharNextA
CharPrevW
MessageBoxIndirectW
GetDlgItemTextW
SetDlgItemTextW
GetSystemMetrics
FillRect
AppendMenuW
TrackPopupMenu
OpenClipboard
SetClipboardData
CloseClipboard
IsWindowVisible
CallWindowProcW
GetMessagePos
CheckDlgButton
LoadCursorW
SetCursor
GetWindowLongW
GetSysColor
SetWindowPos
PeekMessageW
SetClassLongW
GetSystemMenu
EnableMenuItem
GetWindowRect
ScreenToClient
EndDialog
RegisterClassW
SystemParametersInfoW
CreateWindowExW
GetClassInfoW
DialogBoxParamW
CharNextW
ExitWindowsEx
DestroyWindow
CreateDialogParamW
SetTimer
SetWindowTextW
PostQuitMessage
SetForegroundWindow
ShowWindow
wsprintfW
SendMessageTimeoutW
FindWindowExW
IsWindow
GetDlgItem
SetWindowLongW
LoadImageW
GetDC
ReleaseDC
EnableWindow
InvalidateRect
SendMessageW
DefWindowProcW
BeginPaint
EmptyClipboard
CreatePopupMenu

gdi32

SetBkMode
SetBkColor
GetDeviceCaps
CreateFontIndirectW
CreateBrushIndirect
DeleteObject
SetTextColor
SelectObject

kernel32

GetExitCodeProcess
WaitForSingleObject
GetModuleHandleA
GetProcAddress
GetSystemDirectoryW
lstrcatW
Sleep
lstrcpyA
WriteFile
GetTempFileNameW
lstrcmpiA
RemoveDirectoryW
CreateProcessW
CreateDirectoryW
GetLastError
CreateThread
GlobalLock
GlobalUnlock
GetDiskFreeSpaceW
WideCharToMultiByte
lstrcpynW
lstrlenW
SetErrorMode
GetVersion
GetCommandLineW
GetTempPathW
GetWindowsDirectoryW
SetEnvironmentVariableW
ExitProcess
CopyFileW
GetCurrentProcess
GetModuleFileNameW
GetFileSize
CreateFileW
GetTickCount
MulDiv
SetFileAttributesW
GetFileAttributesW
SetCurrentDirectoryW
MoveFileW
GetFullPathNameW
GetShortPathNameW
SearchPathW
CompareFileTime
SetFileTime
CloseHandle
lstrcmpiW
lstrcmpW
ExpandEnvironmentStringsW
GlobalFree
GlobalAlloc
GetModuleHandleW
LoadLibraryExW
MoveFileExW
FreeLibrary
WritePrivateProfileStringW
GetPrivateProfileStringW
lstrlenA
MultiByteToWideChar
ReadFile
SetFilePointer
FindClose
FindNextFileW
FindFirstFileW
DeleteFileW

Sections

.text
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 128KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 64KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Samples 1/0dc8b4659b84d8d9b96e544279da980b36301253912a043b5e48c9bd7bb6e09f.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 347KB - Virtual size: 346KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Samples 1/1d21da7ca3f1105e0fba4c64281c4199a1d2788bf2fd5ed975529e7a7ea6d695.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 758KB - Virtual size: 757KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Samples 1/1f2a3d598734fe566de2054f3c73fd2245fc6023f0740bdbae88a076f508ebd2.exe
.exe windows:4 windows x86 arch:x86

32569d67dc210c5cb9a759b08da2bdb3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

oleaut32

SysStringLen
SysAllocStringLen
VariantClear

user32

DialogBoxParamW
SetWindowLongW
GetWindowLongW
GetDlgItem
LoadStringW
CharUpperW
DestroyWindow
EndDialog
PostMessageW
SetWindowTextW
ShowWindow
MessageBoxW
SendMessageW
LoadIconW
KillTimer
SetTimer

shell32

ShellExecuteExW

msvcrt

_controlfp
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_XcptFilter
_exit
?terminate@@YAXXZ
??1type_info@@UAE@XZ
_except_handler3
_beginthreadex
memset
wcsstr
free
malloc
memcpy
_CxxThrowException
_purecall
memmove
memcmp
wcscmp
__CxxFrameHandler

kernel32

WaitForSingleObject
GetStartupInfoA
InitializeCriticalSection
ResetEvent
SetEvent
CreateEventW
lstrlenW
lstrcatW
VirtualFree
VirtualAlloc
Sleep
WaitForMultipleObjects
GetFileInformationByHandle
GetStdHandle
GlobalMemoryStatus
GetSystemInfo
GetCurrentProcess
GetProcessAffinityMask
SetEndOfFile
WriteFile
ReadFile
SetFilePointer
GetFileSize
GetFileAttributesW
GetModuleHandleA
FindNextFileW
FindFirstFileW
FindClose
GetCurrentThreadId
GetTickCount
GetCurrentProcessId
GetTempPathW
GetCurrentDirectoryW
SetCurrentDirectoryW
SetLastError
DeleteFileW
CreateDirectoryW
GetModuleHandleW
GetProcAddress
RemoveDirectoryW
SetFileAttributesW
CreateFileW
SetFileTime
GetSystemDirectoryW
FormatMessageW
LocalFree
GetModuleFileNameW
LoadLibraryExW
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetLastError
GetVersionExW
GetCommandLineW
CreateProcessW
CloseHandle

Sections

.text
Size: 102KB - Virtual size: 101KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.sxdata
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Samples 1/2a6e81706ec02af2afc1254ac19dcf89203bc0cefd6d6df5cf57cd9c70526c6c.exe
.exe windows:6 windows x86 arch:x86

e74959acf8d102fe14144468dae6b4a4

Code Sign

15:e9:00:a7:2f:6c:c0:b3:4c:70:63:d6:83:9d:41:98
Certificate

Issuer

CN=\<ƒ\<›\<Ö\<ã\<=6=E=„=§=ß=é=6\>C\>[\>–\>£\>Ì\>ü\>?&§ë¨�ê¨�ê¨�ê§�ê§�ê§�ê§�ë§�ê§�ê\<ƒ\<›\<Ö\<ã\<=6=E=„=§=ß=é=6\>C\>[\>–\>£\>Ì\>ü\>?&§ë¨�ê¨�ê¨�ê§�ê§�ê§�ê§�ë§�ê§�ê\<ƒ\<›\<Ö\<ã\<=6=E=„=§=ß=é=6\>C\>[\>–\>£\>Ì\>ü\>?&§ë¨�ê¨�ê¨�ê§�ê§�ê§�ê§�ë§�ê§�ê\<ƒ\<›\<Ö\<ã\<=6=E=„=§=ß=é=6\>C\>[\>–\>£\>Ì\>ü\>?&§ë¨�ê¨�ê¨�ê§�ê§�ê§�ê§�ë§�ê§�ê\<ƒ\<›\<Ö\<ã\<=6=E=„=§=ß=é=6\>C\>[\>–\>£\>Ì\>ü\>?&§ë¨�ê¨�ê¨�ê§�ê§�ê§�ê§�ë§�ê§�ê\<ƒ\<›\<Ö\<ã\<=6=E=„=§=ß=é=6\>C\>[\>–\>£\>Ì\>ü\>?&§ë¨�ê¨�ê¨�ê§�ê§�ê§�ê§�ë§�ê§�ê\<ƒ\<›\<Ö\<ã\<=6=E=„=§=ß=é=6\>C\>[\>–\>£\>Ì\>ü\>?&§ë¨�ê¨�ê¨�ê§�ê§�ê§�ê§�ë§�ê§�ê\<ƒ\<›\<Ö\<ã\<=6=E=„=§=ß=é=6\>C\>[\>–\>£\>Ì\>ü\>?&§ë¨�ê¨�ê¨�ê§�ê§�ê§�ê§�ë§�ê§�ê\<ƒ\<›\<Ö\<ã\<=6=E=„=§=ß=é=6\>C\>[\>–\>£\>Ì\>ü\>?&§ë¨�ê¨�ê¨�ê§�ê§�ê§�ê§�ë§�ê§�ê\<ƒ\<›\<Ö\<ã\<=6=E=„=§=ß=é=6\>C\>[\>–\>£\>Ì\>ü\>?&§ë¨�ê¨�ê¨�ê§�ê§�ê§�ê§�ë§�ê§�ê\<ƒ\<›\<Ö\<ã\<=6=E=„=§=ß=é=6\>C\>[\>–\>£\>Ì\>ü\>?&§ë¨�ê¨�ê¨�ê§�ê§�ê§�ê§�ë§�ê§�ê\<ƒ\<›\<Ö\<ã\<=6=E=„=§=ß=é=6\>C\>[\>–\>£\>Ì\>ü\>?&§ë¨�ê¨�ê¨�ê§�ê§�ê§�ê§�ë§�ê§�ê\<ƒ\<›\<Ö\<ã\<=6=E=„=§=ß=é=6\>C\>[\>–\>£\>Ì\>ü\>?&§ë¨�ê¨�ê¨�ê§�ê§�ê§�ê§�ë§�ê§�ê\<ƒ\<›\<Ö\<ã\<=6=E=„=§=ß=é=6\>C\>[\>–\>£\>Ì\>ü\>?&§ë¨�ê¨�ê¨�ê§�ê§�ê§�ê§�ë§�ê§�ê\<ƒ\<›\<Ö\<ã\<=6=E=„=§=ß=é=6\>C\>[\>–\>£\>Ì\>ü\>?&§ë¨�ê¨�ê¨�ê§�ê§�ê§�ê§�ë§�ê§�ê\<ƒ\<›\<Ö\<ã\<=6=E=„=§=ß=é=6\>C\>[\>–\>£\>Ì\>ü\>?&§ë¨�ê¨�ê¨�ê§�ê§�ê§�ê§�ë§�ê§�ê\<ƒ\<›\<Ö\<ã\<=6=E=„=§=ß=é=6\>C\>[\>–\>£\>Ì\>ü\>?&§ë¨�ê¨�ê¨�ê§�ê§�ê§�ê§�ë§�ê§�ê\<ƒ\<›\<Ö\<ã\<=6=E=„=§=ß=é=6\>C\>[\>–\>£\>Ì\>ü\>?&§ë¨�ê¨�ê¨�ê§�ê§�ê§�ê§�ë§�ê§�ê\<ƒ\<›\<Ö\<ã\<=6=E=„=§=ß=é=6\>C\>[\>–\>£\>Ì\>ü\>?&§ë¨�ê¨�ê¨�ê§�ê§�ê§�ê§�ë§�ê§�ê\<ƒ\<›\<Ö\<ã\<=6=E=„=§=ß=é=6\>C\>[\>–\>£\>Ì\>ü\>?&§ë¨�ê¨�ê¨�ê§�ê§�ê§�ê§�ë§�ê§�ê\<ƒ\<›\<Ö\<ã\<=6=E=„=§=ß=é=6\>C\>[\>–\>£\>Ì\>ü\>?&§ë¨�ê¨�ê¨�ê§�ê§�ê§�ê§�ë§�ê§�ê\<ƒ\<›\<Ö\<ã\<=6=E=„=§=ß=é=6\>C\>[\>–\>£\>Ì\>ü\>?&§ë¨�ê¨�ê¨�ê§�ê§�ê§�ê§�ë§�ê§�ê\<ƒ\<›\<Ö\<ã\<=6=E=„=§=ß=é=6\>C\>[\>–\>£\>Ì\>ü\>?&§ë¨�ê¨�ê¨�ê§�ê§�ê§�ê§�ë§�ê§�ê\<ƒ\<›\<Ö\<ã\<=6=E=„=§=ß=é=6\>C\>[\>–\>£\>Ì\>ü\>?&§ë¨�ê¨�ê¨�ê§�ê§�ê§�ê§�ë§�ê§�ê\<ƒ\<›\<Ö\<ã\<=6=E=„=§=ß=é=6\>C\>[\>–\>£\>Ì\>ü\>?&§ë¨�ê¨�ê¨�ê§�ê§�ê§�ê§�ë§�ê§�ê\<ƒ\<›\<Ö\<ã\<=6=E=„=§=ß=é=6\>C\>[\>–\>£\>Ì\>ü\>?&§ë¨�ê¨�ê¨�ê§�ê§�ê§�ê§�ë§�ê§�ê\<ƒ\<›\<Ö\<ã\<=6=E=„=§=ß=é=6\>C\>[\>–\>£\>Ì\>ü\>?&§ë¨�ê¨�ê¨�ê§�ê§�ê§�ê§�ë§�ê§�ê\<ƒ\<›\<Ö\<ã\<=6=E=„=§=ß=é=6\>C\>[\>–\>£\>Ì\>ü\>?&§ë¨�ê¨�ê¨�ê§�ê§�ê§�ê§�ë§�ê§�ê\<ƒ\<›\<Ö\<ã\<=6=E=„=§=ß=é=6\>C\>[\>–\>£\>Ì\>ü\>?&§ë¨�ê¨�ê¨�ê§�ê§�ê§�ê§�ë§�ê§�ê\<ƒ\<›\<Ö\<ã\<=6=E=„=§=ß=é=6\>C\>[\>–\>£\>Ì\>ü\>?&§ë¨�ê¨�ê¨�ê§�ê§�ê§�ê§�ë§�ê§�ê\<ƒ\<›\<Ö\<ã\<=6=E=„=§=ß=é=6\>C\>[\>–\>£\>Ì\>ü\>?&§ë¨�ê¨�ê¨�ê§�ê§�ê§�ê§�ë§�ê§�ê\<ƒ\<›\<Ö\<ã\<=6=E=„=§=ß=é=6\>C\>[\>–\>£\>Ì\>ü\>?&§ë¨�ê¨�ê¨�ê§�ê§�ê§�ê§�ë§�ê§�ê\<ƒ\<›\<Ö\<ã\<=6=E=„=§=ß=é=6\>C\>[\>–\>£\>Ì\>ü\>?&§ë¨�ê¨�ê¨�ê§�ê§�ê§�ê§�ë§�ê§�ê\<ƒ\<›\<Ö\<ã\<=6=E=„=§=ß=é=6\>C\>[\>–\>£\>Ì\>ü\>?&§ë¨�ê¨�ê¨�ê§�ê§�ê§�ê§�ë§�ê§�ê\<ƒ\<›\<Ö\<ã\<=6=E=„=§=ß=é=6\>C\>[\>–\>£\>Ì\>ü\>?&§ë¨�ê¨�ê¨�ê§�ê§�ê§�ê§�ë§�ê§�ê\<ƒ\<›\<Ö\<ã\<=6=E=„=§=ß=é=6\>C\>[\>–\>£\>Ì\>ü\>?&§ë¨�ê¨�ê¨�ê§�ê§�ê§�ê§�ë§�ê§�ê\<ƒ\<›\<Ö\<ã\<=6=E=„=§=ß=é=6\>C\>[\>–\>£\>Ì\>ü\>?&§ë¨�ê¨�ê¨�ê§�ê§�ê§�ê§�ë§�ê§�ê\<ƒ\<›\<Ö\<ã\<=6=E=„=§=ß=é=6\>C\>[\>–\>£\>Ì\>ü\>?&§ë¨�ê¨�ê¨�ê§�ê§�ê§�ê§�ë§�ê§�ê\<ƒ\<›\<Ö\<ã\<=6=E=„=§=ß=é=6\>C\>[\>–\>£\>Ì\>ü\>?&§ë¨�ê¨�ê¨�ê§�ê§�ê§�ê§�ë§�ê§�ê\<ƒ\<›\<Ö\<ã\<=6=E=„=§=ß=é=6\>C\>[\>–\>£\>Ì\>ü\>?&§ë¨�ê¨�ê¨�ê§�ê§�ê§�ê§�ë§�ê§�ê\<ƒ\<›\<Ö\<ã\<=6=E=„=§=ß=é=6\>C\>[\>–\>£\>Ì\>ü\>?&§ë¨�ê¨�ê¨�ê§�ê§�ê§�ê§�ë§�ê§�ê\<ƒ\<›\<Ö\<ã\<=6=E=„=§=ß=é=6\>C\>[\>–\>£\>Ì\>ü\>?&§ë¨�ê¨�ê¨�ê§�ê§�ê§�ê§�ë§�ê§�ê\<ƒ\<›\<Ö\<ã\<=6=E=„=§=ß=é=6\>C\>[\>–\>£\>Ì\>ü\>?&§ë¨�ê¨�ê¨�ê§�ê§�ê§�ê§�ë§�ê§�ê\<ƒ\<›\<Ö\<ã\<=6=E=„=§=ß=é=6\>C\>[\>–\>£\>Ì\>ü\>?&§ë¨�ê¨�ê¨�ê§�ê§�ê§�ê§�ë§�ê§�ê\<ƒ\<›\<Ö\<ã\<=6=E=„=§=ß=é=6\>C\>[\>–\>£\>Ì\>ü\>?&§ë¨�ê¨�ê¨�ê§�ê§�ê§�ê§�ë§�ê§�ê\<ƒ\<›\<Ö\<ã\<=6=E=„=§=ß=é=6\>C\>[\>–\>£\>Ì\>ü\>?&§ë¨�ê¨�ê¨�ê§�ê§�ê§�ê§�ë§�ê§�ê\<ƒ\<›\<Ö\<ã\<=6=E=„=§=ß=é=6\>C\>[\>–\>£\>Ì\>ü\>?&§ë¨�ê¨�ê¨�ê§�ê§�ê§�ê§�ë§�ê§�ê\<ƒ\<›\<Ö\<ã\<=6=E=„=§=ß=é=6\>C\>[\>–\>£\>Ì\>ü\>?&§ë¨�ê¨�ê¨�ê§�ê§�ê§�ê§�ë§�ê§�ê\<ƒ\<›\<Ö\<ã\<=6=E=„=§=ß=é=6\>C\>[\>–\>£\>Ì\>ü\>?&§ë¨�ê¨�ê¨�ê§�ê§�ê§�ê§�ë§�ê§�ê\<ƒ\<›\<Ö\<ã\<=6=E=„=§=ß=é=6\>C\>[\>–\>£\>Ì\>ü\>?&§ë¨�ê¨�ê¨�ê§�ê§�ê§�ê§�ë§�ê§�ê\<ƒ\<›\<Ö\<ã\<=6=E=„=§=ß=é=6\>C\>[\>–\>£\>Ì\>ü\>?&§ë¨�ê¨�ê¨�ê§�ê§�ê§�ê§�ë§�ê§�ê\<ƒ\<›\<Ö\<ã\<=6=E=„=§=ß=é=6\>C\>[\>–\>£\>Ì\>ü\>?&§ë¨�ê¨�ê¨�ê§�ê§�ê§�ê§�ë§�ê§�ê\<ƒ\<›\<Ö\<ã\<=6=E=„=§=ß=é=6\>C\>[\>–\>£\>Ì\>ü\>?&§ë¨�ê¨�ê¨�ê§�ê§�ê§�ê§�ë§�ê§�ê\<ƒ\<›\<Ö\<ã\<=6=E=„=§=ß=é=6\>C\>[\>–\>£\>Ì\>ü\>?&§ë¨�ê¨�ê¨�ê§�ê§�ê§�ê§�ë§�ê§�ê\<ƒ\<›\<Ö\<ã\<=6=E=„=§=ß=é=6\>C\>[\>–\>£\>Ì\>ü\>?&§ë¨�ê¨�ê¨�ê§�ê§�ê§�ê§�ë§�ê§�ê\<ƒ\<›\<Ö\<ã\<=6=E=„=§=ß=é=6\>C\>[\>–\>£\>Ì\>ü\>?&§ë¨�ê¨�ê¨�ê§�ê§�ê§�ê§�ë§�ê§�ê\<ƒ\<›\<Ö\<ã\<=6=E=„=§=ß=é=6\>C\>[\>–\>£\>Ì\>ü\>?&§ë¨�ê¨�ê¨�ê§�ê§�ê§�ê§�ë§�ê§�ê\<ƒ\<›\<Ö\<ã\<=6=E=„=§=ß=é=6\>C\>[\>–\>£\>Ì\>ü\>?&§ë¨�ê¨�ê¨�ê§�ê§�ê§�ê§�ë§�ê§�ê\<ƒ\<›\<Ö\<ã\<=6=E=„=§=ß=é=6\>C\>[\>–\>£\>Ì\>ü\>?&§ë¨�ê¨�ê¨�ê§�ê§�ê§�ê§�ë§�ê§�ê\<ƒ\<›\<Ö\<ã\<=6=E=„=§=ß=é=6\>C\>[\>–\>£\>Ì\>ü\>?&§ë¨�ê¨�ê¨�ê§�ê§�ê§�ê§�ë§�ê§�ê\<ƒ\<›\<Ö\<ã\<=6=E=„=§=ß=é=6\>C\>[\>–\>£\>Ì\>ü\>?&§ë¨�ê¨�ê¨�ê§�ê§�ê§�ê§�ë§�ê§�ê\<ƒ\<›\<Ö\<ã\<=6=E=„=§=ß=é=6\>C\>[\>–\>£\>Ì\>ü\>?&§ë¨�ê¨�ê¨�ê§�ê§�ê§�ê§�ë§�ê§�ê\<ƒ\<›\<Ö\<ã\<=6=E=„=§=ß=é=6\>C\>[\>–\>£\>Ì\>ü\>?&§ë¨�ê¨�ê¨�ê§�ê§�ê§�ê§�ë§�ê§�ê\<ƒ\<›\<Ö\<ã\<=6=E=„=§=ß=é=6\>C\>[\>–\>£\>Ì\>ü\>?&§ë¨�ê¨�ê¨�ê§�ê§�ê§�ê§�ë§�ê§�ê\<ƒ\<›\<Ö\<ã\<=6=E=„=§=ß=é=6\>C\>[\>–\>£\>Ì\>ü\>?&§ë¨�ê¨�ê¨�ê§�ê§�ê§�ê§�ë§�ê§�ê\<ƒ\<›\<Ö\<ã\<=6=E=„=§=ß=é=6\>C\>[\>–\>£\>Ì\>ü\>?&§ë¨�ê¨�ê¨�ê§�ê§�ê§�ê§�ë§�ê§�ê\<ƒ\<›\<Ö\<ã\<=6=E=„=§=ß=é=6\>C\>[\>–\>£\>Ì\>ü\>?&§ë¨�ê¨�ê¨�ê§�ê§�ê§�ê§�ë§�ê§�ê\<ƒ\<›\<Ö\<ã\<=6=E=„=§=ß=é=6\>C\>[\>–\>£\>Ì\>ü\>?&§ë¨�ê¨�ê¨�ê§�ê§�ê§�ê§�ë§�ê§�ê\<ƒ\<›\<Ö\<ã\<=6=E=„=§=ß=é=6\>C\>[\>–\>£\>Ì\>ü\>?&§ë¨�ê¨�ê¨�ê§�ê§�ê§�ê§�ë§�ê§�ê\<ƒ\<›\<Ö\<ã\<=6=E=„=§=ß=é=6\>C\>[\>–\>£\>Ì\>ü\>?&§ë¨�ê¨�ê¨�ê§�ê§�ê§�ê§�ë§�ê§�ê\<ƒ\<›\<Ö\<ã\<=6=E=„=§=ß=é=6\>C\>[\>–\>£\>Ì\>ü\>?&§ë¨�ê¨�ê¨�ê§�ê§�ê§�ê§�ë§�ê§�ê\<ƒ\<›\<Ö\<ã\<=6=E=„=§=ß=é=6\>C\>[\>–\>£\>Ì\>ü\>?&§ë¨�ê¨�ê¨�ê§�ê§�ê§�ê§�ë§�ê§�ê\<ƒ\<›\<Ö\<ã\<=6=E=„=§=ß=é=6\>C\>[\>–\>£\>Ì\>ü\>?&§ë¨�ê¨�ê¨�ê§�ê§�ê§�ê§�ë§�ê§�ê\<ƒ\<›\<Ö\<ã\<=6=E=„=§=ß=é=6\>C\>[\>–\>£\>Ì\>ü\>?&§ë¨�ê¨�ê¨�ê§�ê§�ê§�ê§�ë§�ê§�ê\<ƒ\<›\<Ö\<ã\<=6=E=„=§=ß=é=6\>C\>[\>–\>£\>Ì\>ü\>?&§ë¨�ê¨�ê¨�ê§�ê§�ê§�ê§�ë§�ê§�ê\<ƒ\<›\<Ö\<ã\<=6=E=„=§=ß=é=6\>C\>[\>–\>£\>Ì\>ü\>?&§ë¨�ê¨�ê¨�ê§�ê§�ê§�ê§�ë§�ê§�ê\<ƒ\<›\<Ö\<ã\<=6=E=„=§=ß=é=6\>C\>[\>–\>£\>Ì\>ü\>?&§ë¨�ê¨�ê¨�ê§�ê§�ê§�ê§�ë§�ê§�ê\<ƒ\<›\<Ö\<ã\<=6=E=„=§=ß=é=6\>C\>[\>–\>£\>Ì\>ü\>?&§ë¨�ê¨�ê¨�ê§�ê§�ê§�ê§�ë§�ê§�ê\<ƒ\<›\<Ö\<ã\<=6=E=„=§=ß=é=6\>C\>[\>–\>£\>Ì\>ü\>?&§ë¨�ê¨�ê¨�ê§�ê§�ê§�ê§�ë§�ê§�ê\<ƒ\<›\<Ö\<ã\<=6=E=„=§=ß=é=6\>C\>[\>–\>£\>Ì\>ü\>?&§ë¨�ê¨�ê¨�ê§�ê§�ê§�ê§�ë§�ê§�ê\<ƒ\<›\<Ö\<ã\<=6=E=„=§=ß=é=6\>C\>[\>–\>£\>Ì\>ü\>?&§ë¨�ê¨�ê¨�ê§�ê§�ê§�ê§�ë§�ê§�ê\<ƒ\<›\<Ö\<ã\<=6=E=„=§=ß=é=6\>C\>[\>–\>£\>Ì\>ü\>?&§ë¨�ê¨�ê¨�ê§�ê§�ê§�ê§�ë§�ê§�ê\<ƒ\<›\<Ö\<ã\<=6=E=„=§=ß=é=6\>C\>[\>–\>£\>Ì\>ü\>?&§ë¨�ê¨�ê¨�ê§�ê§�ê§�ê§�ë§�ê§�ê\<ƒ\<›\<Ö\<ã\<=6=E=„=§=ß=é=6\>C\>[\>–\>£\>Ì\>ü\>?&§ë¨�ê¨�ê¨�ê§�ê§�ê§�ê§�ë§�ê§�ê\<ƒ\<›\<Ö\<ã\<=6=E=„=§=ß=é=6\>C\>[\>–\>£\>Ì\>ü\>?&§ë¨�ê¨�ê¨�ê§�ê§�ê§�ê§�ë§�ê§�ê\<ƒ\<›\<Ö\<ã\<=6=E=„=§=ß=é=6\>C\>[\>–\>£\>Ì\>ü\>?&§ë¨�ê¨�ê¨�ê§�ê§�ê§�ê§�ë§�ê§�ê\<ƒ\<›\<Ö\<ã\<=6=E=„=§=ß=é=6\>C\>[\>–\>=§�êv

Not Before

23-09-2023 19:18

Not After

24-09-2033 19:18

Subject

CN=\<ƒ\<›\<Ö\<ã\<=6=E=„=§=ß=é=6\>C\>[\>–\>£\>Ì\>ü\>?&§ë¨�ê¨�ê¨�ê§�ê§�ê§�ê§�ë§�ê§�ê\<ƒ\<›\<Ö\<ã\<=6=E=„=§=ß=é=6\>C\>[\>–\>£\>Ì\>ü\>?&§ë¨�ê¨�ê¨�ê§�ê§�ê§�ê§�ë§�ê§�ê\<ƒ\<›\<Ö\<ã\<=6=E=„=§=ß=é=6\>C\>[\>–\>£\>Ì\>ü\>?&§ë¨�ê¨�ê¨�ê§�ê§�ê§�ê§�ë§�ê§�ê\<ƒ\<›\<Ö\<ã\<=6=E=„=§=ß=é=6\>C\>[\>–\>£\>Ì\>ü\>?&§ë¨�ê¨�ê¨�ê§�ê§�ê§�ê§�ë§�ê§�ê\<ƒ\<›\<Ö\<ã\<=6=E=„=§=ß=é=6\>C\>[\>–\>£\>Ì\>ü\>?&§ë¨�ê¨�ê¨�ê§�ê§�ê§�ê§�ë§�ê§�ê\<ƒ\<›\<Ö\<ã\<=6=E=„=§=ß=é=6\>C\>[\>–\>£\>Ì\>ü\>?&§ë¨�ê¨�ê¨�ê§�ê§�ê§�ê§�ë§�ê§�ê\<ƒ\<›\<Ö\<ã\<=6=E=„=§=ß=é=6\>C\>[\>–\>£\>Ì\>ü\>?&§ë¨�ê¨�ê¨�ê§�ê§�ê§�ê§�ë§�ê§�ê\<ƒ\<›\<Ö\<ã\<=6=E=„=§=ß=é=6\>C\>[\>–\>£\>Ì\>ü\>?&§ë¨�ê¨�ê¨�ê§�ê§�ê§�ê§�ë§�ê§�ê\<ƒ\<›\<Ö\<ã\<=6=E=„=§=ß=é=6\>C\>[\>–\>£\>Ì\>ü\>?&§ë¨�ê¨�ê¨�ê§�ê§�ê§�ê§�ë§�ê§�ê\<ƒ\<›\<Ö\<ã\<=6=E=„=§=ß=é=6\>C\>[\>–\>£\>Ì\>ü\>?&§ë¨�ê¨�ê¨�ê§�ê§�ê§�ê§�ë§�ê§�ê\<ƒ\<›\<Ö\<ã\<=6=E=„=§=ß=é=6\>C\>[\>–\>£\>Ì\>ü\>?&§ë¨�ê¨�ê¨�ê§�ê§�ê§�ê§�ë§�ê§�ê\<ƒ\<›\<Ö\<ã\<=6=E=„=§=ß=é=6\>C\>[\>–\>£\>Ì\>ü\>?&§ë¨�ê¨�ê¨�ê§�ê§�ê§�ê§�ë§�ê§�ê\<ƒ\<›\<Ö\<ã\<=6=E=„=§=ß=é=6\>C\>[\>–\>£\>Ì\>ü\>?&§ë¨�ê¨�ê¨�ê§�ê§�ê§�ê§�ë§�ê§�ê\<ƒ\<›\<Ö\<ã\<=6=E=„=§=ß=é=6\>C\>[\>–\>£\>Ì\>ü\>?&§ë¨�ê¨�ê¨�ê§�ê§�ê§�ê§�ë§�ê§�ê\<ƒ\<›\<Ö\<ã\<=6=E=„=§=ß=é=6\>C\>[\>–\>£\>Ì\>ü\>?&§ë¨�ê¨�ê¨�ê§�ê§�ê§�ê§�ë§�ê§�ê\<ƒ\<›\<Ö\<ã\<=6=E=„=§=ß=é=6\>C\>[\>–\>£\>Ì\>ü\>?&§ë¨�ê¨�ê¨�ê§�ê§�ê§�ê§�ë§�ê§�ê\<ƒ\<›\<Ö\<ã\<=6=E=„=§=ß=é=6\>C\>[\>–\>£\>Ì\>ü\>?&§ë¨�ê¨�ê¨�ê§�ê§�ê§�ê§�ë§�ê§�ê\<ƒ\<›\<Ö\<ã\<=6=E=„=§=ß=é=6\>C\>[\>–\>£\>Ì\>ü\>?&§ë¨�ê¨�ê¨�ê§�ê§�ê§�ê§�ë§�ê§�ê\<ƒ\<›\<Ö\<ã\<=6=E=„=§=ß=é=6\>C\>[\>–\>£\>Ì\>ü\>?&§ë¨�ê¨�ê¨�ê§�ê§�ê§�ê§�ë§�ê§�ê\<ƒ\<›\<Ö\<ã\<=6=E=„=§=ß=é=6\>C\>[\>–\>£\>Ì\>ü\>?&§ë¨�ê¨�ê¨�ê§�ê§�ê§�ê§�ë§�ê§�ê\<ƒ\<›\<Ö\<ã\<=6=E=„=§=ß=é=6\>C\>[\>–\>£\>Ì\>ü\>?&§ë¨�ê¨�ê¨�ê§�ê§�ê§�ê§�ë§�ê§�ê\<ƒ\<›\<Ö\<ã\<=6=E=„=§=ß=é=6\>C\>[\>–\>£\>Ì\>ü\>?&§ë¨�ê¨�ê¨�ê§�ê§�ê§�ê§�ë§�ê§�ê\<ƒ\<›\<Ö\<ã\<=6=E=„=§=ß=é=6\>C\>[\>–\>£\>Ì\>ü\>?&§ë¨�ê¨�ê¨�ê§�ê§�ê§�ê§�ë§�ê§�ê\<ƒ\<›\<Ö\<ã\<=6=E=„=§=ß=é=6\>C\>[\>–\>£\>Ì\>ü\>?&§ë¨�ê¨�ê¨�ê§�ê§�ê§�ê§�ë§�ê§�ê\<ƒ\<›\<Ö\<ã\<=6=E=„=§=ß=é=6\>C\>[\>–\>£\>Ì\>ü\>?&§ë¨�ê¨�ê¨�ê§�ê§�ê§�ê§�ë§�ê§�ê\<ƒ\<›\<Ö\<ã\<=6=E=„=§=ß=é=6\>C\>[\>–\>£\>Ì\>ü\>?&§ë¨�ê¨�ê¨�ê§�ê§�ê§�ê§�ë§�ê§�ê\<ƒ\<›\<Ö\<ã\<=6=E=„=§=ß=é=6\>C\>[\>–\>£\>Ì\>ü\>?&§ë¨�ê¨�ê¨�ê§�ê§�ê§�ê§�ë§�ê§�ê\<ƒ\<›\<Ö\<ã\<=6=E=„=§=ß=é=6\>C\>[\>–\>£\>Ì\>ü\>?&§ë¨�ê¨�ê¨�ê§�ê§�ê§�ê§�ë§�ê§�ê\<ƒ\<›\<Ö\<ã\<=6=E=„=§=ß=é=6\>C\>[\>–\>£\>Ì\>ü\>?&§ë¨�ê¨�ê¨�ê§�ê§�ê§�ê§�ë§�ê§�ê\<ƒ\<›\<Ö\<ã\<=6=E=„=§=ß=é=6\>C\>[\>–\>£\>Ì\>ü\>?&§ë¨�ê¨�ê¨�ê§�ê§�ê§�ê§�ë§�ê§�ê\<ƒ\<›\<Ö\<ã\<=6=E=„=§=ß=é=6\>C\>[\>–\>£\>Ì\>ü\>?&§ë¨�ê¨�ê¨�ê§�ê§�ê§�ê§�ë§�ê§�ê\<ƒ\<›\<Ö\<ã\<=6=E=„=§=ß=é=6\>C\>[\>–\>£\>Ì\>ü\>?&§ë¨�ê¨�ê¨�ê§�ê§�ê§�ê§�ë§�ê§�ê\<ƒ\<›\<Ö\<ã\<=6=E=„=§=ß=é=6\>C\>[\>–\>£\>Ì\>ü\>?&§ë¨�ê¨�ê¨�ê§�ê§�ê§�ê§�ë§�ê§�ê\<ƒ\<›\<Ö\<ã\<=6=E=„=§=ß=é=6\>C\>[\>–\>£\>Ì\>ü\>?&§ë¨�ê¨�ê¨�ê§�ê§�ê§�ê§�ë§�ê§�ê\<ƒ\<›\<Ö\<ã\<=6=E=„=§=ß=é=6\>C\>[\>–\>£\>Ì\>ü\>?&§ë¨�ê¨�ê¨�ê§�ê§�ê§�ê§�ë§�ê§�ê\<ƒ\<›\<Ö\<ã\<=6=E=„=§=ß=é=6\>C\>[\>–\>£\>Ì\>ü\>?&§ë¨�ê¨�ê¨�ê§�ê§�ê§�ê§�ë§�ê§�ê\<ƒ\<›\<Ö\<ã\<=6=E=„=§=ß=é=6\>C\>[\>–\>£\>Ì\>ü\>?&§ë¨�ê¨�ê¨�ê§�ê§�ê§�ê§�ë§�ê§�ê\<ƒ\<›\<Ö\<ã\<=6=E=„=§=ß=é=6\>C\>[\>–\>£\>Ì\>ü\>?&§ë¨�ê¨�ê¨�ê§�ê§�ê§�ê§�ë§�ê§�ê\<ƒ\<›\<Ö\<ã\<=6=E=„=§=ß=é=6\>C\>[\>–\>£\>Ì\>ü\>?&§ë¨�ê¨�ê¨�ê§�ê§�ê§�ê§�ë§�ê§�ê\<ƒ\<›\<Ö\<ã\<=6=E=„=§=ß=é=6\>C\>[\>–\>£\>Ì\>ü\>?&§ë¨�ê¨�ê¨�ê§�ê§�ê§�ê§�ë§�ê§�ê\<ƒ\<›\<Ö\<ã\<=6=E=„=§=ß=é=6\>C\>[\>–\>£\>Ì\>ü\>?&§ë¨�ê¨�ê¨�ê§�ê§�ê§�ê§�ë§�ê§�ê\<ƒ\<›\<Ö\<ã\<=6=E=„=§=ß=é=6\>C\>[\>–\>£\>Ì\>ü\>?&§ë¨�ê¨�ê¨�ê§�ê§�ê§�ê§�ë§�ê§�ê\<ƒ\<›\<Ö\<ã\<=6=E=„=§=ß=é=6\>C\>[\>–\>£\>Ì\>ü\>?&§ë¨�ê¨�ê¨�ê§�ê§�ê§�ê§�ë§�ê§�ê\<ƒ\<›\<Ö\<ã\<=6=E=„=§=ß=é=6\>C\>[\>–\>£\>Ì\>ü\>?&§ë¨�ê¨�ê¨�ê§�ê§�ê§�ê§�ë§�ê§�ê\<ƒ\<›\<Ö\<ã\<=6=E=„=§=ß=é=6\>C\>[\>–\>£\>Ì\>ü\>?&§ë¨�ê¨�ê¨�ê§�ê§�ê§�ê§�ë§�ê§�ê\<ƒ\<›\<Ö\<ã\<=6=E=„=§=ß=é=6\>C\>[\>–\>£\>Ì\>ü\>?&§ë¨�ê¨�ê¨�ê§�ê§�ê§�ê§�ë§�ê§�ê\<ƒ\<›\<Ö\<ã\<=6=E=„=§=ß=é=6\>C\>[\>–\>£\>Ì\>ü\>?&§ë¨�ê¨�ê¨�ê§�ê§�ê§�ê§�ë§�ê§�ê\<ƒ\<›\<Ö\<ã\<=6=E=„=§=ß=é=6\>C\>[\>–\>£\>Ì\>ü\>?&§ë¨�ê¨�ê¨�ê§�ê§�ê§�ê§�ë§�ê§�ê\<ƒ\<›\<Ö\<ã\<=6=E=„=§=ß=é=6\>C\>[\>–\>£\>Ì\>ü\>?&§ë¨�ê¨�ê¨�ê§�ê§�ê§�ê§�ë§�ê§�ê\<ƒ\<›\<Ö\<ã\<=6=E=„=§=ß=é=6\>C\>[\>–\>£\>Ì\>ü\>?&§ë¨�ê¨�ê¨�ê§�ê§�ê§�ê§�ë§�ê§�ê\<ƒ\<›\<Ö\<ã\<=6=E=„=§=ß=é=6\>C\>[\>–\>£\>Ì\>ü\>?&§ë¨�ê¨�ê¨�ê§�ê§�ê§�ê§�ë§�ê§�ê\<ƒ\<›\<Ö\<ã\<=6=E=„=§=ß=é=6\>C\>[\>–\>£\>Ì\>ü\>?&§ë¨�ê¨�ê¨�ê§�ê§�ê§�ê§�ë§�ê§�ê\<ƒ\<›\<Ö\<ã\<=6=E=„=§=ß=é=6\>C\>[\>–\>£\>Ì\>ü\>?&§ë¨�ê¨�ê¨�ê§�ê§�ê§�ê§�ë§�ê§�ê\<ƒ\<›\<Ö\<ã\<=6=E=„=§=ß=é=6\>C\>[\>–\>£\>Ì\>ü\>?&§ë¨�ê¨�ê¨�ê§�ê§�ê§�ê§�ë§�ê§�ê\<ƒ\<›\<Ö\<ã\<=6=E=„=§=ß=é=6\>C\>[\>–\>£\>Ì\>ü\>?&§ë¨�ê¨�ê¨�ê§�ê§�ê§�ê§�ë§�ê§�ê\<ƒ\<›\<Ö\<ã\<=6=E=„=§=ß=é=6\>C\>[\>–\>£\>Ì\>ü\>?&§ë¨�ê¨�ê¨�ê§�ê§�ê§�ê§�ë§�ê§�ê\<ƒ\<›\<Ö\<ã\<=6=E=„=§=ß=é=6\>C\>[\>–\>£\>Ì\>ü\>?&§ë¨�ê¨�ê¨�ê§�ê§�ê§�ê§�ë§�ê§�ê\<ƒ\<›\<Ö\<ã\<=6=E=„=§=ß=é=6\>C\>[\>–\>£\>Ì\>ü\>?&§ë¨�ê¨�ê¨�ê§�ê§�ê§�ê§�ë§�ê§�ê\<ƒ\<›\<Ö\<ã\<=6=E=„=§=ß=é=6\>C\>[\>–\>£\>Ì\>ü\>?&§ë¨�ê¨�ê¨�ê§�ê§�ê§�ê§�ë§�ê§�ê\<ƒ\<›\<Ö\<ã\<=6=E=„=§=ß=é=6\>C\>[\>–\>£\>Ì\>ü\>?&§ë¨�ê¨�ê¨�ê§�ê§�ê§�ê§�ë§�ê§�ê\<ƒ\<›\<Ö\<ã\<=6=E=„=§=ß=é=6\>C\>[\>–\>£\>Ì\>ü\>?&§ë¨�ê¨�ê¨�ê§�ê§�ê§�ê§�ë§�ê§�ê\<ƒ\<›\<Ö\<ã\<=6=E=„=§=ß=é=6\>C\>[\>–\>£\>Ì\>ü\>?&§ë¨�ê¨�ê¨�ê§�ê§�ê§�ê§�ë§�ê§�ê\<ƒ\<›\<Ö\<ã\<=6=E=„=§=ß=é=6\>C\>[\>–\>£\>Ì\>ü\>?&§ë¨�ê¨�ê¨�ê§�ê§�ê§�ê§�ë§�ê§�ê\<ƒ\<›\<Ö\<ã\<=6=E=„=§=ß=é=6\>C\>[\>–\>£\>Ì\>ü\>?&§ë¨�ê¨�ê¨�ê§�ê§�ê§�ê§�ë§�ê§�ê\<ƒ\<›\<Ö\<ã\<=6=E=„=§=ß=é=6\>C\>[\>–\>£\>Ì\>ü\>?&§ë¨�ê¨�ê¨�ê§�ê§�ê§�ê§�ë§�ê§�ê\<ƒ\<›\<Ö\<ã\<=6=E=„=§=ß=é=6\>C\>[\>–\>£\>Ì\>ü\>?&§ë¨�ê¨�ê¨�ê§�ê§�ê§�ê§�ë§�ê§�ê\<ƒ\<›\<Ö\<ã\<=6=E=„=§=ß=é=6\>C\>[\>–\>£\>Ì\>ü\>?&§ë¨�ê¨�ê¨�ê§�ê§�ê§�ê§�ë§�ê§�ê\<ƒ\<›\<Ö\<ã\<=6=E=„=§=ß=é=6\>C\>[\>–\>£\>Ì\>ü\>?&§ë¨�ê¨�ê¨�ê§�ê§�ê§�ê§�ë§�ê§�ê\<ƒ\<›\<Ö\<ã\<=6=E=„=§=ß=é=6\>C\>[\>–\>£\>Ì\>ü\>?&§ë¨�ê¨�ê¨�ê§�ê§�ê§�ê§�ë§�ê§�ê\<ƒ\<›\<Ö\<ã\<=6=E=„=§=ß=é=6\>C\>[\>–\>£\>Ì\>ü\>?&§ë¨�ê¨�ê¨�ê§�ê§�ê§�ê§�ë§�ê§�ê\<ƒ\<›\<Ö\<ã\<=6=E=„=§=ß=é=6\>C\>[\>–\>£\>Ì\>ü\>?&§ë¨�ê¨�ê¨�ê§�ê§�ê§�ê§�ë§�ê§�ê\<ƒ\<›\<Ö\<ã\<=6=E=„=§=ß=é=6\>C\>[\>–\>£\>Ì\>ü\>?&§ë¨�ê¨�ê¨�ê§�ê§�ê§�ê§�ë§�ê§�ê\<ƒ\<›\<Ö\<ã\<=6=E=„=§=ß=é=6\>C\>[\>–\>£\>Ì\>ü\>?&§ë¨�ê¨�ê¨�ê§�ê§�ê§�ê§�ë§�ê§�ê\<ƒ\<›\<Ö\<ã\<=6=E=„=§=ß=é=6\>C\>[\>–\>£\>Ì\>ü\>?&§ë¨�ê¨�ê¨�ê§�ê§�ê§�ê§�ë§�ê§�ê\<ƒ\<›\<Ö\<ã\<=6=E=„=§=ß=é=6\>C\>[\>–\>£\>Ì\>ü\>?&§ë¨�ê¨�ê¨�ê§�ê§�ê§�ê§�ë§�ê§�ê\<ƒ\<›\<Ö\<ã\<=6=E=„=§=ß=é=6\>C\>[\>–\>£\>Ì\>ü\>?&§ë¨�ê¨�ê¨�ê§�ê§�ê§�ê§�ë§�ê§�ê\<ƒ\<›\<Ö\<ã\<=6=E=„=§=ß=é=6\>C\>[\>–\>£\>Ì\>ü\>?&§ë¨�ê¨�ê¨�ê§�ê§�ê§�ê§�ë§�ê§�ê\<ƒ\<›\<Ö\<ã\<=6=E=„=§=ß=é=6\>C\>[\>–\>£\>Ì\>ü\>?&§ë¨�ê¨�ê¨�ê§�ê§�ê§�ê§�ë§�ê§�ê\<ƒ\<›\<Ö\<ã\<=6=E=„=§=ß=é=6\>C\>[\>–\>£\>Ì\>ü\>?&§ë¨�ê¨�ê¨�ê§�ê§�ê§�ê§�ë§�ê§�ê\<ƒ\<›\<Ö\<ã\<=6=E=„=§=ß=é=6\>C\>[\>–\>£\>Ì\>ü\>?&§ë¨�ê¨�ê¨�ê§�ê§�ê§�ê§�ë§�ê§�ê\<ƒ\<›\<Ö\<ã\<=6=E=„=§=ß=é=6\>C\>[\>–\>£\>Ì\>ü\>?&§ë¨�ê¨�ê¨�ê§�ê§�ê§�ê§�ë§�ê§�ê\<ƒ\<›\<Ö\<ã\<=6=E=„=§=ß=é=6\>C\>[\>–\>£\>Ì\>ü\>?&§ë¨�ê¨�ê¨�ê§�ê§�ê§�ê§�ë§�ê§�ê\<ƒ\<›\<Ö\<ã\<=6=E=„=§=ß=é=6\>C\>[\>–\>£\>Ì\>ü\>?&§ë¨�ê¨�ê¨�ê§�ê§�ê§�ê§�ë§�ê§�ê\<ƒ\<›\<Ö\<ã\<=6=E=„=§=ß=é=6\>C\>[\>–\>£\>Ì\>ü\>?&§ë¨�ê¨�ê¨�ê§�ê§�ê§�ê§�ë§�ê§�ê\<ƒ\<›\<Ö\<ã\<=6=E=„=§=ß=é=6\>C\>[\>–\>£\>Ì\>ü\>?&§ë¨�ê¨�ê¨�ê§�ê§�ê§�ê§�ë§�ê§�ê\<ƒ\<›\<Ö\<ã\<=6=E=„=§=ß=é=6\>C\>[\>–\>£\>Ì\>ü\>?&§ë¨�ê¨�ê¨�ê§�ê§�ê§�ê§�ë§�ê§�ê\<ƒ\<›\<Ö\<ã\<=6=E=„=§=ß=é=6\>C\>[\>–\>=§�êv

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

03-05-2023 00:00

Not After

02-08-2034 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #4,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02-05-2019 00:00

Not After

18-01-2038 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:75:2e:f6:29:04:e5:31:d7:fc:14:18:9c:ec:f0:48:2b:cf:18:32:6a:08:52:d0:e6:64:f1:f3:bb:c9:dd:08
Signer

Actual PE Digest

01:75:2e:f6:29:04:e5:31:d7:fc:14:18:9c:ec:f0:48:2b:cf:18:32:6a:08:52:d0:e6:64:f1:f3:bb:c9:dd:08

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CloseHandle
GetSystemTimeAsFileTime
LocalAlloc
LocalFree
GetModuleFileNameW
ExitProcess
LoadLibraryA
GetModuleHandleA
GetProcAddress

user32

EnumDisplayDevicesA
CharUpperBuffW

advapi32

GetCurrentHwProfileW

gdi32

BitBlt

shlwapi

PathFileExistsW

winhttp

WinHttpCloseHandle

iphlpapi

GetAdaptersInfo

wininet

InternetQueryDataAvailable

crypt32

CryptStringToBinaryA

Sections

.text
Size: - Virtual size: 409KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 3.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp2
Size: 4.7MB - Virtual size: 4.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 127KB - Virtual size: 126KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Samples 1/2bee29bac294615a9d1b613ba775972cda26781938e3ae3aa60ad9737f1fbde8.exe
.exe windows:5 windows x86 arch:x86

105a7720394e63394e65284a3456719d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetConsoleAliasesLengthW
SetComputerNameExA
GetConsoleAliasExesLengthA
FindResourceW
DeleteVolumeMountPointA
GlobalAddAtomA
GetCommState
GetSystemWindowsDirectoryW
AddConsoleAliasW
FreeEnvironmentStringsA
GetModuleHandleW
GetTickCount
CreateNamedPipeW
GetConsoleAliasesA
GetPriorityClass
GetCurrencyFormatW
LoadLibraryW
GetExitCodeProcess
IsProcessorFeaturePresent
GetConsoleAliasW
lstrcatA
GetVolumePathNameA
GetConsoleAliasesW
GetLastError
InterlockedFlushSList
SetLastError
GetProcAddress
VirtualAlloc
FindFirstFileW
EnumSystemCodePagesW
SearchPathA
SetFileAttributesA
InterlockedExchangeAdd
OpenWaitableTimerW
LocalAlloc
BuildCommDCBAndTimeoutsW
GetNumberFormatW
RemoveDirectoryW
SetConsoleWindowInfo
FoldStringW
GlobalFindAtomW
DebugSetProcessKillOnExit
QueryMemoryResourceNotification
UpdateResourceW
VirtualProtect
PeekConsoleInputA
ReadConsoleInputW
GetWindowsDirectoryW
AreFileApisANSI
LocalFileTimeToFileTime
CloseHandle
WriteConsoleW
CreateFileA
SetVolumeLabelA
FillConsoleOutputCharacterA
BackupWrite
GetConsoleOutputCP
WriteConsoleA
HeapAlloc
Sleep
ExitProcess
GetStartupInfoW
RaiseException
RtlUnwind
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
GetCurrentThreadId
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapFree
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
VirtualFree
HeapReAlloc
HeapCreate
WriteFile
GetStdHandle
GetModuleFileNameA
HeapSize
SetHandleCount
GetFileType
GetStartupInfoA
LoadLibraryA
InitializeCriticalSectionAndSpinCount
GetModuleFileNameW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
LCMapStringA
WideCharToMultiByte
MultiByteToWideChar
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
GetModuleHandleA
SetFilePointer
GetConsoleCP
GetConsoleMode
FlushFileBuffers
SetStdHandle

user32

ChangeDisplaySettingsW
LoadMenuW
CharToOemBuffA

gdi32

GetCharWidthA
GetCharacterPlacementA
GetCharABCWidthsFloatA
GetBoundsRect

shell32

ShellAboutW

Sections

.text
Size: 167KB - Virtual size: 166KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 716KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 68KB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Samples 1/2c17c6ecd63459b4442629093178ca786b4754244e1d879cef8520ce3e471d4f.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 768KB - Virtual size: 767KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Samples 1/3bb40bab103c5f34e08a2c179ea379abd37d9861d7f6ac3d56d5c0d693b4260a.exe
.exe windows:5 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 10KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 11KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

petite
Size: 334B - Virtual size: 334B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Samples 1/3c36a35096a0e4ad330d8ae5953d844db3af5d0fa1780782a6a1adf32550fda5.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Code Sign

85:b5:48:2e:e2:f9:7b:76:d6:43:44:3d:c0:a9:f7:90
Certificate

Issuer

C=CN

Not Before

26-10-2023 13:44

Not After

26-10-2024 13:44

Subject

C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

03-05-2023 00:00

Not After

02-08-2034 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #4,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02-05-2019 00:00

Not After

18-01-2038 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

83:76:d1:4c:b5:9b:b0:84:ad:cf:7c:f5:0a:8c:31:37:2c:d6:9c:24:5d:12:64:a3:9b:7e:dd:4b:15:89:1f:9e
Signer

Actual PE Digest

83:76:d1:4c:b5:9b:b0:84:ad:cf:7c:f5:0a:8c:31:37:2c:d6:9c:24:5d:12:64:a3:9b:7e:dd:4b:15:89:1f:9e

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 286KB - Virtual size: 285KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Samples 1/3c5720111b5562bdbcef0ac01a7d4fcf47ad75af43f84220129c0a1abb5e65f4.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 739KB - Virtual size: 738KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Samples 1/3d52822949346df4385fc98bf246b67f2667b4959cf15e490072ba00bbff59c3.exe
.exe windows:5 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 10KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 11KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

petite
Size: 334B - Virtual size: 334B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Samples 1/3f3c3378e66bb67a7d1c45784e1d297a086abfd7591268e65d90ad10bd12d1c7.exe
.exe windows:5 windows x86 arch:x86

2126848680c6bbc3706fa278fc43d789

Code Sign

07:59:4f:9d:06:c8:71:46:99:d3:06:61:b6:f9:65:8e
Certificate

Issuer

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

19-05-2020 00:00

Not After

17-08-2023 12:00

Subject

SERIALNUMBER=140 322 916,CN=SoftPerfect Pty. Ltd.,O=SoftPerfect Pty. Ltd.,L=Brisbane,ST=Queensland,C=AU,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.3=#13024155

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18-04-2012 12:00

Not After

18-04-2027 12:00

Subject

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21-09-2022 00:00

Not After

21-11-2033 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23-03-2022 00:00

Not After

22-03-2037 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-08-2022 00:00

Not After

09-11-2031 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

a3:b4:81:42:bf:16:be:17:e2:32:e0:2f:7e:95:79:ca:a8:b2:ba:42:35:c3:86:37:a5:ec:98:ec:c4:e7:4a:8b
Signer

Actual PE Digest

a3:b4:81:42:bf:16:be:17:e2:32:e0:2f:7e:95:79:ca:a8:b2:ba:42:35:c3:86:37:a5:ec:98:ec:c4:e7:4a:8b

Digest Algorithm

sha256

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

WaitForSingleObject
GetExitCodeThread
MoveFileExW
CreateNamedPipeW
GetDriveTypeW
SetEvent
EnterCriticalSection
LeaveCriticalSection
CopyFileW
GetUserDefaultLangID
OpenEventW
DeleteCriticalSection
RaiseException
DecodePointer
GetCurrentThreadId
InitializeCriticalSectionEx
HeapFree
HeapSize
HeapReAlloc
HeapAlloc
GetProcessHeap
CreateMutexW
VirtualQuery
GetSystemInfo
IsBadReadPtr
GetFileTime
WriteFile
GetFileAttributesW
SetFileAttributesW
FlushFileBuffers
GetUserDefaultLCID
GetSystemDefaultLCID
GetSystemDefaultUILanguage
GetACP
GetSystemDefaultLangID
LoadLibraryW
GetModuleHandleExW
ConnectNamedPipe
GetCurrentProcessId
GetStringTypeW
GetStdHandle
ReleaseMutex
GetTempPathW
GetVersionExW
FileTimeToLocalFileTime
SystemTimeToFileTime
SetFilePointer
CreateEventW
QueryPerformanceFrequency
FindFirstFileW
FindClose
ReadFile
FileTimeToSystemTime
FreeLibrary
GetEnvironmentVariableW
CreateProcessW
GetWindowsDirectoryW
GetSystemDirectoryW
LocalFree
GetModuleFileNameW
RemoveDirectoryW
DeleteFileW
CloseHandle
UnmapViewOfFile
WideCharToMultiByte
MapViewOfFile
CreateFileMappingW
GetFileSize
CreateFileW
lstrlenA
FormatMessageW
MultiByteToWideChar
SetLastError
GetLastError
LoadLibraryA
GetSystemDirectoryA
GetProcAddress
CompareStringA
GetModuleHandleW
WriteConsoleW
SetFilePointerEx
GetConsoleMode
GetConsoleCP
ExitProcess
VirtualAlloc
GetFullPathNameW
FreeLibraryAndExitThread
ExitThread
CreateThread
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
RtlUnwind
EncodePointer
InitializeSListHead
GetSystemTimeAsFileTime
GetStartupInfoW
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
WaitForSingleObjectEx
LocalAlloc
GetCurrentThread
QueryPerformanceCounter
lstrlenW
lstrcatW
lstrcpyW
lstrcpynW
lstrcmpiW
GetTickCount
SetStdHandle
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
FindNextFileW
FindFirstFileExW
GetOEMCP
IsValidCodePage
GetCPInfo
LCMapStringW
CompareStringW
VirtualProtect
LoadLibraryExA
IsDebuggerPresent
OutputDebugStringW
InitializeCriticalSectionAndSpinCount
GetTimeFormatW
GetDateFormatW
InterlockedDecrement
GetVersion
GetProcessTimes
OpenProcess
GetCurrentProcess
TerminateProcess
GetExitCodeProcess
SetFileTime
CompareFileTime
LoadLibraryExW
GetTempFileNameW
GetCurrentDirectoryW
ResetEvent
GetFileType

user32

CharUpperW
wsprintfW
GetDesktopWindow
PostThreadMessageW
DispatchMessageA
DispatchMessageW
TranslateMessage
GetMessageA
GetMessageW
IsWindowUnicode
PeekMessageW
MsgWaitForMultipleObjectsEx
MessageBoxW
GetGUIThreadInfo
WaitForInputIdle
ExitWindowsEx
CharLowerW
MsgWaitForMultipleObjects

advapi32

RegOpenKeyW
AdjustTokenPrivileges
AllocateAndInitializeSid
FreeSid
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
LookupPrivilegeValueW
RegOverridePredefKey
RegEnumValueW
SetEntriesInAclW
OpenThreadToken
GetTokenInformation
EqualSid
RegDeleteValueW
RegQueryInfoKeyW
RegEnumKeyExW
RegDeleteKeyW
RegSetValueExW
RegCreateKeyExW
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
OpenProcessToken

shell32

SHGetFolderPathW
ShellExecuteExW
SHGetSpecialFolderPathW

ole32

CoMarshalInterThreadInterfaceInStream
CoInitializeEx
CoUninitialize
CoRegisterPSClsid
CoRegisterClassObject
CoRevokeClassObject
CoGetInterfaceAndReleaseStream
CLSIDFromProgID
CoAddRefServerProcess
CoMarshalInterface
CreateStreamOnHGlobal
CoUnmarshalInterface
CoCreateInstance
CoReleaseMarshalData
CoCreateGuid
CoReleaseServerProcess

oleaut32

SafeArrayCreate
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayGetDim
SafeArrayDestroy
SafeArrayGetElement
SafeArrayPutElement
VariantTimeToSystemTime
VariantChangeTypeEx
GetErrorInfo
LoadTypeLi
LoadRegTypeLi
VarBstrCat
SysAllocStringByteLen
SysStringByteLen
SystemTimeToVariantTime
VariantChangeType
BSTR_UserMarshal
VARIANT_UserMarshal
BSTR_UserUnmarshal
VARIANT_UserSize
VARIANT_UserUnmarshal
VARIANT_UserFree
BSTR_UserFree
BSTR_UserSize
SysAllocString
VariantCopy
VariantClear
VariantInit
SysStringLen
SysReAllocStringLen
SysAllocStringLen
SysFreeString
RegisterTypeLi
UnRegisterTypeLi

shlwapi

PathFindFileNameW
PathFileExistsW
SHCreateStreamOnFileW

rpcrt4

UuidToStringW
UuidCreate
RpcStringFreeW
IUnknown_QueryInterface_Proxy
NdrDllGetClassObject
NdrOleAllocate
IUnknown_Release_Proxy
NdrOleFree
NdrCStdStubBuffer2_Release
IUnknown_AddRef_Proxy
NdrStubCall2
NdrStubForwardingFunction

Sections

.text
Size: 874KB - Virtual size: 873KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.orpc
Size: 512B - Virtual size: 418B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 304KB - Virtual size: 304KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 22KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 308B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 177KB - Virtual size: 177KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 69KB - Virtual size: 69KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Samples 1/4de3272c8195c4473cfa3c3abaaf682c7975ee0dc02f555fb5ac8588dcf3af26.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 748KB - Virtual size: 747KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Samples 1/5cc02305d7b5cb0675f2ac65422a115aa44d8f28e5a2b759470d17d6bf851a3a.exe
.exe windows:5 windows x86 arch:x86

eb97e4fc5518ac300a92a11673825e0b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

wsock32

WSACleanup
socket
inet_ntoa
setsockopt
ntohs
recvfrom
ioctlsocket
htons
WSAStartup
__WSAFDIsSet
select
accept
listen
bind
closesocket
WSAGetLastError
recv
sendto
send
inet_addr
gethostbyname
gethostname
connect

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

winmm

timeGetTime
waveOutSetVolume
mciSendStringW

comctl32

ImageList_ReplaceIcon
ImageList_Destroy
ImageList_Remove
ImageList_SetDragCursorImage
ImageList_BeginDrag
ImageList_DragEnter
ImageList_DragLeave
ImageList_EndDrag
ImageList_DragMove
InitCommonControlsEx
ImageList_Create

mpr

WNetUseConnectionW
WNetCancelConnection2W
WNetGetConnectionW
WNetAddConnection2W

wininet

InternetQueryDataAvailable
InternetCloseHandle
InternetOpenW
InternetSetOptionW
InternetCrackUrlW
HttpQueryInfoW
InternetQueryOptionW
HttpOpenRequestW
HttpSendRequestW
FtpOpenFileW
FtpGetFileSize
InternetOpenUrlW
InternetReadFile
InternetConnectW

psapi

GetProcessMemoryInfo

iphlpapi

IcmpCreateFile
IcmpCloseHandle
IcmpSendEcho

userenv

DestroyEnvironmentBlock
UnloadUserProfile
CreateEnvironmentBlock
LoadUserProfileW

uxtheme

IsThemeActive

kernel32

DuplicateHandle
CreateThread
WaitForSingleObject
HeapAlloc
GetProcessHeap
HeapFree
Sleep
GetCurrentThreadId
MultiByteToWideChar
MulDiv
GetVersionExW
IsWow64Process
GetSystemInfo
FreeLibrary
LoadLibraryA
GetProcAddress
SetErrorMode
GetModuleFileNameW
WideCharToMultiByte
lstrcpyW
lstrlenW
GetModuleHandleW
QueryPerformanceCounter
VirtualFreeEx
OpenProcess
VirtualAllocEx
WriteProcessMemory
ReadProcessMemory
CreateFileW
SetFilePointerEx
SetEndOfFile
ReadFile
WriteFile
FlushFileBuffers
TerminateProcess
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
SetFileTime
GetFileAttributesW
FindFirstFileW
SetCurrentDirectoryW
GetLongPathNameW
GetShortPathNameW
DeleteFileW
FindNextFileW
CopyFileExW
MoveFileW
CreateDirectoryW
RemoveDirectoryW
SetSystemPowerState
QueryPerformanceFrequency
FindResourceW
LoadResource
LockResource
SizeofResource
EnumResourceNamesW
OutputDebugStringW
GetTempPathW
GetTempFileNameW
DeviceIoControl
GetLocalTime
CompareStringW
GetCurrentProcess
EnterCriticalSection
LeaveCriticalSection
GetStdHandle
CreatePipe
InterlockedExchange
TerminateThread
LoadLibraryExW
FindResourceExW
CopyFileW
VirtualFree
FormatMessageW
GetExitCodeProcess
GetPrivateProfileStringW
WritePrivateProfileStringW
GetPrivateProfileSectionW
WritePrivateProfileSectionW
GetPrivateProfileSectionNamesW
FileTimeToLocalFileTime
FileTimeToSystemTime
SystemTimeToFileTime
LocalFileTimeToFileTime
GetDriveTypeW
GetDiskFreeSpaceExW
GetDiskFreeSpaceW
GetVolumeInformationW
SetVolumeLabelW
CreateHardLinkW
SetFileAttributesW
CreateEventW
SetEvent
GetEnvironmentVariableW
SetEnvironmentVariableW
GlobalLock
GlobalUnlock
GlobalAlloc
GetFileSize
GlobalFree
GlobalMemoryStatusEx
Beep
GetSystemDirectoryW
HeapReAlloc
HeapSize
GetComputerNameW
GetWindowsDirectoryW
GetCurrentProcessId
GetProcessIoCounters
CreateProcessW
GetProcessId
SetPriorityClass
LoadLibraryW
VirtualAlloc
IsDebuggerPresent
GetCurrentDirectoryW
lstrcmpiW
DecodePointer
GetLastError
RaiseException
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
InterlockedDecrement
InterlockedIncrement
GetCurrentThread
CloseHandle
GetFullPathNameW
EncodePointer
ExitProcess
GetModuleHandleExW
ExitThread
GetSystemTimeAsFileTime
ResumeThread
GetCommandLineW
IsProcessorFeaturePresent
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
SetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStartupInfoW
GetStringTypeW
SetStdHandle
GetFileType
GetConsoleCP
GetConsoleMode
RtlUnwind
ReadConsoleW
GetTimeZoneInformation
GetDateFormatW
GetTimeFormatW
LCMapStringW
GetEnvironmentStringsW
FreeEnvironmentStringsW
WriteConsoleW
FindClose
SetEnvironmentVariableA

user32

AdjustWindowRectEx
CopyImage
SetWindowPos
GetCursorInfo
RegisterHotKey
ClientToScreen
GetKeyboardLayoutNameW
IsCharAlphaW
IsCharAlphaNumericW
IsCharLowerW
IsCharUpperW
GetMenuStringW
GetSubMenu
GetCaretPos
IsZoomed
MonitorFromPoint
GetMonitorInfoW
SetWindowLongW
SetLayeredWindowAttributes
FlashWindow
GetClassLongW
TranslateAcceleratorW
IsDialogMessageW
GetSysColor
InflateRect
DrawFocusRect
DrawTextW
FrameRect
DrawFrameControl
FillRect
PtInRect
DestroyAcceleratorTable
CreateAcceleratorTableW
SetCursor
GetWindowDC
GetSystemMetrics
GetActiveWindow
CharNextW
wsprintfW
RedrawWindow
DrawMenuBar
DestroyMenu
SetMenu
GetWindowTextLengthW
CreateMenu
IsDlgButtonChecked
DefDlgProcW
CallWindowProcW
ReleaseCapture
SetCapture
CreateIconFromResourceEx
mouse_event
ExitWindowsEx
SetActiveWindow
FindWindowExW
EnumThreadWindows
SetMenuDefaultItem
InsertMenuItemW
IsMenu
TrackPopupMenuEx
GetCursorPos
DeleteMenu
SetRect
GetMenuItemID
GetMenuItemCount
SetMenuItemInfoW
GetMenuItemInfoW
SetForegroundWindow
IsIconic
FindWindowW
MonitorFromRect
keybd_event
SendInput
GetAsyncKeyState
SetKeyboardState
GetKeyboardState
GetKeyState
VkKeyScanW
LoadStringW
DialogBoxParamW
MessageBeep
EndDialog
SendDlgItemMessageW
GetDlgItem
SetWindowTextW
CopyRect
ReleaseDC
GetDC
EndPaint
BeginPaint
GetClientRect
GetMenu
DestroyWindow
EnumWindows
GetDesktopWindow
IsWindow
IsWindowEnabled
IsWindowVisible
EnableWindow
InvalidateRect
GetWindowLongW
GetWindowThreadProcessId
AttachThreadInput
GetFocus
GetWindowTextW
ScreenToClient
SendMessageTimeoutW
EnumChildWindows
CharUpperBuffW
GetParent
GetDlgCtrlID
SendMessageW
MapVirtualKeyW
PostMessageW
GetWindowRect
SetUserObjectSecurity
CloseDesktop
CloseWindowStation
OpenDesktopW
SetProcessWindowStation
GetProcessWindowStation
OpenWindowStationW
GetUserObjectSecurity
MessageBoxW
DefWindowProcW
SetClipboardData
EmptyClipboard
CountClipboardFormats
CloseClipboard
GetClipboardData
IsClipboardFormatAvailable
OpenClipboard
BlockInput
GetMessageW
LockWindowUpdate
DispatchMessageW
TranslateMessage
PeekMessageW
UnregisterHotKey
CheckMenuRadioItem
CharLowerBuffW
MoveWindow
SetFocus
PostQuitMessage
KillTimer
CreatePopupMenu
RegisterWindowMessageW
SetTimer
ShowWindow
CreateWindowExW
RegisterClassExW
LoadIconW
LoadCursorW
GetSysColorBrush
GetForegroundWindow
MessageBoxA
DestroyIcon
SystemParametersInfoW
LoadImageW
GetClassNameW

gdi32

StrokePath
DeleteObject
GetTextExtentPoint32W
ExtCreatePen
GetDeviceCaps
EndPath
SetPixel
CloseFigure
CreateCompatibleBitmap
CreateCompatibleDC
SelectObject
StretchBlt
GetDIBits
LineTo
AngleArc
MoveToEx
Ellipse
DeleteDC
GetPixel
CreateDCW
GetStockObject
GetTextFaceW
CreateFontW
SetTextColor
PolyDraw
BeginPath
Rectangle
SetViewportOrgEx
GetObjectW
SetBkMode
RoundRect
SetBkColor
CreatePen
CreateSolidBrush
StrokeAndFillPath

comdlg32

GetOpenFileNameW
GetSaveFileNameW

advapi32

GetAce
RegEnumValueW
RegDeleteValueW
RegDeleteKeyW
RegEnumKeyExW
RegSetValueExW
RegOpenKeyExW
RegCloseKey
RegQueryValueExW
RegConnectRegistryW
InitializeSecurityDescriptor
InitializeAcl
AdjustTokenPrivileges
OpenThreadToken
OpenProcessToken
LookupPrivilegeValueW
DuplicateTokenEx
CreateProcessAsUserW
CreateProcessWithLogonW
GetLengthSid
CopySid
LogonUserW
AllocateAndInitializeSid
CheckTokenMembership
RegCreateKeyExW
FreeSid
GetTokenInformation
GetSecurityDescriptorDacl
GetAclInformation
AddAce
SetSecurityDescriptorDacl
GetUserNameW
InitiateSystemShutdownExW

shell32

DragQueryPoint
ShellExecuteExW
DragQueryFileW
SHEmptyRecycleBinW
SHGetPathFromIDListW
SHBrowseForFolderW
SHCreateShellItem
SHGetDesktopFolder
SHGetSpecialFolderLocation
SHGetFolderPathW
SHFileOperationW
ExtractIconExW
Shell_NotifyIconW
ShellExecuteW
DragFinish

ole32

CoTaskMemAlloc
CoTaskMemFree
CLSIDFromString
ProgIDFromCLSID
CLSIDFromProgID
OleSetMenuDescriptor
MkParseDisplayName
OleSetContainedObject
CoCreateInstance
IIDFromString
StringFromGUID2
CreateStreamOnHGlobal
OleInitialize
OleUninitialize
CoInitialize
CoUninitialize
GetRunningObjectTable
CoGetInstanceFromFile
CoGetObject
CoSetProxyBlanket
CoCreateInstanceEx
CoInitializeSecurity

oleaut32

LoadTypeLibEx
VariantCopyInd
SysReAllocString
SysFreeString
SafeArrayDestroyDescriptor
SafeArrayDestroyData
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayAllocData
SafeArrayAllocDescriptorEx
SafeArrayCreateVector
RegisterTypeLi
CreateStdDispatch
DispCallFunc
VariantChangeType
SysStringLen
VariantTimeToSystemTime
VarR8FromDec
SafeArrayGetVartype
VariantCopy
VariantClear
OleLoadPicture
QueryPathOfRegTypeLi
RegisterTypeLibForUser
UnRegisterTypeLibForUser
UnRegisterTypeLi
CreateDispTypeInfo
SysAllocString
VariantInit

Sections

.text
Size: 567KB - Virtual size: 567KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 184KB - Virtual size: 184KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 138KB - Virtual size: 138KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Samples 1/5e6e5fe247e96c09a7297b32c31880847a6827762b9afdbb7d7b46e3c0071a91.exe
.exe windows:4 windows x86 arch:x86

f43a8985753fb1b8a92427a967f72c6b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

oleaut32

SysFreeString
SysReAllocStringLen
SysAllocStringLen
SafeArrayPtrOfIndex
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayCreate
VariantChangeType
VariantCopy
VariantClear
VariantInit

advapi32

RegQueryValueExA
RegOpenKeyExA
RegCloseKey
RegQueryValueExA
RegOpenKeyExA
RegFlushKey
RegCloseKey

user32

GetKeyboardType
DestroyWindow
LoadStringA
MessageBoxA
CharNextA
CreateWindowExA
WindowFromPoint
WaitMessage
UpdateWindow
UnregisterClassA
UnhookWindowsHookEx
TranslateMessage
TranslateMDISysAccel
TrackPopupMenu
SystemParametersInfoA
ShowWindow
ShowScrollBar
ShowOwnedPopups
SetWindowsHookExA
SetWindowTextA
SetWindowPos
SetWindowPlacement
SetWindowLongW
SetWindowLongA
SetTimer
SetScrollRange
SetScrollPos
SetScrollInfo
SetRect
SetPropA
SetParent
SetMenuItemInfoA
SetMenu
SetForegroundWindow
SetFocus
SetCursor
SetClassLongA
SetCapture
SetActiveWindow
SendMessageW
SendMessageA
ScrollWindow
ScreenToClient
RemovePropA
RemoveMenu
ReleaseDC
ReleaseCapture
RegisterWindowMessageA
RegisterClipboardFormatA
RegisterClassA
RedrawWindow
PtInRect
PostQuitMessage
PostMessageA
PeekMessageW
PeekMessageA
OffsetRect
OemToCharA
MessageBoxA
MapWindowPoints
MapVirtualKeyA
LoadStringA
LoadKeyboardLayoutA
LoadIconA
LoadCursorA
LoadBitmapA
KillTimer
IsZoomed
IsWindowVisible
IsWindowUnicode
IsWindowEnabled
IsWindow
IsRectEmpty
IsIconic
IsDialogMessageW
IsDialogMessageA
IsChild
InvalidateRect
IntersectRect
InsertMenuItemA
InsertMenuA
InflateRect
GetWindowThreadProcessId
GetWindowTextA
GetWindowRect
GetWindowPlacement
GetWindowLongW
GetWindowLongA
GetWindowDC
GetTopWindow
GetSystemMetrics
GetSystemMenu
GetSysColorBrush
GetSysColor
GetSubMenu
GetScrollRange
GetScrollPos
GetScrollInfo
GetPropA
GetParent
GetWindow
GetMessagePos
GetMenuStringA
GetMenuState
GetMenuItemInfoA
GetMenuItemID
GetMenuItemCount
GetMenu
GetLastActivePopup
GetKeyboardState
GetKeyboardLayoutNameA
GetKeyboardLayoutList
GetKeyboardLayout
GetKeyState
GetKeyNameTextA
GetKBCodePage
GetIconInfo
GetForegroundWindow
GetFocus
GetDesktopWindow
GetDCEx
GetDC
GetCursorPos
GetCursor
GetClientRect
GetClassLongA
GetClassInfoA
GetCapture
GetActiveWindow
FrameRect
FindWindowA
FillRect
EqualRect
EnumWindows
EnumThreadWindows
EnumChildWindows
EndPaint
EnableWindow
EnableScrollBar
EnableMenuItem
DrawTextA
DrawMenuBar
DrawIconEx
DrawIcon
DrawFrameControl
DrawEdge
DispatchMessageW
DispatchMessageA
DestroyWindow
DestroyMenu
DestroyIcon
DestroyCursor
DestroyCaret
DeleteMenu
DefWindowProcA
DefMDIChildProcA
DefFrameProcA
CreatePopupMenu
CreateMenu
CreateIcon
ClientToScreen
CheckMenuItem
CallWindowProcA
CallNextHookEx
BeginPaint
CharNextA
CharLowerA
CharToOemA
AdjustWindowRectEx
ActivateKeyboardLayout

kernel32

GetACP
Sleep
VirtualFree
VirtualAlloc
GetCurrentThreadId
InterlockedDecrement
InterlockedIncrement
VirtualQuery
WideCharToMultiByte
MultiByteToWideChar
lstrlenA
lstrcpynA
LoadLibraryExA
GetThreadLocale
GetStartupInfoA
GetProcAddress
GetModuleHandleA
GetModuleFileNameA
GetLocaleInfoA
GetCommandLineA
FreeLibrary
FindFirstFileA
FindClose
ExitProcess
CompareStringA
WriteFile
UnhandledExceptionFilter
RtlUnwind
RaiseException
GetStdHandle
TlsSetValue
TlsGetValue
LocalAlloc
GetModuleHandleA
lstrcpyA
WriteFile
WaitForSingleObject
VirtualQuery
VirtualAlloc
SizeofResource
SetThreadLocale
SetFilePointer
SetEvent
SetErrorMode
SetEndOfFile
ResetEvent
ReadFile
MulDiv
LockResource
LoadResource
LoadLibraryA
LeaveCriticalSection
InitializeCriticalSection
GlobalFindAtomA
GlobalDeleteAtom
GlobalAddAtomA
GetVersionExA
GetVersion
GetTickCount
GetThreadLocale
GetStdHandle
GetProcAddress
GetModuleHandleA
GetModuleFileNameA
GetLocaleInfoA
GetLocalTime
GetLastError
GetFullPathNameA
GetDriveTypeA
GetDiskFreeSpaceA
GetDateFormatA
GetCurrentThreadId
GetCurrentThread
GetCurrentProcessId
GetCPInfo
FreeResource
InterlockedExchange
FreeLibrary
FormatMessageA
FindResourceA
EnumCalendarInfoA
EnterCriticalSection
DeleteCriticalSection
CreateThread
CreateFileA
CreateEventA
CompareStringA
CloseHandle
ClearCommBreak
CancelIo
AddAtomA
Sleep
GetConsoleWindow

gdi32

UnrealizeObject
StretchBlt
SetWindowOrgEx
SetViewportOrgEx
SetTextColor
SetStretchBltMode
SetROP2
SetPixel
SetDIBColorTable
SetBrushOrgEx
SetBkMode
SetBkColor
SelectPalette
SelectObject
SaveDC
RestoreDC
RectVisible
RealizePalette
Polyline
PatBlt
MoveToEx
MaskBlt
LineTo
IntersectClipRect
GetWindowOrgEx
GetTextMetricsA
GetTextExtentPoint32A
GetSystemPaletteEntries
GetStockObject
GetRgnBox
GetPixel
GetPaletteEntries
GetObjectA
GetDeviceCaps
GetDIBits
GetDIBColorTable
GetDCOrgEx
GetCurrentPositionEx
GetClipBox
GetBrushOrgEx
GetBitmapBits
ExcludeClipRect
DeleteObject
DeleteDC
CreateSolidBrush
CreatePenIndirect
CreatePalette
CreateHalftonePalette
CreateFontIndirectA
CreateDIBitmap
CreateDIBSection
CreateCompatibleDC
CreateCompatibleBitmap
CreateBrushIndirect
CreateBitmap
BitBlt

version

VerQueryValueA
GetFileVersionInfoSizeA
GetFileVersionInfoA

comctl32

_TrackMouseEvent
ImageList_SetIconSize
ImageList_GetIconSize
ImageList_Write
ImageList_Read
ImageList_DragShowNolock
ImageList_DragMove
ImageList_DragLeave
ImageList_DragEnter
ImageList_EndDrag
ImageList_BeginDrag
ImageList_Remove
ImageList_DrawEx
ImageList_Draw
ImageList_GetBkColor
ImageList_SetBkColor
ImageList_Add
ImageList_GetImageCount
ImageList_Destroy
ImageList_Create

Sections

.text
Size: 388KB - Virtual size: 388KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 13KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 52B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Samples 2/10f4e5b89953a29f22a64373ec33b585af9b406a18710fec96d3adab993cbcc4.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Code Sign

46:a0:bc:d6:ec:e8:15:a7:4a:d1:39:39:dc:d1:f9:76
Certificate

Issuer

CN=Mozilla Cooperation 2023,C=CN

Not Before

06-11-2023 06:15

Not After

06-11-2024 06:15

Subject

CN=Mozilla Cooperation 2023,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

03-05-2023 00:00

Not After

02-08-2034 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #4,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02-05-2019 00:00

Not After

18-01-2038 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

ae:b1:96:be:c0:90:ad:e5:1d:eb:ca:9f:19:91:e1:75:c0:28:e7:cc:29:11:37:86:75:17:ab:43:dd:a6:21:e4
Signer

Actual PE Digest

ae:b1:96:be:c0:90:ad:e5:1d:eb:ca:9f:19:91:e1:75:c0:28:e7:cc:29:11:37:86:75:17:ab:43:dd:a6:21:e4

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 563KB - Virtual size: 562KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Samples 2/15e3a34b2bd7ad520d87fe902eee65f35049cc5bc3579bbb5182dfb91e3fd289.exe
.exe windows:4 windows x86 arch:x86

b78ecf47c0a3e24a6f4af114e2d1f5de

Code Sign

6f:de:34:72:70:c4:34:da:02:b0:82:a3:03:7c:0e:a7:4f:75:ef:c4
Certificate

Issuer

OU=indgrebsbestemmelserne Rationaliseringseksperten Unagreement\ ,O=Nonaccumulatively,L=Crogen,ST=Wales,C=GB,1.2.840.113549.1.9.1=#0c1a5061756e6368696c79404f7068696f6c6f676963616c2e476572

Not Before

26-06-2023 03:08

Not After

25-06-2026 03:08

Subject

OU=indgrebsbestemmelserne Rationaliseringseksperten Unagreement\ ,O=Nonaccumulatively,L=Crogen,ST=Wales,C=GB,1.2.840.113549.1.9.1=#0c1a5061756e6368696c79404f7068696f6c6f676963616c2e476572

fd:3b:db:c8:8d:fd:ae:dc:22:1b:65:80:c7:da:14:1c:f0:f0:c4:45:79:a3:a6:c6:5d:0c:ff:be:4c:35:b7:28
Signer

Actual PE Digest

fd:3b:db:c8:8d:fd:ae:dc:22:1b:65:80:c7:da:14:1c:f0:f0:c4:45:79:a3:a6:c6:5d:0c:ff:be:4c:35:b7:28

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetEnvironmentVariableA
Sleep
GetTickCount
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
GetFileAttributesA
SetFileAttributesA
GetWindowsDirectoryA
GetTempPathA
GetCommandLineA
lstrlenA
GetVersion
SetErrorMode
lstrcpynA
ExitProcess
GetFullPathNameA
GlobalLock
CreateThread
GetLastError
CreateDirectoryA
CreateProcessA
RemoveDirectoryA
CreateFileA
GetTempFileNameA
ReadFile
WriteFile
lstrcpyA
MoveFileExA
lstrcatA
GetSystemDirectoryA
GetProcAddress
CloseHandle
SetCurrentDirectoryA
MoveFileA
CompareFileTime
GetShortPathNameA
SearchPathA
lstrcmpiA
SetFileTime
lstrcmpA
ExpandEnvironmentStringsA
GlobalUnlock
GetDiskFreeSpaceA
GlobalFree
FindFirstFileA
FindNextFileA
DeleteFileA
SetFilePointer
GetPrivateProfileStringA
FindClose
MultiByteToWideChar
FreeLibrary
MulDiv
WritePrivateProfileStringA
LoadLibraryExA
GetModuleHandleA
GetExitCodeProcess
WaitForSingleObject
GlobalAlloc

user32

ScreenToClient
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
PostQuitMessage
GetWindowRect
EnableMenuItem
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
ReleaseDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndDialog
RegisterClassA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
ExitWindowsEx
GetDC
CreateDialogParamA
SetTimer
GetDlgItem
SetWindowLongA
SetForegroundWindow
LoadImageA
IsWindow
SendMessageTimeoutA
FindWindowExA
OpenClipboard
TrackPopupMenu
AppendMenuA
EndPaint
DestroyWindow
wsprintfA
ShowWindow
SetWindowTextA

gdi32

SelectObject
SetBkMode
CreateFontIndirectA
SetTextColor
DeleteObject
GetDeviceCaps
CreateBrushIndirect
SetBkColor

shell32

SHGetSpecialFolderLocation
SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA

advapi32

RegDeleteKeyA
SetFileSecurityA
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
RegOpenKeyExA
RegEnumValueA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA
RegSetValueExA
RegQueryValueExA
RegEnumKeyA

comctl32

ImageList_Create
ImageList_AddMasked
ImageList_Destroy
ord17

ole32

OleUninitialize
OleInitialize
CoTaskMemFree
CoCreateInstance

Sections

.text
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 149KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 56KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Samples 2/18f74890fef60f1e18d5b1d0b43f100c69b430445187d672bbedf46aff687d09.exe
.exe windows:4 windows x86 arch:x86

c05041e01f84e1ccca9c4451f3b6a383

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegCreateKeyExW
RegEnumKeyW
RegQueryValueExW
RegSetValueExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
SetFileSecurityW
RegOpenKeyExW
RegEnumValueW

shell32

SHGetSpecialFolderLocation
SHFileOperationW
SHBrowseForFolderW
SHGetPathFromIDListW
ShellExecuteExW
SHGetFileInfoW

ole32

OleInitialize
OleUninitialize
CoCreateInstance
IIDFromString
CoTaskMemFree

comctl32

ord17
ImageList_Create
ImageList_Destroy
ImageList_AddMasked

user32

GetClientRect
EndPaint
DrawTextW
IsWindowEnabled
DispatchMessageW
wsprintfA
CharNextA
CharPrevW
MessageBoxIndirectW
GetDlgItemTextW
SetDlgItemTextW
GetSystemMetrics
FillRect
AppendMenuW
TrackPopupMenu
OpenClipboard
SetClipboardData
CloseClipboard
IsWindowVisible
CallWindowProcW
GetMessagePos
CheckDlgButton
LoadCursorW
SetCursor
GetWindowLongW
GetSysColor
SetWindowPos
PeekMessageW
SetClassLongW
GetSystemMenu
EnableMenuItem
GetWindowRect
ScreenToClient
EndDialog
RegisterClassW
SystemParametersInfoW
CreateWindowExW
GetClassInfoW
DialogBoxParamW
CharNextW
ExitWindowsEx
DestroyWindow
CreateDialogParamW
SetTimer
SetWindowTextW
PostQuitMessage
SetForegroundWindow
ShowWindow
wsprintfW
SendMessageTimeoutW
FindWindowExW
IsWindow
GetDlgItem
SetWindowLongW
LoadImageW
GetDC
ReleaseDC
EnableWindow
InvalidateRect
SendMessageW
DefWindowProcW
BeginPaint
EmptyClipboard
CreatePopupMenu

gdi32

SetBkMode
SetBkColor
GetDeviceCaps
CreateFontIndirectW
CreateBrushIndirect
DeleteObject
SetTextColor
SelectObject

kernel32

GetExitCodeProcess
WaitForSingleObject
GetModuleHandleA
GetProcAddress
GetSystemDirectoryW
lstrcatW
Sleep
lstrcpyA
WriteFile
GetTempFileNameW
lstrcmpiA
RemoveDirectoryW
CreateProcessW
CreateDirectoryW
GetLastError
CreateThread
GlobalLock
GlobalUnlock
GetDiskFreeSpaceW
WideCharToMultiByte
lstrcpynW
lstrlenW
SetErrorMode
GetVersion
GetCommandLineW
GetTempPathW
GetWindowsDirectoryW
SetEnvironmentVariableW
ExitProcess
CopyFileW
GetCurrentProcess
GetModuleFileNameW
GetFileSize
CreateFileW
GetTickCount
MulDiv
SetFileAttributesW
GetFileAttributesW
SetCurrentDirectoryW
MoveFileW
GetFullPathNameW
GetShortPathNameW
SearchPathW
CompareFileTime
SetFileTime
CloseHandle
lstrcmpiW
lstrcmpW
ExpandEnvironmentStringsW
GlobalFree
GlobalAlloc
GetModuleHandleW
LoadLibraryExW
MoveFileExW
FreeLibrary
WritePrivateProfileStringW
GetPrivateProfileStringW
lstrlenA
MultiByteToWideChar
ReadFile
SetFilePointer
FindClose
FindNextFileW
FindFirstFileW
DeleteFileW

Sections

.text
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 128KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 64KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Samples 2/23c81c824177bc39dc8131bb8c25661ffecf0026501a7d074b49ff0eabc10b25.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 11.3MB - Virtual size: 11.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 381KB - Virtual size: 381KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Samples 2/5eff7e99184b9c8352125aaf8aa9d72e33049c52dc4eb7a69d509da3e7004cb2.exe
.exe windows:5 windows x86 arch:x86

8d9ee1d37ce0771b137ef02c8f52b4c6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ExitProcess
CreateTimerQueue
InterlockedIncrement
GetProcessPriorityBoost
GetModuleHandleW
GetTickCount
GenerateConsoleCtrlEvent
IsBadReadPtr
GetConsoleAliasesLengthA
CreateActCtxW
GlobalAlloc
SetFileShortNameW
GetSystemTimeAdjustment
GetVersionExW
GetModuleFileNameW
GetEnvironmentVariableA
CompareStringW
lstrlenW
GetStartupInfoW
FindFirstFileExA
SetLastError
GetProcAddress
GetLongPathNameA
CopyFileA
CreateMemoryResourceNotification
SearchPathA
_hwrite
OpenWaitableTimerA
OpenMutexA
RegisterWaitForSingleObject
OpenWaitableTimerW
MoveFileA
SetConsoleOutputCP
SetCurrentDirectoryW
WriteProfileSectionW
AddAtomA
GetModuleFileNameA
WTSGetActiveConsoleSessionId
GetModuleHandleA
GetProcessShutdownParameters
FreeEnvironmentStringsW
GetCurrentDirectoryA
CompareStringA
GetFileTime
OutputDebugStringA
GetVersionExA
GetWindowsDirectoryW
DeleteTimerQueueTimer
AddConsoleAliasA
DeleteFileA
CloseHandle
CreateFileW
SetStdHandle
RaiseException
GetCommandLineW
HeapSetInformation
DecodePointer
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
EncodePointer
InterlockedDecrement
GetACP
GetOEMCP
GetCPInfo
IsValidCodePage
TlsAlloc
TlsGetValue
TlsSetValue
GetCurrentThreadId
TlsFree
GetLastError
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
InitializeCriticalSectionAndSpinCount
GetFileType
DeleteCriticalSection
HeapValidate
HeapCreate
WriteFile
GetStringTypeW
MultiByteToWideChar
EnterCriticalSection
LeaveCriticalSection
WriteConsoleW
OutputDebugStringW
LoadLibraryW
RtlUnwind
WideCharToMultiByte
LCMapStringW
HeapAlloc
HeapReAlloc
HeapSize
HeapQueryInformation
HeapFree
IsProcessorFeaturePresent
SetFilePointer
GetConsoleCP
GetConsoleMode
FlushFileBuffers

user32

GetComboBoxInfo

winhttp

WinHttpQueryOption

Sections

.text
Size: 212KB - Virtual size: 212KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 18.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 58KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Samples 2/5fca14e334abfa6aefad9d409d44e951f14231ae0a0f91b7af0ce392726be3ad.exe
.exe windows:5 windows x86 arch:x86

f3e3791f85a6950ffa3d1dd4505cc55e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

InitializeCriticalSectionAndSpinCount
GetStartupInfoW
LoadLibraryW
UnhandledExceptionFilter
IsProcessorFeaturePresent
ExitProcess
GetModuleHandleW

user32

BeginPaint
DefWindowProcW
DispatchMessageW
EndPaint
GetMessageW
RegisterClassExW
ShowWindow
AdjustWindowRectEx
CreateWindowExW

gdi32

TextOutW

Sections

.text
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Samples 2/6b53de90d4c71ace801f6208d6a38c6e59a7e5d50de83544b9ef7f20c5296de2.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Sections

.MPRESS1
Size: 45KB - Virtual size: 48KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MPRESS2
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 17KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.imports
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Samples 2/6b8687e4a9ec832619d1e0477cc54e1709e25251c79571e697f6b43c4785fc29.exe
.exe windows:5 windows x86 arch:x86

021d5e7849e90fdf4c65d3045c109483

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

UpdateWindow
LoadCursorA
ShowWindow
PostQuitMessage
GetMessageA
EndPaint
DispatchMessageA
BeginPaint
TranslateMessage
CreateWindowExA
RegisterClassExA
DefWindowProcA
MessageBoxA
SendMessageA
DestroyWindow
LoadIconA
GetWindowRect
SetWindowPos

kernel32

GetCurrentThreadId
CreateFileA
GetLastError
lstrcpyA
GetModuleHandleA
GetCommandLineA
FindFirstFileA
GetCurrentDirectoryA
FindClose
GetFileSize
FindNextFileA
DeleteFileA
CloseHandle
GetCurrentProcessId
GetCurrentProcess

gdi32

CreateFontIndirectA

Sections

.text
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 536B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.ropf
Size: 512B - Virtual size: 101B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Samples 2/6bd2d5f2630ce91d3d93d5a686d0ea381b6efa2b25d0dbd0f509a17f7ed3788d.exe
.exe windows:4 windows x86 arch:x86

c05041e01f84e1ccca9c4451f3b6a383

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegCreateKeyExW
RegEnumKeyW
RegQueryValueExW
RegSetValueExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
SetFileSecurityW
RegOpenKeyExW
RegEnumValueW

shell32

SHGetSpecialFolderLocation
SHFileOperationW
SHBrowseForFolderW
SHGetPathFromIDListW
ShellExecuteExW
SHGetFileInfoW

ole32

OleInitialize
OleUninitialize
CoCreateInstance
IIDFromString
CoTaskMemFree

comctl32

ord17
ImageList_Create
ImageList_Destroy
ImageList_AddMasked

user32

GetClientRect
EndPaint
DrawTextW
IsWindowEnabled
DispatchMessageW
wsprintfA
CharNextA
CharPrevW
MessageBoxIndirectW
GetDlgItemTextW
SetDlgItemTextW
GetSystemMetrics
FillRect
AppendMenuW
TrackPopupMenu
OpenClipboard
SetClipboardData
CloseClipboard
IsWindowVisible
CallWindowProcW
GetMessagePos
CheckDlgButton
LoadCursorW
SetCursor
GetWindowLongW
GetSysColor
SetWindowPos
PeekMessageW
SetClassLongW
GetSystemMenu
EnableMenuItem
GetWindowRect
ScreenToClient
EndDialog
RegisterClassW
SystemParametersInfoW
CreateWindowExW
GetClassInfoW
DialogBoxParamW
CharNextW
ExitWindowsEx
DestroyWindow
CreateDialogParamW
SetTimer
SetWindowTextW
PostQuitMessage
SetForegroundWindow
ShowWindow
wsprintfW
SendMessageTimeoutW
FindWindowExW
IsWindow
GetDlgItem
SetWindowLongW
LoadImageW
GetDC
ReleaseDC
EnableWindow
InvalidateRect
SendMessageW
DefWindowProcW
BeginPaint
EmptyClipboard
CreatePopupMenu

gdi32

SetBkMode
SetBkColor
GetDeviceCaps
CreateFontIndirectW
CreateBrushIndirect
DeleteObject
SetTextColor
SelectObject

kernel32

GetExitCodeProcess
WaitForSingleObject
GetModuleHandleA
GetProcAddress
GetSystemDirectoryW
lstrcatW
Sleep
lstrcpyA
WriteFile
GetTempFileNameW
lstrcmpiA
RemoveDirectoryW
CreateProcessW
CreateDirectoryW
GetLastError
CreateThread
GlobalLock
GlobalUnlock
GetDiskFreeSpaceW
WideCharToMultiByte
lstrcpynW
lstrlenW
SetErrorMode
GetVersion
GetCommandLineW
GetTempPathW
GetWindowsDirectoryW
SetEnvironmentVariableW
ExitProcess
CopyFileW
GetCurrentProcess
GetModuleFileNameW
GetFileSize
CreateFileW
GetTickCount
MulDiv
SetFileAttributesW
GetFileAttributesW
SetCurrentDirectoryW
MoveFileW
GetFullPathNameW
GetShortPathNameW
SearchPathW
CompareFileTime
SetFileTime
CloseHandle
lstrcmpiW
lstrcmpW
ExpandEnvironmentStringsW
GlobalFree
GlobalAlloc
GetModuleHandleW
LoadLibraryExW
MoveFileExW
FreeLibrary
WritePrivateProfileStringW
GetPrivateProfileStringW
lstrlenA
MultiByteToWideChar
ReadFile
SetFilePointer
FindClose
FindNextFileW
FindFirstFileW
DeleteFileW

Sections

.text
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 128KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 64KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Samples 2/6c48e39183dda2dbdc8c92592c72feef6c6688c7b9e033ffe55581be572858e5.exe
.exe windows:6 windows x86 arch:x86

89766042e29aed5fce63c7340618b000

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrlenA
LocalAlloc
CheckRemoteDebuggerPresent
CreateFileW
GetProcAddress
LoadLibraryA

user32

DestroyWindow

gdi32

GetObjectW

ole32

CoDecodeProxy
CoInitialize

Sections

.text
Size: 95KB - Virtual size: 94KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Samples 2/8b70ca880f25f4e03bcac422fb2e6044369bf25d45d9b846db546728d66618a6.exe
.exe windows:4 windows x64 arch:x64

ffc0be8d4045d24dca5102ee63f1f965

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

CreateThread
DeleteCriticalSection
EnterCriticalSection
GetCurrentProcess
GetCurrentThreadId
GetLastError
GetModuleHandleA
GetProcAddress
GetStartupInfoA
GetTickCount
HeapAlloc
HeapCreate
HeapReAlloc
InitializeCriticalSection
LeaveCriticalSection
SetUnhandledExceptionFilter
Sleep
TlsGetValue
VirtualProtect
VirtualQuery
WaitForSingleObject

msvcrt

__C_specific_handler
__getmainargs
__initenv
__iob_func
__set_app_type
__setusermatherr
_acmdln
_amsg_exit
_cexit
_commode
_fmode
_initterm
_onexit
abort
calloc
exit
fprintf
free
fwrite
malloc
memcpy
signal
strlen
strncmp
vfprintf

user32

PeekMessageA
PostThreadMessageA

Sections

.text
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 415KB - Virtual size: 415KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 1024B - Virtual size: 588B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 512B - Virtual size: 448B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 416B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 96B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 128B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Samples 2/8ce95aee92cffc56420902fa657bc82a44574450ada63eb864d11e404a59a078.exe
.exe windows:5 windows x86 arch:x86

8dbd411dee61fc1b63660ff89eef7bc9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FindFirstChangeNotificationW
WriteConsoleInputW
WriteConsoleOutputCharacterW
GetModuleHandleExA
GetConsoleAliasExesA
AllocConsole
GlobalCompact
MapUserPhysicalPages
ReadConsoleA
GetConsoleAliasA
WriteConsoleInputA
AddConsoleAliasW
GetNumaAvailableMemoryNode
OpenSemaphoreA
SetCommBreak
GetSystemDefaultLCID
GenerateConsoleCtrlEvent
FindNextVolumeMountPointA
GetWindowsDirectoryA
GetCompressedFileSizeW
WaitNamedPipeW
SetCommState
GetDriveTypeA
GetEnvironmentStrings
GlobalAlloc
AddRefActCtx
GetVolumeInformationA
LoadLibraryW
CopyFileW
_hread
CreateEventA
TransactNamedPipe
EnumSystemCodePagesA
GetFileAttributesW
TerminateProcess
GetTimeZoneInformation
lstrcatA
lstrlenW
FindNextVolumeMountPointW
RemoveVectoredExceptionHandler
ReplaceFileA
GetTempPathW
GetShortPathNameA
GetNamedPipeHandleStateW
GetConsoleAliasesW
GetStartupInfoA
FindFirstFileA
GetLastError
GetCurrentDirectoryW
SetLastError
ReadConsoleOutputCharacterA
CreateConsoleScreenBuffer
VerLanguageNameA
WriteProfileSectionA
RemoveDirectoryA
CopyFileA
SetStdHandle
OpenWaitableTimerA
AddAtomW
FindAtomA
FoldStringW
SetConsoleCursorInfo
GetModuleHandleA
SetLocaleInfoW
FindNextFileW
VirtualProtect
CompareStringA
GetFileTime
GetConsoleCursorInfo
QueryPerformanceFrequency
SetProcessShutdownParameters
GetVolumeNameForVolumeMountPointW
DeleteFileW
MoveFileWithProgressW
ResetWriteWatch
GetSystemTime
EnumSystemLocalesW
lstrcpyW
AreFileApisANSI
CloseHandle
HeapSize
GetStartupInfoW
SetDefaultCommConfigA
MoveFileA
HeapReAlloc
GetCommandLineW
HeapSetInformation
EncodePointer
DecodePointer
IsProcessorFeaturePresent
EnterCriticalSection
LeaveCriticalSection
SetHandleCount
GetStdHandle
InitializeCriticalSectionAndSpinCount
GetFileType
DeleteCriticalSection
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCurrentProcess
HeapAlloc
HeapFree
HeapCreate
GetProcAddress
GetModuleHandleW
ExitProcess
WriteFile
GetModuleFileNameW
FreeEnvironmentStringsW
GetEnvironmentStringsW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
GetCurrentThreadId
InterlockedDecrement
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
RaiseException
Sleep
SetFilePointer
WideCharToMultiByte
GetConsoleCP
GetConsoleMode
RtlUnwind
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
FlushFileBuffers
WriteConsoleW
MultiByteToWideChar
LCMapStringW
GetStringTypeW
CreateFileW

user32

CharUpperA

advapi32

AbortSystemShutdownA

winhttp

WinHttpWriteData

Sections

.text
Size: 148KB - Virtual size: 147KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 3.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 53KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Samples 2/9cf8a802217928175088777f3f886dde3cba71c0a5c427ed169e24581e1c7a9b.exe
.exe windows:4 windows x86 arch:x86

c05041e01f84e1ccca9c4451f3b6a383

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegCreateKeyExW
RegEnumKeyW
RegQueryValueExW
RegSetValueExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
SetFileSecurityW
RegOpenKeyExW
RegEnumValueW

shell32

SHGetSpecialFolderLocation
SHFileOperationW
SHBrowseForFolderW
SHGetPathFromIDListW
ShellExecuteExW
SHGetFileInfoW

ole32

OleInitialize
OleUninitialize
CoCreateInstance
IIDFromString
CoTaskMemFree

comctl32

ord17
ImageList_Create
ImageList_Destroy
ImageList_AddMasked

user32

GetClientRect
EndPaint
DrawTextW
IsWindowEnabled
DispatchMessageW
wsprintfA
CharNextA
CharPrevW
MessageBoxIndirectW
GetDlgItemTextW
SetDlgItemTextW
GetSystemMetrics
FillRect
AppendMenuW
TrackPopupMenu
OpenClipboard
SetClipboardData
CloseClipboard
IsWindowVisible
CallWindowProcW
GetMessagePos
CheckDlgButton
LoadCursorW
SetCursor
GetWindowLongW
GetSysColor
SetWindowPos
PeekMessageW
SetClassLongW
GetSystemMenu
EnableMenuItem
GetWindowRect
ScreenToClient
EndDialog
RegisterClassW
SystemParametersInfoW
CreateWindowExW
GetClassInfoW
DialogBoxParamW
CharNextW
ExitWindowsEx
DestroyWindow
CreateDialogParamW
SetTimer
SetWindowTextW
PostQuitMessage
SetForegroundWindow
ShowWindow
wsprintfW
SendMessageTimeoutW
FindWindowExW
IsWindow
GetDlgItem
SetWindowLongW
LoadImageW
GetDC
ReleaseDC
EnableWindow
InvalidateRect
SendMessageW
DefWindowProcW
BeginPaint
EmptyClipboard
CreatePopupMenu

gdi32

SetBkMode
SetBkColor
GetDeviceCaps
CreateFontIndirectW
CreateBrushIndirect
DeleteObject
SetTextColor
SelectObject

kernel32

GetExitCodeProcess
WaitForSingleObject
GetModuleHandleA
GetProcAddress
GetSystemDirectoryW
lstrcatW
Sleep
lstrcpyA
WriteFile
GetTempFileNameW
lstrcmpiA
RemoveDirectoryW
CreateProcessW
CreateDirectoryW
GetLastError
CreateThread
GlobalLock
GlobalUnlock
GetDiskFreeSpaceW
WideCharToMultiByte
lstrcpynW
lstrlenW
SetErrorMode
GetVersion
GetCommandLineW
GetTempPathW
GetWindowsDirectoryW
SetEnvironmentVariableW
ExitProcess
CopyFileW
GetCurrentProcess
GetModuleFileNameW
GetFileSize
CreateFileW
GetTickCount
MulDiv
SetFileAttributesW
GetFileAttributesW
SetCurrentDirectoryW
MoveFileW
GetFullPathNameW
GetShortPathNameW
SearchPathW
CompareFileTime
SetFileTime
CloseHandle
lstrcmpiW
lstrcmpW
ExpandEnvironmentStringsW
GlobalFree
GlobalAlloc
GetModuleHandleW
LoadLibraryExW
MoveFileExW
FreeLibrary
WritePrivateProfileStringW
GetPrivateProfileStringW
lstrlenA
MultiByteToWideChar
ReadFile
SetFilePointer
FindClose
FindNextFileW
FindFirstFileW
DeleteFileW

Sections

.text
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 128KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 64KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Samples 2/9d0863c76aa5212eee67a9d8e8fa25547d9c99e9c47286027637fb50812a1110.exe
.exe windows:5 windows x86 arch:x86

6dca3e9fb3928bbdb54dbce669943ec8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleHandleW
GetComputerNameW
GetLocalTime
SystemTimeToFileTime
FileTimeToSystemTime
SizeofResource
LockResource
LoadResource
FindResourceW
FindResourceExW
MultiByteToWideChar
GetProcAddress
LoadLibraryW
GetCurrentProcess
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
GetLastError
CloseHandle
WideCharToMultiByte
MoveFileW
DeleteFileW
CreateDirectoryW
SetFileAttributesW
GetTempPathW
GetTempFileNameW
MoveFileExW
lstrlenW
CreateFileW
GetFileSize
ReadFile
WriteFile
Sleep
GetComputerNameA
GetModuleFileNameW
CreateProcessW
GetSystemTime
FileTimeToLocalFileTime
RaiseException
InitializeCriticalSectionAndSpinCount
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
LocalAlloc
SetEndOfFile
SetStdHandle
WriteConsoleW
FreeLibrary
LoadLibraryA
InterlockedIncrement
InterlockedDecrement
InterlockedExchange
EncodePointer
DecodePointer
GetCommandLineW
HeapSetInformation
GetStartupInfoW
GetCurrentThreadId
RtlUnwind
LCMapStringW
GetCPInfo
SetUnhandledExceptionFilter
ExitProcess
GetStdHandle
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
SetLastError
HeapCreate
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
UnhandledExceptionFilter
IsDebuggerPresent
IsProcessorFeaturePresent
GetConsoleCP
GetConsoleMode
GetACP
GetOEMCP
IsValidCodePage
SetFilePointer
FlushFileBuffers
GetUserDefaultLCID
GetLocaleInfoW
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
GetStringTypeW

ole32

CoCreateInstance
CoInitialize

shlwapi

PathIsRootW
PathFileExistsW
PathAppendW
PathAddExtensionW
PathRemoveExtensionW

Sections

.text
Size: 140KB - Virtual size: 136KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 284KB - Virtual size: 283KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 52KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Samples 2/9f9bbdf52e05dd9de10f36aac171224ddded63a05a2e0bbae484353bef4924cb.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Code Sign

ce:49:4a:74:3a:9b:5c:b7:1d:43:32:f3:41:34:28:da
Certificate

Issuer

CN=Microsoft Cooperation 2023,C=CN

Not Before

05-11-2023 21:44

Not After

05-11-2024 21:44

Subject

CN=Microsoft Cooperation 2023,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

03-05-2023 00:00

Not After

02-08-2034 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #4,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02-05-2019 00:00

Not After

18-01-2038 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

7c:c2:07:03:09:d1:9a:3d:67:7a:31:e9:f5:13:63:71:ae:ae:52:a5:82:96:20:c6:5d:36:48:3e:fc:b7:0c:d9
Signer

Actual PE Digest

7c:c2:07:03:09:d1:9a:3d:67:7a:31:e9:f5:13:63:71:ae:ae:52:a5:82:96:20:c6:5d:36:48:3e:fc:b7:0c:d9

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 692KB - Virtual size: 692KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Samples 3/081a3d200edb928e18cfac98d151d6af21b7fc1fb017f066a1ce428929c5da9b.exe
.exe windows:5 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 10KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 11KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

petite
Size: 334B - Virtual size: 334B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Samples 3/093ea014b7458f9388f4c76b758c08b6a34e713736330f97fa49c99d71e2b371.exe
.exe windows:5 windows x86 arch:x86

6dca3e9fb3928bbdb54dbce669943ec8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleHandleW
GetComputerNameW
GetLocalTime
SystemTimeToFileTime
FileTimeToSystemTime
SizeofResource
LockResource
LoadResource
FindResourceW
FindResourceExW
MultiByteToWideChar
GetProcAddress
LoadLibraryW
GetCurrentProcess
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
GetLastError
CloseHandle
WideCharToMultiByte
MoveFileW
DeleteFileW
CreateDirectoryW
SetFileAttributesW
GetTempPathW
GetTempFileNameW
MoveFileExW
lstrlenW
CreateFileW
GetFileSize
ReadFile
WriteFile
Sleep
GetComputerNameA
GetModuleFileNameW
CreateProcessW
GetSystemTime
FileTimeToLocalFileTime
RaiseException
InitializeCriticalSectionAndSpinCount
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
LocalAlloc
SetEndOfFile
SetStdHandle
WriteConsoleW
FreeLibrary
LoadLibraryA
InterlockedIncrement
InterlockedDecrement
InterlockedExchange
EncodePointer
DecodePointer
GetCommandLineW
HeapSetInformation
GetStartupInfoW
GetCurrentThreadId
RtlUnwind
LCMapStringW
GetCPInfo
SetUnhandledExceptionFilter
ExitProcess
GetStdHandle
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
SetLastError
HeapCreate
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
UnhandledExceptionFilter
IsDebuggerPresent
IsProcessorFeaturePresent
GetConsoleCP
GetConsoleMode
GetACP
GetOEMCP
IsValidCodePage
SetFilePointer
FlushFileBuffers
GetUserDefaultLCID
GetLocaleInfoW
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
GetStringTypeW

ole32

CoCreateInstance
CoInitialize

shlwapi

PathIsRootW
PathFileExistsW
PathAppendW
PathAddExtensionW
PathRemoveExtensionW

Sections

.text
Size: 137KB - Virtual size: 136KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 262KB - Virtual size: 283KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 50KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Samples 3/095acff5fceaebcb8026d5dc628953ac226c8bf66aa1fbd929b2b569c9b937d2.exe
.exe windows:5 windows x86 arch:x86

5c55d83b58dbc1f7154223c32a893074

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

ShowWindow
PostQuitMessage
GetMessageA
EndPaint
DispatchMessageA
BeginPaint
TranslateMessage
MoveWindow
CreateWindowExA
RegisterClassExA
DefWindowProcA
MessageBoxA
SendMessageA
DestroyWindow
LoadCursorA
LoadIconA
UpdateWindow
GetWindowRect

kernel32

GetLastError
lstrcpyA
GetModuleHandleA
GetCommandLineA
FindFirstFileA
FormatMessageA
FindClose
FindNextFileA
DeleteFileA
CloseHandle
GetCPInfo
GetACP
CreateFileA

gdi32

CreateFontIndirectA

Sections

.text
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 542B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Samples 3/179a03ea134385e1a80aaa05703d70008024d8771d836f62595c5b9187138723.exe
.exe windows:5 windows x86 arch:x86

892cf399352d143dfa090ba225b3a97b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetSystemDefaultLangID
WriteConsoleInputW
lstrlenA
GetStringTypeA
GetConsoleAliasA
WaitNamedPipeA
GetEnvironmentStringsW
WriteConsoleInputA
AddConsoleAliasW
FlushConsoleInputBuffer
SetTapeParameters
MoveFileWithProgressA
FindNextVolumeMountPointA
GetConsoleAliasesA
ConvertFiberToThread
ExpandEnvironmentStringsA
GetPrivateProfileStringW
ReadConsoleW
GetWindowsDirectoryA
GetCompressedFileSizeW
GetConsoleAliasExesW
CreateActCtxW
GetPrivateProfileIntA
LoadLibraryW
SetCommConfig
FatalAppExitW
_hread
GetSystemPowerStatus
HeapDestroy
GetFileAttributesA
GetExitCodeProcess
ReplaceFileW
IsDBCSLeadByte
GetTimeZoneInformation
EnumSystemLocalesA
GetConsoleOutputCP
GetStartupInfoA
FindFirstFileA
GetLastError
SetLastError
GetProcAddress
WriteProfileSectionA
RemoveDirectoryA
CopyFileA
GlobalGetAtomNameA
SetFileApisToOEM
LoadLibraryA
LocalAlloc
SetConsoleCtrlHandler
CreateEventW
VirtualLock
OpenJobObjectW
FoldStringA
GlobalFindAtomW
GetModuleHandleA
SetLocaleInfoW
FindNextFileW
VirtualProtect
GetCurrentDirectoryA
CompareStringA
GetShortPathNameW
OpenSemaphoreW
ReadConsoleInputW
FindFirstVolumeW
MoveFileWithProgressW
ReadConsoleOutputCharacterW
EnumSystemLocalesW
DeleteFileA
ExpandEnvironmentStringsW
CreateFileW
WriteConsoleW
InterlockedIncrement
InterlockedDecrement
EncodePointer
DecodePointer
Sleep
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
HeapFree
GetCommandLineW
HeapSetInformation
GetStartupInfoW
RaiseException
RtlUnwind
HeapAlloc
WideCharToMultiByte
LCMapStringW
MultiByteToWideChar
GetCPInfo
IsProcessorFeaturePresent
HeapCreate
HeapSize
GetModuleHandleW
ExitProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
TerminateProcess
GetCurrentProcess
SetFilePointer
WriteFile
GetStdHandle
GetModuleFileNameW
FreeEnvironmentStringsW
SetHandleCount
InitializeCriticalSectionAndSpinCount
GetFileType
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetCurrentThreadId
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
GetLocaleInfoW
GetACP
GetOEMCP
IsValidCodePage
GetUserDefaultLCID
GetLocaleInfoA
IsValidLocale
GetStringTypeW
HeapReAlloc
SetStdHandle
GetConsoleCP
GetConsoleMode
FlushFileBuffers
CloseHandle

user32

CharUpperA

Sections

.text
Size: 425KB - Virtual size: 425KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 3.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 68KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Samples 3/209dc352ae660c94c7bd22fc9e97420bebfc56840e237e0d60cc42f734bfa386.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 754KB - Virtual size: 753KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Samples 3/31e7e054709f5b627f50b6b26f95c6e0536c7d03361c16c9677c70fe327a7181.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

i}AOd
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 35KB - Virtual size: 34KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Samples 3/56e26fd1b4bb65afbfccfcd02b594270030f800f0270068d00c3eb6c31553323.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Samples 3/61a764045daabe15243e13405d418e3f60b6671ee7a1e325c6021204920f741c.exe
.exe windows:5 windows x86 arch:x86

1c8010f1f4f56ad775e1487631ff77b0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetSystemDefaultLangID
FindFirstFileW
WriteConsoleInputW
lstrlenA
GetConsoleAliasExesA
OpenJobObjectA
ReadConsoleA
GetConsoleAliasA
WaitNamedPipeA
SetConsoleScreenBufferSize
WriteConsoleInputA
AddConsoleAliasW
MoveFileWithProgressA
ConvertFiberToThread
ExpandEnvironmentStringsA
GetPrivateProfileStringW
GetWindowsDirectoryA
GetCompressedFileSizeW
CreateActCtxW
GetEnvironmentStrings
GetPrivateProfileIntA
LoadLibraryW
SetCommConfig
FatalAppExitW
_hread
GetSystemPowerStatus
HeapDestroy
GetFileAttributesW
ReplaceFileW
IsDBCSLeadByte
GetTimeZoneInformation
FindNextVolumeMountPointW
VirtualUnlock
GetShortPathNameA
EnumSystemLocalesA
GetConsoleOutputCP
GetConsoleAliasesW
GetStartupInfoA
GetLastError
SetLastError
GetProcAddress
WriteProfileSectionA
RemoveDirectoryA
CopyFileA
GlobalGetAtomNameA
SetFileApisToOEM
LocalAlloc
SetConsoleCtrlHandler
CreateEventW
GetTapeParameters
FoldStringA
GlobalFindAtomW
GetModuleHandleA
SetLocaleInfoW
FindNextFileW
GetStringTypeW
VirtualProtect
GetCurrentDirectoryA
CompareStringA
OpenSemaphoreW
ReadConsoleInputW
FindFirstVolumeW
GetCurrentProcessId
MoveFileWithProgressW
ReadConsoleOutputCharacterW
EnumSystemLocalesW
DeleteFileA
ExpandEnvironmentStringsW
CreateFileW
WriteConsoleW
InterlockedIncrement
InterlockedDecrement
EncodePointer
DecodePointer
Sleep
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
HeapFree
GetCommandLineW
HeapSetInformation
GetStartupInfoW
RaiseException
RtlUnwind
HeapAlloc
WideCharToMultiByte
LCMapStringW
MultiByteToWideChar
GetCPInfo
IsProcessorFeaturePresent
HeapCreate
HeapSize
GetModuleHandleW
ExitProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
TerminateProcess
GetCurrentProcess
SetFilePointer
WriteFile
GetStdHandle
GetModuleFileNameW
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
InitializeCriticalSectionAndSpinCount
GetFileType
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetCurrentThreadId
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
GetLocaleInfoW
GetACP
GetOEMCP
IsValidCodePage
GetUserDefaultLCID
GetLocaleInfoA
IsValidLocale
HeapReAlloc
SetStdHandle
GetConsoleCP
GetConsoleMode
FlushFileBuffers
CloseHandle

user32

CharUpperA

Sections

.text
Size: 176KB - Virtual size: 176KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 3.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 70KB - Virtual size: 70KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Samples 3/74bafd56c1fb3cdebf0a63de4ffb6f16dc1d5cee38e11ab0d2bc2614538da65f.exe
.exe windows:4 windows x86 arch:x86

c05041e01f84e1ccca9c4451f3b6a383

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegCreateKeyExW
RegEnumKeyW
RegQueryValueExW
RegSetValueExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
SetFileSecurityW
RegOpenKeyExW
RegEnumValueW

shell32

SHGetSpecialFolderLocation
SHFileOperationW
SHBrowseForFolderW
SHGetPathFromIDListW
ShellExecuteExW
SHGetFileInfoW

ole32

OleInitialize
OleUninitialize
CoCreateInstance
IIDFromString
CoTaskMemFree

comctl32

ord17
ImageList_Create
ImageList_Destroy
ImageList_AddMasked

user32

GetClientRect
EndPaint
DrawTextW
IsWindowEnabled
DispatchMessageW
wsprintfA
CharNextA
CharPrevW
MessageBoxIndirectW
GetDlgItemTextW
SetDlgItemTextW
GetSystemMetrics
FillRect
AppendMenuW
TrackPopupMenu
OpenClipboard
SetClipboardData
CloseClipboard
IsWindowVisible
CallWindowProcW
GetMessagePos
CheckDlgButton
LoadCursorW
SetCursor
GetWindowLongW
GetSysColor
SetWindowPos
PeekMessageW
SetClassLongW
GetSystemMenu
EnableMenuItem
GetWindowRect
ScreenToClient
EndDialog
RegisterClassW
SystemParametersInfoW
CreateWindowExW
GetClassInfoW
DialogBoxParamW
CharNextW
ExitWindowsEx
DestroyWindow
CreateDialogParamW
SetTimer
SetWindowTextW
PostQuitMessage
SetForegroundWindow
ShowWindow
wsprintfW
SendMessageTimeoutW
FindWindowExW
IsWindow
GetDlgItem
SetWindowLongW
LoadImageW
GetDC
ReleaseDC
EnableWindow
InvalidateRect
SendMessageW
DefWindowProcW
BeginPaint
EmptyClipboard
CreatePopupMenu

gdi32

SetBkMode
SetBkColor
GetDeviceCaps
CreateFontIndirectW
CreateBrushIndirect
DeleteObject
SetTextColor
SelectObject

kernel32

GetExitCodeProcess
WaitForSingleObject
GetModuleHandleA
GetProcAddress
GetSystemDirectoryW
lstrcatW
Sleep
lstrcpyA
WriteFile
GetTempFileNameW
lstrcmpiA
RemoveDirectoryW
CreateProcessW
CreateDirectoryW
GetLastError
CreateThread
GlobalLock
GlobalUnlock
GetDiskFreeSpaceW
WideCharToMultiByte
lstrcpynW
lstrlenW
SetErrorMode
GetVersion
GetCommandLineW
GetTempPathW
GetWindowsDirectoryW
SetEnvironmentVariableW
ExitProcess
CopyFileW
GetCurrentProcess
GetModuleFileNameW
GetFileSize
CreateFileW
GetTickCount
MulDiv
SetFileAttributesW
GetFileAttributesW
SetCurrentDirectoryW
MoveFileW
GetFullPathNameW
GetShortPathNameW
SearchPathW
CompareFileTime
SetFileTime
CloseHandle
lstrcmpiW
lstrcmpW
ExpandEnvironmentStringsW
GlobalFree
GlobalAlloc
GetModuleHandleW
LoadLibraryExW
MoveFileExW
FreeLibrary
WritePrivateProfileStringW
GetPrivateProfileStringW
lstrlenA
MultiByteToWideChar
ReadFile
SetFilePointer
FindClose
FindNextFileW
FindFirstFileW
DeleteFileW

Sections

.text
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 128KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 64KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Samples 3/74f60be5e412a3af9701289707be3aa8e6e321283a0280c20cb437ac25d8d90e.exe
.exe windows:4 windows x64 arch:x64

5881e1e6c29a4460adc7eeb1b16b9792

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Imports

advapi32

RegCloseKey
RegCreateKeyW
RegOpenKeyW
RegQueryValueExW
RegSetValueExW

gdi32

BitBlt
CreateBitmap
CreateCompatibleBitmap
CreateCompatibleDC
CreateFontIndirectW
CreateSolidBrush
DeleteObject
EnumFontFamiliesExW
ExtTextOutW
GetStockObject
GetTextFaceW
GetTextMetricsW
LineTo
MoveToEx
SelectObject
SetBkColor
SetTextColor
TextOutW
TranslateCharsetInfo

kernel32

CloseHandle
CreateEventW
CreateThread
DelayLoadFailureHook
EnterCriticalSection
FormatMessageW
GetACP
GetCPInfo
GetModuleHandleW
GetOEMCP
GetProcAddress
GetStartupInfoW
GetStdHandle
GetTickCount
GlobalAlloc
GlobalLock
GlobalReAlloc
GlobalSize
GlobalUnlock
HeapAlloc
HeapReAlloc
IsBadStringPtrA
IsBadStringPtrW
IsValidCodePage
LeaveCriticalSection
MulDiv
MultiByteToWideChar
ResolveDelayLoadedAPI
WaitForMultipleObjects
WideCharToMultiByte
WriteFile
lstrcmpW

ntdll

NtDeviceIoControlFile
NtReadFile
NtWaitForSingleObject
_vsnprintf
wine_server_call

ucrtbase

__acrt_iob_func
__p___argc
__p___wargv
__stdio_common_vsprintf
_assert
_configure_wide_argv
_get_initial_wide_environment
_initialize_wide_environment
_set_app_type
_strdup
_wtoi
calloc
exit
free
fwrite
getenv
iswalnum
malloc
memcmp
memcpy
memmove
realloc
strchr
strcmp
strcpy
strcspn
strlen
wcscmp
wcscpy
wcslen
wcstol

user32

AdjustWindowRect
BeginPaint
CharLowerBuffW
CharUpperBuffW
ClientToScreen
CloseClipboard
CreateCaret
CreateMenu
CreatePopupMenu
CreateWindowExW
DefWindowProcW
DestroyCaret
DispatchMessageW
EmptyClipboard
EnableMenuItem
EndPaint
FillRect
GetCapture
GetClientRect
GetClipboardData
GetDC
GetDlgItem
GetDlgItemInt
GetDpiForSystem
GetFocus
GetKeyboardState
GetParent
GetSystemMenu
GetSystemMetrics
GetWindowLongPtrW
GetWindowLongW
HideCaret
InsertMenuW
InvalidateRect
InvertRect
IsClipboardFormatAvailable
IsDlgButtonChecked
IsWindowVisible
LoadCursorW
LoadIconW
LoadStringW
MapVirtualKeyW
MessageBoxW
MsgWaitForMultipleObjects
OpenClipboard
PeekMessageW
PostMessageW
PostQuitMessage
RegisterClassW
ReleaseCapture
ReleaseDC
ScrollWindow
SendDlgItemMessageW
SendMessageW
SetCapture
SetCaretPos
SetClipboardData
SetDlgItemInt
SetScrollPos
SetScrollRange
SetTimer
SetWindowLongPtrW
SetWindowLongW
SetWindowPos
SetWindowTextW
ShowCaret
ShowScrollBar
ShowWindow
SystemParametersInfoW
ToUnicode
TrackPopupMenu
UpdateWindow
VkKeyScanW
wsprintfW

Sections

.text
Size: 68KB - Virtual size: 67KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 272B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

/4
Size: 4KB - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 108KB - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 188B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Samples 3/77bdc94b3e90f3d4df5ca299e563e8425b6dd7ec50e0fe6fa697e87b1926f778.exe
.exe windows:6 windows x86 arch:x86

6256ca6fb1d33cce27dff272311e3072

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ReadFile
lstrcatA
GetModuleHandleA
SetCurrentDirectoryA
GetModuleHandleExA
CreateFileA
lstrcpyA
CloseHandle
GetFileSize
GetLastError
GetProcAddress
HeapFree
WriteFile
lstrlenA
lstrcpynA
WriteConsoleW
QueryPerformanceCounter
SetLastError
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
GetModuleHandleW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
GetCurrentProcessId
GetCurrentThreadId
InitializeSListHead
RtlUnwind
RaiseException
EncodePointer
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
FreeLibrary
LoadLibraryExW
ExitProcess
GetModuleHandleExW
GetModuleFileNameW
GetStdHandle
SetFilePointerEx
GetFileType
HeapAlloc
LCMapStringW
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
MultiByteToWideChar
WideCharToMultiByte
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetProcessHeap
SetStdHandle
GetStringTypeW
GetConsoleMode
FlushFileBuffers
GetConsoleOutputCP
HeapSize
HeapReAlloc
CreateFileW
DecodePointer

Sections

.text
Size: 87KB - Virtual size: 86KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 279KB - Virtual size: 279KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Samples 3/80db68b4b0216a5371497f59d688d88108efe0bbf3d3fea1b969cde9ce8d4168.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

-kA\Om3S
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 41KB - Virtual size: 41KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Samples 3/91bbe97818559d7e7f7c35b60c152e6e2db4f42e3f9c6f80421bbdfb646e7068.exe
.exe windows:5 windows x86 arch:x86

b12cc29254d07cadbb008c92468c8361

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

WriteConsoleInputW
lstrlenA
GetStringTypeA
GetConsoleAliasA
WaitNamedPipeA
GetEnvironmentStringsW
WriteConsoleInputA
AddConsoleAliasW
FlushConsoleInputBuffer
SetTapeParameters
MoveFileWithProgressA
FindNextVolumeMountPointA
GetConsoleAliasesA
ConvertFiberToThread
ExpandEnvironmentStringsA
GetPrivateProfileStringW
ReadConsoleW
GetWindowsDirectoryA
GetCompressedFileSizeW
GetConsoleAliasExesW
GetUserDefaultLangID
CreateActCtxW
GetPrivateProfileIntA
LoadLibraryW
SetCommConfig
FatalAppExitW
_hread
GetSystemPowerStatus
HeapDestroy
GetFileAttributesA
GetExitCodeProcess
ReplaceFileW
IsDBCSLeadByte
GetTimeZoneInformation
EnumSystemLocalesA
GetConsoleOutputCP
GetStartupInfoA
FindFirstFileA
GetLastError
SetLastError
GetProcAddress
RemoveDirectoryA
CopyFileA
GlobalGetAtomNameA
SetFileApisToOEM
LoadLibraryA
LocalAlloc
SetConsoleCtrlHandler
CreateEventW
WriteProfileSectionW
VirtualLock
OpenJobObjectW
FoldStringA
GlobalFindAtomW
GetModuleHandleA
SetLocaleInfoW
FindNextFileW
VirtualProtect
GetCurrentDirectoryA
CompareStringA
GetShortPathNameW
OpenSemaphoreW
ReadConsoleInputW
FindFirstVolumeW
MoveFileWithProgressW
ReadConsoleOutputCharacterW
DeleteFileA
ExpandEnvironmentStringsW
CreateFileW
WriteConsoleW
InterlockedIncrement
InterlockedDecrement
EncodePointer
DecodePointer
Sleep
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
WideCharToMultiByte
HeapFree
GetCommandLineW
HeapSetInformation
GetStartupInfoW
RaiseException
RtlUnwind
HeapAlloc
LCMapStringW
MultiByteToWideChar
GetCPInfo
IsProcessorFeaturePresent
GetACP
GetOEMCP
IsValidCodePage
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleW
GetCurrentThreadId
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
TerminateProcess
GetCurrentProcess
HeapCreate
HeapSize
ExitProcess
SetFilePointer
WriteFile
GetStdHandle
GetModuleFileNameW
FreeEnvironmentStringsW
SetHandleCount
InitializeCriticalSectionAndSpinCount
GetFileType
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
GetLocaleInfoW
GetUserDefaultLCID
GetLocaleInfoA
IsValidLocale
GetStringTypeW
HeapReAlloc
SetStdHandle
GetConsoleCP
GetConsoleMode
FlushFileBuffers
CloseHandle

user32

CharUpperA

Sections

.text
Size: 177KB - Virtual size: 177KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 3.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 68KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Samples 3/94dbf6089ceccafd34ec1011941f18682361d71a9fbc54d1495dc0f9ec52169e.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 615KB - Virtual size: 615KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Samples 3/96b3a6f88bebb213230bd38f95804466296c238e0774861ceec6ad4424dcfb45.exe
.exe windows:4 windows x86 arch:x86

32569d67dc210c5cb9a759b08da2bdb3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

oleaut32

SysStringLen
SysAllocStringLen
VariantClear

user32

DialogBoxParamW
SetWindowLongW
GetWindowLongW
GetDlgItem
LoadStringW
CharUpperW
DestroyWindow
EndDialog
PostMessageW
SetWindowTextW
ShowWindow
MessageBoxW
SendMessageW
LoadIconW
KillTimer
SetTimer

shell32

ShellExecuteExW

msvcrt

_controlfp
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_XcptFilter
_exit
?terminate@@YAXXZ
??1type_info@@UAE@XZ
_except_handler3
_beginthreadex
memset
wcsstr
free
malloc
memcpy
_CxxThrowException
_purecall
memmove
memcmp
wcscmp
__CxxFrameHandler

kernel32

WaitForSingleObject
GetStartupInfoA
InitializeCriticalSection
ResetEvent
SetEvent
CreateEventW
lstrlenW
lstrcatW
VirtualFree
VirtualAlloc
Sleep
WaitForMultipleObjects
GetFileInformationByHandle
GetStdHandle
GlobalMemoryStatus
GetSystemInfo
GetCurrentProcess
GetProcessAffinityMask
SetEndOfFile
WriteFile
ReadFile
SetFilePointer
GetFileSize
GetFileAttributesW
GetModuleHandleA
FindNextFileW
FindFirstFileW
FindClose
GetCurrentThreadId
GetTickCount
GetCurrentProcessId
GetTempPathW
GetCurrentDirectoryW
SetCurrentDirectoryW
SetLastError
DeleteFileW
CreateDirectoryW
GetModuleHandleW
GetProcAddress
RemoveDirectoryW
SetFileAttributesW
CreateFileW
SetFileTime
GetSystemDirectoryW
FormatMessageW
LocalFree
GetModuleFileNameW
LoadLibraryExW
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetLastError
GetVersionExW
GetCommandLineW
CreateProcessW
CloseHandle

Sections

.text
Size: 102KB - Virtual size: 101KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.sxdata
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Samples 4/0532a82db5727b773fd280a5bc3ffa8b3be3be05bf5a9c125dbdf5f1e9fa63ce.exe
.exe windows:5 windows x86 arch:x86

de58f4fc29c988fcef0248564284d0f7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleHandleW
GetComputerNameW
GetLocalTime
SystemTimeToFileTime
FileTimeToSystemTime
SizeofResource
LockResource
LoadResource
FindResourceW
FindResourceExW
MultiByteToWideChar
GetProcAddress
LoadLibraryW
GetCurrentProcess
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
GetLastError
CloseHandle
WideCharToMultiByte
MoveFileW
DeleteFileW
CreateDirectoryW
SetFileAttributesW
GetTempPathW
GetTempFileNameW
MoveFileExW
lstrlenW
CreateFileW
GetFileSize
ReadFile
WriteFile
Sleep
GetComputerNameA
GetModuleFileNameW
CreateProcessW
GetSystemTime
FileTimeToLocalFileTime
RaiseException
InitializeCriticalSectionAndSpinCount
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
LocalAlloc
SetEndOfFile
SetStdHandle
WriteConsoleW
FreeLibrary
LoadLibraryA
InterlockedIncrement
InterlockedDecrement
InterlockedExchange
EncodePointer
DecodePointer
GetCommandLineW
HeapSetInformation
GetStartupInfoW
GetCurrentThreadId
RtlUnwind
LCMapStringW
GetCPInfo
SetUnhandledExceptionFilter
ExitProcess
GetStdHandle
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
SetLastError
HeapCreate
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
UnhandledExceptionFilter
IsDebuggerPresent
IsProcessorFeaturePresent
GetConsoleCP
GetConsoleMode
GetACP
GetOEMCP
IsValidCodePage
SetFilePointer
FlushFileBuffers
GetUserDefaultLCID
GetLocaleInfoW
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
GetStringTypeW

ole32

BindMoniker
CoInitialize

shlwapi

PathIsRootW
PathFileExistsW
PathAppendW
PathAddExtensionW
PathRemoveExtensionW

Sections

.text
Size: 137KB - Virtual size: 136KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 262KB - Virtual size: 283KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 50KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.iobf
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Samples 4/0600f0c29e7513b060c4634804b2a2ad7e636c8372f7ee927b9e20e72e2bc807.exe
.exe windows:5 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Sections

.MPRESS1
Size: 17KB - Virtual size: 36KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MPRESS2
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 11KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.imports
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Samples 4/13144b87810fe4739e4e7078968b49e7ca4b75505195fe5c4925f35d2def22e4.exe
.exe windows:4 windows x86 arch:x86

Code Sign

2e:ab:11:dc:50:ff:5c:9d:cb:c0
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

22-08-2007 22:31

Not After

25-08-2012 07:00

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:01:64:0f:00:00:00:00:00:0b
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

20-01-2009 01:58

Not After

20-03-2010 02:08

Subject

CN=Microsoft Corporation,OU=AOC,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

16-09-2006 01:04

Not After

15-09-2019 07:00

Subject

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:06:94:2d:00:00:00:00:00:09
Certificate

Issuer

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

25-07-2008 19:02

Not After

25-07-2013 19:12

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:7A82-688A-9F92,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

1c:1b:d2:bd:ab:b7:c5:ca:46:e1:b7:6f:f8:69:d3:65:39:d0:08:ab
Signer

Actual PE Digest

1c:1b:d2:bd:ab:b7:c5:ca:46:e1:b7:6f:f8:69:d3:65:39:d0:08:ab

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 343KB - Virtual size: 342KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 3KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 16B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 177KB - Virtual size: 177KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Samples 4/25540f55ae5a200dd9635f60a3b62458b6d95386d0d92eab2282facc6f51084e.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 346KB - Virtual size: 346KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Samples 4/4051eb7216e002cc6d827d781527d7556f4eb0f47bf092fc1a58b41b365252ec.exe
.exe windows:4 windows x86 arch:x86

c05041e01f84e1ccca9c4451f3b6a383

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegCreateKeyExW
RegEnumKeyW
RegQueryValueExW
RegSetValueExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
SetFileSecurityW
RegOpenKeyExW
RegEnumValueW

shell32

SHGetSpecialFolderLocation
SHFileOperationW
SHBrowseForFolderW
SHGetPathFromIDListW
ShellExecuteExW
SHGetFileInfoW

ole32

OleInitialize
OleUninitialize
CoCreateInstance
IIDFromString
CoTaskMemFree

comctl32

ord17
ImageList_Create
ImageList_Destroy
ImageList_AddMasked

user32

GetClientRect
EndPaint
DrawTextW
IsWindowEnabled
DispatchMessageW
wsprintfA
CharNextA
CharPrevW
MessageBoxIndirectW
GetDlgItemTextW
SetDlgItemTextW
GetSystemMetrics
FillRect
AppendMenuW
TrackPopupMenu
OpenClipboard
SetClipboardData
CloseClipboard
IsWindowVisible
CallWindowProcW
GetMessagePos
CheckDlgButton
LoadCursorW
SetCursor
GetWindowLongW
GetSysColor
SetWindowPos
PeekMessageW
SetClassLongW
GetSystemMenu
EnableMenuItem
GetWindowRect
ScreenToClient
EndDialog
RegisterClassW
SystemParametersInfoW
CreateWindowExW
GetClassInfoW
DialogBoxParamW
CharNextW
ExitWindowsEx
DestroyWindow
CreateDialogParamW
SetTimer
SetWindowTextW
PostQuitMessage
SetForegroundWindow
ShowWindow
wsprintfW
SendMessageTimeoutW
FindWindowExW
IsWindow
GetDlgItem
SetWindowLongW
LoadImageW
GetDC
ReleaseDC
EnableWindow
InvalidateRect
SendMessageW
DefWindowProcW
BeginPaint
EmptyClipboard
CreatePopupMenu

gdi32

SetBkMode
SetBkColor
GetDeviceCaps
CreateFontIndirectW
CreateBrushIndirect
DeleteObject
SetTextColor
SelectObject

kernel32

GetExitCodeProcess
WaitForSingleObject
GetModuleHandleA
GetProcAddress
GetSystemDirectoryW
lstrcatW
Sleep
lstrcpyA
WriteFile
GetTempFileNameW
lstrcmpiA
RemoveDirectoryW
CreateProcessW
CreateDirectoryW
GetLastError
CreateThread
GlobalLock
GlobalUnlock
GetDiskFreeSpaceW
WideCharToMultiByte
lstrcpynW
lstrlenW
SetErrorMode
GetVersion
GetCommandLineW
GetTempPathW
GetWindowsDirectoryW
SetEnvironmentVariableW
ExitProcess
CopyFileW
GetCurrentProcess
GetModuleFileNameW
GetFileSize
CreateFileW
GetTickCount
MulDiv
SetFileAttributesW
GetFileAttributesW
SetCurrentDirectoryW
MoveFileW
GetFullPathNameW
GetShortPathNameW
SearchPathW
CompareFileTime
SetFileTime
CloseHandle
lstrcmpiW
lstrcmpW
ExpandEnvironmentStringsW
GlobalFree
GlobalAlloc
GetModuleHandleW
LoadLibraryExW
MoveFileExW
FreeLibrary
WritePrivateProfileStringW
GetPrivateProfileStringW
lstrlenA
MultiByteToWideChar
ReadFile
SetFilePointer
FindClose
FindNextFileW
FindFirstFileW
DeleteFileW

Sections

.text
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 128KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 64KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Samples 4/569cf42b940d1e5d5d4d675f6172542a8ac01596c7bc69a8b65dbe7f9ff7ed25.exe
.exe windows:5 windows x86 arch:x86

021d5e7849e90fdf4c65d3045c109483

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

UpdateWindow
LoadCursorA
ShowWindow
PostQuitMessage
GetMessageA
EndPaint
DispatchMessageA
BeginPaint
TranslateMessage
CreateWindowExA
RegisterClassExA
DefWindowProcA
MessageBoxA
SendMessageA
DestroyWindow
LoadIconA
GetWindowRect
SetWindowPos

kernel32

GetCurrentThreadId
CreateFileA
GetLastError
lstrcpyA
GetModuleHandleA
GetCommandLineA
FindFirstFileA
GetCurrentDirectoryA
FindClose
GetFileSize
FindNextFileA
DeleteFileA
CloseHandle
GetCurrentProcessId
GetCurrentProcess

gdi32

CreateFontIndirectA

Sections

.text
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 536B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.ropf
Size: 512B - Virtual size: 101B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Samples 4/5774f205b3abcd5adc225b26b5ce546c2e7eb3490d03aa13c15234370dc42e27.exe
.exe windows:4 windows x86 arch:x86

c05041e01f84e1ccca9c4451f3b6a383

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegCreateKeyExW
RegEnumKeyW
RegQueryValueExW
RegSetValueExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
SetFileSecurityW
RegOpenKeyExW
RegEnumValueW

shell32

SHGetSpecialFolderLocation
SHFileOperationW
SHBrowseForFolderW
SHGetPathFromIDListW
ShellExecuteExW
SHGetFileInfoW

ole32

OleInitialize
OleUninitialize
CoCreateInstance
IIDFromString
CoTaskMemFree

comctl32

ord17
ImageList_Create
ImageList_Destroy
ImageList_AddMasked

user32

GetClientRect
EndPaint
DrawTextW
IsWindowEnabled
DispatchMessageW
wsprintfA
CharNextA
CharPrevW
MessageBoxIndirectW
GetDlgItemTextW
SetDlgItemTextW
GetSystemMetrics
FillRect
AppendMenuW
TrackPopupMenu
OpenClipboard
SetClipboardData
CloseClipboard
IsWindowVisible
CallWindowProcW
GetMessagePos
CheckDlgButton
LoadCursorW
SetCursor
GetWindowLongW
GetSysColor
SetWindowPos
PeekMessageW
SetClassLongW
GetSystemMenu
EnableMenuItem
GetWindowRect
ScreenToClient
EndDialog
RegisterClassW
SystemParametersInfoW
CreateWindowExW
GetClassInfoW
DialogBoxParamW
CharNextW
ExitWindowsEx
DestroyWindow
CreateDialogParamW
SetTimer
SetWindowTextW
PostQuitMessage
SetForegroundWindow
ShowWindow
wsprintfW
SendMessageTimeoutW
FindWindowExW
IsWindow
GetDlgItem
SetWindowLongW
LoadImageW
GetDC
ReleaseDC
EnableWindow
InvalidateRect
SendMessageW
DefWindowProcW
BeginPaint
EmptyClipboard
CreatePopupMenu

gdi32

SetBkMode
SetBkColor
GetDeviceCaps
CreateFontIndirectW
CreateBrushIndirect
DeleteObject
SetTextColor
SelectObject

kernel32

GetExitCodeProcess
WaitForSingleObject
GetModuleHandleA
GetProcAddress
GetSystemDirectoryW
lstrcatW
Sleep
lstrcpyA
WriteFile
GetTempFileNameW
lstrcmpiA
RemoveDirectoryW
CreateProcessW
CreateDirectoryW
GetLastError
CreateThread
GlobalLock
GlobalUnlock
GetDiskFreeSpaceW
WideCharToMultiByte
lstrcpynW
lstrlenW
SetErrorMode
GetVersion
GetCommandLineW
GetTempPathW
GetWindowsDirectoryW
SetEnvironmentVariableW
ExitProcess
CopyFileW
GetCurrentProcess
GetModuleFileNameW
GetFileSize
CreateFileW
GetTickCount
MulDiv
SetFileAttributesW
GetFileAttributesW
SetCurrentDirectoryW
MoveFileW
GetFullPathNameW
GetShortPathNameW
SearchPathW
CompareFileTime
SetFileTime
CloseHandle
lstrcmpiW
lstrcmpW
ExpandEnvironmentStringsW
GlobalFree
GlobalAlloc
GetModuleHandleW
LoadLibraryExW
MoveFileExW
FreeLibrary
WritePrivateProfileStringW
GetPrivateProfileStringW
lstrlenA
MultiByteToWideChar
ReadFile
SetFilePointer
FindClose
FindNextFileW
FindFirstFileW
DeleteFileW

Sections

.text
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 128KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 64KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Samples 4/65350ee5de866f54845c13472cc7e0257b55715560ff9696ba2d4dc0494991e6.exe
.exe windows:5 windows x86 arch:x86

f4dd2fc3c2bc0f7f37512a211d153f86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ExitProcess
GetComputerNameA
FindFirstChangeNotificationW
lstrlenA
GetConsoleAliasesLengthW
CopyFileExW
TlsGetValue
CommConfigDialogA
BuildCommDCBAndTimeoutsA
FreeLibrary
SetDllDirectoryW
InterlockedIncrement
InterlockedDecrement
ZombifyActCtx
SetFirmwareEnvironmentVariableA
SetEnvironmentVariableW
GetNamedPipeHandleStateA
GetProfileSectionA
SetVolumeMountPointW
GetTickCount
GetProcessHeap
GetPrivateProfileStringW
GetConsoleTitleA
ReadConsoleW
CreateRemoteThread
GetSystemWow64DirectoryA
CreateActCtxW
TlsSetValue
GetConsoleCP
GetPrivateProfileIntA
SetFileShortNameW
GetConsoleMode
TerminateThread
CopyFileW
GetCalendarInfoA
GetVersionExW
LeaveCriticalSection
GlobalFlags
HeapValidate
VerifyVersionInfoA
IsDBCSLeadByte
GetModuleFileNameW
GetEnvironmentVariableA
CompareStringW
GetStartupInfoW
CreateJobObjectA
VerifyVersionInfoW
SetCurrentDirectoryA
GetLastError
GetLongPathNameW
GetProcAddress
HeapSize
BackupWrite
VerLanguageNameA
CreateNamedPipeA
SearchPathA
GetNumaHighestNodeNumber
GetPrivateProfileStringA
LoadLibraryA
ProcessIdToSessionId
LocalAlloc
GetFileType
WritePrivateProfileStringA
GetVolumePathNamesForVolumeNameA
GetModuleFileNameA
WriteProfileStringA
GetModuleHandleA
FindFirstChangeNotificationA
GetProcessShutdownParameters
FreeEnvironmentStringsW
WriteProfileStringW
BuildCommDCBA
GetConsoleCursorInfo
OutputDebugStringA
FindFirstVolumeA
TlsAlloc
GetWindowsDirectoryW
ReadConsoleOutputCharacterW
TlsFree
CopyFileExA
EncodePointer
DecodePointer
GetCommandLineW
HeapSetInformation
IsProcessorFeaturePresent
GetCurrentThreadId
GetModuleHandleW
SetLastError
SetUnhandledExceptionFilter
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
IsBadReadPtr
HeapCreate
WriteFile
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
IsDebuggerPresent
EnterCriticalSection
GetACP
GetOEMCP
GetCPInfo
IsValidCodePage
RtlUnwind
LoadLibraryW
HeapAlloc
HeapReAlloc
HeapQueryInformation
HeapFree
RaiseException
WideCharToMultiByte
LCMapStringW
MultiByteToWideChar
GetStringTypeW
WriteConsoleW
OutputDebugStringW
SetFilePointer
SetStdHandle
CreateFileW
CloseHandle
FlushFileBuffers

Sections

.text
Size: 225KB - Virtual size: 224KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 39.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.cimo
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.kazile
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rebafid
Size: 512B - Virtual size: 234B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 72KB - Virtual size: 71KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Samples 4/6577f5c5150e1dc818be87c2483db10b3af00effc2faf5c1acd174a8db760001.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 349KB - Virtual size: 348KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Samples 4/7755e890ecb6b60a9cbed072a609fbe099968b1fbda51f1d1f940bbc581c9f70.exe
.exe windows:4 windows x86 arch:x86

c05041e01f84e1ccca9c4451f3b6a383

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegCreateKeyExW
RegEnumKeyW
RegQueryValueExW
RegSetValueExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
SetFileSecurityW
RegOpenKeyExW
RegEnumValueW

shell32

SHGetSpecialFolderLocation
SHFileOperationW
SHBrowseForFolderW
SHGetPathFromIDListW
ShellExecuteExW
SHGetFileInfoW

ole32

OleInitialize
OleUninitialize
CoCreateInstance
IIDFromString
CoTaskMemFree

comctl32

ord17
ImageList_Create
ImageList_Destroy
ImageList_AddMasked

user32

GetClientRect
EndPaint
DrawTextW
IsWindowEnabled
DispatchMessageW
wsprintfA
CharNextA
CharPrevW
MessageBoxIndirectW
GetDlgItemTextW
SetDlgItemTextW
GetSystemMetrics
FillRect
AppendMenuW
TrackPopupMenu
OpenClipboard
SetClipboardData
CloseClipboard
IsWindowVisible
CallWindowProcW
GetMessagePos
CheckDlgButton
LoadCursorW
SetCursor
GetWindowLongW
GetSysColor
SetWindowPos
PeekMessageW
SetClassLongW
GetSystemMenu
EnableMenuItem
GetWindowRect
ScreenToClient
EndDialog
RegisterClassW
SystemParametersInfoW
CreateWindowExW
GetClassInfoW
DialogBoxParamW
CharNextW
ExitWindowsEx
DestroyWindow
CreateDialogParamW
SetTimer
SetWindowTextW
PostQuitMessage
SetForegroundWindow
ShowWindow
wsprintfW
SendMessageTimeoutW
FindWindowExW
IsWindow
GetDlgItem
SetWindowLongW
LoadImageW
GetDC
ReleaseDC
EnableWindow
InvalidateRect
SendMessageW
DefWindowProcW
BeginPaint
EmptyClipboard
CreatePopupMenu

gdi32

SetBkMode
SetBkColor
GetDeviceCaps
CreateFontIndirectW
CreateBrushIndirect
DeleteObject
SetTextColor
SelectObject

kernel32

GetExitCodeProcess
WaitForSingleObject
GetModuleHandleA
GetProcAddress
GetSystemDirectoryW
lstrcatW
Sleep
lstrcpyA
WriteFile
GetTempFileNameW
lstrcmpiA
RemoveDirectoryW
CreateProcessW
CreateDirectoryW
GetLastError
CreateThread
GlobalLock
GlobalUnlock
GetDiskFreeSpaceW
WideCharToMultiByte
lstrcpynW
lstrlenW
SetErrorMode
GetVersion
GetCommandLineW
GetTempPathW
GetWindowsDirectoryW
SetEnvironmentVariableW
ExitProcess
CopyFileW
GetCurrentProcess
GetModuleFileNameW
GetFileSize
CreateFileW
GetTickCount
MulDiv
SetFileAttributesW
GetFileAttributesW
SetCurrentDirectoryW
MoveFileW
GetFullPathNameW
GetShortPathNameW
SearchPathW
CompareFileTime
SetFileTime
CloseHandle
lstrcmpiW
lstrcmpW
ExpandEnvironmentStringsW
GlobalFree
GlobalAlloc
GetModuleHandleW
LoadLibraryExW
MoveFileExW
FreeLibrary
WritePrivateProfileStringW
GetPrivateProfileStringW
lstrlenA
MultiByteToWideChar
ReadFile
SetFilePointer
FindClose
FindNextFileW
FindFirstFileW
DeleteFileW

Sections

.text
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 128KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 64KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Samples 4/81539fb95214aadc076c01161cdce901fc57b6cc8d82e27bae4915c512d9baad.exe
.exe windows:5 windows x86 arch:x86

6dca3e9fb3928bbdb54dbce669943ec8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleHandleW
GetComputerNameW
GetLocalTime
SystemTimeToFileTime
FileTimeToSystemTime
SizeofResource
LockResource
LoadResource
FindResourceW
FindResourceExW
MultiByteToWideChar
GetProcAddress
LoadLibraryW
GetCurrentProcess
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
GetLastError
CloseHandle
WideCharToMultiByte
MoveFileW
DeleteFileW
CreateDirectoryW
SetFileAttributesW
GetTempPathW
GetTempFileNameW
MoveFileExW
lstrlenW
CreateFileW
GetFileSize
ReadFile
WriteFile
Sleep
GetComputerNameA
GetModuleFileNameW
CreateProcessW
GetSystemTime
FileTimeToLocalFileTime
RaiseException
InitializeCriticalSectionAndSpinCount
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
LocalAlloc
SetEndOfFile
SetStdHandle
WriteConsoleW
FreeLibrary
LoadLibraryA
InterlockedIncrement
InterlockedDecrement
InterlockedExchange
EncodePointer
DecodePointer
GetCommandLineW
HeapSetInformation
GetStartupInfoW
GetCurrentThreadId
RtlUnwind
LCMapStringW
GetCPInfo
SetUnhandledExceptionFilter
ExitProcess
GetStdHandle
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
SetLastError
HeapCreate
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
UnhandledExceptionFilter
IsDebuggerPresent
IsProcessorFeaturePresent
GetConsoleCP
GetConsoleMode
GetACP
GetOEMCP
IsValidCodePage
SetFilePointer
FlushFileBuffers
GetUserDefaultLCID
GetLocaleInfoW
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
GetStringTypeW

ole32

CoCreateInstance
CoInitialize

shlwapi

PathIsRootW
PathFileExistsW
PathAppendW
PathAddExtensionW
PathRemoveExtensionW

Sections

.text
Size: 137KB - Virtual size: 136KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 262KB - Virtual size: 283KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 50KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Samples 4/87876acd533b5e473c1f27bf24ad26a9b6d0e6859186e00ac3efa334711b8f4a.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 639KB - Virtual size: 639KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Samples 4/8896b158ac271c269cfea637cd9402db48676eeef02b9d694d5c9f0eaeb3dbb0.exe
.exe windows:4 windows x86 arch:x86

c05041e01f84e1ccca9c4451f3b6a383

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegCreateKeyExW
RegEnumKeyW
RegQueryValueExW
RegSetValueExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
SetFileSecurityW
RegOpenKeyExW
RegEnumValueW

shell32

SHGetSpecialFolderLocation
SHFileOperationW
SHBrowseForFolderW
SHGetPathFromIDListW
ShellExecuteExW
SHGetFileInfoW

ole32

OleInitialize
OleUninitialize
CoCreateInstance
IIDFromString
CoTaskMemFree

comctl32

ord17
ImageList_Create
ImageList_Destroy
ImageList_AddMasked

user32

GetClientRect
EndPaint
DrawTextW
IsWindowEnabled
DispatchMessageW
wsprintfA
CharNextA
CharPrevW
MessageBoxIndirectW
GetDlgItemTextW
SetDlgItemTextW
GetSystemMetrics
FillRect
AppendMenuW
TrackPopupMenu
OpenClipboard
SetClipboardData
CloseClipboard
IsWindowVisible
CallWindowProcW
GetMessagePos
CheckDlgButton
LoadCursorW
SetCursor
GetWindowLongW
GetSysColor
SetWindowPos
PeekMessageW
SetClassLongW
GetSystemMenu
EnableMenuItem
GetWindowRect
ScreenToClient
EndDialog
RegisterClassW
SystemParametersInfoW
CreateWindowExW
GetClassInfoW
DialogBoxParamW
CharNextW
ExitWindowsEx
DestroyWindow
CreateDialogParamW
SetTimer
SetWindowTextW
PostQuitMessage
SetForegroundWindow
ShowWindow
wsprintfW
SendMessageTimeoutW
FindWindowExW
IsWindow
GetDlgItem
SetWindowLongW
LoadImageW
GetDC
ReleaseDC
EnableWindow
InvalidateRect
SendMessageW
DefWindowProcW
BeginPaint
EmptyClipboard
CreatePopupMenu

gdi32

SetBkMode
SetBkColor
GetDeviceCaps
CreateFontIndirectW
CreateBrushIndirect
DeleteObject
SetTextColor
SelectObject

kernel32

GetExitCodeProcess
WaitForSingleObject
GetModuleHandleA
GetProcAddress
GetSystemDirectoryW
lstrcatW
Sleep
lstrcpyA
WriteFile
GetTempFileNameW
lstrcmpiA
RemoveDirectoryW
CreateProcessW
CreateDirectoryW
GetLastError
CreateThread
GlobalLock
GlobalUnlock
GetDiskFreeSpaceW
WideCharToMultiByte
lstrcpynW
lstrlenW
SetErrorMode
GetVersion
GetCommandLineW
GetTempPathW
GetWindowsDirectoryW
SetEnvironmentVariableW
ExitProcess
CopyFileW
GetCurrentProcess
GetModuleFileNameW
GetFileSize
CreateFileW
GetTickCount
MulDiv
SetFileAttributesW
GetFileAttributesW
SetCurrentDirectoryW
MoveFileW
GetFullPathNameW
GetShortPathNameW
SearchPathW
CompareFileTime
SetFileTime
CloseHandle
lstrcmpiW
lstrcmpW
ExpandEnvironmentStringsW
GlobalFree
GlobalAlloc
GetModuleHandleW
LoadLibraryExW
MoveFileExW
FreeLibrary
WritePrivateProfileStringW
GetPrivateProfileStringW
lstrlenA
MultiByteToWideChar
ReadFile
SetFilePointer
FindClose
FindNextFileW
FindFirstFileW
DeleteFileW

Sections

.text
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 128KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 64KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Samples 4/9797a37016362ce602e53046e32a596c186a489976d38a7e2e9113344415c71a.exe
.exe windows:6 windows x86 arch:x86

d69e4c13e25f0ad622344ac56118c0df

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetComputerNameW
GetModuleFileNameA
GetCurrentProcessId
OpenProcess
GetModuleFileNameW
SetLastError
WaitForSingleObject
CreateEventW
FreeLibrary
WinExec
GetPrivateProfileStringW
CopyFileW
SetStdHandle
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetOEMCP
LocalFree
LocalAlloc
LoadResource
FindResourceW
SizeofResource
LockResource
GetTickCount
GetCurrentThread
Sleep
GetProcessHeap
HeapAlloc
GetLastError
GetTempPathA
SetCurrentDirectoryW
GetShortPathNameA
LoadLibraryW
GetProcAddress
WideCharToMultiByte
MultiByteToWideChar
SystemTimeToFileTime
DosDateTimeToFileTime
GetCurrentProcess
DuplicateHandle
CloseHandle
WriteFile
SetFileTime
SetFilePointer
ReadFile
GetFileType
CreateFileW
CreateDirectoryW
TerminateProcess
GetCurrentDirectoryW
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
FindClose
GetTimeZoneInformation
GetFileSizeEx
GetConsoleOutputCP
SetFilePointerEx
ReadConsoleW
GetConsoleMode
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetCommandLineW
GetCommandLineA
GetStdHandle
ExitProcess
GetModuleHandleExW
FreeLibraryAndExitThread
ExitThread
CreateThread
LoadLibraryExW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
RtlUnwind
RaiseException
GetStringTypeW
WriteConsoleW
GetCPInfo
CompareStringEx
LCMapStringEx
DecodePointer
EncodePointer
InitializeCriticalSectionEx
InitializeSListHead
GetStartupInfoW
IsDebuggerPresent
GetModuleHandleW
ResetEvent
SetEvent
InitializeCriticalSectionAndSpinCount
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
FlushFileBuffers
QueryPerformanceCounter
MapViewOfFile
CreateFileMappingW
AreFileApisANSI
TryEnterCriticalSection
HeapCreate
HeapFree
EnterCriticalSection
GetFullPathNameW
GetDiskFreeSpaceW
OutputDebugStringA
LockFile
LeaveCriticalSection
InitializeCriticalSection
GetFullPathNameA
SetEndOfFile
UnlockFileEx
GetTempPathW
CreateMutexW
GetFileAttributesW
GetCurrentThreadId
UnmapViewOfFile
HeapValidate
HeapSize
FormatMessageW
GetDiskFreeSpaceA
GetFileAttributesA
GetFileAttributesExW
OutputDebugStringW
FlushViewOfFile
CreateFileA
LoadLibraryA
WaitForSingleObjectEx
DeleteFileA
DeleteFileW
HeapReAlloc
GetSystemInfo
HeapCompact
HeapDestroy
UnlockFile
LockFileEx
GetFileSize
DeleteCriticalSection
GetSystemTimeAsFileTime
GetSystemTime
FormatMessageA

advapi32

LookupPrivilegeValueW
AdjustTokenPrivileges
LookupAccountNameW
SetSecurityDescriptorOwner
SetSecurityDescriptorGroup
SetSecurityDescriptorDacl
IsValidSecurityDescriptor
InitializeSecurityDescriptor
InitializeAcl
GetTokenInformation
GetLengthSid
FreeSid
EqualSid
DuplicateToken
AllocateAndInitializeSid
AddAccessAllowedAce
AccessCheck
OpenThreadToken
OpenProcessToken

shell32

ShellExecuteExA

ole32

CoInitializeEx
CoGetObject
CoUninitialize

wininet

InternetGetCookieExA

netapi32

Netbios

ntdll

RtlInitUnicodeString
NtFreeVirtualMemory
LdrEnumerateLoadedModules
RtlEqualUnicodeString
RtlAcquirePebLock
NtAllocateVirtualMemory
RtlReleasePebLock
RtlNtStatusToDosError
RtlCreateHeap
RtlDestroyHeap
RtlAllocateHeap
RtlFreeHeap
NtClose
NtOpenKey
NtEnumerateValueKey
NtQueryValueKey

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.dfarrge
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.dfarrge
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.dfarrge
Size: 1024B - Virtual size: 714B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.dfarrge
Size: 1024B - Virtual size: 605B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.dfarrge
Size: 1024B - Virtual size: 931B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.dfarrge
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.dfarrge
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 175KB - Virtual size: 175KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.dfarrge
Size: 512B - Virtual size: 80B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 116KB - Virtual size: 116KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Samples 4/995d009e2fa6b510a0251895e0e71d0709ebfdeac782eae91caa3b4ee30bd29b.exe
.exe windows:4 windows x86 arch:x86

c05041e01f84e1ccca9c4451f3b6a383

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegCreateKeyExW
RegEnumKeyW
RegQueryValueExW
RegSetValueExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
SetFileSecurityW
RegOpenKeyExW
RegEnumValueW

shell32

SHGetSpecialFolderLocation
SHFileOperationW
SHBrowseForFolderW
SHGetPathFromIDListW
ShellExecuteExW
SHGetFileInfoW

ole32

OleInitialize
OleUninitialize
CoCreateInstance
IIDFromString
CoTaskMemFree

comctl32

ord17
ImageList_Create
ImageList_Destroy
ImageList_AddMasked

user32

GetClientRect
EndPaint
DrawTextW
IsWindowEnabled
DispatchMessageW
wsprintfA
CharNextA
CharPrevW
MessageBoxIndirectW
GetDlgItemTextW
SetDlgItemTextW
GetSystemMetrics
FillRect
AppendMenuW
TrackPopupMenu
OpenClipboard
SetClipboardData
CloseClipboard
IsWindowVisible
CallWindowProcW
GetMessagePos
CheckDlgButton
LoadCursorW
SetCursor
GetWindowLongW
GetSysColor
SetWindowPos
PeekMessageW
SetClassLongW
GetSystemMenu
EnableMenuItem
GetWindowRect
ScreenToClient
EndDialog
RegisterClassW
SystemParametersInfoW
CreateWindowExW
GetClassInfoW
DialogBoxParamW
CharNextW
ExitWindowsEx
DestroyWindow
CreateDialogParamW
SetTimer
SetWindowTextW
PostQuitMessage
SetForegroundWindow
ShowWindow
wsprintfW
SendMessageTimeoutW
FindWindowExW
IsWindow
GetDlgItem
SetWindowLongW
LoadImageW
GetDC
ReleaseDC
EnableWindow
InvalidateRect
SendMessageW
DefWindowProcW
BeginPaint
EmptyClipboard
CreatePopupMenu

gdi32

SetBkMode
SetBkColor
GetDeviceCaps
CreateFontIndirectW
CreateBrushIndirect
DeleteObject
SetTextColor
SelectObject

kernel32

GetExitCodeProcess
WaitForSingleObject
GetModuleHandleA
GetProcAddress
GetSystemDirectoryW
lstrcatW
Sleep
lstrcpyA
WriteFile
GetTempFileNameW
lstrcmpiA
RemoveDirectoryW
CreateProcessW
CreateDirectoryW
GetLastError
CreateThread
GlobalLock
GlobalUnlock
GetDiskFreeSpaceW
WideCharToMultiByte
lstrcpynW
lstrlenW
SetErrorMode
GetVersion
GetCommandLineW
GetTempPathW
GetWindowsDirectoryW
SetEnvironmentVariableW
ExitProcess
CopyFileW
GetCurrentProcess
GetModuleFileNameW
GetFileSize
CreateFileW
GetTickCount
MulDiv
SetFileAttributesW
GetFileAttributesW
SetCurrentDirectoryW
MoveFileW
GetFullPathNameW
GetShortPathNameW
SearchPathW
CompareFileTime
SetFileTime
CloseHandle
lstrcmpiW
lstrcmpW
ExpandEnvironmentStringsW
GlobalFree
GlobalAlloc
GetModuleHandleW
LoadLibraryExW
MoveFileExW
FreeLibrary
WritePrivateProfileStringW
GetPrivateProfileStringW
lstrlenA
MultiByteToWideChar
ReadFile
SetFilePointer
FindClose
FindNextFileW
FindFirstFileW
DeleteFileW

Sections

.text
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 128KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 64KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Samples 5/050506129490bf4fc71dfedbf612532a669ea9b02f2d6b8311428601e915763e.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15-06-2007 00:00

Not After

14-06-2012 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

50:07:b0:3e:be:95:a7:ce:f3:11:38:de:3a:4f:ea:06
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

20-07-2011 00:00

Not After

23-07-2014 23:59

Subject

CN=Altova Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Altova Inc.,L=Beverly,ST=MA,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 4.1MB - Virtual size: 4.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 204KB - Virtual size: 204KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Samples 5/1391748ce1bffd2513a95275adeb87105e963ef9452ea26798edd2dbd0126f2e.exe
.exe windows:5 windows x86 arch:x86

5fde42363e282ba9b6cb8d9d243cde86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FindFirstFileW
SetLocaleInfoA
WriteConsoleInputW
lstrlenA
GetConsoleAliasA
WaitNamedPipeA
WriteConsoleInputA
AddConsoleAliasW
FlushConsoleInputBuffer
OpenSemaphoreA
SetTapeParameters
MoveFileWithProgressA
GetModuleHandleW
FindNextVolumeMountPointA
ConvertFiberToThread
ExpandEnvironmentStringsA
ReadConsoleW
GetCompressedFileSizeW
GetConsoleAliasExesW
GetUserDefaultLangID
SetCommState
CreateActCtxW
GetEnvironmentStrings
LoadLibraryW
SetCommConfig
FatalAppExitW
CopyFileW
_hread
GetSystemPowerStatus
CreateEventA
GetExitCodeProcess
EnumSystemCodePagesA
GetFileAttributesW
TerminateProcess
GetTimeZoneInformation
FindNextVolumeMountPointW
ReplaceFileA
GetTempPathW
EnumSystemLocalesA
GetConsoleOutputCP
VerifyVersionInfoW
GetConsoleAliasesW
GetStartupInfoA
GetLastError
SetLastError
GetProcAddress
GetPrivateProfileStringA
SetFileApisToOEM
LoadLibraryA
LocalAlloc
IsWow64Process
SetConsoleCtrlHandler
RemoveDirectoryW
WriteProfileSectionW
VirtualLock
GlobalGetAtomNameW
GetCurrentConsoleFont
FoldStringA
GlobalFindAtomW
GetModuleHandleA
FindNextFileW
GetStringTypeW
VirtualProtect
GetCurrentDirectoryA
CompareStringA
QueryPerformanceFrequency
GetShortPathNameW
FindFirstVolumeA
GetWindowsDirectoryW
MoveFileWithProgressW
ResetWriteWatch
ReadConsoleOutputCharacterW
EnumSystemLocalesW
DeleteFileA
ExpandEnvironmentStringsW
WriteConsoleW
InterlockedIncrement
InterlockedDecrement
EncodePointer
DecodePointer
Sleep
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
WideCharToMultiByte
HeapFree
GetCommandLineW
HeapSetInformation
GetStartupInfoW
RaiseException
RtlUnwind
HeapAlloc
LCMapStringW
MultiByteToWideChar
GetCPInfo
IsProcessorFeaturePresent
GetACP
GetOEMCP
IsValidCodePage
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetCurrentThreadId
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCurrentProcess
HeapCreate
SetHandleCount
GetStdHandle
InitializeCriticalSectionAndSpinCount
GetFileType
SetFilePointer
CloseHandle
ExitProcess
WriteFile
GetModuleFileNameW
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
GetLocaleInfoW
HeapSize
GetUserDefaultLCID
GetLocaleInfoA
IsValidLocale
HeapReAlloc
GetConsoleCP
GetConsoleMode
SetStdHandle
FlushFileBuffers
CreateFileW

user32

CharUpperA

Sections

.text
Size: 175KB - Virtual size: 175KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 3.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 94KB - Virtual size: 93KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Samples 5/210353e2c687a7e1e94408ca27cf59fbbec44495d75a3e466ae528a1a33a53ea.exe
.exe windows:4 windows x86 arch:x86

32569d67dc210c5cb9a759b08da2bdb3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

oleaut32

SysStringLen
SysAllocStringLen
VariantClear

user32

DialogBoxParamW
SetWindowLongW
GetWindowLongW
GetDlgItem
LoadStringW
CharUpperW
DestroyWindow
EndDialog
PostMessageW
SetWindowTextW
ShowWindow
MessageBoxW
SendMessageW
LoadIconW
KillTimer
SetTimer

shell32

ShellExecuteExW

msvcrt

_controlfp
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_XcptFilter
_exit
?terminate@@YAXXZ
??1type_info@@UAE@XZ
_except_handler3
_beginthreadex
memset
wcsstr
free
malloc
memcpy
_CxxThrowException
_purecall
memmove
memcmp
wcscmp
__CxxFrameHandler

kernel32

WaitForSingleObject
GetStartupInfoA
InitializeCriticalSection
ResetEvent
SetEvent
CreateEventW
lstrlenW
lstrcatW
VirtualFree
VirtualAlloc
Sleep
WaitForMultipleObjects
GetFileInformationByHandle
GetStdHandle
GlobalMemoryStatus
GetSystemInfo
GetCurrentProcess
GetProcessAffinityMask
SetEndOfFile
WriteFile
ReadFile
SetFilePointer
GetFileSize
GetFileAttributesW
GetModuleHandleA
FindNextFileW
FindFirstFileW
FindClose
GetCurrentThreadId
GetTickCount
GetCurrentProcessId
GetTempPathW
GetCurrentDirectoryW
SetCurrentDirectoryW
SetLastError
DeleteFileW
CreateDirectoryW
GetModuleHandleW
GetProcAddress
RemoveDirectoryW
SetFileAttributesW
CreateFileW
SetFileTime
GetSystemDirectoryW
FormatMessageW
LocalFree
GetModuleFileNameW
LoadLibraryExW
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetLastError
GetVersionExW
GetCommandLineW
CreateProcessW
CloseHandle

Sections

.text
Size: 102KB - Virtual size: 101KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.sxdata
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Samples 5/448140b0da950c59905b373bc96a0cefce7bce665c2727f416353d035f35583d.exe
.exe windows:5 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Sections

UPX0
Size: 20KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 10KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 11KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.imports
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Samples 5/618969df2d98c660836fc0c94f95d93c8c561f19f106c56eca3f5aa9930cbba8.exe
.exe windows:4 windows x86 arch:x86

c05041e01f84e1ccca9c4451f3b6a383

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegCreateKeyExW
RegEnumKeyW
RegQueryValueExW
RegSetValueExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
SetFileSecurityW
RegOpenKeyExW
RegEnumValueW

shell32

SHGetSpecialFolderLocation
SHFileOperationW
SHBrowseForFolderW
SHGetPathFromIDListW
ShellExecuteExW
SHGetFileInfoW

ole32

OleInitialize
OleUninitialize
CoCreateInstance
IIDFromString
CoTaskMemFree

comctl32

ord17
ImageList_Create
ImageList_Destroy
ImageList_AddMasked

user32

GetClientRect
EndPaint
DrawTextW
IsWindowEnabled
DispatchMessageW
wsprintfA
CharNextA
CharPrevW
MessageBoxIndirectW
GetDlgItemTextW
SetDlgItemTextW
GetSystemMetrics
FillRect
AppendMenuW
TrackPopupMenu
OpenClipboard
SetClipboardData
CloseClipboard
IsWindowVisible
CallWindowProcW
GetMessagePos
CheckDlgButton
LoadCursorW
SetCursor
GetWindowLongW
GetSysColor
SetWindowPos
PeekMessageW
SetClassLongW
GetSystemMenu
EnableMenuItem
GetWindowRect
ScreenToClient
EndDialog
RegisterClassW
SystemParametersInfoW
CreateWindowExW
GetClassInfoW
DialogBoxParamW
CharNextW
ExitWindowsEx
DestroyWindow
CreateDialogParamW
SetTimer
SetWindowTextW
PostQuitMessage
SetForegroundWindow
ShowWindow
wsprintfW
SendMessageTimeoutW
FindWindowExW
IsWindow
GetDlgItem
SetWindowLongW
LoadImageW
GetDC
ReleaseDC
EnableWindow
InvalidateRect
SendMessageW
DefWindowProcW
BeginPaint
EmptyClipboard
CreatePopupMenu

gdi32

SetBkMode
SetBkColor
GetDeviceCaps
CreateFontIndirectW
CreateBrushIndirect
DeleteObject
SetTextColor
SelectObject

kernel32

GetExitCodeProcess
WaitForSingleObject
GetModuleHandleA
GetProcAddress
GetSystemDirectoryW
lstrcatW
Sleep
lstrcpyA
WriteFile
GetTempFileNameW
lstrcmpiA
RemoveDirectoryW
CreateProcessW
CreateDirectoryW
GetLastError
CreateThread
GlobalLock
GlobalUnlock
GetDiskFreeSpaceW
WideCharToMultiByte
lstrcpynW
lstrlenW
SetErrorMode
GetVersion
GetCommandLineW
GetTempPathW
GetWindowsDirectoryW
SetEnvironmentVariableW
ExitProcess
CopyFileW
GetCurrentProcess
GetModuleFileNameW
GetFileSize
CreateFileW
GetTickCount
MulDiv
SetFileAttributesW
GetFileAttributesW
SetCurrentDirectoryW
MoveFileW
GetFullPathNameW
GetShortPathNameW
SearchPathW
CompareFileTime
SetFileTime
CloseHandle
lstrcmpiW
lstrcmpW
ExpandEnvironmentStringsW
GlobalFree
GlobalAlloc
GetModuleHandleW
LoadLibraryExW
MoveFileExW
FreeLibrary
WritePrivateProfileStringW
GetPrivateProfileStringW
lstrlenA
MultiByteToWideChar
ReadFile
SetFilePointer
FindClose
FindNextFileW
FindFirstFileW
DeleteFileW

Sections

.text
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 128KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 64KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Samples 5/640241afe83f23ed74de217149943294fb612ba8a283edb5049c23f059414a8a.exe
.exe windows:4 windows x86 arch:x86

c05041e01f84e1ccca9c4451f3b6a383

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegCreateKeyExW
RegEnumKeyW
RegQueryValueExW
RegSetValueExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
SetFileSecurityW
RegOpenKeyExW
RegEnumValueW

shell32

SHGetSpecialFolderLocation
SHFileOperationW
SHBrowseForFolderW
SHGetPathFromIDListW
ShellExecuteExW
SHGetFileInfoW

ole32

OleInitialize
OleUninitialize
CoCreateInstance
IIDFromString
CoTaskMemFree

comctl32

ord17
ImageList_Create
ImageList_Destroy
ImageList_AddMasked

user32

GetClientRect
EndPaint
DrawTextW
IsWindowEnabled
DispatchMessageW
wsprintfA
CharNextA
CharPrevW
MessageBoxIndirectW
GetDlgItemTextW
SetDlgItemTextW
GetSystemMetrics
FillRect
AppendMenuW
TrackPopupMenu
OpenClipboard
SetClipboardData
CloseClipboard
IsWindowVisible
CallWindowProcW
GetMessagePos
CheckDlgButton
LoadCursorW
SetCursor
GetWindowLongW
GetSysColor
SetWindowPos
PeekMessageW
SetClassLongW
GetSystemMenu
EnableMenuItem
GetWindowRect
ScreenToClient
EndDialog
RegisterClassW
SystemParametersInfoW
CreateWindowExW
GetClassInfoW
DialogBoxParamW
CharNextW
ExitWindowsEx
DestroyWindow
CreateDialogParamW
SetTimer
SetWindowTextW
PostQuitMessage
SetForegroundWindow
ShowWindow
wsprintfW
SendMessageTimeoutW
FindWindowExW
IsWindow
GetDlgItem
SetWindowLongW
LoadImageW
GetDC
ReleaseDC
EnableWindow
InvalidateRect
SendMessageW
DefWindowProcW
BeginPaint
EmptyClipboard
CreatePopupMenu

gdi32

SetBkMode
SetBkColor
GetDeviceCaps
CreateFontIndirectW
CreateBrushIndirect
DeleteObject
SetTextColor
SelectObject

kernel32

GetExitCodeProcess
WaitForSingleObject
GetModuleHandleA
GetProcAddress
GetSystemDirectoryW
lstrcatW
Sleep
lstrcpyA
WriteFile
GetTempFileNameW
lstrcmpiA
RemoveDirectoryW
CreateProcessW
CreateDirectoryW
GetLastError
CreateThread
GlobalLock
GlobalUnlock
GetDiskFreeSpaceW
WideCharToMultiByte
lstrcpynW
lstrlenW
SetErrorMode
GetVersion
GetCommandLineW
GetTempPathW
GetWindowsDirectoryW
SetEnvironmentVariableW
ExitProcess
CopyFileW
GetCurrentProcess
GetModuleFileNameW
GetFileSize
CreateFileW
GetTickCount
MulDiv
SetFileAttributesW
GetFileAttributesW
SetCurrentDirectoryW
MoveFileW
GetFullPathNameW
GetShortPathNameW
SearchPathW
CompareFileTime
SetFileTime
CloseHandle
lstrcmpiW
lstrcmpW
ExpandEnvironmentStringsW
GlobalFree
GlobalAlloc
GetModuleHandleW
LoadLibraryExW
MoveFileExW
FreeLibrary
WritePrivateProfileStringW
GetPrivateProfileStringW
lstrlenA
MultiByteToWideChar
ReadFile
SetFilePointer
FindClose
FindNextFileW
FindFirstFileW
DeleteFileW

Sections

.text
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 128KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 64KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Samples 5/836486fba787ca151a90548a0ebe5d6bfc006c52133bf6a349a266c8ccf4f79b.exe
.exe windows:6 windows x86 arch:x86

1a82bbeeca5d8a93b74a0b00a0764b1d

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

apphelp

SdbDeletePermLayerKeys
SdbEnumMsiTransforms
SdbFindFirstMsiPackage
SdbFindFirstMsiPackage_Str
SdbFindFirstNamedTag
SdbFindFirstTag
SdbFindFirstTagRef
SdbFindNextMsiPackage
SdbFindNextTag

mstask

NetrJobEnum
NetrJobGetInfo
SAGetAccountInformation
SAGetNSAccountInformation
SASetAccountInformation
SASetNSAccountInformation
SetNetScheduleAccountInformation

certcli

CAAccessCheck
CAAccessCheckEx

regapi

RegWdQueryA
RegWdQueryA
RegWdQueryA
RegWdQueryA
RegWdQueryA
RegWdQueryA
RegWdQueryA
RegWdQueryW
RegCdCreateW
RegCdDeleteA
RegCdDeleteW
RegCdEnumerateA
RegCdEnumerateW
RegCdQueryA
RegCdQueryW
RegCloseServer
RegUserConfigRename
RegOpenServerA
RegPdEnumerateA

msvcrt

fopen
fread

kernel32

GetSystemDirectoryA
OutputDebugStringW
IsDebuggerPresent
MulDiv
GetTickCount
GetACP
LoadLibraryA
FindVolumeClose
GetCommandLineA

htui

HTUI_DeviceColorAdjustment
HTUI_DeviceColorAdjustmentA
HTUI_DeviceColorAdjustmentW
HTUI_DeviceColorAdjustment
HTUI_DeviceColorAdjustmentA
HTUI_DeviceColorAdjustmentW

iashlpr

AllocateAttributes

sti

StiCreateInstance

polstore

IPSecClosePolicyStore
IPSecCopyFilterData
IPSecCopyFilterSpec
IPSecCopyISAKMPData
IPSecCopyNFAData
IPSecCopyNegPolData
IPSecCopyPolicyData
IPSecCreateFilterData
IPSecCreateISAKMPData
IPSecCreateNFAData
IPSecCreateNegPolData
IPSecCreatePolicyData
IPSecDeleteFilterData
IPSecDeleteISAKMPData

dbghelp

ImageRvaToSection
ImageRvaToVa

Sections

.text
Size: 7KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

rsrc6
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
Samples 5/8710679cc4055b4ed025b3be8a9b248a3ca457cf95673b31fcd7865669e49bcf.exe
.exe windows:4 windows x86 arch:x86

Code Sign

2e:ab:11:dc:50:ff:5c:9d:cb:c0
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

22-08-2007 22:31

Not After

25-08-2012 07:00

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:01:64:0f:00:00:00:00:00:0b
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

20-01-2009 01:58

Not After

20-03-2010 02:08

Subject

CN=Microsoft Corporation,OU=AOC,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

16-09-2006 01:04

Not After

15-09-2019 07:00

Subject

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:06:94:2d:00:00:00:00:00:09
Certificate

Issuer

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

25-07-2008 19:02

Not After

25-07-2013 19:12

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:7A82-688A-9F92,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

6f:ed:3e:4a:f6:ab:f3:4e:5e:aa:9d:4a:14:df:e5:13:2e:a4:16:15
Signer

Actual PE Digest

6f:ed:3e:4a:f6:ab:f3:4e:5e:aa:9d:4a:14:df:e5:13:2e:a4:16:15

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 343KB - Virtual size: 342KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 3KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 16B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 177KB - Virtual size: 177KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Samples 5/a5e6cd875238850ec701202134a00d276574d623ac52383f4a96e26650ceac77.exe
.exe windows:1 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 39KB - Virtual size: 39KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 1024B - Virtual size: 592B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 3KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 8B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 368KB - Virtual size: 367KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Samples 5/aa5e9ff271143c3cd205988c3100f1bb844d70d2930f04a2b2002e9c0951a74e.exe
.exe windows:4 windows x86 arch:x86

32569d67dc210c5cb9a759b08da2bdb3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

oleaut32

SysStringLen
SysAllocStringLen
VariantClear

user32

DialogBoxParamW
SetWindowLongW
GetWindowLongW
GetDlgItem
LoadStringW
CharUpperW
DestroyWindow
EndDialog
PostMessageW
SetWindowTextW
ShowWindow
MessageBoxW
SendMessageW
LoadIconW
KillTimer
SetTimer

shell32

ShellExecuteExW

msvcrt

_controlfp
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_XcptFilter
_exit
?terminate@@YAXXZ
??1type_info@@UAE@XZ
_except_handler3
_beginthreadex
memset
wcsstr
free
malloc
memcpy
_CxxThrowException
_purecall
memmove
memcmp
wcscmp
__CxxFrameHandler

kernel32

WaitForSingleObject
GetStartupInfoA
InitializeCriticalSection
ResetEvent
SetEvent
CreateEventW
lstrlenW
lstrcatW
VirtualFree
VirtualAlloc
Sleep
WaitForMultipleObjects
GetFileInformationByHandle
GetStdHandle
GlobalMemoryStatus
GetSystemInfo
GetCurrentProcess
GetProcessAffinityMask
SetEndOfFile
WriteFile
ReadFile
SetFilePointer
GetFileSize
GetFileAttributesW
GetModuleHandleA
FindNextFileW
FindFirstFileW
FindClose
GetCurrentThreadId
GetTickCount
GetCurrentProcessId
GetTempPathW
GetCurrentDirectoryW
SetCurrentDirectoryW
SetLastError
DeleteFileW
CreateDirectoryW
GetModuleHandleW
GetProcAddress
RemoveDirectoryW
SetFileAttributesW
CreateFileW
SetFileTime
GetSystemDirectoryW
FormatMessageW
LocalFree
GetModuleFileNameW
LoadLibraryExW
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetLastError
GetVersionExW
GetCommandLineW
CreateProcessW
CloseHandle

Sections

.text
Size: 102KB - Virtual size: 101KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.sxdata
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Samples 5/ab2de770aa37881476025be0d91a58826838de592fde00f22ea3a367a0c6a46a.exe
.exe windows:6 windows x86 arch:x86

5c4ca581bd0c16fde33f63c4ab8ff974

Code Sign

30:56:00:80:e5:a1:5d:bc:43:88:20:4f:da:52:84:be
Certificate

Issuer

CN=Logitech Z-748 Template GIT ~

Not Before

23-11-2022 20:39

Not After

24-11-2032 20:39

Subject

CN=Logitech Z-748 Template GIT ~

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

03-05-2023 00:00

Not After

02-08-2034 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #4,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02-05-2019 00:00

Not After

18-01-2038 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

82:de:03:a6:a5:d5:5c:4a:db:9f:a3:aa:44:ef:fc:42:6b:99:70:bc:cf:33:e0:54:79:75:12:f5:5b:c2:e3:be
Signer

Actual PE Digest

82:de:03:a6:a5:d5:5c:4a:db:9f:a3:aa:44:ef:fc:42:6b:99:70:bc:cf:33:e0:54:79:75:12:f5:5b:c2:e3:be

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CloseHandle
GetSystemTimeAsFileTime
HeapAlloc
HeapFree
ExitProcess
LoadLibraryA
GetModuleHandleA
GetProcAddress

user32

EnumDisplayDevicesA

advapi32

GetCurrentHwProfileW

gdi32

BitBlt

shlwapi

PathFileExistsW

winhttp

WinHttpCloseHandle

iphlpapi

GetAdaptersInfo

wininet

HttpAddRequestHeadersA

crypt32

CryptStringToBinaryA

Sections

.text
Size: - Virtual size: 446KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.‹¿/.
Size: - Virtual size: 2.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.‹¿/.
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.‹¿/.
Size: 4.3MB - Virtual size: 4.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 228KB - Virtual size: 254KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Samples 5/af74c04a2c7ab70c4b5e3c12ed698d0220be1324f341bd9d4e38d83a9f49adc6.exe
.exe windows:5 windows x86 arch:x86

3bd1cf97537104404441a903e61f0f5f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_ISOLATION
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

wininet

HttpSendRequestW
InternetSetOptionW
InternetQueryOptionW
HttpOpenRequestA
HttpQueryInfoW
InternetReadFile
InternetConnectA
InternetOpenW

kernel32

lstrlenW
WriteFile
GetCurrentDirectoryW
HeapFree
FreeLibrary
GetProcAddress
LoadLibraryW
DeleteFileW
GetModuleHandleW
HeapCreate
HeapAlloc
GetModuleFileNameW
GetTempPathW
CreateFileW
GetFileSize
lstrcmpW
ExitProcess
ReadFile
CloseHandle

user32

wsprintfW

shell32

ShellExecuteW

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 8B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 448B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 210B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Samples 5/b554bb8695c6674175bb3493f8f34c3d1d5b7f4cbb6da4c2e8431bd03acb4351.exe
.exe windows:5 windows x86 arch:x86

7ba3aa8366ce167c7a77ebd6e6fea8e5

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

PostQuitMessage
GetMessageA
UpdateWindow
EndPaint
DispatchMessageA
BeginPaint
TranslateMessage
MoveWindow
CreateWindowExA
RegisterClassExA
DefWindowProcA
MessageBoxA
SendMessageA
DestroyWindow
LoadCursorA
LoadIconA
ShowWindow
GetWindowRect

kernel32

GetLastError
lstrcpyA
GetModuleHandleA
GetCommandLineA
FindFirstFileA
FormatMessageA
FindClose
FindNextFileA
DeleteFileA
CloseHandle
GetACP
CreateFileA

gdi32

CreateFontIndirectA

Sections

.text
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 536B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Samples 5/b6b789bb154eaee918cb7eec069e9a80ca1e7596d27a2a8495ddee5e800259ed.exe
.exe windows:6 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 136KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 82KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:6 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 49KB - Virtual size: 49KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 123KB - Virtual size: 123KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Samples 5/b89afe8f268ee82f378f123ec7dbb7de41e296d1ef26993f03f29b0f7b39884c.exe
.exe windows:5 windows x86 arch:x86

c8a352bf73a61d8e36f530e1798f43a3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

AllocConsole
GlobalCompact
WriteConsoleOutputCharacterA
ReadConsoleA
GetEnvironmentStringsW
GetUserDefaultLCID
SetConsoleScreenBufferSize
WriteConsoleInputA
OpenSemaphoreA
SetCommBreak
GetFileAttributesExA
SetTapeParameters
GetModuleHandleW
GenerateConsoleCtrlEvent
GetWindowsDirectoryA
GetConsoleAliasExesW
WaitNamedPipeW
FindActCtxSectionStringA
SetCommState
GetDriveTypeA
AddRefActCtx
GlobalFindAtomA
LoadLibraryW
CopyFileW
_hread
CreateEventA
GetFileAttributesA
SetConsoleMode
GetConsoleAliasW
SetSystemPowerState
TerminateProcess
ReplaceFileW
GetCompressedFileSizeA
GetTimeZoneInformation
lstrlenW
FindNextVolumeMountPointW
GetStartupInfoW
GetTempPathW
WriteConsoleInputW
GetConsoleAliasesW
FindFirstFileA
GetLastError
GetCurrentDirectoryW
SetLastError
CreateConsoleScreenBuffer
EnumSystemCodePagesW
SetStdHandle
VerLanguageNameW
GlobalGetAtomNameA
FindClose
LoadLibraryA
LocalAlloc
MoveFileA
AddVectoredExceptionHandler
RemoveDirectoryW
SetFileApisToANSI
WriteProfileSectionW
GlobalGetAtomNameW
GetCurrentConsoleFont
FoldStringA
FindNextFileA
FindFirstChangeNotificationA
FindNextFileW
GetStringTypeW
VirtualProtect
CompareStringA
QueryPerformanceFrequency
FatalAppExitA
FindAtomW
DeleteFileW
MoveFileWithProgressW
AddConsoleAliasA
ResetWriteWatch
ReadConsoleOutputCharacterW
EnumSystemLocalesW
CloseHandle
WriteConsoleW
SetLocaleInfoA
GetShortPathNameA
GetNumaNodeProcessorMask
FlushFileBuffers
GetConsoleMode
InterlockedIncrement
InterlockedDecrement
EncodePointer
DecodePointer
Sleep
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
HeapFree
GetCommandLineW
HeapSetInformation
RaiseException
RtlUnwind
HeapAlloc
WideCharToMultiByte
LCMapStringW
MultiByteToWideChar
GetCPInfo
IsProcessorFeaturePresent
HeapCreate
SetHandleCount
GetStdHandle
InitializeCriticalSectionAndSpinCount
GetFileType
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCurrentProcess
SetFilePointer
GetProcAddress
ExitProcess
WriteFile
GetModuleFileNameW
FreeEnvironmentStringsW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetCurrentThreadId
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
GetLocaleInfoW
HeapSize
GetACP
GetOEMCP
IsValidCodePage
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
HeapReAlloc
GetConsoleCP
CreateFileW

user32

CharUpperA

advapi32

ClearEventLogA
AbortSystemShutdownW

winhttp

WinHttpWriteData
WinHttpGetProxyForUrl

Sections

.text
Size: 159KB - Virtual size: 159KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 3.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 53KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Samples 6/b245325d21b53f21ee7d6a1a8ed3963fcb89cf9770c3d0476ca0544558eaabc3.exe
.exe windows:10 windows x64 arch:x64

af31c1efceb0dcf22791a6441ebceec0

Code Sign

33:00:00:04:8f:0b:b9:7c:df:7a:ff:4a:57:00:00:00:00:04:8f
Certificate

Issuer

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

12-05-2022 20:47

Not After

11-05-2023 20:47

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0c:52:4c:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

06-07-2010 20:40

Not After

06-07-2025 20:50

Subject

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

ee:a7:e6:b1:a6:f1:12:46:9f:06:6e:9f:63:16:08:2c:75:e2:be:b8:9b:92:2b:ba:e8:6d:9e:0e:f4:49:be:53
Signer

Actual PE Digest

ee:a7:e6:b1:a6:f1:12:46:9f:06:6e:9f:63:16:08:2c:75:e2:be:b8:9b:92:2b:ba:e8:6d:9e:0e:f4:49:be:53

Digest Algorithm

sha256

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

advapi32

RegOpenKeyExA
RegSetValueExA
RegCreateKeyExA
RegQueryValueExA
RegCloseKey

kernel32

GlobalUnlock
GlobalLock
GlobalAlloc
GetCurrentProcessId
GetProcAddress
LoadLibraryW
GetCommandLineA
GetCurrentDirectoryA
GetModuleFileNameW
TerminateProcess
GetCurrentProcess
TryEnterCriticalSection
lstrcmpA
GetCurrentThreadId
GetTickCount
lstrcmpiA
DeleteCriticalSection
Sleep
InitializeCriticalSection
LeaveCriticalSection
OutputDebugStringA
EnterCriticalSection
CreateEventA
ResetEvent
CreateThread
WaitForSingleObject
SetEvent
LocalFree
EncodePointer
DecodePointer
InitializeCriticalSectionEx
GetStartupInfoW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetModuleHandleW
QueryPerformanceCounter
GetSystemTimeAsFileTime
WriteFile
CreateFileW
GetLastError
lstrcmpiW
SizeofResource
GetFullPathNameW
ReleaseSemaphore
CreateMutexW
ReleaseMutex
OpenFileMappingW
ResumeThread
UnmapViewOfFile
CreateEventW
LockResource
FindResourceExW
LoadResource
CreateSemaphoreW
CreateFileMappingW
MapViewOfFile
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
GetProcessHeap
HeapDestroy
RaiseException
CloseHandle
WaitForMultipleObjects

gdi32

PolyPolygon
CreateHatchBrush
Polygon
GetTextMetricsA
CreateFontA
TextOutW
TextOutA
SetTextAlign
BitBlt
CreateDIBSection
CreateCompatibleDC
GetTextExtentExPointA
Rectangle
Pie
Ellipse
GetTextExtentPoint32A
PatBlt
CreateRectRgn
LineTo
CreateFontIndirectA
MoveToEx
SelectObject
CreateBrushIndirect
SetBkColor
SetDCPenColor
CreateSolidBrush
DeleteObject
SetBkMode
CreatePen
GetStockObject

user32

SwitchToThisWindow
GetWindowInfo
TranslateAcceleratorA
GetSubMenu
DialogBoxParamA
MessageBeep
EndDialog
LoadStringA
MessageBoxW
GetMenu
GetMessageA
LoadMenuA
GetWindowDC
SetWindowLongPtrA
GetWindowLongPtrA
SetClipboardData
GetMonitorInfoA
EmptyClipboard
CloseClipboard
OpenClipboard
GetSystemMetrics
MonitorFromWindow
UnregisterClassA
ModifyMenuA
SendMessageW
SetScrollInfo
GetKeyState
GetWindowRect
GetDC
SetWindowPos
FillRect
ScreenToClient
GetScrollInfo
RedrawWindow
GetDlgCtrlID
ClientToScreen
RegisterClassA
SetDlgItemTextW
GetDlgItemTextW
MessageBoxA
GetSysColor
MoveWindow
IsDlgButtonChecked
DefWindowProcA
CreateWindowExA
ScrollWindowEx
GetDlgItemInt
GetClientRect
InvalidateRect
ReleaseDC
BeginPaint
EndPaint
CallNextHookEx
GetDlgItemTextA
SetWindowsHookExA
UnhookWindowsHookEx
SetDlgItemTextA
GetDlgItem
EnableWindow
LoadCursorA
PostMessageA
SendMessageA
SetCursor
CheckDlgButton
SetDlgItemInt
DispatchMessageA
DestroyWindow
MsgWaitForMultipleObjects
ShowWindow
IsWindow
IsDialogMessageA
GetWindowTextA
SetWindowTextA
TranslateMessage
DestroyMenu
DrawMenuBar
CreateDialogParamA
PeekMessageA
LoadAcceleratorsA
SetScrollRange
LoadIconA
TrackPopupMenuEx
RemoveMenu
CheckMenuItem
PostQuitMessage
SetScrollPos
EnableMenuItem
InsertMenuItemA
UpdateWindow
RegisterClassExA
IsCharAlphaNumericW
GetCursorPos
SetForegroundWindow
SetFocus

msvcrt

__crtLCMapStringA
_wsetlocale
_XcptFilter
_amsg_exit
__getmainargs
__set_app_type
exit
_exit
_cexit
__setusermatherr
_initterm
__C_specific_handler
_acmdln
_fmode
_commode
__dllonexit
_onexit
?terminate@@YAXXZ
??1type_info@@UEAA@XZ
_wcsdup
memset
??3@YAXPEAX@Z
__CxxFrameHandler3
_purecall
swprintf_s
abort
_ismbblead
___mb_cur_max_func
__uncaught_exception
islower
calloc
___lc_codepage_func
___lc_handle_func
isupper
__pctype_func
fseek
_fsopen
setlocale
_unlock
_lock
memmove
memcpy
_CxxThrowException
_callnewh
malloc
_i64toa_s
localeconv
strcspn
sprintf_s
wcsrchr
strstr
_wcsupr_s
wcsstr
wcscat_s
mbstowcs
sscanf_s
_strtoui64
wcstombs
swscanf_s
strtod
_strtoi64
_vsnwprintf
vsprintf_s
_wcsicmp
_fseeki64
fsetpos
ungetc
free
fgetpos
fwrite
??0exception@@QEAA@AEBQEBD@Z
fgetc
_vsnprintf
fclose
_wtoi
vswprintf_s
_vscwprintf
_wcslwr_s
memmove_s
fflush
memcpy_s
fputc
??0bad_cast@@QEAA@AEBV0@@Z
??0bad_cast@@QEAA@PEBD@Z
??1bad_cast@@UEAA@XZ
??_V@YAXPEAX@Z
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@AEBQEBDH@Z
??1exception@@UEAA@XZ
?what@exception@@UEBAPEBDXZ
_scwprintf
setvbuf

comdlg32

GetSaveFileNameA
GetOpenFileNameW

msimg32

GradientFill

ntdll

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

oleaut32

SysFreeString
SysAllocString

shell32

ShellExecuteA

comctl32

ord17

rpcrt4

UuidFromStringA

Sections

.text
Size: 400KB - Virtual size: 396KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 116KB - Virtual size: 114KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 844KB - Virtual size: 843KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Samples 6/b592a44f67e06e47646ade57f8737600011b7317fd9c130b5835e9aaecf795c2.exe
.exe windows:3 windows x86 arch:x86

0857c95156001e46d97f85c864bce974

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

atl

AtlAxGetHost
AtlAxWinInit

aclui

EditSecurity
EditSecurity
EditSecurity
EditSecurity
EditSecurity
EditSecurity
EditSecurity
EditSecurity
EditSecurity
EditSecurity

duser

DUserFindClass
DUserGetAlphaPRID
DUserGetGutsData
DUserGetRectPRID
DUserGetRotatePRID
DUserGetScalePRID
DUserRegisterGuts
DUserRegisterStub
DUserRegisterSuper

kernel32

_lopen
ExitProcess
ReadFile
GetTickCount
GetACP
ReadConsoleA
GetSystemDirectoryA
Module32First
GetCommandLineA

icmp

IcmpSendEcho

quartz

AMGetErrorTextA

raschap

RasEapCreateConnectionProperties
RasEapCreateUserProperties
RasEapCreateConnectionProperties
RasEapCreateUserProperties
RasEapCreateConnectionProperties
RasEapCreateUserProperties
RasEapCreateConnectionProperties
RasEapCreateUserProperties

esent

JetGetBookmark
JetGetColumnInfo
JetGetCounter
JetGetCurrentIndex
JetGetCursorInfo
JetGetDatabaseFileInfo
JetGetDatabaseInfo
JetGetIndexInfo
JetGetInstanceInfo
JetGetBookmark
JetGetColumnInfo
JetGetCounter
JetGetCurrentIndex
JetGetCursorInfo
JetGetDatabaseFileInfo
JetGetDatabaseInfo
JetGetIndexInfo
JetGetInstanceInfo

Sections

.text
Size: 8KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ

.DATA
Size: 12KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

rs
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Samples 6/b842080ef401cb64de4b9c7d823ef60b0ed4f4bbd42431fbf26db940ece9f4f1.exe
.exe windows:6 windows x86 arch:x86

f030c1fd78181b976a79f24c5afc47f8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

InitializeAcl

kernel32

CloseHandle
WaitForSingleObjectEx
Sleep
SwitchToThread
GetCurrentThreadId
GetExitCodeThread
GetNativeSystemInfo
FormatMessageA
WideCharToMultiByte
MultiByteToWideChar
GetStringTypeW
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
QueryPerformanceCounter
QueryPerformanceFrequency
InitializeSRWLock
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
TryAcquireSRWLockExclusive
InitializeConditionVariable
WakeConditionVariable
WakeAllConditionVariable
SleepConditionVariableSRW
LocalFree
GetLocaleInfoEx
EncodePointer
DecodePointer
LCMapStringEx
SetFileInformationByHandle
GetTempPathW
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
InitOnceExecuteOnce
SleepConditionVariableCS
CreateEventExW
CreateSemaphoreExW
FlushProcessWriteBuffers
GetCurrentProcessorNumber
GetSystemTimeAsFileTime
GetTickCount64
FreeLibraryWhenCallbackReturns
CreateThreadpoolWork
SubmitThreadpoolWork
CloseThreadpoolWork
CreateThreadpoolTimer
SetThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CloseThreadpoolTimer
CreateThreadpoolWait
SetThreadpoolWait
CloseThreadpoolWait
GetModuleHandleW
GetProcAddress
GetFileInformationByHandleEx
CreateSymbolicLinkW
CompareStringEx
GetCPInfo
IsProcessorFeaturePresent
GetCurrentProcessId
InitializeSListHead
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
GetCurrentProcess
TerminateProcess
CreateFileW
RaiseException
RtlUnwind
InterlockedPushEntrySList
InterlockedFlushSList
GetLastError
SetLastError
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
CreateThread
ExitThread
ResumeThread
FreeLibraryAndExitThread
GetModuleHandleExW
GetStdHandle
WriteFile
GetModuleFileNameW
ExitProcess
GetCommandLineA
GetCommandLineW
GetCurrentThread
HeapFree
HeapAlloc
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
SetConsoleCtrlHandler
GetFileType
FlushFileBuffers
GetConsoleOutputCP
GetConsoleMode
ReadFile
GetFileSizeEx
SetFilePointerEx
ReadConsoleW
HeapReAlloc
GetTimeZoneInformation
OutputDebugStringW
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
SetStdHandle
GetProcessHeap
HeapSize
WriteConsoleW

Sections

.text
Size: 729KB - Virtual size: 728KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 103KB - Virtual size: 102KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 616KB - Virtual size: 623KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.00cfg
Size: 512B - Virtual size: 270B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Samples 6/bb6758a9bce33333cbe3c141c2f7c94077d97cf25c83eb4282cc5ddcaeccc194.exe
.exe windows:5 windows x86 arch:x86

892cf399352d143dfa090ba225b3a97b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetSystemDefaultLangID
WriteConsoleInputW
lstrlenA
GetStringTypeA
GetConsoleAliasA
WaitNamedPipeA
GetEnvironmentStringsW
WriteConsoleInputA
AddConsoleAliasW
FlushConsoleInputBuffer
SetTapeParameters
MoveFileWithProgressA
FindNextVolumeMountPointA
GetConsoleAliasesA
ConvertFiberToThread
ExpandEnvironmentStringsA
GetPrivateProfileStringW
ReadConsoleW
GetWindowsDirectoryA
GetCompressedFileSizeW
GetConsoleAliasExesW
CreateActCtxW
GetPrivateProfileIntA
LoadLibraryW
SetCommConfig
FatalAppExitW
_hread
GetSystemPowerStatus
HeapDestroy
GetFileAttributesA
GetExitCodeProcess
ReplaceFileW
IsDBCSLeadByte
GetTimeZoneInformation
EnumSystemLocalesA
GetConsoleOutputCP
GetStartupInfoA
FindFirstFileA
GetLastError
SetLastError
GetProcAddress
WriteProfileSectionA
RemoveDirectoryA
CopyFileA
GlobalGetAtomNameA
SetFileApisToOEM
LoadLibraryA
LocalAlloc
SetConsoleCtrlHandler
CreateEventW
VirtualLock
OpenJobObjectW
FoldStringA
GlobalFindAtomW
GetModuleHandleA
SetLocaleInfoW
FindNextFileW
VirtualProtect
GetCurrentDirectoryA
CompareStringA
GetShortPathNameW
OpenSemaphoreW
ReadConsoleInputW
FindFirstVolumeW
MoveFileWithProgressW
ReadConsoleOutputCharacterW
EnumSystemLocalesW
DeleteFileA
ExpandEnvironmentStringsW
CreateFileW
WriteConsoleW
InterlockedIncrement
InterlockedDecrement
EncodePointer
DecodePointer
Sleep
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
HeapFree
GetCommandLineW
HeapSetInformation
GetStartupInfoW
RaiseException
RtlUnwind
HeapAlloc
WideCharToMultiByte
LCMapStringW
MultiByteToWideChar
GetCPInfo
IsProcessorFeaturePresent
HeapCreate
HeapSize
GetModuleHandleW
ExitProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
TerminateProcess
GetCurrentProcess
SetFilePointer
WriteFile
GetStdHandle
GetModuleFileNameW
FreeEnvironmentStringsW
SetHandleCount
InitializeCriticalSectionAndSpinCount
GetFileType
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetCurrentThreadId
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
GetLocaleInfoW
GetACP
GetOEMCP
IsValidCodePage
GetUserDefaultLCID
GetLocaleInfoA
IsValidLocale
GetStringTypeW
HeapReAlloc
SetStdHandle
GetConsoleCP
GetConsoleMode
FlushFileBuffers
CloseHandle

user32

CharUpperA

Sections

.text
Size: 177KB - Virtual size: 176KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 3.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 68KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Samples 6/bb6f2d4376bb6c4e88d386ad55e243295b82704441e9c849ec13063febe5c112.exe
.exe windows:5 windows x86 arch:x86

e836076a09dba03e4d6faa46dda0fefc

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_ISOLATION
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

wininet

HttpSendRequestW
InternetSetOptionW
InternetQueryOptionW
HttpOpenRequestW
HttpQueryInfoW
InternetReadFile
InternetConnectW
InternetOpenW

kernel32

GetTempPathW
GetFileSize
GetCurrentDirectoryW
DeleteFileW
CloseHandle
WriteFile
lstrcmpW
ReadFile
GetModuleHandleW
ExitProcess
HeapCreate
HeapAlloc
GetModuleFileNameW
CreateFileW
lstrlenW

user32

wsprintfW

shell32

ShellExecuteW

Sections

.text
Size: 1024B - Virtual size: 984B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 20B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 448B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 178B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Samples 6/bb9f86e51b9f942e3e196517f059b6ed77f27007228acb0a8aa640eab1f2c69f.exe
.exe windows:5 windows x86 arch:x86

60ae318ba3943ff01dba1fd90967446b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

memcpy
atexit
strtok_s
memset
malloc
memcmp

Sections

.text
Size: 73KB - Virtual size: 73KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 2.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Samples 6/bd4e2dd3ffc3977b2ca8f818c2e51c421a1f4772b4fe11a1aa8448dc50fddab2.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Code Sign

43:17:39:04:c6:8a:46:bd:4d:1f:b8:e3:c1:ad:72:55
Certificate

Issuer

CN=¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.

Not Before

29-10-2023 10:42

Not After

30-10-2033 10:42

Subject

CN=¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

03-05-2023 00:00

Not After

02-08-2034 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #4,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02-05-2019 00:00

Not After

18-01-2038 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2c:ae:a8:7d:0c:3c:ca:8a:66:0d:a0:64:2f:ec:32:2c:a8:6f:60:00:1d:42:3e:eb:2c:e2:f4:2e:fb:16:55:27
Signer

Actual PE Digest

2c:ae:a8:7d:0c:3c:ca:8a:66:0d:a0:64:2f:ec:32:2c:a8:6f:60:00:1d:42:3e:eb:2c:e2:f4:2e:fb:16:55:27

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 4.1MB - Virtual size: 4.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 189KB - Virtual size: 188KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Samples 6/bf738eeee983c909af9211968826b57eefdf3d1050de9a5c0b09e5cfba511314.exe
.exe windows:6 windows x64 arch:x64

85cddd6092e65c1a58dd1e6e9ab9fc63

Code Sign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25-05-2021 00:00

Not After

31-12-2028 23:59

Subject

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

Issuer

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Not Before

22-03-2021 00:00

Not After

21-03-2036 23:59

Subject

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

c6:eb:69:23:34:33:5f:8c:1c:c6:ac:66:79:c5:23:43
Certificate

Issuer

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Not Before

13-03-2023 00:00

Not After

12-03-2026 23:59

Subject

CN=Etwok Inc,O=Etwok Inc,ST=Delaware,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14-07-2023 00:00

Not After

13-10-2034 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23-03-2022 00:00

Not After

22-03-2037 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-08-2022 00:00

Not After

09-11-2031 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

e1:41:9d:93:b2:e5:df:9e:d0:d7:f8:28:b0:3d:67:59:90:cd:92:15:ff:c9:ab:0f:41:9a:bf:73:e0:2a:8a:f0
Signer

Actual PE Digest

e1:41:9d:93:b2:e5:df:9e:d0:d7:f8:28:b0:3d:67:59:90:cd:92:15:ff:c9:ab:0f:41:9a:bf:73:e0:2a:8a:f0

Digest Algorithm

sha256

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

AddAtomA
AddVectoredExceptionHandler
CloseHandle
CreateEventA
CreateFileA
CreateIoCompletionPort
CreateMutexA
CreateSemaphoreA
CreateThread
CreateWaitableTimerExW
DeleteAtom
DeleteCriticalSection
DuplicateHandle
EnterCriticalSection
ExitProcess
FindAtomA
FormatMessageA
FreeEnvironmentStringsW
GetAtomNameA
GetConsoleMode
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetEnvironmentStringsW
GetHandleInformation
GetLastError
GetProcAddress
GetProcessAffinityMask
GetQueuedCompletionStatusEx
GetStartupInfoA
GetStdHandle
GetSystemDirectoryA
GetSystemInfo
GetSystemTimeAsFileTime
GetThreadContext
GetThreadPriority
GetTickCount
InitializeCriticalSection
IsDBCSLeadByteEx
IsDebuggerPresent
LeaveCriticalSection
LoadLibraryA
LoadLibraryW
LocalFree
MultiByteToWideChar
OpenProcess
OutputDebugStringA
PostQueuedCompletionStatus
QueryPerformanceCounter
QueryPerformanceFrequency
RaiseException
ReleaseMutex
ReleaseSemaphore
RemoveVectoredExceptionHandler
ResetEvent
ResumeThread
SetConsoleCtrlHandler
SetErrorMode
SetEvent
SetLastError
SetProcessAffinityMask
SetProcessPriorityBoost
SetThreadContext
SetThreadPriority
SetUnhandledExceptionFilter
SetWaitableTimer
Sleep
SuspendThread
SwitchToThread
TlsAlloc
TlsGetValue
TlsSetValue
TryEnterCriticalSection
VirtualAlloc
VirtualFree
VirtualProtect
VirtualQuery
WaitForMultipleObjects
WaitForSingleObject
WideCharToMultiByte
WriteConsoleW
WriteFile
__C_specific_handler

msvcrt

___lc_codepage_func
___mb_cur_max_func
__getmainargs
__initenv
__iob_func
__lconv_init
__set_app_type
__setusermatherr
_acmdln
_amsg_exit
_beginthread
_beginthreadex
_cexit
_commode
_endthreadex
_errno
_fmode
_initterm
_lock
_memccpy
_onexit
_setjmp
_strdup
_ultoa
_unlock
abort
calloc
exit
fprintf
fputc
free
fwrite
localeconv
longjmp
malloc
memcpy
memmove
memset
printf
realloc
signal
strerror
strlen
strncmp
vfprintf
wcslen

Exports

Exports

_cgo_dummy_export

Sections

.text
Size: 3.2MB - Virtual size: 3.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 264KB - Virtual size: 264KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 4.2MB - Virtual size: 4.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 408KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 78B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 112B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 54KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Samples 6/bfdb06e19260107f468834d5601f7f295ca82b31966be48f856011d9dba1f5b7.exe
.exe windows:4 windows x86 arch:x86

c05041e01f84e1ccca9c4451f3b6a383

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegCreateKeyExW
RegEnumKeyW
RegQueryValueExW
RegSetValueExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
SetFileSecurityW
RegOpenKeyExW
RegEnumValueW

shell32

SHGetSpecialFolderLocation
SHFileOperationW
SHBrowseForFolderW
SHGetPathFromIDListW
ShellExecuteExW
SHGetFileInfoW

ole32

OleInitialize
OleUninitialize
CoCreateInstance
IIDFromString
CoTaskMemFree

comctl32

ord17
ImageList_Create
ImageList_Destroy
ImageList_AddMasked

user32

GetClientRect
EndPaint
DrawTextW
IsWindowEnabled
DispatchMessageW
wsprintfA
CharNextA
CharPrevW
MessageBoxIndirectW
GetDlgItemTextW
SetDlgItemTextW
GetSystemMetrics
FillRect
AppendMenuW
TrackPopupMenu
OpenClipboard
SetClipboardData
CloseClipboard
IsWindowVisible
CallWindowProcW
GetMessagePos
CheckDlgButton
LoadCursorW
SetCursor
GetWindowLongW
GetSysColor
SetWindowPos
PeekMessageW
SetClassLongW
GetSystemMenu
EnableMenuItem
GetWindowRect
ScreenToClient
EndDialog
RegisterClassW
SystemParametersInfoW
CreateWindowExW
GetClassInfoW
DialogBoxParamW
CharNextW
ExitWindowsEx
DestroyWindow
CreateDialogParamW
SetTimer
SetWindowTextW
PostQuitMessage
SetForegroundWindow
ShowWindow
wsprintfW
SendMessageTimeoutW
FindWindowExW
IsWindow
GetDlgItem
SetWindowLongW
LoadImageW
GetDC
ReleaseDC
EnableWindow
InvalidateRect
SendMessageW
DefWindowProcW
BeginPaint
EmptyClipboard
CreatePopupMenu

gdi32

SetBkMode
SetBkColor
GetDeviceCaps
CreateFontIndirectW
CreateBrushIndirect
DeleteObject
SetTextColor
SelectObject

kernel32

GetExitCodeProcess
WaitForSingleObject
GetModuleHandleA
GetProcAddress
GetSystemDirectoryW
lstrcatW
Sleep
lstrcpyA
WriteFile
GetTempFileNameW
lstrcmpiA
RemoveDirectoryW
CreateProcessW
CreateDirectoryW
GetLastError
CreateThread
GlobalLock
GlobalUnlock
GetDiskFreeSpaceW
WideCharToMultiByte
lstrcpynW
lstrlenW
SetErrorMode
GetVersion
GetCommandLineW
GetTempPathW
GetWindowsDirectoryW
SetEnvironmentVariableW
ExitProcess
CopyFileW
GetCurrentProcess
GetModuleFileNameW
GetFileSize
CreateFileW
GetTickCount
MulDiv
SetFileAttributesW
GetFileAttributesW
SetCurrentDirectoryW
MoveFileW
GetFullPathNameW
GetShortPathNameW
SearchPathW
CompareFileTime
SetFileTime
CloseHandle
lstrcmpiW
lstrcmpW
ExpandEnvironmentStringsW
GlobalFree
GlobalAlloc
GetModuleHandleW
LoadLibraryExW
MoveFileExW
FreeLibrary
WritePrivateProfileStringW
GetPrivateProfileStringW
lstrlenA
MultiByteToWideChar
ReadFile
SetFilePointer
FindClose
FindNextFileW
FindFirstFileW
DeleteFileW

Sections

.text
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 128KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 64KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Samples 6/c4ec2c4d73a45bba85debe9fe243708bb52afd29dc95d7fdefed02cd34c375ca.exe
.exe windows:5 windows x86 arch:x86

6ca37e5e41278ceac6bd8157d469b53e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_ISOLATION
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

GetModuleHandleA
GetProcAddress

wininet

InternetOpenW

user32

wsprintfW

shell32

ShellExecuteW

Sections

.MPRESS1
Size: 2KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MPRESS2
Size: 1024B - Virtual size: 963B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 448B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Samples 6/c6befd3879040aeca88afd9b461177c9a3fc830f2020f2878696ddca0cea994e.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Code Sign

43:17:39:04:c6:8a:46:bd:4d:1f:b8:e3:c1:ad:72:55
Certificate

Issuer

CN=¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.

Not Before

29-10-2023 10:42

Not After

30-10-2033 10:42

Subject

CN=¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.¿‰ß‹¿/.

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

03-05-2023 00:00

Not After

02-08-2034 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #4,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02-05-2019 00:00

Not After

18-01-2038 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

37:7d:74:78:b1:10:bd:73:10:72:68:a2:29:9b:29:1c:b0:18:ca:aa:6f:35:86:1b:b7:84:36:3a:39:e5:29:0b
Signer

Actual PE Digest

37:7d:74:78:b1:10:bd:73:10:72:68:a2:29:9b:29:1c:b0:18:ca:aa:6f:35:86:1b:b7:84:36:3a:39:e5:29:0b

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 4.3MB - Virtual size: 4.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 165KB - Virtual size: 164KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Samples 6/c76d7f244175880387474af937c59ad2cbfec2f4bdfdefdf0a9d1def029faa31.exe
.exe windows:6 windows x86 arch:x86

5c4ca581bd0c16fde33f63c4ab8ff974

Code Sign

23:20:ba:76:1b:e8:0e:a7:40:6d:3c:b4:d4:c4:ab:dd
Certificate

Issuer

CN=Toshiba MQ01ABDxx 2.5 MQ01ABD050

Not Before

20-06-2022 19:19

Not After

21-06-2032 19:19

Subject

CN=Toshiba MQ01ABDxx 2.5 MQ01ABD050

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

03-05-2023 00:00

Not After

02-08-2034 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #4,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02-05-2019 00:00

Not After

18-01-2038 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

96:b1:44:48:cd:ad:26:01:b8:78:e8:52:9a:93:4f:29:da:c9:31:86:e5:04:60:ac:b3:ef:2a:d4:38:72:a7:5a
Signer

Actual PE Digest

96:b1:44:48:cd:ad:26:01:b8:78:e8:52:9a:93:4f:29:da:c9:31:86:e5:04:60:ac:b3:ef:2a:d4:38:72:a7:5a

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CloseHandle
GetSystemTimeAsFileTime
HeapAlloc
HeapFree
ExitProcess
LoadLibraryA
GetModuleHandleA
GetProcAddress

user32

EnumDisplayDevicesA

advapi32

GetCurrentHwProfileW

gdi32

BitBlt

shlwapi

PathFileExistsW

winhttp

WinHttpCloseHandle

iphlpapi

GetAdaptersInfo

wininet

HttpAddRequestHeadersA

crypt32

CryptStringToBinaryA

Sections

.text
Size: - Virtual size: 423KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 1.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp2
Size: 3.2MB - Virtual size: 3.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Samples 6/c808c7043bbe6f22fdae5e9ad031db55e2ec385489a53ad3096985e53292244b.exe
.exe windows:5 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 44KB - Virtual size: 100KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 20KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

petite
Size: 385B - Virtual size: 385B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Samples 6/ca181f57edb3d99fbdfd1a512a783d266d479c2fd38ffea14742771df7ba2c1a.exe
.exe windows:5 windows x86 arch:x86

a4ae589821c5dc6d5b727f8ebbd62dc2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FindFirstFileW
WriteConsoleInputW
lstrlenA
GetConsoleAliasA
WaitNamedPipeA
WriteConsoleInputA
AddConsoleAliasW
FlushConsoleInputBuffer
OpenSemaphoreA
SetTapeParameters
MoveFileWithProgressA
GetModuleHandleW
FindNextVolumeMountPointA
GetConsoleAliasesA
ConvertFiberToThread
ExpandEnvironmentStringsA
ReadConsoleW
GetCompressedFileSizeW
GetConsoleAliasExesW
GetUserDefaultLangID
SetCommState
CreateActCtxW
GetEnvironmentStrings
GetPrivateProfileIntA
LoadLibraryW
SetCommConfig
FatalAppExitW
ReadConsoleInputA
CopyFileW
_hread
GetSystemPowerStatus
GetExitCodeProcess
EnumSystemCodePagesA
GetFileAttributesW
TerminateProcess
IsDBCSLeadByte
GetTimeZoneInformation
FindNextVolumeMountPointW
ReplaceFileA
GetTempPathW
EnumSystemLocalesA
GetConsoleOutputCP
VerifyVersionInfoW
GetStartupInfoA
GetLastError
SetLastError
ReadConsoleOutputCharacterA
GetProcAddress
RemoveDirectoryA
GetPrivateProfileStringA
SetFileApisToOEM
LoadLibraryA
LocalAlloc
IsWow64Process
SetConsoleCtrlHandler
CreateEventW
WriteProfileSectionW
VirtualLock
GlobalGetAtomNameW
GetCurrentConsoleFont
OpenJobObjectW
FoldStringA
GlobalFindAtomW
GetModuleHandleA
SetLocaleInfoW
FindNextFileW
GetStringTypeW
VirtualProtect
GetCurrentDirectoryA
CompareStringA
QueryPerformanceFrequency
GetShortPathNameW
FindFirstVolumeA
GetWindowsDirectoryW
MoveFileWithProgressW
ResetWriteWatch
EnumSystemLocalesW
DeleteFileA
ExpandEnvironmentStringsW
WriteConsoleW
InterlockedIncrement
InterlockedDecrement
EncodePointer
DecodePointer
Sleep
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
WideCharToMultiByte
MoveFileA
HeapFree
GetCommandLineW
HeapSetInformation
GetStartupInfoW
RaiseException
RtlUnwind
HeapAlloc
LCMapStringW
MultiByteToWideChar
GetCPInfo
IsProcessorFeaturePresent
GetACP
GetOEMCP
IsValidCodePage
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetCurrentThreadId
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCurrentProcess
HeapCreate
SetHandleCount
GetStdHandle
InitializeCriticalSectionAndSpinCount
GetFileType
CloseHandle
ExitProcess
WriteFile
GetModuleFileNameW
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
GetLocaleInfoW
HeapSize
GetUserDefaultLCID
GetLocaleInfoA
IsValidLocale
HeapReAlloc
SetFilePointer
GetConsoleCP
GetConsoleMode
SetStdHandle
FlushFileBuffers
CreateFileW

user32

CharUpperA

Sections

.text
Size: 174KB - Virtual size: 174KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 3.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 63KB - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Samples 6/cd22c1aabcafc40bf81d42b42e625e49eff9e0f928fa961e43573e1eb45ace18.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 350KB - Virtual size: 349KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 130KB - Virtual size: 129KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Samples 7/d097ca2583425f648592138b57562334c0b83d3179634fd43a0b611bdf720122.exe
.exe windows:5 windows x86 arch:x86

b4f437d48e25c7b06031cb97b5e20cd4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

WriteFile
InterlockedDecrement
InitializeCriticalSectionAndSpinCount
CreateFileW
GetLastError
lstrcatW
RaiseException
DecodePointer
GetProcAddress
DeleteCriticalSection
GetModuleHandleW
WriteConsoleW
SetFilePointerEx
GetConsoleMode
GetConsoleCP
FlushFileBuffers
GetStringTypeW
SetStdHandle
CloseHandle
GetFileType
GetProcessHeap
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCPInfo
IsDebuggerPresent
OutputDebugStringW
EnterCriticalSection
LeaveCriticalSection
MultiByteToWideChar
WideCharToMultiByte
LocalFree
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
GetStartupInfoW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
EncodePointer
RtlUnwind
SetLastError
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
ExitProcess
GetModuleHandleExW
GetModuleFileNameA
GetStdHandle
GetCommandLineA
GetCommandLineW
GetACP
HeapFree
HeapAlloc
HeapSize
HeapReAlloc
CompareStringW
LCMapStringW
FindClose
FindFirstFileExA
FindNextFileA
IsValidCodePage
GetOEMCP

ole32

CoInitializeSecurity
CoSetProxyBlanket
CoCreateInstance

oleaut32

SafeArrayGetDim
VariantInit
SafeArrayGetUBound
SafeArrayGetLBound
SysFreeString
SysStringByteLen
SysAllocStringByteLen
SysAllocString
SafeArrayUnaccessData
SafeArrayAccessData
VariantClear
GetErrorInfo

Sections

.text
Size: 55KB - Virtual size: 54KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 272B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Samples 7/d0d97c70ea6e26b3708dc101a310f056d690bbc17306c493ccba4a6f00fad541.exe
.exe windows:5 windows x86 arch:x86

a7834573a680f6c5596ccc88099e7718

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetDefaultCommConfigA
RemoveVectoredExceptionHandler
FindFirstFileW
FindFirstChangeNotificationW
WriteConsoleInputW
GetModuleHandleExA
GetConsoleAliasExesA
AllocConsole
WriteConsoleOutputCharacterA
MapUserPhysicalPages
GetConsoleAliasA
QueryDosDeviceA
WriteConsoleInputA
AddConsoleAliasW
GetNumaAvailableMemoryNode
OpenSemaphoreA
GetSystemDefaultLCID
MoveFileWithProgressA
GenerateConsoleCtrlEvent
FindNextVolumeMountPointA
GetConsoleAliasesA
ReadConsoleW
GetWindowsDirectoryA
WaitNamedPipeW
SetCommState
GetDriveTypeA
GetEnvironmentStrings
GlobalAlloc
AddRefActCtx
GetVolumeInformationA
LoadLibraryW
SetCommConfig
CopyFileW
_hread
CreateEventA
GetExitCodeProcess
TransactNamedPipe
GetFileAttributesW
SetTimeZoneInformation
GetCompressedFileSizeA
GlobalFix
lstrlenW
FindNextVolumeMountPointW
GetStartupInfoW
ReplaceFileA
GetTempPathW
GetShortPathNameA
GetNamedPipeHandleStateW
GetStartupInfoA
GetLastError
SetLastError
ReadConsoleOutputCharacterA
CreateConsoleScreenBuffer
WriteProfileSectionA
EnumSystemCodePagesW
SetStdHandle
VerLanguageNameW
OpenWaitableTimerA
AddAtomW
RemoveDirectoryW
FindAtomA
FoldStringW
SetConsoleCursorInfo
GetModuleHandleA
SetLocaleInfoW
FindNextFileW
VirtualProtect
GetCurrentDirectoryA
CompareStringA
GetFileTime
GetConsoleCursorInfo
QueryPerformanceFrequency
SetProcessShutdownParameters
GetVolumeNameForVolumeMountPointW
DeleteFileW
ResetWriteWatch
GetSystemTime
EnumSystemLocalesW
lstrcpyW
AreFileApisANSI
CloseHandle
HeapSize
lstrcatA
DebugActiveProcess
MoveFileA
HeapReAlloc
GetCommandLineW
HeapSetInformation
EncodePointer
DecodePointer
IsProcessorFeaturePresent
EnterCriticalSection
LeaveCriticalSection
SetHandleCount
GetStdHandle
InitializeCriticalSectionAndSpinCount
GetFileType
DeleteCriticalSection
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
TerminateProcess
GetCurrentProcess
HeapAlloc
HeapFree
HeapCreate
GetProcAddress
GetModuleHandleW
ExitProcess
WriteFile
GetModuleFileNameW
FreeEnvironmentStringsW
GetEnvironmentStringsW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
GetCurrentThreadId
InterlockedDecrement
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
RaiseException
Sleep
SetFilePointer
WideCharToMultiByte
GetConsoleCP
GetConsoleMode
RtlUnwind
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
FlushFileBuffers
WriteConsoleW
MultiByteToWideChar
LCMapStringW
GetStringTypeW
CreateFileW

user32

CharUpperW

advapi32

AbortSystemShutdownA

winhttp

WinHttpWriteData

Sections

.text
Size: 148KB - Virtual size: 148KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 3.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 53KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Samples 7/d3d18f34a1494d87502f0ea05c56f6194e50610bc71f53653e15c98d25e57e62.exe
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.bss
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 225KB - Virtual size: 227KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.jkqvbz
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Samples 7/da52dc0f002d544115f1d64dbc1d7ec9569be150d59cfe0bfd3f6bb5aed54dc5.exe
.exe windows:5 windows x86 arch:x86

105a7720394e63394e65284a3456719d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetConsoleAliasesLengthW
SetComputerNameExA
GetConsoleAliasExesLengthA
FindResourceW
DeleteVolumeMountPointA
GlobalAddAtomA
GetCommState
GetSystemWindowsDirectoryW
AddConsoleAliasW
FreeEnvironmentStringsA
GetModuleHandleW
GetTickCount
CreateNamedPipeW
GetConsoleAliasesA
GetPriorityClass
GetCurrencyFormatW
LoadLibraryW
GetExitCodeProcess
IsProcessorFeaturePresent
GetConsoleAliasW
lstrcatA
GetVolumePathNameA
GetConsoleAliasesW
GetLastError
InterlockedFlushSList
SetLastError
GetProcAddress
VirtualAlloc
FindFirstFileW
EnumSystemCodePagesW
SearchPathA
SetFileAttributesA
InterlockedExchangeAdd
OpenWaitableTimerW
LocalAlloc
BuildCommDCBAndTimeoutsW
GetNumberFormatW
RemoveDirectoryW
SetConsoleWindowInfo
FoldStringW
GlobalFindAtomW
DebugSetProcessKillOnExit
QueryMemoryResourceNotification
UpdateResourceW
VirtualProtect
PeekConsoleInputA
ReadConsoleInputW
GetWindowsDirectoryW
AreFileApisANSI
LocalFileTimeToFileTime
CloseHandle
WriteConsoleW
CreateFileA
SetVolumeLabelA
FillConsoleOutputCharacterA
BackupWrite
GetConsoleOutputCP
WriteConsoleA
HeapAlloc
Sleep
ExitProcess
GetStartupInfoW
RaiseException
RtlUnwind
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
GetCurrentThreadId
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapFree
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
VirtualFree
HeapReAlloc
HeapCreate
WriteFile
GetStdHandle
GetModuleFileNameA
HeapSize
SetHandleCount
GetFileType
GetStartupInfoA
LoadLibraryA
InitializeCriticalSectionAndSpinCount
GetModuleFileNameW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
LCMapStringA
WideCharToMultiByte
MultiByteToWideChar
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
GetModuleHandleA
SetFilePointer
GetConsoleCP
GetConsoleMode
FlushFileBuffers
SetStdHandle

user32

ChangeDisplaySettingsW
LoadMenuW
CharToOemBuffA

gdi32

GetCharWidthA
GetCharacterPlacementA
GetCharABCWidthsFloatA
GetBoundsRect

shell32

ShellAboutW

Sections

.text
Size: 168KB - Virtual size: 167KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 716KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 68KB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Samples 7/dcf250dc8a9683cf5a3e7dfdb441b06e15b391a8c5d97b31431c650a715432a6.exe
.exe windows:6 windows x86 arch:x86

17bf3b3bfe3032ffd72f1bba20ec1cc9

Code Sign

63:24:4d:30:d2:a1:4a:b4:4a:ad:bd:9a:36:e4:da:5a
Certificate

Issuer

CN=HDD Toshiba SATA-III 10Tb HDWG460EZSTA N300 (7200rpm) 4096Mb 2.5 Rtl

Not Before

10-12-2022 12:00

Not After

11-12-2032 12:00

Subject

CN=HDD Toshiba SATA-III 10Tb HDWG460EZSTA N300 (7200rpm) 4096Mb 2.5 Rtl

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

03-05-2023 00:00

Not After

02-08-2034 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #4,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02-05-2019 00:00

Not After

18-01-2038 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

32:3b:39:7a:5b:c2:1d:0e:a5:0d:46:58:c1:95:6b:06:ba:8e:2c:97:f0:07:81:d7:9d:2d:68:6b:76:14:1d:f8
Signer

Actual PE Digest

32:3b:39:7a:5b:c2:1d:0e:a5:0d:46:58:c1:95:6b:06:ba:8e:2c:97:f0:07:81:d7:9d:2d:68:6b:76:14:1d:f8

Digest Algorithm

sha256

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CloseHandle
LocalAlloc
LocalFree
GetModuleFileNameW
GetProcessAffinityMask
SetProcessAffinityMask
SetThreadAffinityMask
Sleep
ExitProcess
FreeLibrary
LoadLibraryA
GetModuleHandleA
GetProcAddress
HeapAlloc
HeapFree
ExitProcess
LoadLibraryA
GetModuleHandleA
GetProcAddress

user32

EnumDisplayDevicesA
GetProcessWindowStation
GetUserObjectInformationW

advapi32

GetCurrentHwProfileW

gdi32

BitBlt

shlwapi

PathFileExistsW

winhttp

WinHttpCloseHandle

iphlpapi

GetAdaptersInfo

wininet

HttpAddRequestHeadersA

crypt32

CryptStringToBinaryA

Sections

.text
Size: - Virtual size: 423KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.%‹¿/
Size: - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.%‹¿/
Size: - Virtual size: 1.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.zip#**.
Size: - Virtual size: 954KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.zip#**.
Size: 1024B - Virtual size: 556B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.zip#**.
Size: 5.2MB - Virtual size: 5.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 79KB - Virtual size: 120KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Samples 7/dd225dc0284234d7ec035b06461bb9e15a5851fa4414d0a3c67541297bef8c64.exe
.exe windows:4 windows x86 arch:x86

56a78d55f3f7af51443e58e0ce2fb5f6

Code Sign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25-05-2021 00:00

Not After

31-12-2028 23:59

Subject

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

Issuer

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Not Before

22-03-2021 00:00

Not After

21-03-2036 23:59

Subject

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

a0:90:43:4a:25:e5:75:a0:15:63:ce:16:25:b1:98:19
Certificate

Issuer

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Not Before

14-02-2023 00:00

Not After

14-02-2024 23:59

Subject

CN=Sefa Eyeoglu,O=Sefa Eyeoglu,ST=Nordrhein-Westfalen,C=DE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21-09-2022 00:00

Not After

21-11-2033 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23-03-2022 00:00

Not After

22-03-2037 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-08-2022 00:00

Not After

09-11-2031 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

19:3e:cb:49:64:99:6f:33:56:c2:6f:fd:ba:87:fa:a9:b9:6d:c4:17:2b:e4:42:2b:41:78:da:86:29:88:db:a0
Signer

Actual PE Digest

19:3e:cb:49:64:99:6f:33:56:c2:6f:fd:ba:87:fa:a9:b9:6d:c4:17:2b:e4:42:2b:41:78:da:86:29:88:db:a0

Digest Algorithm

sha256

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegCreateKeyExW
RegEnumKeyW
RegQueryValueExW
RegSetValueExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
SetFileSecurityW
RegOpenKeyExW
RegEnumValueW

shell32

SHGetSpecialFolderLocation
SHFileOperationW
SHBrowseForFolderW
SHGetPathFromIDListW
ShellExecuteExW
SHGetFileInfoW

ole32

OleInitialize
OleUninitialize
CoCreateInstance
IIDFromString
CoTaskMemFree

comctl32

ord17
ImageList_Create
ImageList_Destroy
ImageList_AddMasked

user32

GetClientRect
EndPaint
DrawTextW
IsWindowEnabled
DispatchMessageW
wsprintfA
CharNextA
CharPrevW
MessageBoxIndirectW
GetDlgItemTextW
SetDlgItemTextW
GetSystemMetrics
FillRect
AppendMenuW
TrackPopupMenu
OpenClipboard
SetClipboardData
CloseClipboard
IsWindowVisible
CallWindowProcW
GetMessagePos
CheckDlgButton
LoadCursorW
SetCursor
GetSysColor
SetWindowPos
GetWindowLongW
PeekMessageW
SetClassLongW
GetSystemMenu
EnableMenuItem
GetWindowRect
ScreenToClient
EndDialog
RegisterClassW
SystemParametersInfoW
CreateWindowExW
GetClassInfoW
DialogBoxParamW
CharNextW
ExitWindowsEx
DestroyWindow
CreateDialogParamW
SetTimer
SetWindowTextW
PostQuitMessage
SetForegroundWindow
ShowWindow
wsprintfW
SendMessageTimeoutW
FindWindowExW
IsWindow
GetDlgItem
SetWindowLongW
LoadImageW
GetDC
ReleaseDC
EnableWindow
InvalidateRect
SendMessageW
DefWindowProcW
BeginPaint
EmptyClipboard
CreatePopupMenu

gdi32

SetBkMode
SetBkColor
GetDeviceCaps
CreateFontIndirectW
CreateBrushIndirect
DeleteObject
SetTextColor
SelectObject

kernel32

GetExitCodeProcess
WaitForSingleObject
GetModuleHandleA
GetProcAddress
GetSystemDirectoryW
lstrcatW
Sleep
lstrcpyA
WriteFile
GetTempFileNameW
CreateFileW
lstrcmpiA
RemoveDirectoryW
CreateProcessW
CreateDirectoryW
GetLastError
CreateThread
GlobalLock
GlobalUnlock
GetDiskFreeSpaceW
WideCharToMultiByte
lstrcpynW
lstrlenW
SetErrorMode
GetVersionExW
GetCommandLineW
GetTempPathW
GetWindowsDirectoryW
SetEnvironmentVariableW
CopyFileW
ExitProcess
GetCurrentProcess
GetModuleFileNameW
GetFileSize
GetTickCount
MulDiv
SetFileAttributesW
GetFileAttributesW
SetCurrentDirectoryW
MoveFileW
GetFullPathNameW
GetShortPathNameW
SearchPathW
CompareFileTime
SetFileTime
CloseHandle
lstrcmpiW
lstrcmpW
ExpandEnvironmentStringsW
GlobalFree
GlobalAlloc
GetModuleHandleW
LoadLibraryExW
MoveFileExW
FreeLibrary
WritePrivateProfileStringW
GetPrivateProfileStringW
lstrlenA
MultiByteToWideChar
ReadFile
SetFilePointer
FindClose
FindNextFileW
FindFirstFileW
DeleteFileW

Sections

.text
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 172KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 176KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Samples 7/dde59b015e0acd1910513cf1da07f3b17d6530816d663c102ed9ad6ab6d575a5.exe
.exe windows:4 windows x86 arch:x86

32569d67dc210c5cb9a759b08da2bdb3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

oleaut32

SysStringLen
SysAllocStringLen
VariantClear

user32

DialogBoxParamW
SetWindowLongW
GetWindowLongW
GetDlgItem
LoadStringW
CharUpperW
DestroyWindow
EndDialog
PostMessageW
SetWindowTextW
ShowWindow
MessageBoxW
SendMessageW
LoadIconW
KillTimer
SetTimer

shell32

ShellExecuteExW

msvcrt

_controlfp
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_XcptFilter
_exit
?terminate@@YAXXZ
??1type_info@@UAE@XZ
_except_handler3
_beginthreadex
memset
wcsstr
free
malloc
memcpy
_CxxThrowException
_purecall
memmove
memcmp
wcscmp
__CxxFrameHandler

kernel32

WaitForSingleObject
GetStartupInfoA
InitializeCriticalSection
ResetEvent
SetEvent
CreateEventW
lstrlenW
lstrcatW
VirtualFree
VirtualAlloc
Sleep
WaitForMultipleObjects
GetFileInformationByHandle
GetStdHandle
GlobalMemoryStatus
GetSystemInfo
GetCurrentProcess
GetProcessAffinityMask
SetEndOfFile
WriteFile
ReadFile
SetFilePointer
GetFileSize
GetFileAttributesW
GetModuleHandleA
FindNextFileW
FindFirstFileW
FindClose
GetCurrentThreadId
GetTickCount
GetCurrentProcessId
GetTempPathW
GetCurrentDirectoryW
SetCurrentDirectoryW
SetLastError
DeleteFileW
CreateDirectoryW
GetModuleHandleW
GetProcAddress
RemoveDirectoryW
SetFileAttributesW
CreateFileW
SetFileTime
GetSystemDirectoryW
FormatMessageW
LocalFree
GetModuleFileNameW
LoadLibraryExW
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetLastError
GetVersionExW
GetCommandLineW
CreateProcessW
CloseHandle

Sections

.text
Size: 102KB - Virtual size: 101KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.sxdata
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Samples 7/e396aa398fb1fa0f6c9db780211f758649e9a1f26bb5a2e7026b1cfec6ea9c0d.exe
.exe windows:4 windows x86 arch:x86

02ee4d97128ded731f4f59ac97a7dc60

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

oleaut32

SysFreeString
SysReAllocStringLen
SysAllocStringLen
SafeArrayPtrOfIndex
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayCreate
VariantChangeType
VariantCopy
VariantClear
VariantInit

advapi32

RegQueryValueExA
RegOpenKeyExA
RegCloseKey
RegQueryValueExA
RegOpenKeyExA
RegFlushKey
RegCloseKey

user32

GetKeyboardType
DestroyWindow
LoadStringA
MessageBoxA
CharNextA
CreateWindowExA
WindowFromPoint
WaitMessage
UpdateWindow
UnregisterClassA
UnhookWindowsHookEx
TranslateMessage
TranslateMDISysAccel
TrackPopupMenu
SystemParametersInfoA
ShowWindow
ShowScrollBar
ShowOwnedPopups
SetWindowsHookExA
SetWindowTextA
SetWindowPos
SetWindowPlacement
SetWindowLongW
SetWindowLongA
SetTimer
SetScrollRange
SetScrollPos
SetScrollInfo
SetRect
SetPropA
SetParent
SetMenuItemInfoA
SetMenu
SetForegroundWindow
SetFocus
SetCursor
SetClassLongA
SetCapture
SetActiveWindow
SendMessageW
SendMessageA
ScrollWindow
ScreenToClient
RemovePropA
RemoveMenu
ReleaseDC
ReleaseCapture
RegisterWindowMessageA
RegisterClipboardFormatA
RegisterClassA
RedrawWindow
PtInRect
PostQuitMessage
PostMessageA
PeekMessageW
PeekMessageA
OffsetRect
OemToCharA
MessageBoxA
MapWindowPoints
MapVirtualKeyA
LoadStringA
LoadKeyboardLayoutA
LoadIconA
LoadCursorA
LoadBitmapA
KillTimer
IsZoomed
IsWindowVisible
IsWindowUnicode
IsWindowEnabled
IsWindow
IsRectEmpty
IsMenu
IsIconic
IsDialogMessageW
IsDialogMessageA
IsChild
InvalidateRect
IntersectRect
InsertMenuItemA
InsertMenuA
InflateRect
GetWindowThreadProcessId
GetWindowTextLengthA
GetWindowTextA
GetWindowRect
GetWindowPlacement
GetWindowLongW
GetWindowLongA
GetWindowDC
GetTopWindow
GetSystemMetrics
GetSystemMenu
GetSysColorBrush
GetSysColor
GetSubMenu
GetScrollRange
GetScrollPos
GetScrollInfo
GetPropA
GetParent
GetWindow
GetMessagePos
GetMenuStringA
GetMenuState
GetMenuItemInfoA
GetMenuItemID
GetMenuItemCount
GetMenuContextHelpId
GetMenu
GetLastActivePopup
GetKeyboardState
GetKeyboardLayoutNameA
GetKeyboardLayoutList
GetKeyboardLayout
GetKeyState
GetKeyNameTextA
GetKBCodePage
GetIconInfo
GetForegroundWindow
GetFocus
GetDesktopWindow
GetDCEx
GetDC
GetCursorPos
GetCursor
GetClipboardData
GetClientRect
GetClassLongA
GetClassInfoA
GetCapture
GetActiveWindow
FrameRect
FindWindowA
FillRect
EqualRect
EnumWindows
EnumThreadWindows
EnumChildWindows
EndPaint
EnableWindow
EnableScrollBar
EnableMenuItem
DrawTextA
DrawMenuBar
DrawIconEx
DrawIcon
DrawFrameControl
DrawEdge
DispatchMessageW
DispatchMessageA
DestroyWindow
DestroyMenu
DestroyIcon
DestroyCursor
DestroyCaret
DeleteMenu
DefWindowProcA
DefMDIChildProcA
DefFrameProcA
CreatePopupMenu
CreateMenu
CreateIcon
ClientToScreen
CheckMenuItem
CallWindowProcA
CallNextHookEx
BeginPaint
CharNextA
CharLowerBuffA
CharLowerA
CharToOemA
AdjustWindowRectEx
ActivateKeyboardLayout

kernel32

GetACP
Sleep
VirtualFree
VirtualAlloc
GetCurrentThreadId
InterlockedDecrement
InterlockedIncrement
VirtualQuery
WideCharToMultiByte
MultiByteToWideChar
lstrlenA
lstrcpynA
LoadLibraryExA
GetThreadLocale
GetStartupInfoA
GetProcAddress
GetModuleHandleA
GetModuleFileNameA
GetLocaleInfoA
GetCommandLineA
FreeLibrary
FindFirstFileA
FindClose
ExitProcess
CompareStringA
WriteFile
UnhandledExceptionFilter
RtlUnwind
RaiseException
GetStdHandle
TlsSetValue
TlsGetValue
LocalAlloc
GetModuleHandleA
lstrcpyA
WriteFile
WaitForSingleObject
VirtualQuery
VirtualAlloc
SizeofResource
SetThreadLocale
SetFilePointer
SetEvent
SetErrorMode
SetEndOfFile
ResetEvent
ReadFile
MulDiv
LockResource
LoadResource
LoadLibraryA
LeaveCriticalSection
InitializeCriticalSection
InitAtomTable
GlobalFindAtomA
GlobalDeleteAtom
GlobalAddAtomA
GetVersionExA
GetVersion
GetUserDefaultLCID
GetTickCount
GetThreadLocale
GetStdHandle
GetProcAddress
GetModuleHandleA
GetModuleFileNameA
GetLocaleInfoA
GetLocalTime
GetLastError
GetFullPathNameA
GetDriveTypeA
GetDiskFreeSpaceA
GetDateFormatA
GetCurrentThreadId
GetCurrentThread
GetCurrentProcessId
GetCPInfo
FreeResource
InterlockedExchange
FreeLibrary
FormatMessageA
FindResourceA
EnumCalendarInfoA
EnterCriticalSection
DeleteCriticalSection
CreateThread
CreateFileA
CreateEventA
CompareStringA
CloseHandle
CancelWaitableTimer
AddAtomA
Sleep
GetConsoleWindow

gdi32

UnrealizeObject
StretchBlt
SetWindowOrgEx
SetWinMetaFileBits
SetViewportOrgEx
SetTextColor
SetStretchBltMode
SetROP2
SetPixel
SetEnhMetaFileBits
SetDIBColorTable
SetBrushOrgEx
SetBkMode
SetBkColor
SelectPalette
SelectObject
SaveDC
RoundRect
RestoreDC
Rectangle
RectVisible
RealizePalette
PlayEnhMetaFile
PatBlt
MoveToEx
MaskBlt
LineTo
IntersectClipRect
GetWindowOrgEx
GetWinMetaFileBits
GetTextMetricsA
GetTextExtentPoint32A
GetSystemPaletteEntries
GetStockObject
GetRgnBox
GetPixel
GetPaletteEntries
GetObjectType
GetObjectA
GetEnhMetaFilePaletteEntries
GetEnhMetaFileHeader
GetEnhMetaFileBits
GetDeviceCaps
GetDIBits
GetDIBColorTable
GetDCOrgEx
GetCurrentPositionEx
GetClipBox
GetBrushOrgEx
GetBitmapBits
ExcludeClipRect
EndDoc
Ellipse
DeleteObject
DeleteEnhMetaFile
DeleteDC
CreateSolidBrush
CreatePenIndirect
CreatePalette
CreateHalftonePalette
CreateFontIndirectA
CreateDIBitmap
CreateDIBSection
CreateCompatibleDC
CreateCompatibleBitmap
CreateBrushIndirect
CreateBitmap
CopyEnhMetaFileA
BitBlt

version

VerQueryValueA
GetFileVersionInfoSizeA
GetFileVersionInfoA

comctl32

_TrackMouseEvent
ImageList_SetIconSize
ImageList_GetIconSize
ImageList_Write
ImageList_Read
ImageList_GetDragImage
ImageList_DragShowNolock
ImageList_DragMove
ImageList_DragLeave
ImageList_DragEnter
ImageList_EndDrag
ImageList_BeginDrag
ImageList_Remove
ImageList_DrawEx
ImageList_Draw
ImageList_GetBkColor
ImageList_SetBkColor
ImageList_Add
ImageList_GetImageCount
ImageList_Destroy
ImageList_Create

Sections

.text
Size: 411KB - Virtual size: 410KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 13KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 52B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Samples 7/e5474bdcb0a87bd6c1c74d6a2fd6cff6c8ff913248b84e22c1ef5e82cb6f5cde.exe
.exe windows:5 windows x86 arch:x86

107ce26529ae294c1f1bd78f8930ce3e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetLastError
CloseHandle
WideCharToMultiByte
MoveFileW
DeleteFileW
CreateDirectoryW
SetFileAttributesW
GetTempPathW
GetTempFileNameW
MoveFileExW
lstrlenW
CreateFileW
InitializeCriticalSection
ReadFile
WriteFile
GetModuleFileNameW
CreateProcessW
Sleep
GetSystemTime
FileTimeToLocalFileTime
RaiseException
InitializeCriticalSectionAndSpinCount
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetCurrentProcess
LoadLibraryW
GetProcAddress
MultiByteToWideChar
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
FileTimeToSystemTime
SystemTimeToFileTime
GetLocalTime
GetModuleHandleW
GetComputerNameW
GetFileSize
SetStdHandle
WriteConsoleW
GetStringTypeW
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetLocaleInfoW
GetUserDefaultLCID
FlushFileBuffers
InterlockedIncrement
InterlockedDecrement
EncodePointer
DecodePointer
GetCommandLineW
HeapSetInformation
GetStartupInfoW
GetCurrentThreadId
RtlUnwind
LCMapStringW
GetCPInfo
SetUnhandledExceptionFilter
ExitProcess
GetStdHandle
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
SetLastError
HeapCreate
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
UnhandledExceptionFilter
IsDebuggerPresent
IsProcessorFeaturePresent
GetConsoleCP
GetConsoleMode
GetACP
GetOEMCP
IsValidCodePage
SetFilePointer
SetEndOfFile

advapi32

RegCreateKeyExW
RegQueryValueExW
CloseServiceHandle
StartServiceW
ChangeServiceConfigW
QueryServiceConfigW
OpenServiceW
OpenSCManagerW
RegSetValueExW
RegOpenKeyExW
RegCloseKey
CryptReleaseContext
CryptGenRandom
CryptAcquireContextW
GetUserNameW
GetUserNameA
FreeSid
CheckTokenMembership
AllocateAndInitializeSid

ole32

CoCreateInstance
CoInitialize

shell32

ShellExecuteW
SHGetSpecialFolderPathW

shlwapi

PathAppendW
PathAddExtensionW
PathFileExistsW
PathIsRootW
PathRemoveExtensionW

Sections

.text
Size: 133KB - Virtual size: 132KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 218KB - Virtual size: 240KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Samples 7/e63f3efc1462f054169998d9bdb7e5b2ca0cb78b393e978880458965472f76de.exe
.exe windows:4 windows x86 arch:x86

32569d67dc210c5cb9a759b08da2bdb3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

oleaut32

SysStringLen
SysAllocStringLen
VariantClear

user32

DialogBoxParamW
SetWindowLongW
GetWindowLongW
GetDlgItem
LoadStringW
CharUpperW
DestroyWindow
EndDialog
PostMessageW
SetWindowTextW
ShowWindow
MessageBoxW
SendMessageW
LoadIconW
KillTimer
SetTimer

shell32

ShellExecuteExW

msvcrt

_controlfp
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_XcptFilter
_exit
?terminate@@YAXXZ
??1type_info@@UAE@XZ
_except_handler3
_beginthreadex
memset
wcsstr
free
malloc
memcpy
_CxxThrowException
_purecall
memmove
memcmp
wcscmp
__CxxFrameHandler

kernel32

WaitForSingleObject
GetStartupInfoA
InitializeCriticalSection
ResetEvent
SetEvent
CreateEventW
lstrlenW
lstrcatW
VirtualFree
VirtualAlloc
Sleep
WaitForMultipleObjects
GetFileInformationByHandle
GetStdHandle
GlobalMemoryStatus
GetSystemInfo
GetCurrentProcess
GetProcessAffinityMask
SetEndOfFile
WriteFile
ReadFile
SetFilePointer
GetFileSize
GetFileAttributesW
GetModuleHandleA
FindNextFileW
FindFirstFileW
FindClose
GetCurrentThreadId
GetTickCount
GetCurrentProcessId
GetTempPathW
GetCurrentDirectoryW
SetCurrentDirectoryW
SetLastError
DeleteFileW
CreateDirectoryW
GetModuleHandleW
GetProcAddress
RemoveDirectoryW
SetFileAttributesW
CreateFileW
SetFileTime
GetSystemDirectoryW
FormatMessageW
LocalFree
GetModuleFileNameW
LoadLibraryExW
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetLastError
GetVersionExW
GetCommandLineW
CreateProcessW
CloseHandle

Sections

.text
Size: 102KB - Virtual size: 101KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.sxdata
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Samples 7/e99f3824ab81860db9ae48fac88f7530d0b5a8a450e16d85580c9cc57d064ea6.exe
.exe windows:5 windows x86 arch:x86

02092086b561197a5785bb7f7e402554

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetSystemDefaultLangID
FindFirstFileW
WriteConsoleInputW
lstrlenA
OpenJobObjectA
ReadConsoleA
GetConsoleAliasA
WaitNamedPipeA
WriteConsoleInputA
AddConsoleAliasW
FlushConsoleInputBuffer
SetTapeParameters
MoveFileWithProgressA
ConvertFiberToThread
ExpandEnvironmentStringsA
GetPrivateProfileStringW
GetWindowsDirectoryA
GetCompressedFileSizeW
GetConsoleAliasExesW
CreateActCtxW
GetEnvironmentStrings
GetPrivateProfileIntA
LoadLibraryW
SetCommConfig
FatalAppExitW
_hread
GetSystemPowerStatus
HeapDestroy
GetFileAttributesA
ReplaceFileW
IsDBCSLeadByte
GetTimeZoneInformation
FindNextVolumeMountPointW
VirtualUnlock
EnumSystemLocalesA
GetConsoleOutputCP
GetConsoleAliasesW
GetStartupInfoA
FindFirstFileA
GetLastError
SetLastError
GetProcAddress
WriteProfileSectionA
RemoveDirectoryA
CopyFileA
GlobalGetAtomNameA
SetFileApisToOEM
LocalAlloc
SetConsoleCtrlHandler
CreateEventW
FoldStringA
GlobalFindAtomW
GetModuleHandleA
SetLocaleInfoW
FindNextFileW
GetStringTypeW
VirtualProtect
GetCurrentDirectoryA
CompareStringA
GetShortPathNameW
OpenSemaphoreW
ReadConsoleInputW
FindFirstVolumeW
GetCurrentProcessId
MoveFileWithProgressW
ReadConsoleOutputCharacterW
EnumSystemLocalesW
DeleteFileA
ExpandEnvironmentStringsW
CreateFileW
WriteConsoleW
InterlockedIncrement
InterlockedDecrement
EncodePointer
DecodePointer
Sleep
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
HeapFree
GetCommandLineW
HeapSetInformation
GetStartupInfoW
RaiseException
RtlUnwind
HeapAlloc
WideCharToMultiByte
LCMapStringW
MultiByteToWideChar
GetCPInfo
IsProcessorFeaturePresent
HeapCreate
HeapSize
GetModuleHandleW
ExitProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
TerminateProcess
GetCurrentProcess
SetFilePointer
WriteFile
GetStdHandle
GetModuleFileNameW
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
InitializeCriticalSectionAndSpinCount
GetFileType
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetCurrentThreadId
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
GetLocaleInfoW
GetACP
GetOEMCP
IsValidCodePage
GetUserDefaultLCID
GetLocaleInfoA
IsValidLocale
HeapReAlloc
SetStdHandle
GetConsoleCP
GetConsoleMode
FlushFileBuffers
CloseHandle

user32

CharUpperA

Sections

.text
Size: 176KB - Virtual size: 176KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 3.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 68KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Samples 7/e9c49519d313aa6bb790838f020b991b862bead9aaf2a3a665004a8d284973ea.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 767KB - Virtual size: 767KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Samples 7/e9c61a893b569c4af984f03b39ae1e0850dff66cc9ce743156a0612021ba2cf7.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 612KB - Virtual size: 612KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Samples 7/ea8e29d73139cc53e5ecf03f229c27ecec1f4f54a34a3781aab5f0e59596f2ee.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 349KB - Virtual size: 348KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Samples 7/eba7c64e693a1092dfc9dce17576a7a638c1858dcf69d14534a2f462bce03b23.exe
.exe windows:5 windows x86 arch:x86

0de22beb7d273dd9309db5681165b004

Code Sign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25-05-2021 00:00

Not After

31-12-2028 23:59

Subject

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-08-2022 00:00

Not After

09-11-2031 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

Issuer

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Not Before

22-03-2021 00:00

Not After

21-03-2036 23:59

Subject

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

18:39:af:85:74:aa:0e:80:c3:71:d9:80:34:61:dd:7b
Certificate

Issuer

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Not Before

13-01-2022 00:00

Not After

12-01-2025 23:59

Subject

CN=ADLICE,O=ADLICE,ST=Loire-Atlantique,C=FR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23-03-2022 00:00

Not After

22-03-2037 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14-07-2023 00:00

Not After

13-10-2034 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

f0:d7:c7:10:84:8a:f4:36:f3:f5:46:ec:3c:60:49:ac:c6:a0:9b:f7
Signer

Actual PE Digest

f0:d7:c7:10:84:8a:f4:36:f3:f5:46:ec:3c:60:49:ac:c6:a0:9b:f7

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

opengl32

glLineWidth
glIsTexture
glIsEnabled
glHint
glGetTexParameteriv
glGetTexParameterfv
glGetString
glGetIntegerv
glGetFloatv
glGetError
glPixelStorei
glPolygonOffset
glReadPixels
glScissor
glStencilFunc
glStencilMask
glStencilOp
glTexImage2D
glTexParameterf
glTexParameterfv
glTexParameteri
glTexParameteriv
glTexSubImage2D
glViewport
glGetBooleanv
glGenTextures
glFrontFace
glFlush
glFinish
glEnable
glDrawElements
glDrawArrays
glDisable
glDepthRange
glDepthMask
glDepthFunc
glDeleteTextures
glCullFace
glCopyTexSubImage2D
glCopyTexImage2D
glColorMask
glClearStencil
glClearDepth
glClearColor
glClear
glBlendFunc
glBindTexture

ws2_32

getnameinfo
freeaddrinfo
getaddrinfo
WSAIoctl

winmm

PlaySoundW

kernel32

HeapSize
GetProcessHeap
RaiseException
LoadResource
SizeofResource
lstrcmpiW
LoadLibraryExW
GetModuleFileNameW
FindResourceW
MapViewOfFile
UnmapViewOfFile
CreateFileMappingW
DeviceIoControl
LocalAlloc
VirtualAlloc
VirtualFree
GetFileInformationByHandle
GetFileType
SetFilePointerEx
lstrlenW
GetDiskFreeSpaceW
QueryDosDeviceW
IsBadReadPtr
IsBadWritePtr
GetVolumeNameForVolumeMountPointW
GetVolumePathNameW
lstrcmpA
lstrcpyW
GetCurrentThread
ResumeThread
GetModuleFileNameA
GetEnvironmentVariableW
OutputDebugStringA
GetVersionExA
CreateThread
OpenThread
WriteProcessMemory
CreateRemoteThread
Module32FirstW
Module32NextW
DefineDosDeviceW
SetFilePointer
GlobalAlloc
GlobalFree
GetCurrentThreadId
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleExW
GetStdHandle
SwitchToFiber
DeleteFiber
CreateFiber
QueryPerformanceCounter
GetSystemTimeAsFileTime
ConvertFiberToThread
ConvertThreadToFiber
LoadLibraryA
GetConsoleMode
SetConsoleMode
ReadConsoleA
ReadConsoleW
FormatMessageA
InitializeCriticalSection
SleepEx
QueryPerformanceFrequency
GetSystemDirectoryA
VerifyVersionInfoA
ExpandEnvironmentStringsA
CreateFileMappingA
SwitchToThread
CompareStringW
GetUserDefaultLCID
SetThreadPriority
GetThreadPriority
WaitForSingleObjectEx
GetLocalTime
OutputDebugStringW
GetStartupInfoW
GetCurrencyFormatW
GetUserDefaultUILanguage
GetLogicalDrives
SetEndOfFile
FindCloseChangeNotification
FindFirstChangeNotificationW
FindNextChangeNotification
FindFirstFileExW
GetTimeZoneInformation
IsValidLanguageGroup
IsValidLocale
GetUserDefaultLangID
HeapFree
GlobalUnlock
GlobalLock
GlobalSize
GetThreadLocale
GetVolumeInformationW
GetDriveTypeW
GetUserGeoID
GetGeoInfoW
GetLocaleInfoW
GetTempFileNameW
GetTempPathW
CancelIo
WaitNamedPipeW
CreateNamedPipeW
PeekNamedPipe
SetNamedPipeHandleState
DisconnectNamedPipe
ConnectNamedPipe
SetHandleInformation
FlushFileBuffers
ReadFile
WriteFile
GetOverlappedResult
CreateEventW
WaitForMultipleObjects
ResetEvent
CloseHandle
OpenProcess
ReadProcessMemory
LockFileEx
UnlockFile
HeapCompact
DeleteFileA
FlushViewOfFile
GetFileAttributesA
GetDiskFreeSpaceA
GetTempPathA
HeapValidate
UnlockFileEx
LockFile
AreFileApisANSI
VirtualQueryEx
CreateFileA
HeapCreate
GetFileSize
GetFileSizeEx
LockResource
GetPrivateProfileStringW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetOEMCP
IsValidCodePage
FindNextFileA
FindFirstFileExA
WriteConsoleW
SetEnvironmentVariableA
EnumSystemLocalesW
GetACP
GetConsoleCP
SetStdHandle
GetFullPathNameA
GetCommandLineA
FreeLibraryAndExitThread
ExitThread
SetConsoleCtrlHandler
InterlockedPushEntrySList
IsDebuggerPresent
InitializeSListHead
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsProcessorFeaturePresent
GetCPInfo
EncodePointer
GetStringTypeW
HeapReAlloc
HeapAlloc
HeapDestroy
InterlockedDecrement
InterlockedIncrement
DecodePointer
GetTickCount
CreateMutexW
ReleaseMutex
SetEvent
Thread32Next
Thread32First
Process32NextW
Process32FirstW
GetModuleHandleW
CreateToolhelp32Snapshot
TerminateJobObject
AssignProcessToJobObject
CreateJobObjectW
CreateProcessW
DuplicateHandle
WaitForSingleObject
SetLastError
TerminateThread
GetProcessId
GetExitCodeProcess
CheckRemoteDebuggerPresent
TerminateProcess
GetProcessTimes
GetCurrentProcessId
GetCommandLineW
GetVersionExW
VerSetConditionMask
MoveFileExW
MoveFileW
CopyFileW
FindNextFileW
FindFirstFileW
DeleteFileW
GetFileAttributesExW
GetFileAttributesW
SetFileAttributesW
CreateFileW
RemoveDirectoryW
CreateDirectoryW
GetFileTime
FindClose
GetFullPathNameW
ExpandEnvironmentStringsW
GetShortPathNameW
DeleteCriticalSection
TryEnterCriticalSection
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
GetDateFormatW
GetTimeFormatW
CompareFileTime
FileTimeToSystemTime
SystemTimeToFileTime
TzSpecificLocalTimeToSystemTime
SystemTimeToTzSpecificLocalTime
GetSystemTime
GetCurrentProcess
GetComputerNameW
GetCurrentDirectoryW
GetSystemDirectoryW
LoadLibraryW
FormatMessageW
GetSystemTimes
GetProcAddress
GetSystemInfo
Sleep
SetErrorMode
GetLastError
LocalFree
FreeLibrary
WideCharToMultiByte
MultiByteToWideChar
ExitProcess
GetModuleHandleA
GetConsoleWindow
lstrcmpW
GetLongPathNameW
LCMapStringW

user32

SetForegroundWindow
GetForegroundWindow
ReleaseCapture
SetCapture
GetCursor
LoadCursorW
CreateCursor
GetCursorInfo
TrackMouseEvent
GetMessageExtraInfo
GetWindowTextW
RealGetWindowClassW
CreateWindowExW
DefWindowProcW
SendMessageW
RegisterWindowMessageW
EnableMenuItem
GetSystemMenu
GetIconInfo
GetCapture
SetFocus
SystemParametersInfoW
GetSysColor
DestroyIcon
GetWindowThreadProcessId
DrawIconEx
ReleaseDC
BeginPaint
EndPaint
GetUpdateRect
InvalidateRect
SetWindowTextW
GetWindowRect
AdjustWindowRectEx
SetCursor
ClientToScreen
ScreenToClient
GetDesktopWindow
GetParent
SetParent
DestroyCursor
GetAncestor
SetCursorPos
GetClipboardFormatNameW
GetDC
IsIconic
IsWindowVisible
SetWindowPlacement
GetWindowPlacement
GetSystemMetrics
GetKeyboardLayoutList
GetClassInfoW
RegisterClassExW
GetFocus
GetClientRect
GetCursorPos
ChildWindowFromPointEx
GetSysColorBrush
LoadImageW
GetMonitorInfoW
EnumDisplayMonitors
LoadIconW
SetClipboardViewer
ChangeClipboardChain
RegisterClipboardFormatW
GetAsyncKeyState
GetKeyboardLayout
MoveWindow
FlashWindowEx
SetWindowPos
IsChild
MessageBeep
CreateCaret
DestroyCaret
HideCaret
SetCaretPos
IsZoomed
GetKeyState
GetKeyboardState
ToAscii
ToUnicode
MapVirtualKeyW
GetMenu
TrackPopupMenuEx
SetWindowRgn
MessageBoxW
CreateIconIndirect
PostMessageW
ShowWindow
GetShellWindow
EnumWindows
DestroyWindow
SetMenuItemInfoW
SendInput
GetClassNameW
EnumChildWindows
UnregisterClassW
CharNextW
GetProcessWindowStation
GetUserObjectInformationW
SendMessageA
FindWindowA
TranslateMessage
DispatchMessageW
PeekMessageW
RegisterClassW
GetQueueStatus
MsgWaitForMultipleObjectsEx
SetTimer
KillTimer
GetWindowLongW
SetWindowLongW
SetWindowsHookExW
UnhookWindowsHookEx
CallNextHookEx
CharNextExA
GetDoubleClickTime
GetCaretBlinkTime
NotifyWinEvent

gdi32

CreateFontIndirectW
GetFontData
EnumFontFamiliesExW
AddFontResourceExW
RemoveFontResourceExW
CreateDCW
CreateCompatibleBitmap
GetDeviceCaps
CreateCompatibleDC
DeleteDC
DeleteObject
GetDIBits
SelectObject
OffsetRgn
CreateDIBSection
CombineRgn
CreateRectRgn
GetRegionData
SelectClipRgn
GdiFlush
CreateBitmap
GetObjectW
BitBlt
GetStockObject
AddFontMemResourceEx
RemoveFontMemResourceEx
GetTextMetricsW
GetTextFaceW
ChoosePixelFormat
DescribePixelFormat
GetPixelFormat
SwapBuffers
GetBitmapBits
GetCharABCWidthsW
GetGlyphOutlineW
GetOutlineTextMetricsW
GetTextExtentPoint32W
GetCharABCWidthsI
SetBkMode
SetGraphicsMode
SetTextColor
SetTextAlign
SetWorldTransform
ExtTextOutW
SetPixelFormat
GetCharABCWidthsFloatW

shell32

Shell_NotifyIconW
SHGetMalloc
ord51
ShellExecuteW
CommandLineToArgvW
ShellExecuteExW
SHGetFolderPathW
SHGetSpecialFolderPathW
SHGetFileInfoW
SHGetPathFromIDListW
SHBrowseForFolderW
ExtractIconExW

ole32

StringFromCLSID
StringFromGUID2
CoCreateGuid
CoTaskMemFree
CoUninitialize
CoInitializeEx
CoInitializeSecurity
CoCreateInstance
CoTaskMemAlloc
CoTaskMemRealloc
CoSetProxyBlanket
CoInitialize
CoLockObjectExternal
RegisterDragDrop
RevokeDragDrop
OleInitialize
OleUninitialize
OleSetClipboard
OleGetClipboard
OleFlushClipboard
OleIsCurrentClipboard
DoDragDrop
ReleaseStgMedium
CoGetMalloc

oleaut32

SafeArrayCreate
SystemTimeToVariantTime
VariantChangeType
SysAllocStringLen
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayDestroy
VarUI4FromStr
VariantClear
VariantInit
SysStringLen
SysFreeString
SysAllocString

advapi32

RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
RegCloseKey
GetUserNameW
DuplicateTokenEx
CreateProcessAsUserW
SetEntriesInAclW
CheckTokenMembership
LookupPrivilegeValueW
SetSecurityDescriptorOwner
SetSecurityDescriptorDacl
IsValidSecurityDescriptor
InitializeSecurityDescriptor
InitializeAcl
FreeSid
AllocateAndInitializeSid
AdjustTokenPrivileges
GetTokenInformation
OpenProcessToken
RegEnumKeyExW
RegOpenKeyExW
RegQueryInfoKeyW
RegSetValueExW
IsValidSid
GetLengthSid
CopySid
LookupAccountSidW
LookupAccountNameW
ConvertSidToStringSidW
ConvertStringSidToSidW
RegEnumValueW
GetAce
RegGetKeySecurity
RegSetKeySecurity
GetExplicitEntriesFromAclW
GetNamedSecurityInfoW
SetNamedSecurityInfoW
CryptDestroyHash
CryptCreateHash
CryptSignHashW
CryptEnumProvidersW
DeregisterEventSource
RegisterEventSourceW
ReportEventW
CryptAcquireContextW
CryptReleaseContext
CryptDestroyKey
CryptSetHashParam
CryptGetProvParam
CryptGetUserKey
CryptExportKey
CryptDecrypt
GetSecurityInfo
LookupPrivilegeValueA
StartServiceW
SetServiceObjectSecurity
QueryServiceStatusEx
QueryServiceStatus
QueryServiceConfig2W
QueryServiceConfigW
OpenServiceW
OpenSCManagerW
EnumServicesStatusW
CryptGenRandom
EnumDependentServicesW
DeleteService
CreateServiceW
ControlService
CloseServiceHandle
ChangeServiceConfig2W
ChangeServiceConfigW
RegQueryValueExW
RegFlushKey

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

shlwapi

PathRemoveArgsW
PathQuoteSpacesW
PathRemoveBackslashW
PathRemoveExtensionW
PathRemoveFileSpecW
PathSearchAndQualifyW
PathUnquoteSpacesW
PathUnExpandEnvStringsW
StrFormatByteSizeW
AssocQueryStringW
StrDupW
StrCmpIW
PathRemoveBlanksW
PathIsNetworkPathW
PathIsRelativeW
PathIsPrefixW
PathIsDirectoryW
PathGetDriveNumberW
PathGetArgsW
PathAddBackslashW
PathAppendW
PathCommonPrefixW
PathFileExistsW
PathFindExtensionW
PathFindFileNameW

wininet

InternetGetConnectedState

psapi

GetModuleInformation
GetProcessImageFileNameW
GetModuleFileNameExW
GetModuleBaseNameW

userenv

GetProfilesDirectoryW
DestroyEnvironmentBlock
CreateEnvironmentBlock

wsock32

inet_ntoa
getsockname
getsockopt
ntohs
WSAStartup
WSACleanup
WSAGetLastError
recv
send
WSASetLastError
accept
bind
connect
listen
setsockopt
socket
getpeername
htons
__WSAFDIsSet
select
htonl
recvfrom
sendto
gethostname
WSAAsyncSelect
shutdown
closesocket

ntdll

NtQueryVirtualMemory
RtlUnwind
memcmp
islower
isupper
bsearch
wcsncmp
wcstombs
strpbrk
strtol
atoi
_stricmp
_strnicmp
strtoul
strspn
strcmp
strrchr
strncpy
qsort
NtQuerySystemInformation
NtQueryKey
NtCreateKey
NtSetValueKey
NtDeleteValueKey
NtDeleteKey
NtOpenKey
wcsstr
isalnum
_wtoi64
_wcsicmp
memchr
tolower
toupper
isspace
strstr
isdigit
wcsrchr
floor
strchr
ceil
strncmp
memset
memcpy
memmove
wcschr
RtlInitUnicodeString
NtLoadDriver
NtUnloadDriver
towupper
isprint
strcspn

crypt32

CryptQueryObject
CryptMsgClose
CryptMsgGetParam
CertCloseStore
CertFindCertificateInStore
CertGetCertificateContextProperty
CertDuplicateCertificateContext
CertEnumCertificatesInStore
CertOpenStore
CertGetNameStringW
CertNameToStrW
CertFreeCertificateContext
CryptDecodeObject

wintrust

CryptCATAdminReleaseCatalogContext
WinVerifyTrust
CryptCATAdminEnumCatalogFromHash
CryptCATAdminCalcHashFromFileHandle
CryptCATCatalogInfoFromContext
CryptCATAdminAcquireContext
CryptCATAdminReleaseContext

wtsapi32

WTSQueryUserToken
WTSEnumerateSessionsW

mpr

WNetGetConnectionW

imm32

ImmGetCompositionStringW
ImmGetDefaultIMEWnd
ImmGetContext
ImmReleaseContext
ImmAssociateContext
ImmNotifyIME
ImmSetCompositionWindow
ImmSetCandidateWindow
ImmGetVirtualKey

Sections

.text
Size: 13.1MB - Virtual size: 13.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5.8MB - Virtual size: 5.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 208KB - Virtual size: 377KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 13B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.qtmetad
Size: 1024B - Virtual size: 588B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 1024B - Virtual size: 528B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 292B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 5.9MB - Virtual size: 5.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Samples 8/ebb6fad910c99d151b30733b624e8f7e555eb7de7caaa66d65b9e7114c433f56.exe
.exe windows:4 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

.text
Size: 37KB - Virtual size: 36KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Samples 8/ebc207c310f6738099c6e4522b022b4c18fcbb3a0c385b1a8d71fc411285ca48.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 666KB - Virtual size: 666KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Samples 8/ef2a03f03f9748effd79d71d7684347792f9748b7bbb18843bd382570e4d332e.exe
.exe windows:6 windows x86 arch:x86

f4a871a2917ab02363311f9479a45646

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

WinExec
CreateDirectoryA
IsWow64Process
lstrcatA
GetModuleHandleA
lstrcpyA
SystemTimeToFileTime
lstrlenA
HeapAlloc
GetProcAddress
lstrcpynA
GetProcessHeap
WriteConsoleW
LocalFree
GetLocalTime
GetWindowsDirectoryA
CloseHandle
DeleteFileA
LoadLibraryA
FileTimeToSystemTime
GetFileAttributesA
GetLastError
CopyFileA
Sleep
LocalAlloc
GetVolumeInformationA
GetCurrentProcess
HeapFree
GetModuleFileNameA
SetEndOfFile
HeapReAlloc
HeapSize
ReadConsoleW
ReadFile
FlushFileBuffers
CreateFileW
GetStringTypeW
SetStdHandle
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
RtlUnwind
RaiseException
SetLastError
EncodePointer
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
ExitProcess
GetModuleHandleExW
GetModuleFileNameW
GetStdHandle
WriteFile
MultiByteToWideChar
LCMapStringW
MoveFileExW
GetFileType
GetConsoleOutputCP
GetConsoleMode
GetFileSizeEx
SetFilePointerEx
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
WideCharToMultiByte
GetEnvironmentStringsW
FreeEnvironmentStringsW
DecodePointer

advapi32

CreateServiceA
RegCloseKey
StartServiceCtrlDispatcherA
GetCurrentHwProfileA
CloseServiceHandle
RegQueryValueExA
SetServiceStatus
RegisterServiceCtrlHandlerA
OpenSCManagerA
GetUserNameA
StartServiceA
RegOpenKeyExA
OpenServiceA

shell32

SHGetSpecialFolderPathA
SHGetFolderPathA
ShellExecuteA

setupapi

SetupDiGetClassDevsA
SetupDiEnumDeviceInterfaces
SetupDiGetDeviceInterfaceDetailA
SetupDiEnumDeviceInfo

Sections

.text
Size: 331KB - Virtual size: 330KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 488B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Samples 8/efb621959cf78ebda987c42334d70311e95e3359a6c149a3a134493d988e3324.exe
.exe windows:5 windows x86 arch:x86

5c55d83b58dbc1f7154223c32a893074

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

ShowWindow
PostQuitMessage
GetMessageA
EndPaint
DispatchMessageA
BeginPaint
TranslateMessage
MoveWindow
CreateWindowExA
RegisterClassExA
DefWindowProcA
MessageBoxA
SendMessageA
DestroyWindow
LoadCursorA
LoadIconA
UpdateWindow
GetWindowRect

kernel32

GetLastError
lstrcpyA
GetModuleHandleA
GetCommandLineA
FindFirstFileA
FormatMessageA
FindClose
FindNextFileA
DeleteFileA
CloseHandle
GetCPInfo
GetACP
CreateFileA

gdi32

CreateFontIndirectA

Sections

.text
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 542B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Samples 8/f25e4213555bb2e557f66fb99d91a03972c1882ca8c2ac8748e25fc09798e2be.exe
.exe windows:4 windows x86 arch:x86

32569d67dc210c5cb9a759b08da2bdb3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

oleaut32

SysStringLen
SysAllocStringLen
VariantClear

user32

DialogBoxParamW
SetWindowLongW
GetWindowLongW
GetDlgItem
LoadStringW
CharUpperW
DestroyWindow
EndDialog
PostMessageW
SetWindowTextW
ShowWindow
MessageBoxW
SendMessageW
LoadIconW
KillTimer
SetTimer

shell32

ShellExecuteExW

msvcrt

_controlfp
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_XcptFilter
_exit
?terminate@@YAXXZ
??1type_info@@UAE@XZ
_except_handler3
_beginthreadex
memset
wcsstr
free
malloc
memcpy
_CxxThrowException
_purecall
memmove
memcmp
wcscmp
__CxxFrameHandler

kernel32

WaitForSingleObject
GetStartupInfoA
InitializeCriticalSection
ResetEvent
SetEvent
CreateEventW
lstrlenW
lstrcatW
VirtualFree
VirtualAlloc
Sleep
WaitForMultipleObjects
GetFileInformationByHandle
GetStdHandle
GlobalMemoryStatus
GetSystemInfo
GetCurrentProcess
GetProcessAffinityMask
SetEndOfFile
WriteFile
ReadFile
SetFilePointer
GetFileSize
GetFileAttributesW
GetModuleHandleA
FindNextFileW
FindFirstFileW
FindClose
GetCurrentThreadId
GetTickCount
GetCurrentProcessId
GetTempPathW
GetCurrentDirectoryW
SetCurrentDirectoryW
SetLastError
DeleteFileW
CreateDirectoryW
GetModuleHandleW
GetProcAddress
RemoveDirectoryW
SetFileAttributesW
CreateFileW
SetFileTime
GetSystemDirectoryW
FormatMessageW
LocalFree
GetModuleFileNameW
LoadLibraryExW
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetLastError
GetVersionExW
GetCommandLineW
CreateProcessW
CloseHandle

Sections

.text
Size: 102KB - Virtual size: 101KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.sxdata
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Samples 8/f2866d013e000884415fa13490799a626792a29967bf20e7bbbf23a72c0fd7f7.exe
.exe windows:1 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 39KB - Virtual size: 39KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 1024B - Virtual size: 592B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 3KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 8B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 368KB - Virtual size: 367KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Samples 8/f6aedcfebf23aa3dae3c39862ad14c350479335c30e45f231e2108e4b5395488.exe
.exe windows:5 windows x86 arch:x86

02092086b561197a5785bb7f7e402554

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetSystemDefaultLangID
FindFirstFileW
WriteConsoleInputW
lstrlenA
OpenJobObjectA
ReadConsoleA
GetConsoleAliasA
WaitNamedPipeA
WriteConsoleInputA
AddConsoleAliasW
FlushConsoleInputBuffer
SetTapeParameters
MoveFileWithProgressA
ConvertFiberToThread
ExpandEnvironmentStringsA
GetPrivateProfileStringW
GetWindowsDirectoryA
GetCompressedFileSizeW
GetConsoleAliasExesW
CreateActCtxW
GetEnvironmentStrings
GetPrivateProfileIntA
LoadLibraryW
SetCommConfig
FatalAppExitW
_hread
GetSystemPowerStatus
HeapDestroy
GetFileAttributesA
ReplaceFileW
IsDBCSLeadByte
GetTimeZoneInformation
FindNextVolumeMountPointW
VirtualUnlock
EnumSystemLocalesA
GetConsoleOutputCP
GetConsoleAliasesW
GetStartupInfoA
FindFirstFileA
GetLastError
SetLastError
GetProcAddress
WriteProfileSectionA
RemoveDirectoryA
CopyFileA
GlobalGetAtomNameA
SetFileApisToOEM
LocalAlloc
SetConsoleCtrlHandler
CreateEventW
FoldStringA
GlobalFindAtomW
GetModuleHandleA
SetLocaleInfoW
FindNextFileW
GetStringTypeW
VirtualProtect
GetCurrentDirectoryA
CompareStringA
GetShortPathNameW
OpenSemaphoreW
ReadConsoleInputW
FindFirstVolumeW
GetCurrentProcessId
MoveFileWithProgressW
ReadConsoleOutputCharacterW
EnumSystemLocalesW
DeleteFileA
ExpandEnvironmentStringsW
CreateFileW
WriteConsoleW
InterlockedIncrement
InterlockedDecrement
EncodePointer
DecodePointer
Sleep
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
HeapFree
GetCommandLineW
HeapSetInformation
GetStartupInfoW
RaiseException
RtlUnwind
HeapAlloc
WideCharToMultiByte
LCMapStringW
MultiByteToWideChar
GetCPInfo
IsProcessorFeaturePresent
HeapCreate
HeapSize
GetModuleHandleW
ExitProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
TerminateProcess
GetCurrentProcess
SetFilePointer
WriteFile
GetStdHandle
GetModuleFileNameW
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
InitializeCriticalSectionAndSpinCount
GetFileType
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetCurrentThreadId
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
GetLocaleInfoW
GetACP
GetOEMCP
IsValidCodePage
GetUserDefaultLCID
GetLocaleInfoA
IsValidLocale
HeapReAlloc
SetStdHandle
GetConsoleCP
GetConsoleMode
FlushFileBuffers
CloseHandle

user32

CharUpperA

Sections

.text
Size: 176KB - Virtual size: 176KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 3.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 68KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Samples 8/f92523fa104575e0605f90ce4a75a95204bc8af656c27a04aa26782cb64d938d.exe
.exe windows:5 windows x86 arch:x86

09fb12eeb0c873db1d31b5ee7b6dc9f2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetSystemDefaultLangID
HeapCompact
GetEnvironmentStringsW
SetHandleInformation
WaitForSingleObject
GetConsoleAliasesLengthA
GetSystemTimeAsFileTime
GetConsoleTitleA
CancelDeviceWakeupRequest
EnumResourceTypesA
GlobalAlloc
GetFirmwareEnvironmentVariableA
GetLocaleInfoW
InitializeCriticalSectionAndSpinCount
SizeofResource
GetProcessHandleCount
GetFileAttributesA
SetConsoleCursorPosition
GetFileAttributesW
LCMapStringA
GetConsoleAliasesW
GetLastError
GetProcAddress
VirtualAlloc
CopyFileA
GetAtomNameA
LoadLibraryA
LockResource
WaitForMultipleObjects
GetDefaultCommConfigA
EnumDateFormatsA
FillConsoleOutputAttribute
GlobalAddAtomW
CheckRemoteDebuggerPresent
EnumCalendarInfoExA
LocalFree
LCMapStringW
EncodePointer
DecodePointer
GetCommandLineW
HeapSetInformation
GetStartupInfoW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
TerminateProcess
GetCurrentProcess
HeapAlloc
HeapFree
EnterCriticalSection
LeaveCriticalSection
SetHandleCount
GetStdHandle
GetFileType
DeleteCriticalSection
Sleep
HeapSize
GetModuleHandleW
ExitProcess
IsProcessorFeaturePresent
SetFilePointer
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
CloseHandle
WriteFile
GetModuleFileNameW
FreeEnvironmentStringsW
HeapCreate
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
WideCharToMultiByte
GetConsoleCP
GetConsoleMode
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
RtlUnwind
HeapReAlloc
LoadLibraryW
ReadFile
SetStdHandle
FlushFileBuffers
RaiseException
WriteConsoleW
MultiByteToWideChar
GetStringTypeW
CreateFileW

user32

SetCaretPos

ole32

CoGetMalloc

Sections

.text
Size: 89KB - Virtual size: 89KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 39KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Samples 8/fc490a08797ff3a4ad9b791fcecc88f90e1140759220023e97489a08ff5e0cbf.exe
.exe windows:5 windows x86 arch:x86

6dca3e9fb3928bbdb54dbce669943ec8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleHandleW
GetComputerNameW
GetLocalTime
SystemTimeToFileTime
FileTimeToSystemTime
SizeofResource
LockResource
LoadResource
FindResourceW
FindResourceExW
MultiByteToWideChar
GetProcAddress
LoadLibraryW
GetCurrentProcess
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
GetLastError
CloseHandle
WideCharToMultiByte
MoveFileW
DeleteFileW
CreateDirectoryW
SetFileAttributesW
GetTempPathW
GetTempFileNameW
MoveFileExW
lstrlenW
CreateFileW
GetFileSize
ReadFile
WriteFile
Sleep
GetComputerNameA
GetModuleFileNameW
CreateProcessW
GetSystemTime
FileTimeToLocalFileTime
RaiseException
InitializeCriticalSectionAndSpinCount
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
LocalAlloc
SetEndOfFile
SetStdHandle
WriteConsoleW
FreeLibrary
LoadLibraryA
InterlockedIncrement
InterlockedDecrement
InterlockedExchange
EncodePointer
DecodePointer
GetCommandLineW
HeapSetInformation
GetStartupInfoW
GetCurrentThreadId
RtlUnwind
LCMapStringW
GetCPInfo
SetUnhandledExceptionFilter
ExitProcess
GetStdHandle
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
SetLastError
HeapCreate
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
UnhandledExceptionFilter
IsDebuggerPresent
IsProcessorFeaturePresent
GetConsoleCP
GetConsoleMode
GetACP
GetOEMCP
IsValidCodePage
SetFilePointer
FlushFileBuffers
GetUserDefaultLCID
GetLocaleInfoW
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
GetStringTypeW

ole32

CoCreateInstance
CoInitialize

shlwapi

PathIsRootW
PathFileExistsW
PathAppendW
PathAddExtensionW
PathRemoveExtensionW

Sections

.text
Size: 137KB - Virtual size: 136KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 262KB - Virtual size: 283KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 50KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Samples 8/fd4d1fc83330c5cf818e557ef882ca147ba98fee4128fe00bda07c6c2f79050a.exe
.exe windows:6 windows x64 arch:x64

045715ac29c84a0e47dab339e337bc06

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

shell32

ord165
ShellAboutW
SHGetSpecialFolderPathW

shlwapi

ord225

gdiplus

GdipGetImageGraphicsContext
GdipDeleteGraphics
GdipSetInterpolationMode
GdipSetSmoothingMode
GdipSetPageUnit
GdipDrawLineI
GdipDrawArcI
GdipFillRectangleI
GdipCloneImage
GdipCreateBitmapFromScan0
GdipDeletePen
GdipCreateFromHDC
GdipDrawImageRectI
GdipCreateBitmapFromHBITMAP
GdipCloneBitmapAreaI
GdipCreatePen1
GdipDisposeImage
GdipDeleteBrush
GdipAlloc
GdipFree
GdiplusShutdown
GdiplusStartup
GdipCreateHBITMAPFromBitmap
GdipCreateSolidFill

advapi32

RegEnumKeyExW
RegOpenKeyExW
RegEnumValueW
RegGetValueW
RegDeleteKeyW
RegQueryInfoKeyW
RegQueryValueExW
RegSetValueExW
EventUnregister
EventRegister
RegCloseKey
RegCreateKeyExW
EventWrite

oleaut32

SysStringLen
SysAllocStringByteLen
VariantClear
VariantInit
SysFreeString
SysAllocString

uxtheme

IsThemeActive

ole32

CoUninitialize
CoInitialize
CoCreateInstance

comctl32

ImageList_Destroy
ImageList_Create
ImageList_Add
ord413
ord410
ord380
ord392

ntdll

WinSqmAddToStreamEx
WinSqmAddToStream

kernel32

SetUnhandledExceptionFilter
UnhandledExceptionFilter
OutputDebugStringA
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetStartupInfoW
GetCurrentProcess
TerminateProcess
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
GetTickCount
lstrlenA
GetModuleHandleW
SizeofResource
LockResource
LoadResource
GetModuleFileNameW
GetSystemTime
WaitForSingleObject
CreateEventW
CreateThread
ResetEvent
SetEvent
CloseHandle
GlobalSize
GlobalLock
GlobalUnlock
GlobalAlloc
lstrcmpW
MulDiv
GlobalFindAtomW
FindResourceW
GetLastError
MultiByteToWideChar
GetLocalTime
GetDateFormatW
GetLocaleInfoW
WritePrivateProfileStringW
GetPrivateProfileStringW
lstrcmpiW
LoadLibraryW
GetProcAddress
GetLocaleInfoEx
FreeLibrary
LocalFree
LocalAlloc
LocalReAlloc
GetProfileStringW
lstrlenW
CompareStringW
RegisterApplicationRecoveryCallback
ApplicationRecoveryInProgress
Sleep
ApplicationRecoveryFinished
RegisterApplicationRestart
GetTempFileNameW
SystemTimeToFileTime
CompareFileTime
GetFileAttributesW
FileTimeToSystemTime
CreateFileW
DeleteFileW
LeaveCriticalSection
DeleteCriticalSection
SetLastError
GetModuleHandleExW
EnterCriticalSection
InitializeCriticalSection
RaiseException
GetProcessHeap
HeapSize
HeapFree
DelayLoadFailureHook
ResolveDelayLoadedAPI
HeapReAlloc
HeapAlloc
WideCharToMultiByte
FindResourceExW
HeapDestroy

user32

OpenClipboard
GetClipboardData
InvalidateRect
CloseClipboard
EmptyClipboard
SetClipboardData
PostQuitMessage
DefWindowProcW
LoadAcceleratorsW
InsertMenuItemW
RegisterClassExW
SetWindowPlacement
SetForegroundWindow
GetMessageW
TranslateAcceleratorW
GetMessageExtraInfo
TranslateMessage
DispatchMessageW
GetKeyState
IsDialogMessageW
GetClassNameW
GetDC
ReleaseDC
GetSystemMetrics
GetWindowLongW
EnumChildWindows
DrawTextW
SetPropW
SystemParametersInfoW
CheckRadioButton
UpdateWindow
SendDlgItemMessageW
IsDlgButtonChecked
MoveWindow
SetDlgItemInt
GetDlgItemInt
FillRect
GetNextDlgTabItem
MonitorFromWindow
GetMonitorInfoW
OffsetRect
EqualRect
MonitorFromRect
GetClassWord
EnumDesktopWindows
EnumDisplayMonitors
IntersectRect
CopyRect
CreateDialogParamW
GetFocus
CreatePopupMenu
TrackPopupMenu
IsClipboardFormatAvailable
CharNextA
IsWindowEnabled
PostMessageW
GetWindowTextW
GetWindowTextLengthW
EnableWindow
GetWindowLongPtrW
SetWindowLongPtrW
SetWindowLongW
SetClassLongW
SetWindowTextW
GetWindowPlacement
CheckMenuItem
GetSysColor
SetClassLongPtrW
GetClassLongPtrW
DrawMenuBar
SetMenuItemInfoW
AppendMenuW
LoadStringW
GetSubMenu
RemoveMenu
CheckMenuRadioItem
SetFocus
MapWindowPoints
EnableMenuItem
GetMenu
GetClientRect
ShowWindow
CreateWindowExW
DestroyWindow
DialogBoxParamW
EndDialog
SetWindowPos
GetDlgItem
GetWindowRect
SendMessageW
MessageBeep
LoadCursorW
SetCursor
LoadImageW
UnregisterClassA
GetProcessDefaultLayout
GetMenuState
GetParent

rpcrt4

RpcStringFreeW
UuidToStringW
UuidCreate

winmm

timeGetTime

gdi32

CreateDIBSection
GetStockObject
SetBkColor
SetBkMode
CreatePatternBrush
DeleteObject
DeleteDC
EqualRgn
CombineRgn
SetRectRgn
CreateRectRgnIndirect
CreateRectRgn
CreateCompatibleBitmap
GetRgnBox
LineTo
MoveToEx
ExtCreatePen
GetObjectW
GetTextExtentPoint32W
GetTextMetricsW
CreateSolidBrush
SetTextColor
GetDeviceCaps
CreateCompatibleDC
CreateFontIndirectW
SelectObject
GetTextExtentPointW

msvcrt

difftime
memmove
memset
__C_specific_handler
??0exception@@QEAA@AEBQEBDH@Z
_callnewh
_CxxThrowException
__CxxFrameHandler3
setlocale
__pctype_func
___lc_handle_func
___lc_codepage_func
memcpy
___mb_cur_max_func
_errno
__mb_cur_max
__crtGetStringTypeW
__crtLCMapStringW
__uncaught_exception
isspace
tolower
abort
isalnum
_XcptFilter
_amsg_exit
__getmainargs
__set_app_type
time
_cexit
_ismbblead
__setusermatherr
_initterm
_acmdln
_fmode
_commode
??1type_info@@UEAA@XZ
_lock
_unlock
__dllonexit
_onexit
?terminate@@YAXXZ
mbstowcs_s
exit
isdigit
isxdigit
toupper
_purecall
malloc
??0exception@@QEAA@XZ
memmove_s
??0exception@@QEAA@AEBQEBD@Z
??1exception@@UEAA@XZ
?what@exception@@UEBAPEBDXZ
memcpy_s
??0exception@@QEAA@AEBV0@@Z
free
isalpha
wcstoul
strcspn
memchr
_wcsrev
strchr
_strtoui64
_strtoi64
sprintf_s
_wtoi64
_i64tow_s
_wcsdup
localeconv
iswalpha
iswdigit
_wcslwr_s
_wcsnicmp
wcsncmp
_itow_s
calloc
wcschr
_wcsicmp
_itoa
_wtoi
_vsnwprintf
wcscat_s
wcscpy_s
_exit
wcstol
wcscmp

Sections

.text
Size: 473KB - Virtual size: 472KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 372KB - Virtual size: 372KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Samples 8/fe622c4801737dede008dfecf2bcf48316f0adebbc080d27a2664ee8b606415c.exe
.exe windows:5 windows x86 arch:x86

8d9ee1d37ce0771b137ef02c8f52b4c6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ExitProcess
CreateTimerQueue
InterlockedIncrement
GetProcessPriorityBoost
GetModuleHandleW
GetTickCount
GenerateConsoleCtrlEvent
IsBadReadPtr
GetConsoleAliasesLengthA
CreateActCtxW
GlobalAlloc
SetFileShortNameW
GetSystemTimeAdjustment
GetVersionExW
GetModuleFileNameW
GetEnvironmentVariableA
CompareStringW
lstrlenW
GetStartupInfoW
FindFirstFileExA
SetLastError
GetProcAddress
GetLongPathNameA
CopyFileA
CreateMemoryResourceNotification
SearchPathA
_hwrite
OpenWaitableTimerA
OpenMutexA
RegisterWaitForSingleObject
OpenWaitableTimerW
MoveFileA
SetConsoleOutputCP
SetCurrentDirectoryW
WriteProfileSectionW
AddAtomA
GetModuleFileNameA
WTSGetActiveConsoleSessionId
GetModuleHandleA
GetProcessShutdownParameters
FreeEnvironmentStringsW
GetCurrentDirectoryA
CompareStringA
GetFileTime
OutputDebugStringA
GetVersionExA
GetWindowsDirectoryW
DeleteTimerQueueTimer
AddConsoleAliasA
DeleteFileA
CloseHandle
CreateFileW
SetStdHandle
RaiseException
GetCommandLineW
HeapSetInformation
DecodePointer
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
EncodePointer
InterlockedDecrement
GetACP
GetOEMCP
GetCPInfo
IsValidCodePage
TlsAlloc
TlsGetValue
TlsSetValue
GetCurrentThreadId
TlsFree
GetLastError
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
InitializeCriticalSectionAndSpinCount
GetFileType
DeleteCriticalSection
HeapValidate
HeapCreate
WriteFile
GetStringTypeW
MultiByteToWideChar
EnterCriticalSection
LeaveCriticalSection
WriteConsoleW
OutputDebugStringW
LoadLibraryW
RtlUnwind
WideCharToMultiByte
LCMapStringW
HeapAlloc
HeapReAlloc
HeapSize
HeapQueryInformation
HeapFree
IsProcessorFeaturePresent
SetFilePointer
GetConsoleCP
GetConsoleMode
FlushFileBuffers

user32

GetComboBoxInfo

winhttp

WinHttpQueryOption

Sections

.text
Size: 312KB - Virtual size: 311KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 18.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 193B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 59KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Extracted

Extracted

Extracted

Signatures

Files

Password: infected

c05041e01f84e1ccca9c4451f3b6a383

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

shell32

ole32

comctl32

user32

gdi32

kernel32

Sections

.text Size: 25KB - Virtual size: 25KB

.rdata Size: 5KB - Virtual size: 4KB

.data Size: 1KB - Virtual size: 128KB

.ndata Size: - Virtual size: 64KB

.rsrc Size: 3KB - Virtual size: 2KB

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 347KB - Virtual size: 346KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 12B

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 758KB - Virtual size: 757KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 12B

32569d67dc210c5cb9a759b08da2bdb3

Headers

DLL Characteristics

File Characteristics

Imports

oleaut32

user32

shell32

msvcrt

kernel32

Sections

.text Size: 102KB - Virtual size: 101KB

.rdata Size: 15KB - Virtual size: 14KB

.data Size: 512B - Virtual size: 8KB

.sxdata Size: 512B - Virtual size: 4B

.rsrc Size: 3KB - Virtual size: 2KB

e74959acf8d102fe14144468dae6b4a4

Code Sign

15:e9:00:a7:2f:6c:c0:b3:4c:70:63:d6:83:9d:41:98Certificate

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4Certificate

Extended Key Usages

Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

01:75:2e:f6:29:04:e5:31:d7:fc:14:18:9c:ec:f0:48:2b:cf:18:32:6a:08:52:d0:e6:64:f1:f3:bb:c9:dd:08Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

.text
Size: 25KB - Virtual size: 25KB

.rdata
Size: 5KB - Virtual size: 4KB

.data
Size: 1KB - Virtual size: 128KB

.ndata
Size: - Virtual size: 64KB

.rsrc
Size: 3KB - Virtual size: 2KB

.text
Size: 347KB - Virtual size: 346KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 758KB - Virtual size: 757KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 102KB - Virtual size: 101KB

.rdata
Size: 15KB - Virtual size: 14KB

.data
Size: 512B - Virtual size: 8KB

.sxdata
Size: 512B - Virtual size: 4B

.rsrc
Size: 3KB - Virtual size: 2KB

15:e9:00:a7:2f:6c:c0:b3:4c:70:63:d6:83:9d:41:98
Certificate

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

01:75:2e:f6:29:04:e5:31:d7:fc:14:18:9c:ec:f0:48:2b:cf:18:32:6a:08:52:d0:e6:64:f1:f3:bb:c9:dd:08
Signer

.text
Size: - Virtual size: 409KB

.rdata
Size: - Virtual size: 47KB

.data
Size: - Virtual size: 8KB

.vmp0
Size: - Virtual size: 3.0MB

.vmp1
Size: 1KB - Virtual size: 1KB

.vmp2
Size: 4.7MB - Virtual size: 4.7MB

.reloc
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 127KB - Virtual size: 126KB

.text
Size: 167KB - Virtual size: 166KB

.data
Size: 8KB - Virtual size: 716KB

.rsrc
Size: 68KB - Virtual size: 1.3MB

.reloc
Size: 9KB - Virtual size: 8KB

.text
Size: 768KB - Virtual size: 767KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B

.rsrc
Size: 11KB - Virtual size: 12KB

.reloc
Size: - Virtual size: 4KB

petite
Size: 334B - Virtual size: 334B

85:b5:48:2e:e2:f9:7b:76:d6:43:44:3d:c0:a9:f7:90
Certificate

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

83:76:d1:4c:b5:9b:b0:84:ad:cf:7c:f5:0a:8c:31:37:2c:d6:9c:24:5d:12:64:a3:9b:7e:dd:4b:15:89:1f:9e
Signer

.text
Size: 286KB - Virtual size: 285KB

.rsrc
Size: 6KB - Virtual size: 5KB

.reloc
Size: 512B - Virtual size: 12B