C:\Users\Federico\Desktop\RATCLear\Client\Client\obj\x86\Debug\Client.pdb
Resubmissions
28-04-2024 18:31
240428-w6cwyaec5v 1021-04-2024 08:57
240421-kwwqhsfh8z 1021-04-2024 05:45
240421-gfvazacf82 1018-04-2024 19:05
240418-xry2ascb73 1018-04-2024 16:34
240418-t3alashf75 1004-03-2024 18:33
240304-w7b12ahg61 1002-03-2024 17:01
240302-vjn51sff57 1002-03-2024 10:05
240302-l4xhfscc7v 10Static task
static1
General
-
Target
Bazaar.2020.02.7z
-
Size
6.3MB
-
MD5
a2fc1e0d85da197a26203e22bdd1b5a2
-
SHA1
4c2f2158f440347a0f722cd81eb806e28481b868
-
SHA256
7559e6ca8b77400f88bf4e67208a1c32570a670068eccae9e3d226cc5471bd47
-
SHA512
6781742683061f15e74d6a62b16102dde83cafe1aa6f349e1ecec305dd3a72ea043709a19ec435a749e506efb4d93e82ea5ee620bfe60024a5782550eb7f8745
-
SSDEEP
196608:d98omomtNNy/aJF3Jf7KQrNIdaBtlCJNfx2944bl465o:d98omvMKZmQagtU0N465o
Malware Config
Extracted
njrat
0.7d
Low3n
192.168.100.58:443
192.168.42.7:443
e4c7f2e5b82fac0d624ab661f39b28fa
-
reg_key
e4c7f2e5b82fac0d624ab661f39b28fa
-
splitter
|'|'|
Extracted
njrat
0.7d
HacKed
127.0.0.1:1177
104.238.137.213:5552
192.168.89.1:1177
192.168.1.5:666
myhotkkk444.duckdns.org:4444
JohnRicardomilos-33746.portmap.io:1605
127.0.0.1:5552
192.168.56.1:5552
shytanoff.ddns.net:1177
127.0.0.1:2020
192.168.0.27:4444
shytangz12.ddns.net:1177
dalpzy.ddns.net:1085
updatesystemtool.ddns.net:1337
jhonjhon4842.ddns.net:1177
192.168.1.16:5552
fidapeste.duckdns.org:5552
harris974.ddns.net:4444
127.0.0.1:4789
bo6y1.hopto.org:1609
127.0.0.1:1604
127.0.0.1:9999
191.239.255.3:5552
shopviabitcoin.ddns.net:1177
nj1337..ddns.net:1605
jokernet2019.zapto.org:1919
aeeb7a2903c8c537463f288bcc5eed2e
-
reg_key
aeeb7a2903c8c537463f288bcc5eed2e
-
splitter
|'|'|
Extracted
asyncrat
0.5.6A
127.0.0.1:9040
bomi.duckdns.org:8080
192.168.1.7:8080
jhonjhon4842.ddns.net:6606
jhonjhon4842.ddns.net:3389
denemeiso1.duckdns.org:5060
sam144169-56334.portmap.io:56334
sam144169-56334.portmap.io:5552
sam144169-56334.portmap.io:5050
webforma.chickenkiller.com:56334
webforma.chickenkiller.com:5552
webforma.chickenkiller.com:5050
webdata.ddns.net:56334
webdata.ddns.net:5552
webdata.ddns.net:5050
62.108.37.42:8808
noregisterdomain.zapto.org:9040
82.84.85.59:1608
number2.duckdns.org:6606
number2.duckdns.org:7707
number2.duckdns.org:8808
13.235.23.234:1337
127.0.0.1:5222
unregisteredhost.dynu.net:9040
ertretythhrrthttrhth
-
delay
5
-
install
false
-
install_folder
%AppData%
Extracted
darkcomet
hacked
sexystar.myq-see.com:5552
DC_MUTEX-6BSXQXU
-
InstallPath
MSDCSC\msdcsc.exe
-
gencode
1JlJEAuNqqm6
-
install
true
-
offline_keylogger
true
-
persistence
false
-
reg_key
MicroUpdate
Extracted
darkcomet
Mikel_04
ventoclima.hopto.org:8678
DC_MUTEX-J9C4X34
-
InstallPath
Temp\Taskmgrk.exe
-
gencode
mn82vWE9luVq
-
install
true
-
offline_keylogger
true
-
password
Mikel2019
-
persistence
true
-
reg_key
taskmgrk
Extracted
darkcomet
Mikel50
ventoclima.hopto.org:58589
DC_MUTEX-1M2MJNL
-
InstallPath
temp\taskmgrk.exe
-
gencode
n7v7WtYPsejG
-
install
true
-
offline_keylogger
true
-
password
Mikel2019
-
persistence
false
-
reg_key
taskmgrk
Extracted
njrat
Hallaj PRO Rat [Fixed]
HacKed
127.0.0.1:5552
984559f52d4087243e95e5ad9bb48e8d
-
reg_key
984559f52d4087243e95e5ad9bb48e8d
-
splitter
boolLove
Extracted
asyncrat
0.5.5A
192.168.1.9:8080
jsdmhpiwkzhk
-
delay
5
-
install
false
-
install_folder
%AppData%
Extracted
quasar
1.4.0.0
Infected
noinmy.ddns.net:9999
BW7JOTpOU1me7DhAhz
-
encryption_key
cuGnTFdzZchzOboCjJyu
-
install_name
dashost.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
WinServe
-
subdirectory
DAF
Extracted
revengerat
Guest
127.0.0.1:2302
127.0.0.1:1604
rdp2.dgsn.fr:213
jasonbrody2019.hopto.org:5555
tzii.myq-see.com:888
127.0.0.1:90
127.0.0.1:5555
memo445.ddns.net:1337
192.168.234.157:4444
192.168.197.128:1337
192.168.1.2:333
174.127.99.217:1016
193.161.193.99:8888
193.161.193.99:57904
RV_MUTEX
Extracted
revengerat
LimeRevenge
3f4-8b13-1cf6666e4149
Extracted
njrat
0.7d
B HAT
cd1f49ff557041b28396a032e2b161ee
-
reg_key
cd1f49ff557041b28396a032e2b161ee
-
splitter
|'|'|
Extracted
njrat
0.7d
NYAN CAT
127.0.0.1:5552
64dfa84fd6a14d54bb5da02b3d38a087
-
reg_key
64dfa84fd6a14d54bb5da02b3d38a087
-
splitter
|'|'|
Extracted
njrat
0.7NC
NYAN CAT
127.0.0.1:9045
127.0.0.1:8080
192.168.1.7:8080
159.65.15.187:5552
127.0.0.1:5552
unregisteredhost.dynu.net:9045
omnibeees.ddns.com.br:5552
winddns.publicvm.com:5552
whoisdomain.zapto.org:9045
13f63b20924948f
-
reg_key
13f63b20924948f
-
splitter
@!#&^%$
Extracted
njrat
0.7d
Test Bypass cho down load
127.0.0.1:1234
165d6ed988ac
-
reg_key
165d6ed988ac
-
splitter
|'|'|
Extracted
quasar
1.3.0.0
VN333
billythesailor.ddns.net:4782
billythesailor.ddns.net:4707
billythesailor.ddns.net:4708
QSR_MUTEX_EZD0hpIqeXmWmfSZR5
-
encryption_key
6dtdGsEtLLsDNKEXgV4zSrTRpfxT2qGQ
-
install_name
Windows Startup Service.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
Windows Startup Service
-
subdirectory
SubDir
Extracted
limerat
bc1quugyyqeyjw9z2qdetazwpp6jfpdqnscxj3jxgq
-
aes_key
123
-
antivm
false
-
c2_url
https://pastebin.com/raw/zVbipP9N
-
delay
3
-
download_payload
false
-
install
false
-
install_name
Wservices.exe
-
main_folder
Temp
-
pin_spread
false
-
sub_folder
\
-
usb_spread
false
Extracted
remcos
Host
127.0.0.1:2404
-
audio_folder
audio
-
audio_path
%AppData%
-
audio_record_time
5
-
connect_delay
0
-
connect_interval
5
-
copy_file
remcos.exe
-
copy_folder
remcos
-
delete_file
false
-
hide_file
false
-
hide_keylog_file
false
-
install_flag
false
-
install_path
%AppData%
-
keylog_crypt
false
-
keylog_file
logs.dat
-
keylog_flag
false
-
keylog_folder
remcos
-
keylog_path
%AppData%
-
mouse_option
false
-
mutex
remcos_vruzvedwdwvizfq
-
screenshot_crypt
false
-
screenshot_flag
false
-
screenshot_folder
Screens
-
screenshot_path
%AppData%
-
screenshot_time
1
-
startup_value
remcos
-
take_screenshot_option
false
-
take_screenshot_time
5
Extracted
njrat
Visual Studio
d72f69dfb2e45fb7b2acbc62f8219a16
-
reg_key
d72f69dfb2e45fb7b2acbc62f8219a16
Extracted
njrat
0.6.4
HacKed
192.168.1.2:1177
ghassan2019.ddns.net:1177
127.0.0.1:1177
192.168.1.11:1337
43.229.151.171:1177
43.229.151.191:1177
103.82.249.74:5552
memo445.ddns.net:5552
saleh200.hopto.org:1177
5cd8f17f4086744065eb0992a09e05a2
-
reg_key
5cd8f17f4086744065eb0992a09e05a2
-
splitter
|'|'|
Extracted
njrat
0.7d
MyBot
127.0.0.1:8080
1.243.157.185:6522
9e549438c56317b24cd87c987b694da8
-
reg_key
9e549438c56317b24cd87c987b694da8
-
splitter
Y262SUCZ4UJJ
Extracted
njrat
0.6.4
YourPhone
157.245.220.192:1177
bec01544ef6b0bb361f68d796213ad70
-
reg_key
bec01544ef6b0bb361f68d796213ad70
-
splitter
|'|'|
Extracted
njrat
Njrat 0.7 Golden By Hassan Amiri
HacKeD
85:85
Windows Update
-
reg_key
Windows Update
-
splitter
|Hassan|
Extracted
njrat
YourPhone
be7a6446994c64053a860ca10a12ce1e
-
reg_key
be7a6446994c64053a860ca10a12ce1e
Extracted
njrat
0.7d
required installation
uxnr.ddns.net:7144
a2d1b1b05cb0b58cf6e21aefb30df1db
-
reg_key
a2d1b1b05cb0b58cf6e21aefb30df1db
-
splitter
|'|'|
Extracted
njrat
Person_Anonymous
b48bd383056441b474989fb5582a172b
-
reg_key
b48bd383056441b474989fb5582a172b
Extracted
njrat
Hacked By HiDDen PerSOn
687a11c6212507fa992aa1644b336ef5
-
reg_key
687a11c6212507fa992aa1644b336ef5
Extracted
njrat
im523
HacKed By KiLLeR
killerfo2.ddns.net:1177
killerfo22.ddns.net:1177
61e53fca4b50eaee89f696351aed3589
-
reg_key
61e53fca4b50eaee89f696351aed3589
-
splitter
|'|'|
Extracted
njrat
im523
HacKed
127.0.0.1:5552
yano.ddns.net:1605
84.217.125.142:80
127.0.0.1:35855
hostnj.ddns.net:1177
7d6d30a897de0ce8a1f25f71e40d0c4d
-
reg_key
7d6d30a897de0ce8a1f25f71e40d0c4d
-
splitter
|'|'|
Extracted
njrat
0.7d
client
akamaru.ddns.net:1605
netcatclink.ddns.net:4444
aa15bd929c7132fe8f63fd4d0ae48d6c
-
reg_key
aa15bd929c7132fe8f63fd4d0ae48d6c
-
splitter
|'|'|
Extracted
njrat
Njrat 0.7 Golden By Hassan Amiri
HacKed
192.168.234.154:5555
Windows Update
-
reg_key
Windows Update
-
splitter
|Hassan|
Extracted
njrat
0.7d
Test
10.10.10.25:2525
2cf8612501da0a1a00fe5c300206e7a5
-
reg_key
2cf8612501da0a1a00fe5c300206e7a5
-
splitter
|'|'|
Extracted
njrat
im523
bustabit
wogusnn.ddns.net:5553
d963ad78fcad26750b040b7fff9e4835
-
reg_key
d963ad78fcad26750b040b7fff9e4835
-
splitter
|'|'|
Extracted
njrat
im523
HacKed PUBG
cantburn.hopto.org:1177
7b5444a8f8ca9a359aadb891c7e9f01b
-
reg_key
7b5444a8f8ca9a359aadb891c7e9f01b
-
splitter
|'|'|
Extracted
njrat
0.7d
HHHXXX
black101.ddns.net:1177
c7c947d665980e197b736d98adf01cc0
-
reg_key
c7c947d665980e197b736d98adf01cc0
-
splitter
|'|'|
Extracted
njrat
Kjh
마인크래프트
14.46.160.76:5552
06d63ada0dc02c6a44ed3c3fc5c89d83
-
reg_key
06d63ada0dc02c6a44ed3c3fc5c89d83
-
splitter
|'|'|
Extracted
njrat
0.7d
HacKed
x014.hopto.org:4444
192.168.1.16:4444
Windows Update
-
reg_key
Windows Update
-
splitter
|'|'|
Extracted
njrat
Njrat 0.7 Golden By Hassan Amiri
Kulum
34.89.221.19:4444
Windows Update
-
reg_key
Windows Update
-
splitter
|Hassan|
Extracted
njrat
0.7d
45.76.29.16:5552
738e6a0cd25e647b7eb7d6cdad689401
-
reg_key
738e6a0cd25e647b7eb7d6cdad689401
-
splitter
|'|'|
Extracted
njrat
0.7d
Pubg Mobile
Owais5050-61656.portmap.io:56607
6cd2713f4eecf0bba2b136a5ea65aac1
-
reg_key
6cd2713f4eecf0bba2b136a5ea65aac1
-
splitter
|'|'|
Extracted
njrat
0.7d
pinatanai
159.65.15.187:5555
ca60c420c99495343bf4e523a6b382cc
-
reg_key
ca60c420c99495343bf4e523a6b382cc
-
splitter
|'|'|
Extracted
njrat
0.7d
deme
192.168.1.34:4444
4a511581dfdc310e4c48feb89e0695f4
-
reg_key
4a511581dfdc310e4c48feb89e0695f4
-
splitter
Y262SUCZ4UJJ
Extracted
njrat
Kjh
HacKed
180.230.116.72:5552
8e3709de950aab92ac1a166058ff0595
-
reg_key
8e3709de950aab92ac1a166058ff0595
-
splitter
|'|'|
Extracted
njrat
0.6.4
Person
127.0.0.1:456
dae31c02cb06222e776b9ccb9207edb1
-
reg_key
dae31c02cb06222e776b9ccb9207edb1
-
splitter
|'|'|
Extracted
njrat
Njrat 0.7 Golden By Hassan Amiri
gariban
rothilione-41041.portmap.io:41041
Windows Update
-
reg_key
Windows Update
-
splitter
|Hassan|
Extracted
njrat
2020/
cad6ec042b06ac31e129fbc8d13eabe6
-
reg_key
cad6ec042b06ac31e129fbc8d13eabe6
Extracted
njrat
Njrat 0.7 Golden By Hassan Amiri
34234234
146.158.107.225:8408
Windows Update
-
reg_key
Windows Update
-
splitter
|Hassan|
Extracted
njrat
SAD NIGGA HOURS
06ba6a3d895af3b2b6823852ec271c67
-
reg_key
06ba6a3d895af3b2b6823852ec271c67
Extracted
njrat
0.7.3
Lime
195.222.172.238:5228
svchost.exe
-
reg_key
svchost.exe
-
splitter
njrat
Extracted
njrat
Njrat 0.7 Golden By Hassan Amiri
topher
tolga182-49359.portmap.host:1604
Windows Update
-
reg_key
Windows Update
-
splitter
|Hassan|
Extracted
njrat
Hacked
19398dcbfdab92aeb0734478a2451d20
-
reg_key
19398dcbfdab92aeb0734478a2451d20
Extracted
njrat
roby
4bda69d82f2ad26800386604df9bc3de
-
reg_key
4bda69d82f2ad26800386604df9bc3de
Extracted
njrat
0.7d
victime
tutoratderz.ddns.net:5552
tutoratderz.ddns.net:1605
61f6d5680d79146f1177cacbfc3022ce
-
reg_key
61f6d5680d79146f1177cacbfc3022ce
-
splitter
|'|'|
Extracted
revengerat
NyanCatRevenge
127.0.0.1:333
NOREGISTERDOMAIN.ZAPTO.ORG:9045
helpdeskcamfrog.ddns.net:2222
3030pp.hopto.org:1000
r3dc0d3r.duckdns.org:12301
toloro.duckdns.org:5555
fullcdt.hopto.org:333
sensual2020.ddns.net:3000
192.168.1.2:2222
alien007.my-firewall.org:8080
cuenta.hopto.org:5214
2cc2152a0871
Extracted
revengerat
R A D
KevinDavis-58161.portmap.host:58161
192.168.1.112:4444
kevindavis-58161.portmap.host:58161
RV_MUTEX
Extracted
revengerat
system
yj233.e1.luyouxia.net:20645
RV_MUTEX-GeVqDyMpzZJHO
Extracted
revengerat
YT
yukselofficial.duckdns.org:5552
RV_MUTEX-WlgZblRvZwfRtNH
Extracted
quasar
1.3.0.0
Office04
al3nzii.myq-see.com:4782
hoba7be.ddns.net:4782
127.0.0.1:2323
149.28.201.253:4782
192.168.2.9:1783
86.93.121.149:1783
192.168.234.157:1234
127.0.0.1:4782
192.168.1.100:4800
QSR_MUTEX_QSMxTkfFj770mwaMaj
-
encryption_key
zunmXxOhff9hBVcOIy8a
-
install_name
Client.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
windows
-
subdirectory
SubDir
Extracted
quasar
1.3.0.0
Kurban
gameranil88-34655.portmap.io:34655
QSR_MUTEX_Mq8fSFRilMUG89GjSc
-
encryption_key
wE4B3JaW3vEUIIrvszcF
-
install_name
Client.exe
-
log_directory
Logs
-
reconnect_delay
1
-
startup_key
WindowsUptade
-
subdirectory
SubDir
Extracted
quasar
1.3.0.0
Force One
umcarasozinho.giize.com:5552
QSR_MUTEX_rXuzhrms6m5Gx0d0lk
-
encryption_key
2yzv2TDIqCeGLodEWuqz
-
install_name
systemhelper.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
systemhelper
-
subdirectory
SubDir
Extracted
quasar
1.3.0.0
New
ipaf3.sytes.net:5353
ipaf4.sytes.net:5353
QSR_MUTEX_IRT4UgcGhk975OVXdn
-
encryption_key
AWkTsOYsl9wIkH8LUfG4
-
install_name
Driver.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
Drivers
-
subdirectory
Drivers
Extracted
quasar
1.3.0.0
CoDer
skypeprocesshost.ddns.com.br:4782
workwinrarhost.ddns.com.br:4782
office.minhaempresa.tv:4782
authy.winconnection.net:4782
QSR_MUTEX_waaDBjBTwvE4jQF1CY
-
encryption_key
syxdBvDrFCjAln3AxGRZ
-
install_name
0ffice.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
msg
-
subdirectory
Office
Extracted
quasar
1.3.0.0
Ps
45.74.53.124:4782
s5v8y/B?E(H+MbQeThWmZq3t6w9z$C&F)J@NcRfUjXn2r5u7x!A%D*G-KaPdSgV
-
encryption_key
sEybIz3EK3xXIpG2z1h2
-
install_name
Client.exe
-
log_directory
Logs
-
reconnect_delay
0
-
startup_key
Quasar Client Startup
-
subdirectory
SubDir
Extracted
quasar
1.3.0.0
Force One PC MASTER
apenasumcarasozinho.hopto.org:5552
QSR_MUTEX_HqC3bVY0FTFbgxQirr
-
encryption_key
5RhS5uBxvlwTtS4KFhfw
-
install_name
systemHelper.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
systemhelper
-
subdirectory
SubDir
Extracted
nanocore
1.2.2.0
uniformmm.ddns.net:1543
127.0.0.1:1543
spowpow12.hopto.org:5678
127.0.0.1:5678
127.0.0.1:54984
192.168.1.16:54984
ahmedt.duckdns.org:113
ghfsquad.duckdns.org:8192
ludwigh.duckdns.org:8192
jhonjhon4842.ddns.net:53896
jemoederspow.ddns.net:5678
192.168.0.129:54984
8c89a093-5ac7-424e-8c76-2e80c157bade
-
activate_away_mode
true
-
backup_connection_host
127.0.0.1
-
backup_dns_server
8.8.4.4
-
buffer_size
65535
-
build_time
2019-10-14T14:42:04.641145036Z
-
bypass_user_account_control
false
-
bypass_user_account_control_data
PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTE2Ij8+DQo8VGFzayB2ZXJzaW9uPSIxLjIiIHhtbG5zPSJodHRwOi8vc2NoZW1hcy5taWNyb3NvZnQuY29tL3dpbmRvd3MvMjAwNC8wMi9taXQvdGFzayI+DQogIDxSZWdpc3RyYXRpb25JbmZvIC8+DQogIDxUcmlnZ2VycyAvPg0KICA8UHJpbmNpcGFscz4NCiAgICA8UHJpbmNpcGFsIGlkPSJBdXRob3IiPg0KICAgICAgPExvZ29uVHlwZT5JbnRlcmFjdGl2ZVRva2VuPC9Mb2dvblR5cGU+DQogICAgICA8UnVuTGV2ZWw+SGlnaGVzdEF2YWlsYWJsZTwvUnVuTGV2ZWw+DQogICAgPC9QcmluY2lwYWw+DQogIDwvUHJpbmNpcGFscz4NCiAgPFNldHRpbmdzPg0KICAgIDxNdWx0aXBsZUluc3RhbmNlc1BvbGljeT5QYXJhbGxlbDwvTXVsdGlwbGVJbnN0YW5jZXNQb2xpY3k+DQogICAgPERpc2FsbG93U3RhcnRJZk9uQmF0dGVyaWVzPmZhbHNlPC9EaXNhbGxvd1N0YXJ0SWZPbkJhdHRlcmllcz4NCiAgICA8U3RvcElmR29pbmdPbkJhdHRlcmllcz5mYWxzZTwvU3RvcElmR29pbmdPbkJhdHRlcmllcz4NCiAgICA8QWxsb3dIYXJkVGVybWluYXRlPnRydWU8L0FsbG93SGFyZFRlcm1pbmF0ZT4NCiAgICA8U3RhcnRXaGVuQXZhaWxhYmxlPmZhbHNlPC9TdGFydFdoZW5BdmFpbGFibGU+DQogICAgPFJ1bk9ubHlJZk5ldHdvcmtBdmFpbGFibGU+ZmFsc2U8L1J1bk9ubHlJZk5ldHdvcmtBdmFpbGFibGU+DQogICAgPElkbGVTZXR0aW5ncz4NCiAgICAgIDxTdG9wT25JZGxlRW5kPmZhbHNlPC9TdG9wT25JZGxlRW5kPg0KICAgICAgPFJlc3RhcnRPbklkbGU+ZmFsc2U8L1Jlc3RhcnRPbklkbGU+DQogICAgPC9JZGxlU2V0dGluZ3M+DQogICAgPEFsbG93U3RhcnRPbkRlbWFuZD50cnVlPC9BbGxvd1N0YXJ0T25EZW1hbmQ+DQogICAgPEVuYWJsZWQ+dHJ1ZTwvRW5hYmxlZD4NCiAgICA8SGlkZGVuPmZhbHNlPC9IaWRkZW4+DQogICAgPFJ1bk9ubHlJZklkbGU+ZmFsc2U8L1J1bk9ubHlJZklkbGU+DQogICAgPFdha2VUb1J1bj5mYWxzZTwvV2FrZVRvUnVuPg0KICAgIDxFeGVjdXRpb25UaW1lTGltaXQ+UFQwUzwvRXhlY3V0aW9uVGltZUxpbWl0Pg0KICAgIDxQcmlvcml0eT40PC9Qcmlvcml0eT4NCiAgPC9TZXR0aW5ncz4NCiAgPEFjdGlvbnMgQ29udGV4dD0iQXV0aG9yIj4NCiAgICA8RXhlYz4NCiAgICAgIDxDb21tYW5kPiIjRVhFQ1VUQUJMRVBBVEgiPC9Db21tYW5kPg0KICAgICAgPEFyZ3VtZW50cz4kKEFyZzApPC9Bcmd1bWVudHM+DQogICAgPC9FeGVjPg0KICA8L0FjdGlvbnM+DQo8L1Rhc2s+
-
clear_access_control
true
-
clear_zone_identifier
false
-
connect_delay
4000
-
connection_port
1543
-
default_group
Default
-
enable_debug_mode
true
-
gc_threshold
1.048576e+07
-
keep_alive_timeout
30000
-
keyboard_logging
false
-
lan_timeout
2500
-
max_packet_size
1.048576e+07
-
mutex
8c89a093-5ac7-424e-8c76-2e80c157bade
-
mutex_timeout
5000
-
prevent_system_sleep
false
-
primary_connection_host
uniformmm.ddns.net
-
primary_dns_server
8.8.8.8
-
request_elevation
true
-
restart_delay
5000
-
run_delay
0
-
run_on_startup
false
-
set_critical_process
true
-
timeout_interval
5000
-
use_custom_dns_server
false
-
version
1.2.2.0
-
wan_timeout
8000
Extracted
njrat
0.7d
Downloading
console-wifi.ddns.net:5552
3dfad3bbc7bad1562c683adfee1a8e48
-
reg_key
3dfad3bbc7bad1562c683adfee1a8e48
-
splitter
|'|'|
Extracted
njrat
0.7d
RECUP NOIP
9292.ddns.net:10140
1f0c56d11a4a44433acf4728c597fd66
-
reg_key
1f0c56d11a4a44433acf4728c597fd66
-
splitter
|'|'|
Extracted
njrat
0.7d
내따꽈리
asdgdcvxzcv.kro.kr:2222
651deda00b27ab86d974483926aa2300
-
reg_key
651deda00b27ab86d974483926aa2300
-
splitter
|'|'|
Extracted
njrat
0.7d
NEW
sharrych.ddns.net:5556
723520b640cb39476dbbd3d566c664da
-
reg_key
723520b640cb39476dbbd3d566c664da
-
splitter
|'|'|
Extracted
njrat
0.6.4
clienta
achraf4.ddns.net:4500
59d56b3983b444c86e2da951d0302f3b
-
reg_key
59d56b3983b444c86e2da951d0302f3b
-
splitter
|'|'|
Extracted
warzonerat
tresor2020.ddns.net:2020
178.238.8.111:2626
Extracted
cybergate
v1.07.5
remote
127.0.0.1:999
127.0.0.1:81
0Y7117LDCV0730
-
enable_keylogger
true
-
enable_message_box
true
-
ftp_directory
./logs/
-
ftp_interval
30
-
injected_process
explorer.exe
-
install_dir
install
-
install_file
server.exe
-
install_flag
true
-
keylogger_enable_ftp
false
-
message_box_caption
Remote Administration anywhere in the world.
-
message_box_title
CyberGate
-
password
cybergate
Signatures
-
Async RAT payload 21 IoCs
Processes:
resource yara_rule static1/unpack001/bazaar.2020.02/Backdoor.MSIL.Crysan.acs-d8e091f7e30656be6ba24890a96982b3a9def6123597c0b5ea740f8560ce45c1 family_asyncrat static1/unpack001/bazaar.2020.02/HEUR-Backdoor.MSIL.Crysan.gen-0a276fdaf3367ca3fd4cf90eb338dd3d0575ba3979f1bd609ce58e13e2aa0a8e family_asyncrat static1/unpack001/bazaar.2020.02/HEUR-Backdoor.MSIL.Crysan.gen-0e7c56b00281e18e385042a28f0e6202fbe39f3cdb219d17489799fca09b6550 family_asyncrat static1/unpack001/bazaar.2020.02/HEUR-Backdoor.MSIL.Crysan.gen-0eeb561ea16bf80e301847add0363445976f5ab518d23e499cbf1f7ce9e6fc59 family_asyncrat static1/unpack001/bazaar.2020.02/HEUR-Backdoor.MSIL.Crysan.gen-0f268e9be95d203c8d5cfa33d50ad7f623f13746bd97ec24703959dc08d97a9b family_asyncrat static1/unpack001/bazaar.2020.02/HEUR-Backdoor.MSIL.Crysan.gen-2b70dd97d36efbbadd5f63afc22e28dc53d26302bae846b4f4e49e27cf95a70f family_asyncrat static1/unpack001/bazaar.2020.02/HEUR-Backdoor.MSIL.Crysan.gen-5515739bd8752264b7ee2a2c9b957d36af9fb16b19d7dd1aef4139f2fe74af47 family_asyncrat static1/unpack001/bazaar.2020.02/HEUR-Backdoor.MSIL.Crysan.gen-5be5dbcf6753c5607b5c95bf93e71f1d71fcb2c6ff691f949e237bc6df77a34a family_asyncrat static1/unpack001/bazaar.2020.02/HEUR-Backdoor.MSIL.Crysan.gen-661a64ee7db2b0ddbcfc619258bdd2c06ab206b7efb4280d1efb5206eaa4701c family_asyncrat static1/unpack001/bazaar.2020.02/HEUR-Backdoor.MSIL.Crysan.gen-6afb6a18a4fce6423e0518c40eee187214cf81428c350347c52eb3b9f0c82b17 family_asyncrat static1/unpack001/bazaar.2020.02/HEUR-Backdoor.MSIL.Crysan.gen-6bc82b5b3a1161abc9ef0b67d69e09ef009fed1ab438fb9e5f3e1ac40290ed78 family_asyncrat static1/unpack001/bazaar.2020.02/HEUR-Backdoor.MSIL.Crysan.gen-758c2192e60534c48145e7704dc3d810b8de899bb36a756fdfa1d34c5971ff45 family_asyncrat static1/unpack001/bazaar.2020.02/HEUR-Backdoor.MSIL.Crysan.gen-7a5f26049488c885e95778f9a2352179be3a2f0721bba044039263214765d781 family_asyncrat static1/unpack001/bazaar.2020.02/HEUR-Backdoor.MSIL.Crysan.gen-9b471c2935fdd01c7e9d57e78f91d213e6d1b5a44ac1719048d92d02d1976422 family_asyncrat static1/unpack001/bazaar.2020.02/HEUR-Backdoor.MSIL.Crysan.gen-a52ed7cc857c5a48246c336bd22ac226100a005a8fa1306debe166af6018090d family_asyncrat static1/unpack001/bazaar.2020.02/HEUR-Backdoor.MSIL.Crysan.gen-a6604aebaa716ddce1cc646eb63b3ddcdc7aaa59efe4e10bcd1650dee815ea03 family_asyncrat static1/unpack001/bazaar.2020.02/HEUR-Backdoor.MSIL.Crysan.gen-a86751d7ee905499b6e324dc5175e287a20d34cde78cbe35a290523dea9d1cd0 family_asyncrat static1/unpack001/bazaar.2020.02/HEUR-Backdoor.MSIL.Crysan.gen-abf3559102f105717f176c7929b5994a35686be15d37fb91d19d885f79cc1310 family_asyncrat static1/unpack001/bazaar.2020.02/HEUR-Backdoor.MSIL.Crysan.gen-cd421127d97cf049c17e0d3049dc42686468f26adfdc0281e0cb64e307c54a67 family_asyncrat static1/unpack001/bazaar.2020.02/HEUR-Backdoor.MSIL.Crysan.gen-e20e1fd207ef943af95774fc0fc0e38da70c808b78a3dfb141e4852036a8dc12 family_asyncrat static1/unpack001/bazaar.2020.02/HEUR-Backdoor.MSIL.Crysan.gen-f019485de1ca48a37011e7df076b8e7105e928d4b2695caa1a6780a2a30f45cb family_asyncrat -
Asyncrat family
-
Cybergate family
-
Darkcomet family
-
Limerat family
-
Nanocore family
-
Njrat family
-
Quasar family
-
Quasar payload 16 IoCs
Processes:
resource yara_rule static1/unpack001/bazaar.2020.02/HEUR-Backdoor.MSIL.Quasar.gen-a4fcf02ada330a1e50982618833ae730d5238adbf9407e303cc6c05fa8270ba5 family_quasar static1/unpack001/bazaar.2020.02/HEUR-Trojan-Spy.MSIL.Quasar.gen-dff69a4857e56c6c013e1959908154884ed9653414ba1f6d1720f8b1f1af1f8a family_quasar static1/unpack001/bazaar.2020.02/Trojan.MSIL.Agent.foww-127e69ed4de5d98d060b70789551d2967c1ebbb895037a0fe20ff7229440ef49 family_quasar static1/unpack001/bazaar.2020.02/Trojan.MSIL.Agent.foww-32d915040990164c6dff0ddcc5e7cf4258d90f9e425e6058e5a771e084b73bdb family_quasar static1/unpack001/bazaar.2020.02/Trojan.MSIL.Agent.foww-35826857f7763122fb380c1392f2d0fb820ec28c1f16e858b3846b9f681525af family_quasar static1/unpack001/bazaar.2020.02/Trojan.MSIL.Agent.foww-588eb55b57e118fbee66a6d0586de453ea4e0ae1a781c73e1bbe10e8e24641fc family_quasar static1/unpack001/bazaar.2020.02/Trojan.MSIL.Agent.foww-5b441845c2a6dd856d00a56b6dc812a13da0fee80a10e55ed7afd103914e6513 family_quasar static1/unpack001/bazaar.2020.02/Trojan.MSIL.Agent.foww-5eb26eb056480f6083f7565a572b2dd6ebc992a99d8220dbf0d736c7b4a12077 family_quasar static1/unpack001/bazaar.2020.02/Trojan.MSIL.Agent.foww-7431f9ba6aec04eac9673c804378df129f167a06927649ec7aca9872fb15f14b family_quasar static1/unpack001/bazaar.2020.02/Trojan.MSIL.Agent.foww-78ddd7ee459b76b72c74a996678b97f3c215f5627dde3d49afed389867d853f7 family_quasar static1/unpack001/bazaar.2020.02/Trojan.MSIL.Agent.foww-7d016ad09b5362b12283b52164529321914d6e2d26dfdb011e5bf39d67855b3e family_quasar static1/unpack001/bazaar.2020.02/Trojan.MSIL.Agent.foww-a53732f6b49c8d9b99b7bdad38c3255f7ea944e14b86c8f674dd3187c74e808e family_quasar static1/unpack001/bazaar.2020.02/Trojan.MSIL.Agent.foww-a5a95cd39484fabee1551b0daeb1a3c3fc94c610fe2020e2f714f366ef1430aa family_quasar static1/unpack001/bazaar.2020.02/Trojan.MSIL.Agent.foww-ac9e09f103268fe05d4f463f8d192e7ff220ee1428258063b4f2f26c531ec57d family_quasar static1/unpack001/bazaar.2020.02/Trojan.MSIL.Agent.foww-c0cd9c51c4fc4f7805d5d2e5e08e3701c2214ab9ee25a239b2ab3c7af0c8e797 family_quasar static1/unpack001/bazaar.2020.02/Trojan.MSIL.Agent.foww-c4682163181637eb17e174cc795eba8b094f6d6c76a60b14cdfa38ae7471c768 family_quasar -
Remcos family
-
RevengeRat Executable 21 IoCs
Processes:
resource yara_rule static1/unpack001/bazaar.2020.02/HEUR-Backdoor.MSIL.Revenge.gen-03e6043a9dc35b10400bd0e81a62977b05e7ecf941524673bdcdcae9e012cb07 revengerat static1/unpack001/bazaar.2020.02/HEUR-Backdoor.MSIL.Revenge.gen-60197bde238231c68c111119345b65d414bd24c7910eb5b1f3af62a0e227fad7 revengerat static1/unpack001/bazaar.2020.02/HEUR-Backdoor.MSIL.Revenge.gen-61772167a95f7d7eb84337c06144cbba21b88b0ace8ef24d59426c7a50e6acc6 revengerat static1/unpack001/bazaar.2020.02/HEUR-Backdoor.MSIL.Revenge.gen-81c2d363ab4104654fc8a9d4672b947d1c83e521ea47d9c8f0aaf992cb39230d revengerat static1/unpack001/bazaar.2020.02/HEUR-Backdoor.MSIL.Revenge.gen-acec05fb087440c24b6ac8a15051b8fc7fdfd92bdf458b165e1e19265395b595 revengerat static1/unpack001/bazaar.2020.02/HEUR-Backdoor.MSIL.Revenge.gen-c35e3bdf0d1a7275e73f3c8c9fb57cf874ffa19ffafae649025b1e90cd07c096 revengerat static1/unpack001/bazaar.2020.02/HEUR-Trojan.MSIL.Generic-7af6be720f63c86de10443745e332a5717aa9b14fa3e8ecca584ef370f2080da revengerat static1/unpack001/bazaar.2020.02/HEUR-Trojan.MSIL.Generic-e0287568096f94034a8746adef8f4c08db4ef5f51134f90740b1c72eb1b1eb0b revengerat static1/unpack001/bazaar.2020.02/HEUR-Trojan.Win32.RRAT.gen-0b3ca8fc417a9e5ac4101babf092999399fe7aadc4d8b68b4707e8297db0a08e revengerat static1/unpack001/bazaar.2020.02/HEUR-Trojan.Win32.RRAT.gen-0f0ad0df89b895ae4e7ad72b7d6bbea015fe566fe98b577553cb95cd3fb96766 revengerat static1/unpack001/bazaar.2020.02/HEUR-Trojan.Win32.RRAT.gen-0f9f2ed3669af8502dfad754d0dc2e7682fe7bc4d0044f7cc3ca61a0e1170d15 revengerat static1/unpack001/bazaar.2020.02/HEUR-Trojan.Win32.RRAT.gen-275e4633982c0b779c6dcc0a3dab4b2742ec05bc1a3364c64745cbfe74302c06 revengerat static1/unpack001/bazaar.2020.02/HEUR-Trojan.Win32.RRAT.gen-291bf31470c9bcacec467c980adb7a3d111ebb6b72cf07147884a7eae5cabde9 revengerat static1/unpack001/bazaar.2020.02/HEUR-Trojan.Win32.RRAT.gen-31b10f1a4a6bb1e74af48d786c3c5957d1fdde4307adb24d5cbf06f278fc18ae revengerat static1/unpack001/bazaar.2020.02/HEUR-Trojan.Win32.RRAT.gen-3ac39ece6e1953f03e88fdfb942bf9f0dcb8d1da643cbd9677032f2ac7861d03 revengerat static1/unpack001/bazaar.2020.02/HEUR-Trojan.Win32.RRAT.gen-6ebe2626d66a590a572cca546c2b1c472f5e1b7db26f89cc8f6f073125fe82c5 revengerat static1/unpack001/bazaar.2020.02/HEUR-Trojan.Win32.RRAT.gen-7e1f0c4593e27a0841305ca73d83f6ccdd900ecf8ed8863feb9a301367c5dac1 revengerat static1/unpack001/bazaar.2020.02/HEUR-Trojan.Win32.RRAT.gen-8efd6f95c39e86627b1f9cc553fa7bed152dbf4788662bee15d3b5bdf0c1b79e revengerat static1/unpack001/bazaar.2020.02/HEUR-Trojan.Win32.RRAT.gen-d9a9a7ab99db0946ecb0f5f398eddd0d820ffbde0105164064e168f1ea73ba26 revengerat static1/unpack001/bazaar.2020.02/HEUR-Trojan.Win32.RRAT.gen-e46cd935e22dcbb21e8a802f714a28f91ffd53351655f28c1df0b418d6d535b5 revengerat static1/unpack001/bazaar.2020.02/HEUR-Trojan.Win32.RRAT.gen-e54384fe872d30bf574d7b80311ce1c6d9f86a8db7b6e47cbd03069eea1bdd61 revengerat -
Revengerat family
-
Sodinokibi family
-
Warzone RAT payload 2 IoCs
Processes:
resource yara_rule static1/unpack001/bazaar.2020.02/Trojan.Win32.Agentb.jiad-1e0cc4051f5ea6cb75b0df551bc5be60abc54ca51cd1611dc760aa245a0055dd warzonerat static1/unpack001/bazaar.2020.02/Trojan.Win32.Agentb.jiad-8aa2c9406939c8c158483b7607b68846a87b1ee8fba9301d11aa812429516db5 warzonerat -
Warzonerat family
-
Processes:
resource yara_rule static1/unpack001/bazaar.2020.02/Backdoor.Win32.DarkKomet.aagt-4c1b6befb06152412567869f27c006cba39f4ac3b1c5dbcf8694a65367444df5 upx static1/unpack001/bazaar.2020.02/Backdoor.Win32.Delf.aecw-a2f4d3da25e52d88eafb7a7da242e9bb507fe4626af58ca3b8c1a13e391c2000 upx static1/unpack001/bazaar.2020.02/Backdoor.Win32.Delf.aecw-fa3981228b5b124a8b51fa64f8b6d5d05899165647dc50322b717d7ab63d4997 upx static1/unpack001/bazaar.2020.02/HEUR-Trojan-Spy.Win32.Xegumumune.gen-9a31db5bc233b3fedeeb7f8fda079d92cb4c42377d763f3cf37c98d452962ebe upx static1/unpack001/bazaar.2020.02/HEUR-Trojan.Win32.Generic-39ec963bdfd683141a24c10435e4a6104375f5c1f61af2053b017ee55b84d1c1 upx -
Unsigned PE 311 IoCs
Checks for missing Authenticode signature.
Processes:
resource unpack001/bazaar.2020.02/Backdoor.MSIL.Agent.jdt-72fd107044ae159a7a80813fe902a132f12eedd01c63fd9e506cf05e088e7491 unpack001/bazaar.2020.02/Backdoor.MSIL.Agent.jdt-aa918b196328f1fe341b5b48cb5d28f31a94b92b279fcf36baaea55a0a8886f1 unpack001/bazaar.2020.02/Backdoor.MSIL.Crysan.acs-d8e091f7e30656be6ba24890a96982b3a9def6123597c0b5ea740f8560ce45c1 unpack001/bazaar.2020.02/Backdoor.Win32.DarkKomet.aagt-4c1b6befb06152412567869f27c006cba39f4ac3b1c5dbcf8694a65367444df5 unpack005/out.upx unpack001/bazaar.2020.02/Backdoor.Win32.Delf.aecw-a2f4d3da25e52d88eafb7a7da242e9bb507fe4626af58ca3b8c1a13e391c2000 unpack006/out.upx unpack001/bazaar.2020.02/Backdoor.Win32.Delf.aecw-fa3981228b5b124a8b51fa64f8b6d5d05899165647dc50322b717d7ab63d4997 unpack007/out.upx unpack001/bazaar.2020.02/Backdoor.Win32.Parazit.aw-4f54c2e0def0a2a5b478220b3ddbccc3ee2a7302cddbfe0e8e1d394587589d88 unpack001/bazaar.2020.02/HEUR-Backdoor.MSIL.Agent.gen-0eb3ab9e4c6bc5903674d8f9b36a1a59825fa4e1c2d7209be4d7a0c16dc6168f unpack001/bazaar.2020.02/HEUR-Backdoor.MSIL.Crysan.gen-0a276fdaf3367ca3fd4cf90eb338dd3d0575ba3979f1bd609ce58e13e2aa0a8e unpack001/bazaar.2020.02/HEUR-Backdoor.MSIL.Crysan.gen-0e7c56b00281e18e385042a28f0e6202fbe39f3cdb219d17489799fca09b6550 unpack001/bazaar.2020.02/HEUR-Backdoor.MSIL.Crysan.gen-0eeb561ea16bf80e301847add0363445976f5ab518d23e499cbf1f7ce9e6fc59 unpack001/bazaar.2020.02/HEUR-Backdoor.MSIL.Crysan.gen-0f268e9be95d203c8d5cfa33d50ad7f623f13746bd97ec24703959dc08d97a9b unpack001/bazaar.2020.02/HEUR-Backdoor.MSIL.Crysan.gen-2b70dd97d36efbbadd5f63afc22e28dc53d26302bae846b4f4e49e27cf95a70f unpack001/bazaar.2020.02/HEUR-Backdoor.MSIL.Crysan.gen-4ece7a3cd6313c022ce3d30028a8af4f4f4da6a35efcddb8136b4bb5520fdb21 unpack001/bazaar.2020.02/HEUR-Backdoor.MSIL.Crysan.gen-5515739bd8752264b7ee2a2c9b957d36af9fb16b19d7dd1aef4139f2fe74af47 unpack001/bazaar.2020.02/HEUR-Backdoor.MSIL.Crysan.gen-5be5dbcf6753c5607b5c95bf93e71f1d71fcb2c6ff691f949e237bc6df77a34a unpack001/bazaar.2020.02/HEUR-Backdoor.MSIL.Crysan.gen-661a64ee7db2b0ddbcfc619258bdd2c06ab206b7efb4280d1efb5206eaa4701c unpack001/bazaar.2020.02/HEUR-Backdoor.MSIL.Crysan.gen-6afb6a18a4fce6423e0518c40eee187214cf81428c350347c52eb3b9f0c82b17 unpack001/bazaar.2020.02/HEUR-Backdoor.MSIL.Crysan.gen-6bc82b5b3a1161abc9ef0b67d69e09ef009fed1ab438fb9e5f3e1ac40290ed78 unpack001/bazaar.2020.02/HEUR-Backdoor.MSIL.Crysan.gen-758c2192e60534c48145e7704dc3d810b8de899bb36a756fdfa1d34c5971ff45 unpack001/bazaar.2020.02/HEUR-Backdoor.MSIL.Crysan.gen-7a5f26049488c885e95778f9a2352179be3a2f0721bba044039263214765d781 unpack001/bazaar.2020.02/HEUR-Backdoor.MSIL.Crysan.gen-9b471c2935fdd01c7e9d57e78f91d213e6d1b5a44ac1719048d92d02d1976422 unpack001/bazaar.2020.02/HEUR-Backdoor.MSIL.Crysan.gen-a52ed7cc857c5a48246c336bd22ac226100a005a8fa1306debe166af6018090d unpack001/bazaar.2020.02/HEUR-Backdoor.MSIL.Crysan.gen-a6604aebaa716ddce1cc646eb63b3ddcdc7aaa59efe4e10bcd1650dee815ea03 unpack001/bazaar.2020.02/HEUR-Backdoor.MSIL.Crysan.gen-a86751d7ee905499b6e324dc5175e287a20d34cde78cbe35a290523dea9d1cd0 unpack001/bazaar.2020.02/HEUR-Backdoor.MSIL.Crysan.gen-abf3559102f105717f176c7929b5994a35686be15d37fb91d19d885f79cc1310 unpack001/bazaar.2020.02/HEUR-Backdoor.MSIL.Crysan.gen-cd421127d97cf049c17e0d3049dc42686468f26adfdc0281e0cb64e307c54a67 unpack001/bazaar.2020.02/HEUR-Backdoor.MSIL.Crysan.gen-e20e1fd207ef943af95774fc0fc0e38da70c808b78a3dfb141e4852036a8dc12 unpack001/bazaar.2020.02/HEUR-Backdoor.MSIL.Crysan.gen-f019485de1ca48a37011e7df076b8e7105e928d4b2695caa1a6780a2a30f45cb unpack001/bazaar.2020.02/HEUR-Backdoor.MSIL.Quasar.gen-a4fcf02ada330a1e50982618833ae730d5238adbf9407e303cc6c05fa8270ba5 unpack001/bazaar.2020.02/HEUR-Backdoor.MSIL.Revenge.gen-03e6043a9dc35b10400bd0e81a62977b05e7ecf941524673bdcdcae9e012cb07 unpack001/bazaar.2020.02/HEUR-Backdoor.MSIL.Revenge.gen-60197bde238231c68c111119345b65d414bd24c7910eb5b1f3af62a0e227fad7 unpack001/bazaar.2020.02/HEUR-Backdoor.MSIL.Revenge.gen-61772167a95f7d7eb84337c06144cbba21b88b0ace8ef24d59426c7a50e6acc6 unpack001/bazaar.2020.02/HEUR-Backdoor.MSIL.Revenge.gen-81c2d363ab4104654fc8a9d4672b947d1c83e521ea47d9c8f0aaf992cb39230d unpack001/bazaar.2020.02/HEUR-Backdoor.MSIL.Revenge.gen-a16bd1b906b66c84b3b8e097e10e5fc70fedf3240a182878758ae9f108dac023 unpack001/bazaar.2020.02/HEUR-Backdoor.MSIL.Revenge.gen-acec05fb087440c24b6ac8a15051b8fc7fdfd92bdf458b165e1e19265395b595 unpack001/bazaar.2020.02/HEUR-Backdoor.MSIL.Revenge.gen-c35e3bdf0d1a7275e73f3c8c9fb57cf874ffa19ffafae649025b1e90cd07c096 unpack001/bazaar.2020.02/HEUR-Backdoor.MSIL.SpyGate.gen-1f2ae650fdefb75fd7775dd7ad86aa81ca7d19595f58b4a07b32a6502079d815 unpack001/bazaar.2020.02/HEUR-Backdoor.MSIL.SpyGate.gen-2f55841f6ccc75acaf8390d8e8c909528a6c62bfd016e788068145c168aec07c unpack001/bazaar.2020.02/HEUR-Backdoor.MSIL.SpyGate.gen-38c256f94279c37c339b3214008a8a013bba1fdf9baff77ce82ed900d333fd75 unpack001/bazaar.2020.02/HEUR-Backdoor.MSIL.SpyGate.gen-4d4fe010edd8e5cb0a3dbe463a9bea549aaee512737ac1a8e1b81c2b1100d1fa unpack001/bazaar.2020.02/HEUR-Backdoor.MSIL.SpyGate.gen-530d2f0345b4e64d7a15fce3c91ddd6f8b6122dc66fbf479bf20368d933c40c6 unpack001/bazaar.2020.02/HEUR-Backdoor.MSIL.SpyGate.gen-9ab608b32b25b2412a3ceb6de646beb37242434ee1c7cc8cc779db02e17f497f unpack001/bazaar.2020.02/HEUR-Backdoor.MSIL.SpyGate.gen-aac437030e9124f5a39f58ede1eedf0a786091efbce4fe697b468d7c2d907ac6 unpack001/bazaar.2020.02/HEUR-Backdoor.MSIL.SpyGate.gen-d7aadffd168139ae09e073e9154a8fa6a6b6be547d3beae1e157adeb1bad2c07 unpack001/bazaar.2020.02/HEUR-Backdoor.MSIL.SpyGate.gen-def7ecf8aa63604355204120f9c28e669b33268e3440e689b7e9beaaf7e7e7ef unpack001/bazaar.2020.02/HEUR-Backdoor.MSIL.SpyGate.gen-e2a886dff11b3c7d342a1374bcb9f43697ff7ffda9470b0abc6cb795171f3e4c unpack001/bazaar.2020.02/HEUR-Backdoor.Win32.Generic-1c659cbf8f73b2dd0ed8238595c225dbc1e87d5ea538c24a5d52faf0f4a49e7d unpack001/bazaar.2020.02/HEUR-Backdoor.Win32.Generic-ecb05f56049ff565d1a77351ac21374b9ba05e3cb5ecabbd113d44a254d4e642 unpack001/bazaar.2020.02/HEUR-Backdoor.Win32.NetWiredRC.gen-ddf42fa0c0c9f5e7c33dfe7cc6743f812b796b53c759e6e19ec18daa6b98364e unpack001/bazaar.2020.02/HEUR-Trojan-PSW.MSIL.Agent.gen-3690d1d02801a5cb5fbfe075853eb580648c681cf8fe11f9d3e77239ae1c617a unpack001/bazaar.2020.02/HEUR-Trojan-Ransom.Win32.Sodin.vho-0e468c960706b3f4181f54a35650b8edbd0960785dda89a72cdd1e5d600f188b unpack001/bazaar.2020.02/HEUR-Trojan-Ransom.Win32.Sodin.vho-0eb2873b91bedb21963ce3150732914fefcbdec884cd7b3d0e63b5f5424d3b37 unpack001/bazaar.2020.02/HEUR-Trojan-Ransom.Win32.Sodin.vho-0ee7783213426a5e46bc11a91acf5f2d73890bb09bbf4f3b932a4b79eeb6b820 unpack001/bazaar.2020.02/HEUR-Trojan-Ransom.Win32.Sodin.vho-1b9dfd1fe17d3783b2ab4a6d583be6fca9ba164d2a1cd6814c710774ec9bd031 unpack001/bazaar.2020.02/HEUR-Trojan-Ransom.Win32.Sodin.vho-218ad6e33041a0bdb60c8de03e7dcdf42e5392e106a4b5b0436cdaa02a8dd2c9 unpack001/bazaar.2020.02/HEUR-Trojan-Ransom.Win32.Sodin.vho-22e6baf4d3e4dba5f6f3ab349700d0169eeeb4a989b20b64a6aefba8be9fa64a unpack001/bazaar.2020.02/HEUR-Trojan-Ransom.Win32.Sodin.vho-23096a2bc9feeabd37a9704d0653f4628ef740cdfe24af364ee09d379ec39d95 unpack001/bazaar.2020.02/HEUR-Trojan-Ransom.Win32.Sodin.vho-23b7ef18b61fe3ca542372a862d19fac734c24b5cecfe9682b211129fa88f998 unpack001/bazaar.2020.02/HEUR-Trojan-Ransom.Win32.Sodin.vho-23d7cd4b0535b40662dc211b4ae28c4b5383c66b4b686064bd391a259da80d48 unpack001/bazaar.2020.02/HEUR-Trojan-Ransom.Win32.Sodin.vho-2a28f11ca820bd0bde24d41cb5307c8f2fa70174536ac13a99923ba70015b36f unpack001/bazaar.2020.02/HEUR-Trojan-Ransom.Win32.Sodin.vho-353ddd0a20aa154923d91052d8ef6c94a32fe9cb1293cde6b8d05b032a79237d unpack001/bazaar.2020.02/HEUR-Trojan-Ransom.Win32.Sodin.vho-38beb0ea97e3c5758b4839b8874d552a6ddce7bcde77986c62bf49041e229bc6 unpack001/bazaar.2020.02/HEUR-Trojan-Ransom.Win32.Sodin.vho-42996516b6604ba136ff909d9b59d2a676a72eaafa30c729cdfaddd96b20fc83 unpack001/bazaar.2020.02/HEUR-Trojan-Ransom.Win32.Sodin.vho-44bcefd86b7d36300eb2d77ba88f248cab5ecb9cfb0ec3e859e35ed519fa7795 unpack001/bazaar.2020.02/HEUR-Trojan-Ransom.Win32.Sodin.vho-578e1b00157447f99716b646af6b0c33d0f6c32257a19376d6cc9d003ff0fba1 unpack001/bazaar.2020.02/HEUR-Trojan-Ransom.Win32.Sodin.vho-5bfb1237443e270d7297a9bb2d4cc44cbc4f3ad0f71db00012a4cc0ae461e6d2 unpack001/bazaar.2020.02/HEUR-Trojan-Ransom.Win32.Sodin.vho-5f74523c92b0fde9a89cd5121fe4829a7499a7074a4e0c55adcae5ba2f374a20 unpack001/bazaar.2020.02/HEUR-Trojan-Ransom.Win32.Sodin.vho-60eb2878e6ae481bcc0945d0cfaa8d2b8cca6e576da62804d9081662a0ed372b unpack001/bazaar.2020.02/HEUR-Trojan-Ransom.Win32.Sodin.vho-6f6d4f3090669a12b7870d959302181d721436520374a4115e6c7bcfbc21cfef unpack001/bazaar.2020.02/HEUR-Trojan-Ransom.Win32.Sodin.vho-747215655246587e4db7d04356ca00afa7fbe25b7fd1f3ba4f182670a9b86519 unpack001/bazaar.2020.02/HEUR-Trojan-Ransom.Win32.Sodin.vho-79919ef76585d0c1ae83b081c852e570598705583142fd1e5ae71ba7b32e8318 unpack001/bazaar.2020.02/HEUR-Trojan-Ransom.Win32.Sodin.vho-7b8a4cc371405cd7ac06a63adee7e9500a814d78faef3bdba16b6b2d7b49b198 unpack001/bazaar.2020.02/HEUR-Trojan-Ransom.Win32.Sodin.vho-7e7edb63b2dd35481b73828564d123d6b8873a3a3cef8767ce3b0a9df89cc336 unpack001/bazaar.2020.02/HEUR-Trojan-Ransom.Win32.Sodin.vho-830a8208fe916dabfc1ee63c3e889d8277fbae954a9b00d64b2c920e1d9a2536 unpack001/bazaar.2020.02/HEUR-Trojan-Ransom.Win32.Sodin.vho-87551a242ba5861045a09e740e68d37b2a22c0a15c77723782f9568450cb5bd9 unpack001/bazaar.2020.02/HEUR-Trojan-Ransom.Win32.Sodin.vho-89f9499b3426a05ce92301481d038fe4779549c30f38c45556cbdb2558a18944 unpack001/bazaar.2020.02/HEUR-Trojan-Ransom.Win32.Sodin.vho-8c55958dc4f421350c0b0c5ac16004238f4d0957a7fba86832f7da76788a4804 unpack001/bazaar.2020.02/HEUR-Trojan-Ransom.Win32.Sodin.vho-910489e9cbb9be62a2ee6100e09d0d6006fe21cbd73d5b7085f1b69f292cf006 unpack001/bazaar.2020.02/HEUR-Trojan-Ransom.Win32.Sodin.vho-946d769a0c039fa8f76bf3b0f0cb508c76027d45e89faaeb3902ce5645bfd185 unpack001/bazaar.2020.02/HEUR-Trojan-Ransom.Win32.Sodin.vho-94ea4614b480418f94bceb76713f109687a6b775244a58d259d34c031e2becf9 unpack001/bazaar.2020.02/HEUR-Trojan-Ransom.Win32.Sodin.vho-9f9ec018f395592b0cd8726972e6bf1400eeb13b8535cf314de5f135bb65fdec unpack001/bazaar.2020.02/HEUR-Trojan-Ransom.Win32.Sodin.vho-ac659ed79aac7c38c6e249ad9c92feaafb77dbcd35ab1ccbb47691fe96030516 unpack001/bazaar.2020.02/HEUR-Trojan-Ransom.Win32.Sodin.vho-af7a14a249990479f187b3d2d0897118eeca857482ccb0215dc3c77bc908213f unpack001/bazaar.2020.02/HEUR-Trojan-Ransom.Win32.Sodin.vho-b7ae1fa5ac7ee65dffd93e9defd51b2e39a1030620560fe9eff51315e75c8885 unpack001/bazaar.2020.02/HEUR-Trojan-Ransom.Win32.Sodin.vho-b927203812bd5776ed375a59e3131046750b5050b3847bf79f61a491026f1b25 unpack001/bazaar.2020.02/HEUR-Trojan-Ransom.Win32.Sodin.vho-bd7505e3d55571e96b4d5763dbfbabdc445e44de8c8e09a660bf25b28fb709ad unpack001/bazaar.2020.02/HEUR-Trojan-Ransom.Win32.Sodin.vho-c2a4efd5f9ba6f03612eb6e8a324a6721ee84166e50a539f789b3fb6ba9e8399 unpack001/bazaar.2020.02/HEUR-Trojan-Ransom.Win32.Sodin.vho-c35f35a9e54f35375bc2f72842d038c4121a5cc6314ac7cbabca6a8dc463cfcd unpack001/bazaar.2020.02/HEUR-Trojan-Ransom.Win32.Sodin.vho-c3ed8705aecf16a07e86717d4dd6a33847cf0b87bb2d58e56a502bbf952d5f03 unpack001/bazaar.2020.02/HEUR-Trojan-Ransom.Win32.Sodin.vho-c40dfd58e6da0aade75d09b6a659cf165f072ba89aef2d60c10c153793535ee7 unpack001/bazaar.2020.02/HEUR-Trojan-Ransom.Win32.Sodin.vho-c867959e7f75f00eb11dae861bb9c198421215bb10f88e0c26e3c36aa93bd17a unpack001/bazaar.2020.02/HEUR-Trojan-Ransom.Win32.Sodin.vho-ccdb5316112f277ca0b8475884223713ca5afc4f9b729250fa5be07c486822a4 unpack001/bazaar.2020.02/HEUR-Trojan-Ransom.Win32.Sodin.vho-daa26a415b2fce72a81bb0d76b5e7552cc4e41707bb2e8fd9cfb77da5e14a066 unpack001/bazaar.2020.02/HEUR-Trojan-Ransom.Win32.Sodin.vho-e98671b2d66ed8e660d8653d19773ca46706a43c3d489b947df1fd4b0cefce41 unpack001/bazaar.2020.02/HEUR-Trojan-Ransom.Win32.Sodin.vho-f4781fb9f53f6bfd09b7e7f5df67e00d06ec739bc75b8e6a38d1c74cf91d7fc7 unpack001/bazaar.2020.02/HEUR-Trojan-Ransom.Win32.Sodin.vho-f568ba27a1779678459b3f2920a25973e34ed44c294c6bda0170f19a5b7f5ab6 unpack001/bazaar.2020.02/HEUR-Trojan-Ransom.Win32.Sodin.vho-f99723f1961f7ba1ea05a528a60558df653fac5a4046cfa70865419548e51fc8 unpack001/bazaar.2020.02/HEUR-Trojan-Ransom.Win32.Sodin.vho-f9d9a87e00ec85047f0a85828cf5fb137c3e129ea172c3b5fa9058c2748014da unpack001/bazaar.2020.02/HEUR-Trojan-Ransom.Win32.Sodin.vho-fce4810786155e188851f14000159c67656b152b5e1bf6f1aafa27dce4837a49 unpack001/bazaar.2020.02/HEUR-Trojan-Spy.MSIL.KeyLogger.gen-20a0206d431c7d26df2994c1c9d21ec2632e0e4eb358b28a28826af7e51c548f unpack001/bazaar.2020.02/HEUR-Trojan-Spy.MSIL.KeyLogger.gen-3c426a3c33438d9be6cf941a98906dd3992348e8c0288172cb161d495a774bba unpack001/bazaar.2020.02/HEUR-Trojan-Spy.MSIL.KeyLogger.gen-42a01f37ad7b9284671312c98a78a2f96b8aec1d25af8be7780bf1e8a9d64dd1 unpack001/bazaar.2020.02/HEUR-Trojan-Spy.MSIL.KeyLogger.gen-6e78135df469622bd2c705f8d37bb07c76fe53d7af3d3617a2f1d73e72774b36 unpack001/bazaar.2020.02/HEUR-Trojan-Spy.MSIL.KeyLogger.gen-8057370f5a52466f468edc174017de11e382e8d727d7ea494becb7fe24ac3bb5 unpack001/bazaar.2020.02/HEUR-Trojan-Spy.MSIL.KeyLogger.gen-86bbaa6bc1ede93f7654d889933a336fcd781039797a176dba25a1505cc9b033 unpack001/bazaar.2020.02/HEUR-Trojan-Spy.MSIL.KeyLogger.gen-87b0a6a233ea403868b58ac1960ad6799785a06b684c38e5517a9254a544145a unpack001/bazaar.2020.02/HEUR-Trojan-Spy.MSIL.KeyLogger.gen-a0d362e2231e016ca7a5c976dd1ff93c24477215bb89c0278ad2e375195dd448 unpack001/bazaar.2020.02/HEUR-Trojan-Spy.MSIL.KeyLogger.gen-ad4c7342f0394336560063d9ea2d53c4e39dd280e776b69a9f0fb1364126dab0 unpack001/bazaar.2020.02/HEUR-Trojan-Spy.MSIL.KeyLogger.gen-be2600ebccd8ec339463b7927783c0465f3cdb2979663478619073b9e1773db0 unpack001/bazaar.2020.02/HEUR-Trojan-Spy.MSIL.KeyLogger.gen-bf3aa88502b6f15711ae0ac0702c8bdc8219f27cd48b946b20d2f0c225d4cce5 unpack001/bazaar.2020.02/HEUR-Trojan-Spy.MSIL.KeyLogger.gen-e00d93aa468014f173c109744b794332846f7dd7ac5151009612ede7eaa1baea unpack001/bazaar.2020.02/HEUR-Trojan-Spy.MSIL.KeyLogger.gen-e78c4aabbfa59e6199deb608bd39eba890bf04dfd59a77b9c99589f668d04268 unpack001/bazaar.2020.02/HEUR-Trojan-Spy.MSIL.KeyLogger.gen-ea51449ecfbdea8639b28d8d1e4f0403f5e1f3b3e455d3d8c4beba7532a340d3 unpack001/bazaar.2020.02/HEUR-Trojan-Spy.MSIL.KeyLogger.gen-ed5910defef802d55719379010b1cb99b007928f2947bcf0c778c8f479892084 unpack001/bazaar.2020.02/HEUR-Trojan-Spy.MSIL.KeyLogger.gen-f38e6fdee72634232d6bc1c9e4a843716a2200c2092e71f7cfa8865ab9679e13 unpack001/bazaar.2020.02/HEUR-Trojan-Spy.MSIL.KeyLogger.gen-fc5850691ea4a7b14caf53c5cd989fe6c04f7eb3d0e64ad39e184421234dcf77 unpack001/bazaar.2020.02/HEUR-Trojan-Spy.MSIL.Quasar.gen-dff69a4857e56c6c013e1959908154884ed9653414ba1f6d1720f8b1f1af1f8a unpack001/bazaar.2020.02/HEUR-Trojan-Spy.Win32.Xegumumune.gen-9a31db5bc233b3fedeeb7f8fda079d92cb4c42377d763f3cf37c98d452962ebe unpack001/bazaar.2020.02/HEUR-Trojan.MSIL.Generic-7af6be720f63c86de10443745e332a5717aa9b14fa3e8ecca584ef370f2080da unpack001/bazaar.2020.02/HEUR-Trojan.MSIL.Generic-e0287568096f94034a8746adef8f4c08db4ef5f51134f90740b1c72eb1b1eb0b unpack001/bazaar.2020.02/HEUR-Trojan.MSIL.Tasker.gen-8a31c332dfb8714bc0c66300102fa84ee54a4027ed40e2c7082957abb431c34e unpack001/bazaar.2020.02/HEUR-Trojan.MSIL.Tasker.gen-e513eb020887dd56e85e55803b1afccb24ae116380947993da2e88a71e97be14 unpack001/bazaar.2020.02/HEUR-Trojan.Win32.Agent.gen-329b0bbd1b23398088454dbfaaaa99ab94338ead9fac8fff6018e33f63fe7690 unpack001/bazaar.2020.02/HEUR-Trojan.Win32.Generic-00d4903c9864c5b55f6cba9848f3bc2f2976ad18e9c5763408323c8d9505ff68 unpack001/bazaar.2020.02/HEUR-Trojan.Win32.Generic-063bbcff3066fd40c909e97833f35e6f4f5a4e0d2a1ec590fd64aea2211196af unpack001/bazaar.2020.02/HEUR-Trojan.Win32.Generic-10071b7fc8c1800063e60780b8c00b3c0045feecdb92e08ac45cc057127193dc unpack001/bazaar.2020.02/HEUR-Trojan.Win32.Generic-14ce399fdd253df979fa369daeaeec88b785f661f2b288000345746a3ddb78a1 unpack001/bazaar.2020.02/HEUR-Trojan.Win32.Generic-1ab5a32c95f4645f124b455ccbd65a46e56897a9f0f62e3edd8a8c3ea06189ab unpack001/bazaar.2020.02/HEUR-Trojan.Win32.Generic-1db41e3285f0819f9f614052a76500038e9ec2433550c240aeceb2787b235808 unpack001/bazaar.2020.02/HEUR-Trojan.Win32.Generic-20834d83e3c56d3cedb42c869587d9e9b9c71624b32469a06a042881c5fa1438 unpack001/bazaar.2020.02/HEUR-Trojan.Win32.Generic-22d836128a4dbbec539196ddfac90474a71230f43b9527f9f37d5f3a56bbb535 unpack001/bazaar.2020.02/HEUR-Trojan.Win32.Generic-253d2bc02e9a0b835ce9c7bf6f05bc9fa33bc60ddfb71f1da3de26befa103894 unpack001/bazaar.2020.02/HEUR-Trojan.Win32.Generic-2567ad2059f892ce4cb2eaaebe52badfad622e6b1c6044c542ff2910ece4a6bb unpack001/bazaar.2020.02/HEUR-Trojan.Win32.Generic-26f7e1788c2656cd64e69ac68873acfdd0160ff6ed07880720c4a52f5d52bc10 unpack001/bazaar.2020.02/HEUR-Trojan.Win32.Generic-2aad7f7edf402c984b9470586e8676190a72c59ccd8a232d5010eece7e85d451 unpack001/bazaar.2020.02/HEUR-Trojan.Win32.Generic-2b54d8ac1e78e75cc3737fe24ed0ad4ad558033f76feb1cee362b90fc215fbed unpack001/bazaar.2020.02/HEUR-Trojan.Win32.Generic-31736a54c77e7f44f952f55536eb4ac6d5863c9ed970a087c0d1cc801a558728 unpack001/bazaar.2020.02/HEUR-Trojan.Win32.Generic-31f24a687e78048dd69114d16e9fb8d4dac18f64bf355c07f02c5613a0276efe unpack001/bazaar.2020.02/HEUR-Trojan.Win32.Generic-324c53b81b626af489bb2a1d0a42cc88b4e7f18e291060503455ac1a7a4fce90 unpack001/bazaar.2020.02/HEUR-Trojan.Win32.Generic-35e54a27e5315bc5b1f0069b44e1f94a4624107ec2015c1d820bb4f2c4ae8225 unpack001/bazaar.2020.02/HEUR-Trojan.Win32.Generic-37347923c50a562b1f3a24212e85b9490fbbed9ae9c395d3d3f9db51cbc987f2 unpack001/bazaar.2020.02/HEUR-Trojan.Win32.Generic-38451f9cee47daf6fa98fee356ebf5a18194c5c5fa4d2ffc69af515a60de5e8c unpack001/bazaar.2020.02/HEUR-Trojan.Win32.Generic-39ec963bdfd683141a24c10435e4a6104375f5c1f61af2053b017ee55b84d1c1 unpack001/bazaar.2020.02/HEUR-Trojan.Win32.Generic-3e1e4faf11d4ea1f0be8e16658685f524fad1d5b464857422b88bbbacc878ab6 unpack001/bazaar.2020.02/HEUR-Trojan.Win32.Generic-40be51737bb8b9c99a97cf8024014e3f0dfc7bb56471856206365714476add9d unpack001/bazaar.2020.02/HEUR-Trojan.Win32.Generic-47c5387e8459af563993969200416cae6f9ad30748060c8d952c0ad4d2bae3e7 unpack001/bazaar.2020.02/HEUR-Trojan.Win32.Generic-491eec6f62e89b017a00c2dccf51864afd6debf003a5e83d4081499a293d7221 unpack001/bazaar.2020.02/HEUR-Trojan.Win32.Generic-4a3f69c2613f4a514b1c904f7e019990d68718fbfdbb6ffe2896c50489ea5814 unpack001/bazaar.2020.02/HEUR-Trojan.Win32.Generic-4a4dcb3d44b25875a661b16ee7d351a057b43921277b1f44a6b17354bb6936a3 unpack001/bazaar.2020.02/HEUR-Trojan.Win32.Generic-4c42f6a7027df50fff5e175148e29c9fdcde33a77cde36eee1dd8aa121f1fec3 unpack001/bazaar.2020.02/HEUR-Trojan.Win32.Generic-4e351fed9605d912eb226a3925148012201c99875f38a12c6d95c7fdbf5f5e3e unpack001/bazaar.2020.02/HEUR-Trojan.Win32.Generic-521a9733212dcb2f2e9345cc722bfb06ba823f34fc35b2264b7fc4f48397ecb5 unpack001/bazaar.2020.02/HEUR-Trojan.Win32.Generic-548c48b438d61c6b9cdc1c0c6ef46622c4469405dc7bb677f366dbd1bdb15fc9 unpack001/bazaar.2020.02/HEUR-Trojan.Win32.Generic-579664b49a5ef76626175ada92546a40f63ae977ece60b2f8649b6eac24ca290 unpack001/bazaar.2020.02/HEUR-Trojan.Win32.Generic-5cb1c07a56ce3bd1a4b3828f508c5aaba1aebd1dab0bd9566f41603481827876 unpack001/bazaar.2020.02/HEUR-Trojan.Win32.Generic-5d8446a23b80e9b6cb7406c2ba81d606685cf11b24e9eb8309153a47b04f3aad unpack001/bazaar.2020.02/HEUR-Trojan.Win32.Generic-6142acc1a46f79c83a1f331b2b0abf1bc675837e8a26c1004b19b4131d980556 unpack001/bazaar.2020.02/HEUR-Trojan.Win32.Generic-634a5e24eda00b716c30b8c463f811a3d0d413a8e0e1e02b1bb2518be225ddcd unpack001/bazaar.2020.02/HEUR-Trojan.Win32.Generic-639d28b15f1b7eacb0643ec4d0d01f616c67331e4922ff70fb0c11d159a71722 unpack001/bazaar.2020.02/HEUR-Trojan.Win32.Generic-65878cef4e2fdd03c3c08a4070105ebe37c0c0f311679a0c21208ac9f8f7c069 unpack001/bazaar.2020.02/HEUR-Trojan.Win32.Generic-65da4ede295a31428f8a1ae2ea76f27c92dc5d9c8cb5cc440a69c82bc0cbd6e5 unpack001/bazaar.2020.02/HEUR-Trojan.Win32.Generic-6cf989387bc4334c2b9c9a3d1904c072832486a4e1d27fb7a8400bea73b8fc01 unpack001/bazaar.2020.02/HEUR-Trojan.Win32.Generic-6e323bddb6f10b049428e50b9cf4da9f047829e83aa32e00bb2a7f4dc2a5e588 unpack001/bazaar.2020.02/HEUR-Trojan.Win32.Generic-6e3f2ebb560fede5fca72650a4f495d1038930a3a7c0bebbd032be0a79e1f2b2 unpack001/bazaar.2020.02/HEUR-Trojan.Win32.Generic-6ef0658079cebc519cd469248cd6ff40dfec559c07249603a826d8cfaba263e2 unpack001/bazaar.2020.02/HEUR-Trojan.Win32.Generic-6effb7ad8b4b42bc97ace9c3f1caf5089323493f535304bbcfca5819fdc30106 unpack001/bazaar.2020.02/HEUR-Trojan.Win32.Generic-6f6a97800bd9fb1ba19cbc7538f8c67a95260d7b4dceb2edf18e2c5795b9cf5f unpack001/bazaar.2020.02/HEUR-Trojan.Win32.Generic-6fcfa488c67737f9dd617995bb0d67087feb4f84d6ee1fdd26a8fc1e01931b2a unpack001/bazaar.2020.02/HEUR-Trojan.Win32.Generic-72932b9f1884e066fe30966a1a3089b26208297cd6ecbfd76249d9b82b5cb616 unpack001/bazaar.2020.02/HEUR-Trojan.Win32.Generic-78364eb0cc0cf381b000b9ae8f942bb4c94f342ba10827d7e7e4dd8ae3d140ff unpack001/bazaar.2020.02/HEUR-Trojan.Win32.Generic-7c7f23a33db8b6dc22b0b8897bef020ce74670bcb8723f9bc8e6b15f280408cc unpack001/bazaar.2020.02/HEUR-Trojan.Win32.Generic-7e55fd01c96f84a79956e90c1ab551cc636043c989902b32dcc0c60c97720ab0 unpack001/bazaar.2020.02/HEUR-Trojan.Win32.Generic-7e6dce4194b7f42515cfe70a26a19cf018b66fd4522a0f10c46fac5bf884aad2 unpack001/bazaar.2020.02/HEUR-Trojan.Win32.Generic-7f90d1d2465e6b3c69236275c96662690ccc5eef0d4b4ed2dd90bdf298cc7539 unpack001/bazaar.2020.02/HEUR-Trojan.Win32.Generic-845f3f7d59365c2cc41ef827fa7c9e146f7746dc0720937c7bd29049e42d81f2 unpack001/bazaar.2020.02/HEUR-Trojan.Win32.Generic-88889c90ef9432e7eae81bf3aa181b173deb8e8f8e6295d7737c516ee7f2f77f unpack001/bazaar.2020.02/HEUR-Trojan.Win32.Generic-8a0a78df298dc039aca3ead63d2f293d980c69ba9db23d5c2f2a9b37ce33b539 unpack001/bazaar.2020.02/HEUR-Trojan.Win32.Generic-8c41cc5d45e91f116aa8319fbadfd91657375e95145559e39f76e1f5380ca53b unpack001/bazaar.2020.02/HEUR-Trojan.Win32.Generic-8e02ebc246d1c26c5c5df05e93c8eede2b735846e464a8c2929bef2c6e4dd517 unpack001/bazaar.2020.02/HEUR-Trojan.Win32.Generic-90a3ee4bb184d38630de9018450ed6be6fdeb2e6b562ccd04fc88f0ad0c865f4 unpack001/bazaar.2020.02/HEUR-Trojan.Win32.Generic-920872696e5911393610e0f5967c530a197c2ec43fa1f0ad30792712e8f3f019 unpack001/bazaar.2020.02/HEUR-Trojan.Win32.Generic-94e8fa6dac6e1a9e76dabf84a2478626eb9cba660c3a9dbe525caa7271fcdef6 unpack001/bazaar.2020.02/HEUR-Trojan.Win32.Generic-952ac15d63c149fe69bf8244baa71fea739ccb58a22e2cba83b01d6dbf688bab unpack001/bazaar.2020.02/HEUR-Trojan.Win32.Generic-96bf799fbafcbc9e851fe8d3b10b292c4eabe9bfc9d208e99974b1b55d335c63 unpack001/bazaar.2020.02/HEUR-Trojan.Win32.Generic-99d42cefa02973d7a59be7b81a4349bbed6b369c947656dac8b5a70568803716 unpack001/bazaar.2020.02/HEUR-Trojan.Win32.Generic-9a357f09b76c7c511920154450c9b4a889095f65000e65f6bb6f99748a67a805 unpack001/bazaar.2020.02/HEUR-Trojan.Win32.Generic-9c15ad04809d348f9e4d68da4f530929d103402b2cb83d1732c524e8cbaea45b unpack001/bazaar.2020.02/HEUR-Trojan.Win32.Generic-9c4a7e8094a3602e3b8bc976a88759f9e805b904b8f394dfa39a9121167abff4 unpack001/bazaar.2020.02/HEUR-Trojan.Win32.Generic-9e1059927c865b045b6226c306aa6b5eae5e24532affb7a0a4588bc435ce5ff7 unpack001/bazaar.2020.02/HEUR-Trojan.Win32.Generic-9fe0df51775c3935b1f385a5b924bd53218f0711378cbed62da01e96cae89fc6 unpack001/bazaar.2020.02/HEUR-Trojan.Win32.Generic-a2f3108c3c2c32f1b9ae75f694d1ee15a2647b2ce3d65f6df9bccaf426fb7af1 unpack001/bazaar.2020.02/HEUR-Trojan.Win32.Generic-a585796634217ff4ab444ea95d43a01a1aa4b3a280b41eaea0e42223e491efae unpack001/bazaar.2020.02/HEUR-Trojan.Win32.Generic-a653e4c1521fd408b227bc19b177c072dc2a094416818638df26a0237054fe7c unpack001/bazaar.2020.02/HEUR-Trojan.Win32.Generic-a67236c36e7eb778bc71123e02384f740d80c4aa869834bdc22f4c62be6a3078 unpack001/bazaar.2020.02/HEUR-Trojan.Win32.Generic-a724b9208eec5030d377368203ee2ffb7673f3c7178f9db0f74fd15d18bf3f64 unpack001/bazaar.2020.02/HEUR-Trojan.Win32.Generic-ad01160476ded3d8dec827042e6627e5b2a50a4bcf47b37fe892b957de4e149c unpack001/bazaar.2020.02/HEUR-Trojan.Win32.Generic-aece2185bb51693d72cdfd7bc57474dcc659b72bf6a343320783c4c039598b43 unpack001/bazaar.2020.02/HEUR-Trojan.Win32.Generic-b1124ee47ce6a5bb4750b45d1d93f0c740ebda59fca7f1ee5b3d17ea2613d786 unpack001/bazaar.2020.02/HEUR-Trojan.Win32.Generic-b48799d2eee65351dde0cf00b8beb57ab15da799384c1b546c358f18d412a6db unpack001/bazaar.2020.02/HEUR-Trojan.Win32.Generic-b4d67a1a00e261d1f0850dda2d512003d548e5adac903bc28bebc0ab2c9ad84b unpack001/bazaar.2020.02/HEUR-Trojan.Win32.Generic-b697861cc38f600c83f679c0b8fa3347bf5f869d89465c07101c92a5eb5f8163 unpack001/bazaar.2020.02/HEUR-Trojan.Win32.Generic-b8a92e0ec11d91aaa6c5c44f37024d9f09071623dcf2aa67462189e84f683b65 unpack001/bazaar.2020.02/HEUR-Trojan.Win32.Generic-b932c16df904620eff8e4f2b5de4bbcd5af8791827a11e9567f406daa16565eb unpack001/bazaar.2020.02/HEUR-Trojan.Win32.Generic-c52ab8a1946d9658e5c274c1e51932fc643f96521e6d399ba77a2222af822476 unpack001/bazaar.2020.02/HEUR-Trojan.Win32.Generic-c8b2eec7a0e0086728ac0d69f6f2e3749f5ef31d970d910e0f77639475006dcd unpack001/bazaar.2020.02/HEUR-Trojan.Win32.Generic-c8d8f79ad37249faa03dae92947af35d310fffc28b7597507246d1f8c8eb9fea unpack001/bazaar.2020.02/HEUR-Trojan.Win32.Generic-c935473ffba371fdc0afc552e5d4d71c3e1400d7d07316262bcbbb93b6668b77 unpack001/bazaar.2020.02/HEUR-Trojan.Win32.Generic-c9feba4cc57bd4d8a9a04af3ccc6c239857791e5a496e5ac75137f29cc9bf7ae unpack001/bazaar.2020.02/HEUR-Trojan.Win32.Generic-caaa5263db4330c246e82a67c5f0773c32478390644121a4555c90476bb526b8 unpack001/bazaar.2020.02/HEUR-Trojan.Win32.Generic-ce883dcbb367f40332251ac2054edff9d12f6dcbe483b04fef88ebd4cae28be7 unpack001/bazaar.2020.02/HEUR-Trojan.Win32.Generic-d0fa5f41eaf22b17c2a2c2a65eb6ae69c36e2533d184cc07a1295c218e672978 unpack001/bazaar.2020.02/HEUR-Trojan.Win32.Generic-d163a0c4e233656f8162b5c5ed558ad18f18a969a28e7ee34de704b69069d30e unpack001/bazaar.2020.02/HEUR-Trojan.Win32.Generic-d80a899843845ba8ed8077d40e6d7c6935e407ece04463d9092f75ee34e6ecc0 unpack001/bazaar.2020.02/HEUR-Trojan.Win32.Generic-dbdc1398559f3db44d18f68de43bb811de9c4fab16ce1e0fac95cd738dcaf2f8 unpack001/bazaar.2020.02/HEUR-Trojan.Win32.Generic-ddc9c053dffe73d360c81672504cbc37bb85693fc587867a83f99cfb9184b68d unpack001/bazaar.2020.02/HEUR-Trojan.Win32.Generic-e0717a6c90b4fc941a29d4c5272cd6139b1b86c1e0103d7d58955bf05c4bbb9b unpack001/bazaar.2020.02/HEUR-Trojan.Win32.Generic-e4d1ed3eca417e52557775993d92b2b024142a5ddb45ea7a3a6dda5e13c0996e unpack001/bazaar.2020.02/HEUR-Trojan.Win32.Generic-e632779afa8a535c1c33326cd2ed3c21a2dd3d5978e83670b209bd42778fee4d unpack001/bazaar.2020.02/HEUR-Trojan.Win32.Generic-eb39aa174e5a1bead3c5c6d6003022cdbc309d09820024b7cde7afc1347e7b9e unpack001/bazaar.2020.02/HEUR-Trojan.Win32.Generic-ec3c8bb69881ff50e0b35fe6b54c42f34d3f2d116cecd82ab7336984bdf4ef41 unpack001/bazaar.2020.02/HEUR-Trojan.Win32.Generic-ec4f2c04c1b71661872758781a7cee0973021e265fba57fbc8dbb8a4bf3614e5 unpack001/bazaar.2020.02/HEUR-Trojan.Win32.Generic-eeb8f190b604e6a50611345ec77050d40c18e291849be1ee5d47f46d5e9ed957 unpack001/bazaar.2020.02/HEUR-Trojan.Win32.Generic-ef5c8a793083695a015f7c29543bdd61275d9139f4071064cd18524e0f55ea02 unpack001/bazaar.2020.02/HEUR-Trojan.Win32.Generic-efbe05cbdbc16fea15a71a18c891dc9cb2e88d13de35b515a616a4a94bada0b3 unpack001/bazaar.2020.02/HEUR-Trojan.Win32.Generic-f01befb0270c212d3f5c8d4501e19c544aa57010bd30bbf1d9817789ef7d83d0 unpack001/bazaar.2020.02/HEUR-Trojan.Win32.Generic-f3d79fdaaf41d0bafb0950845f7a50a16995a376a767ebe09cde3d93a72f400b unpack001/bazaar.2020.02/HEUR-Trojan.Win32.Generic-f67ad736a0b228abca843c8dabb426263903b4c95548a64d8ff5a078ba9cf8d9 unpack001/bazaar.2020.02/HEUR-Trojan.Win32.Generic-f96a3c58fc9dc49cb3064cba97c9629e2f04eb0c48dc0507bb1264f2d991b411 unpack001/bazaar.2020.02/HEUR-Trojan.Win32.Generic-fa84bcc1375121f4ea3c3d091399ca5367fb99cb6a66ef0c49a38b2e38ab224e unpack001/bazaar.2020.02/HEUR-Trojan.Win32.Generic-fbb4863016dfcfc7f11e3d41896c2f42efd1c376d5c85f7b9bcd0d244e260b99 unpack001/bazaar.2020.02/HEUR-Trojan.Win32.Generic-fc8001d8cd8308ef3fe660bb5cd20920a038b091b6aff202281060199453cdf5 unpack001/bazaar.2020.02/HEUR-Trojan.Win32.Generic-fd119a762866a0b3a798fc0421b49769f06153881d762bda8f5015df9495cdb4 unpack001/bazaar.2020.02/HEUR-Trojan.Win32.Generic-fdf7af1118dbd4fa30dcf72d07b2a114c8242207c13aa672eeada3dc5de8582f unpack001/bazaar.2020.02/HEUR-Trojan.Win32.Generic-fe0eede4b7205c77ce055b7e99be118d19c402101892d67f76bcbe4ec8049038 unpack001/bazaar.2020.02/HEUR-Trojan.Win32.RRAT.gen-0760806d2cb04dfa58902d85e3503e313805e8056565097cf18d4d24249679d3 unpack001/bazaar.2020.02/HEUR-Trojan.Win32.RRAT.gen-0b3ca8fc417a9e5ac4101babf092999399fe7aadc4d8b68b4707e8297db0a08e unpack001/bazaar.2020.02/HEUR-Trojan.Win32.RRAT.gen-0f0ad0df89b895ae4e7ad72b7d6bbea015fe566fe98b577553cb95cd3fb96766 unpack001/bazaar.2020.02/HEUR-Trojan.Win32.RRAT.gen-0f9f2ed3669af8502dfad754d0dc2e7682fe7bc4d0044f7cc3ca61a0e1170d15 unpack001/bazaar.2020.02/HEUR-Trojan.Win32.RRAT.gen-23fc02f1e3783ac574850e9f210b8fb54e2a3dd589ed4b0399157e1708457ed1 unpack001/bazaar.2020.02/HEUR-Trojan.Win32.RRAT.gen-275e4633982c0b779c6dcc0a3dab4b2742ec05bc1a3364c64745cbfe74302c06 unpack001/bazaar.2020.02/HEUR-Trojan.Win32.RRAT.gen-291bf31470c9bcacec467c980adb7a3d111ebb6b72cf07147884a7eae5cabde9 unpack001/bazaar.2020.02/HEUR-Trojan.Win32.RRAT.gen-30ef3d46a266114674f601d9d03f85029ec54821f104b9e86903113d47914b6f unpack001/bazaar.2020.02/HEUR-Trojan.Win32.RRAT.gen-31b10f1a4a6bb1e74af48d786c3c5957d1fdde4307adb24d5cbf06f278fc18ae unpack001/bazaar.2020.02/HEUR-Trojan.Win32.RRAT.gen-3ac39ece6e1953f03e88fdfb942bf9f0dcb8d1da643cbd9677032f2ac7861d03 unpack001/bazaar.2020.02/HEUR-Trojan.Win32.RRAT.gen-42e23b5a0fde78a0677c91043c9484aa6a9942fadf7e535a07104ff0dd501cb4 unpack001/bazaar.2020.02/HEUR-Trojan.Win32.RRAT.gen-58f1865d2fb00775add6c9d34aa504118bc962e08fba8fb79b288515320ef933 unpack001/bazaar.2020.02/HEUR-Trojan.Win32.RRAT.gen-5a810a0b7402b9023f8c5016d0341a5070ef1ce52f0b124b6ced8a3846e54c83 unpack001/bazaar.2020.02/HEUR-Trojan.Win32.RRAT.gen-6ebe2626d66a590a572cca546c2b1c472f5e1b7db26f89cc8f6f073125fe82c5 unpack001/bazaar.2020.02/HEUR-Trojan.Win32.RRAT.gen-6f03b44e93301e51660e62609d5a4c0982ecc139317e274c8450834a774a05b4 unpack001/bazaar.2020.02/HEUR-Trojan.Win32.RRAT.gen-7e1f0c4593e27a0841305ca73d83f6ccdd900ecf8ed8863feb9a301367c5dac1 unpack001/bazaar.2020.02/HEUR-Trojan.Win32.RRAT.gen-8efd6f95c39e86627b1f9cc553fa7bed152dbf4788662bee15d3b5bdf0c1b79e unpack001/bazaar.2020.02/HEUR-Trojan.Win32.RRAT.gen-98c053d0a020c3146a1cfee09150fb2fc342f501ce00b0a898935c042ebe7016 unpack001/bazaar.2020.02/HEUR-Trojan.Win32.RRAT.gen-9be010b45a81a22f2d50c1d35f31384152c5b91dd7e3a1fe81b2c4fa95bb468c unpack001/bazaar.2020.02/HEUR-Trojan.Win32.RRAT.gen-a26b3e551732d7ef9c649bd713bb22210d3123ba081df325bc534c9c740def1e unpack001/bazaar.2020.02/HEUR-Trojan.Win32.RRAT.gen-b45741c0c50256480cdffc15bd14a3770d895232c1e482e91f5e298daea023fc unpack001/bazaar.2020.02/HEUR-Trojan.Win32.RRAT.gen-d45ab6328d392df91c86b67708bf1994f8b3dd263edd88b91ff0b02e738fb250 unpack001/bazaar.2020.02/HEUR-Trojan.Win32.RRAT.gen-d9a9a7ab99db0946ecb0f5f398eddd0d820ffbde0105164064e168f1ea73ba26 unpack001/bazaar.2020.02/HEUR-Trojan.Win32.RRAT.gen-e46cd935e22dcbb21e8a802f714a28f91ffd53351655f28c1df0b418d6d535b5 unpack001/bazaar.2020.02/HEUR-Trojan.Win32.RRAT.gen-e54384fe872d30bf574d7b80311ce1c6d9f86a8db7b6e47cbd03069eea1bdd61 unpack001/bazaar.2020.02/Trojan-Banker.Win32.Gozi.igc-59fc347dac3dd1c78d62393589818b5417ca041d697d155040988b14562bc797 unpack001/bazaar.2020.02/Trojan-Spy.MSIL.KeyLogger.jld-57a9e199176b14c33f65ff74e8a9c858beef84d247c29d925d87c6e8313b9e92 unpack001/bazaar.2020.02/Trojan-Spy.MSIL.KeyLogger.jld-5f660bdf5435c4fb1ad9f4aafbb7b38def8ca93dfed281e9b029d4d036e6946d unpack001/bazaar.2020.02/Trojan.MSIL.Agent.foww-127e69ed4de5d98d060b70789551d2967c1ebbb895037a0fe20ff7229440ef49 unpack001/bazaar.2020.02/Trojan.MSIL.Agent.foww-32d915040990164c6dff0ddcc5e7cf4258d90f9e425e6058e5a771e084b73bdb unpack001/bazaar.2020.02/Trojan.MSIL.Agent.foww-35826857f7763122fb380c1392f2d0fb820ec28c1f16e858b3846b9f681525af unpack001/bazaar.2020.02/Trojan.MSIL.Agent.foww-588eb55b57e118fbee66a6d0586de453ea4e0ae1a781c73e1bbe10e8e24641fc unpack001/bazaar.2020.02/Trojan.MSIL.Agent.foww-5b441845c2a6dd856d00a56b6dc812a13da0fee80a10e55ed7afd103914e6513 unpack001/bazaar.2020.02/Trojan.MSIL.Agent.foww-5eb26eb056480f6083f7565a572b2dd6ebc992a99d8220dbf0d736c7b4a12077 unpack001/bazaar.2020.02/Trojan.MSIL.Agent.foww-7431f9ba6aec04eac9673c804378df129f167a06927649ec7aca9872fb15f14b unpack001/bazaar.2020.02/Trojan.MSIL.Agent.foww-78ddd7ee459b76b72c74a996678b97f3c215f5627dde3d49afed389867d853f7 unpack001/bazaar.2020.02/Trojan.MSIL.Agent.foww-7d016ad09b5362b12283b52164529321914d6e2d26dfdb011e5bf39d67855b3e unpack001/bazaar.2020.02/Trojan.MSIL.Agent.foww-a53732f6b49c8d9b99b7bdad38c3255f7ea944e14b86c8f674dd3187c74e808e unpack001/bazaar.2020.02/Trojan.MSIL.Agent.foww-a5a95cd39484fabee1551b0daeb1a3c3fc94c610fe2020e2f714f366ef1430aa unpack001/bazaar.2020.02/Trojan.MSIL.Agent.foww-ac9e09f103268fe05d4f463f8d192e7ff220ee1428258063b4f2f26c531ec57d unpack001/bazaar.2020.02/Trojan.MSIL.Agent.foww-c0cd9c51c4fc4f7805d5d2e5e08e3701c2214ab9ee25a239b2ab3c7af0c8e797 unpack001/bazaar.2020.02/Trojan.MSIL.Agent.foww-c4682163181637eb17e174cc795eba8b094f6d6c76a60b14cdfa38ae7471c768 unpack001/bazaar.2020.02/Trojan.MSIL.Agent.fpar-0737463d0ed8addd2c9adf17c3289e48ea012750b5f826da5b33da8408341e3c unpack001/bazaar.2020.02/Trojan.MSIL.Agent.fpar-86c8896067480a260f931692b6f2223d603415a0708e8d16cc5ead90f9b22ba3 unpack001/bazaar.2020.02/Trojan.MSIL.Agent.fpar-aea3597f24009ec7a5212edf353080643e43839f2a5e6933c456c8d3aa147da5 unpack001/bazaar.2020.02/Trojan.MSIL.Agent.fpar-b603ac369d000ccf2c33d13a62af4e02a41ee021ff787427505b83a86460c047 unpack001/bazaar.2020.02/Trojan.MSIL.Agent.fpar-c4e48bc0716a6eafda6fc596fc5a38a201071d76551ebb14921c6b38adf8deba unpack001/bazaar.2020.02/Trojan.MSIL.Agent.fpar-cc559587825877b40a955baeea22039cbc35813ee00e139fa6a3c90b7355283a unpack001/bazaar.2020.02/Trojan.MSIL.Agent.fpar-d44670b7dede4487ecc7d4a61f28a0462591fac8d303aa36b8b376001c79111d unpack001/bazaar.2020.02/Trojan.MSIL.Agent.fpar-d8c2b06570a0c86994d2ddf5b0e98d69365d9541ff262a03f4c1271d2def4cff unpack001/bazaar.2020.02/Trojan.MSIL.Agent.fpar-e039762eca5db26ade1a4e3483916193ebbd335b5760c54a2b2243877f41ed73 unpack001/bazaar.2020.02/Trojan.MSIL.Disfa.bop-18c601f2c857a8fc639396cc131bde47b16c0bca95ea7f2ca78f7020adc77b8b unpack001/bazaar.2020.02/Trojan.MSIL.Disfa.bop-2d373452dedac769b8f2ef99985f0c1fd21f4a5d45f45b9e301196da80223ec4 unpack001/bazaar.2020.02/Trojan.MSIL.Disfa.bop-7eac3dab8df1f347802cbb863cb525b4c00e2b6d5488b409969967bb2baac695 unpack001/bazaar.2020.02/Trojan.MSIL.Disfa.bop-afc68f8b78045786888471eb198cccacfff9fb5b6e39f7ca585222d60d52ff9d unpack001/bazaar.2020.02/Trojan.MSIL.Disfa.bop-c3e9e467dc54d54f8794d49cb9f5daf9aa7371121c7e5411eabc4061d7555094 unpack001/bazaar.2020.02/Trojan.MSIL.Disfa.bop-f489cba00e6d7bc606ea137f639ac40baca8871474066bec0a839fae75de4eaf unpack001/bazaar.2020.02/Trojan.MSIL.Disfa.bop-fe30c3e3acd5449124af4d0f78bd33a4e6a35d4240d9c7ad8dea1a1332e1312d unpack001/bazaar.2020.02/Trojan.MSIL.Disfa.bqd-a88edeb377205df24d69e4215b7d48f251231fdca07763cb498b9b0107629eca unpack001/bazaar.2020.02/Trojan.MSIL.Disfa.bqd-bb42676345c8aed263ed1e32c7ce22c5e6a9838a92c21d376e39356db0dbd940 unpack001/bazaar.2020.02/Trojan.MSIL.Disfa.bqd-f710f839c4211f980cb6f2c2ba51e28eda20891810e5a57ac395bf467ff6fedf unpack001/bazaar.2020.02/Trojan.MSIL.Disfa.bqd-fbfea1db4497202597c91cfda1d44136e85ca74fbf780baab2f1b1520c724cd8 unpack001/bazaar.2020.02/Trojan.MSIL.Disfa.bqg-931238083c5373a7b48f5d06916e4832af77af36a0b6569f9750511d509dc490 unpack001/bazaar.2020.02/Trojan.MSIL.Disfa.bqg-ae9ba2145b99bca3d87d444a47246a5bcd426993c74733faf4892d20e195d6b0 unpack001/bazaar.2020.02/Trojan.MSIL.Disfa.bqg-b3a4d7c4c5b4a03a8a11dc9f6bb313a4c6da0040f2e45a48dc76ebc3f12d7842 unpack001/bazaar.2020.02/Trojan.MSIL.Disfa.bqh-0dfca39c7ebcca00525b6d29fb720a32396a12716322609498528bdcf91d8715 unpack001/bazaar.2020.02/Trojan.MSIL.Disfa.bqh-6ec3febd674513a33ed7c68a64fd8b02b0436a96f79b69821faad1334025937d unpack001/bazaar.2020.02/Trojan.MSIL.Disfa.bqh-7b864591a77a15197d9f25ed3e625b50576ffc061f2849ac6fcc245d296b7357 unpack001/bazaar.2020.02/Trojan.MSIL.Disfa.bqo-8b635dcdeacc541a398e5862d13ea54004302b8c06b63a2db0ddc7c6528e804f unpack001/bazaar.2020.02/Trojan.MSIL.Disfa.bqo-971e4b2879189d8d1f19a1d5874dd6f571651aa02ed7cf7d97f2c0b43fa6b6c2 unpack001/bazaar.2020.02/Trojan.Win32.Agentb.jiad-1e0cc4051f5ea6cb75b0df551bc5be60abc54ca51cd1611dc760aa245a0055dd unpack001/bazaar.2020.02/Trojan.Win32.Agentb.jiad-8aa2c9406939c8c158483b7607b68846a87b1ee8fba9301d11aa812429516db5 unpack001/bazaar.2020.02/Trojan.Win32.Bublik.elhu-3ba8a562f78af7776675f128f12777144fc3c73a471d8efb1950728179bb72d9
Files
-
Bazaar.2020.02.7z.7z
Password: infected
-
bazaar.2020.02/Backdoor.MSIL.Agent.jdt-72fd107044ae159a7a80813fe902a132f12eedd01c63fd9e506cf05e088e7491.exe windows:4 windows x86 arch:x86
Password: infected
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 21KB - Virtual size: 21KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 66KB - Virtual size: 66KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
bazaar.2020.02/Backdoor.MSIL.Agent.jdt-aa918b196328f1fe341b5b48cb5d28f31a94b92b279fcf36baaea55a0a8886f1.exe windows:4 windows x86 arch:x86
Password: infected
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 21KB - Virtual size: 21KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1024B - Virtual size: 576B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
bazaar.2020.02/Backdoor.MSIL.Crysan.acs-d8e091f7e30656be6ba24890a96982b3a9def6123597c0b5ea740f8560ce45c1.exe windows:4 windows x86 arch:x86
Password: infected
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
Imports
mscoree
_CorExeMain
Sections
.text Size: 41KB - Virtual size: 40KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 4KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
bazaar.2020.02/Backdoor.Win32.DarkKomet.aagt-4c1b6befb06152412567869f27c006cba39f4ac3b1c5dbcf8694a65367444df5.exe windows:4 windows x86 arch:x86
Password: infected
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI
Sections
UPX0 Size: - Virtual size: 476KB
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
UPX1 Size: 246KB - Virtual size: 248KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
-
out.upx.exe windows:4 windows x86 arch:x86
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI
Sections
.text Size: 566KB - Virtual size: 566KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.itext Size: 6KB - Virtual size: 6KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 15KB - Virtual size: 15KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.bss Size: - Virtual size: 29KB
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.idata Size: 16KB - Virtual size: 16KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.tls Size: - Virtual size: 56B
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rdata Size: 512B - Virtual size: 24B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 35KB - Virtual size: 34KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.rsrc Size: 17KB - Virtual size: 16KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
bazaar.2020.02/Backdoor.Win32.Delf.aecw-a2f4d3da25e52d88eafb7a7da242e9bb507fe4626af58ca3b8c1a13e391c2000.exe windows:4 windows x86 arch:x86
Password: infected
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI
Sections
UPX0 Size: - Virtual size: 488KB
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
UPX1 Size: 248KB - Virtual size: 248KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
-
out.upx.exe windows:4 windows x86 arch:x86
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI
Sections
.text Size: 568KB - Virtual size: 568KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.itext Size: 6KB - Virtual size: 6KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 15KB - Virtual size: 15KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.bss Size: - Virtual size: 37KB
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.idata Size: 16KB - Virtual size: 16KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.tls Size: - Virtual size: 56B
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rdata Size: 512B - Virtual size: 24B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 35KB - Virtual size: 34KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.rsrc Size: 17KB - Virtual size: 16KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
bazaar.2020.02/Backdoor.Win32.Delf.aecw-fa3981228b5b124a8b51fa64f8b6d5d05899165647dc50322b717d7ab63d4997.exe windows:4 windows x86 arch:x86
Password: infected
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI
Sections
UPX0 Size: - Virtual size: 584KB
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
UPX1 Size: 248KB - Virtual size: 248KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 101KB - Virtual size: 104KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
-
out.upx.exe windows:4 windows x86 arch:x86
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI
Sections
.text Size: 568KB - Virtual size: 568KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.itext Size: 6KB - Virtual size: 6KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 15KB - Virtual size: 15KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.bss Size: - Virtual size: 37KB
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.idata Size: 16KB - Virtual size: 16KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.tls Size: - Virtual size: 56B
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rdata Size: 512B - Virtual size: 24B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 35KB - Virtual size: 34KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.rsrc Size: 114KB - Virtual size: 114KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
bazaar.2020.02/Backdoor.Win32.Parazit.aw-4f54c2e0def0a2a5b478220b3ddbccc3ee2a7302cddbfe0e8e1d394587589d88.exe windows:5 windows x86 arch:x86
Password: infected
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Sections
.text Size: 44KB - Virtual size: 44KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 7KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 512B - Virtual size: 512B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 2KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
bazaar.2020.02/HEUR-Backdoor.MSIL.Agent.gen-0eb3ab9e4c6bc5903674d8f9b36a1a59825fa4e1c2d7209be4d7a0c16dc6168f.exe windows:4 windows x86 arch:x86
Password: infected
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 21KB - Virtual size: 21KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1024B - Virtual size: 576B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
bazaar.2020.02/HEUR-Backdoor.MSIL.Crysan.gen-0a276fdaf3367ca3fd4cf90eb338dd3d0575ba3979f1bd609ce58e13e2aa0a8e.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
Imports
mscoree
_CorExeMain
Sections
.text Size: 41KB - Virtual size: 40KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 4KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
bazaar.2020.02/HEUR-Backdoor.MSIL.Crysan.gen-0e7c56b00281e18e385042a28f0e6202fbe39f3cdb219d17489799fca09b6550.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
Imports
mscoree
_CorExeMain
Sections
.text Size: 41KB - Virtual size: 40KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 4KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
bazaar.2020.02/HEUR-Backdoor.MSIL.Crysan.gen-0eeb561ea16bf80e301847add0363445976f5ab518d23e499cbf1f7ce9e6fc59.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
Imports
mscoree
_CorExeMain
Sections
.text Size: 41KB - Virtual size: 40KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 4KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
bazaar.2020.02/HEUR-Backdoor.MSIL.Crysan.gen-0f268e9be95d203c8d5cfa33d50ad7f623f13746bd97ec24703959dc08d97a9b.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
Imports
mscoree
_CorExeMain
Sections
.text Size: 41KB - Virtual size: 40KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 4KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
bazaar.2020.02/HEUR-Backdoor.MSIL.Crysan.gen-2b70dd97d36efbbadd5f63afc22e28dc53d26302bae846b4f4e49e27cf95a70f.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
Imports
mscoree
_CorExeMain
Sections
.text Size: 43KB - Virtual size: 43KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 66KB - Virtual size: 65KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
bazaar.2020.02/HEUR-Backdoor.MSIL.Crysan.gen-4ece7a3cd6313c022ce3d30028a8af4f4f4da6a35efcddb8136b4bb5520fdb21.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
Imports
mscoree
_CorExeMain
Sections
.text Size: 78KB - Virtual size: 77KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 512B - Virtual size: 16B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
bazaar.2020.02/HEUR-Backdoor.MSIL.Crysan.gen-5515739bd8752264b7ee2a2c9b957d36af9fb16b19d7dd1aef4139f2fe74af47.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
Imports
mscoree
_CorExeMain
Sections
.text Size: 41KB - Virtual size: 41KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 4KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
bazaar.2020.02/HEUR-Backdoor.MSIL.Crysan.gen-5be5dbcf6753c5607b5c95bf93e71f1d71fcb2c6ff691f949e237bc6df77a34a.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
Imports
mscoree
_CorExeMain
Sections
.text Size: 41KB - Virtual size: 41KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 4KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
bazaar.2020.02/HEUR-Backdoor.MSIL.Crysan.gen-661a64ee7db2b0ddbcfc619258bdd2c06ab206b7efb4280d1efb5206eaa4701c.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
Imports
mscoree
_CorExeMain
Sections
.text Size: 41KB - Virtual size: 41KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 4KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
bazaar.2020.02/HEUR-Backdoor.MSIL.Crysan.gen-6afb6a18a4fce6423e0518c40eee187214cf81428c350347c52eb3b9f0c82b17.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
Imports
mscoree
_CorExeMain
Sections
.text Size: 41KB - Virtual size: 41KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 4KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
bazaar.2020.02/HEUR-Backdoor.MSIL.Crysan.gen-6bc82b5b3a1161abc9ef0b67d69e09ef009fed1ab438fb9e5f3e1ac40290ed78.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
Imports
mscoree
_CorExeMain
Sections
.text Size: 41KB - Virtual size: 41KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 4KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
bazaar.2020.02/HEUR-Backdoor.MSIL.Crysan.gen-758c2192e60534c48145e7704dc3d810b8de899bb36a756fdfa1d34c5971ff45.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
Imports
mscoree
_CorExeMain
Sections
.text Size: 41KB - Virtual size: 40KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 4KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
bazaar.2020.02/HEUR-Backdoor.MSIL.Crysan.gen-7a5f26049488c885e95778f9a2352179be3a2f0721bba044039263214765d781.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
Imports
mscoree
_CorExeMain
Sections
.text Size: 41KB - Virtual size: 40KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 4KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
bazaar.2020.02/HEUR-Backdoor.MSIL.Crysan.gen-9b471c2935fdd01c7e9d57e78f91d213e6d1b5a44ac1719048d92d02d1976422.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
Imports
mscoree
_CorExeMain
Sections
.text Size: 41KB - Virtual size: 40KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 4KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
bazaar.2020.02/HEUR-Backdoor.MSIL.Crysan.gen-a52ed7cc857c5a48246c336bd22ac226100a005a8fa1306debe166af6018090d.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
Imports
mscoree
_CorExeMain
Sections
.text Size: 43KB - Virtual size: 43KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 4KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
bazaar.2020.02/HEUR-Backdoor.MSIL.Crysan.gen-a6604aebaa716ddce1cc646eb63b3ddcdc7aaa59efe4e10bcd1650dee815ea03.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
Imports
mscoree
_CorExeMain
Sections
.text Size: 43KB - Virtual size: 43KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 80KB - Virtual size: 80KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
bazaar.2020.02/HEUR-Backdoor.MSIL.Crysan.gen-a86751d7ee905499b6e324dc5175e287a20d34cde78cbe35a290523dea9d1cd0.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
Imports
mscoree
_CorExeMain
Sections
.text Size: 41KB - Virtual size: 40KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 4KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
bazaar.2020.02/HEUR-Backdoor.MSIL.Crysan.gen-abf3559102f105717f176c7929b5994a35686be15d37fb91d19d885f79cc1310.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
Imports
mscoree
_CorExeMain
Sections
.text Size: 43KB - Virtual size: 43KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 4KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
bazaar.2020.02/HEUR-Backdoor.MSIL.Crysan.gen-cd421127d97cf049c17e0d3049dc42686468f26adfdc0281e0cb64e307c54a67.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
Imports
mscoree
_CorExeMain
Sections
.text Size: 41KB - Virtual size: 40KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
bazaar.2020.02/HEUR-Backdoor.MSIL.Crysan.gen-e20e1fd207ef943af95774fc0fc0e38da70c808b78a3dfb141e4852036a8dc12.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
Imports
mscoree
_CorExeMain
Sections
.text Size: 41KB - Virtual size: 40KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 4KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
bazaar.2020.02/HEUR-Backdoor.MSIL.Crysan.gen-f019485de1ca48a37011e7df076b8e7105e928d4b2695caa1a6780a2a30f45cb.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
Imports
mscoree
_CorExeMain
Sections
.text Size: 41KB - Virtual size: 40KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 4KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
bazaar.2020.02/HEUR-Backdoor.MSIL.Quasar.gen-a4fcf02ada330a1e50982618833ae730d5238adbf9407e303cc6c05fa8270ba5.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 285KB - Virtual size: 285KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
bazaar.2020.02/HEUR-Backdoor.MSIL.Revenge.gen-03e6043a9dc35b10400bd0e81a62977b05e7ecf941524673bdcdcae9e012cb07.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 15KB - Virtual size: 15KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
bazaar.2020.02/HEUR-Backdoor.MSIL.Revenge.gen-60197bde238231c68c111119345b65d414bd24c7910eb5b1f3af62a0e227fad7.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 15KB - Virtual size: 15KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
bazaar.2020.02/HEUR-Backdoor.MSIL.Revenge.gen-61772167a95f7d7eb84337c06144cbba21b88b0ace8ef24d59426c7a50e6acc6.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 15KB - Virtual size: 15KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
bazaar.2020.02/HEUR-Backdoor.MSIL.Revenge.gen-81c2d363ab4104654fc8a9d4672b947d1c83e521ea47d9c8f0aaf992cb39230d.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 16KB - Virtual size: 15KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
bazaar.2020.02/HEUR-Backdoor.MSIL.Revenge.gen-a16bd1b906b66c84b3b8e097e10e5fc70fedf3240a182878758ae9f108dac023.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 12KB - Virtual size: 11KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 4KB - Virtual size: 656B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 4KB - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
bazaar.2020.02/HEUR-Backdoor.MSIL.Revenge.gen-acec05fb087440c24b6ac8a15051b8fc7fdfd92bdf458b165e1e19265395b595.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 16KB - Virtual size: 16KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
bazaar.2020.02/HEUR-Backdoor.MSIL.Revenge.gen-c35e3bdf0d1a7275e73f3c8c9fb57cf874ffa19ffafae649025b1e90cd07c096.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 15KB - Virtual size: 15KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
bazaar.2020.02/HEUR-Backdoor.MSIL.SpyGate.gen-1f2ae650fdefb75fd7775dd7ad86aa81ca7d19595f58b4a07b32a6502079d815.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 20KB - Virtual size: 18KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 4KB - Virtual size: 672B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 4KB - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
bazaar.2020.02/HEUR-Backdoor.MSIL.SpyGate.gen-2f55841f6ccc75acaf8390d8e8c909528a6c62bfd016e788068145c168aec07c.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 20KB - Virtual size: 18KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 4KB - Virtual size: 672B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 4KB - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
bazaar.2020.02/HEUR-Backdoor.MSIL.SpyGate.gen-38c256f94279c37c339b3214008a8a013bba1fdf9baff77ce82ed900d333fd75.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 20KB - Virtual size: 17KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 4KB - Virtual size: 672B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 4KB - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
bazaar.2020.02/HEUR-Backdoor.MSIL.SpyGate.gen-4d4fe010edd8e5cb0a3dbe463a9bea549aaee512737ac1a8e1b81c2b1100d1fa.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 20KB - Virtual size: 18KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 4KB - Virtual size: 672B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 4KB - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
bazaar.2020.02/HEUR-Backdoor.MSIL.SpyGate.gen-530d2f0345b4e64d7a15fce3c91ddd6f8b6122dc66fbf479bf20368d933c40c6.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 20KB - Virtual size: 18KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 4KB - Virtual size: 672B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 4KB - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
bazaar.2020.02/HEUR-Backdoor.MSIL.SpyGate.gen-9ab608b32b25b2412a3ceb6de646beb37242434ee1c7cc8cc779db02e17f497f.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 20KB - Virtual size: 18KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 4KB - Virtual size: 672B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 4KB - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
bazaar.2020.02/HEUR-Backdoor.MSIL.SpyGate.gen-aac437030e9124f5a39f58ede1eedf0a786091efbce4fe697b468d7c2d907ac6.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
Imports
mscoree
_CorExeMain
Sections
.text Size: 52KB - Virtual size: 52KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
bazaar.2020.02/HEUR-Backdoor.MSIL.SpyGate.gen-d7aadffd168139ae09e073e9154a8fa6a6b6be547d3beae1e157adeb1bad2c07.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 20KB - Virtual size: 18KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 4KB - Virtual size: 672B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 4KB - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
bazaar.2020.02/HEUR-Backdoor.MSIL.SpyGate.gen-def7ecf8aa63604355204120f9c28e669b33268e3440e689b7e9beaaf7e7e7ef.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 20KB - Virtual size: 18KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 4KB - Virtual size: 672B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 4KB - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
bazaar.2020.02/HEUR-Backdoor.MSIL.SpyGate.gen-e2a886dff11b3c7d342a1374bcb9f43697ff7ffda9470b0abc6cb795171f3e4c.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 20KB - Virtual size: 18KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 4KB - Virtual size: 672B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 4KB - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
bazaar.2020.02/HEUR-Backdoor.Win32.Generic-1c659cbf8f73b2dd0ed8238595c225dbc1e87d5ea538c24a5d52faf0f4a49e7d.exe windows:4 windows x86 arch:x86
8428bbc7d7a645de0023d5a121be2195
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
ws2_32
setsockopt
sendto
socket
gethostbyname
htons
connect
send
recv
inet_ntoa
WSASocketA
htonl
gethostname
WSAGetLastError
inet_addr
WSAIoctl
select
closesocket
WSACleanup
WSAStartup
msvcrt
_stricmp
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_XcptFilter
_exit
_onexit
__dllonexit
??1type_info@@UAE@XZ
strchr
_beginthreadex
free
realloc
strcmp
_access
strcat
strrchr
strncpy
_iob
fprintf
sprintf
printf
strcpy
time
srand
rand
atoi
_local_unwind2
_except_handler3
_CxxThrowException
memcmp
??2@YAPAXI@Z
strstr
memset
strlen
__CxxFrameHandler
_ftol
ceil
memcpy
??3@YAXPAX@Z
_strupr
_strcmpi
_controlfp
mfc42
ord540
ord800
ord6877
ord939
ord2818
ord4278
ord860
ord6663
ord858
ord535
ord922
ord924
ord926
ord4129
ord2764
ord6648
ord537
kernel32
GetDiskFreeSpaceExA
VirtualAlloc
GetModuleHandleA
GetStartupInfoA
HeapFree
VirtualProtect
GetProcessHeap
HeapAlloc
lstrcmpiA
GetCurrentThreadId
GetFileAttributesA
DefineDosDeviceA
MoveFileExA
ExpandEnvironmentStringsA
CopyFileA
SetFileAttributesA
CreateDirectoryA
DuplicateHandle
GetCurrentProcess
GetFileSize
ReadFile
FindFirstFileA
FindClose
GetLocalTime
GlobalMemoryStatusEx
CreateToolhelp32Snapshot
Process32First
OpenProcess
TerminateProcess
Process32Next
GetModuleFileNameA
GetVersionExA
CreateFileA
WriteFile
ExitProcess
GetCurrentProcessId
ExitThread
CreateThread
GetTickCount
CancelIo
InterlockedExchange
SetEvent
Sleep
OutputDebugStringA
ResetEvent
lstrlenA
LoadLibraryA
GetProcAddress
FreeLibrary
lstrcatA
lstrcpyA
WaitForSingleObject
CloseHandle
CreateEventA
VirtualFree
GetDriveTypeA
user32
wsprintfA
GetMessageA
GetInputState
PostThreadMessageA
GetWindow
GetWindowTextA
GetClassNameA
FindWindowA
advapi32
AdjustTokenPrivileges
CloseEventLog
ClearEventLogA
StartServiceCtrlDispatcherA
OpenProcessToken
LookupPrivilegeValueA
ChangeServiceConfig2A
RegisterServiceCtrlHandlerA
SetServiceStatus
OpenEventLogA
shell32
SHGetSpecialFolderPathA
ShellExecuteA
ShellExecuteExA
wininet
InternetGetConnectedState
InternetOpenUrlA
shlwapi
PathRemoveFileSpecA
Exports
Exports
Shellex
Sections
.text Size: 31KB - Virtual size: 30KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 5KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 5KB - Virtual size: 8KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 1024B - Virtual size: 924B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
bazaar.2020.02/HEUR-Backdoor.Win32.Generic-ecb05f56049ff565d1a77351ac21374b9ba05e3cb5ecabbd113d44a254d4e642.exe windows:4 windows x86 arch:x86
8428bbc7d7a645de0023d5a121be2195
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
ws2_32
setsockopt
sendto
socket
gethostbyname
htons
connect
send
recv
inet_ntoa
WSASocketA
htonl
gethostname
WSAGetLastError
inet_addr
WSAIoctl
select
closesocket
WSACleanup
WSAStartup
msvcrt
_stricmp
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_XcptFilter
_exit
_onexit
__dllonexit
??1type_info@@UAE@XZ
strchr
_beginthreadex
free
realloc
strcmp
_access
strcat
strrchr
strncpy
_iob
fprintf
sprintf
printf
strcpy
time
srand
rand
atoi
_local_unwind2
_except_handler3
_CxxThrowException
memcmp
??2@YAPAXI@Z
strstr
memset
strlen
__CxxFrameHandler
_ftol
ceil
memcpy
??3@YAXPAX@Z
_strupr
_strcmpi
_controlfp
mfc42
ord540
ord800
ord6877
ord939
ord2818
ord4278
ord860
ord6663
ord858
ord535
ord922
ord924
ord926
ord4129
ord2764
ord6648
ord537
kernel32
GetDiskFreeSpaceExA
VirtualAlloc
GetModuleHandleA
GetStartupInfoA
HeapFree
VirtualProtect
GetProcessHeap
HeapAlloc
lstrcmpiA
GetCurrentThreadId
GetFileAttributesA
DefineDosDeviceA
MoveFileExA
ExpandEnvironmentStringsA
CopyFileA
SetFileAttributesA
CreateDirectoryA
DuplicateHandle
GetCurrentProcess
GetFileSize
ReadFile
FindFirstFileA
FindClose
GetLocalTime
GlobalMemoryStatusEx
CreateToolhelp32Snapshot
Process32First
OpenProcess
TerminateProcess
Process32Next
GetModuleFileNameA
GetVersionExA
CreateFileA
WriteFile
ExitProcess
GetCurrentProcessId
ExitThread
CreateThread
GetTickCount
CancelIo
InterlockedExchange
SetEvent
Sleep
OutputDebugStringA
ResetEvent
lstrlenA
LoadLibraryA
GetProcAddress
FreeLibrary
lstrcatA
lstrcpyA
WaitForSingleObject
CloseHandle
CreateEventA
VirtualFree
GetDriveTypeA
user32
wsprintfA
GetMessageA
GetInputState
PostThreadMessageA
GetWindow
GetWindowTextA
GetClassNameA
FindWindowA
advapi32
AdjustTokenPrivileges
CloseEventLog
ClearEventLogA
StartServiceCtrlDispatcherA
OpenProcessToken
LookupPrivilegeValueA
ChangeServiceConfig2A
RegisterServiceCtrlHandlerA
SetServiceStatus
OpenEventLogA
shell32
SHGetSpecialFolderPathA
ShellExecuteA
ShellExecuteExA
wininet
InternetGetConnectedState
InternetOpenUrlA
shlwapi
PathRemoveFileSpecA
Exports
Exports
Shellex
Sections
.text Size: 31KB - Virtual size: 30KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 5KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 5KB - Virtual size: 8KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 1024B - Virtual size: 924B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
bazaar.2020.02/HEUR-Backdoor.Win32.NetWiredRC.gen-ddf42fa0c0c9f5e7c33dfe7cc6743f812b796b53c759e6e19ec18daa6b98364e.exe windows:4 windows x86 arch:x86
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI
Sections
CODE Size: 443KB - Virtual size: 443KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
DATA Size: 5KB - Virtual size: 5KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
BSS Size: - Virtual size: 3KB
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.idata Size: 10KB - Virtual size: 9KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.tls Size: - Virtual size: 16B
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rdata Size: 512B - Virtual size: 24B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 30KB - Virtual size: 30KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 143KB - Virtual size: 143KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
bazaar.2020.02/HEUR-Trojan-Downloader.Script.SLoad.gen-1460604fef8913322d310b038f6be1c5dbd5b725296a02a4ba13ea4bb3b8329a.js
-
bazaar.2020.02/HEUR-Trojan-PSW.MSIL.Agent.gen-3690d1d02801a5cb5fbfe075853eb580648c681cf8fe11f9d3e77239ae1c617a.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
PDB Paths
C:\Users\laber\Desktop\ROCCAT Swarm\all\새 폴더 (3)\11\새 폴더\Tokken\Haf_TKGB\Haf_TKGB\Haf_TKGB\obj\Debug\DRDOS.pdb
Imports
mscoree
_CorExeMain
Sections
.text Size: 8KB - Virtual size: 7KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
bazaar.2020.02/HEUR-Trojan-Ransom.Win32.Sodin.vho-0e468c960706b3f4181f54a35650b8edbd0960785dda89a72cdd1e5d600f188b.dll windows:5 windows x86 arch:x86
c4c29c7e6a6897be412c7fedfcca8fe4
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
Imports
kernel32
CloseHandle
SetErrorMode
CreateThread
Sections
.text Size: 43KB - Virtual size: 42KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 11KB - Virtual size: 10KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 58KB - Virtual size: 58KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rj9ky Size: 50KB - Virtual size: 50KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
bazaar.2020.02/HEUR-Trojan-Ransom.Win32.Sodin.vho-0eb2873b91bedb21963ce3150732914fefcbdec884cd7b3d0e63b5f5424d3b37.dll windows:5 windows x86 arch:x86
3405adb708f38a8c5b5ee1fd45dead95
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
Imports
kernel32
lstrlenW
CloseHandle
SetErrorMode
CreateThread
Sections
.text Size: 94KB - Virtual size: 94KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 11KB - Virtual size: 10KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 7KB - Virtual size: 7KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.41hfa Size: 50KB - Virtual size: 50KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 2KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
bazaar.2020.02/HEUR-Trojan-Ransom.Win32.Sodin.vho-0ee7783213426a5e46bc11a91acf5f2d73890bb09bbf4f3b932a4b79eeb6b820.dll windows:5 windows x86 arch:x86
3405adb708f38a8c5b5ee1fd45dead95
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
Imports
kernel32
lstrlenW
CloseHandle
SetErrorMode
CreateThread
Sections
.text Size: 94KB - Virtual size: 94KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 11KB - Virtual size: 10KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 7KB - Virtual size: 7KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.41hfa Size: 50KB - Virtual size: 50KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 2KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
bazaar.2020.02/HEUR-Trojan-Ransom.Win32.Sodin.vho-1b9dfd1fe17d3783b2ab4a6d583be6fca9ba164d2a1cd6814c710774ec9bd031.dll windows:5 windows x86 arch:x86
3405adb708f38a8c5b5ee1fd45dead95
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
Imports
kernel32
lstrlenW
CloseHandle
SetErrorMode
CreateThread
Sections
.text Size: 94KB - Virtual size: 94KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 11KB - Virtual size: 10KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 7KB - Virtual size: 7KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.41hfa Size: 50KB - Virtual size: 50KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 2KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
bazaar.2020.02/HEUR-Trojan-Ransom.Win32.Sodin.vho-218ad6e33041a0bdb60c8de03e7dcdf42e5392e106a4b5b0436cdaa02a8dd2c9.dll windows:5 windows x86 arch:x86
3405adb708f38a8c5b5ee1fd45dead95
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
Imports
kernel32
lstrlenW
CloseHandle
SetErrorMode
CreateThread
Sections
.text Size: 94KB - Virtual size: 94KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 11KB - Virtual size: 10KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 7KB - Virtual size: 7KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.41hfa Size: 50KB - Virtual size: 50KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 2KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
bazaar.2020.02/HEUR-Trojan-Ransom.Win32.Sodin.vho-22e6baf4d3e4dba5f6f3ab349700d0169eeeb4a989b20b64a6aefba8be9fa64a.dll windows:5 windows x86 arch:x86
c4c29c7e6a6897be412c7fedfcca8fe4
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
Imports
kernel32
CloseHandle
SetErrorMode
CreateThread
Sections
.text Size: 94KB - Virtual size: 93KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 11KB - Virtual size: 10KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 6KB - Virtual size: 7KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.t6np6 Size: 50KB - Virtual size: 50KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
bazaar.2020.02/HEUR-Trojan-Ransom.Win32.Sodin.vho-23096a2bc9feeabd37a9704d0653f4628ef740cdfe24af364ee09d379ec39d95.dll windows:5 windows x86 arch:x86
c4c29c7e6a6897be412c7fedfcca8fe4
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
Imports
kernel32
CloseHandle
SetErrorMode
CreateThread
Sections
.text Size: 94KB - Virtual size: 93KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 11KB - Virtual size: 10KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 6KB - Virtual size: 7KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.t6np6 Size: 50KB - Virtual size: 50KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
bazaar.2020.02/HEUR-Trojan-Ransom.Win32.Sodin.vho-23b7ef18b61fe3ca542372a862d19fac734c24b5cecfe9682b211129fa88f998.dll windows:5 windows x86 arch:x86
3405adb708f38a8c5b5ee1fd45dead95
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
Imports
kernel32
lstrlenW
CloseHandle
SetErrorMode
CreateThread
Sections
.text Size: 94KB - Virtual size: 94KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 11KB - Virtual size: 10KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 7KB - Virtual size: 7KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.41hfa Size: 50KB - Virtual size: 50KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 2KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
bazaar.2020.02/HEUR-Trojan-Ransom.Win32.Sodin.vho-23d7cd4b0535b40662dc211b4ae28c4b5383c66b4b686064bd391a259da80d48.dll windows:5 windows x86 arch:x86
c4c29c7e6a6897be412c7fedfcca8fe4
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
Imports
kernel32
CloseHandle
SetErrorMode
CreateThread
Sections
.text Size: 94KB - Virtual size: 93KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 11KB - Virtual size: 10KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 6KB - Virtual size: 7KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.t6np6 Size: 50KB - Virtual size: 50KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
bazaar.2020.02/HEUR-Trojan-Ransom.Win32.Sodin.vho-2a28f11ca820bd0bde24d41cb5307c8f2fa70174536ac13a99923ba70015b36f.dll windows:5 windows x86 arch:x86
3405adb708f38a8c5b5ee1fd45dead95
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
Imports
kernel32
lstrlenW
CloseHandle
SetErrorMode
CreateThread
Sections
.text Size: 94KB - Virtual size: 94KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 11KB - Virtual size: 10KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 7KB - Virtual size: 7KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.41hfa Size: 50KB - Virtual size: 50KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 2KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
bazaar.2020.02/HEUR-Trojan-Ransom.Win32.Sodin.vho-353ddd0a20aa154923d91052d8ef6c94a32fe9cb1293cde6b8d05b032a79237d.dll windows:5 windows x86 arch:x86
3405adb708f38a8c5b5ee1fd45dead95
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
Imports
kernel32
lstrlenW
CloseHandle
SetErrorMode
CreateThread
Sections
.text Size: 94KB - Virtual size: 94KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 11KB - Virtual size: 10KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 7KB - Virtual size: 7KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.41hfa Size: 50KB - Virtual size: 50KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 2KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
bazaar.2020.02/HEUR-Trojan-Ransom.Win32.Sodin.vho-38beb0ea97e3c5758b4839b8874d552a6ddce7bcde77986c62bf49041e229bc6.dll windows:5 windows x86 arch:x86
c4c29c7e6a6897be412c7fedfcca8fe4
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
Imports
kernel32
CloseHandle
SetErrorMode
CreateThread
Sections
.text Size: 94KB - Virtual size: 93KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 11KB - Virtual size: 10KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 6KB - Virtual size: 7KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.t6np6 Size: 50KB - Virtual size: 50KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
bazaar.2020.02/HEUR-Trojan-Ransom.Win32.Sodin.vho-42996516b6604ba136ff909d9b59d2a676a72eaafa30c729cdfaddd96b20fc83.dll windows:5 windows x86 arch:x86
c4c29c7e6a6897be412c7fedfcca8fe4
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
Imports
kernel32
CloseHandle
SetErrorMode
CreateThread
Sections
.text Size: 43KB - Virtual size: 42KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 11KB - Virtual size: 10KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 58KB - Virtual size: 58KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rj9ky Size: 50KB - Virtual size: 50KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
bazaar.2020.02/HEUR-Trojan-Ransom.Win32.Sodin.vho-44bcefd86b7d36300eb2d77ba88f248cab5ecb9cfb0ec3e859e35ed519fa7795.dll windows:5 windows x86 arch:x86
c4c29c7e6a6897be412c7fedfcca8fe4
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
Imports
kernel32
CloseHandle
SetErrorMode
CreateThread
Sections
.text Size: 94KB - Virtual size: 93KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 11KB - Virtual size: 10KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 6KB - Virtual size: 7KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.t6np6 Size: 50KB - Virtual size: 50KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
bazaar.2020.02/HEUR-Trojan-Ransom.Win32.Sodin.vho-578e1b00157447f99716b646af6b0c33d0f6c32257a19376d6cc9d003ff0fba1.dll windows:5 windows x86 arch:x86
c4c29c7e6a6897be412c7fedfcca8fe4
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
Imports
kernel32
CloseHandle
SetErrorMode
CreateThread
Sections
.text Size: 43KB - Virtual size: 42KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 11KB - Virtual size: 10KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 58KB - Virtual size: 58KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rj9ky Size: 50KB - Virtual size: 50KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
bazaar.2020.02/HEUR-Trojan-Ransom.Win32.Sodin.vho-5bfb1237443e270d7297a9bb2d4cc44cbc4f3ad0f71db00012a4cc0ae461e6d2.dll windows:5 windows x86 arch:x86
c4c29c7e6a6897be412c7fedfcca8fe4
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
Imports
kernel32
CloseHandle
SetErrorMode
CreateThread
Sections
.text Size: 43KB - Virtual size: 42KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 11KB - Virtual size: 10KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 58KB - Virtual size: 58KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rj9ky Size: 50KB - Virtual size: 50KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
bazaar.2020.02/HEUR-Trojan-Ransom.Win32.Sodin.vho-5f74523c92b0fde9a89cd5121fe4829a7499a7074a4e0c55adcae5ba2f374a20.dll windows:5 windows x86 arch:x86
3405adb708f38a8c5b5ee1fd45dead95
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
Imports
kernel32
lstrlenW
CloseHandle
SetErrorMode
CreateThread
Sections
.text Size: 94KB - Virtual size: 94KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 11KB - Virtual size: 10KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 7KB - Virtual size: 7KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.41hfa Size: 50KB - Virtual size: 50KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 2KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
bazaar.2020.02/HEUR-Trojan-Ransom.Win32.Sodin.vho-60eb2878e6ae481bcc0945d0cfaa8d2b8cca6e576da62804d9081662a0ed372b.dll windows:5 windows x86 arch:x86
c4c29c7e6a6897be412c7fedfcca8fe4
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
Imports
kernel32
CloseHandle
SetErrorMode
CreateThread
Sections
.text Size: 94KB - Virtual size: 93KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 11KB - Virtual size: 10KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 6KB - Virtual size: 7KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.t6np6 Size: 50KB - Virtual size: 50KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
bazaar.2020.02/HEUR-Trojan-Ransom.Win32.Sodin.vho-6f6d4f3090669a12b7870d959302181d721436520374a4115e6c7bcfbc21cfef.dll windows:5 windows x86 arch:x86
3405adb708f38a8c5b5ee1fd45dead95
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
Imports
kernel32
lstrlenW
CloseHandle
SetErrorMode
CreateThread
Sections
.text Size: 94KB - Virtual size: 94KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 11KB - Virtual size: 10KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 7KB - Virtual size: 7KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.41hfa Size: 50KB - Virtual size: 50KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 2KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
bazaar.2020.02/HEUR-Trojan-Ransom.Win32.Sodin.vho-747215655246587e4db7d04356ca00afa7fbe25b7fd1f3ba4f182670a9b86519.dll windows:5 windows x86 arch:x86
c4c29c7e6a6897be412c7fedfcca8fe4
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
Imports
kernel32
CloseHandle
SetErrorMode
CreateThread
Sections
.text Size: 94KB - Virtual size: 93KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 11KB - Virtual size: 10KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 6KB - Virtual size: 7KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.t6np6 Size: 50KB - Virtual size: 50KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
bazaar.2020.02/HEUR-Trojan-Ransom.Win32.Sodin.vho-79919ef76585d0c1ae83b081c852e570598705583142fd1e5ae71ba7b32e8318.dll windows:5 windows x86 arch:x86
c4c29c7e6a6897be412c7fedfcca8fe4
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
Imports
kernel32
CloseHandle
SetErrorMode
CreateThread
Sections
.text Size: 94KB - Virtual size: 93KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 11KB - Virtual size: 10KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 6KB - Virtual size: 7KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.t6np6 Size: 50KB - Virtual size: 50KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
bazaar.2020.02/HEUR-Trojan-Ransom.Win32.Sodin.vho-7b8a4cc371405cd7ac06a63adee7e9500a814d78faef3bdba16b6b2d7b49b198.dll windows:5 windows x86 arch:x86
3405adb708f38a8c5b5ee1fd45dead95
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
Imports
kernel32
lstrlenW
CloseHandle
SetErrorMode
CreateThread
Sections
.text Size: 94KB - Virtual size: 94KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 11KB - Virtual size: 10KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 7KB - Virtual size: 7KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.41hfa Size: 50KB - Virtual size: 50KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 2KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
bazaar.2020.02/HEUR-Trojan-Ransom.Win32.Sodin.vho-7e7edb63b2dd35481b73828564d123d6b8873a3a3cef8767ce3b0a9df89cc336.dll windows:5 windows x86 arch:x86
c4c29c7e6a6897be412c7fedfcca8fe4
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
Imports
kernel32
CloseHandle
SetErrorMode
CreateThread
Sections
.text Size: 94KB - Virtual size: 93KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 11KB - Virtual size: 10KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 6KB - Virtual size: 7KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.t6np6 Size: 50KB - Virtual size: 50KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
bazaar.2020.02/HEUR-Trojan-Ransom.Win32.Sodin.vho-830a8208fe916dabfc1ee63c3e889d8277fbae954a9b00d64b2c920e1d9a2536.dll windows:5 windows x86 arch:x86
c4c29c7e6a6897be412c7fedfcca8fe4
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
Imports
kernel32
CloseHandle
SetErrorMode
CreateThread
Sections
.text Size: 43KB - Virtual size: 42KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 11KB - Virtual size: 10KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 58KB - Virtual size: 58KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rj9ky Size: 50KB - Virtual size: 50KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
bazaar.2020.02/HEUR-Trojan-Ransom.Win32.Sodin.vho-87551a242ba5861045a09e740e68d37b2a22c0a15c77723782f9568450cb5bd9.dll windows:5 windows x86 arch:x86
3405adb708f38a8c5b5ee1fd45dead95
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
Imports
kernel32
lstrlenW
CloseHandle
SetErrorMode
CreateThread
Sections
.text Size: 94KB - Virtual size: 94KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 11KB - Virtual size: 10KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 7KB - Virtual size: 7KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.41hfa Size: 50KB - Virtual size: 50KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 2KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
bazaar.2020.02/HEUR-Trojan-Ransom.Win32.Sodin.vho-89f9499b3426a05ce92301481d038fe4779549c30f38c45556cbdb2558a18944.dll windows:5 windows x86 arch:x86
3405adb708f38a8c5b5ee1fd45dead95
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
Imports
kernel32
lstrlenW
CloseHandle
SetErrorMode
CreateThread
Sections
.text Size: 94KB - Virtual size: 94KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 11KB - Virtual size: 10KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 7KB - Virtual size: 7KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.41hfa Size: 50KB - Virtual size: 50KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 2KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
bazaar.2020.02/HEUR-Trojan-Ransom.Win32.Sodin.vho-8c55958dc4f421350c0b0c5ac16004238f4d0957a7fba86832f7da76788a4804.dll windows:5 windows x86 arch:x86
3405adb708f38a8c5b5ee1fd45dead95
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
Imports
kernel32
lstrlenW
CloseHandle
SetErrorMode
CreateThread
Sections
.text Size: 94KB - Virtual size: 94KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 11KB - Virtual size: 10KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 7KB - Virtual size: 7KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.41hfa Size: 50KB - Virtual size: 50KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 2KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
bazaar.2020.02/HEUR-Trojan-Ransom.Win32.Sodin.vho-910489e9cbb9be62a2ee6100e09d0d6006fe21cbd73d5b7085f1b69f292cf006.dll windows:5 windows x86 arch:x86
3405adb708f38a8c5b5ee1fd45dead95
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
Imports
kernel32
lstrlenW
CloseHandle
SetErrorMode
CreateThread
Sections
.text Size: 94KB - Virtual size: 94KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 11KB - Virtual size: 10KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 7KB - Virtual size: 7KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.41hfa Size: 50KB - Virtual size: 50KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 2KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
bazaar.2020.02/HEUR-Trojan-Ransom.Win32.Sodin.vho-946d769a0c039fa8f76bf3b0f0cb508c76027d45e89faaeb3902ce5645bfd185.dll windows:5 windows x86 arch:x86
3405adb708f38a8c5b5ee1fd45dead95
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
Imports
kernel32
lstrlenW
CloseHandle
SetErrorMode
CreateThread
Sections
.text Size: 94KB - Virtual size: 94KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 11KB - Virtual size: 10KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 7KB - Virtual size: 7KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.41hfa Size: 50KB - Virtual size: 50KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 2KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
bazaar.2020.02/HEUR-Trojan-Ransom.Win32.Sodin.vho-94ea4614b480418f94bceb76713f109687a6b775244a58d259d34c031e2becf9.dll windows:5 windows x86 arch:x86
c4c29c7e6a6897be412c7fedfcca8fe4
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
Imports
kernel32
CloseHandle
SetErrorMode
CreateThread
Sections
.text Size: 94KB - Virtual size: 93KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 11KB - Virtual size: 10KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 6KB - Virtual size: 7KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.t6np6 Size: 50KB - Virtual size: 50KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
bazaar.2020.02/HEUR-Trojan-Ransom.Win32.Sodin.vho-9f9ec018f395592b0cd8726972e6bf1400eeb13b8535cf314de5f135bb65fdec.dll windows:5 windows x86 arch:x86
c4c29c7e6a6897be412c7fedfcca8fe4
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
Imports
kernel32
CloseHandle
SetErrorMode
CreateThread
Sections
.text Size: 94KB - Virtual size: 93KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 11KB - Virtual size: 10KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 6KB - Virtual size: 7KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.t6np6 Size: 50KB - Virtual size: 50KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
bazaar.2020.02/HEUR-Trojan-Ransom.Win32.Sodin.vho-ac659ed79aac7c38c6e249ad9c92feaafb77dbcd35ab1ccbb47691fe96030516.dll windows:5 windows x86 arch:x86
3405adb708f38a8c5b5ee1fd45dead95
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
Imports
kernel32
lstrlenW
CloseHandle
SetErrorMode
CreateThread
Sections
.text Size: 94KB - Virtual size: 94KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 11KB - Virtual size: 10KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 7KB - Virtual size: 7KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.41hfa Size: 50KB - Virtual size: 50KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 2KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
bazaar.2020.02/HEUR-Trojan-Ransom.Win32.Sodin.vho-af7a14a249990479f187b3d2d0897118eeca857482ccb0215dc3c77bc908213f.dll windows:5 windows x86 arch:x86
c4c29c7e6a6897be412c7fedfcca8fe4
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
Imports
kernel32
CloseHandle
SetErrorMode
CreateThread
Sections
.text Size: 94KB - Virtual size: 93KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 11KB - Virtual size: 10KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 6KB - Virtual size: 7KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.t6np6 Size: 50KB - Virtual size: 50KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
bazaar.2020.02/HEUR-Trojan-Ransom.Win32.Sodin.vho-b7ae1fa5ac7ee65dffd93e9defd51b2e39a1030620560fe9eff51315e75c8885.dll windows:5 windows x86 arch:x86
c4c29c7e6a6897be412c7fedfcca8fe4
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
Imports
kernel32
CloseHandle
SetErrorMode
CreateThread
Sections
.text Size: 94KB - Virtual size: 93KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 11KB - Virtual size: 10KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 6KB - Virtual size: 7KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.t6np6 Size: 50KB - Virtual size: 50KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
bazaar.2020.02/HEUR-Trojan-Ransom.Win32.Sodin.vho-b927203812bd5776ed375a59e3131046750b5050b3847bf79f61a491026f1b25.dll windows:5 windows x86 arch:x86
c4c29c7e6a6897be412c7fedfcca8fe4
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
Imports
kernel32
CloseHandle
SetErrorMode
CreateThread
Sections
.text Size: 94KB - Virtual size: 93KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 11KB - Virtual size: 10KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 6KB - Virtual size: 7KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.t6np6 Size: 50KB - Virtual size: 50KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
bazaar.2020.02/HEUR-Trojan-Ransom.Win32.Sodin.vho-bd7505e3d55571e96b4d5763dbfbabdc445e44de8c8e09a660bf25b28fb709ad.dll windows:5 windows x86 arch:x86
c4c29c7e6a6897be412c7fedfcca8fe4
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
Imports
kernel32
CloseHandle
SetErrorMode
CreateThread
Sections
.text Size: 94KB - Virtual size: 93KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 11KB - Virtual size: 10KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 6KB - Virtual size: 7KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.t6np6 Size: 50KB - Virtual size: 50KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
bazaar.2020.02/HEUR-Trojan-Ransom.Win32.Sodin.vho-c2a4efd5f9ba6f03612eb6e8a324a6721ee84166e50a539f789b3fb6ba9e8399.dll windows:5 windows x86 arch:x86
3405adb708f38a8c5b5ee1fd45dead95
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
Imports
kernel32
lstrlenW
CloseHandle
SetErrorMode
CreateThread
Sections
.text Size: 94KB - Virtual size: 94KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 11KB - Virtual size: 10KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 7KB - Virtual size: 7KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.41hfa Size: 50KB - Virtual size: 50KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 2KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
bazaar.2020.02/HEUR-Trojan-Ransom.Win32.Sodin.vho-c35f35a9e54f35375bc2f72842d038c4121a5cc6314ac7cbabca6a8dc463cfcd.dll windows:5 windows x86 arch:x86
c4c29c7e6a6897be412c7fedfcca8fe4
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
Imports
kernel32
CloseHandle
SetErrorMode
CreateThread
Sections
.text Size: 94KB - Virtual size: 93KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 11KB - Virtual size: 10KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 6KB - Virtual size: 7KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.t6np6 Size: 50KB - Virtual size: 50KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
bazaar.2020.02/HEUR-Trojan-Ransom.Win32.Sodin.vho-c3ed8705aecf16a07e86717d4dd6a33847cf0b87bb2d58e56a502bbf952d5f03.dll windows:5 windows x86 arch:x86
c4c29c7e6a6897be412c7fedfcca8fe4
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
Imports
kernel32
CloseHandle
SetErrorMode
CreateThread
Sections
.text Size: 94KB - Virtual size: 93KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 11KB - Virtual size: 10KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 6KB - Virtual size: 7KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.t6np6 Size: 50KB - Virtual size: 50KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
bazaar.2020.02/HEUR-Trojan-Ransom.Win32.Sodin.vho-c40dfd58e6da0aade75d09b6a659cf165f072ba89aef2d60c10c153793535ee7.dll windows:5 windows x86 arch:x86
3405adb708f38a8c5b5ee1fd45dead95
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
Imports
kernel32
lstrlenW
CloseHandle
SetErrorMode
CreateThread
Sections
.text Size: 94KB - Virtual size: 94KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 11KB - Virtual size: 10KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 7KB - Virtual size: 7KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.41hfa Size: 50KB - Virtual size: 50KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 2KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
bazaar.2020.02/HEUR-Trojan-Ransom.Win32.Sodin.vho-c867959e7f75f00eb11dae861bb9c198421215bb10f88e0c26e3c36aa93bd17a.dll windows:5 windows x86 arch:x86
3405adb708f38a8c5b5ee1fd45dead95
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
Imports
kernel32
lstrlenW
CloseHandle
SetErrorMode
CreateThread
Sections
.text Size: 94KB - Virtual size: 94KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 11KB - Virtual size: 10KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 7KB - Virtual size: 7KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.41hfa Size: 50KB - Virtual size: 50KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 2KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
bazaar.2020.02/HEUR-Trojan-Ransom.Win32.Sodin.vho-ccdb5316112f277ca0b8475884223713ca5afc4f9b729250fa5be07c486822a4.dll windows:5 windows x86 arch:x86
c4c29c7e6a6897be412c7fedfcca8fe4
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
Imports
kernel32
CloseHandle
SetErrorMode
CreateThread
Sections
.text Size: 94KB - Virtual size: 93KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 11KB - Virtual size: 10KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 6KB - Virtual size: 7KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.t6np6 Size: 50KB - Virtual size: 50KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
bazaar.2020.02/HEUR-Trojan-Ransom.Win32.Sodin.vho-daa26a415b2fce72a81bb0d76b5e7552cc4e41707bb2e8fd9cfb77da5e14a066.dll windows:5 windows x86 arch:x86
3405adb708f38a8c5b5ee1fd45dead95
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
Imports
kernel32
lstrlenW
CloseHandle
SetErrorMode
CreateThread
Sections
.text Size: 94KB - Virtual size: 94KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 11KB - Virtual size: 10KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 7KB - Virtual size: 7KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.41hfa Size: 50KB - Virtual size: 50KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 2KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
bazaar.2020.02/HEUR-Trojan-Ransom.Win32.Sodin.vho-e98671b2d66ed8e660d8653d19773ca46706a43c3d489b947df1fd4b0cefce41.dll windows:5 windows x86 arch:x86
c4c29c7e6a6897be412c7fedfcca8fe4
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
Imports
kernel32
CloseHandle
SetErrorMode
CreateThread
Sections
.text Size: 94KB - Virtual size: 93KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 11KB - Virtual size: 10KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 6KB - Virtual size: 7KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.t6np6 Size: 50KB - Virtual size: 50KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
bazaar.2020.02/HEUR-Trojan-Ransom.Win32.Sodin.vho-f4781fb9f53f6bfd09b7e7f5df67e00d06ec739bc75b8e6a38d1c74cf91d7fc7.dll windows:5 windows x86 arch:x86
3405adb708f38a8c5b5ee1fd45dead95
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
Imports
kernel32
lstrlenW
CloseHandle
SetErrorMode
CreateThread
Sections
.text Size: 94KB - Virtual size: 94KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 11KB - Virtual size: 10KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 7KB - Virtual size: 7KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.41hfa Size: 50KB - Virtual size: 50KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 2KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
bazaar.2020.02/HEUR-Trojan-Ransom.Win32.Sodin.vho-f568ba27a1779678459b3f2920a25973e34ed44c294c6bda0170f19a5b7f5ab6.dll windows:5 windows x86 arch:x86
c4c29c7e6a6897be412c7fedfcca8fe4
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
Imports
kernel32
CloseHandle
SetErrorMode
CreateThread
Sections
.text Size: 94KB - Virtual size: 93KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 11KB - Virtual size: 10KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 6KB - Virtual size: 7KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.t6np6 Size: 50KB - Virtual size: 50KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
bazaar.2020.02/HEUR-Trojan-Ransom.Win32.Sodin.vho-f99723f1961f7ba1ea05a528a60558df653fac5a4046cfa70865419548e51fc8.dll windows:5 windows x86 arch:x86
c4c29c7e6a6897be412c7fedfcca8fe4
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
Imports
kernel32
CloseHandle
SetErrorMode
CreateThread
Sections
.text Size: 94KB - Virtual size: 93KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 11KB - Virtual size: 10KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 6KB - Virtual size: 7KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.t6np6 Size: 50KB - Virtual size: 50KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
bazaar.2020.02/HEUR-Trojan-Ransom.Win32.Sodin.vho-f9d9a87e00ec85047f0a85828cf5fb137c3e129ea172c3b5fa9058c2748014da.dll windows:5 windows x86 arch:x86
3405adb708f38a8c5b5ee1fd45dead95
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
Imports
kernel32
lstrlenW
CloseHandle
SetErrorMode
CreateThread
Sections
.text Size: 94KB - Virtual size: 94KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 11KB - Virtual size: 10KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 7KB - Virtual size: 7KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.41hfa Size: 50KB - Virtual size: 50KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 2KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
bazaar.2020.02/HEUR-Trojan-Ransom.Win32.Sodin.vho-fce4810786155e188851f14000159c67656b152b5e1bf6f1aafa27dce4837a49.dll windows:5 windows x86 arch:x86
c4c29c7e6a6897be412c7fedfcca8fe4
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
Imports
kernel32
CloseHandle
SetErrorMode
CreateThread
Sections
.text Size: 94KB - Virtual size: 93KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 11KB - Virtual size: 10KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 6KB - Virtual size: 7KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.t6np6 Size: 50KB - Virtual size: 50KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
bazaar.2020.02/HEUR-Trojan-Spy.MSIL.KeyLogger.gen-20a0206d431c7d26df2994c1c9d21ec2632e0e4eb358b28a28826af7e51c548f.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 20KB - Virtual size: 17KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 4KB - Virtual size: 672B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 4KB - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
bazaar.2020.02/HEUR-Trojan-Spy.MSIL.KeyLogger.gen-3c426a3c33438d9be6cf941a98906dd3992348e8c0288172cb161d495a774bba.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 20KB - Virtual size: 17KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 4KB - Virtual size: 672B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 4KB - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
bazaar.2020.02/HEUR-Trojan-Spy.MSIL.KeyLogger.gen-42a01f37ad7b9284671312c98a78a2f96b8aec1d25af8be7780bf1e8a9d64dd1.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 20KB - Virtual size: 17KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 4KB - Virtual size: 672B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 4KB - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
bazaar.2020.02/HEUR-Trojan-Spy.MSIL.KeyLogger.gen-6e78135df469622bd2c705f8d37bb07c76fe53d7af3d3617a2f1d73e72774b36.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
C:\Users\ThinkPad\Desktop\njRAT-0.7d-Stub-CSharp-master\njRAT-0.7d-Stub-CSharp-master\njRAT C# Stub\obj\x86\Debug\Stub.pdb
Imports
mscoree
_CorExeMain
Sections
.text Size: 20KB - Virtual size: 19KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
bazaar.2020.02/HEUR-Trojan-Spy.MSIL.KeyLogger.gen-8057370f5a52466f468edc174017de11e382e8d727d7ea494becb7fe24ac3bb5.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 20KB - Virtual size: 17KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 4KB - Virtual size: 672B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 4KB - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
bazaar.2020.02/HEUR-Trojan-Spy.MSIL.KeyLogger.gen-86bbaa6bc1ede93f7654d889933a336fcd781039797a176dba25a1505cc9b033.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
C:\Users\ThinkPad\Desktop\njRAT-0.7d-Stub-CSharp-master\njRAT-0.7d-Stub-CSharp-master\njRAT C# Stub\obj\x86\Debug\Stub.pdb
Imports
mscoree
_CorExeMain
Sections
.text Size: 20KB - Virtual size: 19KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
bazaar.2020.02/HEUR-Trojan-Spy.MSIL.KeyLogger.gen-87b0a6a233ea403868b58ac1960ad6799785a06b684c38e5517a9254a544145a.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 20KB - Virtual size: 17KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 4KB - Virtual size: 672B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 4KB - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
bazaar.2020.02/HEUR-Trojan-Spy.MSIL.KeyLogger.gen-a0d362e2231e016ca7a5c976dd1ff93c24477215bb89c0278ad2e375195dd448.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 20KB - Virtual size: 17KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 4KB - Virtual size: 672B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 4KB - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
bazaar.2020.02/HEUR-Trojan-Spy.MSIL.KeyLogger.gen-ad4c7342f0394336560063d9ea2d53c4e39dd280e776b69a9f0fb1364126dab0.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 20KB - Virtual size: 17KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 4KB - Virtual size: 680B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 4KB - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
bazaar.2020.02/HEUR-Trojan-Spy.MSIL.KeyLogger.gen-be2600ebccd8ec339463b7927783c0465f3cdb2979663478619073b9e1773db0.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 20KB - Virtual size: 17KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 4KB - Virtual size: 672B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 4KB - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
bazaar.2020.02/HEUR-Trojan-Spy.MSIL.KeyLogger.gen-bf3aa88502b6f15711ae0ac0702c8bdc8219f27cd48b946b20d2f0c225d4cce5.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 20KB - Virtual size: 17KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 4KB - Virtual size: 672B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 4KB - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
bazaar.2020.02/HEUR-Trojan-Spy.MSIL.KeyLogger.gen-e00d93aa468014f173c109744b794332846f7dd7ac5151009612ede7eaa1baea.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 20KB - Virtual size: 17KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 4KB - Virtual size: 672B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 4KB - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
bazaar.2020.02/HEUR-Trojan-Spy.MSIL.KeyLogger.gen-e78c4aabbfa59e6199deb608bd39eba890bf04dfd59a77b9c99589f668d04268.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 20KB - Virtual size: 17KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 4KB - Virtual size: 672B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 4KB - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
bazaar.2020.02/HEUR-Trojan-Spy.MSIL.KeyLogger.gen-ea51449ecfbdea8639b28d8d1e4f0403f5e1f3b3e455d3d8c4beba7532a340d3.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 20KB - Virtual size: 17KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 4KB - Virtual size: 680B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 4KB - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
bazaar.2020.02/HEUR-Trojan-Spy.MSIL.KeyLogger.gen-ed5910defef802d55719379010b1cb99b007928f2947bcf0c778c8f479892084.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 20KB - Virtual size: 17KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 4KB - Virtual size: 664B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 4KB - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
bazaar.2020.02/HEUR-Trojan-Spy.MSIL.KeyLogger.gen-f38e6fdee72634232d6bc1c9e4a843716a2200c2092e71f7cfa8865ab9679e13.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 20KB - Virtual size: 17KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 4KB - Virtual size: 672B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 4KB - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
bazaar.2020.02/HEUR-Trojan-Spy.MSIL.KeyLogger.gen-fc5850691ea4a7b14caf53c5cd989fe6c04f7eb3d0e64ad39e184421234dcf77.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 20KB - Virtual size: 17KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 4KB - Virtual size: 672B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 4KB - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
bazaar.2020.02/HEUR-Trojan-Spy.MSIL.Quasar.gen-dff69a4857e56c6c013e1959908154884ed9653414ba1f6d1720f8b1f1af1f8a.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 531KB - Virtual size: 531KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
bazaar.2020.02/HEUR-Trojan-Spy.Win32.Xegumumune.gen-9a31db5bc233b3fedeeb7f8fda079d92cb4c42377d763f3cf37c98d452962ebe.exe windows:4 windows x86 arch:x86
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI
Sections
UPX0 Size: - Virtual size: 296KB
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
UPX1 Size: 165KB - Virtual size: 168KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 2KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
-
bazaar.2020.02/HEUR-Trojan.MSIL.Generic-7af6be720f63c86de10443745e332a5717aa9b14fa3e8ecca584ef370f2080da.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 54KB - Virtual size: 53KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.sdata Size: 512B - Virtual size: 226B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
bazaar.2020.02/HEUR-Trojan.MSIL.Generic-e0287568096f94034a8746adef8f4c08db4ef5f51134f90740b1c72eb1b1eb0b.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 49KB - Virtual size: 48KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.sdata Size: 512B - Virtual size: 226B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
bazaar.2020.02/HEUR-Trojan.MSIL.Tasker.gen-8a31c332dfb8714bc0c66300102fa84ee54a4027ed40e2c7082957abb431c34e.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 28KB - Virtual size: 27KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
bazaar.2020.02/HEUR-Trojan.MSIL.Tasker.gen-e513eb020887dd56e85e55803b1afccb24ae116380947993da2e88a71e97be14.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 27KB - Virtual size: 27KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 335KB - Virtual size: 335KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
bazaar.2020.02/HEUR-Trojan.Win32.Agent.gen-329b0bbd1b23398088454dbfaaaa99ab94338ead9fac8fff6018e33f63fe7690.exe windows:4 windows x86 arch:x86
d3a62971944197f0701c7049a9c739d1
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
GetModuleFileNameA
GetLongPathNameA
CreateMutexA
OpenMutexA
Process32Next
Process32First
CreateToolhelp32Snapshot
SizeofResource
LockResource
LoadResource
FindResourceA
GetLocaleInfoA
Process32NextW
Process32FirstW
lstrlenA
GetDriveTypeA
CreateProcessA
GetTickCount
GlobalUnlock
GlobalLock
GlobalAlloc
WinExec
GetCurrentProcessId
CreateDirectoryW
CopyFileA
GetFileAttributesW
GetLogicalDriveStringsA
GetCurrentProcess
ResumeThread
SetThreadContext
WriteProcessMemory
VirtualAllocEx
ReadProcessMemory
GetThreadContext
VirtualAlloc
GlobalFree
LocalAlloc
TerminateProcess
ReadFile
PeekNamedPipe
GetStdHandle
CreatePipe
OpenProcess
DuplicateHandle
GetCurrentThread
lstrcpynA
ExitProcess
AllocConsole
GetStartupInfoA
ExpandEnvironmentStringsA
FindFirstFileA
FindNextFileA
GetLastError
LoadLibraryA
GetProcAddress
CreateFileMappingA
MapViewOfFileEx
DeleteFileA
RemoveDirectoryA
CloseHandle
GetFileAttributesA
SetFileAttributesA
SetEvent
TerminateThread
FindFirstFileW
FindNextFileW
FindClose
GetLocalTime
CreateEventA
WaitForSingleObject
CreateDirectoryA
ExitThread
Sleep
GetModuleHandleA
DeleteFileW
CreateThread
user32
GetWindowTextLengthA
GetForegroundWindow
UnhookWindowsHookEx
CloseClipboard
GetClipboardData
OpenClipboard
SetClipboardData
EmptyClipboard
ExitWindowsEx
MessageBoxA
GetKeyboardLayoutNameA
GetWindowThreadProcessId
ShowWindow
CloseWindow
GetWindowTextA
GetWindowTextW
EnumWindows
SendInput
CreateWindowExA
RegisterClassExA
AppendMenuA
CreatePopupMenu
TrackPopupMenu
SetForegroundWindow
GetCursorPos
DefWindowProcA
GetKeyState
CallNextHookEx
SetWindowsHookExA
GetMessageA
TranslateMessage
GetKeyboardLayout
FindWindowA
DispatchMessageA
IsWindowVisible
gdi32
CreateDCA
CreateCompatibleDC
GetDeviceCaps
CreateCompatibleBitmap
SelectObject
StretchBlt
GetObjectA
GetDIBits
DeleteObject
DeleteDC
advapi32
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
RegCreateKeyExA
RegQueryInfoKeyA
RegEnumKeyExA
RegEnumValueA
RegDeleteValueA
RegCreateKeyA
RegSetValueExA
RegOpenKeyExA
RegDeleteKeyA
RegCloseKey
RegQueryValueExA
GetUserNameW
shell32
ShellExecuteA
ExtractIconA
Shell_NotifyIconA
ShellExecuteExA
ShellExecuteW
msvcp60
?begin@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEPADXZ
?end@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEPADXZ
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@@Z
?replace@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@IIPBD@Z
??8std@@YA_NPBDABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@ABV01@@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV?$allocator@G@1@@Z
?find_last_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIDI@Z
??9std@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@PBG@Z
??Y?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@G@Z
?substr@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBE?AV12@II@Z
?rfind@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIGI@Z
?npos@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@2IB
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
??0Init@ios_base@std@@QAE@XZ
??1Init@ios_base@std@@QAE@XZ
??0_Winit@std@@QAE@XZ
??1_Winit@std@@QAE@XZ
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIABV12@I@Z
?find_last_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDI@Z
??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@PBGABV10@@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@D@Z
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@DABV10@@Z
?rfind@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIDI@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIDI@Z
?begin@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ
?end@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ
?length@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIXZ
??Bios_base@std@@QBEPAXXZ
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
??6std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@PBD@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDI@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@IDABV?$allocator@D@1@@Z
??8std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??0?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAE@PBDH@Z
?is_open@?$basic_ofstream@DU?$char_traits@D@std@@@std@@QBE_NXZ
?data@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
??8std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
??0logic_error@std@@QAE@ABV01@@Z
??0out_of_range@std@@QAE@ABV01@@Z
??1out_of_range@std@@UAE@XZ
??0out_of_range@std@@QAE@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@1@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
?resize@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXI@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBDABV10@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDIABV?$allocator@D@1@@Z
??_D?$basic_fstream@DU?$char_traits@D@std@@@std@@QAEXXZ
?close@?$basic_fstream@DU?$char_traits@D@std@@@std@@QAEXXZ
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@PBDH@Z
?seekp@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@JW4seekdir@ios_base@2@@Z
??0?$basic_fstream@DU?$char_traits@D@std@@@std@@QAE@PBDH@Z
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@D@Z
?size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
??9std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
?empty@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE_NXZ
??A?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAADI@Z
?find@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIABV12@I@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@@Z
??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@0@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGABV?$allocator@G@1@@Z
??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ
?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ
??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@PBG@Z
?end@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEPAGXZ
?begin@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEPAGXZ
??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@G@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??_D?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAEXXZ
?close@?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAEXXZ
?read@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@PADH@Z
?seekg@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@JW4seekdir@ios_base@2@@Z
?tellg@?$basic_istream@DU?$char_traits@D@std@@@std@@QAE?AV?$fpos@H@2@XZ
?is_open@?$basic_ifstream@DU?$char_traits@D@std@@@std@@QBE_NXZ
??0?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAE@PBDH@Z
??_D?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAEXXZ
?close@?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAEXXZ
??6std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@@Z
msvcrt
_wrename
_controlfp
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
_XcptFilter
_exit
_onexit
__dllonexit
??1type_info@@UAE@XZ
_iob
freopen
srand
rand
mbstowcs
realloc
_itoa
sprintf
getenv
toupper
tolower
wcscmp
printf
strncmp
malloc
free
_EH_prolog
__CxxFrameHandler
time
localtime
strftime
puts
atoi
_ftol
??2@YAPAXI@Z
_except_handler3
exit
??0exception@@QAE@ABV0@@Z
_CxxThrowException
winmm
waveInOpen
waveInStop
waveInClose
waveInAddBuffer
waveInPrepareHeader
waveInUnprepareHeader
waveInStart
shlwapi
PathFileExistsA
ws2_32
htons
gethostbyname
closesocket
socket
send
WSAGetLastError
connect
recv
WSAStartup
urlmon
URLDownloadToFileA
gdiplus
GdipLoadImageFromStreamICM
GdipDisposeImage
GdipCloneImage
GdipAlloc
GdipSaveImageToStream
GdipSaveImageToFile
GdipLoadImageFromStream
GdiplusStartup
GdipGetImageEncoders
GdipFree
GdipGetImageEncodersSize
wininet
InternetCloseHandle
InternetOpenUrlA
InternetOpenA
InternetReadFile
Sections
.text Size: 60KB - Virtual size: 59KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 20KB - Virtual size: 18KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 4KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 4KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
bazaar.2020.02/HEUR-Trojan.Win32.Generic-00d4903c9864c5b55f6cba9848f3bc2f2976ad18e9c5763408323c8d9505ff68.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 21KB - Virtual size: 21KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1024B - Virtual size: 576B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
bazaar.2020.02/HEUR-Trojan.Win32.Generic-063bbcff3066fd40c909e97833f35e6f4f5a4e0d2a1ec590fd64aea2211196af.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 21KB - Virtual size: 21KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1024B - Virtual size: 576B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
bazaar.2020.02/HEUR-Trojan.Win32.Generic-10071b7fc8c1800063e60780b8c00b3c0045feecdb92e08ac45cc057127193dc.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 21KB - Virtual size: 21KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1024B - Virtual size: 576B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
bazaar.2020.02/HEUR-Trojan.Win32.Generic-14ce399fdd253df979fa369daeaeec88b785f661f2b288000345746a3ddb78a1.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 30KB - Virtual size: 29KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1024B - Virtual size: 576B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
bazaar.2020.02/HEUR-Trojan.Win32.Generic-1ab5a32c95f4645f124b455ccbd65a46e56897a9f0f62e3edd8a8c3ea06189ab.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 27KB - Virtual size: 26KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1024B - Virtual size: 576B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
bazaar.2020.02/HEUR-Trojan.Win32.Generic-1db41e3285f0819f9f614052a76500038e9ec2433550c240aeceb2787b235808.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 29KB - Virtual size: 29KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1024B - Virtual size: 576B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
bazaar.2020.02/HEUR-Trojan.Win32.Generic-20834d83e3c56d3cedb42c869587d9e9b9c71624b32469a06a042881c5fa1438.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 28KB - Virtual size: 28KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
bazaar.2020.02/HEUR-Trojan.Win32.Generic-22d836128a4dbbec539196ddfac90474a71230f43b9527f9f37d5f3a56bbb535.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 27KB - Virtual size: 26KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1024B - Virtual size: 576B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
bazaar.2020.02/HEUR-Trojan.Win32.Generic-253d2bc02e9a0b835ce9c7bf6f05bc9fa33bc60ddfb71f1da3de26befa103894.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 41KB - Virtual size: 40KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1024B - Virtual size: 1024B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
bazaar.2020.02/HEUR-Trojan.Win32.Generic-2567ad2059f892ce4cb2eaaebe52badfad622e6b1c6044c542ff2910ece4a6bb.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 30KB - Virtual size: 29KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1024B - Virtual size: 576B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
bazaar.2020.02/HEUR-Trojan.Win32.Generic-26f7e1788c2656cd64e69ac68873acfdd0160ff6ed07880720c4a52f5d52bc10.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 21KB - Virtual size: 21KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1024B - Virtual size: 576B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
bazaar.2020.02/HEUR-Trojan.Win32.Generic-2aad7f7edf402c984b9470586e8676190a72c59ccd8a232d5010eece7e85d451.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 21KB - Virtual size: 21KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1024B - Virtual size: 576B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
bazaar.2020.02/HEUR-Trojan.Win32.Generic-2b54d8ac1e78e75cc3737fe24ed0ad4ad558033f76feb1cee362b90fc215fbed.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 21KB - Virtual size: 21KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1024B - Virtual size: 576B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
bazaar.2020.02/HEUR-Trojan.Win32.Generic-31736a54c77e7f44f952f55536eb4ac6d5863c9ed970a087c0d1cc801a558728.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 352KB - Virtual size: 352KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1024B - Virtual size: 872B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
bazaar.2020.02/HEUR-Trojan.Win32.Generic-31f24a687e78048dd69114d16e9fb8d4dac18f64bf355c07f02c5613a0276efe.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 26KB - Virtual size: 26KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1024B - Virtual size: 1024B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
bazaar.2020.02/HEUR-Trojan.Win32.Generic-324c53b81b626af489bb2a1d0a42cc88b4e7f18e291060503455ac1a7a4fce90.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 30KB - Virtual size: 29KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1024B - Virtual size: 576B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
bazaar.2020.02/HEUR-Trojan.Win32.Generic-35e54a27e5315bc5b1f0069b44e1f94a4624107ec2015c1d820bb4f2c4ae8225.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 21KB - Virtual size: 21KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1024B - Virtual size: 576B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
bazaar.2020.02/HEUR-Trojan.Win32.Generic-37347923c50a562b1f3a24212e85b9490fbbed9ae9c395d3d3f9db51cbc987f2.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 30KB - Virtual size: 29KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1024B - Virtual size: 576B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
bazaar.2020.02/HEUR-Trojan.Win32.Generic-38451f9cee47daf6fa98fee356ebf5a18194c5c5fa4d2ffc69af515a60de5e8c.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 35KB - Virtual size: 34KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1024B - Virtual size: 576B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
bazaar.2020.02/HEUR-Trojan.Win32.Generic-39ec963bdfd683141a24c10435e4a6104375f5c1f61af2053b017ee55b84d1c1.exe windows:4 windows x86 arch:x86
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Sections
UPX0 Size: - Virtual size: 80KB
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
UPX1 Size: 30KB - Virtual size: 32KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 4KB - Virtual size: 8KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
-
bazaar.2020.02/HEUR-Trojan.Win32.Generic-3e1e4faf11d4ea1f0be8e16658685f524fad1d5b464857422b88bbbacc878ab6.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 30KB - Virtual size: 29KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1024B - Virtual size: 576B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
bazaar.2020.02/HEUR-Trojan.Win32.Generic-40be51737bb8b9c99a97cf8024014e3f0dfc7bb56471856206365714476add9d.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 35KB - Virtual size: 34KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1024B - Virtual size: 576B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
bazaar.2020.02/HEUR-Trojan.Win32.Generic-47c5387e8459af563993969200416cae6f9ad30748060c8d952c0ad4d2bae3e7.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 30KB - Virtual size: 30KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1024B - Virtual size: 576B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
bazaar.2020.02/HEUR-Trojan.Win32.Generic-491eec6f62e89b017a00c2dccf51864afd6debf003a5e83d4081499a293d7221.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 4KB - Virtual size: 3KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1024B - Virtual size: 1024B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
bazaar.2020.02/HEUR-Trojan.Win32.Generic-4a3f69c2613f4a514b1c904f7e019990d68718fbfdbb6ffe2896c50489ea5814.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 21KB - Virtual size: 21KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
bazaar.2020.02/HEUR-Trojan.Win32.Generic-4a4dcb3d44b25875a661b16ee7d351a057b43921277b1f44a6b17354bb6936a3.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 21KB - Virtual size: 21KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 66KB - Virtual size: 66KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
bazaar.2020.02/HEUR-Trojan.Win32.Generic-4c42f6a7027df50fff5e175148e29c9fdcde33a77cde36eee1dd8aa121f1fec3.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 35KB - Virtual size: 34KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1024B - Virtual size: 576B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
bazaar.2020.02/HEUR-Trojan.Win32.Generic-4e351fed9605d912eb226a3925148012201c99875f38a12c6d95c7fdbf5f5e3e.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 41KB - Virtual size: 40KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1024B - Virtual size: 1024B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
bazaar.2020.02/HEUR-Trojan.Win32.Generic-521a9733212dcb2f2e9345cc722bfb06ba823f34fc35b2264b7fc4f48397ecb5.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 21KB - Virtual size: 21KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1024B - Virtual size: 576B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
bazaar.2020.02/HEUR-Trojan.Win32.Generic-548c48b438d61c6b9cdc1c0c6ef46622c4469405dc7bb677f366dbd1bdb15fc9.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 35KB - Virtual size: 34KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
bazaar.2020.02/HEUR-Trojan.Win32.Generic-579664b49a5ef76626175ada92546a40f63ae977ece60b2f8649b6eac24ca290.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 21KB - Virtual size: 21KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1024B - Virtual size: 576B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
bazaar.2020.02/HEUR-Trojan.Win32.Generic-5cb1c07a56ce3bd1a4b3828f508c5aaba1aebd1dab0bd9566f41603481827876.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 49KB - Virtual size: 48KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
bazaar.2020.02/HEUR-Trojan.Win32.Generic-5d8446a23b80e9b6cb7406c2ba81d606685cf11b24e9eb8309153a47b04f3aad.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 352KB - Virtual size: 352KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1024B - Virtual size: 872B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
bazaar.2020.02/HEUR-Trojan.Win32.Generic-6142acc1a46f79c83a1f331b2b0abf1bc675837e8a26c1004b19b4131d980556.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 27KB - Virtual size: 26KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1024B - Virtual size: 576B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
bazaar.2020.02/HEUR-Trojan.Win32.Generic-634a5e24eda00b716c30b8c463f811a3d0d413a8e0e1e02b1bb2518be225ddcd.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 35KB - Virtual size: 34KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1024B - Virtual size: 576B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
bazaar.2020.02/HEUR-Trojan.Win32.Generic-639d28b15f1b7eacb0643ec4d0d01f616c67331e4922ff70fb0c11d159a71722.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 30KB - Virtual size: 29KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1024B - Virtual size: 576B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
bazaar.2020.02/HEUR-Trojan.Win32.Generic-65878cef4e2fdd03c3c08a4070105ebe37c0c0f311679a0c21208ac9f8f7c069.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 21KB - Virtual size: 21KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1024B - Virtual size: 576B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
bazaar.2020.02/HEUR-Trojan.Win32.Generic-65da4ede295a31428f8a1ae2ea76f27c92dc5d9c8cb5cc440a69c82bc0cbd6e5.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 156KB - Virtual size: 155KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.sdata Size: 512B - Virtual size: 177B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 1024B - Virtual size: 576B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
bazaar.2020.02/HEUR-Trojan.Win32.Generic-6cf989387bc4334c2b9c9a3d1904c072832486a4e1d27fb7a8400bea73b8fc01.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 39KB - Virtual size: 38KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
bazaar.2020.02/HEUR-Trojan.Win32.Generic-6e323bddb6f10b049428e50b9cf4da9f047829e83aa32e00bb2a7f4dc2a5e588.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 21KB - Virtual size: 21KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1024B - Virtual size: 576B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
bazaar.2020.02/HEUR-Trojan.Win32.Generic-6e3f2ebb560fede5fca72650a4f495d1038930a3a7c0bebbd032be0a79e1f2b2.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 21KB - Virtual size: 21KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
bazaar.2020.02/HEUR-Trojan.Win32.Generic-6ef0658079cebc519cd469248cd6ff40dfec559c07249603a826d8cfaba263e2.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 35KB - Virtual size: 34KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1024B - Virtual size: 576B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
bazaar.2020.02/HEUR-Trojan.Win32.Generic-6effb7ad8b4b42bc97ace9c3f1caf5089323493f535304bbcfca5819fdc30106.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 27KB - Virtual size: 26KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1024B - Virtual size: 576B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
bazaar.2020.02/HEUR-Trojan.Win32.Generic-6f6a97800bd9fb1ba19cbc7538f8c67a95260d7b4dceb2edf18e2c5795b9cf5f.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 21KB - Virtual size: 21KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1024B - Virtual size: 576B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
bazaar.2020.02/HEUR-Trojan.Win32.Generic-6fcfa488c67737f9dd617995bb0d67087feb4f84d6ee1fdd26a8fc1e01931b2a.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 21KB - Virtual size: 21KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1024B - Virtual size: 576B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
bazaar.2020.02/HEUR-Trojan.Win32.Generic-72932b9f1884e066fe30966a1a3089b26208297cd6ecbfd76249d9b82b5cb616.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 30KB - Virtual size: 29KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1024B - Virtual size: 576B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
bazaar.2020.02/HEUR-Trojan.Win32.Generic-78364eb0cc0cf381b000b9ae8f942bb4c94f342ba10827d7e7e4dd8ae3d140ff.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 26KB - Virtual size: 26KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1024B - Virtual size: 1024B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
bazaar.2020.02/HEUR-Trojan.Win32.Generic-7c7f23a33db8b6dc22b0b8897bef020ce74670bcb8723f9bc8e6b15f280408cc.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 30KB - Virtual size: 29KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1024B - Virtual size: 576B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
bazaar.2020.02/HEUR-Trojan.Win32.Generic-7e55fd01c96f84a79956e90c1ab551cc636043c989902b32dcc0c60c97720ab0.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 58KB - Virtual size: 58KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 512B - Virtual size: 16B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
bazaar.2020.02/HEUR-Trojan.Win32.Generic-7e6dce4194b7f42515cfe70a26a19cf018b66fd4522a0f10c46fac5bf884aad2.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
H:\Visual Studio 2010\PowerShell2\Encryption Server njRat Clean Bypass Nod windows defender تشفير سيرفر نجرات وتخطي الدفاع الاستباقي وتخطي حماية ويندوز ديفندر\StUB njrat7 3los
Imports
mscoree
_CorExeMain
Sections
.text Size: 29KB - Virtual size: 29KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.sdata Size: 512B - Virtual size: 339B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 512B - Virtual size: 16B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
bazaar.2020.02/HEUR-Trojan.Win32.Generic-7f90d1d2465e6b3c69236275c96662690ccc5eef0d4b4ed2dd90bdf298cc7539.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 4KB - Virtual size: 3KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1024B - Virtual size: 1024B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
bazaar.2020.02/HEUR-Trojan.Win32.Generic-845f3f7d59365c2cc41ef827fa7c9e146f7746dc0720937c7bd29049e42d81f2.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 27KB - Virtual size: 26KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1024B - Virtual size: 576B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
bazaar.2020.02/HEUR-Trojan.Win32.Generic-88889c90ef9432e7eae81bf3aa181b173deb8e8f8e6295d7737c516ee7f2f77f.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 28KB - Virtual size: 28KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
bazaar.2020.02/HEUR-Trojan.Win32.Generic-8a0a78df298dc039aca3ead63d2f293d980c69ba9db23d5c2f2a9b37ce33b539.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 41KB - Virtual size: 40KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1024B - Virtual size: 1024B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
bazaar.2020.02/HEUR-Trojan.Win32.Generic-8c41cc5d45e91f116aa8319fbadfd91657375e95145559e39f76e1f5380ca53b.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 21KB - Virtual size: 21KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1024B - Virtual size: 576B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
bazaar.2020.02/HEUR-Trojan.Win32.Generic-8e02ebc246d1c26c5c5df05e93c8eede2b735846e464a8c2929bef2c6e4dd517.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 58KB - Virtual size: 58KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 512B - Virtual size: 16B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
bazaar.2020.02/HEUR-Trojan.Win32.Generic-90a3ee4bb184d38630de9018450ed6be6fdeb2e6b562ccd04fc88f0ad0c865f4.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 41KB - Virtual size: 40KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1024B - Virtual size: 1024B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
bazaar.2020.02/HEUR-Trojan.Win32.Generic-920872696e5911393610e0f5967c530a197c2ec43fa1f0ad30792712e8f3f019.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 21KB - Virtual size: 21KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1024B - Virtual size: 576B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
bazaar.2020.02/HEUR-Trojan.Win32.Generic-94e8fa6dac6e1a9e76dabf84a2478626eb9cba660c3a9dbe525caa7271fcdef6.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 4KB - Virtual size: 3KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1024B - Virtual size: 1024B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
bazaar.2020.02/HEUR-Trojan.Win32.Generic-952ac15d63c149fe69bf8244baa71fea739ccb58a22e2cba83b01d6dbf688bab.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 21KB - Virtual size: 21KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1024B - Virtual size: 576B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
bazaar.2020.02/HEUR-Trojan.Win32.Generic-96bf799fbafcbc9e851fe8d3b10b292c4eabe9bfc9d208e99974b1b55d335c63.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 21KB - Virtual size: 21KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
bazaar.2020.02/HEUR-Trojan.Win32.Generic-99d42cefa02973d7a59be7b81a4349bbed6b369c947656dac8b5a70568803716.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 21KB - Virtual size: 21KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1024B - Virtual size: 576B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
bazaar.2020.02/HEUR-Trojan.Win32.Generic-9a357f09b76c7c511920154450c9b4a889095f65000e65f6bb6f99748a67a805.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 35KB - Virtual size: 34KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 16KB - Virtual size: 15KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
bazaar.2020.02/HEUR-Trojan.Win32.Generic-9c15ad04809d348f9e4d68da4f530929d103402b2cb83d1732c524e8cbaea45b.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 21KB - Virtual size: 21KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1024B - Virtual size: 576B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
bazaar.2020.02/HEUR-Trojan.Win32.Generic-9c4a7e8094a3602e3b8bc976a88759f9e805b904b8f394dfa39a9121167abff4.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 155KB - Virtual size: 155KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.sdata Size: 512B - Virtual size: 177B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 1024B - Virtual size: 576B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
bazaar.2020.02/HEUR-Trojan.Win32.Generic-9e1059927c865b045b6226c306aa6b5eae5e24532affb7a0a4588bc435ce5ff7.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 21KB - Virtual size: 21KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1024B - Virtual size: 576B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
bazaar.2020.02/HEUR-Trojan.Win32.Generic-9fe0df51775c3935b1f385a5b924bd53218f0711378cbed62da01e96cae89fc6.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 21KB - Virtual size: 21KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1024B - Virtual size: 576B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
bazaar.2020.02/HEUR-Trojan.Win32.Generic-a2f3108c3c2c32f1b9ae75f694d1ee15a2647b2ce3d65f6df9bccaf426fb7af1.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 29KB - Virtual size: 29KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1024B - Virtual size: 576B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
bazaar.2020.02/HEUR-Trojan.Win32.Generic-a585796634217ff4ab444ea95d43a01a1aa4b3a280b41eaea0e42223e491efae.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 33KB - Virtual size: 33KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1024B - Virtual size: 576B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
bazaar.2020.02/HEUR-Trojan.Win32.Generic-a653e4c1521fd408b227bc19b177c072dc2a094416818638df26a0237054fe7c.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 35KB - Virtual size: 34KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1024B - Virtual size: 576B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
bazaar.2020.02/HEUR-Trojan.Win32.Generic-a67236c36e7eb778bc71123e02384f740d80c4aa869834bdc22f4c62be6a3078.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 30KB - Virtual size: 29KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1024B - Virtual size: 576B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
bazaar.2020.02/HEUR-Trojan.Win32.Generic-a724b9208eec5030d377368203ee2ffb7673f3c7178f9db0f74fd15d18bf3f64.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 4KB - Virtual size: 3KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1024B - Virtual size: 1024B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
bazaar.2020.02/HEUR-Trojan.Win32.Generic-ad01160476ded3d8dec827042e6627e5b2a50a4bcf47b37fe892b957de4e149c.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 35KB - Virtual size: 34KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1024B - Virtual size: 576B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
bazaar.2020.02/HEUR-Trojan.Win32.Generic-aece2185bb51693d72cdfd7bc57474dcc659b72bf6a343320783c4c039598b43.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 21KB - Virtual size: 21KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1024B - Virtual size: 576B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
bazaar.2020.02/HEUR-Trojan.Win32.Generic-b1124ee47ce6a5bb4750b45d1d93f0c740ebda59fca7f1ee5b3d17ea2613d786.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 27KB - Virtual size: 26KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1024B - Virtual size: 576B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
bazaar.2020.02/HEUR-Trojan.Win32.Generic-b48799d2eee65351dde0cf00b8beb57ab15da799384c1b546c358f18d412a6db.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 21KB - Virtual size: 21KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1024B - Virtual size: 576B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
bazaar.2020.02/HEUR-Trojan.Win32.Generic-b4d67a1a00e261d1f0850dda2d512003d548e5adac903bc28bebc0ab2c9ad84b.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 21KB - Virtual size: 21KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1024B - Virtual size: 576B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
bazaar.2020.02/HEUR-Trojan.Win32.Generic-b697861cc38f600c83f679c0b8fa3347bf5f869d89465c07101c92a5eb5f8163.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 21KB - Virtual size: 21KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1024B - Virtual size: 576B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
bazaar.2020.02/HEUR-Trojan.Win32.Generic-b8a92e0ec11d91aaa6c5c44f37024d9f09071623dcf2aa67462189e84f683b65.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 4KB - Virtual size: 3KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1024B - Virtual size: 1024B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
bazaar.2020.02/HEUR-Trojan.Win32.Generic-b932c16df904620eff8e4f2b5de4bbcd5af8791827a11e9567f406daa16565eb.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 41KB - Virtual size: 40KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1024B - Virtual size: 1024B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
bazaar.2020.02/HEUR-Trojan.Win32.Generic-c52ab8a1946d9658e5c274c1e51932fc643f96521e6d399ba77a2222af822476.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 30KB - Virtual size: 29KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
bazaar.2020.02/HEUR-Trojan.Win32.Generic-c8b2eec7a0e0086728ac0d69f6f2e3749f5ef31d970d910e0f77639475006dcd.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 35KB - Virtual size: 34KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 16KB - Virtual size: 15KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
bazaar.2020.02/HEUR-Trojan.Win32.Generic-c8d8f79ad37249faa03dae92947af35d310fffc28b7597507246d1f8c8eb9fea.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 41KB - Virtual size: 40KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1024B - Virtual size: 1024B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
bazaar.2020.02/HEUR-Trojan.Win32.Generic-c935473ffba371fdc0afc552e5d4d71c3e1400d7d07316262bcbbb93b6668b77.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 27KB - Virtual size: 26KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1024B - Virtual size: 576B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
bazaar.2020.02/HEUR-Trojan.Win32.Generic-c9feba4cc57bd4d8a9a04af3ccc6c239857791e5a496e5ac75137f29cc9bf7ae.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 21KB - Virtual size: 21KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1024B - Virtual size: 576B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
bazaar.2020.02/HEUR-Trojan.Win32.Generic-caaa5263db4330c246e82a67c5f0773c32478390644121a4555c90476bb526b8.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 27KB - Virtual size: 26KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1024B - Virtual size: 576B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
bazaar.2020.02/HEUR-Trojan.Win32.Generic-ce883dcbb367f40332251ac2054edff9d12f6dcbe483b04fef88ebd4cae28be7.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 21KB - Virtual size: 21KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1024B - Virtual size: 576B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
bazaar.2020.02/HEUR-Trojan.Win32.Generic-d0fa5f41eaf22b17c2a2c2a65eb6ae69c36e2533d184cc07a1295c218e672978.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 26KB - Virtual size: 26KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1024B - Virtual size: 1024B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
bazaar.2020.02/HEUR-Trojan.Win32.Generic-d163a0c4e233656f8162b5c5ed558ad18f18a969a28e7ee34de704b69069d30e.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 21KB - Virtual size: 21KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1024B - Virtual size: 576B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
bazaar.2020.02/HEUR-Trojan.Win32.Generic-d80a899843845ba8ed8077d40e6d7c6935e407ece04463d9092f75ee34e6ecc0.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 26KB - Virtual size: 26KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1024B - Virtual size: 1024B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
bazaar.2020.02/HEUR-Trojan.Win32.Generic-dbdc1398559f3db44d18f68de43bb811de9c4fab16ce1e0fac95cd738dcaf2f8.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 628KB - Virtual size: 628KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
bazaar.2020.02/HEUR-Trojan.Win32.Generic-ddc9c053dffe73d360c81672504cbc37bb85693fc587867a83f99cfb9184b68d.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 21KB - Virtual size: 21KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1024B - Virtual size: 576B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
bazaar.2020.02/HEUR-Trojan.Win32.Generic-e0717a6c90b4fc941a29d4c5272cd6139b1b86c1e0103d7d58955bf05c4bbb9b.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 21KB - Virtual size: 21KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1024B - Virtual size: 576B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
bazaar.2020.02/HEUR-Trojan.Win32.Generic-e4d1ed3eca417e52557775993d92b2b024142a5ddb45ea7a3a6dda5e13c0996e.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 30KB - Virtual size: 29KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1024B - Virtual size: 576B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
bazaar.2020.02/HEUR-Trojan.Win32.Generic-e632779afa8a535c1c33326cd2ed3c21a2dd3d5978e83670b209bd42778fee4d.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 29KB - Virtual size: 29KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1024B - Virtual size: 576B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
bazaar.2020.02/HEUR-Trojan.Win32.Generic-eb39aa174e5a1bead3c5c6d6003022cdbc309d09820024b7cde7afc1347e7b9e.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 76KB - Virtual size: 75KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1024B - Virtual size: 576B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
bazaar.2020.02/HEUR-Trojan.Win32.Generic-ec3c8bb69881ff50e0b35fe6b54c42f34d3f2d116cecd82ab7336984bdf4ef41.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 35KB - Virtual size: 34KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1024B - Virtual size: 576B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
bazaar.2020.02/HEUR-Trojan.Win32.Generic-ec4f2c04c1b71661872758781a7cee0973021e265fba57fbc8dbb8a4bf3614e5.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 21KB - Virtual size: 21KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1024B - Virtual size: 576B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
bazaar.2020.02/HEUR-Trojan.Win32.Generic-eeb8f190b604e6a50611345ec77050d40c18e291849be1ee5d47f46d5e9ed957.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 28KB - Virtual size: 28KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
bazaar.2020.02/HEUR-Trojan.Win32.Generic-ef5c8a793083695a015f7c29543bdd61275d9139f4071064cd18524e0f55ea02.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 41KB - Virtual size: 40KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1024B - Virtual size: 1024B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
bazaar.2020.02/HEUR-Trojan.Win32.Generic-efbe05cbdbc16fea15a71a18c891dc9cb2e88d13de35b515a616a4a94bada0b3.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 26KB - Virtual size: 26KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1024B - Virtual size: 1024B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
bazaar.2020.02/HEUR-Trojan.Win32.Generic-f01befb0270c212d3f5c8d4501e19c544aa57010bd30bbf1d9817789ef7d83d0.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 30KB - Virtual size: 29KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1024B - Virtual size: 576B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
bazaar.2020.02/HEUR-Trojan.Win32.Generic-f3d79fdaaf41d0bafb0950845f7a50a16995a376a767ebe09cde3d93a72f400b.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 21KB - Virtual size: 21KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1024B - Virtual size: 576B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
bazaar.2020.02/HEUR-Trojan.Win32.Generic-f67ad736a0b228abca843c8dabb426263903b4c95548a64d8ff5a078ba9cf8d9.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 30KB - Virtual size: 29KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1024B - Virtual size: 576B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
bazaar.2020.02/HEUR-Trojan.Win32.Generic-f96a3c58fc9dc49cb3064cba97c9629e2f04eb0c48dc0507bb1264f2d991b411.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 21KB - Virtual size: 21KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
bazaar.2020.02/HEUR-Trojan.Win32.Generic-fa84bcc1375121f4ea3c3d091399ca5367fb99cb6a66ef0c49a38b2e38ab224e.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 21KB - Virtual size: 21KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1024B - Virtual size: 576B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
bazaar.2020.02/HEUR-Trojan.Win32.Generic-fbb4863016dfcfc7f11e3d41896c2f42efd1c376d5c85f7b9bcd0d244e260b99.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 30KB - Virtual size: 29KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1024B - Virtual size: 576B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
bazaar.2020.02/HEUR-Trojan.Win32.Generic-fc8001d8cd8308ef3fe660bb5cd20920a038b091b6aff202281060199453cdf5.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 99KB - Virtual size: 99KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.rsrc Size: 55KB - Virtual size: 55KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
bazaar.2020.02/HEUR-Trojan.Win32.Generic-fd119a762866a0b3a798fc0421b49769f06153881d762bda8f5015df9495cdb4.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 35KB - Virtual size: 34KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1024B - Virtual size: 576B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
bazaar.2020.02/HEUR-Trojan.Win32.Generic-fdf7af1118dbd4fa30dcf72d07b2a114c8242207c13aa672eeada3dc5de8582f.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 21KB - Virtual size: 21KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1024B - Virtual size: 576B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
bazaar.2020.02/HEUR-Trojan.Win32.Generic-fe0eede4b7205c77ce055b7e99be118d19c402101892d67f76bcbe4ec8049038.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 28KB - Virtual size: 28KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
bazaar.2020.02/HEUR-Trojan.Win32.RRAT.gen-0760806d2cb04dfa58902d85e3503e313805e8056565097cf18d4d24249679d3.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 12KB - Virtual size: 12KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1024B - Virtual size: 672B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
bazaar.2020.02/HEUR-Trojan.Win32.RRAT.gen-0b3ca8fc417a9e5ac4101babf092999399fe7aadc4d8b68b4707e8297db0a08e.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 15KB - Virtual size: 15KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
bazaar.2020.02/HEUR-Trojan.Win32.RRAT.gen-0f0ad0df89b895ae4e7ad72b7d6bbea015fe566fe98b577553cb95cd3fb96766.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 15KB - Virtual size: 15KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
bazaar.2020.02/HEUR-Trojan.Win32.RRAT.gen-0f9f2ed3669af8502dfad754d0dc2e7682fe7bc4d0044f7cc3ca61a0e1170d15.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 16KB - Virtual size: 16KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
bazaar.2020.02/HEUR-Trojan.Win32.RRAT.gen-23fc02f1e3783ac574850e9f210b8fb54e2a3dd589ed4b0399157e1708457ed1.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 12KB - Virtual size: 12KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1024B - Virtual size: 672B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
bazaar.2020.02/HEUR-Trojan.Win32.RRAT.gen-275e4633982c0b779c6dcc0a3dab4b2742ec05bc1a3364c64745cbfe74302c06.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 100KB - Virtual size: 100KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
bazaar.2020.02/HEUR-Trojan.Win32.RRAT.gen-291bf31470c9bcacec467c980adb7a3d111ebb6b72cf07147884a7eae5cabde9.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 16KB - Virtual size: 15KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
bazaar.2020.02/HEUR-Trojan.Win32.RRAT.gen-30ef3d46a266114674f601d9d03f85029ec54821f104b9e86903113d47914b6f.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 12KB - Virtual size: 12KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1024B - Virtual size: 672B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
bazaar.2020.02/HEUR-Trojan.Win32.RRAT.gen-31b10f1a4a6bb1e74af48d786c3c5957d1fdde4307adb24d5cbf06f278fc18ae.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 16KB - Virtual size: 16KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
bazaar.2020.02/HEUR-Trojan.Win32.RRAT.gen-3ac39ece6e1953f03e88fdfb942bf9f0dcb8d1da643cbd9677032f2ac7861d03.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 15KB - Virtual size: 15KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
bazaar.2020.02/HEUR-Trojan.Win32.RRAT.gen-42e23b5a0fde78a0677c91043c9484aa6a9942fadf7e535a07104ff0dd501cb4.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 12KB - Virtual size: 12KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1024B - Virtual size: 672B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
bazaar.2020.02/HEUR-Trojan.Win32.RRAT.gen-58f1865d2fb00775add6c9d34aa504118bc962e08fba8fb79b288515320ef933.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 12KB - Virtual size: 12KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1024B - Virtual size: 672B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
bazaar.2020.02/HEUR-Trojan.Win32.RRAT.gen-5a810a0b7402b9023f8c5016d0341a5070ef1ce52f0b124b6ced8a3846e54c83.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 12KB - Virtual size: 12KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1024B - Virtual size: 672B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
bazaar.2020.02/HEUR-Trojan.Win32.RRAT.gen-6ebe2626d66a590a572cca546c2b1c472f5e1b7db26f89cc8f6f073125fe82c5.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 15KB - Virtual size: 15KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
bazaar.2020.02/HEUR-Trojan.Win32.RRAT.gen-6f03b44e93301e51660e62609d5a4c0982ecc139317e274c8450834a774a05b4.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 12KB - Virtual size: 12KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1024B - Virtual size: 672B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
bazaar.2020.02/HEUR-Trojan.Win32.RRAT.gen-7e1f0c4593e27a0841305ca73d83f6ccdd900ecf8ed8863feb9a301367c5dac1.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 15KB - Virtual size: 15KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
bazaar.2020.02/HEUR-Trojan.Win32.RRAT.gen-8efd6f95c39e86627b1f9cc553fa7bed152dbf4788662bee15d3b5bdf0c1b79e.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 15KB - Virtual size: 15KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
bazaar.2020.02/HEUR-Trojan.Win32.RRAT.gen-98c053d0a020c3146a1cfee09150fb2fc342f501ce00b0a898935c042ebe7016.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 18KB - Virtual size: 18KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 512B - Virtual size: 512B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
bazaar.2020.02/HEUR-Trojan.Win32.RRAT.gen-9be010b45a81a22f2d50c1d35f31384152c5b91dd7e3a1fe81b2c4fa95bb468c.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 12KB - Virtual size: 12KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1024B - Virtual size: 680B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
bazaar.2020.02/HEUR-Trojan.Win32.RRAT.gen-a26b3e551732d7ef9c649bd713bb22210d3123ba081df325bc534c9c740def1e.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 12KB - Virtual size: 12KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1024B - Virtual size: 672B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
bazaar.2020.02/HEUR-Trojan.Win32.RRAT.gen-b45741c0c50256480cdffc15bd14a3770d895232c1e482e91f5e298daea023fc.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 12KB - Virtual size: 12KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1024B - Virtual size: 664B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
bazaar.2020.02/HEUR-Trojan.Win32.RRAT.gen-d45ab6328d392df91c86b67708bf1994f8b3dd263edd88b91ff0b02e738fb250.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 12KB - Virtual size: 12KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1024B - Virtual size: 672B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
bazaar.2020.02/HEUR-Trojan.Win32.RRAT.gen-d9a9a7ab99db0946ecb0f5f398eddd0d820ffbde0105164064e168f1ea73ba26.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 15KB - Virtual size: 15KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
bazaar.2020.02/HEUR-Trojan.Win32.RRAT.gen-e46cd935e22dcbb21e8a802f714a28f91ffd53351655f28c1df0b418d6d535b5.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 15KB - Virtual size: 15KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
bazaar.2020.02/HEUR-Trojan.Win32.RRAT.gen-e54384fe872d30bf574d7b80311ce1c6d9f86a8db7b6e47cbd03069eea1bdd61.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 15KB - Virtual size: 15KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
bazaar.2020.02/Trojan-Banker.Win32.Gozi.igc-59fc347dac3dd1c78d62393589818b5417ca041d697d155040988b14562bc797.exe windows:5 windows x86 arch:x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Sections
.text Size: 26KB - Virtual size: 25KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 53KB - Virtual size: 52KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 32KB - Virtual size: 32KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 1024B - Virtual size: 624B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.reloc Size: 4KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
bazaar.2020.02/Trojan-Spy.MSIL.KeyLogger.jld-57a9e199176b14c33f65ff74e8a9c858beef84d247c29d925d87c6e8313b9e92.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 27KB - Virtual size: 26KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1024B - Virtual size: 576B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
bazaar.2020.02/Trojan-Spy.MSIL.KeyLogger.jld-5f660bdf5435c4fb1ad9f4aafbb7b38def8ca93dfed281e9b029d4d036e6946d.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 27KB - Virtual size: 26KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1024B - Virtual size: 576B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
bazaar.2020.02/Trojan.MSIL.Agent.foww-127e69ed4de5d98d060b70789551d2967c1ebbb895037a0fe20ff7229440ef49.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 344KB - Virtual size: 344KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
bazaar.2020.02/Trojan.MSIL.Agent.foww-32d915040990164c6dff0ddcc5e7cf4258d90f9e425e6058e5a771e084b73bdb.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 344KB - Virtual size: 344KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
bazaar.2020.02/Trojan.MSIL.Agent.foww-35826857f7763122fb380c1392f2d0fb820ec28c1f16e858b3846b9f681525af.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 344KB - Virtual size: 344KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
bazaar.2020.02/Trojan.MSIL.Agent.foww-588eb55b57e118fbee66a6d0586de453ea4e0ae1a781c73e1bbe10e8e24641fc.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 344KB - Virtual size: 344KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
bazaar.2020.02/Trojan.MSIL.Agent.foww-5b441845c2a6dd856d00a56b6dc812a13da0fee80a10e55ed7afd103914e6513.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 344KB - Virtual size: 344KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 68KB - Virtual size: 68KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
bazaar.2020.02/Trojan.MSIL.Agent.foww-5eb26eb056480f6083f7565a572b2dd6ebc992a99d8220dbf0d736c7b4a12077.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 345KB - Virtual size: 344KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
bazaar.2020.02/Trojan.MSIL.Agent.foww-7431f9ba6aec04eac9673c804378df129f167a06927649ec7aca9872fb15f14b.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 345KB - Virtual size: 344KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
bazaar.2020.02/Trojan.MSIL.Agent.foww-78ddd7ee459b76b72c74a996678b97f3c215f5627dde3d49afed389867d853f7.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 345KB - Virtual size: 344KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
bazaar.2020.02/Trojan.MSIL.Agent.foww-7d016ad09b5362b12283b52164529321914d6e2d26dfdb011e5bf39d67855b3e.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 344KB - Virtual size: 344KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
bazaar.2020.02/Trojan.MSIL.Agent.foww-a53732f6b49c8d9b99b7bdad38c3255f7ea944e14b86c8f674dd3187c74e808e.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 344KB - Virtual size: 344KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
bazaar.2020.02/Trojan.MSIL.Agent.foww-a5a95cd39484fabee1551b0daeb1a3c3fc94c610fe2020e2f714f366ef1430aa.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 345KB - Virtual size: 344KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
bazaar.2020.02/Trojan.MSIL.Agent.foww-ac9e09f103268fe05d4f463f8d192e7ff220ee1428258063b4f2f26c531ec57d.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 345KB - Virtual size: 344KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
bazaar.2020.02/Trojan.MSIL.Agent.foww-c0cd9c51c4fc4f7805d5d2e5e08e3701c2214ab9ee25a239b2ab3c7af0c8e797.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 344KB - Virtual size: 344KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
bazaar.2020.02/Trojan.MSIL.Agent.foww-c4682163181637eb17e174cc795eba8b094f6d6c76a60b14cdfa38ae7471c768.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 344KB - Virtual size: 344KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
bazaar.2020.02/Trojan.MSIL.Agent.fpar-0737463d0ed8addd2c9adf17c3289e48ea012750b5f826da5b33da8408341e3c.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 114KB - Virtual size: 113KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.rsrc Size: 88KB - Virtual size: 87KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
bazaar.2020.02/Trojan.MSIL.Agent.fpar-86c8896067480a260f931692b6f2223d603415a0708e8d16cc5ead90f9b22ba3.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 114KB - Virtual size: 113KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.rsrc Size: 247KB - Virtual size: 246KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
bazaar.2020.02/Trojan.MSIL.Agent.fpar-aea3597f24009ec7a5212edf353080643e43839f2a5e6933c456c8d3aa147da5.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 114KB - Virtual size: 113KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.rsrc Size: 87KB - Virtual size: 87KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
bazaar.2020.02/Trojan.MSIL.Agent.fpar-b603ac369d000ccf2c33d13a62af4e02a41ee021ff787427505b83a86460c047.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 114KB - Virtual size: 113KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.rsrc Size: 87KB - Virtual size: 87KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
bazaar.2020.02/Trojan.MSIL.Agent.fpar-c4e48bc0716a6eafda6fc596fc5a38a201071d76551ebb14921c6b38adf8deba.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 114KB - Virtual size: 113KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.rsrc Size: 87KB - Virtual size: 87KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
bazaar.2020.02/Trojan.MSIL.Agent.fpar-cc559587825877b40a955baeea22039cbc35813ee00e139fa6a3c90b7355283a.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 114KB - Virtual size: 113KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.rsrc Size: 87KB - Virtual size: 87KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
bazaar.2020.02/Trojan.MSIL.Agent.fpar-d44670b7dede4487ecc7d4a61f28a0462591fac8d303aa36b8b376001c79111d.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 114KB - Virtual size: 113KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.rsrc Size: 88KB - Virtual size: 87KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
bazaar.2020.02/Trojan.MSIL.Agent.fpar-d8c2b06570a0c86994d2ddf5b0e98d69365d9541ff262a03f4c1271d2def4cff.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 114KB - Virtual size: 113KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.rsrc Size: 246KB - Virtual size: 246KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
bazaar.2020.02/Trojan.MSIL.Agent.fpar-e039762eca5db26ade1a4e3483916193ebbd335b5760c54a2b2243877f41ed73.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 114KB - Virtual size: 113KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.rsrc Size: 87KB - Virtual size: 87KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
bazaar.2020.02/Trojan.MSIL.Disfa.bop-18c601f2c857a8fc639396cc131bde47b16c0bca95ea7f2ca78f7020adc77b8b.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 21KB - Virtual size: 21KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1024B - Virtual size: 576B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
bazaar.2020.02/Trojan.MSIL.Disfa.bop-2d373452dedac769b8f2ef99985f0c1fd21f4a5d45f45b9e301196da80223ec4.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 21KB - Virtual size: 21KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1024B - Virtual size: 576B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
bazaar.2020.02/Trojan.MSIL.Disfa.bop-7eac3dab8df1f347802cbb863cb525b4c00e2b6d5488b409969967bb2baac695.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 21KB - Virtual size: 21KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1024B - Virtual size: 576B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
bazaar.2020.02/Trojan.MSIL.Disfa.bop-afc68f8b78045786888471eb198cccacfff9fb5b6e39f7ca585222d60d52ff9d.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 21KB - Virtual size: 21KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1024B - Virtual size: 576B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
bazaar.2020.02/Trojan.MSIL.Disfa.bop-c3e9e467dc54d54f8794d49cb9f5daf9aa7371121c7e5411eabc4061d7555094.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 21KB - Virtual size: 21KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1024B - Virtual size: 576B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
bazaar.2020.02/Trojan.MSIL.Disfa.bop-f489cba00e6d7bc606ea137f639ac40baca8871474066bec0a839fae75de4eaf.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 21KB - Virtual size: 21KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1024B - Virtual size: 576B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
bazaar.2020.02/Trojan.MSIL.Disfa.bop-fe30c3e3acd5449124af4d0f78bd33a4e6a35d4240d9c7ad8dea1a1332e1312d.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 21KB - Virtual size: 21KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1024B - Virtual size: 576B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
bazaar.2020.02/Trojan.MSIL.Disfa.bqd-a88edeb377205df24d69e4215b7d48f251231fdca07763cb498b9b0107629eca.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 21KB - Virtual size: 21KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1024B - Virtual size: 576B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
bazaar.2020.02/Trojan.MSIL.Disfa.bqd-bb42676345c8aed263ed1e32c7ce22c5e6a9838a92c21d376e39356db0dbd940.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 21KB - Virtual size: 21KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1024B - Virtual size: 576B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
bazaar.2020.02/Trojan.MSIL.Disfa.bqd-f710f839c4211f980cb6f2c2ba51e28eda20891810e5a57ac395bf467ff6fedf.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 21KB - Virtual size: 21KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1024B - Virtual size: 576B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
bazaar.2020.02/Trojan.MSIL.Disfa.bqd-fbfea1db4497202597c91cfda1d44136e85ca74fbf780baab2f1b1520c724cd8.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 21KB - Virtual size: 21KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1024B - Virtual size: 576B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
bazaar.2020.02/Trojan.MSIL.Disfa.bqg-931238083c5373a7b48f5d06916e4832af77af36a0b6569f9750511d509dc490.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 21KB - Virtual size: 21KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1024B - Virtual size: 576B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
bazaar.2020.02/Trojan.MSIL.Disfa.bqg-ae9ba2145b99bca3d87d444a47246a5bcd426993c74733faf4892d20e195d6b0.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 21KB - Virtual size: 21KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1024B - Virtual size: 576B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
bazaar.2020.02/Trojan.MSIL.Disfa.bqg-b3a4d7c4c5b4a03a8a11dc9f6bb313a4c6da0040f2e45a48dc76ebc3f12d7842.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 21KB - Virtual size: 21KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1024B - Virtual size: 576B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
bazaar.2020.02/Trojan.MSIL.Disfa.bqh-0dfca39c7ebcca00525b6d29fb720a32396a12716322609498528bdcf91d8715.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 27KB - Virtual size: 26KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1024B - Virtual size: 576B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
bazaar.2020.02/Trojan.MSIL.Disfa.bqh-6ec3febd674513a33ed7c68a64fd8b02b0436a96f79b69821faad1334025937d.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 27KB - Virtual size: 26KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1024B - Virtual size: 576B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
bazaar.2020.02/Trojan.MSIL.Disfa.bqh-7b864591a77a15197d9f25ed3e625b50576ffc061f2849ac6fcc245d296b7357.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 27KB - Virtual size: 26KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1024B - Virtual size: 576B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
bazaar.2020.02/Trojan.MSIL.Disfa.bqo-8b635dcdeacc541a398e5862d13ea54004302b8c06b63a2db0ddc7c6528e804f.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 27KB - Virtual size: 26KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1024B - Virtual size: 576B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
bazaar.2020.02/Trojan.MSIL.Disfa.bqo-971e4b2879189d8d1f19a1d5874dd6f571651aa02ed7cf7d97f2c0b43fa6b6c2.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 27KB - Virtual size: 26KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1024B - Virtual size: 576B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
bazaar.2020.02/Trojan.Win32.Agentb.jiad-1e0cc4051f5ea6cb75b0df551bc5be60abc54ca51cd1611dc760aa245a0055dd.exe windows:5 windows x86 arch:x86
b76aafdc988ade2ab3db3b02fa4c6d00
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
GetProcAddress
ExitProcess
GetCommandLineA
GetStartupInfoA
HeapFree
VirtualFree
VirtualAlloc
HeapReAlloc
VirtualQuery
TerminateThread
CreateThread
WriteFile
CreateFileW
LoadLibraryW
GetLocalTime
GetCurrentThreadId
GetCurrentProcessId
ReadFile
FindFirstFileA
GetBinaryTypeW
FindNextFileA
GetFullPathNameA
GetTempPathW
GetPrivateProfileStringW
CreateFileA
GlobalAlloc
GetCurrentDirectoryW
SetCurrentDirectoryW
LocalFree
GetFileSize
FreeLibrary
WaitForSingleObject
GetCurrentProcess
WaitForMultipleObjects
CreatePipe
PeekNamedPipe
DuplicateHandle
Sleep
CreateProcessW
CreateEventA
GetModuleFileNameW
LoadResource
FindResourceW
LoadLibraryA
LoadLibraryExW
FindFirstFileW
FindNextFileW
SetFilePointer
GetLogicalDriveStringsW
DeleteFileW
CopyFileW
GetDriveTypeW
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
CreateMutexA
ReleaseMutex
TerminateProcess
OpenProcess
CreateToolhelp32Snapshot
Process32NextW
lstrcmpW
VirtualProtectEx
CreateProcessA
SizeofResource
VirtualProtect
LockResource
GetWindowsDirectoryW
Process32First
WriteProcessMemory
Process32Next
GetWindowsDirectoryA
VirtualAllocEx
CreateRemoteThread
IsWow64Process
GetTempPathA
GetTickCount
lstrcpyW
WideCharToMultiByte
lstrcpyA
MultiByteToWideChar
lstrcatA
GetProcessHeap
HeapAlloc
GetComputerNameW
lstrcmpA
lstrlenA
ExpandEnvironmentStringsW
lstrlenW
CloseHandle
lstrcatW
GetLastError
GetModuleHandleA
SetLastError
GetModuleFileNameA
CreateDirectoryW
SetEvent
Process32FirstW
user32
MessageBoxA
GetKeyState
GetMessageA
DispatchMessageA
CreateWindowExW
CallNextHookEx
GetAsyncKeyState
SetWindowsHookExA
RegisterClassW
GetRawInputData
MapVirtualKeyA
GetForegroundWindow
DefWindowProcA
RegisterRawInputDevices
GetLastInputInfo
ToUnicode
GetKeyNameTextW
PostQuitMessage
GetWindowTextW
TranslateMessage
wsprintfA
wsprintfW
advapi32
FreeSid
LookupAccountSidW
GetTokenInformation
CloseServiceHandle
OpenSCManagerW
RegCreateKeyExA
RegSetValueExW
StartServiceW
EnumServicesStatusExW
RegSetValueExA
RegCreateKeyExW
RegDeleteKeyW
LookupPrivilegeValueW
AdjustTokenPrivileges
AllocateAndInitializeSid
OpenProcessToken
RegQueryValueExW
RegOpenKeyExW
RegOpenKeyExA
RegEnumKeyExW
RegQueryValueExA
RegQueryInfoKeyW
RegCloseKey
OpenServiceW
ChangeServiceConfigW
QueryServiceConfigW
RegDeleteValueW
shell32
SHGetSpecialFolderPathW
SHCreateDirectoryExW
SHGetFolderPathW
ShellExecuteW
ord680
ShellExecuteExA
urlmon
URLDownloadToFileW
ws2_32
freeaddrinfo
htons
recv
connect
socket
send
WSAStartup
getaddrinfo
shutdown
closesocket
WSACleanup
ioctlsocket
ntohs
gethostbyname
inet_addr
setsockopt
ole32
CoCreateInstance
CoUninitialize
CoInitialize
CoTaskMemFree
shlwapi
StrStrW
PathRemoveFileSpecA
StrStrA
PathCombineA
PathFindFileNameW
PathFindExtensionW
PathFileExistsW
netapi32
NetLocalGroupAddMembers
NetUserAdd
oleaut32
VariantInit
crypt32
CryptStringToBinaryA
CryptUnprotectData
psapi
GetModuleFileNameExW
wininet
InternetQueryDataAvailable
InternetOpenUrlW
InternetOpenW
InternetCloseHandle
InternetReadFile
InternetCheckConnectionW
Sections
.text Size: 65KB - Virtual size: 64KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 15KB - Virtual size: 14KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 1KB - Virtual size: 7KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 11KB - Virtual size: 11KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 3KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.bss Size: 512B - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
bazaar.2020.02/Trojan.Win32.Agentb.jiad-8aa2c9406939c8c158483b7607b68846a87b1ee8fba9301d11aa812429516db5.exe windows:5 windows x86 arch:x86
68c4b266e54af6d380eaae4a078f6aa5
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
TerminateThread
CreateThread
WriteFile
CreateFileW
LoadLibraryW
GetLocalTime
GetCurrentThreadId
GetCurrentProcessId
ReadFile
FindFirstFileA
GetBinaryTypeW
FindNextFileA
GetFullPathNameA
GetTempPathW
GetPrivateProfileStringW
CreateFileA
GlobalAlloc
GetCurrentDirectoryW
SetCurrentDirectoryW
LocalFree
GetFileSize
FreeLibrary
SetDllDirectoryW
WaitForSingleObject
GetCurrentProcess
WaitForMultipleObjects
CreatePipe
PeekNamedPipe
DuplicateHandle
SetEvent
CreateProcessW
CreateEventA
GetModuleFileNameW
LoadResource
FindResourceW
HeapFree
GlobalMemoryStatusEx
LoadLibraryExW
FindFirstFileW
FindNextFileW
SetFilePointer
GetLogicalDriveStringsW
VirtualQuery
CopyFileW
GetDriveTypeW
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
CreateMutexA
ReleaseMutex
TerminateProcess
OpenProcess
CreateToolhelp32Snapshot
Process32NextW
Process32FirstW
CreateProcessA
SizeofResource
VirtualProtect
GetSystemDirectoryW
LockResource
GetWindowsDirectoryW
GetStartupInfoA
Process32First
WriteProcessMemory
Process32Next
GetWindowsDirectoryA
VirtualProtectEx
VirtualAllocEx
CreateRemoteThread
WinExec
GetTempPathA
GetCommandLineA
GetModuleHandleA
ExitProcess
GetProcAddress
LoadLibraryA
GetProcessHeap
HeapAlloc
lstrcmpW
GetTickCount
lstrcpyW
WideCharToMultiByte
HeapReAlloc
VirtualAlloc
DeleteFileW
lstrcpyA
Sleep
MultiByteToWideChar
lstrcatA
lstrcmpA
lstrlenA
ExpandEnvironmentStringsW
lstrlenW
CloseHandle
lstrcatW
VirtualFree
GetLastError
SetLastError
GetModuleFileNameA
CreateDirectoryW
GetComputerNameW
IsWow64Process
user32
MessageBoxA
GetKeyState
GetMessageA
DispatchMessageA
CreateWindowExW
CallNextHookEx
wsprintfW
wsprintfA
GetWindowTextW
GetAsyncKeyState
RegisterClassW
GetRawInputData
ToUnicode
DefWindowProcA
RegisterRawInputDevices
TranslateMessage
GetForegroundWindow
GetKeyNameTextW
PostQuitMessage
GetLastInputInfo
MapVirtualKeyA
advapi32
SetSecurityDescriptorDacl
RegDeleteKeyA
InitializeSecurityDescriptor
RegEnumKeyExW
RegOpenKeyExA
RegOpenKeyExW
RegQueryValueExW
RegQueryInfoKeyW
RegCloseKey
OpenServiceW
ChangeServiceConfigW
QueryServiceConfigW
EnumServicesStatusExW
StartServiceW
RegSetValueExW
RegCreateKeyExA
OpenSCManagerW
CloseServiceHandle
GetTokenInformation
LookupAccountSidW
FreeSid
OpenProcessToken
AllocateAndInitializeSid
AdjustTokenPrivileges
LookupPrivilegeValueW
RegDeleteValueW
RegSetValueExA
RegCreateKeyExW
RegDeleteKeyW
RegQueryValueExA
shell32
ShellExecuteW
ShellExecuteExA
ShellExecuteExW
ord680
SHGetSpecialFolderPathW
SHCreateDirectoryExW
SHGetFolderPathW
urlmon
URLDownloadToFileW
ws2_32
send
WSAStartup
shutdown
closesocket
WSACleanup
ioctlsocket
ntohs
gethostbyname
inet_addr
getaddrinfo
setsockopt
freeaddrinfo
htons
recv
connect
socket
ole32
CoInitializeSecurity
CoUninitialize
CoCreateInstance
CoTaskMemFree
CoInitialize
shlwapi
StrStrA
StrStrW
PathFindExtensionW
PathCombineA
PathFindFileNameW
PathFileExistsW
PathRemoveFileSpecA
netapi32
NetUserAdd
NetLocalGroupAddMembers
oleaut32
VariantInit
crypt32
CryptStringToBinaryA
CryptUnprotectData
psapi
GetModuleFileNameExW
Sections
.text Size: 67KB - Virtual size: 66KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 15KB - Virtual size: 15KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 1KB - Virtual size: 7KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 11KB - Virtual size: 11KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 4KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.bss Size: 512B - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
bazaar.2020.02/Trojan.Win32.Bublik.elhu-3ba8a562f78af7776675f128f12777144fc3c73a471d8efb1950728179bb72d9.exe windows:4 windows x86 arch:x86
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI
Sections
CODE Size: 54KB - Virtual size: 54KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
DATA Size: 1024B - Virtual size: 572B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
BSS Size: - Virtual size: 4KB
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.idata Size: 3KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.tls Size: - Virtual size: 8B
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rdata Size: 512B - Virtual size: 24B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 3KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 232KB - Virtual size: 232KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ