installer[.]exe[.]vir

Sharing

Copy URL

Twitter E-mail

General

Target

installer.exe.vir
Size

479KB
MD5

81a6cf072d9f8b7df73ac85796c1885b
SHA1

77ec4099203894435f5d1a4ac6f3edd3020fb848
SHA256

838a94c6c896fd4ee799390391cea10d12d38406b4587bacc55072525f29d5a9
SHA512

47171b7d7762205ee14bbbcd2a54580a3ec79d181e05d5eaaea20c224e4699b2d633dc5aa99773805edc6cceb91961178541134c7c5b4277880ac2854d3fd796
SSDEEP

12288:XfLFDKkqKq1hn0vRBSBX4Efed5g8hyGroho99:XfLFDKkqKa03SyEfeElGMho3

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/⌜/SecureService.exe	upx
static1/unpack001/⌜/cat.exe	upx
static1/unpack001/⌜/dog.exe	upx

Unsigned PE 11 IoCs

Checks for missing Authenticode signature.

resource
installer.exe.vir
unpack001/⌜/Microsoft/OneDrive/23.246.1127.0002/secur32.dll
unpack001/⌜/Microsoft/OneDrive/23.246.1127.0002/userenv.dll
unpack001/⌜/Microsoft/OneDrive/23.246.1127.0002/wininet.dll
unpack001/⌜/Microsoft/OneDrive/23.246.1127.0002/wtsapi32.dll
unpack001/⌜/SecureService.exe
unpack002/out.upx
unpack001/⌜/cat.exe
unpack003/out.upx
unpack001/⌜/dog.exe
unpack004/out.upx

Files

installer.exe.vir
.exe windows:4 windows x86 arch:x86

f4639a0b3116c2cfc71144b88a929cfd

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegEnumValueW
RegEnumKeyW
RegQueryValueExW
RegSetValueExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
RegOpenKeyExW
RegCreateKeyExW

shell32

SHGetPathFromIDListW
SHBrowseForFolderW
SHGetFileInfoW
SHFileOperationW
ShellExecuteExW

ole32

CoCreateInstance
OleUninitialize
OleInitialize
IIDFromString
CoTaskMemFree

comctl32

ImageList_Destroy
ord17
ImageList_AddMasked
ImageList_Create

user32

MessageBoxIndirectW
GetDlgItemTextW
SetDlgItemTextW
CreatePopupMenu
AppendMenuW
TrackPopupMenu
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
IsWindowVisible
CallWindowProcW
GetMessagePos
CheckDlgButton
LoadCursorW
SetCursor
GetSysColor
SetWindowPos
GetWindowLongW
IsWindowEnabled
SetClassLongW
GetSystemMenu
EnableMenuItem
GetWindowRect
ScreenToClient
EndDialog
RegisterClassW
SystemParametersInfoW
CharPrevW
GetClassInfoW
DialogBoxParamW
CharNextW
ExitWindowsEx
DestroyWindow
CreateDialogParamW
SetTimer
SetWindowTextW
PostQuitMessage
SetForegroundWindow
ShowWindow
wsprintfW
SendMessageTimeoutW
FindWindowExW
IsWindow
GetDlgItem
SetWindowLongW
LoadImageW
GetDC
ReleaseDC
EnableWindow
InvalidateRect
SendMessageW
DefWindowProcW
BeginPaint
GetClientRect
FillRect
DrawTextW
EndPaint
CharNextA
wsprintfA
DispatchMessageW
CreateWindowExW
PeekMessageW
GetSystemMetrics

gdi32

GetDeviceCaps
SetBkColor
SelectObject
DeleteObject
CreateBrushIndirect
CreateFontIndirectW
SetBkMode
SetTextColor

kernel32

lstrcmpiA
CreateFileW
GetTempFileNameW
RemoveDirectoryW
CreateProcessW
CreateDirectoryW
GetLastError
CreateThread
GlobalLock
GlobalUnlock
GetDiskFreeSpaceW
WideCharToMultiByte
lstrcpynW
lstrlenW
SetErrorMode
GetVersionExW
GetCommandLineW
GetTempPathW
GetWindowsDirectoryW
WriteFile
CopyFileW
ExitProcess
GetCurrentProcess
GetModuleFileNameW
GetFileSize
GetTickCount
Sleep
SetFileAttributesW
GetFileAttributesW
SetCurrentDirectoryW
MoveFileW
GetFullPathNameW
GetShortPathNameW
SearchPathW
CompareFileTime
SetFileTime
CloseHandle
lstrcmpiW
lstrcmpW
ExpandEnvironmentStringsW
GlobalFree
GlobalAlloc
GetModuleHandleW
LoadLibraryExW
FreeLibrary
WritePrivateProfileStringW
GetPrivateProfileStringW
lstrlenA
MultiByteToWideChar
ReadFile
SetFilePointer
FindClose
FindNextFileW
FindFirstFileW
DeleteFileW
MulDiv
lstrcpyA
MoveFileExW
lstrcatW
GetSystemDirectoryW
GetProcAddress
GetModuleHandleA
GetExitCodeProcess
WaitForSingleObject
SetEnvironmentVariableW

Sections

.text
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 170KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 64KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
⌜/Microsoft/OneDrive/23.246.1127.0002/secur32.dll
.dll windows:6 windows x64 arch:x64

dca9f0b91470d306fc628e143b6106fd

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\Users\arnau\Documents\2024\ing2\viro\Data\Data\Solutions\secur32\x64\Release\secur32.pdb

Imports

kernel32

LoadLibraryW
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
EncodePointer
DecodePointer
MultiByteToWideChar
WideCharToMultiByte
GetStringTypeW
GetCPInfo
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
RtlUnwindEx
RtlPcToFileHeader
RaiseException
InterlockedFlushSList
GetLastError
SetLastError
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
RtlUnwind
ExitProcess
GetModuleHandleExW
GetModuleFileNameW
SetFilePointerEx
GetStdHandle
GetFileType
FlushFileBuffers
WriteFile
GetConsoleOutputCP
GetConsoleMode
HeapFree
CloseHandle
HeapAlloc
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
LCMapStringW
HeapReAlloc
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetProcessHeap
SetStdHandle
CreateFileW
HeapSize
WriteConsoleW

advapi32

CloseServiceHandle
QueryServiceStatusEx
OpenServiceW
StartServiceW
OpenSCManagerW

Exports

Exports

AcceptSecurityContext
AcquireCredentialsHandleA
AcquireCredentialsHandleW
AddCredentialsA
AddCredentialsW
AddSecurityPackageA
AddSecurityPackageW
ApplyControlToken
ChangeAccountPasswordA
ChangeAccountPasswordW
CloseLsaPerformanceData
CollectLsaPerformanceData
CompleteAuthToken
CredMarshalTargetInfo
CredUnmarshalTargetInfo
DecryptMessage
DeleteSecurityContext
DeleteSecurityPackageA
DeleteSecurityPackageW
EncryptMessage
EnumerateSecurityPackagesA
EnumerateSecurityPackagesW
ExportSecurityContext
FreeContextBuffer
FreeCredentialsHandle
GetComputerObjectNameA
GetComputerObjectNameW
GetSecurityUserInfo
GetUserNameExA
GetUserNameExW
ImpersonateSecurityContext
ImportSecurityContextA
ImportSecurityContextW
InitSecurityInterfaceA
InitSecurityInterfaceW
InitializeSecurityContextA
InitializeSecurityContextW
LsaCallAuthenticationPackage
LsaConnectUntrusted
LsaDeregisterLogonProcess
LsaEnumerateLogonSessions
LsaFreeReturnBuffer
LsaGetLogonSessionData
LsaLogonUser
LsaLookupAuthenticationPackage
LsaRegisterLogonProcess
LsaRegisterPolicyChangeNotification
LsaUnregisterPolicyChangeNotification
MakeSignature
OpenLsaPerformanceData
QueryContextAttributesA
QueryContextAttributesW
QueryCredentialsAttributesA
QueryCredentialsAttributesW
QuerySecurityContextToken
QuerySecurityPackageInfoA
QuerySecurityPackageInfoW
RevertSecurityContext
SaslAcceptSecurityContext
SaslEnumerateProfilesA
SaslEnumerateProfilesW
SaslGetContextOption
SaslGetProfilePackageA
SaslGetProfilePackageW
SaslIdentifyPackageA
SaslIdentifyPackageW
SaslInitializeSecurityContextA
SaslInitializeSecurityContextW
SaslSetContextOption
SealMessage
SeciAllocateAndSetCallFlags
SeciAllocateAndSetIPAddress
SeciFreeCallContext
SecpFreeMemory
SecpTranslateName
SecpTranslateNameEx
SetContextAttributesA
SetContextAttributesW
SetCredentialsAttributesA
SetCredentialsAttributesW
SspiCompareAuthIdentities
SspiCopyAuthIdentity
SspiDecryptAuthIdentity
SspiEncodeAuthIdentityAsStrings
SspiEncodeStringsAsAuthIdentity
SspiEncryptAuthIdentity
SspiExcludePackage
SspiFreeAuthIdentity
SspiGetTargetHostName
SspiIsAuthIdentityEncrypted
SspiLocalFree
SspiMarshalAuthIdentity
SspiPrepareForCredRead
SspiPrepareForCredWrite
SspiUnmarshalAuthIdentity
SspiValidateAuthIdentity
SspiZeroAuthIdentity
TranslateNameA
TranslateNameW
UnsealMessage
VerifySignature

Sections

.text
Size: 76KB - Virtual size: 75KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 64KB - Virtual size: 63KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
⌜/Microsoft/OneDrive/23.246.1127.0002/userenv.dll
.dll regsvr32 windows:6 windows x64 arch:x64

dca9f0b91470d306fc628e143b6106fd

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\Users\arnau\Documents\2024\ing2\viro\Data\Data\Solutions\userenv\x64\Release\userenv.pdb

Imports

kernel32

LoadLibraryW
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
EncodePointer
DecodePointer
MultiByteToWideChar
WideCharToMultiByte
GetStringTypeW
GetCPInfo
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
RtlUnwindEx
RtlPcToFileHeader
RaiseException
InterlockedFlushSList
GetLastError
SetLastError
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
RtlUnwind
ExitProcess
GetModuleHandleExW
GetModuleFileNameW
SetFilePointerEx
GetStdHandle
GetFileType
FlushFileBuffers
WriteFile
GetConsoleOutputCP
GetConsoleMode
HeapFree
CloseHandle
HeapAlloc
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
LCMapStringW
HeapReAlloc
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetProcessHeap
SetStdHandle
CreateFileW
HeapSize
WriteConsoleW

advapi32

CloseServiceHandle
QueryServiceStatusEx
OpenServiceW
StartServiceW
OpenSCManagerW

Exports

Exports

AreThereVisibleLogoffScripts
AreThereVisibleShutdownScripts
CreateAppContainerProfile
CreateEnvironmentBlock
CreateProfile
DeleteAppContainerProfile
DeleteProfileA
DeleteProfileW
DeriveAppContainerSidFromAppContainerName
DeriveRestrictedAppContainerSidFromAppContainerSidAndRestrictedName
DestroyEnvironmentBlock
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
EnterCriticalPolicySection
ExpandEnvironmentStringsForUserA
ExpandEnvironmentStringsForUserW
ForceSyncFgPolicy
FreeGPOListA
FreeGPOListW
GenerateGPNotification
GetAllUsersProfileDirectoryA
GetAllUsersProfileDirectoryW
GetAppContainerFolderPath
GetAppContainerRegistryLocation
GetAppliedGPOListA
GetAppliedGPOListW
GetDefaultUserProfileDirectoryA
GetDefaultUserProfileDirectoryW
GetGPOListA
GetGPOListW
GetNextFgPolicyRefreshInfo
GetPreviousFgPolicyRefreshInfo
GetProfileType
GetProfilesDirectoryA
GetProfilesDirectoryW
GetUserProfileDirectoryA
GetUserProfileDirectoryW
HasPolicyForegroundProcessingCompleted
LeaveCriticalPolicySection
LoadProfileExtender
LoadUserProfileA
LoadUserProfileW
ProcessGroupPolicyCompleted
ProcessGroupPolicyCompletedEx
RefreshPolicy
RefreshPolicyEx
RegisterGPNotification
RsopAccessCheckByType
RsopFileAccessCheck
RsopLoggingEnabled
RsopResetPolicySettingStatus
RsopSetPolicySettingStatus
UnloadProfileExtender
UnloadUserProfile
UnregisterGPNotification
WaitForMachinePolicyForegroundProcessing
WaitForUserPolicyForegroundProcessing

Sections

.text
Size: 76KB - Virtual size: 75KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 61KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
⌜/Microsoft/OneDrive/23.246.1127.0002/wininet.dll
.dll regsvr32 windows:6 windows x64 arch:x64

dca9f0b91470d306fc628e143b6106fd

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\Users\arnau\Documents\2024\ing2\viro\Data\Data\Solutions\wininet\x64\Release\wininet.pdb

Imports

kernel32

LoadLibraryW
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
EncodePointer
DecodePointer
MultiByteToWideChar
WideCharToMultiByte
GetStringTypeW
GetCPInfo
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
RtlUnwindEx
RtlPcToFileHeader
RaiseException
InterlockedFlushSList
GetLastError
SetLastError
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
RtlUnwind
ExitProcess
GetModuleHandleExW
GetModuleFileNameW
SetFilePointerEx
GetStdHandle
GetFileType
FlushFileBuffers
WriteFile
GetConsoleOutputCP
GetConsoleMode
HeapFree
CloseHandle
HeapAlloc
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
LCMapStringW
HeapReAlloc
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetProcessHeap
SetStdHandle
CreateFileW
HeapSize
WriteConsoleW

advapi32

CloseServiceHandle
QueryServiceStatusEx
OpenServiceW
StartServiceW
OpenSCManagerW

Exports

Exports

AppCacheCheckManifest
AppCacheCloseHandle
AppCacheCreateAndCommitFile
AppCacheDeleteGroup
AppCacheDeleteIEGroup
AppCacheDuplicateHandle
AppCacheFinalize
AppCacheFreeDownloadList
AppCacheFreeGroupList
AppCacheFreeIESpace
AppCacheFreeSpace
AppCacheGetDownloadList
AppCacheGetFallbackUrl
AppCacheGetGroupList
AppCacheGetIEGroupList
AppCacheGetInfo
AppCacheGetManifestUrl
AppCacheLookup
CommitUrlCacheEntryA
CommitUrlCacheEntryBinaryBlob
CommitUrlCacheEntryW
CreateMD5SSOHash
CreateUrlCacheContainerA
CreateUrlCacheContainerW
CreateUrlCacheEntryA
CreateUrlCacheEntryExW
CreateUrlCacheEntryW
CreateUrlCacheGroup
DeleteIE3Cache
DeleteUrlCacheContainerA
DeleteUrlCacheContainerW
DeleteUrlCacheEntry
DeleteUrlCacheEntryA
DeleteUrlCacheEntryW
DeleteUrlCacheGroup
DeleteWpadCacheForNetworks
DetectAutoProxyUrl
DispatchAPICall
DllCanUnloadNow
DllGetClassObject
DllInstall
DllRegisterServer
DllUnregisterServer
FindCloseUrlCache
FindFirstUrlCacheContainerA
FindFirstUrlCacheContainerW
FindFirstUrlCacheEntryA
FindFirstUrlCacheEntryExA
FindFirstUrlCacheEntryExW
FindFirstUrlCacheEntryW
FindFirstUrlCacheGroup
FindNextUrlCacheContainerA
FindNextUrlCacheContainerW
FindNextUrlCacheEntryA
FindNextUrlCacheEntryExA
FindNextUrlCacheEntryExW
FindNextUrlCacheEntryW
FindNextUrlCacheGroup
ForceNexusLookup
ForceNexusLookupExW
FreeUrlCacheSpaceA
FreeUrlCacheSpaceW
FtpCommandA
FtpCommandW
FtpCreateDirectoryA
FtpCreateDirectoryW
FtpDeleteFileA
FtpDeleteFileW
FtpFindFirstFileA
FtpFindFirstFileW
FtpGetCurrentDirectoryA
FtpGetCurrentDirectoryW
FtpGetFileA
FtpGetFileEx
FtpGetFileSize
FtpGetFileW
FtpOpenFileA
FtpOpenFileW
FtpPutFileA
FtpPutFileEx
FtpPutFileW
FtpRemoveDirectoryA
FtpRemoveDirectoryW
FtpRenameFileA
FtpRenameFileW
FtpSetCurrentDirectoryA
FtpSetCurrentDirectoryW
GetProxyDllInfo
GetUrlCacheConfigInfoA
GetUrlCacheConfigInfoW
GetUrlCacheEntryBinaryBlob
GetUrlCacheEntryInfoA
GetUrlCacheEntryInfoExA
GetUrlCacheEntryInfoExW
GetUrlCacheEntryInfoW
GetUrlCacheGroupAttributeA
GetUrlCacheGroupAttributeW
GetUrlCacheHeaderData
GopherCreateLocatorA
GopherCreateLocatorW
GopherFindFirstFileA
GopherFindFirstFileW
GopherGetAttributeA
GopherGetAttributeW
GopherGetLocatorTypeA
GopherGetLocatorTypeW
GopherOpenFileA
GopherOpenFileW
HttpAddRequestHeadersA
HttpAddRequestHeadersW
HttpCheckDavCompliance
HttpCloseDependencyHandle
HttpDuplicateDependencyHandle
HttpEndRequestA
HttpEndRequestW
HttpGetServerCredentials
HttpGetTunnelSocket
HttpIndicatePageLoadComplete
HttpIsHostHstsEnabled
HttpOpenDependencyHandle
HttpOpenRequestA
HttpOpenRequestW
HttpPushClose
HttpPushEnable
HttpPushWait
HttpQueryInfoA
HttpQueryInfoW
HttpSendRequestA
HttpSendRequestExA
HttpSendRequestExW
HttpSendRequestW
HttpWebSocketClose
HttpWebSocketCompleteUpgrade
HttpWebSocketQueryCloseStatus
HttpWebSocketReceive
HttpWebSocketSend
HttpWebSocketShutdown
IncrementUrlCacheHeaderData
InternetAlgIdToStringA
InternetAlgIdToStringW
InternetAttemptConnect
InternetAutodial
InternetAutodialCallback
InternetAutodialHangup
InternetCanonicalizeUrlA
InternetCanonicalizeUrlW
InternetCheckConnectionA
InternetCheckConnectionW
InternetClearAllPerSiteCookieDecisions
InternetCloseHandle
InternetCombineUrlA
InternetCombineUrlW
InternetConfirmZoneCrossing
InternetConfirmZoneCrossingA
InternetConfirmZoneCrossingW
InternetConnectA
InternetConnectW
InternetConvertUrlFromWireToWideChar
InternetCrackUrlA
InternetCrackUrlW
InternetCreateUrlA
InternetCreateUrlW
InternetDial
InternetDialA
InternetDialW
InternetEnumPerSiteCookieDecisionA
InternetEnumPerSiteCookieDecisionW
InternetErrorDlg
InternetFindNextFileA
InternetFindNextFileW
InternetFortezzaCommand
InternetFreeCookies
InternetFreeProxyInfoList
InternetGetCertByURL
InternetGetCertByURLA
InternetGetConnectedState
InternetGetConnectedStateEx
InternetGetConnectedStateExA
InternetGetConnectedStateExW
InternetGetCookieA
InternetGetCookieEx2
InternetGetCookieExA
InternetGetCookieExW
InternetGetCookieW
InternetGetLastResponseInfoA
InternetGetLastResponseInfoW
InternetGetPerSiteCookieDecisionA
InternetGetPerSiteCookieDecisionW
InternetGetProxyForUrl
InternetGetSecurityInfoByURL
InternetGetSecurityInfoByURLA
InternetGetSecurityInfoByURLW
InternetGoOnline
InternetGoOnlineA
InternetGoOnlineW
InternetHangUp
InternetInitializeAutoProxyDll
InternetLockRequestFile
InternetOpenA
InternetOpenUrlA
InternetOpenUrlW
InternetOpenW
InternetQueryDataAvailable
InternetQueryFortezzaStatus
InternetQueryOptionA
InternetQueryOptionW
InternetReadFile
InternetReadFileExA
InternetReadFileExW
InternetSecurityProtocolToStringA
InternetSecurityProtocolToStringW
InternetSetCookieA
InternetSetCookieEx2
InternetSetCookieExA
InternetSetCookieExW
InternetSetCookieW
InternetSetDialState
InternetSetDialStateA
InternetSetDialStateW
InternetSetFilePointer
InternetSetOptionA
InternetSetOptionExA
InternetSetOptionExW
InternetSetOptionW
InternetSetPerSiteCookieDecisionA
InternetSetPerSiteCookieDecisionW
InternetSetSecureLegacyServersAppCompat
InternetSetStatusCallback
InternetSetStatusCallbackA
InternetSetStatusCallbackW
InternetShowSecurityInfoByURL
InternetShowSecurityInfoByURLA
InternetShowSecurityInfoByURLW
InternetTimeFromSystemTime
InternetTimeFromSystemTimeA
InternetTimeFromSystemTimeW
InternetTimeToSystemTime
InternetTimeToSystemTimeA
InternetTimeToSystemTimeW
InternetUnlockRequestFile
InternetWriteFile
InternetWriteFileExA
InternetWriteFileExW
IsHostInProxyBypassList
IsUrlCacheEntryExpiredA
IsUrlCacheEntryExpiredW
LoadUrlCacheContent
ParseX509EncodedCertificateForListBoxEntry
PrivacyGetZonePreferenceW
PrivacySetZonePreferenceW
ReadUrlCacheEntryStream
ReadUrlCacheEntryStreamEx
RegisterUrlCacheNotification
ResumeSuspendedDownload
RetrieveUrlCacheEntryFileA
RetrieveUrlCacheEntryFileW
RetrieveUrlCacheEntryStreamA
RetrieveUrlCacheEntryStreamW
RunOnceUrlCache
SetUrlCacheConfigInfoA
SetUrlCacheConfigInfoW
SetUrlCacheEntryGroup
SetUrlCacheEntryGroupA
SetUrlCacheEntryGroupW
SetUrlCacheEntryInfoA
SetUrlCacheEntryInfoW
SetUrlCacheGroupAttributeA
SetUrlCacheGroupAttributeW
SetUrlCacheHeaderData
ShowCertificate
ShowClientAuthCerts
ShowSecurityInfo
ShowX509EncodedCertificate
UnlockUrlCacheEntryFile
UnlockUrlCacheEntryFileA
UnlockUrlCacheEntryFileW
UnlockUrlCacheEntryStream
UpdateUrlCacheContentPath
UrlCacheCheckEntriesExist
UrlCacheCloseEntryHandle
UrlCacheContainerSetEntryMaximumAge
UrlCacheCreateContainer
UrlCacheFindFirstEntry
UrlCacheFindNextEntry
UrlCacheFreeEntryInfo
UrlCacheFreeGlobalSpace
UrlCacheGetContentPaths
UrlCacheGetEntryInfo
UrlCacheGetGlobalCacheSize
UrlCacheGetGlobalLimit
UrlCacheReadEntryStream
UrlCacheReloadSettings
UrlCacheRetrieveEntryFile
UrlCacheRetrieveEntryStream
UrlCacheServer
UrlCacheSetGlobalLimit
UrlCacheUpdateEntryExtraData
UrlZonesDetach
_GetFileExtensionFromUrl

Sections

.text
Size: 76KB - Virtual size: 75KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 80KB - Virtual size: 79KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
⌜/Microsoft/OneDrive/23.246.1127.0002/wtsapi32.dll
.dll windows:6 windows x64 arch:x64

dca9f0b91470d306fc628e143b6106fd

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\Users\arnau\Documents\2024\ing2\viro\Data\Data\Solutions\wtsapi32\x64\Release\wtsapi32.pdb

Imports

kernel32

LoadLibraryW
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
EncodePointer
DecodePointer
MultiByteToWideChar
WideCharToMultiByte
GetStringTypeW
GetCPInfo
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
RtlUnwindEx
RtlPcToFileHeader
RaiseException
InterlockedFlushSList
GetLastError
SetLastError
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
RtlUnwind
ExitProcess
GetModuleHandleExW
GetModuleFileNameW
SetFilePointerEx
GetStdHandle
GetFileType
FlushFileBuffers
WriteFile
GetConsoleOutputCP
GetConsoleMode
HeapFree
CloseHandle
HeapAlloc
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
LCMapStringW
HeapReAlloc
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetProcessHeap
SetStdHandle
CreateFileW
HeapSize
WriteConsoleW

advapi32

CloseServiceHandle
QueryServiceStatusEx
OpenServiceW
StartServiceW
OpenSCManagerW

Exports

Exports

IsInteractiveUserSession
QueryActiveSession
QueryUserToken
RegisterUsertokenForNoWinlogon
WTSCloseServer
WTSConnectSessionA
WTSConnectSessionW
WTSCreateListenerA
WTSCreateListenerW
WTSDisconnectSession
WTSEnableChildSessions
WTSEnumerateListenersA
WTSEnumerateListenersW
WTSEnumerateProcessesA
WTSEnumerateProcessesExA
WTSEnumerateProcessesExW
WTSEnumerateProcessesW
WTSEnumerateServersA
WTSEnumerateServersW
WTSEnumerateSessionsA
WTSEnumerateSessionsExA
WTSEnumerateSessionsExW
WTSEnumerateSessionsW
WTSFreeMemory
WTSFreeMemoryExA
WTSFreeMemoryExW
WTSGetChildSessionId
WTSGetListenerSecurityA
WTSGetListenerSecurityW
WTSIsChildSessionsEnabled
WTSLogoffSession
WTSOpenServerA
WTSOpenServerExA
WTSOpenServerExW
WTSOpenServerW
WTSQueryListenerConfigA
WTSQueryListenerConfigW
WTSQuerySessionInformationA
WTSQuerySessionInformationW
WTSQueryUserConfigA
WTSQueryUserConfigW
WTSQueryUserToken
WTSRegisterSessionNotification
WTSRegisterSessionNotificationEx
WTSSendMessageA
WTSSendMessageW
WTSSetListenerSecurityA
WTSSetListenerSecurityW
WTSSetRenderHint
WTSSetSessionInformationA
WTSSetSessionInformationW
WTSSetUserConfigA
WTSSetUserConfigW
WTSShutdownSystem
WTSStartRemoteControlSessionA
WTSStartRemoteControlSessionW
WTSStopRemoteControlSession
WTSTerminateProcess
WTSUnRegisterSessionNotification
WTSUnRegisterSessionNotificationEx
WTSVirtualChannelClose
WTSVirtualChannelOpen
WTSVirtualChannelOpenEx
WTSVirtualChannelPurgeInput
WTSVirtualChannelPurgeOutput
WTSVirtualChannelQuery
WTSVirtualChannelRead
WTSVirtualChannelWrite
WTSWaitSystemEvent

Sections

.text
Size: 76KB - Virtual size: 75KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 61KB - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
⌜/SecureService.exe
.exe windows:6 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

UPX0
Size: - Virtual size: 148KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 13KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:6 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

.textbss
Size: - Virtual size: 64KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 34KB - Virtual size: 33KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.msvcjmc
Size: 1024B - Virtual size: 551B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.00cfg
Size: 512B - Virtual size: 373B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 662B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
⌜/cat.exe
.exe windows:6 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

UPX0
Size: - Virtual size: 348KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 59KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:6 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

.textbss
Size: - Virtual size: 76KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 187KB - Virtual size: 187KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 59KB - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.msvcjmc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.00cfg
Size: 512B - Virtual size: 373B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
⌜/dog.exe
.exe windows:6 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

UPX0
Size: - Virtual size: 364KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 59KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:6 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

.textbss
Size: - Virtual size: 82KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 200KB - Virtual size: 199KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 64KB - Virtual size: 63KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.msvcjmc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.00cfg
Size: 512B - Virtual size: 373B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f4639a0b3116c2cfc71144b88a929cfd

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

shell32

ole32

comctl32

user32

gdi32

kernel32

Sections

.text Size: 26KB - Virtual size: 26KB

.rdata Size: 5KB - Virtual size: 5KB

.data Size: 1KB - Virtual size: 170KB

.ndata Size: - Virtual size: 64KB

.rsrc Size: 3KB - Virtual size: 2KB

dca9f0b91470d306fc628e143b6106fd

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

advapi32

Exports

Exports

Sections

.text Size: 76KB - Virtual size: 75KB

.rdata Size: 64KB - Virtual size: 63KB

.data Size: 3KB - Virtual size: 8KB

.pdata Size: 5KB - Virtual size: 4KB

_RDATA Size: 512B - Virtual size: 348B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 2KB - Virtual size: 1KB

dca9f0b91470d306fc628e143b6106fd

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

advapi32

Exports

Exports

Sections

.text Size: 76KB - Virtual size: 75KB

.rdata Size: 61KB - Virtual size: 60KB

.data Size: 3KB - Virtual size: 8KB

.pdata Size: 5KB - Virtual size: 4KB

_RDATA Size: 512B - Virtual size: 348B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 2KB - Virtual size: 1KB

dca9f0b91470d306fc628e143b6106fd

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

advapi32

Exports

Exports

Sections

.text Size: 76KB - Virtual size: 75KB

.rdata Size: 80KB - Virtual size: 79KB

.data Size: 3KB - Virtual size: 8KB

.pdata Size: 5KB - Virtual size: 4KB

_RDATA Size: 512B - Virtual size: 348B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 2KB - Virtual size: 1KB

dca9f0b91470d306fc628e143b6106fd

Headers

DLL Characteristics

.text
Size: 26KB - Virtual size: 26KB

.rdata
Size: 5KB - Virtual size: 5KB

.data
Size: 1KB - Virtual size: 170KB

.ndata
Size: - Virtual size: 64KB

.rsrc
Size: 3KB - Virtual size: 2KB

.text
Size: 76KB - Virtual size: 75KB

.rdata
Size: 64KB - Virtual size: 63KB

.data
Size: 3KB - Virtual size: 8KB

.pdata
Size: 5KB - Virtual size: 4KB

_RDATA
Size: 512B - Virtual size: 348B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 2KB - Virtual size: 1KB

.text
Size: 76KB - Virtual size: 75KB

.rdata
Size: 61KB - Virtual size: 60KB

.data
Size: 3KB - Virtual size: 8KB

.pdata
Size: 5KB - Virtual size: 4KB

_RDATA
Size: 512B - Virtual size: 348B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 2KB - Virtual size: 1KB

.text
Size: 76KB - Virtual size: 75KB

.rdata
Size: 80KB - Virtual size: 79KB

.data
Size: 3KB - Virtual size: 8KB

.pdata
Size: 5KB - Virtual size: 4KB

_RDATA
Size: 512B - Virtual size: 348B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 2KB - Virtual size: 1KB

.text
Size: 76KB - Virtual size: 75KB

.rdata
Size: 61KB - Virtual size: 61KB

.data
Size: 3KB - Virtual size: 8KB

.pdata
Size: 5KB - Virtual size: 4KB

_RDATA
Size: 512B - Virtual size: 348B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 2KB - Virtual size: 1KB

UPX0
Size: - Virtual size: 148KB

UPX1
Size: 13KB - Virtual size: 16KB

.rsrc
Size: 1024B - Virtual size: 4KB

.textbss
Size: - Virtual size: 64KB

.text
Size: 34KB - Virtual size: 33KB

.rdata
Size: 13KB - Virtual size: 12KB

.data
Size: 512B - Virtual size: 2KB

.pdata
Size: 8KB - Virtual size: 8KB

.idata
Size: 4KB - Virtual size: 4KB

.msvcjmc
Size: 1024B - Virtual size: 551B

.00cfg
Size: 512B - Virtual size: 373B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1024B - Virtual size: 662B

UPX0
Size: - Virtual size: 348KB

UPX1
Size: 59KB - Virtual size: 60KB

.rsrc
Size: 1KB - Virtual size: 4KB

.textbss
Size: - Virtual size: 76KB

.text
Size: 187KB - Virtual size: 187KB

.rdata
Size: 59KB - Virtual size: 59KB

.data
Size: 4KB - Virtual size: 6KB

.pdata
Size: 18KB - Virtual size: 18KB

.idata
Size: 18KB - Virtual size: 17KB

.msvcjmc
Size: 1KB - Virtual size: 1KB

.00cfg
Size: 512B - Virtual size: 373B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 2KB - Virtual size: 2KB

UPX0
Size: - Virtual size: 364KB

UPX1
Size: 59KB - Virtual size: 60KB

.rsrc
Size: 1024B - Virtual size: 4KB