14161281168[.]zip

Resubmissions

14/03/2024, 16:29

240314-tzhgqsba48 3

12/01/2024, 14:32

240112-rwbhxahfgj 7

Sharing

Copy URL Twitter E-mail

General

Target

14161281168.zip
Size

71.7MB
MD5

012662883999489e19e90f6c901ff2a9
SHA1

806dded54b58ae09e4cd0f0edf9222155369e96c
SHA256

3ecf05857d65f7bc58b547d023bde7cc521a82712b947c04ddf9d7d1645c0ce0
SHA512

e62a1b9af7da468187600d871834bde2869e25e7bc1851d5698a298708d6dc6562ea3f455e95f4246425cde7a7cfb3962b122b81aa6f663095bba7fc01cd7ea4
SSDEEP

1572864:bWSLP3bsybA9RWrU+8/icPLJE1FJahZ0aBBMjFx90Iwd4x5:bjb7A94U+1cPSk0+cFP0M5

Score

3^/10

pyinstaller

Malware Config

Signatures

Detects Pyinstaller 1 IoCs

pyinstaller

resource	yara_rule
static1/unpack001/9b6be74c2c144f8bcb92c8350855d35c14bb7f2b727551c3dd5c8054c4136e3f	pyinstaller

Unsigned PE 11 IoCs

Checks for missing Authenticode signature.

resource
unpack001/0e484560a909fc06b9987db73346efa0ca6750d523f2334913c23e061695f5cc
unpack001/15d874e24caf162bc58597ac5f22716694b5d43cf433bee6a78a0314280f2c80
unpack001/4844f44c9de364377f574e4d6a8a77dc0b4d6a67f21ccbf693ac366e52eaa8cb
unpack001/4c09a012efff318b01a72199051815c5a7b920634fb6c76082673681f54f2ec3
unpack001/65d3a922754af96d8d722859ac31f3de96522d50659c67607021f2ac728f9630
unpack001/663ac2d887df18e6da97dd358ebd2bca55404fd4a1c8c1c51215834fc6d11b33
unpack001/7d37eddf0b101ff2b633b2ffe33580bdb993a97fecc06874d7b5b07119b9ec99
unpack001/7e14d88f60fe80f8fa27076566fd77e51c7d04674973a564202b4a7cbfaf2778
unpack001/9b6be74c2c144f8bcb92c8350855d35c14bb7f2b727551c3dd5c8054c4136e3f
unpack001/abac31b5527803a89c941cf24280a9653cdee898a7a338424bd3e9b15d792972
unpack001/ee227cd0ef308287bc536a3955fd81388a16a0228ac42140e9cf308ae6343a3f

Files

14161281168.zip
.zip

Password: infected
0e484560a909fc06b9987db73346efa0ca6750d523f2334913c23e061695f5cc
.exe windows:6 windows x64 arch:x64

Password: infected

92f408e283821e9865fe3074af091a34

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

shell32

SHFileOperationW
SHGetFolderPathW

kernel32

DeleteCriticalSection
WriteConsoleW
CreateDirectoryW
SetConsoleCtrlHandler
GetCommandLineW
WriteFile
TerminateProcess
GetModuleFileNameW
GetTempPathW
FindResourceA
WaitForSingleObject
CreateFileW
GetFileAttributesW
Sleep
GetLastError
LockResource
CloseHandle
LoadResource
GetProcAddress
SetEnvironmentVariableA
GetCurrentProcessId
CreateProcessW
WideCharToMultiByte
GetSystemTimeAsFileTime
FormatMessageA
GetExitCodeProcess
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentThreadId
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
HeapReAlloc
RtlUnwindEx
SetLastError
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
EncodePointer
RaiseException
RtlPcToFileHeader
ExitProcess
GetModuleHandleExW
GetCommandLineA
GetStdHandle
HeapAlloc
MultiByteToWideChar
HeapFree
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
LCMapStringW
GetFileType
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetStdHandle
GetStringTypeW
GetProcessHeap
FlushFileBuffers
GetConsoleOutputCP
GetConsoleMode
GetFileSizeEx
SetFilePointerEx
HeapSize

Sections

.text
Size: 122KB - Virtual size: 121KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 8.3MB - Virtual size: 8.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
15d874e24caf162bc58597ac5f22716694b5d43cf433bee6a78a0314280f2c80
.exe windows:6 windows x64 arch:x64

Password: infected

92f408e283821e9865fe3074af091a34

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

shell32

SHFileOperationW
SHGetFolderPathW

kernel32

DeleteCriticalSection
WriteConsoleW
CreateDirectoryW
SetConsoleCtrlHandler
GetCommandLineW
WriteFile
TerminateProcess
GetModuleFileNameW
GetTempPathW
FindResourceA
WaitForSingleObject
CreateFileW
GetFileAttributesW
Sleep
GetLastError
LockResource
CloseHandle
LoadResource
GetProcAddress
SetEnvironmentVariableA
GetCurrentProcessId
CreateProcessW
WideCharToMultiByte
GetSystemTimeAsFileTime
FormatMessageA
GetExitCodeProcess
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentThreadId
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
HeapReAlloc
RtlUnwindEx
SetLastError
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
EncodePointer
RaiseException
RtlPcToFileHeader
ExitProcess
GetModuleHandleExW
GetCommandLineA
GetStdHandle
HeapAlloc
MultiByteToWideChar
HeapFree
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
LCMapStringW
GetFileType
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetStdHandle
GetStringTypeW
GetProcessHeap
FlushFileBuffers
GetConsoleOutputCP
GetConsoleMode
GetFileSizeEx
SetFilePointerEx
HeapSize

Sections

.text
Size: 122KB - Virtual size: 121KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4.0MB - Virtual size: 4.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
4844f44c9de364377f574e4d6a8a77dc0b4d6a67f21ccbf693ac366e52eaa8cb
.exe windows:6 windows x64 arch:x64

Password: infected

92f408e283821e9865fe3074af091a34

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

shell32

SHFileOperationW
SHGetFolderPathW

kernel32

DeleteCriticalSection
WriteConsoleW
CreateDirectoryW
SetConsoleCtrlHandler
GetCommandLineW
WriteFile
TerminateProcess
GetModuleFileNameW
GetTempPathW
FindResourceA
WaitForSingleObject
CreateFileW
GetFileAttributesW
Sleep
GetLastError
LockResource
CloseHandle
LoadResource
GetProcAddress
SetEnvironmentVariableA
GetCurrentProcessId
CreateProcessW
WideCharToMultiByte
GetSystemTimeAsFileTime
FormatMessageA
GetExitCodeProcess
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentThreadId
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
HeapReAlloc
RtlUnwindEx
SetLastError
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
EncodePointer
RaiseException
RtlPcToFileHeader
ExitProcess
GetModuleHandleExW
GetCommandLineA
GetStdHandle
HeapAlloc
MultiByteToWideChar
HeapFree
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
LCMapStringW
GetFileType
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetStdHandle
GetStringTypeW
GetProcessHeap
FlushFileBuffers
GetConsoleOutputCP
GetConsoleMode
GetFileSizeEx
SetFilePointerEx
HeapSize

Sections

.text
Size: 122KB - Virtual size: 121KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 8.3MB - Virtual size: 8.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
4c09a012efff318b01a72199051815c5a7b920634fb6c76082673681f54f2ec3
.exe windows:6 windows x64 arch:x64

Password: infected

f78125c8b3323a8eb61ffd0aae2eef81

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

python310

Py_InspectFlag
Py_OptimizeFlag
Py_NoSiteFlag
Py_BytesWarningFlag
Py_FrozenFlag
Py_IgnoreEnvironmentFlag
Py_DontWriteBytecodeFlag
Py_NoUserSiteDirectory
Py_UTF8Mode
PyImport_FrozenModules
_Py_path_config
PyMem_Malloc
PyMem_Calloc
PyMem_Realloc
PyType_Ready
PyObject_Str
PyObject_RichCompare
PyObject_RichCompareBool
PyObject_SetAttrString
PyObject_GetAttr
PyObject_SelfIter
PyObject_GenericSetAttr
PyObject_IsTrue
PyCallable_Check
PyObject_ClearWeakRefs
PyObject_Malloc
PyObject_Realloc
PyObject_Free
PyObject_InitVar
_PyObject_New
_PyObject_GC_Resize
PyObject_GC_Del
PyByteArray_FromObject
PyByteArray_FromStringAndSize
PyUnicode_FromStringAndSize
PyUnicode_FromFormat
PyUnicode_InternInPlace
PyUnicode_FromWideChar
PyUnicode_DecodeUTF8
PyUnicode_Concat
PyUnicode_FindChar
PyUnicode_Format
PyUnicode_New
_PyUnicode_Ready
PyUnicode_AsUnicode
PyLong_AsLongAndOverflow
PyLong_FromLongLong
PyLong_FromUnsignedLongLong
PyLong_FromString
PyLong_FromUnicodeObject
_PyLong_New
_PyLong_Copy
PyFloat_FromString
PyFloat_FromDouble
PyComplex_FromDoubles
PyTuple_New
PyTuple_Pack
PyList_New
PyList_SetItem
PyList_Sort
PyDict_New
PyDict_GetItem
PyDict_MergeFromSeq2
PyDict_GetItemString
PyDict_SetItemString
_PySet_NextEntry
PySet_Add
PyCMethod_New
PyModule_NewObject
PyModule_GetName
PyModule_GetFilenameObject
PyModule_GetDef
PyCode_NewWithPosOnlyArgs
PyObject_Call
PyObject_CallObject
PyObject_CallFunctionObjArgs
Py_VerboseFlag
PyObject_GetIter
PyIter_Next
PyIter_Send
PyNumber_Add
PyNumber_Subtract
PyNumber_FloorDivide
PyNumber_Float
PyNumber_InPlaceAdd
PyNumber_InPlaceMultiply
PyNumber_InPlaceLshift
PyNumber_InPlaceOr
PyNumber_ToBase
PySequence_List
PyMapping_Size
_PyObject_HasLen
PyObject_LengthHint
_PyGen_SetStopIterationValue
_PyGen_FetchStopIterationValue
PyDescr_IsData
PyErr_WarnEx
PyErr_ExceptionMatches
PyException_SetCause
PyErr_BadArgument
PyErr_NoMemory
PyOS_snprintf
_PyErr_FormatFromCause
PyArg_ParseTuple
PyArg_ParseTupleAndKeywords
PyArg_UnpackTuple
_PyArg_NoKeywords
PyModule_ExecDef
PyModule_FromDefAndSpec2
PyErr_Print
Py_CompileStringExFlags
PyEval_GetFuncName
PyEval_EvalFrameEx
PyEval_RestoreThread
PySys_WriteStderr
PyImport_ExecCodeModule
PyImport_ExecCodeModuleEx
PyImport_GetModuleDict
PyImport_ImportModule
PyImport_ImportFrozenModule
_PyImport_FixupExtensionObject
PyEval_EvalCodeEx
PyFrame_New
PyMarshal_ReadObjectFromString
_PyErr_NormalizeException
PyByteArray_Type
_PyByteArray_empty_string
PyBool_Type
PyFloat_Type
PyComplex_Type
PyRange_Type
PyDictKeys_Type
PyDictItems_Type
PySet_Type
PyFrozenSet_Type
PyModuleDef_Type
PyMethod_Type
PyCode_Type
PyTraceBack_Type
_Py_EllipsisObject
PySlice_Type
PyEllipsis_Type
PyGen_Type
PyCoro_Type
PyAsyncGen_Type
_PyAsyncGenWrappedValue_Type
Py_GenericAliasType
PyExc_StopAsyncIteration
PyExc_NameError
PyExc_UnboundLocalError
PyExc_ImportWarning
_Py_PackageContext
PyFrame_Type
Py_InteractiveFlag
Py_DebugFlag
_PyConfig_InitCompatConfig
_PyRuntime_Initialize
PySys_SetArgv
Py_ExitStatusException
Py_InitializeFromConfig
Py_SetProgramName
PyErr_SetInterrupt
_PyWarnings_Init
PyConfig_SetArgv
PyConfig_SetString
PyWideStringList_Append
PyStatus_Exception
PyDict_DelItemString
PyLong_AsLong
PyUnicode_AsUTF8
PyExc_OverflowError
PyProperty_Type
PyExc_WindowsError
PyBytes_Type
_Py_NotImplementedStruct
PyLong_FromVoidPtr
PyExc_EnvironmentError
PyExc_UnicodeEncodeError
PyNumber_Negative
PyMap_Type
PyExc_IOError
PyObject_Dir
PyExc_NotImplementedError
PyZip_Type
PyExc_RuntimeError
PyNumber_Long
PyObject_Repr
PyExc_GeneratorExit
PyLong_Type
PySuper_Type
PyObject_GetItem
PyExc_ZeroDivisionError
PyExc_ValueError
PyExc_KeyError
PyExc_ImportError
PyExc_OSError
PyExc_AssertionError
PyExc_BaseException
PyModule_Type
PyReversed_Type
PyEnum_Type
PyObject_DelItem
PyObject_SetItem
PyModule_GetDict
PyFrozenSet_New
PySet_New
_PyDict_NewPresized
PyDict_Merge
PyDict_DelItem
PyUnicode_Find
PyUnicode_GetLength
PyUnicode_Substring
PyObject_SetAttr
PyObject_GetAttrString
PyType_IsSubtype
_PyRuntime
PyExc_IndexError
PyExc_StopIteration
PyExc_Exception
PySeqIter_Type
PyDict_Type
PyList_Type
PyTuple_Type
PyUnicode_Type
PyEval_AcquireThread
PyEval_SaveThread
Py_MakePendingCalls
Py_Exit
PyErr_PrintEx
PyErr_WriteUnraisable
PyException_SetContext
PyException_GetContext
Py_GenericAlias
PyObject_IsSubclass
PySequence_Contains
PySequence_Tuple
PySequence_Check
PyNumber_AsSsize_t
PyDict_SetItem
PyLong_FromSsize_t
PyUnicode_Join
_PyObject_GC_Malloc
_PyObject_FunctionStr
PyExc_TypeError
PyExc_SystemError
PyExc_AttributeError
PyFunction_Type
PyCFunction_Type
_Py_NoneStruct
PyBaseObject_Type
PyType_Type
PyErr_Format
PyObject_IsInstance
_PyType_Lookup
_Py_TrueStruct
_Py_FalseStruct
PySys_SetObject
PySys_GetObject
PyStructSequence_New
PyStructSequence_InitType
PyCapsule_New
PyLong_FromLong
PyUnicode_FromString
PyObject_CallMethodObjArgs

kernel32

WriteConsoleW
HeapReAlloc
HeapSize
SetFilePointerEx
GetFileSizeEx
GetConsoleMode
GetConsoleOutputCP
FlushFileBuffers
GetProcessHeap
GetStringTypeW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
FindClose
MultiByteToWideChar
GetFileType
LCMapStringW
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
HeapFree
HeapAlloc
GetStdHandle
GetCommandLineW
GetCommandLineA
GetModuleHandleExW
RtlPcToFileHeader
RaiseException
EncodePointer
FreeLibrary
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
SetLastError
RtlUnwindEx
GetEnvironmentVariableA
GetModuleHandleW
GetStartupInfoW
IsDebuggerPresent
InitializeSListHead
GetCurrentThreadId
QueryPerformanceCounter
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
WideCharToMultiByte
FindResourceA
FormatMessageA
LockResource
LoadResource
LoadLibraryExW
GetProcAddress
GetModuleHandleA
GetModuleFileNameW
GetSystemTimeAsFileTime
GetCurrentProcessId
SetErrorMode
WriteFile
GetShortPathNameW
CreateFileW
SetDllDirectoryW
OpenProcess
CreateThread
ExitProcess
Sleep
WaitForSingleObject
GetLastError
CloseHandle
SetEnvironmentVariableW
GetEnvironmentVariableW
SetStdHandle

Sections

.text
Size: 2.0MB - Virtual size: 2.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 115KB - Virtual size: 115KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 27KB - Virtual size: 85KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 31KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 3.7MB - Virtual size: 3.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
65d3a922754af96d8d722859ac31f3de96522d50659c67607021f2ac728f9630
.exe windows:6 windows x64 arch:x64

Password: infected

92f408e283821e9865fe3074af091a34

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

shell32

SHFileOperationW
SHGetFolderPathW

kernel32

DeleteCriticalSection
WriteConsoleW
CreateDirectoryW
SetConsoleCtrlHandler
GetCommandLineW
WriteFile
TerminateProcess
GetModuleFileNameW
GetTempPathW
FindResourceA
WaitForSingleObject
CreateFileW
GetFileAttributesW
Sleep
GetLastError
LockResource
CloseHandle
LoadResource
GetProcAddress
SetEnvironmentVariableA
GetCurrentProcessId
CreateProcessW
WideCharToMultiByte
GetSystemTimeAsFileTime
FormatMessageA
GetExitCodeProcess
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentThreadId
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
HeapReAlloc
RtlUnwindEx
SetLastError
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
EncodePointer
RaiseException
RtlPcToFileHeader
ExitProcess
GetModuleHandleExW
GetCommandLineA
GetStdHandle
HeapAlloc
MultiByteToWideChar
HeapFree
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
LCMapStringW
GetFileType
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetStdHandle
GetStringTypeW
GetProcessHeap
FlushFileBuffers
GetConsoleOutputCP
GetConsoleMode
GetFileSizeEx
SetFilePointerEx
HeapSize

Sections

.text
Size: 122KB - Virtual size: 121KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 8.3MB - Virtual size: 8.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
663ac2d887df18e6da97dd358ebd2bca55404fd4a1c8c1c51215834fc6d11b33
.exe windows:6 windows x64 arch:x64

Password: infected

c3c087b99e33db995ca1aa1fe95ea559

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

python310

Py_SetProgramName
Py_InitializeFromConfig
Py_ExitStatusException
PySys_SetArgv
_PyRuntime_Initialize
_PyConfig_InitCompatConfig
Py_DebugFlag
Py_VerboseFlag
Py_InteractiveFlag
Py_InspectFlag
Py_OptimizeFlag
Py_NoSiteFlag
Py_BytesWarningFlag
Py_FrozenFlag
Py_IgnoreEnvironmentFlag
Py_DontWriteBytecodeFlag
Py_NoUserSiteDirectory
Py_UTF8Mode
PyImport_FrozenModules
_Py_path_config
PyMem_Malloc
PyMem_Calloc
PyMem_Realloc
PyType_Ready
PyObject_Str
PyObject_RichCompare
PyObject_RichCompareBool
PyObject_SetAttrString
PyObject_GetAttr
PyObject_SetAttr
PyObject_SelfIter
PyObject_GenericSetAttr
PyObject_IsTrue
PyCallable_Check
PyObject_ClearWeakRefs
PyObject_Malloc
PyObject_Realloc
PyObject_Free
PyObject_InitVar
_PyObject_New
_PyObject_GC_Resize
PyObject_GC_Del
PyByteArray_FromStringAndSize
PyUnicode_FromStringAndSize
PyUnicode_FromEncodedObject
PyUnicode_FromFormat
PyUnicode_InternInPlace
PyUnicode_FromWideChar
PyUnicode_FromOrdinal
PyUnicode_DecodeUTF8
PyUnicode_Concat
PyUnicode_FindChar
PyUnicode_Format
PyUnicode_New
_PyUnicode_Ready
PyUnicode_AsUnicode
PyLong_AsLongAndOverflow
PyLong_FromLongLong
PyLong_FromUnsignedLongLong
PyLong_FromString
PyLong_FromUnicodeObject
_PyLong_New
_PyLong_Copy
PyFloat_FromString
PyFloat_FromDouble
PyComplex_FromDoubles
PyTuple_New
PyTuple_Pack
PyList_New
PyList_SetItem
PyList_Sort
PyDict_New
PyDict_GetItem
PyDict_GetItemString
PyDict_SetItemString
_PySet_NextEntry
PyCMethod_New
PyModule_NewObject
PyModule_GetName
PyModule_GetFilenameObject
_PyWarnings_Init
PyCode_NewWithPosOnlyArgs
PyObject_Call
PyObject_CallObject
PyObject_CallFunctionObjArgs
PyObject_CallMethodObjArgs
PyObject_GetIter
PyIter_Next
PyIter_Send
PyNumber_Add
PyNumber_Subtract
PyNumber_FloorDivide
PyNumber_Float
PyNumber_InPlaceAdd
PyNumber_InPlaceMultiply
PyNumber_InPlaceLshift
PyNumber_InPlaceOr
PyNumber_ToBase
PySequence_List
PyMapping_Size
_PyObject_HasLen
PyObject_LengthHint
_PyGen_SetStopIterationValue
_PyGen_FetchStopIterationValue
PyDescr_IsData
PyErr_WarnEx
PyErr_ExceptionMatches
PyException_SetCause
PyErr_BadArgument
PyErr_NoMemory
PyOS_snprintf
_PyErr_FormatFromCause
PyArg_ParseTuple
PyArg_ParseTupleAndKeywords
PyArg_UnpackTuple
_PyArg_NoKeywords
PyModule_ExecDef
PyModule_FromDefAndSpec2
PyErr_Print
Py_CompileStringExFlags
PyEval_GetFuncName
PyEval_EvalFrameEx
PyEval_RestoreThread
PySys_WriteStderr
PyImport_ExecCodeModule
PyImport_ExecCodeModuleEx
PyImport_GetModuleDict
PyImport_ImportModule
PyImport_ImportFrozenModule
_PyImport_FixupExtensionObject
PyEval_EvalCodeEx
PyFrame_New
PyMarshal_ReadObjectFromString
_PyErr_NormalizeException
_PyByteArray_empty_string
PyComplex_Type
PyDictKeys_Type
PyDictItems_Type
PySet_Type
PyModuleDef_Type
PyMethod_Type
PyCode_Type
PyTraceBack_Type
_Py_EllipsisObject
PySlice_Type
PyEllipsis_Type
PyGen_Type
PyCoro_Type
PyAsyncGen_Type
_PyAsyncGenWrappedValue_Type
Py_GenericAliasType
PyExc_StopAsyncIteration
PyExc_NameError
PyExc_UnboundLocalError
PyExc_ZeroDivisionError
PyExc_ImportWarning
_Py_PackageContext
PyFrame_Type
PyErr_SetInterrupt
PyConfig_SetArgv
PyConfig_SetString
PyWideStringList_Append
PyStatus_Exception
PyDict_DelItemString
PyLong_AsLong
PyUnicode_AsUTF8
PyExc_MemoryError
PyExc_ModuleNotFoundError
PyDict_MergeFromSeq2
PyDict_Merge
PyExc_OSError
PyExc_UnicodeError
PyEnum_Type
PyObject_DelItem
PyExc_UnicodeEncodeError
PyFrozenSet_Type
PyMap_Type
PyExc_NotImplementedError
PyMemoryView_Type
PyByteArray_FromObject
PyObject_Repr
PyFrozenSet_New
PyExc_OverflowError
PyDict_DelItem
PyExc_RuntimeError
PyObject_Dir
_Py_NotImplementedStruct
PyObject_GetItem
PyReversed_Type
PyExc_AssertionError
PyNumber_Negative
PyObject_SetItem
PyRange_Type
PyExc_KeyError
PyProperty_Type
PySet_Add
PyByteArray_Type
PyFilter_Type
PyZip_Type
PyExc_IOError
PyExc_UnicodeDecodeError
PyExc_LookupError
PyFloat_Type
PyBool_Type
PyLong_Type
PyBytes_Type
Py_Exit
PyNumber_Long
PySet_New
PyUnicode_Find
PyUnicode_GetLength
PyUnicode_Substring
PyErr_PrintEx
PyModule_GetDict
PyObject_GetAttrString
_PyRuntime
PyExc_ValueError
PyExc_IndexError
PyExc_ImportError
PyExc_GeneratorExit
PyExc_StopIteration
PyExc_Exception
PyExc_BaseException
PySeqIter_Type
PyModule_Type
PyDict_Type
PyList_Type
PyTuple_Type
PyUnicode_Type
PyEval_AcquireThread
PyEval_SaveThread
Py_MakePendingCalls
PyErr_WriteUnraisable
PyException_SetContext
PyException_GetContext
Py_GenericAlias
PyObject_IsSubclass
PySequence_Contains
PySequence_Tuple
PySequence_Check
PyNumber_AsSsize_t
_PyDict_NewPresized
PyDict_SetItem
PyLong_FromSsize_t
PyUnicode_Join
_PyObject_GC_Malloc
_PyObject_FunctionStr
PyType_IsSubtype
PyExc_TypeError
PyExc_SystemError
PyExc_AttributeError
PyFunction_Type
PyCFunction_Type
_Py_NoneStruct
PyBaseObject_Type
PyType_Type
PyErr_Format
PyObject_IsInstance
_PyType_Lookup
_Py_TrueStruct
_Py_FalseStruct
PySys_SetObject
PySys_GetObject
PyStructSequence_New
PyStructSequence_InitType
PyCapsule_New
PyLong_FromLong
PyUnicode_FromString
PyModule_GetDef

kernel32

WriteConsoleW
HeapReAlloc
HeapSize
SetFilePointerEx
GetFileSizeEx
GetConsoleMode
GetConsoleOutputCP
FlushFileBuffers
GetProcessHeap
GetStringTypeW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
FindClose
MultiByteToWideChar
GetFileType
LCMapStringW
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
HeapFree
HeapAlloc
GetStdHandle
GetCommandLineW
GetCommandLineA
GetModuleHandleExW
RtlPcToFileHeader
RaiseException
EncodePointer
FreeLibrary
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
SetLastError
RtlUnwindEx
GetEnvironmentVariableA
GetModuleHandleW
GetStartupInfoW
IsDebuggerPresent
InitializeSListHead
GetCurrentThreadId
QueryPerformanceCounter
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
WideCharToMultiByte
FindResourceA
FormatMessageA
LockResource
LoadResource
LoadLibraryExW
GetProcAddress
GetModuleHandleA
GetModuleFileNameW
GetSystemTimeAsFileTime
GetCurrentProcessId
SetErrorMode
WriteFile
GetShortPathNameW
CreateFileW
SetDllDirectoryW
OpenProcess
CreateThread
ExitProcess
Sleep
WaitForSingleObject
GetLastError
CloseHandle
SetEnvironmentVariableW
GetEnvironmentVariableW
SetStdHandle

Sections

.text
Size: 5.6MB - Virtual size: 5.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 161KB - Virtual size: 160KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 31KB - Virtual size: 222KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 72KB - Virtual size: 71KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4.6MB - Virtual size: 4.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
7d37eddf0b101ff2b633b2ffe33580bdb993a97fecc06874d7b5b07119b9ec99
.exe windows:6 windows x64 arch:x64

Password: infected

7838a435d73c9e00dcede5888b507817

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

python310

Py_SetProgramName
Py_InitializeFromConfig
Py_ExitStatusException
PySys_SetArgv
_PyRuntime_Initialize
_PyConfig_InitCompatConfig
Py_DebugFlag
Py_VerboseFlag
Py_InteractiveFlag
Py_InspectFlag
Py_OptimizeFlag
Py_NoSiteFlag
Py_BytesWarningFlag
Py_FrozenFlag
Py_IgnoreEnvironmentFlag
Py_DontWriteBytecodeFlag
Py_NoUserSiteDirectory
Py_UTF8Mode
PyImport_FrozenModules
_Py_path_config
PyMem_Malloc
PyMem_Calloc
PyMem_Realloc
PyType_Ready
PyObject_Str
PyObject_RichCompare
PyObject_RichCompareBool
PyObject_SetAttrString
PyObject_GetAttr
PyObject_SetAttr
PyObject_SelfIter
PyObject_GenericSetAttr
PyObject_IsTrue
PyCallable_Check
PyObject_ClearWeakRefs
PyObject_Malloc
PyObject_Realloc
PyObject_Free
PyObject_InitVar
_PyObject_New
_PyObject_GC_Resize
PyObject_GC_Del
PyByteArray_FromStringAndSize
PyUnicode_FromStringAndSize
PyUnicode_FromEncodedObject
PyUnicode_FromFormat
PyUnicode_InternInPlace
PyUnicode_FromWideChar
PyUnicode_FromOrdinal
PyUnicode_DecodeUTF8
PyUnicode_Concat
PyUnicode_FindChar
PyUnicode_Format
PyUnicode_New
_PyUnicode_Ready
PyUnicode_AsUnicode
PyLong_AsLongAndOverflow
PyLong_FromLongLong
PyLong_FromUnsignedLongLong
PyLong_FromString
PyLong_FromUnicodeObject
_PyLong_New
_PyLong_Copy
PyFloat_FromString
PyFloat_FromDouble
PyComplex_FromDoubles
PyTuple_New
PyTuple_Pack
PyList_New
PyList_SetItem
PyList_Sort
PyDict_New
PyDict_GetItem
PyDict_GetItemString
PyDict_SetItemString
_PySet_NextEntry
PyCMethod_New
PyModule_NewObject
PyModule_GetName
PyModule_GetFilenameObject
_PyWarnings_Init
PyCode_NewWithPosOnlyArgs
PyObject_Call
PyObject_CallObject
PyObject_CallFunctionObjArgs
PyObject_CallMethodObjArgs
PyObject_GetIter
PyIter_Next
PyIter_Send
PyNumber_Add
PyNumber_Subtract
PyNumber_FloorDivide
PyNumber_Float
PyNumber_InPlaceAdd
PyNumber_InPlaceMultiply
PyNumber_InPlaceLshift
PyNumber_InPlaceOr
PyNumber_ToBase
PySequence_List
PyMapping_Size
_PyObject_HasLen
PyObject_LengthHint
_PyGen_SetStopIterationValue
_PyGen_FetchStopIterationValue
PyDescr_IsData
PyErr_WarnEx
PyErr_ExceptionMatches
PyException_SetCause
PyErr_BadArgument
PyErr_NoMemory
PyOS_snprintf
_PyErr_FormatFromCause
PyArg_ParseTuple
PyArg_ParseTupleAndKeywords
PyArg_UnpackTuple
_PyArg_NoKeywords
PyModule_ExecDef
PyModule_FromDefAndSpec2
PyErr_Print
Py_CompileStringExFlags
PyEval_GetFuncName
PyEval_EvalFrameEx
PyEval_RestoreThread
PySys_WriteStderr
PyImport_ExecCodeModule
PyImport_ExecCodeModuleEx
PyImport_GetModuleDict
PyImport_ImportModule
PyImport_ImportFrozenModule
_PyImport_FixupExtensionObject
PyEval_EvalCodeEx
PyFrame_New
PyMarshal_ReadObjectFromString
_PyErr_NormalizeException
_PyByteArray_empty_string
PyComplex_Type
PyDictKeys_Type
PyDictItems_Type
PySet_Type
PyModuleDef_Type
PyMethod_Type
PyCode_Type
PyTraceBack_Type
_Py_EllipsisObject
PySlice_Type
PyEllipsis_Type
PyGen_Type
PyCoro_Type
PyAsyncGen_Type
_PyAsyncGenWrappedValue_Type
Py_GenericAliasType
PyExc_StopAsyncIteration
PyExc_NameError
PyExc_UnboundLocalError
PyExc_ZeroDivisionError
PyExc_ImportWarning
_Py_PackageContext
PyFrame_Type
PyErr_SetInterrupt
PyConfig_SetArgv
PyConfig_SetString
PyWideStringList_Append
PyStatus_Exception
PyDict_DelItemString
PyLong_AsLong
PyUnicode_AsUTF8
PyExc_MemoryError
PyExc_ModuleNotFoundError
PyDict_MergeFromSeq2
PyDict_Merge
PyExc_OSError
PyExc_UnicodeError
PyEnum_Type
PyObject_DelItem
PyExc_UnicodeEncodeError
PyFrozenSet_Type
PyMap_Type
PyExc_NotImplementedError
PyMemoryView_Type
PyByteArray_FromObject
PyObject_Repr
PyFrozenSet_New
PyExc_OverflowError
PyDict_DelItem
PyExc_RuntimeError
PyObject_Dir
_Py_NotImplementedStruct
PyObject_GetItem
PyReversed_Type
PyExc_AssertionError
PyNumber_Negative
PyObject_SetItem
PyRange_Type
PyExc_KeyError
PyProperty_Type
PySet_Add
PyByteArray_Type
PyFilter_Type
PyZip_Type
PyExc_IOError
PyExc_UnicodeDecodeError
PyExc_LookupError
PyFloat_Type
PyBool_Type
PyLong_Type
PyBytes_Type
PyNumber_Long
PySet_New
PyUnicode_Find
PyUnicode_GetLength
PyUnicode_Substring
PyModule_GetDict
PyObject_GetAttrString
_PyRuntime
PyExc_ValueError
PyExc_IndexError
PyExc_ImportError
PyExc_GeneratorExit
PyExc_StopIteration
PyExc_Exception
PyExc_BaseException
PySeqIter_Type
PyModule_Type
PyDict_Type
PyList_Type
PyTuple_Type
PyUnicode_Type
PyEval_AcquireThread
PyEval_SaveThread
Py_MakePendingCalls
Py_Exit
PyErr_PrintEx
PyErr_WriteUnraisable
PyException_SetContext
PyException_GetContext
Py_GenericAlias
PyObject_IsSubclass
PySequence_Contains
PySequence_Tuple
PySequence_Check
PyNumber_AsSsize_t
_PyDict_NewPresized
PyDict_SetItem
PyLong_FromSsize_t
PyUnicode_Join
_PyObject_GC_Malloc
_PyObject_FunctionStr
PyType_IsSubtype
PyExc_TypeError
PyExc_SystemError
PyExc_AttributeError
PyFunction_Type
PyCFunction_Type
_Py_NoneStruct
PyBaseObject_Type
PyType_Type
PyErr_Format
PyObject_IsInstance
_PyType_Lookup
_Py_TrueStruct
_Py_FalseStruct
PySys_SetObject
PySys_GetObject
PyStructSequence_New
PyStructSequence_InitType
PyCapsule_New
PyLong_FromLong
PyUnicode_FromString
PyModule_GetDef

kernel32

WriteConsoleW
HeapReAlloc
HeapSize
SetFilePointerEx
GetFileSizeEx
GetConsoleMode
GetConsoleOutputCP
FlushFileBuffers
GetProcessHeap
GetStringTypeW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
FindClose
MultiByteToWideChar
GetFileType
LCMapStringW
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
HeapFree
HeapAlloc
GetStdHandle
GetCommandLineW
GetCommandLineA
GetModuleHandleExW
RtlPcToFileHeader
RaiseException
EncodePointer
FreeLibrary
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
SetLastError
RtlUnwindEx
GetEnvironmentVariableA
GetModuleHandleW
GetStartupInfoW
IsDebuggerPresent
InitializeSListHead
GetCurrentThreadId
QueryPerformanceCounter
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
WideCharToMultiByte
FindResourceA
FormatMessageA
LockResource
LoadResource
LoadLibraryExW
GetProcAddress
GetModuleHandleA
GetModuleFileNameW
GetSystemTimeAsFileTime
GetCurrentProcessId
SetErrorMode
WriteFile
GetShortPathNameW
CreateFileW
SetDllDirectoryW
OpenProcess
CreateThread
ExitProcess
Sleep
WaitForSingleObject
GetLastError
CloseHandle
SetEnvironmentVariableW
GetEnvironmentVariableW
SetStdHandle

Sections

.text
Size: 5.6MB - Virtual size: 5.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 161KB - Virtual size: 160KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 31KB - Virtual size: 222KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 72KB - Virtual size: 71KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4.6MB - Virtual size: 4.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
7e14d88f60fe80f8fa27076566fd77e51c7d04674973a564202b4a7cbfaf2778
.exe windows:6 windows x64 arch:x64

Password: infected

92f408e283821e9865fe3074af091a34

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

shell32

SHFileOperationW
SHGetFolderPathW

kernel32

DeleteCriticalSection
WriteConsoleW
CreateDirectoryW
SetConsoleCtrlHandler
GetCommandLineW
WriteFile
TerminateProcess
GetModuleFileNameW
GetTempPathW
FindResourceA
WaitForSingleObject
CreateFileW
GetFileAttributesW
Sleep
GetLastError
LockResource
CloseHandle
LoadResource
GetProcAddress
SetEnvironmentVariableA
GetCurrentProcessId
CreateProcessW
WideCharToMultiByte
GetSystemTimeAsFileTime
FormatMessageA
GetExitCodeProcess
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentThreadId
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
HeapReAlloc
RtlUnwindEx
SetLastError
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
EncodePointer
RaiseException
RtlPcToFileHeader
ExitProcess
GetModuleHandleExW
GetCommandLineA
GetStdHandle
HeapAlloc
MultiByteToWideChar
HeapFree
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
LCMapStringW
GetFileType
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetStdHandle
GetStringTypeW
GetProcessHeap
FlushFileBuffers
GetConsoleOutputCP
GetConsoleMode
GetFileSizeEx
SetFilePointerEx
HeapSize

Sections

.text
Size: 122KB - Virtual size: 121KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 8.3MB - Virtual size: 8.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
9b6be74c2c144f8bcb92c8350855d35c14bb7f2b727551c3dd5c8054c4136e3f
.exe windows:5 windows x64 arch:x64

5324ac1e1bceff69ec8d4435c50bfe0e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

user32

CreateWindowExW
MessageBoxW
MessageBoxA
SystemParametersInfoW
DestroyIcon
SetWindowLongPtrW
GetWindowLongPtrW
GetClientRect
InvalidateRect
ReleaseDC
GetDC
DrawTextW
GetDialogBaseUnits
EndDialog
DialogBoxIndirectParamW
MoveWindow
SendMessageW

comctl32

ord380

kernel32

GetOEMCP
GetACP
IsValidCodePage
GetFileAttributesExW
FlushFileBuffers
GetCurrentDirectoryW
GetCPInfo
GetEnvironmentStringsW
GetModuleHandleW
MulDiv
GetLastError
SetDllDirectoryW
GetModuleFileNameW
GetProcAddress
FreeEnvironmentStringsW
GetEnvironmentVariableW
SetEnvironmentVariableW
ExpandEnvironmentStringsW
CreateDirectoryW
GetTempPathW
WaitForSingleObject
Sleep
GetExitCodeProcess
CreateProcessW
GetStartupInfoW
FreeLibrary
LoadLibraryExW
CloseHandle
GetCurrentProcess
LocalFree
FormatMessageW
MultiByteToWideChar
WideCharToMultiByte
GetStringTypeW
GetProcessHeap
GetTimeZoneInformation
HeapSize
HeapReAlloc
WriteConsoleW
SetEndOfFile
GetCommandLineW
SetLastError
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
RtlUnwindEx
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
EncodePointer
RaiseException
RtlPcToFileHeader
GetCommandLineA
ReadFile
CreateFileW
GetDriveTypeW
GetFileInformationByHandle
GetFileType
PeekNamedPipe
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
GetFullPathNameW
RemoveDirectoryW
FindClose
FindFirstFileExW
FindNextFileW
SetStdHandle
SetConsoleCtrlHandler
DeleteFileW
GetStdHandle
WriteFile
ExitProcess
GetModuleHandleExW
HeapFree
GetConsoleMode
ReadConsoleW
SetFilePointerEx
GetConsoleOutputCP
GetFileSizeEx
HeapAlloc
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
CompareStringW
LCMapStringW

advapi32

OpenProcessToken
GetTokenInformation
ConvertStringSecurityDescriptorToSecurityDescriptorW
ConvertSidToStringSidW

gdi32

SelectObject
DeleteObject
CreateFontIndirectW

Sections

.text
Size: 159KB - Virtual size: 158KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 71KB - Virtual size: 70KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 244B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
a98f8468d70426ba255469a92d983d653f937d954e936e0ff5d9a0f44f1bdf70
abac31b5527803a89c941cf24280a9653cdee898a7a338424bd3e9b15d792972
.exe windows:6 windows x64 arch:x64

92f408e283821e9865fe3074af091a34

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

shell32

SHFileOperationW
SHGetFolderPathW

kernel32

DeleteCriticalSection
WriteConsoleW
CreateDirectoryW
SetConsoleCtrlHandler
GetCommandLineW
WriteFile
TerminateProcess
GetModuleFileNameW
GetTempPathW
FindResourceA
WaitForSingleObject
CreateFileW
GetFileAttributesW
Sleep
GetLastError
LockResource
CloseHandle
LoadResource
GetProcAddress
SetEnvironmentVariableA
GetCurrentProcessId
CreateProcessW
WideCharToMultiByte
GetSystemTimeAsFileTime
FormatMessageA
GetExitCodeProcess
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentThreadId
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
HeapReAlloc
RtlUnwindEx
SetLastError
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
EncodePointer
RaiseException
RtlPcToFileHeader
ExitProcess
GetModuleHandleExW
GetCommandLineA
GetStdHandle
HeapAlloc
MultiByteToWideChar
HeapFree
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
LCMapStringW
GetFileType
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetStdHandle
GetStringTypeW
GetProcessHeap
FlushFileBuffers
GetConsoleOutputCP
GetConsoleMode
GetFileSizeEx
SetFilePointerEx
HeapSize

Sections

.text
Size: 122KB - Virtual size: 121KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 8.3MB - Virtual size: 8.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ee227cd0ef308287bc536a3955fd81388a16a0228ac42140e9cf308ae6343a3f
.exe windows:6 windows x64 arch:x64

c3c087b99e33db995ca1aa1fe95ea559

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

python310

Py_SetProgramName
Py_InitializeFromConfig
Py_ExitStatusException
PySys_SetArgv
_PyRuntime_Initialize
_PyConfig_InitCompatConfig
Py_DebugFlag
Py_VerboseFlag
Py_InteractiveFlag
Py_InspectFlag
Py_OptimizeFlag
Py_NoSiteFlag
Py_BytesWarningFlag
Py_FrozenFlag
Py_IgnoreEnvironmentFlag
Py_DontWriteBytecodeFlag
Py_NoUserSiteDirectory
Py_UTF8Mode
PyImport_FrozenModules
_Py_path_config
PyMem_Malloc
PyMem_Calloc
PyMem_Realloc
PyType_Ready
PyObject_Str
PyObject_RichCompare
PyObject_RichCompareBool
PyObject_SetAttrString
PyObject_GetAttr
PyObject_SetAttr
PyObject_SelfIter
PyObject_GenericSetAttr
PyObject_IsTrue
PyCallable_Check
PyObject_ClearWeakRefs
PyObject_Malloc
PyObject_Realloc
PyObject_Free
PyObject_InitVar
_PyObject_New
_PyObject_GC_Resize
PyObject_GC_Del
PyByteArray_FromStringAndSize
PyUnicode_FromStringAndSize
PyUnicode_FromEncodedObject
PyUnicode_FromFormat
PyUnicode_InternInPlace
PyUnicode_FromWideChar
PyUnicode_FromOrdinal
PyUnicode_DecodeUTF8
PyUnicode_Concat
PyUnicode_FindChar
PyUnicode_Format
PyUnicode_New
_PyUnicode_Ready
PyUnicode_AsUnicode
PyLong_AsLongAndOverflow
PyLong_FromLongLong
PyLong_FromUnsignedLongLong
PyLong_FromString
PyLong_FromUnicodeObject
_PyLong_New
_PyLong_Copy
PyFloat_FromString
PyFloat_FromDouble
PyComplex_FromDoubles
PyTuple_New
PyTuple_Pack
PyList_New
PyList_SetItem
PyList_Sort
PyDict_New
PyDict_GetItem
PyDict_GetItemString
PyDict_SetItemString
_PySet_NextEntry
PyCMethod_New
PyModule_NewObject
PyModule_GetName
PyModule_GetFilenameObject
_PyWarnings_Init
PyCode_NewWithPosOnlyArgs
PyObject_Call
PyObject_CallObject
PyObject_CallFunctionObjArgs
PyObject_CallMethodObjArgs
PyObject_GetIter
PyIter_Next
PyIter_Send
PyNumber_Add
PyNumber_Subtract
PyNumber_FloorDivide
PyNumber_Float
PyNumber_InPlaceAdd
PyNumber_InPlaceMultiply
PyNumber_InPlaceLshift
PyNumber_InPlaceOr
PyNumber_ToBase
PySequence_List
PyMapping_Size
_PyObject_HasLen
PyObject_LengthHint
_PyGen_SetStopIterationValue
_PyGen_FetchStopIterationValue
PyDescr_IsData
PyErr_WarnEx
PyErr_ExceptionMatches
PyException_SetCause
PyErr_BadArgument
PyErr_NoMemory
PyOS_snprintf
_PyErr_FormatFromCause
PyArg_ParseTuple
PyArg_ParseTupleAndKeywords
PyArg_UnpackTuple
_PyArg_NoKeywords
PyModule_ExecDef
PyModule_FromDefAndSpec2
PyErr_Print
Py_CompileStringExFlags
PyEval_GetFuncName
PyEval_EvalFrameEx
PyEval_RestoreThread
PySys_WriteStderr
PyImport_ExecCodeModule
PyImport_ExecCodeModuleEx
PyImport_GetModuleDict
PyImport_ImportModule
PyImport_ImportFrozenModule
_PyImport_FixupExtensionObject
PyEval_EvalCodeEx
PyFrame_New
PyMarshal_ReadObjectFromString
_PyErr_NormalizeException
_PyByteArray_empty_string
PyComplex_Type
PyDictKeys_Type
PyDictItems_Type
PySet_Type
PyModuleDef_Type
PyMethod_Type
PyCode_Type
PyTraceBack_Type
_Py_EllipsisObject
PySlice_Type
PyEllipsis_Type
PyGen_Type
PyCoro_Type
PyAsyncGen_Type
_PyAsyncGenWrappedValue_Type
Py_GenericAliasType
PyExc_StopAsyncIteration
PyExc_NameError
PyExc_UnboundLocalError
PyExc_ZeroDivisionError
PyExc_ImportWarning
_Py_PackageContext
PyFrame_Type
PyErr_SetInterrupt
PyConfig_SetArgv
PyConfig_SetString
PyWideStringList_Append
PyStatus_Exception
PyDict_DelItemString
PyLong_AsLong
PyUnicode_AsUTF8
PyExc_MemoryError
PyExc_ModuleNotFoundError
PyDict_MergeFromSeq2
PyDict_Merge
PyExc_OSError
PyExc_UnicodeError
PyEnum_Type
PyObject_DelItem
PyExc_UnicodeEncodeError
PyFrozenSet_Type
PyMap_Type
PyExc_NotImplementedError
PyMemoryView_Type
PyByteArray_FromObject
PyObject_Repr
PyFrozenSet_New
PyExc_OverflowError
PyDict_DelItem
PyExc_RuntimeError
PyObject_Dir
_Py_NotImplementedStruct
PyObject_GetItem
PyReversed_Type
PyExc_AssertionError
PyNumber_Negative
PyObject_SetItem
PyRange_Type
PyExc_KeyError
PyProperty_Type
PySet_Add
PyByteArray_Type
PyFilter_Type
PyZip_Type
PyExc_IOError
PyExc_UnicodeDecodeError
PyExc_LookupError
PyFloat_Type
PyBool_Type
PyLong_Type
PyBytes_Type
Py_Exit
PyNumber_Long
PySet_New
PyUnicode_Find
PyUnicode_GetLength
PyUnicode_Substring
PyErr_PrintEx
PyModule_GetDict
PyObject_GetAttrString
_PyRuntime
PyExc_ValueError
PyExc_IndexError
PyExc_ImportError
PyExc_GeneratorExit
PyExc_StopIteration
PyExc_Exception
PyExc_BaseException
PySeqIter_Type
PyModule_Type
PyDict_Type
PyList_Type
PyTuple_Type
PyUnicode_Type
PyEval_AcquireThread
PyEval_SaveThread
Py_MakePendingCalls
PyErr_WriteUnraisable
PyException_SetContext
PyException_GetContext
Py_GenericAlias
PyObject_IsSubclass
PySequence_Contains
PySequence_Tuple
PySequence_Check
PyNumber_AsSsize_t
_PyDict_NewPresized
PyDict_SetItem
PyLong_FromSsize_t
PyUnicode_Join
_PyObject_GC_Malloc
_PyObject_FunctionStr
PyType_IsSubtype
PyExc_TypeError
PyExc_SystemError
PyExc_AttributeError
PyFunction_Type
PyCFunction_Type
_Py_NoneStruct
PyBaseObject_Type
PyType_Type
PyErr_Format
PyObject_IsInstance
_PyType_Lookup
_Py_TrueStruct
_Py_FalseStruct
PySys_SetObject
PySys_GetObject
PyStructSequence_New
PyStructSequence_InitType
PyCapsule_New
PyLong_FromLong
PyUnicode_FromString
PyModule_GetDef

kernel32

WriteConsoleW
HeapReAlloc
HeapSize
SetFilePointerEx
GetFileSizeEx
GetConsoleMode
GetConsoleOutputCP
FlushFileBuffers
GetProcessHeap
GetStringTypeW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
FindClose
MultiByteToWideChar
GetFileType
LCMapStringW
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
HeapFree
HeapAlloc
GetStdHandle
GetCommandLineW
GetCommandLineA
GetModuleHandleExW
RtlPcToFileHeader
RaiseException
EncodePointer
FreeLibrary
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
SetLastError
RtlUnwindEx
GetEnvironmentVariableA
GetModuleHandleW
GetStartupInfoW
IsDebuggerPresent
InitializeSListHead
GetCurrentThreadId
QueryPerformanceCounter
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
WideCharToMultiByte
FindResourceA
FormatMessageA
LockResource
LoadResource
LoadLibraryExW
GetProcAddress
GetModuleHandleA
GetModuleFileNameW
GetSystemTimeAsFileTime
GetCurrentProcessId
SetErrorMode
WriteFile
GetShortPathNameW
CreateFileW
SetDllDirectoryW
OpenProcess
CreateThread
ExitProcess
Sleep
WaitForSingleObject
GetLastError
CloseHandle
SetEnvironmentVariableW
GetEnvironmentVariableW
SetStdHandle

Sections

.text
Size: 5.6MB - Virtual size: 5.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 160KB - Virtual size: 160KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 31KB - Virtual size: 222KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 72KB - Virtual size: 71KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4.6MB - Virtual size: 4.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Resubmissions

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

92f408e283821e9865fe3074af091a34

Headers

DLL Characteristics

File Characteristics

Imports

shell32

kernel32

Sections

.text Size: 122KB - Virtual size: 121KB

.rdata Size: 48KB - Virtual size: 47KB

.data Size: 3KB - Virtual size: 67KB

.pdata Size: 6KB - Virtual size: 5KB

_RDATA Size: 512B - Virtual size: 348B

.rsrc Size: 8.3MB - Virtual size: 8.3MB

.reloc Size: 2KB - Virtual size: 1KB

Password: infected

92f408e283821e9865fe3074af091a34

Headers

DLL Characteristics

File Characteristics

Imports

shell32

kernel32

Sections

.text Size: 122KB - Virtual size: 121KB

.rdata Size: 48KB - Virtual size: 47KB

.data Size: 3KB - Virtual size: 67KB

.pdata Size: 6KB - Virtual size: 5KB

_RDATA Size: 512B - Virtual size: 348B

.rsrc Size: 4.0MB - Virtual size: 4.0MB

.reloc Size: 2KB - Virtual size: 1KB

Password: infected

92f408e283821e9865fe3074af091a34

Headers

DLL Characteristics

File Characteristics

Imports

shell32

kernel32

Sections

.text Size: 122KB - Virtual size: 121KB

.rdata Size: 48KB - Virtual size: 47KB

.data Size: 3KB - Virtual size: 67KB

.pdata Size: 6KB - Virtual size: 5KB

_RDATA Size: 512B - Virtual size: 348B

.rsrc Size: 8.3MB - Virtual size: 8.3MB

.reloc Size: 2KB - Virtual size: 1KB

Password: infected

f78125c8b3323a8eb61ffd0aae2eef81

Headers

DLL Characteristics

File Characteristics

Imports

python310

kernel32

Sections

.text Size: 2.0MB - Virtual size: 2.0MB

.rdata Size: 115KB - Virtual size: 115KB

.data Size: 27KB - Virtual size: 85KB

.pdata Size: 31KB - Virtual size: 31KB

_RDATA Size: 512B - Virtual size: 348B

.rsrc Size: 3.7MB - Virtual size: 3.7MB

.reloc Size: 3KB - Virtual size: 3KB

Password: infected

92f408e283821e9865fe3074af091a34

Headers

DLL Characteristics

File Characteristics

Imports

shell32

kernel32

Sections

.text
Size: 122KB - Virtual size: 121KB

.rdata
Size: 48KB - Virtual size: 47KB

.data
Size: 3KB - Virtual size: 67KB

.pdata
Size: 6KB - Virtual size: 5KB

_RDATA
Size: 512B - Virtual size: 348B

.rsrc
Size: 8.3MB - Virtual size: 8.3MB

.reloc
Size: 2KB - Virtual size: 1KB

.text
Size: 122KB - Virtual size: 121KB

.rdata
Size: 48KB - Virtual size: 47KB

.data
Size: 3KB - Virtual size: 67KB

.pdata
Size: 6KB - Virtual size: 5KB

_RDATA
Size: 512B - Virtual size: 348B

.rsrc
Size: 4.0MB - Virtual size: 4.0MB

.reloc
Size: 2KB - Virtual size: 1KB

.text
Size: 122KB - Virtual size: 121KB

.rdata
Size: 48KB - Virtual size: 47KB

.data
Size: 3KB - Virtual size: 67KB

.pdata
Size: 6KB - Virtual size: 5KB

_RDATA
Size: 512B - Virtual size: 348B

.rsrc
Size: 8.3MB - Virtual size: 8.3MB

.reloc
Size: 2KB - Virtual size: 1KB

.text
Size: 2.0MB - Virtual size: 2.0MB

.rdata
Size: 115KB - Virtual size: 115KB

.data
Size: 27KB - Virtual size: 85KB

.pdata
Size: 31KB - Virtual size: 31KB

_RDATA
Size: 512B - Virtual size: 348B

.rsrc
Size: 3.7MB - Virtual size: 3.7MB

.reloc
Size: 3KB - Virtual size: 3KB

.text
Size: 122KB - Virtual size: 121KB

.rdata
Size: 48KB - Virtual size: 47KB

.data
Size: 3KB - Virtual size: 67KB

.pdata
Size: 6KB - Virtual size: 5KB

_RDATA
Size: 512B - Virtual size: 348B

.rsrc
Size: 8.3MB - Virtual size: 8.3MB

.reloc
Size: 2KB - Virtual size: 1KB

.text
Size: 5.6MB - Virtual size: 5.6MB

.rdata
Size: 161KB - Virtual size: 160KB

.data
Size: 31KB - Virtual size: 222KB

.pdata
Size: 72KB - Virtual size: 71KB

_RDATA
Size: 512B - Virtual size: 348B

.rsrc
Size: 4.6MB - Virtual size: 4.6MB

.reloc
Size: 4KB - Virtual size: 3KB

.text
Size: 5.6MB - Virtual size: 5.6MB

.rdata
Size: 161KB - Virtual size: 160KB

.data
Size: 31KB - Virtual size: 222KB

.pdata
Size: 72KB - Virtual size: 71KB

_RDATA
Size: 512B - Virtual size: 348B

.rsrc
Size: 4.6MB - Virtual size: 4.6MB

.reloc
Size: 4KB - Virtual size: 3KB

.text
Size: 122KB - Virtual size: 121KB

.rdata
Size: 48KB - Virtual size: 47KB

.data
Size: 3KB - Virtual size: 67KB

.pdata
Size: 6KB - Virtual size: 5KB

_RDATA
Size: 512B - Virtual size: 348B

.rsrc
Size: 8.3MB - Virtual size: 8.3MB

.reloc
Size: 2KB - Virtual size: 1KB

.text
Size: 159KB - Virtual size: 158KB

.rdata
Size: 71KB - Virtual size: 70KB

.data
Size: 3KB - Virtual size: 64KB

.pdata
Size: 8KB - Virtual size: 8KB