socelars | 8ebd8e10033bc4efaa0446f4e474ecea

Sharing

Copy URL

Twitter E-mail

General

Target

8ebd8e10033bc4efaa0446f4e474ecea
Size

14.6MB
MD5

8ebd8e10033bc4efaa0446f4e474ecea
SHA1

bf084f4bcf1652dfd1d538980ea4a40f7ef2db39
SHA256

7b1cf1979579775f48e8d20974753453f75963b3094d3b95519d9362e943dbbb
SHA512

78a60cd29e384be3688814a603668e7d237bdd8a0f7ae1eceea9bc9609278a5bfe427b9b27d682630b70ca00b3c6914ad9122e4479b554097c0f58c5da9da1f1
SSDEEP

393216:ferBv4Pu+dsUk1qoW4Id6UxHG7goXHS7FzvBk0L2SIu7:IBwPlddop49QYBZk0aM7

Score

10^/10

1.22 socelars redline sectoprat fabookie

Malware Config

Extracted

Family

socelars

http://www.iyiqian.com/

http://www.xxhufdc.top/

http://www.uefhkice.xyz/

http://www.fcektsy.top/

Extracted

Family

redline

Botnet

1.22

95.211.185.27:42097

Signatures

Detect Fabookie payload 1 IoCs

resource	yara_rule
static1/unpack001/vguuu.exe	family_fabookie

Fabookie family
fabookie

RedLine payload 1 IoCs

resource	yara_rule
static1/unpack001/redcloud.exe	family_redline

Redline family
redline

SectopRAT payload 1 IoCs

resource	yara_rule
static1/unpack001/redcloud.exe	family_sectoprat

Sectoprat family
sectoprat
Socelars family
socelars

Socelars payload 1 IoCs

resource	yara_rule
static1/unpack001/askinstall50.exe	family_socelars

AutoIT Executable 1 IoCs

AutoIT scripts compiled to PE executables.

resource	yara_rule
static1/unpack001/jamesnew.exe	autoit_exe

Unsigned PE 14 IoCs

Checks for missing Authenticode signature.

resource
unpack001/DusBrowserInst.exe
unpack001/IDWCH2.exe
unpack001/Litever01.exe
unpack001/anyname.exe
unpack001/app.exe
unpack001/askinstall50.exe
unpack001/farlab_setup.exe
unpack001/inst002.exe
unpack001/jamesnew.exe
unpack001/justdezine.exe
unpack001/md3_3kvm.exe
unpack001/mixseven.exe
unpack001/redcloud.exe
unpack001/vguuu.exe

Files

8ebd8e10033bc4efaa0446f4e474ecea
.zip
6c5db6dce13ded4e0e6c7e9a526b063e.exe
.exe windows:5 windows x86 arch:x86

235315ed783e15a9f0262d40cb1ad6da

Code Sign

b3:2e:34:a9:2e:ef:16:c5:2e:c8:fa:67:2a:db:c9:bd
Certificate

Issuer

POSTALCODE=10133

Not Before

31-08-2021 19:00

Not After

31-08-2022 19:00

Subject

POSTALCODE=10133

b4:b7:4b:6a:04:09:f0:77:aa:14:ad:0a:9c:41:01:c9:9f:ce:88:38:84:68:5b:9d:ba:e8:f5:93:c9:15:62:35
Signer

Actual PE Digest

b4:b7:4b:6a:04:09:f0:77:aa:14:ad:0a:9c:41:01:c9:9f:ce:88:38:84:68:5b:9d:ba:e8:f5:93:c9:15:62:35

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\cotipudawus\yur\pifibufub94-vohajozusu_59\hidokic.pdb

Imports

kernel32

GetCommandLineW
GetFileSize
GetNativeSystemInfo
lstrlenA
TlsGetValue
GetStringTypeA
SetLocalTime
FindResourceExW
InterlockedIncrement
GetQueuedCompletionStatus
ReadConsoleA
GetNamedPipeHandleStateA
GlobalLock
FreeEnvironmentStringsA
GetModuleHandleW
GetTickCount
GetSystemTimeAsFileTime
GetPrivateProfileStringW
WriteFile
SetCommState
GlobalAlloc
LoadLibraryW
GetSystemWindowsDirectoryA
GetConsoleAliasExesLengthW
GetExitCodeProcess
IsDBCSLeadByte
ReadFile
GetStartupInfoW
GlobalUnlock
GetNamedPipeHandleStateW
LCMapStringA
GetPrivateProfileIntW
InterlockedExchange
GetStartupInfoA
GetLastError
ReadConsoleOutputCharacterA
GetProcAddress
VirtualAlloc
CopyFileA
LoadLibraryA
CreateSemaphoreW
SetCurrentDirectoryW
HeapWalk
FindAtomA
Process32NextW
FreeEnvironmentStringsW
EnumResourceNamesA
GetCurrentThreadId
GetCPInfoExA
DeleteFileW
CopyFileExA
MultiByteToWideChar
GetCommandLineA
HeapValidate
IsBadReadPtr
RaiseException
LeaveCriticalSection
EnterCriticalSection
SetStdHandle
GetFileType
WideCharToMultiByte
GetConsoleCP
GetConsoleMode
DeleteCriticalSection
GetModuleFileNameW
InterlockedDecrement
GetACP
GetOEMCP
GetCPInfo
IsValidCodePage
TlsAlloc
TlsSetValue
TlsFree
SetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter
QueryPerformanceCounter
GetCurrentProcessId
Sleep
ExitProcess
GetModuleFileNameA
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
HeapDestroy
HeapCreate
HeapFree
VirtualFree
HeapAlloc
TerminateProcess
GetCurrentProcess
IsDebuggerPresent
HeapSize
HeapReAlloc
InitializeCriticalSectionAndSpinCount
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetFilePointer
RtlUnwind
DebugBreak
OutputDebugStringA
OutputDebugStringW
LCMapStringW
GetStringTypeW
GetLocaleInfoA
CreateFileA
CloseHandle
FlushFileBuffers

Sections

.text
Size: 114KB - Virtual size: 114KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4.2MB - Virtual size: 5.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 50KB - Virtual size: 4.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
DusBrowserInst.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

#>f*I =
Size: 37KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 68KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IDWCH2.exe
.exe windows:1 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 39KB - Virtual size: 39KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 1024B - Virtual size: 592B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 3KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 8B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 368KB - Virtual size: 367KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Litever01.exe
.exe windows:5 windows x86 arch:x86

6af2f376c26d45636195772a4c22fdda

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\baxahiwox.pdb

Imports

kernel32

lstrlenA
GetConsoleAliasesLengthW
GetCPInfo
HeapAlloc
InterlockedIncrement
_lwrite
GetCurrentProcess
GetUserDefaultLCID
GetConsoleTitleA
GetUserDefaultLangID
GetEnvironmentStrings
GlobalAlloc
SetVolumeMountPointA
GetSystemWindowsDirectoryA
WriteConsoleOutputA
GetVersionExW
lstrcpynW
LocalReAlloc
HeapQueryInformation
ReadFile
GetModuleFileNameW
VerifyVersionInfoW
ChangeTimerQueueTimer
GetProcAddress
PeekConsoleInputW
GetComputerNameExW
VerLanguageNameA
CreateTimerQueueTimer
FreeUserPhysicalPages
BuildCommDCBW
GetLocalTime
LoadLibraryA
BeginUpdateResourceA
GetCurrentConsoleFont
WaitForMultipleObjects
SetEnvironmentVariableA
GetDefaultCommConfigA
GetConsoleTitleW
VirtualProtect
FindFirstVolumeA
ReadConsoleInputW
GetVersion
AddConsoleAliasA
EnumCalendarInfoExA
LCMapStringW
CreateThread
CreateFileA
SetStdHandle
GetCPInfoExW
GetCommandLineW
WriteConsoleW
GetConsoleOutputCP
WideCharToMultiByte
InterlockedDecrement
InterlockedExchange
MultiByteToWideChar
Sleep
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetLastError
HeapFree
TerminateProcess
IsDebuggerPresent
GetModuleHandleW
ExitProcess
GetCommandLineA
GetStartupInfoA
RtlUnwind
RaiseException
LCMapStringA
GetStringTypeW
WriteFile
GetStdHandle
GetModuleFileNameA
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetCurrentThreadId
InitializeCriticalSectionAndSpinCount
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
GetStringTypeA
HeapSize
GetACP
GetOEMCP
IsValidCodePage
GetLocaleInfoA
GetConsoleCP
GetConsoleMode
FlushFileBuffers
SetFilePointer
CloseHandle
WriteConsoleA

user32

RealGetWindowClassA
GetCaretPos

Sections

.text
Size: 525KB - Virtual size: 525KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 25.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 43KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
anyname.exe
.exe windows:5 windows x86 arch:x86

7bda1659fc16105398114c734c6c6738

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

WriteFile
InterlockedDecrement
InitializeCriticalSectionAndSpinCount
CreateFileW
GetModuleHandleA
GetLastError
lstrcatW
CloseHandle
RaiseException
DecodePointer
GetProcAddress
DeleteCriticalSection
WriteConsoleW
SetFilePointerEx
GetConsoleMode
GetConsoleCP
FlushFileBuffers
GetStringTypeW
SetStdHandle
GetFileType
GetProcessHeap
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCPInfo
GetOEMCP
IsValidCodePage
FindNextFileA
IsDebuggerPresent
OutputDebugStringW
EnterCriticalSection
LeaveCriticalSection
MultiByteToWideChar
WideCharToMultiByte
LocalFree
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
GetStartupInfoW
GetModuleHandleW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
EncodePointer
RtlUnwind
SetLastError
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
ExitProcess
GetModuleHandleExW
GetModuleFileNameA
GetStdHandle
GetCommandLineA
GetCommandLineW
GetACP
HeapFree
HeapAlloc
HeapSize
HeapReAlloc
CompareStringW
LCMapStringW
FindClose
FindFirstFileExA

ole32

CoUninitialize
CoSetProxyBlanket
CoInitializeSecurity
CoCreateInstance
CoInitialize

oleaut32

SafeArrayGetDim
VariantInit
SafeArrayGetUBound
SafeArrayGetLBound
SysFreeString
SysStringByteLen
SysAllocStringByteLen
SysAllocString
VariantCopy
SysStringLen
SafeArrayUnaccessData
SysAllocStringLen
SafeArrayAccessData
VariantClear
GetErrorInfo

Sections

.text
Size: 58KB - Virtual size: 57KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 31KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 272B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
app.exe
.exe windows:5 windows x86 arch:x86

d7c1fa8bea76a22199cf71aae838fe49

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\hevuge\sijebebule_numoligatepuzu\tagukirita\dibexuje.pdb

Imports

kernel32

GetCommandLineW
GetFileSize
GetNativeSystemInfo
lstrlenA
TlsGetValue
GetStringTypeA
SetLocalTime
FindResourceExW
InterlockedIncrement
GetQueuedCompletionStatus
ReadConsoleA
GetNamedPipeHandleStateA
GlobalLock
FreeEnvironmentStringsA
GetModuleHandleW
GetTickCount
IsBadReadPtr
GetSystemTimeAsFileTime
GetPrivateProfileStringW
WriteFile
SetCommState
GlobalAlloc
GetPrivateProfileIntA
LoadLibraryW
GetSystemWindowsDirectoryA
GetConsoleAliasExesLengthW
IsDBCSLeadByte
ReadFile
GetStartupInfoW
GlobalUnlock
GetNamedPipeHandleStateW
LCMapStringA
GetPrivateProfileIntW
InterlockedExchange
GetStartupInfoA
GetCPInfoExW
GetLastError
ReadConsoleOutputCharacterA
GetProcAddress
VirtualAlloc
CopyFileA
LoadLibraryA
CreateSemaphoreW
SetCurrentDirectoryW
HeapWalk
FindAtomA
Process32NextW
FreeEnvironmentStringsW
EnumResourceNamesA
GetCurrentThreadId
DeleteFileW
CopyFileExA
MultiByteToWideChar
GetCommandLineA
HeapValidate
RaiseException
LeaveCriticalSection
EnterCriticalSection
SetStdHandle
GetFileType
WideCharToMultiByte
GetConsoleCP
GetConsoleMode
DeleteCriticalSection
GetModuleFileNameW
InterlockedDecrement
GetACP
GetOEMCP
GetCPInfo
IsValidCodePage
TlsAlloc
TlsSetValue
TlsFree
SetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter
QueryPerformanceCounter
GetCurrentProcessId
Sleep
ExitProcess
GetModuleFileNameA
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
HeapDestroy
HeapCreate
HeapFree
VirtualFree
HeapAlloc
TerminateProcess
GetCurrentProcess
IsDebuggerPresent
HeapSize
HeapReAlloc
InitializeCriticalSectionAndSpinCount
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetFilePointer
RtlUnwind
DebugBreak
OutputDebugStringA
OutputDebugStringW
LCMapStringW
GetStringTypeW
GetLocaleInfoA
CreateFileA
CloseHandle
FlushFileBuffers

Sections

.text
Size: 114KB - Virtual size: 114KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4.2MB - Virtual size: 5.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 54KB - Virtual size: 4.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
askinstall50.exe
.exe windows:6 windows x86 arch:x86

4f0608b5638c60342069764638589dcf

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

F:\facebook_svn\trunk\database\Release\DiskScan.pdb

Imports

kernel32

LocalAlloc
LocalFree
WinExec
GetComputerNameW
GetModuleFileNameA
GetCurrentProcessId
OpenProcess
GetModuleFileNameW
SetLastError
GetCurrentThread
FindResourceW
GetPrivateProfileStringW
CopyFileW
SetStdHandle
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetOEMCP
SizeofResource
CreateProcessA
LockResource
LoadResource
FreeLibrary
GetTickCount
TerminateProcess
Sleep
WaitForSingleObject
GetProcessHeap
HeapAlloc
GetLastError
GetTempPathA
CreateDirectoryA
SetCurrentDirectoryW
GetShortPathNameA
LoadLibraryW
GetProcAddress
WideCharToMultiByte
MultiByteToWideChar
SystemTimeToFileTime
DosDateTimeToFileTime
GetCurrentProcess
DuplicateHandle
CloseHandle
WriteFile
SetFileTime
SetFilePointer
ReadFile
GetFileType
CreateFileW
CreateDirectoryW
CreateEventW
GetCurrentDirectoryW
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
FindClose
GetTimeZoneInformation
GetFileSizeEx
GetConsoleCP
SetFilePointerEx
ReadConsoleW
GetConsoleMode
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetCommandLineW
GetCommandLineA
GetStdHandle
ExitProcess
GetModuleHandleExW
FreeLibraryAndExitThread
ExitThread
CreateThread
LoadLibraryExW
RtlUnwind
RaiseException
GetStringTypeW
GetLocaleInfoW
LCMapStringW
CompareStringW
GetCPInfo
TlsFree
WriteConsoleW
TlsSetValue
TlsGetValue
TlsAlloc
SwitchToThread
DecodePointer
EncodePointer
InitializeSListHead
GetStartupInfoW
IsDebuggerPresent
GetModuleHandleW
ResetEvent
SetEvent
InitializeCriticalSectionAndSpinCount
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
FlushFileBuffers
QueryPerformanceCounter
MapViewOfFile
CreateFileMappingW
FormatMessageA
GetSystemTime
GetSystemTimeAsFileTime
AreFileApisANSI
TryEnterCriticalSection
HeapCreate
HeapFree
EnterCriticalSection
GetFullPathNameW
GetDiskFreeSpaceW
OutputDebugStringA
LockFile
LeaveCriticalSection
InitializeCriticalSection
GetFullPathNameA
SetEndOfFile
UnlockFileEx
GetTempPathW
CreateMutexW
GetFileAttributesW
GetCurrentThreadId
UnmapViewOfFile
HeapValidate
HeapSize
FormatMessageW
GetDiskFreeSpaceA
GetFileAttributesA
GetFileAttributesExW
OutputDebugStringW
FlushViewOfFile
CreateFileA
LoadLibraryA
WaitForSingleObjectEx
DeleteFileA
DeleteFileW
HeapReAlloc
GetSystemInfo
HeapCompact
HeapDestroy
UnlockFile
LockFileEx
GetFileSize
DeleteCriticalSection

advapi32

LookupPrivilegeValueW
AdjustTokenPrivileges
LookupAccountNameW
SetSecurityDescriptorOwner
SetSecurityDescriptorGroup
SetSecurityDescriptorDacl
IsValidSecurityDescriptor
InitializeSecurityDescriptor
InitializeAcl
GetTokenInformation
GetLengthSid
FreeSid
EqualSid
DuplicateToken
AllocateAndInitializeSid
AddAccessAllowedAce
AccessCheck
OpenThreadToken
OpenProcessToken

shell32

ShellExecuteExA

ole32

CoInitializeEx
CoGetObject
CoUninitialize

wininet

InternetGetCookieExA

netapi32

Netbios

ntdll

RtlInitUnicodeString
NtFreeVirtualMemory
LdrEnumerateLoadedModules
RtlEqualUnicodeString
RtlAcquirePebLock
NtAllocateVirtualMemory
RtlReleasePebLock
RtlNtStatusToDosError
RtlCreateHeap
RtlDestroyHeap
RtlAllocateHeap
RtlFreeHeap
NtClose
NtOpenKey
NtEnumerateValueKey
NtQueryValueKey

Sections

.text
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.dggwwea
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.dggwwea
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.dggwwea
Size: 1024B - Virtual size: 707B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.dggwwea
Size: 1024B - Virtual size: 598B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.dggwwea
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.dggwwea
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.dggwwea
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 186KB - Virtual size: 186KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.dggwwea
Size: 512B - Virtual size: 80B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 150KB - Virtual size: 149KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 34KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
farlab_setup.exe
.exe windows:1 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 39KB - Virtual size: 39KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 1024B - Virtual size: 592B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 3KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 8B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
inst002.exe
.exe windows:5 windows x86 arch:x86

b900dc5ab09e702140c5c289f35fb91f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

comctl32

ord6
ord17

kernel32

GetCommandLineW
OutputDebugStringW
RtlUnwind
WriteConsoleW
HeapReAlloc
SetFilePointerEx
LCMapStringW
GetStringTypeW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetSystemTimeAsFileTime
GetModuleHandleA
QueryPerformanceCounter
CloseHandle
CreateFileW
LoadLibraryExW
GetProcessHeap
GetModuleHandleW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
TerminateProcess
GetCurrentProcess
InitializeCriticalSectionAndSpinCount
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetStartupInfoW
LoadLibraryA
GetStdHandle
LocalFree
LocalAlloc
GetProcAddress
GetModuleFileNameW
GetModuleFileNameA
GetFileType
GetLastError
Sleep
GetCurrentProcessId
GlobalUnlock
GlobalLock
GlobalAlloc
GetConsoleCP
WriteFile
FlushFileBuffers
DeleteCriticalSection
IsProcessorFeaturePresent
HeapSize
IsDebuggerPresent
EnterCriticalSection
LeaveCriticalSection
SetStdHandle
HeapAlloc
EncodePointer
DecodePointer
ExitProcess
GetModuleHandleExW
MultiByteToWideChar
WideCharToMultiByte
HeapFree
GetConsoleMode
ReadConsoleInputA
SetConsoleMode
GetCommandLineA
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
SetLastError
GetCurrentThreadId

user32

TranslateAcceleratorA
GetMessageA
TranslateMessage
DispatchMessageA
SendMessageA
WaitForInputIdle
InflateRect
GetSysColorBrush
SetCursor
SetWindowTextA
EndDialog
DialogBoxIndirectParamA
LoadIconA
LoadCursorA
FindWindowExA
FindWindowA
MessageBoxA
GetClientRect
SetForegroundWindow
DefWindowProcA
UpdateWindow
LoadAcceleratorsA
EnableWindow
SetFocus
EmptyClipboard
SetClipboardData
CloseClipboard
OpenClipboard
GetDlgItem
EndDeferWindowPos
DeferWindowPos
BeginDeferWindowPos
MoveWindow
ShowWindow
CreateWindowExA
RegisterClassExA
PostQuitMessage

gdi32

StartPage
EndDoc
StartDocA
SetMapMode
GetStockObject
GetDeviceCaps
DeleteDC
CreateDCA
EndPage

comdlg32

PrintDlgA

advapi32

RegQueryValueExA
RegEnumKeyA
RegOpenKeyExA
RegSetValueExA
RegQueryValueExW
RegOpenKeyA
RegCreateKeyA
RegCloseKey

shell32

ShellExecuteExA

Sections

.text
Size: 63KB - Virtual size: 62KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 46KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.text0
Size: 90KB - Virtual size: 89KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
jamesnew.exe
.exe windows:5 windows x86 arch:x86

eb97e4fc5518ac300a92a11673825e0b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

wsock32

WSACleanup
socket
inet_ntoa
setsockopt
ntohs
recvfrom
ioctlsocket
htons
WSAStartup
__WSAFDIsSet
select
accept
listen
bind
closesocket
WSAGetLastError
recv
sendto
send
inet_addr
gethostbyname
gethostname
connect

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

winmm

timeGetTime
waveOutSetVolume
mciSendStringW

comctl32

ImageList_ReplaceIcon
ImageList_Destroy
ImageList_Remove
ImageList_SetDragCursorImage
ImageList_BeginDrag
ImageList_DragEnter
ImageList_DragLeave
ImageList_EndDrag
ImageList_DragMove
InitCommonControlsEx
ImageList_Create

mpr

WNetUseConnectionW
WNetCancelConnection2W
WNetGetConnectionW
WNetAddConnection2W

wininet

InternetQueryDataAvailable
InternetCloseHandle
InternetOpenW
InternetSetOptionW
InternetCrackUrlW
HttpQueryInfoW
InternetQueryOptionW
HttpOpenRequestW
HttpSendRequestW
FtpOpenFileW
FtpGetFileSize
InternetOpenUrlW
InternetReadFile
InternetConnectW

psapi

GetProcessMemoryInfo

iphlpapi

IcmpCreateFile
IcmpCloseHandle
IcmpSendEcho

userenv

DestroyEnvironmentBlock
UnloadUserProfile
CreateEnvironmentBlock
LoadUserProfileW

uxtheme

IsThemeActive

kernel32

DuplicateHandle
CreateThread
WaitForSingleObject
HeapAlloc
GetProcessHeap
HeapFree
Sleep
GetCurrentThreadId
MultiByteToWideChar
MulDiv
GetVersionExW
IsWow64Process
GetSystemInfo
FreeLibrary
LoadLibraryA
GetProcAddress
SetErrorMode
GetModuleFileNameW
WideCharToMultiByte
lstrcpyW
lstrlenW
GetModuleHandleW
QueryPerformanceCounter
VirtualFreeEx
OpenProcess
VirtualAllocEx
WriteProcessMemory
ReadProcessMemory
CreateFileW
SetFilePointerEx
SetEndOfFile
ReadFile
WriteFile
FlushFileBuffers
TerminateProcess
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
SetFileTime
GetFileAttributesW
FindFirstFileW
SetCurrentDirectoryW
GetLongPathNameW
GetShortPathNameW
DeleteFileW
FindNextFileW
CopyFileExW
MoveFileW
CreateDirectoryW
RemoveDirectoryW
SetSystemPowerState
QueryPerformanceFrequency
FindResourceW
LoadResource
LockResource
SizeofResource
EnumResourceNamesW
OutputDebugStringW
GetTempPathW
GetTempFileNameW
DeviceIoControl
GetLocalTime
CompareStringW
GetCurrentProcess
EnterCriticalSection
LeaveCriticalSection
GetStdHandle
CreatePipe
InterlockedExchange
TerminateThread
LoadLibraryExW
FindResourceExW
CopyFileW
VirtualFree
FormatMessageW
GetExitCodeProcess
GetPrivateProfileStringW
WritePrivateProfileStringW
GetPrivateProfileSectionW
WritePrivateProfileSectionW
GetPrivateProfileSectionNamesW
FileTimeToLocalFileTime
FileTimeToSystemTime
SystemTimeToFileTime
LocalFileTimeToFileTime
GetDriveTypeW
GetDiskFreeSpaceExW
GetDiskFreeSpaceW
GetVolumeInformationW
SetVolumeLabelW
CreateHardLinkW
SetFileAttributesW
CreateEventW
SetEvent
GetEnvironmentVariableW
SetEnvironmentVariableW
GlobalLock
GlobalUnlock
GlobalAlloc
GetFileSize
GlobalFree
GlobalMemoryStatusEx
Beep
GetSystemDirectoryW
HeapReAlloc
HeapSize
GetComputerNameW
GetWindowsDirectoryW
GetCurrentProcessId
GetProcessIoCounters
CreateProcessW
GetProcessId
SetPriorityClass
LoadLibraryW
VirtualAlloc
IsDebuggerPresent
GetCurrentDirectoryW
lstrcmpiW
DecodePointer
GetLastError
RaiseException
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
InterlockedDecrement
InterlockedIncrement
GetCurrentThread
CloseHandle
GetFullPathNameW
EncodePointer
ExitProcess
GetModuleHandleExW
ExitThread
GetSystemTimeAsFileTime
ResumeThread
GetCommandLineW
IsProcessorFeaturePresent
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
SetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStartupInfoW
GetStringTypeW
SetStdHandle
GetFileType
GetConsoleCP
GetConsoleMode
RtlUnwind
ReadConsoleW
GetTimeZoneInformation
GetDateFormatW
GetTimeFormatW
LCMapStringW
GetEnvironmentStringsW
FreeEnvironmentStringsW
WriteConsoleW
FindClose
SetEnvironmentVariableA

user32

AdjustWindowRectEx
CopyImage
SetWindowPos
GetCursorInfo
RegisterHotKey
ClientToScreen
GetKeyboardLayoutNameW
IsCharAlphaW
IsCharAlphaNumericW
IsCharLowerW
IsCharUpperW
GetMenuStringW
GetSubMenu
GetCaretPos
IsZoomed
MonitorFromPoint
GetMonitorInfoW
SetWindowLongW
SetLayeredWindowAttributes
FlashWindow
GetClassLongW
TranslateAcceleratorW
IsDialogMessageW
GetSysColor
InflateRect
DrawFocusRect
DrawTextW
FrameRect
DrawFrameControl
FillRect
PtInRect
DestroyAcceleratorTable
CreateAcceleratorTableW
SetCursor
GetWindowDC
GetSystemMetrics
GetActiveWindow
CharNextW
wsprintfW
RedrawWindow
DrawMenuBar
DestroyMenu
SetMenu
GetWindowTextLengthW
CreateMenu
IsDlgButtonChecked
DefDlgProcW
CallWindowProcW
ReleaseCapture
SetCapture
CreateIconFromResourceEx
mouse_event
ExitWindowsEx
SetActiveWindow
FindWindowExW
EnumThreadWindows
SetMenuDefaultItem
InsertMenuItemW
IsMenu
TrackPopupMenuEx
GetCursorPos
DeleteMenu
SetRect
GetMenuItemID
GetMenuItemCount
SetMenuItemInfoW
GetMenuItemInfoW
SetForegroundWindow
IsIconic
FindWindowW
MonitorFromRect
keybd_event
SendInput
GetAsyncKeyState
SetKeyboardState
GetKeyboardState
GetKeyState
VkKeyScanW
LoadStringW
DialogBoxParamW
MessageBeep
EndDialog
SendDlgItemMessageW
GetDlgItem
SetWindowTextW
CopyRect
ReleaseDC
GetDC
EndPaint
BeginPaint
GetClientRect
GetMenu
DestroyWindow
EnumWindows
GetDesktopWindow
IsWindow
IsWindowEnabled
IsWindowVisible
EnableWindow
InvalidateRect
GetWindowLongW
GetWindowThreadProcessId
AttachThreadInput
GetFocus
GetWindowTextW
ScreenToClient
SendMessageTimeoutW
EnumChildWindows
CharUpperBuffW
GetParent
GetDlgCtrlID
SendMessageW
MapVirtualKeyW
PostMessageW
GetWindowRect
SetUserObjectSecurity
CloseDesktop
CloseWindowStation
OpenDesktopW
SetProcessWindowStation
GetProcessWindowStation
OpenWindowStationW
GetUserObjectSecurity
MessageBoxW
DefWindowProcW
SetClipboardData
EmptyClipboard
CountClipboardFormats
CloseClipboard
GetClipboardData
IsClipboardFormatAvailable
OpenClipboard
BlockInput
GetMessageW
LockWindowUpdate
DispatchMessageW
TranslateMessage
PeekMessageW
UnregisterHotKey
CheckMenuRadioItem
CharLowerBuffW
MoveWindow
SetFocus
PostQuitMessage
KillTimer
CreatePopupMenu
RegisterWindowMessageW
SetTimer
ShowWindow
CreateWindowExW
RegisterClassExW
LoadIconW
LoadCursorW
GetSysColorBrush
GetForegroundWindow
MessageBoxA
DestroyIcon
SystemParametersInfoW
LoadImageW
GetClassNameW

gdi32

StrokePath
DeleteObject
GetTextExtentPoint32W
ExtCreatePen
GetDeviceCaps
EndPath
SetPixel
CloseFigure
CreateCompatibleBitmap
CreateCompatibleDC
SelectObject
StretchBlt
GetDIBits
LineTo
AngleArc
MoveToEx
Ellipse
DeleteDC
GetPixel
CreateDCW
GetStockObject
GetTextFaceW
CreateFontW
SetTextColor
PolyDraw
BeginPath
Rectangle
SetViewportOrgEx
GetObjectW
SetBkMode
RoundRect
SetBkColor
CreatePen
CreateSolidBrush
StrokeAndFillPath

comdlg32

GetOpenFileNameW
GetSaveFileNameW

advapi32

GetAce
RegEnumValueW
RegDeleteValueW
RegDeleteKeyW
RegEnumKeyExW
RegSetValueExW
RegOpenKeyExW
RegCloseKey
RegQueryValueExW
RegConnectRegistryW
InitializeSecurityDescriptor
InitializeAcl
AdjustTokenPrivileges
OpenThreadToken
OpenProcessToken
LookupPrivilegeValueW
DuplicateTokenEx
CreateProcessAsUserW
CreateProcessWithLogonW
GetLengthSid
CopySid
LogonUserW
AllocateAndInitializeSid
CheckTokenMembership
RegCreateKeyExW
FreeSid
GetTokenInformation
GetSecurityDescriptorDacl
GetAclInformation
AddAce
SetSecurityDescriptorDacl
GetUserNameW
InitiateSystemShutdownExW

shell32

DragQueryPoint
ShellExecuteExW
DragQueryFileW
SHEmptyRecycleBinW
SHGetPathFromIDListW
SHBrowseForFolderW
SHCreateShellItem
SHGetDesktopFolder
SHGetSpecialFolderLocation
SHGetFolderPathW
SHFileOperationW
ExtractIconExW
Shell_NotifyIconW
ShellExecuteW
DragFinish

ole32

CoTaskMemAlloc
CoTaskMemFree
CLSIDFromString
ProgIDFromCLSID
CLSIDFromProgID
OleSetMenuDescriptor
MkParseDisplayName
OleSetContainedObject
CoCreateInstance
IIDFromString
StringFromGUID2
CreateStreamOnHGlobal
OleInitialize
OleUninitialize
CoInitialize
CoUninitialize
GetRunningObjectTable
CoGetInstanceFromFile
CoGetObject
CoSetProxyBlanket
CoCreateInstanceEx
CoInitializeSecurity

oleaut32

LoadTypeLibEx
VariantCopyInd
SysReAllocString
SysFreeString
SafeArrayDestroyDescriptor
SafeArrayDestroyData
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayAllocData
SafeArrayAllocDescriptorEx
SafeArrayCreateVector
RegisterTypeLi
CreateStdDispatch
DispCallFunc
VariantChangeType
SysStringLen
VariantTimeToSystemTime
VarR8FromDec
SafeArrayGetVartype
VariantCopy
VariantClear
OleLoadPicture
QueryPathOfRegTypeLi
RegisterTypeLibForUser
UnRegisterTypeLibForUser
UnRegisterTypeLi
CreateDispTypeInfo
SysAllocString
VariantInit

Sections

.text
Size: 568KB - Virtual size: 567KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 191KB - Virtual size: 191KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
justdezine.exe
.exe windows:5 windows x86 arch:x86

235315ed783e15a9f0262d40cb1ad6da

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\foperef73\sorapaleni\num\lanejox-vabu.pdb

Imports

kernel32

GetCommandLineW
GetFileSize
GetNativeSystemInfo
lstrlenA
TlsGetValue
GetStringTypeA
SetLocalTime
FindResourceExW
InterlockedIncrement
GetQueuedCompletionStatus
ReadConsoleA
GetNamedPipeHandleStateA
GlobalLock
FreeEnvironmentStringsA
GetModuleHandleW
GetTickCount
GetSystemTimeAsFileTime
GetPrivateProfileStringW
WriteFile
SetCommState
GlobalAlloc
LoadLibraryW
GetSystemWindowsDirectoryA
GetConsoleAliasExesLengthW
GetExitCodeProcess
IsDBCSLeadByte
ReadFile
GetStartupInfoW
GlobalUnlock
GetNamedPipeHandleStateW
LCMapStringA
GetPrivateProfileIntW
InterlockedExchange
GetStartupInfoA
GetLastError
ReadConsoleOutputCharacterA
GetProcAddress
VirtualAlloc
CopyFileA
LoadLibraryA
CreateSemaphoreW
SetCurrentDirectoryW
HeapWalk
FindAtomA
Process32NextW
FreeEnvironmentStringsW
EnumResourceNamesA
GetCurrentThreadId
GetCPInfoExA
DeleteFileW
CopyFileExA
MultiByteToWideChar
GetCommandLineA
HeapValidate
IsBadReadPtr
RaiseException
LeaveCriticalSection
EnterCriticalSection
SetStdHandle
GetFileType
WideCharToMultiByte
GetConsoleCP
GetConsoleMode
DeleteCriticalSection
GetModuleFileNameW
InterlockedDecrement
GetACP
GetOEMCP
GetCPInfo
IsValidCodePage
TlsAlloc
TlsSetValue
TlsFree
SetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter
QueryPerformanceCounter
GetCurrentProcessId
Sleep
ExitProcess
GetModuleFileNameA
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
HeapDestroy
HeapCreate
HeapFree
VirtualFree
HeapAlloc
TerminateProcess
GetCurrentProcess
IsDebuggerPresent
HeapSize
HeapReAlloc
InitializeCriticalSectionAndSpinCount
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetFilePointer
RtlUnwind
DebugBreak
OutputDebugStringA
OutputDebugStringW
LCMapStringW
GetStringTypeW
GetLocaleInfoA
CreateFileA
CloseHandle
FlushFileBuffers

Sections

.text
Size: 114KB - Virtual size: 114KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 67KB - Virtual size: 976KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 50KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
md3_3kvm.exe
.exe windows:5 windows x86 arch:x86

09d0478591d4f788cb3e5ea416c25237

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

Sections

.text
Size: 802KB - Virtual size: 2.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 121KB - Virtual size: 124KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
mixseven.exe
.exe windows:5 windows x86 arch:x86

235315ed783e15a9f0262d40cb1ad6da

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\nun\vipodutelamuso\19 nesararepi\vezuse-dacuhaxogonugi wujix.pdb

Imports

kernel32

GetCommandLineW
GetFileSize
GetNativeSystemInfo
lstrlenA
TlsGetValue
GetStringTypeA
SetLocalTime
FindResourceExW
InterlockedIncrement
GetQueuedCompletionStatus
ReadConsoleA
GetNamedPipeHandleStateA
GlobalLock
FreeEnvironmentStringsA
GetModuleHandleW
GetTickCount
GetSystemTimeAsFileTime
GetPrivateProfileStringW
WriteFile
SetCommState
GlobalAlloc
LoadLibraryW
GetSystemWindowsDirectoryA
GetConsoleAliasExesLengthW
GetExitCodeProcess
IsDBCSLeadByte
ReadFile
GetStartupInfoW
GlobalUnlock
GetNamedPipeHandleStateW
LCMapStringA
GetPrivateProfileIntW
InterlockedExchange
GetStartupInfoA
GetLastError
ReadConsoleOutputCharacterA
GetProcAddress
VirtualAlloc
CopyFileA
LoadLibraryA
CreateSemaphoreW
SetCurrentDirectoryW
HeapWalk
FindAtomA
Process32NextW
FreeEnvironmentStringsW
EnumResourceNamesA
GetCurrentThreadId
GetCPInfoExA
DeleteFileW
CopyFileExA
MultiByteToWideChar
GetCommandLineA
HeapValidate
IsBadReadPtr
RaiseException
LeaveCriticalSection
EnterCriticalSection
SetStdHandle
GetFileType
WideCharToMultiByte
GetConsoleCP
GetConsoleMode
DeleteCriticalSection
GetModuleFileNameW
InterlockedDecrement
GetACP
GetOEMCP
GetCPInfo
IsValidCodePage
TlsAlloc
TlsSetValue
TlsFree
SetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter
QueryPerformanceCounter
GetCurrentProcessId
Sleep
ExitProcess
GetModuleFileNameA
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
HeapDestroy
HeapCreate
HeapFree
VirtualFree
HeapAlloc
TerminateProcess
GetCurrentProcess
IsDebuggerPresent
HeapSize
HeapReAlloc
InitializeCriticalSectionAndSpinCount
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetFilePointer
RtlUnwind
DebugBreak
OutputDebugStringA
OutputDebugStringW
LCMapStringW
GetStringTypeW
GetLocaleInfoA
CreateFileA
CloseHandle
FlushFileBuffers

Sections

.text
Size: 114KB - Virtual size: 114KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 114KB - Virtual size: 1018KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 193B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 50KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
redcloud.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 103KB - Virtual size: 102KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 68KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
vguuu.exe
.exe windows:6 windows x64 arch:x64

0e0b1327b851d652046461e0a8be7593

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

D:\workspace\workspace_c\shellcode_ms\SCY7VJ5UA3Du3GAh1_jm1\x64\Release\SCY7VJ5UA3Du3GAh1_jm1.pdb

Imports

kernel32

AreFileApisANSI
ReadFile
TryEnterCriticalSection
HeapCreate
HeapFree
EnterCriticalSection
GetFullPathNameW
WriteFile
GetDiskFreeSpaceW
LockFile
LeaveCriticalSection
InitializeCriticalSection
SetFilePointer
GetFullPathNameA
SetEndOfFile
UnlockFileEx
GetTempPathW
CreateMutexW
WaitForSingleObject
CreateFileW
GetFileAttributesW
GetCurrentThreadId
UnmapViewOfFile
HeapValidate
HeapSize
MultiByteToWideChar
GetTempPathA
GetDiskFreeSpaceA
GetFileAttributesA
GetFileAttributesExW
OutputDebugStringW
CreateFileA
LoadLibraryA
WaitForSingleObjectEx
DeleteFileA
DeleteFileW
HeapReAlloc
CloseHandle
GetSystemInfo
LoadLibraryW
HeapAlloc
HeapCompact
HeapDestroy
UnlockFile
GetProcAddress
CreateFileMappingA
LockFileEx
GetFileSize
DeleteCriticalSection
GetCurrentProcessId
GetProcessHeap
SystemTimeToFileTime
FreeLibrary
WideCharToMultiByte
GetSystemTimeAsFileTime
GetSystemTime
FormatMessageA
CreateFileMappingW
MapViewOfFile
QueryPerformanceCounter
GetTickCount
FlushFileBuffers
LocalFree
GetLastError
FormatMessageW
lstrlenW
FindResourceW
LoadResource
LockResource
SizeofResource
GetStringTypeW
EncodePointer
DecodePointer
GetCPInfo
CompareStringW
LCMapStringW
GetLocaleInfoW
SetLastError
InitializeCriticalSectionAndSpinCount
CreateEventW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleW
SetEvent
ResetEvent
InitializeSListHead
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
GetCurrentProcess
TerminateProcess
QueryPerformanceFrequency
GetCurrentThread
GetThreadTimes
RtlUnwindEx
InterlockedPushEntrySList
RtlPcToFileHeader
RaiseException
LoadLibraryExW
CreateThread
ExitThread
FreeLibraryAndExitThread
GetModuleHandleExW
ExitProcess
GetModuleFileNameW
GetStdHandle
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetFileType
GetTimeZoneInformation
GetConsoleOutputCP
GetConsoleMode
GetFileSizeEx
SetFilePointerEx
ReadConsoleW
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
SetStdHandle
WriteConsoleW
Sleep
OutputDebugStringA
RtlUnwind

advapi32

RegOpenKeyExW
RegSetValueExW
RegCreateKeyW
RegCloseKey

shell32

SHGetFolderPathW

winhttp

WinHttpQueryDataAvailable
WinHttpConnect
WinHttpReceiveResponse
WinHttpOpen
WinHttpAddRequestHeaders
WinHttpQueryHeaders
WinHttpReadData
WinHttpOpenRequest
WinHttpSetOption
WinHttpCloseHandle
WinHttpGetIEProxyConfigForCurrentUser
WinHttpQueryAuthSchemes
WinHttpGetProxyForUrl
WinHttpSendRequest
WinHttpSetCredentials

crypt32

CryptUnprotectData

Sections

.text
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 248KB - Virtual size: 248KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 47KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 148B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 568B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Extracted

Signatures

Files

235315ed783e15a9f0262d40cb1ad6da

Code Sign

b3:2e:34:a9:2e:ef:16:c5:2e:c8:fa:67:2a:db:c9:bdCertificate

b4:b7:4b:6a:04:09:f0:77:aa:14:ad:0a:9c:41:01:c9:9f:ce:88:38:84:68:5b:9d:ba:e8:f5:93:c9:15:62:35Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

Sections

.text Size: 114KB - Virtual size: 114KB

.rdata Size: 33KB - Virtual size: 33KB

.data Size: 4.2MB - Virtual size: 5.1MB

.rsrc Size: 50KB - Virtual size: 4.0MB

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

# >f*I = Size: 37KB - Virtual size: 36KB

.text Size: 20KB - Virtual size: 19KB

.rsrc Size: 68KB - Virtual size: 67KB

.reloc Size: 512B - Virtual size: 12B

Size: 512B - Virtual size: 16B

Headers

DLL Characteristics

File Characteristics

Sections

CODE Size: 39KB - Virtual size: 39KB

DATA Size: 1024B - Virtual size: 592B

BSS Size: - Virtual size: 3KB

.idata Size: 2KB - Virtual size: 2KB

.tls Size: - Virtual size: 8B

.rdata Size: 512B - Virtual size: 24B

.reloc Size: - Virtual size: 2KB

.rsrc Size: 368KB - Virtual size: 367KB

6af2f376c26d45636195772a4c22fdda

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

Sections

.text Size: 525KB - Virtual size: 525KB

.rdata Size: 16KB - Virtual size: 15KB

.data Size: 8KB - Virtual size: 25.3MB

.rsrc Size: 43KB - Virtual size: 42KB

7bda1659fc16105398114c734c6c6738

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

ole32

oleaut32

Sections

.text Size: 58KB - Virtual size: 57KB

.rdata Size: 31KB - Virtual size: 30KB

.data Size: 2KB - Virtual size: 5KB

.gfids Size: 512B - Virtual size: 272B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 4KB - Virtual size: 4KB

d7c1fa8bea76a22199cf71aae838fe49

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

b3:2e:34:a9:2e:ef:16:c5:2e:c8:fa:67:2a:db:c9:bd
Certificate

b4:b7:4b:6a:04:09:f0:77:aa:14:ad:0a:9c:41:01:c9:9f:ce:88:38:84:68:5b:9d:ba:e8:f5:93:c9:15:62:35
Signer

.text
Size: 114KB - Virtual size: 114KB

.rdata
Size: 33KB - Virtual size: 33KB

.data
Size: 4.2MB - Virtual size: 5.1MB

.rsrc
Size: 50KB - Virtual size: 4.0MB

#>f*I =
Size: 37KB - Virtual size: 36KB

.text
Size: 20KB - Virtual size: 19KB

.rsrc
Size: 68KB - Virtual size: 67KB

.reloc
Size: 512B - Virtual size: 12B

CODE
Size: 39KB - Virtual size: 39KB

DATA
Size: 1024B - Virtual size: 592B

BSS
Size: - Virtual size: 3KB

.idata
Size: 2KB - Virtual size: 2KB

.tls
Size: - Virtual size: 8B

.rdata
Size: 512B - Virtual size: 24B

.reloc
Size: - Virtual size: 2KB

.rsrc
Size: 368KB - Virtual size: 367KB

.text
Size: 525KB - Virtual size: 525KB

.rdata
Size: 16KB - Virtual size: 15KB

.data
Size: 8KB - Virtual size: 25.3MB

.rsrc
Size: 43KB - Virtual size: 42KB

.text
Size: 58KB - Virtual size: 57KB

.rdata
Size: 31KB - Virtual size: 30KB

.data
Size: 2KB - Virtual size: 5KB

.gfids
Size: 512B - Virtual size: 272B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 4KB - Virtual size: 4KB

.text
Size: 114KB - Virtual size: 114KB

.rdata
Size: 33KB - Virtual size: 33KB

.data
Size: 4.2MB - Virtual size: 5.1MB

.rsrc
Size: 54KB - Virtual size: 4.0MB

.text
Size: 1.0MB - Virtual size: 1.0MB

.dggwwea
Size: 4KB - Virtual size: 3KB

.dggwwea
Size: 9KB - Virtual size: 9KB

.dggwwea
Size: 1024B - Virtual size: 707B

.dggwwea
Size: 1024B - Virtual size: 598B

.dggwwea
Size: 4KB - Virtual size: 4KB

.dggwwea
Size: 3KB - Virtual size: 3KB

.dggwwea
Size: 3KB - Virtual size: 2KB

.rdata
Size: 186KB - Virtual size: 186KB

.data
Size: 11KB - Virtual size: 29KB

.dggwwea
Size: 512B - Virtual size: 80B

.rsrc
Size: 150KB - Virtual size: 149KB

.reloc
Size: 34KB - Virtual size: 33KB

CODE
Size: 39KB - Virtual size: 39KB

DATA
Size: 1024B - Virtual size: 592B

BSS
Size: - Virtual size: 3KB

.idata
Size: 2KB - Virtual size: 2KB

.tls
Size: - Virtual size: 8B

.rdata
Size: 512B - Virtual size: 24B

.reloc
Size: - Virtual size: 2KB

.rsrc
Size: 11KB - Virtual size: 11KB

.text
Size: 63KB - Virtual size: 62KB

.rdata
Size: 46KB - Virtual size: 45KB

.data
Size: 5KB - Virtual size: 39KB

.rsrc
Size: 3KB - Virtual size: 3KB

.reloc
Size: 4KB - Virtual size: 4KB

.text0
Size: 90KB - Virtual size: 89KB