SuperDeath[.]2[.]0[.]zip

Resubmissions

06/01/2024, 14:25

240106-rrcv6sabfl 8

Sharing

Copy URL Twitter E-mail

General

Target

SuperDeath.2.0.zip
Size

28.3MB
MD5

6fb74039f789c042f1b8b41e750a356b
SHA1

65b07018edbf0444167ba12943c1095e98a82226
SHA256

c2bbf6fe638c36c001d5d62cc0e49664e446517407a54911db57552adb118aa8
SHA512

7f12bbd6245ac49e0368324533d79cbd33ce8ad88abec3a76c2c887b12ddcb87b752cac07d110586036635d0fb2e97eea3cdcfffbfac7d086dc16535725e8037
SSDEEP

786432:YgztwaY+jgu4fh5Ac6loYlQV50gheWkOJfO3c8Cu5:Yrag5XAPoSQV5dkOlO3zCu5

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/SuperDeath2.exe	upx
static1/unpack003/Bat_To_Exe_Converter.exe	upx
static1/unpack001/source/Bat To Exe Converter/Bat_To_Exe_Converter.exe	upx

Unsigned PE 22 IoCs

Checks for missing Authenticode signature.

resource
unpack001/SuperDeath2.exe
unpack003/Bat_To_Exe_Converter.exe
unpack001/source/Bat To Exe Converter/Bat_To_Exe_Converter.exe
unpack001/source/ErrorDraw.exe
unpack001/source/Logon_overwriter.exe
unpack001/source/Logon_overwriter/Logon_overwriter/Resources/LogonUI.exe
unpack001/source/Logon_overwriter/Logon_overwriter/bin/Debug/Logon_overwriter.exe
unpack001/source/Logon_overwriter/Logon_overwriter/obj/Debug/Logon_overwriter.exe
unpack001/source/Logon_overwriter/Logon_overwriter/obj/Debug/TempPE/Properties.Resources.Designer.cs.dll
unpack001/source/MBR - Image Builder.exe
unpack001/source/MrsMjrGui.exe
unpack001/source/PatBlt.exe
unpack001/source/RSOD/RSOD/bin/Debug/LogonUI.exe
unpack001/source/RSOD/RSOD/obj/Debug/RSOD.exe
unpack001/source/ScaryBob.exe
unpack001/source/ScaryBob/ScaryBob.exe
unpack001/source/covid666.exe
unpack001/source/covid666/covid666.exe
unpack001/source/gotosleep.exe
unpack001/source/gotosleep/gotosleep.exe
unpack001/source/mbr.exe
unpack001/source/mover.exe

Files

SuperDeath.2.0.zip
.zip
SuperDeath2.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 9.5MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 7.2MB - Virtual size: 7.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 40KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
credits.txt
source/407740.jpg
.jpg
source/Bat To Exe Converter.rar
.rar
Bat_To_Exe_Converter.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 548KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 396KB - Virtual size: 400KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 47KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
help.chm
.chm
settings.ini
source/Bat To Exe Converter/Bat_To_Exe_Converter.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 548KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 396KB - Virtual size: 400KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 47KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
source/Bat To Exe Converter/help.chm
.chm
source/Bat To Exe Converter/settings.ini
source/ErrorDraw.cpp
source/ErrorDraw.exe
.exe windows:4 windows x86 arch:x86

a0a157d03082382106055ce2e44b29e4

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

DeleteCriticalSection
EnterCriticalSection
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetLastError
GetStartupInfoA
GetSystemTimeAsFileTime
GetTickCount
InitializeCriticalSection
LeaveCriticalSection
QueryPerformanceCounter
SetUnhandledExceptionFilter
Sleep
TerminateProcess
TlsGetValue
UnhandledExceptionFilter
VirtualProtect
VirtualQuery

msvcrt

__dllonexit
__getmainargs
__initenv
__lconv_init
__set_app_type
__setusermatherr
_acmdln
_amsg_exit
_cexit
_fmode
_initterm
_iob
_lock
_onexit
_unlock
abort
calloc
exit
fprintf
free
fwrite
malloc
signal
strncmp
vfprintf

ntdll

memcpy
strlen

user32

DrawIcon
GetCursorPos
GetDC
GetSystemMetrics
LoadIconA

Sections

.text
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 44B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 52B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

/4
Size: 1024B - Virtual size: 728B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/19
Size: 42KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/31
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/45
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/57
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/70
Size: 1024B - Virtual size: 754B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/81
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/92
Size: 1024B - Virtual size: 560B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
source/Logon_overwriter.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\Worm\source\repos\Logon_overwriter\Logon_overwriter\obj\Debug\Logon_overwriter.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 29KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
source/Logon_overwriter/.vs/Logon_overwriter/v16/.suo
source/Logon_overwriter/Logon_overwriter.sln
source/Logon_overwriter/Logon_overwriter/Form1.Designer.cs
source/Logon_overwriter/Logon_overwriter/Form1.cs
.js
source/Logon_overwriter/Logon_overwriter/Form1.resx
.vbs
source/Logon_overwriter/Logon_overwriter/Logon_overwriter.csproj
source/Logon_overwriter/Logon_overwriter/Program.cs
source/Logon_overwriter/Logon_overwriter/Properties/AssemblyInfo.cs
source/Logon_overwriter/Logon_overwriter/Properties/Resources.Designer.cs
.vbs
source/Logon_overwriter/Logon_overwriter/Properties/Resources.resx
.vbs
source/Logon_overwriter/Logon_overwriter/Properties/Settings.Designer.cs
source/Logon_overwriter/Logon_overwriter/Properties/Settings.settings
source/Logon_overwriter/Logon_overwriter/Resources/LogonUI.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\Worm\source\repos\RSOD\RSOD\obj\Debug\RSOD.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
source/Logon_overwriter/Logon_overwriter/app.manifest
source/Logon_overwriter/Logon_overwriter/bin/Debug/Logon_overwriter.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\Worm\source\repos\Logon_overwriter\Logon_overwriter\obj\Debug\Logon_overwriter.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 29KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
source/Logon_overwriter/Logon_overwriter/bin/Debug/Logon_overwriter.pdb
source/Logon_overwriter/Logon_overwriter/obj/Debug/.NETFramework,Version=v4.0.AssemblyAttributes.cs
source/Logon_overwriter/Logon_overwriter/obj/Debug/DesignTimeResolveAssemblyReferences.cache
source/Logon_overwriter/Logon_overwriter/obj/Debug/DesignTimeResolveAssemblyReferencesInput.cache
source/Logon_overwriter/Logon_overwriter/obj/Debug/Logon_overwriter.Logon.resources
source/Logon_overwriter/Logon_overwriter/obj/Debug/Logon_overwriter.Properties.Resources.resources
source/Logon_overwriter/Logon_overwriter/obj/Debug/Logon_overwriter.csproj.CoreCompileInputs.cache
source/Logon_overwriter/Logon_overwriter/obj/Debug/Logon_overwriter.csproj.FileListAbsolute.txt
source/Logon_overwriter/Logon_overwriter/obj/Debug/Logon_overwriter.csproj.GenerateResource.cache
source/Logon_overwriter/Logon_overwriter/obj/Debug/Logon_overwriter.csprojAssemblyReference.cache
source/Logon_overwriter/Logon_overwriter/obj/Debug/Logon_overwriter.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\Worm\source\repos\Logon_overwriter\Logon_overwriter\obj\Debug\Logon_overwriter.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 29KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
source/Logon_overwriter/Logon_overwriter/obj/Debug/Logon_overwriter.pdb
source/Logon_overwriter/Logon_overwriter/obj/Debug/TempPE/Properties.Resources.Designer.cs.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

mscoree

_CorDllMain

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
source/MBR - Image Builder.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 712KB - Virtual size: 712KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 51KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 6KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 36B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 39KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 10.5MB - Virtual size: 10.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
source/MrsMjrGui.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

c:\users\guest\documents\visual studio 2015\Projects\WindowsApplication2\WindowsApplication2\obj\Debug\WindowsApplication2.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 69KB - Virtual size: 68KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
source/MrsMjrGuiLauncher.bat
source/PatBlt.cpp
source/PatBlt.exe
.exe windows:4 windows x86 arch:x86

fd5a39e3e5cc28d70b95e6ca2d50e947

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

gdi32

PatBlt

kernel32

DeleteCriticalSection
EnterCriticalSection
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetLastError
GetStartupInfoA
GetSystemTimeAsFileTime
GetTickCount
InitializeCriticalSection
LeaveCriticalSection
QueryPerformanceCounter
SetUnhandledExceptionFilter
Sleep
TerminateProcess
TlsGetValue
UnhandledExceptionFilter
VirtualProtect
VirtualQuery

msvcrt

__dllonexit
__getmainargs
__initenv
__lconv_init
__set_app_type
__setusermatherr
_acmdln
_amsg_exit
_cexit
_fmode
_initterm
_iob
_lock
_onexit
_unlock
abort
calloc
exit
fprintf
free
fwrite
malloc
signal
strncmp
vfprintf

ntdll

memcpy
strlen

user32

GetDC
GetSystemMetrics

Sections

.text
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 44B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 52B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

/4
Size: 1024B - Virtual size: 728B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/19
Size: 42KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/31
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/45
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/57
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/70
Size: 1024B - Virtual size: 754B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/81
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/92
Size: 1024B - Virtual size: 560B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
source/RSOD/.vs/RSOD/v16/.suo
source/RSOD/RSOD.sln
source/RSOD/RSOD/Form1.Designer.cs
source/RSOD/RSOD/Form1.cs
source/RSOD/RSOD/Form1.resx
.vbs
source/RSOD/RSOD/Program.cs
source/RSOD/RSOD/Properties/AssemblyInfo.cs
source/RSOD/RSOD/Properties/Resources.Designer.cs
.vbs
source/RSOD/RSOD/Properties/Resources.resx
.vbs
source/RSOD/RSOD/Properties/Settings.Designer.cs
source/RSOD/RSOD/Properties/Settings.settings
source/RSOD/RSOD/RSOD.csproj
source/RSOD/RSOD/bin/Debug/LogonUI.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\Worm\source\repos\RSOD\RSOD\obj\Debug\RSOD.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
source/RSOD/RSOD/bin/Debug/RSOD.pdb
source/RSOD/RSOD/obj/Debug/.NETFramework,Version=v4.0.AssemblyAttributes.cs
source/RSOD/RSOD/obj/Debug/DesignTimeResolveAssemblyReferences.cache
source/RSOD/RSOD/obj/Debug/DesignTimeResolveAssemblyReferencesInput.cache
source/RSOD/RSOD/obj/Debug/RSOD.Properties.Resources.resources
source/RSOD/RSOD/obj/Debug/RSOD.RSOD.resources
source/RSOD/RSOD/obj/Debug/RSOD.csproj.CoreCompileInputs.cache
source/RSOD/RSOD/obj/Debug/RSOD.csproj.FileListAbsolute.txt
source/RSOD/RSOD/obj/Debug/RSOD.csproj.GenerateResource.cache
source/RSOD/RSOD/obj/Debug/RSOD.csprojAssemblyReference.cache
source/RSOD/RSOD/obj/Debug/RSOD.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\Worm\source\repos\RSOD\RSOD\obj\Debug\RSOD.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
source/RSOD/RSOD/obj/Debug/RSOD.pdb
source/ScaryBob.exe
.exe windows:4 windows x86 arch:x86

5c4d602843f54570889588b32f7af650

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

_CIcos
_adj_fptan
_adj_fdiv_m64
_adj_fprem1
_adj_fdiv_m32
_adj_fdiv_m16i
_adj_fdivr_m16i
_CIsin
__vbaChkstk
EVENT_SINK_AddRef
_adj_fpatan
EVENT_SINK_Release
_CIsqrt
EVENT_SINK_QueryInterface
__vbaExceptHandler
_adj_fprem
_adj_fdivr_m64
__vbaFPException
_CIlog
_adj_fdiv_m32i
_adj_fdivr_m32i
_adj_fdivr_m32
_adj_fdiv_r
ord100
_CIatan
_allmul
_CItan
_CIexp

Sections

.text
Size: 80KB - Virtual size: 78KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
source/ScaryBob/Form1.frm
source/ScaryBob/Form1.frx
source/ScaryBob/Project1.vbp
source/ScaryBob/Project1.vbw
source/ScaryBob/ScaryBob.exe
.exe windows:4 windows x86 arch:x86

5c4d602843f54570889588b32f7af650

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

_CIcos
_adj_fptan
_adj_fdiv_m64
_adj_fprem1
_adj_fdiv_m32
_adj_fdiv_m16i
_adj_fdivr_m16i
_CIsin
__vbaChkstk
EVENT_SINK_AddRef
_adj_fpatan
EVENT_SINK_Release
_CIsqrt
EVENT_SINK_QueryInterface
__vbaExceptHandler
_adj_fprem
_adj_fdivr_m64
__vbaFPException
_CIlog
_adj_fdiv_m32i
_adj_fdivr_m32i
_adj_fdivr_m32
_adj_fdiv_r
ord100
_CIatan
_allmul
_CItan
_CIexp

Sections

.text
Size: 80KB - Virtual size: 78KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
source/ScaryBob/bob.jpg
.jpg
source/SuperDeath2.cmd
source/bg.bmp
source/covid666.exe
.exe windows:4 windows x86 arch:x86

5c4d602843f54570889588b32f7af650

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

_CIcos
_adj_fptan
_adj_fdiv_m64
_adj_fprem1
_adj_fdiv_m32
_adj_fdiv_m16i
_adj_fdivr_m16i
_CIsin
__vbaChkstk
EVENT_SINK_AddRef
_adj_fpatan
EVENT_SINK_Release
_CIsqrt
EVENT_SINK_QueryInterface
__vbaExceptHandler
_adj_fprem
_adj_fdivr_m64
__vbaFPException
_CIlog
_adj_fdiv_m32i
_adj_fdivr_m32i
_adj_fdivr_m32
_adj_fdiv_r
ord100
_CIatan
_allmul
_CItan
_CIexp

Sections

.text
Size: 36KB - Virtual size: 33KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
source/covid666/23311_lores.jpg
.jpg
source/covid666/Form1.frm
source/covid666/Form1.frx
source/covid666/Project1.vbp
source/covid666/Project1.vbw
source/covid666/covid666.exe
.exe windows:4 windows x86 arch:x86

5c4d602843f54570889588b32f7af650

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

_CIcos
_adj_fptan
_adj_fdiv_m64
_adj_fprem1
_adj_fdiv_m32
_adj_fdiv_m16i
_adj_fdivr_m16i
_CIsin
__vbaChkstk
EVENT_SINK_AddRef
_adj_fpatan
EVENT_SINK_Release
_CIsqrt
EVENT_SINK_QueryInterface
__vbaExceptHandler
_adj_fprem
_adj_fdivr_m64
__vbaFPException
_CIlog
_adj_fdiv_m32i
_adj_fdivr_m32i
_adj_fdivr_m32
_adj_fdiv_r
ord100
_CIatan
_allmul
_CItan
_CIexp

Sections

.text
Size: 36KB - Virtual size: 33KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
source/deephaze.mp3
source/f11.mp4
source/fileico.ico
source/gotosleep.exe
.exe .ps1 windows:4 windows x86 arch:x86 polyglot

5c4d602843f54570889588b32f7af650

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

_CIcos
_adj_fptan
_adj_fdiv_m64
_adj_fprem1
_adj_fdiv_m32
_adj_fdiv_m16i
_adj_fdivr_m16i
_CIsin
__vbaChkstk
EVENT_SINK_AddRef
_adj_fpatan
EVENT_SINK_Release
_CIsqrt
EVENT_SINK_QueryInterface
__vbaExceptHandler
_adj_fprem
_adj_fdivr_m64
__vbaFPException
_CIlog
_adj_fdiv_m32i
_adj_fdivr_m32i
_adj_fdivr_m32
_adj_fdiv_r
ord100
_CIatan
_allmul
_CItan
_CIexp

Sections

.text
Size: 48KB - Virtual size: 44KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
source/gotosleep/Form1.frm
source/gotosleep/Form1.frx
.ps1
source/gotosleep/Project1.vbp
source/gotosleep/Project1.vbw
source/gotosleep/die.jpg
.jpg .ps1 polyglot
source/gotosleep/gotosleep.exe
.exe .ps1 windows:4 windows x86 arch:x86 polyglot

5c4d602843f54570889588b32f7af650

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

_CIcos
_adj_fptan
_adj_fdiv_m64
_adj_fprem1
_adj_fdiv_m32
_adj_fdiv_m16i
_adj_fdivr_m16i
_CIsin
__vbaChkstk
EVENT_SINK_AddRef
_adj_fpatan
EVENT_SINK_Release
_CIsqrt
EVENT_SINK_QueryInterface
__vbaExceptHandler
_adj_fprem
_adj_fdivr_m64
__vbaFPException
_CIlog
_adj_fdiv_m32i
_adj_fdivr_m32i
_adj_fdivr_m32
_adj_fdiv_r
ord100
_CIatan
_allmul
_CItan
_CIexp

Sections

.text
Size: 48KB - Virtual size: 44KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
source/major.vbs
.vbs
source/mbr.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 72KB - Virtual size: 72KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 14KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 12B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
source/mbrlmao.png
.png
source/mover.exe
.exe windows:5 windows x64 arch:x64

80af4ee28260afc10b852a42f1578c0f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

GetModuleHandleA
GetProcAddress

wsock32

WSACleanup

version

VerQueryValueW

winmm

timeGetTime

comctl32

ImageList_Remove

mpr

WNetUseConnectionW

wininet

FtpOpenFileW

psapi

GetProcessMemoryInfo

iphlpapi

IcmpSendEcho

userenv

LoadUserProfileW

uxtheme

IsThemeActive

user32

GetDC

gdi32

LineTo

comdlg32

GetOpenFileNameW

advapi32

GetAce

shell32

DragFinish

ole32

CoGetObject

oleaut32

UnRegisterTypeLi

Sections

�1��ers
Size: 539KB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

�2��ers
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

�3��ers
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
source/musicplayer2.vbs
.vbs
source/street.mp4

Resubmissions

Sharing

General

Malware Config

Signatures

Files

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 9.5MB

UPX1 Size: 7.2MB - Virtual size: 7.2MB

.rsrc Size: 40KB - Virtual size: 44KB

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 548KB

UPX1 Size: 396KB - Virtual size: 400KB

.rsrc Size: 47KB - Virtual size: 48KB

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 548KB

UPX1 Size: 396KB - Virtual size: 400KB

.rsrc Size: 47KB - Virtual size: 48KB

a0a157d03082382106055ce2e44b29e4

Headers

File Characteristics

Imports

kernel32

msvcrt

ntdll

user32

Sections

.text Size: 6KB - Virtual size: 5KB

.data Size: 512B - Virtual size: 44B

.rdata Size: 1KB - Virtual size: 1KB

.bss Size: - Virtual size: 1KB

.idata Size: 2KB - Virtual size: 1KB

.CRT Size: 512B - Virtual size: 52B

.tls Size: 512B - Virtual size: 32B

/4 Size: 1024B - Virtual size: 728B

/19 Size: 42KB - Virtual size: 41KB

/31 Size: 6KB - Virtual size: 6KB

/45 Size: 6KB - Virtual size: 6KB

/57 Size: 2KB - Virtual size: 1KB

/70 Size: 1024B - Virtual size: 754B

/81 Size: 3KB - Virtual size: 3KB

/92 Size: 1024B - Virtual size: 560B

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mscoree

Sections

.text Size: 29KB - Virtual size: 28KB

.rsrc Size: 4KB - Virtual size: 4KB

.reloc Size: 512B - Virtual size: 12B

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mscoree

Sections

.text Size: 8KB - Virtual size: 8KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 12B

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mscoree

Sections

.text Size: 29KB - Virtual size: 28KB

.rsrc Size: 4KB - Virtual size: 4KB

UPX0
Size: - Virtual size: 9.5MB

UPX1
Size: 7.2MB - Virtual size: 7.2MB

.rsrc
Size: 40KB - Virtual size: 44KB

UPX0
Size: - Virtual size: 548KB

UPX1
Size: 396KB - Virtual size: 400KB

.rsrc
Size: 47KB - Virtual size: 48KB

UPX0
Size: - Virtual size: 548KB

UPX1
Size: 396KB - Virtual size: 400KB

.rsrc
Size: 47KB - Virtual size: 48KB

.text
Size: 6KB - Virtual size: 5KB

.data
Size: 512B - Virtual size: 44B

.rdata
Size: 1KB - Virtual size: 1KB

.bss
Size: - Virtual size: 1KB

.idata
Size: 2KB - Virtual size: 1KB

.CRT
Size: 512B - Virtual size: 52B

.tls
Size: 512B - Virtual size: 32B

/4
Size: 1024B - Virtual size: 728B

/19
Size: 42KB - Virtual size: 41KB

/31
Size: 6KB - Virtual size: 6KB

/45
Size: 6KB - Virtual size: 6KB

/57
Size: 2KB - Virtual size: 1KB

/70
Size: 1024B - Virtual size: 754B

/81
Size: 3KB - Virtual size: 3KB

/92
Size: 1024B - Virtual size: 560B

.text
Size: 29KB - Virtual size: 28KB

.rsrc
Size: 4KB - Virtual size: 4KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 8KB - Virtual size: 8KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 29KB - Virtual size: 28KB

.rsrc
Size: 4KB - Virtual size: 4KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 29KB - Virtual size: 28KB

.rsrc
Size: 4KB - Virtual size: 4KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 2KB - Virtual size: 2KB

.reloc
Size: 512B - Virtual size: 12B

CODE
Size: 712KB - Virtual size: 712KB

DATA
Size: 51KB - Virtual size: 50KB

BSS
Size: - Virtual size: 6KB

.idata
Size: 11KB - Virtual size: 10KB

.tls
Size: - Virtual size: 36B

.rdata
Size: 512B - Virtual size: 24B

.reloc
Size: 39KB - Virtual size: 38KB

.rsrc
Size: 10.5MB - Virtual size: 10.5MB

.text
Size: 69KB - Virtual size: 68KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 6KB - Virtual size: 5KB

.data
Size: 512B - Virtual size: 44B

.rdata
Size: 1KB - Virtual size: 1KB

.bss
Size: - Virtual size: 1KB

.idata
Size: 2KB - Virtual size: 1KB

.CRT
Size: 512B - Virtual size: 52B

.tls
Size: 512B - Virtual size: 32B

/4
Size: 1024B - Virtual size: 728B

/19
Size: 42KB - Virtual size: 41KB

/31
Size: 6KB - Virtual size: 6KB

/45
Size: 6KB - Virtual size: 6KB

/57
Size: 2KB - Virtual size: 1KB

/70
Size: 1024B - Virtual size: 754B