lockbit | Pablo_Escobar_2[.]rar

Resubmissions

16/03/2024, 15:31

240316-sygclsfg37 10

15/03/2024, 08:15

240315-j5z9madg74 10

Sharing

Copy URL Twitter E-mail

General

Target

Pablo_Escobar_2.rar
Size

8.9MB
MD5

2799923ee71653dba823e69d37898d4b
SHA1

cd27cd3d579b1bc12933183975a5727ea86b4656
SHA256

81e301752d56ea5cc6fc5b4e188fb37ee3fbf02ed8a4691b2fd9714d4ded4299
SHA512

ecbd79d8861f94e46675c9c6fb45d5279ecbca2264cf106ece8043e2b7ed6940f7abf2ced02a98b770c712133368e479d81e367e4cf9bb1c0bbbccc45ba02a62
SSDEEP

196608:uKTkWXnELYZnIxF08h93tu1EMUcW1mmOm/O0nRRtknTqUp6G2:uStXELYZne0i99X6mOeVz+nRpW

Score

10^/10

ransomware lockbit gandcrab chaos medusalocker djvu royal xorist

Malware Config

Extracted

Family

djvu

http://spaceris.com/test1/get.php

Attributes

extension
.bpsm
offline_id
pu5TgkFNAS5fWQ2rCzdamsmMrE5wSlTupdTI0pt1
payload_url
http://uaery.top/dl/build2.exe

http://spaceris.com/files/1/build3.exe
ransomnote
ATTENTION! Don't worry, you can return all your files! All your files like pictures, databases, documents and other important are encrypted with strongest encryption and unique key. The only method of recovering files is to purchase decrypt tool and unique key for you. This software will decrypt all your encrypted files. What guarantees you have? You can send one of your encrypted file from your PC and we decrypt it for free. But we can decrypt only 1 file for free. File must not contain valuable information. You can get and look video overview decrypt tool: https://we.tl/t-rmxjMZAZBJ Price of private key and decrypt software is $980. Discount 50% available if you contact us first 72 hours, that's price for you is $490. Please note that you'll never restore your data without payment. Check your e-mail "Spam" or "Junk" folder if you don't get answer more than 6 hours. To get this software you need write on our e-mail: [email protected] Reserve e-mail address to contact us: [email protected] Your personal ID: 0626JOsie

rsa_pubkey.plain

Signatures

Chaos Ransomware 4 IoCs

resource	yara_rule
static1/unpack001/1e8e39da21c7cf3c81528389a1e8bceac78993bfea33bfccbd0280953b5011bc.exe	family_chaos
static1/unpack001/2ebb2a34dd6633e785f67d118a8c778969e4e34d667cf554268997e13920a1c6.exe	family_chaos
static1/unpack001/7826978642c568f975e2b65d1575fdf92e634f7c80db2c86c9d7c8066e8955b8.exe	family_chaos
static1/unpack001/c6f33250cd71b939f5514170a1e7ba3d0a996a3a7bfc3156e1ae6654b55c7c01.exe	family_chaos

Chaos family
chaos

Detected Djvu ransomware 1 IoCs

resource	yara_rule
static1/unpack001/85959be4cfb50d95faaf98c2748d06e687d1def4bca27673d497c640d2a18099.exe	family_djvu

Detected Xorist Ransomware 1 IoCs

resource	yara_rule
static1/unpack001/e5f60df786e9da9850b7f01480ebffced3be396618c230fa94b5cbc846723553.exe	family_xorist

Djvu family
djvu

GandCrab payload 3 IoCs

resource	yara_rule
static1/unpack001/1e754e1c7e081ae1e7701ba45c80ca4156d41d958158384a368047f3a6921044.exe	family_gandcrab
static1/unpack001/691fdcdf828b65c056782b14d1926fad490a6ed8c7c98c5b3578949be19b4948.exe	family_gandcrab
static1/unpack001/a3ea2c531278faee7c468c005f8bb81acf6bbde82e3afa6d421d8f29d951de9c.exe	family_gandcrab

Gandcrab family
gandcrab
Lockbit family
lockbit

MedusaLocker payload 1 IoCs

resource	yara_rule
static1/unpack001/26af2222204fca27c0fdabf9eefbfdb638a8a9322b297119f85cce3c708090f0.exe	family_medusalocker

Medusalocker family
medusalocker

Royal Ransomware 1 IoCs

ransomware

resource	yara_rule
static1/unpack001/beef7e428f26c583dd92962cbe886f2e4286825a1637b7a427ce84139ab6307a.exe	family_royal

Royal family
royal

Rule to detect Lockbit 3.0 ransomware Windows payload 3 IoCs

resource	yara_rule
static1/unpack001/068ca3e92c65eb907b5a34be16580e267efbbde6f9129ca30ad80c948a1d3ffd.exe	family_lockbit
static1/unpack001/3e04fe9f427717ca17142603b46c5264fb42621048719721ffa4926c8e9bb6f1.exe	family_lockbit
static1/unpack001/4cefaa9c547f282b73828d5330a47d774fbf23e9cdafe1e4dc7507e9415ddb3e.exe	family_lockbit

Xorist family
xorist

Unsigned PE 31 IoCs

Checks for missing Authenticode signature.

resource
unpack001/068ca3e92c65eb907b5a34be16580e267efbbde6f9129ca30ad80c948a1d3ffd.exe
unpack001/13933403b4b5d79da1decbc41867c842e3577bcba8ce3859f7d9b881348ad377.exe
unpack001/1846c1db07d4f9a3a86605e38c0be5da38074b91cfafa1a72bccc693b06346e4.exe
unpack001/1de8054e71f00406e617230fc22017bfd66c78b216a57cec085ca6a5cb2f24a1.exe
unpack001/1e754e1c7e081ae1e7701ba45c80ca4156d41d958158384a368047f3a6921044.exe
unpack001/1e8e39da21c7cf3c81528389a1e8bceac78993bfea33bfccbd0280953b5011bc.exe
unpack001/26af2222204fca27c0fdabf9eefbfdb638a8a9322b297119f85cce3c708090f0.exe
unpack001/2a32c844885b05e65769a051dae825aecef887c2c60035e5a20ae42533cc1695.exe
unpack001/2ebb2a34dd6633e785f67d118a8c778969e4e34d667cf554268997e13920a1c6.exe
unpack001/2ecf1fe02d8fb099b68e4d9bceeeadbe5fc8347f5a76d52f35ed48b516963735.exe
unpack001/4cefaa9c547f282b73828d5330a47d774fbf23e9cdafe1e4dc7507e9415ddb3e.exe
unpack001/54b45f35926b12f7853e4854ae1d0a233ba1817451450d9b9fdf4e9b1412024f.exe
unpack001/691fdcdf828b65c056782b14d1926fad490a6ed8c7c98c5b3578949be19b4948.exe
unpack001/6c743c890151d0719150246382b5e0158e8abc4a29dd4b2f049ce7d313b1a330.exe
unpack001/746ac121ae024e51aa3129699cae278990cf392a661b40361d9d15b86635da94.exe
unpack001/7826978642c568f975e2b65d1575fdf92e634f7c80db2c86c9d7c8066e8955b8.exe
unpack001/85959be4cfb50d95faaf98c2748d06e687d1def4bca27673d497c640d2a18099.exe
unpack001/8843bafbb4a43a6c7a77c62a513908d1e2352ae5f58bd8bfa6d604bc795dcd12.exe
unpack001/8f11bb9536cb885bc57144392bc35e19dbc0f683d57c2c423c87a9d1c6d9d0ae.exe
unpack001/a191d7d045dcf61582f2257bded2734b4ca424b1cf66ff519763c1888ec83190.exe
unpack001/a340ef5adb00a2bf1a0735600491ca98ac8045b57db892dedc27575a53b25056.exe
unpack001/a3ea2c531278faee7c468c005f8bb81acf6bbde82e3afa6d421d8f29d951de9c.exe
unpack001/b68f76d17c4343e1a3a709c09d37a5e069ce1aec55dcb1861b2af79cc1aef47b.exe
unpack001/beef7e428f26c583dd92962cbe886f2e4286825a1637b7a427ce84139ab6307a.exe
unpack001/c5ef104253ed4c066104a184ab368630027831b627c043d63170ff8f89c6a2bb.exe
unpack001/c6f33250cd71b939f5514170a1e7ba3d0a996a3a7bfc3156e1ae6654b55c7c01.exe
unpack001/d29080809ab1fb959dbab1a1168e9b136aece03c7f91f071f7283aaa445e7eec.exe
unpack001/d7573284c29cf5f68bb64860f1be0a696c852678fac36f176fd88f555ed853f2.exe
unpack001/e5f60df786e9da9850b7f01480ebffced3be396618c230fa94b5cbc846723553.exe
unpack001/fbe45ed19fa942cc5e767acc0ef638447c4aa4b52d4900627a0a0ae71d543bee.exe
unpack001/fd7caea00d7f25ea02bb9c447410659c12ca35ebbb67c95c7296e6232a08ce93.exe

Files

Pablo_Escobar_2.rar
.rar
068ca3e92c65eb907b5a34be16580e267efbbde6f9129ca30ad80c948a1d3ffd.exe
.exe windows:5 windows x86 arch:x86

41fb8cb2943df6de998b35a9d28668e8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

gdi32

SetPixel
SetDCBrushColor
SelectPalette
GetTextColor
GetDeviceCaps
CreateSolidBrush

user32

DefWindowProcW
CreateMenu
EndDialog
GetDlgItem
GetKeyNameTextW
GetMessageW
GetWindowTextW
IsDlgButtonChecked
LoadImageW
LoadMenuW
DialogBoxParamW

kernel32

SetLastError
LoadLibraryW
GetTickCount
GetLastError
GetCommandLineW
GetCommandLineA
FreeLibrary

Sections

.text
Size: 95KB - Virtual size: 95KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 40KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
13933403b4b5d79da1decbc41867c842e3577bcba8ce3859f7d9b881348ad377.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

7???#
Size: 80KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

o4~=-5F
Size: 80KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 402KB - Virtual size: 401KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.RVA
Size: 512B - Virtual size: 219B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
1846c1db07d4f9a3a86605e38c0be5da38074b91cfafa1a72bccc693b06346e4.exe
.exe windows:6 windows x64 arch:x64

9cbefe68f395e67356e2a5d8d1b285c0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

WriteFile
WriteConsoleW
WaitForMultipleObjects
WaitForSingleObject
VirtualQuery
VirtualFree
VirtualAlloc
SwitchToThread
SuspendThread
SetWaitableTimer
SetUnhandledExceptionFilter
SetProcessPriorityBoost
SetEvent
SetErrorMode
SetConsoleCtrlHandler
ResumeThread
PostQueuedCompletionStatus
LoadLibraryA
LoadLibraryW
SetThreadContext
GetThreadContext
GetSystemInfo
GetSystemDirectoryA
GetStdHandle
GetQueuedCompletionStatusEx
GetProcessAffinityMask
GetProcAddress
GetEnvironmentStringsW
GetConsoleMode
FreeEnvironmentStringsW
ExitProcess
DuplicateHandle
CreateWaitableTimerExW
CreateThread
CreateIoCompletionPort
CreateFileA
CreateEventA
CloseHandle
AddVectoredExceptionHandler

Sections

.text
Size: 6.8MB - Virtual size: 6.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5.3MB - Virtual size: 5.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 181KB - Virtual size: 609KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 97KB - Virtual size: 96KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.symtab
Size: 512B - Virtual size: 4B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
1de8054e71f00406e617230fc22017bfd66c78b216a57cec085ca6a5cb2f24a1.exe
.exe windows:5 windows x86 arch:x86

a2302015856b1fdd662b0e13775ed544

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\crysis\Release\PDB\payload.pdb

Imports

mpr

WNetCloseEnum
WNetEnumResourceW
WNetOpenEnumW

ws2_32

connect
socket
closesocket
gethostbyname
send
recv
WSAStartup
htonl
htons
ntohl

kernel32

FindNextFileW
FindClose
MoveFileW
GetFileSizeEx
GetModuleFileNameW
GetFileAttributesW
ExitProcess
GetCommandLineW
GetComputerNameA
CreateMutexW
lstrlenA
CreateProcessW
GetCurrentProcess
SetHandleInformation
WaitForSingleObject
GetComputerNameW
GetLogicalDrives
GetModuleHandleW
GetTickCount
DeleteFileW
WideCharToMultiByte
InitializeCriticalSectionAndSpinCount
Sleep
LeaveCriticalSection
ReadFile
CreateFileW
lstrlenW
OpenMutexW
GetProcAddress
EnterCriticalSection
WaitForMultipleObjects
CreatePipe
lstrcmpiW
DeleteCriticalSection
ReleaseMutex
CloseHandle
GetVersion
CreateThread
ExpandEnvironmentStringsW
QueryPerformanceCounter
QueryPerformanceFrequency
SetFileAttributesW
GetVolumeInformationW
WriteFile
SetFilePointerEx
SetEndOfFile
FindFirstFileW
CompareStringW
GetProcessHeap
HeapReAlloc
HeapAlloc
HeapFree

advapi32

RegSetValueExW
RegCloseKey
RegOpenKeyExW
RegQueryValueExW
GetTokenInformation
OpenProcessToken

user32

SystemParametersInfoW

shell32

ShellExecuteExW

Sections

.text
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 74KB - Virtual size: 74KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
1e754e1c7e081ae1e7701ba45c80ca4156d41d958158384a368047f3a6921044.exe
.exe windows:5 windows x86 arch:x86

7848011b763d00cd02658995847dd30b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCurrentProcess
WaitForSingleObject
OpenProcess
Sleep
GetModuleFileNameW
CreateFileW
ExitThread
GetLastError
GetProcAddress
ExitProcess
GetModuleHandleA
CloseHandle
GetCurrentProcessId
GetVersionExW
LoadLibraryA
lstrlenW
TerminateThread
CreateThread
WriteConsoleW
SetFilePointerEx
VirtualProtect
IsWow64Process
SetStdHandle
GetConsoleMode
GetConsoleCP
FlushFileBuffers
GetCommandLineA
SetLastError
GetCurrentThreadId
EncodePointer
DecodePointer
GetModuleHandleExW
MultiByteToWideChar
WideCharToMultiByte
GetProcessHeap
GetStdHandle
GetFileType
DeleteCriticalSection
GetStartupInfoW
GetModuleFileNameA
WriteFile
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetEnvironmentStringsW
FreeEnvironmentStringsW
IsDebuggerPresent
IsProcessorFeaturePresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleW
EnterCriticalSection
LeaveCriticalSection
HeapFree
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
LoadLibraryExW
OutputDebugStringW
HeapAlloc
HeapReAlloc
GetStringTypeW
HeapSize
LCMapStringW

user32

SetFocus
SendMessageW
CharUpperBuffW
GetForegroundWindow
GetSystemMetrics
GetMessageW
TranslateMessage
DispatchMessageW
SetForegroundWindow
DefWindowProcW
RegisterClassExW
CreateWindowExW
DestroyWindow
ShowWindow
keybd_event
UpdateWindow
SetWindowTextW
GetWindowLongW
SetWindowLongW
SystemParametersInfoW
GetAncestor

ntdll

RtlUnwind

Sections

.text
Size: 50KB - Virtual size: 50KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 81KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
1e8e39da21c7cf3c81528389a1e8bceac78993bfea33bfccbd0280953b5011bc.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\Users\User\Desktop\5.2\Builder\CustomWindowsForm\obj\Debug\Chaos Ransomware Builder v5.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 443KB - Virtual size: 443KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 120KB - Virtual size: 119KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
26af2222204fca27c0fdabf9eefbfdb638a8a9322b297119f85cce3c708090f0.exe
.exe windows:6 windows x86 arch:x86

1a395bd10b20c116b11c2db5ee44c225

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

Process32NextW
Process32FirstW
CreateProcessW
GetTickCount
CopyFileW
GetCurrentProcess
WriteConsoleW
CreateToolhelp32Snapshot
OpenProcess
WaitForSingleObject
TerminateProcess
FindClose
FindNextVolumeW
GetVolumePathNamesForVolumeNameW
FindVolumeClose
SetVolumeMountPointW
FindFirstVolumeW
QueryDosDeviceW
GetEnvironmentVariableW
GetLogicalDrives
GetProcessHeap
MoveFileExW
SetFilePointerEx
HeapAlloc
CloseHandle
GetLastError
SetFileAttributesW
GetFileAttributesW
CreateFileW
WriteFile
HeapSize
GetConsoleMode
GetConsoleCP
FlushFileBuffers
SetStdHandle
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
GetACP
IsValidCodePage
HeapReAlloc
GetFileType
GetTimeZoneInformation
EnumSystemLocalesW
HeapFree
GetFileSizeEx
GetUserDefaultLCID
IsValidLocale
GetTimeFormatW
GetDateFormatW
GetStdHandle
ReadFile
OpenMutexW
Sleep
CreateMutexW
GetModuleFileNameW
SetEnvironmentVariableW
EncodePointer
DecodePointer
RaiseException
GetCurrentThreadId
IsProcessorFeaturePresent
QueueUserWorkItem
GetModuleHandleExW
EnterCriticalSection
LeaveCriticalSection
TryEnterCriticalSection
DeleteCriticalSection
QueryPerformanceCounter
QueryPerformanceFrequency
FormatMessageW
WideCharToMultiByte
MultiByteToWideChar
FindFirstFileExW
FindNextFileW
GetFileAttributesExW
SetLastError
InitializeCriticalSectionAndSpinCount
CreateEventW
SwitchToThread
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
GetModuleHandleW
GetProcAddress
WaitForSingleObjectEx
GetStringTypeW
CompareStringW
LCMapStringW
GetLocaleInfoW
GetCPInfo
SetEvent
ResetEvent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetStartupInfoW
GetCurrentProcessId
InitializeSListHead
LocalFree
CreateTimerQueue
SignalObjectAndWait
CreateThread
SetThreadPriority
GetThreadPriority
GetLogicalProcessorInformation
CreateTimerQueueTimer
ChangeTimerQueueTimer
DeleteTimerQueueTimer
GetNumaHighestNodeNumber
GetProcessAffinityMask
SetThreadAffinityMask
RegisterWaitForSingleObject
UnregisterWait
GetCurrentThread
GetThreadTimes
FreeLibrary
FreeLibraryAndExitThread
GetModuleHandleA
LoadLibraryExW
GetVersionExW
VirtualAlloc
VirtualProtect
VirtualFree
DuplicateHandle
ReleaseSemaphore
InterlockedPopEntrySList
InterlockedPushEntrySList
InterlockedFlushSList
QueryDepthSList
UnregisterWaitEx
LoadLibraryW
RtlUnwind
ExitProcess

advapi32

CryptExportKey
RegCreateKeyW
RegOpenKeyExW
RegSetValueExW
RegCloseKey
CryptReleaseContext
CryptGenKey
CryptImportKey
OpenProcessToken
GetTokenInformation
CloseServiceHandle
OpenSCManagerW
DeleteService
ControlService
EnumDependentServicesW
OpenServiceW
QueryServiceStatusEx
CryptDestroyKey
CryptAcquireContextW
CryptEncrypt
CryptDuplicateKey
RegDeleteValueW

shell32

SHEmptyRecycleBinW

ole32

CLSIDFromString
IIDFromString
CoInitializeEx
CoGetObject
CoInitialize
CoUninitialize
CoCreateInstance
CoInitializeSecurity

oleaut32

SysAllocStringByteLen
VariantClear
SysAllocString
SysStringByteLen
VariantInit
SysFreeString

crypt32

CryptStringToBinaryA

mpr

WNetGetConnectionW

netapi32

NetApiBufferFree
NetShareEnum

iphlpapi

IcmpSendEcho
IcmpCloseHandle
GetAdaptersInfo
IcmpCreateFile

ws2_32

inet_addr

rstrtmgr

RmShutdown
RmRegisterResources
RmStartSession
RmGetList
RmEndSession

Sections

.text
Size: 459KB - Virtual size: 458KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 171KB - Virtual size: 171KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
2a32c844885b05e65769a051dae825aecef887c2c60035e5a20ae42533cc1695.exe
.exe windows:5 windows x86 arch:x86

216df81b1ef7bc2aa8ec52bbeef137c9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

PathAppendW

activeds

ord9
ord15

kernel32

CreateProcessW
GetSystemTime
lstrlenW
LocalFree

advapi32

CheckTokenMembership
CreateWellKnownSid

ole32

CoCreateInstance
CoSetProxyBlanket

Sections

.text
Size: 896KB - Virtual size: 895KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 62KB - Virtual size: 96KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 470B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
2ebb2a34dd6633e785f67d118a8c778969e4e34d667cf554268997e13920a1c6.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 224KB - Virtual size: 223KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
2ecf1fe02d8fb099b68e4d9bceeeadbe5fc8347f5a76d52f35ed48b516963735.exe
.exe windows:5 windows x86 arch:x86

216df81b1ef7bc2aa8ec52bbeef137c9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

PathAppendW

activeds

ord9
ord15

kernel32

CreateProcessW
GetSystemTime
lstrlenW
LocalFree

advapi32

CheckTokenMembership
CreateWellKnownSid

ole32

CoCreateInstance
CoSetProxyBlanket

Sections

.text
Size: 896KB - Virtual size: 895KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 62KB - Virtual size: 96KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 470B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
3e04fe9f427717ca17142603b46c5264fb42621048719721ffa4926c8e9bb6f1.exe
.exe windows:5 windows x86 arch:x86

41fb8cb2943df6de998b35a9d28668e8

Code Sign

1b:a2:bc:c2:aa:d5:22:88:4a:38:b8:00:26:fe:a4:97
Certificate

Issuer

CN=Microsoft

Not Before

31/12/2022, 14:20

Not After

31/12/2039, 23:59

Subject

CN=Microsoft

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

90:39:7f:9a:d2:4a:3a:13:f2:bd:91:5f:08:38:a9:43
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

11/05/2022, 00:00

Not After

10/08/2033, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #3,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

e5:50:98:ae:0a:2e:1d:20:99:30:da:4a:2d:53:bf:3a:86:be:e7:5f
Signer

Actual PE Digest

e5:50:98:ae:0a:2e:1d:20:99:30:da:4a:2d:53:bf:3a:86:be:e7:5f

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

gdi32

SetPixel
SetDCBrushColor
SelectPalette
GetTextColor
GetDeviceCaps
CreateSolidBrush

user32

DefWindowProcW
CreateMenu
EndDialog
GetDlgItem
GetKeyNameTextW
GetMessageW
GetWindowTextW
IsDlgButtonChecked
LoadImageW
LoadMenuW
DialogBoxParamW

kernel32

SetLastError
LoadLibraryW
GetTickCount
GetLastError
GetCommandLineW
GetCommandLineA
FreeLibrary

Sections

.text
Size: 95KB - Virtual size: 95KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 40KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
4cefaa9c547f282b73828d5330a47d774fbf23e9cdafe1e4dc7507e9415ddb3e.exe
.exe windows:5 windows x86 arch:x86

41fb8cb2943df6de998b35a9d28668e8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

gdi32

SetPixel
SetDCBrushColor
SelectPalette
GetTextColor
GetDeviceCaps
CreateSolidBrush

user32

DefWindowProcW
CreateMenu
EndDialog
GetDlgItem
GetKeyNameTextW
GetMessageW
GetWindowTextW
IsDlgButtonChecked
LoadImageW
LoadMenuW
DialogBoxParamW

kernel32

SetLastError
LoadLibraryW
GetTickCount
GetLastError
GetCommandLineW
GetCommandLineA
FreeLibrary

Sections

.text
Size: 95KB - Virtual size: 95KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 40KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
54b45f35926b12f7853e4854ae1d0a233ba1817451450d9b9fdf4e9b1412024f.exe
.exe windows:5 windows x86 arch:x86

216df81b1ef7bc2aa8ec52bbeef137c9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

PathAppendW

activeds

ord9
ord15

kernel32

CreateProcessW
GetSystemTime
lstrlenW
LocalFree

advapi32

CheckTokenMembership
CreateWellKnownSid

ole32

CoCreateInstance
CoSetProxyBlanket

Sections

.text
Size: 896KB - Virtual size: 895KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 62KB - Virtual size: 96KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 470B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
691fdcdf828b65c056782b14d1926fad490a6ed8c7c98c5b3578949be19b4948.exe
.exe windows:5 windows x86 arch:x86

7848011b763d00cd02658995847dd30b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCurrentProcess
WaitForSingleObject
OpenProcess
Sleep
GetModuleFileNameW
CreateFileW
ExitThread
GetLastError
GetProcAddress
ExitProcess
GetModuleHandleA
CloseHandle
GetCurrentProcessId
GetVersionExW
LoadLibraryA
lstrlenW
TerminateThread
CreateThread
WriteConsoleW
SetFilePointerEx
VirtualProtect
IsWow64Process
SetStdHandle
GetConsoleMode
GetConsoleCP
FlushFileBuffers
GetCommandLineA
SetLastError
GetCurrentThreadId
EncodePointer
DecodePointer
GetModuleHandleExW
MultiByteToWideChar
WideCharToMultiByte
GetProcessHeap
GetStdHandle
GetFileType
DeleteCriticalSection
GetStartupInfoW
GetModuleFileNameA
WriteFile
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetEnvironmentStringsW
FreeEnvironmentStringsW
IsDebuggerPresent
IsProcessorFeaturePresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleW
EnterCriticalSection
LeaveCriticalSection
HeapFree
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
LoadLibraryExW
OutputDebugStringW
HeapAlloc
HeapReAlloc
GetStringTypeW
HeapSize
LCMapStringW

user32

SetFocus
SendMessageW
CharUpperBuffW
GetForegroundWindow
GetSystemMetrics
GetMessageW
TranslateMessage
DispatchMessageW
SetForegroundWindow
DefWindowProcW
RegisterClassExW
CreateWindowExW
DestroyWindow
ShowWindow
keybd_event
UpdateWindow
SetWindowTextW
GetWindowLongW
SetWindowLongW
SystemParametersInfoW
GetAncestor

ntdll

RtlUnwind

Sections

.text
Size: 50KB - Virtual size: 50KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 81KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
6c743c890151d0719150246382b5e0158e8abc4a29dd4b2f049ce7d313b1a330.exe
.exe windows:5 windows x86 arch:x86

d59243e057545e233bed18dcd0f74e50

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetLocaleInfoA
OpenProcess
PostQueuedCompletionStatus
CreateToolhelp32Snapshot
MultiByteToWideChar
Sleep
GetLastError
Process32NextW
CreateFileA
GetDiskFreeSpaceExW
GetCurrentThread
TerminateThread
LoadLibraryA
lstrcatW
CloseHandle
GetNativeSystemInfo
GetSystemInfo
CreateThread
GetWindowsDirectoryA
GetWindowsDirectoryW
GetProcAddress
SetFilePointerEx
LocalFree
DeleteCriticalSection
ExitProcess
GetCurrentProcessId
GetModuleHandleW
CopyFileW
WideCharToMultiByte
lstrcpyW
SleepEx
GetDiskFreeSpaceExA
lstrcmpiW
CreateIoCompletionPort
GetTickCount
lstrcmpW
MoveFileW
GetModuleHandleA
GetFileTime
GetComputerNameA
QueryDosDeviceW
FindFirstVolumeW
DuplicateHandle
CreateEventW
SetEvent
FindVolumeClose
GetVolumePathNamesForVolumeNameW
GetFileType
FindNextVolumeW
WriteConsoleW
SetEndOfFile
ReadConsoleW
HeapSize
GetConsoleMode
GetConsoleCP
FlushFileBuffers
GetCurrentThreadId
CreateFileW
WaitForSingleObject
FindClose
lstrlenA
GetQueuedCompletionStatus
SetErrorMode
InitializeCriticalSection
LeaveCriticalSection
WaitForMultipleObjects
GetModuleFileNameW
GetUserDefaultLangID
TerminateProcess
WriteFile
lstrlenW
GetCurrentProcess
FindNextFileW
GetCommandLineW
EnterCriticalSection
FindFirstFileExW
GetFileSizeEx
GetLogicalDrives
GetVolumeInformationW
ReadFile
GetStringTypeW
SetStdHandle
GetProcessHeap
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
LCMapStringW
QueryPerformanceCounter
GetDriveTypeW
HeapAlloc
HeapFree
HeapReAlloc
GetStdHandle
GetModuleHandleExW
LoadLibraryExW
FreeLibrary
TlsFree
TlsSetValue
TlsGetValue
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
InitializeCriticalSectionAndSpinCount
ResetEvent
WaitForSingleObjectEx
IsDebuggerPresent
GetStartupInfoW
GetSystemTimeAsFileTime
InitializeSListHead
RtlUnwind
RaiseException
SetLastError
EncodePointer
TlsAlloc
DecodePointer

user32

RegisterClassW
GetCursorPos
CreateWindowExW
DefWindowProcW
ShutdownBlockReasonCreate

advapi32

CryptGenRandom
OpenThreadToken
LookupPrivilegeValueW
AdjustTokenPrivileges
CreateServiceW
RegCloseKey
CryptAcquireContextW
CloseServiceHandle
RegQueryValueExA
OpenSCManagerW
AllocateAndInitializeSid
SetEntriesInAclW
SetNamedSecurityInfoW
RegSetValueExW
OpenProcessToken
FreeSid
StartServiceW
RegOpenKeyExA
RegOpenKeyExW
CryptReleaseContext

shell32

CommandLineToArgvW
ShellExecuteW
ShellExecuteA

netapi32

NetShareEnum
NetApiBufferFree

shlwapi

wnsprintfA
StrCmpNIW
StrCmpNW
StrDupW
StrStrIW
UrlUnescapeA
UrlEscapeA
SHDeleteKeyW
wnsprintfW

iphlpapi

GetIpNetTable

ws2_32

inet_ntoa

wininet

InternetQueryDataAvailable
InternetCloseHandle
InternetConnectW
InternetSetOptionW
InternetCrackUrlW
InternetOpenW
InternetQueryOptionW
HttpOpenRequestW
InternetReadFile
HttpSendRequestW

Sections

.text
Size: 92KB - Virtual size: 92KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 37KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
746ac121ae024e51aa3129699cae278990cf392a661b40361d9d15b86635da94.exe
.exe windows:5 windows x86 arch:x86

52acd2ce9ef75b1d800d1f9954cd3c9e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CloseHandle
GetLocalTime
DecodePointer
EncodePointer
WriteConsoleW
SetFilePointerEx
GetConsoleMode
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
RaiseException
GetLastError
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
RtlUnwind
ExitProcess
GetModuleHandleExW
GetModuleFileNameA
MultiByteToWideChar
WideCharToMultiByte
GetStdHandle
WriteFile
GetACP
HeapFree
HeapAlloc
LCMapStringW
FindClose
FindFirstFileExA
FindNextFileA
IsValidCodePage
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetProcessHeap
GetFileType
SetStdHandle
GetStringTypeW
HeapSize
HeapReAlloc
FlushFileBuffers
GetConsoleCP
CreateFileW

user32

wsprintfW

ws2_32

WSAGetLastError
htons

Sections

.text
Size: 171KB - Virtual size: 171KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 284B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
7826978642c568f975e2b65d1575fdf92e634f7c80db2c86c9d7c8066e8955b8.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 270KB - Virtual size: 269KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
85959be4cfb50d95faaf98c2748d06e687d1def4bca27673d497c640d2a18099.exe
.exe windows:5 windows x86 arch:x86

0c756c849bc7b459f78f7a5ce46cd4a7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\Doc\My work (C++)\_Git\Encryption\Release\encrypt_win_api.pdb

Imports

rpcrt4

RpcStringFreeW
UuidCreate
UuidToStringW
RpcStringFreeA
UuidToStringA

mpr

WNetOpenEnumW
WNetEnumResourceW
WNetCloseEnum

wininet

InternetCloseHandle
InternetReadFile
InternetOpenUrlW
InternetOpenW
HttpQueryInfoW
InternetOpenA
InternetOpenUrlA

winmm

timeGetTime

shlwapi

PathAppendA
PathFindFileNameW
PathRemoveFileSpecW
PathFileExistsA
PathFileExistsW
PathAppendW
PathFindExtensionW

kernel32

VirtualFree
WriteFile
GetDriveTypeA
OpenProcess
GlobalAlloc
GetSystemDirectoryW
WideCharToMultiByte
LoadLibraryW
Sleep
CopyFileW
FormatMessageW
lstrcpynW
CreateProcessA
TerminateProcess
ReadFile
CreateFileW
lstrcatA
GetEnvironmentVariableA
lstrcmpW
MultiByteToWideChar
lstrlenW
FlushFileBuffers
GetShortPathNameA
GetFileSizeEx
GetLastError
SetLastError
GetProcAddress
VirtualAlloc
MoveFileW
FindClose
Process32FirstW
LocalAlloc
CreateEventW
GetModuleFileNameA
Process32NextW
lstrcatW
CreateMutexA
FindNextFileW
CreateToolhelp32Snapshot
SetEnvironmentVariableA
DeleteFileW
LocalFree
lstrcpyW
DeleteFileA
lstrcpyA
SetPriorityClass
GetCurrentProcess
GetComputerNameW
GetLogicalDrives
GetModuleFileNameW
SetStdHandle
GetVersion
CreateDirectoryA
CreateThread
CompareStringW
GetTimeFormatW
GetDateFormatW
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
CreateSemaphoreW
GetModuleHandleW
GetTickCount
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetModuleHandleA
GetVersionExA
GlobalMemoryStatus
LoadLibraryA
FlushConsoleInputBuffer
WaitForSingleObject
CreateDirectoryW
SetFilePointerEx
CreateProcessW
FreeLibrary
SetErrorMode
lstrlenA
SetFilePointer
FindFirstFileW
SetConsoleMode
CreateFileA
GetCommandLineW
GetNumberOfConsoleInputEvents
PeekConsoleInputA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCurrentProcessId
QueryPerformanceCounter
GetTimeZoneInformation
RaiseException
GetStringTypeW
GetConsoleCP
ReadConsoleW
GetConsoleMode
HeapSize
LoadLibraryExW
OutputDebugStringW
SetConsoleCtrlHandler
RtlUnwind
FatalAppExitA
GetStartupInfoW
GetExitCodeProcess
LCMapStringW
DeleteCriticalSection
AreFileApisANSI
ExitProcess
GetProcessHeap
HeapReAlloc
GlobalFree
SetEndOfFile
ReadConsoleInputA
CloseHandle
HeapFree
HeapAlloc
EnterCriticalSection
LeaveCriticalSection
GetStdHandle
GetFileType
GetModuleHandleExW
WriteConsoleW
EncodePointer
DecodePointer
GetSystemTimeAsFileTime
IsDebuggerPresent
IsProcessorFeaturePresent
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCurrentThread
GetCurrentThreadId

user32

PeekMessageW
PostThreadMessageW
DefWindowProcW
DispatchMessageW
UpdateWindow
CreateWindowExW
LoadCursorW
IsWindow
ShowWindow
RegisterClassExW
PostQuitMessage
GetMessageW
DestroyWindow
SendMessageW
GetProcessWindowStation
GetUserObjectInformationW
MessageBoxA
GetDesktopWindow
MessageBoxW
TranslateMessage

advapi32

RegCloseKey
CloseServiceHandle
GetUserNameW
ReportEventA
RegisterEventSourceA
DeregisterEventSource
CryptHashData
RegSetValueExW
CryptDestroyHash
ControlService
RegOpenKeyExW
CryptCreateHash
CryptEncrypt
CryptImportKey
QueryServiceStatus
RegQueryValueExW
CryptReleaseContext
OpenServiceW
OpenSCManagerW
CryptAcquireContextW
CryptGetHashParam

shell32

SHGetPathFromIDListW
SHGetSpecialFolderLocation
ShellExecuteA
ShellExecuteExW
CommandLineToArgvW
SHGetFolderPathA

ole32

CoInitialize
CoInitializeSecurity
CoUninitialize
CoCreateInstance

oleaut32

SysFreeString
VariantInit
VariantClear
GetErrorInfo
CreateErrorInfo
SetErrorInfo
VariantChangeType
SysAllocString

iphlpapi

GetAdaptersInfo

ws2_32

inet_ntoa
inet_addr
gethostbyname

dnsapi

DnsFree
DnsQuery_W

crypt32

CryptStringToBinaryA

gdi32

DeleteObject
GetObjectA
SelectObject
GetDeviceCaps
GetBitmapBits
BitBlt
DeleteDC
CreateDCA
CreateCompatibleDC
CreateCompatibleBitmap

Sections

.text
Size: 809KB - Virtual size: 809KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 247KB - Virtual size: 246KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 25KB - Virtual size: 128KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 41KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
8843bafbb4a43a6c7a77c62a513908d1e2352ae5f58bd8bfa6d604bc795dcd12.exe
.exe windows:4 windows x64 arch:x64

7c4ef15b75d09eb970ab96fa0abfa509

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

CloseHandle
CopyFileW
CreateFileW
CreateIoCompletionPort
CreateThread
DeleteCriticalSection
EnterCriticalSection
ExitProcess
FindClose
FindFirstFileW
FindFirstVolumeW
FindNextFileW
FindNextVolumeW
FindVolumeClose
GetCommandLineW
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetDriveTypeW
GetEnvironmentVariableW
GetFileSizeEx
GetLastError
GetLogicalDrives
GetModuleFileNameW
GetProcessHeap
GetQueuedCompletionStatus
GetStartupInfoA
GetSystemInfo
GetSystemTimeAsFileTime
GetTickCount
GetVolumePathNamesForVolumeNameW
HeapAlloc
HeapFree
HeapReAlloc
InitializeCriticalSection
LeaveCriticalSection
LocalAlloc
LocalFree
MoveFileExW
MoveFileW
MulDiv
PostQueuedCompletionStatus
QueryDosDeviceW
QueryPerformanceCounter
QueryPerformanceFrequency
ReadFile
RtlAddFunctionTable
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
SetEndOfFile
SetFileAttributesW
SetFilePointer
SetFilePointerEx
SetPriorityClass
SetThreadPriority
SetUnhandledExceptionFilter
SetVolumeMountPointW
Sleep
TerminateProcess
TlsGetValue
UnhandledExceptionFilter
VirtualAlloc
VirtualFree
VirtualProtect
VirtualQuery
WaitForMultipleObjects
WriteFile
lstrcatW
lstrcmpiW
lstrcpyW
lstrlenA
lstrlenW

msvcrt

__C_specific_handler
__getmainargs
__initenv
__iob_func
__lconv_init
__set_app_type
__setusermatherr
_acmdln
_amsg_exit
_cexit
_exit
_fmode
_initterm
_onexit
_snwprintf
abort
bsearch
calloc
exit
fprintf
free
fwprintf
fwrite
malloc
mbstowcs
memcpy
memmove
memset
printf
qsort
raise
realloc
signal
sprintf
strcpy
strlen
strncmp
vfprintf
wcscpy

shell32

CommandLineToArgvW
SHChangeNotify
ShellExecuteExW

user32

DrawTextW
GetDC
GetSystemMetrics
MessageBoxW
ReleaseDC
SystemParametersInfoW

advapi32

CryptAcquireContextA
CryptGenRandom
CryptReleaseContext
RegCloseKey
RegCreateKeyExW
RegSetKeyValueW
SystemFunction036

gdi32

CreateCompatibleDC
CreateDIBitmap
CreateFontIndirectW
DeleteDC
DeleteObject
GetDIBits
GetDeviceCaps
SelectObject
SetBkColor
SetBkMode
SetTextColor

ole32

CoCreateInstance
CoInitializeEx

rstrtmgr

RmEndSession
RmGetList
RmRegisterResources
RmShutdown
RmStartSession

shlwapi

PathFindExtensionW

ws2_32

htons
ntohs

Sections

.text
Size: 94KB - Virtual size: 93KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 15KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 104B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
8f11bb9536cb885bc57144392bc35e19dbc0f683d57c2c423c87a9d1c6d9d0ae.exe
.exe windows:5 windows x86 arch:x86

52acd2ce9ef75b1d800d1f9954cd3c9e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CloseHandle
GetLocalTime
DecodePointer
EncodePointer
WriteConsoleW
SetFilePointerEx
GetConsoleMode
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
RaiseException
GetLastError
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
RtlUnwind
ExitProcess
GetModuleHandleExW
GetModuleFileNameA
MultiByteToWideChar
WideCharToMultiByte
GetStdHandle
WriteFile
GetACP
HeapFree
HeapAlloc
LCMapStringW
FindClose
FindFirstFileExA
FindNextFileA
IsValidCodePage
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetProcessHeap
GetFileType
SetStdHandle
GetStringTypeW
HeapSize
HeapReAlloc
FlushFileBuffers
GetConsoleCP
CreateFileW

user32

wsprintfW

ws2_32

WSAGetLastError
htons

Sections

.text
Size: 170KB - Virtual size: 170KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 284B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
a191d7d045dcf61582f2257bded2734b4ca424b1cf66ff519763c1888ec83190.exe
.exe windows:5 windows

f86dec4a80961955a89e7ed62046cc0e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\crysis\Release\PDB\payload.pdb

Imports

kernel32

GetProcAddress
LoadLibraryA
WaitForSingleObject
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
GetLastError
EnterCriticalSection
ReleaseMutex
CloseHandle

Sections

.text
Size: 39KB - Virtual size: 39KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 42KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
a340ef5adb00a2bf1a0735600491ca98ac8045b57db892dedc27575a53b25056.exe
.exe windows:5 windows x86 arch:x86

0d4c72eca79518082f6b2512e1810693

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetLocaleInfoA
OpenProcess
PostQueuedCompletionStatus
CreateToolhelp32Snapshot
MultiByteToWideChar
Sleep
GetLastError
Process32NextW
CreateFileA
GetDiskFreeSpaceExW
GetCurrentThread
TerminateThread
LoadLibraryA
lstrcatW
CloseHandle
GetNativeSystemInfo
GetSystemInfo
CreateThread
GetWindowsDirectoryA
GetWindowsDirectoryW
GetProcAddress
SetFilePointerEx
LocalFree
DeleteCriticalSection
ExitProcess
GetCurrentProcessId
GetModuleHandleW
CopyFileW
WideCharToMultiByte
lstrcpyW
SleepEx
GetDiskFreeSpaceExA
lstrcmpiW
CreateIoCompletionPort
GetTickCount
lstrcmpW
GetModuleHandleA
GetDriveTypeW
GetFileTime
GetComputerNameA
QueryDosDeviceW
FindFirstVolumeW
DuplicateHandle
CreateEventW
SetEvent
FindVolumeClose
GetVolumePathNamesForVolumeNameW
GetFileType
FindNextVolumeW
WriteConsoleW
SetEndOfFile
ReadConsoleW
HeapSize
GetConsoleMode
GetConsoleCP
GetCurrentThreadId
CreateFileW
WaitForSingleObject
FindClose
lstrlenA
GetQueuedCompletionStatus
SetErrorMode
InitializeCriticalSection
LeaveCriticalSection
WaitForMultipleObjects
GetModuleFileNameW
GetUserDefaultLangID
TerminateProcess
WriteFile
GetCurrentProcess
lstrlenW
FindNextFileW
GetCommandLineW
EnterCriticalSection
FindFirstFileExW
GetFileSizeEx
GetLogicalDrives
GetVolumeInformationW
ReadFile
FlushFileBuffers
GetStringTypeW
SetStdHandle
GetProcessHeap
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
QueryPerformanceCounter
MoveFileW
LCMapStringW
HeapAlloc
HeapFree
HeapReAlloc
GetStdHandle
GetModuleHandleExW
LoadLibraryExW
FreeLibrary
TlsFree
TlsSetValue
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
InitializeCriticalSectionAndSpinCount
ResetEvent
WaitForSingleObjectEx
IsDebuggerPresent
GetStartupInfoW
GetSystemTimeAsFileTime
InitializeSListHead
RtlUnwind
RaiseException
SetLastError
EncodePointer
TlsAlloc
TlsGetValue
DecodePointer

user32

CreateWindowExW
GetCursorPos
DefWindowProcW
RegisterClassW

advapi32

RegQueryValueExA
OpenThreadToken
LookupPrivilegeValueW
AdjustTokenPrivileges
CreateServiceW
RegCloseKey
CryptAcquireContextW
CloseServiceHandle
CryptGenRandom
OpenSCManagerW
AllocateAndInitializeSid
SetEntriesInAclW
SetNamedSecurityInfoW
RegSetValueExW
OpenProcessToken
FreeSid
StartServiceW
RegOpenKeyExA
RegOpenKeyExW
CryptReleaseContext

shell32

CommandLineToArgvW
ShellExecuteW
ShellExecuteA

netapi32

NetShareEnum
NetApiBufferFree

shlwapi

wnsprintfA
StrCmpNIW
StrCmpNW
StrDupW
StrStrIW
UrlUnescapeA
UrlEscapeA
SHDeleteKeyW
wnsprintfW

iphlpapi

GetIpNetTable

ws2_32

inet_ntoa

wininet

InternetCrackUrlW
InternetQueryOptionW
InternetCloseHandle
InternetConnectW
InternetSetOptionW
InternetOpenW
InternetQueryDataAvailable
HttpOpenRequestW
InternetReadFile
HttpSendRequestW

Sections

.text
Size: 92KB - Virtual size: 92KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 37KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
a3ea2c531278faee7c468c005f8bb81acf6bbde82e3afa6d421d8f29d951de9c.exe
.exe windows:5 windows x86 arch:x86

7848011b763d00cd02658995847dd30b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCurrentProcess
WaitForSingleObject
OpenProcess
Sleep
GetModuleFileNameW
CreateFileW
ExitThread
GetLastError
GetProcAddress
ExitProcess
GetModuleHandleA
CloseHandle
GetCurrentProcessId
GetVersionExW
LoadLibraryA
lstrlenW
TerminateThread
CreateThread
WriteConsoleW
SetFilePointerEx
VirtualProtect
IsWow64Process
SetStdHandle
GetConsoleMode
GetConsoleCP
FlushFileBuffers
GetCommandLineA
SetLastError
GetCurrentThreadId
EncodePointer
DecodePointer
GetModuleHandleExW
MultiByteToWideChar
WideCharToMultiByte
GetProcessHeap
GetStdHandle
GetFileType
DeleteCriticalSection
GetStartupInfoW
GetModuleFileNameA
WriteFile
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetEnvironmentStringsW
FreeEnvironmentStringsW
IsDebuggerPresent
IsProcessorFeaturePresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleW
EnterCriticalSection
LeaveCriticalSection
HeapFree
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
LoadLibraryExW
OutputDebugStringW
HeapAlloc
HeapReAlloc
GetStringTypeW
HeapSize
LCMapStringW

user32

SetFocus
SendMessageW
CharUpperBuffW
GetForegroundWindow
GetSystemMetrics
GetMessageW
TranslateMessage
DispatchMessageW
SetForegroundWindow
DefWindowProcW
RegisterClassExW
CreateWindowExW
DestroyWindow
ShowWindow
keybd_event
UpdateWindow
SetWindowTextW
GetWindowLongW
SetWindowLongW
SystemParametersInfoW
GetAncestor

ntdll

RtlUnwind

Sections

.text
Size: 50KB - Virtual size: 50KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 81KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
b68f76d17c4343e1a3a709c09d37a5e069ce1aec55dcb1861b2af79cc1aef47b.exe
.exe windows:5 windows x86 arch:x86

52acd2ce9ef75b1d800d1f9954cd3c9e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CloseHandle
GetLocalTime
DecodePointer
EncodePointer
WriteConsoleW
SetFilePointerEx
GetConsoleMode
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
RaiseException
GetLastError
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
RtlUnwind
ExitProcess
GetModuleHandleExW
GetModuleFileNameA
MultiByteToWideChar
WideCharToMultiByte
GetStdHandle
WriteFile
GetACP
HeapFree
HeapAlloc
LCMapStringW
FindClose
FindFirstFileExA
FindNextFileA
IsValidCodePage
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetProcessHeap
GetFileType
SetStdHandle
GetStringTypeW
HeapSize
HeapReAlloc
FlushFileBuffers
GetConsoleCP
CreateFileW

user32

wsprintfW

ws2_32

WSAGetLastError
htons

Sections

.text
Size: 172KB - Virtual size: 171KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 284B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
beef7e428f26c583dd92962cbe886f2e4286825a1637b7a427ce84139ab6307a.exe
.exe windows:6 windows x86 arch:x86

b6698f73aa8eb2b95b67acb6e8329fa7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

StrStrIW

ws2_32

WSAStartup
shutdown
setsockopt
connect
send
recv
WSASetLastError
getservbyname
getservbyport
gethostbyaddr
inet_ntoa
inet_addr
WSAGetLastError
WSACleanup
gethostbyname
select
ntohs
getsockopt
ioctlsocket
bind
WSAIoctl
closesocket
ntohl
WSASocketW
socket
WSAAddressToStringW
htonl
htons

crypt32

CertOpenStore
CertCloseStore
CertGetCertificateContextProperty
CertFreeCertificateContext
CertDuplicateCertificateContext
CertFindCertificateInStore
CertEnumCertificatesInStore

advapi32

CryptGetProvParam
CryptReleaseContext
ReportEventW
RegisterEventSourceW
DeregisterEventSource
CryptEnumProvidersW
CryptSignHashW
CryptDestroyHash
CryptCreateHash
CryptDecrypt
CryptExportKey
CryptGetUserKey
CryptDestroyKey
CryptSetHashParam
CryptAcquireContextW

user32

MessageBoxW
GetUserObjectInformationW
GetProcessWindowStation
wsprintfW

shell32

CommandLineToArgvW

iphlpapi

GetIpAddrTable

netapi32

NetApiBufferFree
NetShareEnum

rstrtmgr

RmShutdown
RmEndSession
RmStartSession
RmGetList
RmRegisterResources

bcrypt

BCryptGenRandom

kernel32

CompareStringW
HeapAlloc
HeapFree
GetModuleFileNameW
LCMapStringW
HeapReAlloc
GetConsoleOutputCP
SetStdHandle
GetCurrentDirectoryW
GetFullPathNameW
FindFirstFileExW
IsValidCodePage
GetOEMCP
GetCPInfo
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
GetStringTypeW
GetProcessHeap
GetTimeZoneInformation
HeapSize
WriteConsoleW
GetModuleHandleExW
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
PeekNamedPipe
GetFileInformationByHandle
GetDriveTypeW
LoadLibraryExW
SetConsoleCtrlHandler
ReadFile
InitializeCriticalSectionAndSpinCount
EncodePointer
RaiseException
RtlUnwind
GetStartupInfoW
IsDebuggerPresent
InitializeSListHead
IsProcessorFeaturePresent
TerminateProcess
GetLogicalDrives
FindFirstFileW
EnterCriticalSection
FindNextFileW
WriteFile
LeaveCriticalSection
FindClose
CreateFileW
ExitThread
Sleep
CloseHandle
CreateThread
lstrcmpiW
GetCommandLineW
lstrlenW
WaitForMultipleObjects
InitializeCriticalSection
InitializeConditionVariable
lstrlenA
WaitForSingleObject
DeleteCriticalSection
ExitProcess
CreateProcessW
WideCharToMultiByte
lstrcmpW
CancelIo
GetQueuedCompletionStatus
CreateIoCompletionPort
SleepConditionVariableCS
DecodePointer
GetFileSizeEx
GetCurrentProcess
WakeAllConditionVariable
GetProcessId
SetEndOfFile
CreateToolhelp32Snapshot
GetLastError
Process32NextW
Process32FirstW
GetNativeSystemInfo
SetFilePointerEx
MoveFileExW
FlushFileBuffers
SetLastError
InitializeSRWLock
ReleaseSRWLockExclusive
ReleaseSRWLockShared
AcquireSRWLockExclusive
AcquireSRWLockShared
GetCurrentThreadId
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemDirectoryA
FreeLibrary
GetProcAddress
LoadLibraryA
FormatMessageA
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
VirtualFree
GetEnvironmentVariableW
MultiByteToWideChar
GetACP
GetStdHandle
GetFileType
GetModuleHandleW
GetConsoleMode
SetConsoleMode
ReadConsoleA
ReadConsoleW
UnhandledExceptionFilter
SetUnhandledExceptionFilter

Sections

.text
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 499KB - Virtual size: 498KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 78KB - Virtual size: 78KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
c5ef104253ed4c066104a184ab368630027831b627c043d63170ff8f89c6a2bb.exe
.exe windows:5 windows x86 arch:x86

52acd2ce9ef75b1d800d1f9954cd3c9e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CloseHandle
GetLocalTime
DecodePointer
EncodePointer
WriteConsoleW
SetFilePointerEx
GetConsoleMode
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
RaiseException
GetLastError
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
RtlUnwind
ExitProcess
GetModuleHandleExW
GetModuleFileNameA
MultiByteToWideChar
WideCharToMultiByte
GetStdHandle
WriteFile
GetACP
HeapFree
HeapAlloc
LCMapStringW
FindClose
FindFirstFileExA
FindNextFileA
IsValidCodePage
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetProcessHeap
GetFileType
SetStdHandle
GetStringTypeW
HeapSize
HeapReAlloc
FlushFileBuffers
GetConsoleCP
CreateFileW

user32

wsprintfW

ws2_32

WSAGetLastError
htons

Sections

.text
Size: 170KB - Virtual size: 170KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 284B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
c6f33250cd71b939f5514170a1e7ba3d0a996a3a7bfc3156e1ae6654b55c7c01.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 392KB - Virtual size: 392KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
d29080809ab1fb959dbab1a1168e9b136aece03c7f91f071f7283aaa445e7eec.exe
.exe windows:5 windows x86 arch:x86

52acd2ce9ef75b1d800d1f9954cd3c9e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CloseHandle
GetLocalTime
DecodePointer
EncodePointer
WriteConsoleW
SetFilePointerEx
GetConsoleMode
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
RaiseException
GetLastError
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
RtlUnwind
ExitProcess
GetModuleHandleExW
GetModuleFileNameA
MultiByteToWideChar
WideCharToMultiByte
GetStdHandle
WriteFile
GetACP
HeapFree
HeapAlloc
LCMapStringW
FindClose
FindFirstFileExA
FindNextFileA
IsValidCodePage
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetProcessHeap
GetFileType
SetStdHandle
GetStringTypeW
HeapSize
HeapReAlloc
FlushFileBuffers
GetConsoleCP
CreateFileW

user32

wsprintfW

ws2_32

WSAGetLastError
htons

Sections

.text
Size: 172KB - Virtual size: 171KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 284B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
d7573284c29cf5f68bb64860f1be0a696c852678fac36f176fd88f555ed853f2.exe
.exe windows:5 windows x86 arch:x86

52acd2ce9ef75b1d800d1f9954cd3c9e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CloseHandle
GetLocalTime
DecodePointer
EncodePointer
WriteConsoleW
SetFilePointerEx
GetConsoleMode
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
RaiseException
GetLastError
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
RtlUnwind
ExitProcess
GetModuleHandleExW
GetModuleFileNameA
MultiByteToWideChar
WideCharToMultiByte
GetStdHandle
WriteFile
GetACP
HeapFree
HeapAlloc
LCMapStringW
FindClose
FindFirstFileExA
FindNextFileA
IsValidCodePage
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetProcessHeap
GetFileType
SetStdHandle
GetStringTypeW
HeapSize
HeapReAlloc
FlushFileBuffers
GetConsoleCP
CreateFileW

user32

wsprintfW

ws2_32

WSAGetLastError
htons

Sections

.text
Size: 170KB - Virtual size: 170KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 284B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
e5f60df786e9da9850b7f01480ebffced3be396618c230fa94b5cbc846723553.exe
.exe windows:4 windows x86 arch:x86

0d5a4c77fb840a628560e02b85835ba4

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

RegisterClassExA
PeekMessageA
SendMessageA
LoadCursorA
GetSystemMetrics
GetMessageA
GetDlgItemTextA
EndPaint
SystemParametersInfoA
TranslateMessage
UpdateWindow
MessageBoxA
DispatchMessageA
DefWindowProcA
CreateWindowExA
BeginPaint

kernel32

lstrlenA
CloseHandle
CopyFileA
CreateFileA
ExitProcess
FindClose
FindFirstFileA
FindNextFileA
FindResourceA
FreeResource
GetCommandLineA
GetEnvironmentVariableA
GetFileAttributesA
GetFileSize
GetFileTime
GetLogicalDrives
GetModuleFileNameA
GetModuleHandleA
GetProcessHeap
GetTempPathA
GetWindowsDirectoryA
GlobalFree
HeapAlloc
LoadResource
LockResource
MoveFileA
ReadFile
RtlMoveMemory
SetErrorMode
SetFilePointer
SetFileTime
SizeofResource
WriteFile
lstrcatA
lstrcmpA
lstrcmpiA
lstrcpyA

shell32

ShellExecuteA
SHGetSpecialFolderPathA

advapi32

RegCreateKeyExA
CryptCreateHash
CryptDestroyHash
CryptGetHashParam
RegSetValueExA
RegDeleteKeyA
CryptAcquireContextA
RegCloseKey
CryptReleaseContext
CryptHashData

shlwapi

PathFindFileNameA
PathFindExtensionA
PathAddBackslashA
PathMatchSpecA

gdi32

CreateFontIndirectA

comctl32

InitCommonControls

Sections

.text
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 566KB - Virtual size: 565KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
fbe45ed19fa942cc5e767acc0ef638447c4aa4b52d4900627a0a0ae71d543bee.exe
.exe windows:5 windows x86 arch:x86

52acd2ce9ef75b1d800d1f9954cd3c9e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CloseHandle
GetLocalTime
DecodePointer
EncodePointer
WriteConsoleW
SetFilePointerEx
GetConsoleMode
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
RaiseException
GetLastError
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
RtlUnwind
ExitProcess
GetModuleHandleExW
GetModuleFileNameA
MultiByteToWideChar
WideCharToMultiByte
GetStdHandle
WriteFile
GetACP
HeapFree
HeapAlloc
LCMapStringW
FindClose
FindFirstFileExA
FindNextFileA
IsValidCodePage
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetProcessHeap
GetFileType
SetStdHandle
GetStringTypeW
HeapSize
HeapReAlloc
FlushFileBuffers
GetConsoleCP
CreateFileW

user32

wsprintfW

ws2_32

WSAGetLastError
htons

Sections

.text
Size: 170KB - Virtual size: 170KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 284B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
fd7caea00d7f25ea02bb9c447410659c12ca35ebbb67c95c7296e6232a08ce93.exe
.exe windows:5 windows x86 arch:x86

52acd2ce9ef75b1d800d1f9954cd3c9e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CloseHandle
GetLocalTime
DecodePointer
EncodePointer
WriteConsoleW
SetFilePointerEx
GetConsoleMode
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
RaiseException
GetLastError
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
RtlUnwind
ExitProcess
GetModuleHandleExW
GetModuleFileNameA
MultiByteToWideChar
WideCharToMultiByte
GetStdHandle
WriteFile
GetACP
HeapFree
HeapAlloc
LCMapStringW
FindClose
FindFirstFileExA
FindNextFileA
IsValidCodePage
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetProcessHeap
GetFileType
SetStdHandle
GetStringTypeW
HeapSize
HeapReAlloc
FlushFileBuffers
GetConsoleCP
CreateFileW

user32

wsprintfW

ws2_32

WSAGetLastError
htons

Sections

.text
Size: 171KB - Virtual size: 170KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 284B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Resubmissions

Sharing

General

Malware Config

Extracted

Signatures

Files

41fb8cb2943df6de998b35a9d28668e8

Headers

DLL Characteristics

File Characteristics

Imports

gdi32

user32

kernel32

Sections

.text Size: 95KB - Virtual size: 95KB

.itext Size: 1KB - Virtual size: 1KB

.rdata Size: 1KB - Virtual size: 1KB

.data Size: 40KB - Virtual size: 43KB

.pdata Size: 4KB - Virtual size: 3KB

.reloc Size: 4KB - Virtual size: 3KB

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

7???# Size: 80KB - Virtual size: 80KB

o4~ =-5F Size: 80KB - Virtual size: 80KB

.text Size: 402KB - Virtual size: 401KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 12B

.RVA Size: 512B - Virtual size: 219B

9cbefe68f395e67356e2a5d8d1b285c0

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

Sections

.text Size: 6.8MB - Virtual size: 6.8MB

.rdata Size: 5.3MB - Virtual size: 5.3MB

.data Size: 181KB - Virtual size: 609KB

.idata Size: 1KB - Virtual size: 1KB

.reloc Size: 97KB - Virtual size: 96KB

.symtab Size: 512B - Virtual size: 4B

a2302015856b1fdd662b0e13775ed544

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mpr

ws2_32

kernel32

advapi32

user32

shell32

Sections

.text Size: 25KB - Virtual size: 25KB

.rdata Size: 11KB - Virtual size: 10KB

.data Size: 74KB - Virtual size: 74KB

7848011b763d00cd02658995847dd30b

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

ntdll

Sections

.text Size: 50KB - Virtual size: 50KB

.rdata Size: 18KB - Virtual size: 18KB

.data Size: 81KB - Virtual size: 88KB

.reloc Size: 4KB - Virtual size: 4KB

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

.text
Size: 95KB - Virtual size: 95KB

.itext
Size: 1KB - Virtual size: 1KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: 40KB - Virtual size: 43KB

.pdata
Size: 4KB - Virtual size: 3KB

.reloc
Size: 4KB - Virtual size: 3KB

7???#
Size: 80KB - Virtual size: 80KB

o4~=-5F
Size: 80KB - Virtual size: 80KB

.text
Size: 402KB - Virtual size: 401KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B

.RVA
Size: 512B - Virtual size: 219B

.text
Size: 6.8MB - Virtual size: 6.8MB

.rdata
Size: 5.3MB - Virtual size: 5.3MB

.data
Size: 181KB - Virtual size: 609KB

.idata
Size: 1KB - Virtual size: 1KB

.reloc
Size: 97KB - Virtual size: 96KB

.symtab
Size: 512B - Virtual size: 4B

.text
Size: 25KB - Virtual size: 25KB

.rdata
Size: 11KB - Virtual size: 10KB

.data
Size: 74KB - Virtual size: 74KB

.text
Size: 50KB - Virtual size: 50KB

.rdata
Size: 18KB - Virtual size: 18KB

.data
Size: 81KB - Virtual size: 88KB

.reloc
Size: 4KB - Virtual size: 4KB

.text
Size: 443KB - Virtual size: 443KB

.rsrc
Size: 120KB - Virtual size: 119KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 459KB - Virtual size: 458KB

.rdata
Size: 171KB - Virtual size: 171KB

.data
Size: 14KB - Virtual size: 18KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 23KB - Virtual size: 22KB

.text
Size: 896KB - Virtual size: 895KB

.data
Size: 62KB - Virtual size: 96KB

.idata
Size: 512B - Virtual size: 470B

.text
Size: 224KB - Virtual size: 223KB

.rsrc
Size: 16KB - Virtual size: 16KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 896KB - Virtual size: 895KB

.data
Size: 62KB - Virtual size: 96KB

.idata
Size: 512B - Virtual size: 470B