dsE1122[.]rar | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

dsE1122.rar
Size

14.2MB
MD5

394f07bca7aaedfe23ad7dc24a68520b
SHA1

e17adcc112d1d0ea8f71aedbdae528de4ed5c4fc
SHA256

441116d55e97124a067207bf57483dd3462bccfb034e56c4152675b0dcb118e7
SHA512

4834610ae95493a7e51e1493bf8c48e8e2bf8905d0b61af4b685c2b822ef22a78c9fd6cbbb188b20436a71f19972d9ebd211ccf0e75fc542d19f9340781c7eb3
SSDEEP

393216:jBSYPG3rPQ2PUtOd37WjqC6tZ0ksxVmESyOcG7b/ZuHvWpbYqc7p:jQYyPDP2E0qCoZhLESyOf/YHvWOld

Score

7^/10

aspackv2

Malware Config

Signatures

ASPack v2.12-2.42 1 IoCs

Detects executables packed with ASPack v2.12-2.42

aspackv2

resource	yara_rule
static1/unpack001/1DD70E803623D5311B71129976710B11A8942D206A5D8D86CDF8417255F15725.exe	aspack_v212_v242

Unsigned PE 30 IoCs

Checks for missing Authenticode signature.

resource
unpack001/00FAEE82AB5B800CF6DBE97AFD39790B856AD1EC25DC7ED8F798ACA702BEE7AD.exe
unpack001/0B8E9BC31964C9433BD5CC20E556CFD0590C3B17B0DB23CDC3AD0547683F3820.exe
unpack001/0c9fa52ace8019b43c91f4859ecddfde6705141b9283fef05c6c4c37a5c1777a.exe
unpack001/15f7ea290d832bc32ebf660690b42616264fc0be8969934c1f8d7e5a5d3cd18c.exe
unpack001/1DD70E803623D5311B71129976710B11A8942D206A5D8D86CDF8417255F15725.exe
unpack001/1E229029B2D3FF00EDDE061B1AAF470EE437FA8196D97FAD2C2C6C9EDE5B44DA.exe
unpack001/21977fc851dfbcd7c5edcc24ef56750065fcd01e5c9fa4f270424f186a83b061.exe
unpack001/21e1bc4340221fbccee28d59333c20b20755e34e2f3391b90837172bd07fbf01.exe
unpack001/2272954a2c9f631b4f9c5f6d230287b0989ab3b512bb5f4a282214eadf42085a.exe
unpack001/2C3542B5D9AB4EED2DD88CD74A02236A944AFD76E8717F65DCD544912229CA85.exe
unpack001/3ac7f91e37572c0d15de4de96ab4719531c30536409fda4acb3e0071ab726338.exe
unpack001/3c0fe521f6a9cfbfabc1f27a1a64dfc081a63aaaf2a6ce8cd831f6251ee85816.exe
unpack001/41c53e90f0861b068eaa512edff28a586128f808b437122399347bcb3774914a.exe
unpack001/467c2b23b785df7b45758143387e9cc5a588718ae0640b3f01b1c19679b011be.exe
unpack001/5b79b6a81407caf12cf1894346a15e40c4dc017a35105119db3b23c7bf91c7b0.exe
unpack001/712affaa8b84e8fb7d4e71feb6c1074185bc43b5a2f265fbfb248f7ed40a5489 (1).exe
unpack001/72716d15ea7d118b8c99dbcb15114188abe468718c876ac52b0779161ef7e821.exe
unpack001/8b04af13b729b0634b1a3c83e5758f25aecb708480bf2e3df524e889b305c621.exe
unpack001/Bit Paymer.exe
unpack001/KeepCalm.exe
unpack001/LockedIn.exe
unpack001/Purge.exe
unpack001/Scarab.exe
unpack001/a631ad1b1a59001a5f594880c6ae3337bda98f8ce3bb46cd7a9de0b35cd2bc4b.exe
unpack001/a9053a3a52113698143a2b9801509c68d0d8b4b8208da453f0974547df0931bc.exe
unpack001/b764629e1f43851daf984c9372422b65ddceae28f83d6211873f4c8f8672c41c.exe
unpack001/cf89f70633865aa06123062a7dc51f8158905afb4b00f6f3597de3edfba97c5c.exe
unpack001/e951e82867a4f3af5a34b714571e9acf99cca794c4ed1895c9025a642d5d4350.exe
unpack001/fa0c321e1aad571daaa3bf642ced8ab10931a05957ce9f17da49317816ca50c7_WthaiV9ed2.exe
unpack001/fc184274ad3908021e4c8ef28f35dc77447ed6457375d2a4e7b411955e042527.exe

Files

dsE1122.rar
.rar
00FAEE82AB5B800CF6DBE97AFD39790B856AD1EC25DC7ED8F798ACA702BEE7AD.exe
.exe windows:4 windows x86 arch:x86

79b3362178937bf9559741c46bb9e035

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

GetModuleHandleA
GetProcAddress

Sections

.
Size: 1.3MB - Virtual size: 2.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
0B8E9BC31964C9433BD5CC20E556CFD0590C3B17B0DB23CDC3AD0547683F3820.exe
.exe windows:4 windows x86 arch:x86

59d096c737d7e50445f5ef26a4c4324c

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

VirtualAlloc
GetUserDefaultLCID

user32

GetMessageTime

Sections

.text
Size: 676KB - Virtual size: 676KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 10KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
0c9fa52ace8019b43c91f4859ecddfde6705141b9283fef05c6c4c37a5c1777a.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 594KB - Virtual size: 593KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
15f7ea290d832bc32ebf660690b42616264fc0be8969934c1f8d7e5a5d3cd18c.exe
.exe windows:4 windows x86 arch:x86

44f25d61c956e0f747f8bf2a72d8b614

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

ole32

CoTaskMemRealloc
CoTaskMemAlloc
CoInitializeEx
CoCreateGuid
CoInitialize
CLSIDFromString
CoCreateInstance
CoUninitialize
CoFreeUnusedLibraries
CoTaskMemFree

oleaut32

VariantInit
VarBstrCmp
SysFreeString
SysAllocString
VariantClear
VariantChangeType
OleCreatePropertyFrame
SysStringLen

user32

GetMessagePos
ReleaseDC
GetMenuCheckMarkDimensions
InvalidateRect
IsWindowEnabled
DrawTextExW
SetCursor
SetFocus
GetDesktopWindow
IsRectEmpty
GetMessageTime
RemovePropW
SetActiveWindow
GetSystemMetrics
SetPropW
PtInRect
SetForegroundWindow
EnableWindow
GetMenu
CreatePopupMenu
GetFocus
GetSysColorBrush
KillTimer
GetClassInfoExW
GetClassInfoW
GetSubMenu
IsDialogMessageW
RealChildWindowFromPoint
SetMenuItemInfoW
IsWindowVisible
LoadCursorW
PeekMessageW
GrayStringW
SetWindowTextW
GetDlgCtrlID
GetForegroundWindow
GetDC
SendDlgItemMessageA
EndDialog
GetWindowThreadProcessId
CopyRect
SetWindowPos
GetMessageW
GetSysColor
DispatchMessageW
ClientToScreen
BeginPaint
CharToOemA
GetWindowRect
SetTimer
ValidateRect
CheckMenuItem
InflateRect
EqualRect
GetDlgItem
TrackPopupMenu
RegisterClassW
SetWindowsHookExW
GetWindow
ShowWindow
SetRect
GetNextDlgTabItem
GetCapture
GetParent
MessageBoxW
ScreenToClient
GetMenuItemID
MonitorFromWindow
GetClientRect
GetKeyState
GetPropW
MapWindowPoints
GetTopWindow
DestroyIcon
GetClassNameW
IntersectRect
GetLastActivePopup
UpdateWindow
GetClassLongW
GetMenuItemCount
GetWindowTextLengthW
RegisterWindowMessageW
LoadIconW
CharUpperW
EndPaint
GetWindowLongW
GetCursorPos
EnableMenuItem
PostQuitMessage
LoadBitmapW
DestroyMenu
AdjustWindowRectEx
IsWindow
CreateWindowExW

shlwapi

PathIsUNCW
PathFindFileNameW
PathRemoveFileSpecW
PathFindExtensionW

gdi32

CloseFigure
DeleteObject
ScaleWindowExtEx
CreatePen
SetViewportOrgEx
GetClipBox
SetBkColor
ScaleViewportExtEx
SetViewportExtEx
CreateBitmap
SetMapMode
OffsetViewportOrgEx
SetTextColor
BeginPath
SetWindowExtEx
Escape
SaveDC
GetTextExtentPoint32W
SelectObject
SetBkMode
TranslateCharsetInfo
GetStockObject
AbortPath
RestoreDC

advapi32

RegEnumKeyW
RegCloseKey
RegCreateKeyW
RegQueryValueW
RegSetValueW
RegDeleteKeyW
RegEnumKeyExW
RegOpenKeyExW
RegQueryValueExW
RegDeleteValueW

winspool.drv

ExtDeviceMode

kernel32

IsDBCSLeadByte
SizeofResource
FindResourceW
DuplicateHandle
GetFileSize
CreateEventW
IsDBCSLeadByteEx
RemoveDirectoryW
GlobalReAlloc
SetEndOfFile
SwitchToThread
LockFile
GetModuleFileNameW
DeleteTimerQueueTimer
GlobalAddAtomW
SetStdHandle
TlsGetValue
SetThreadPriority
ReadFile
QueryPerformanceCounter
GlobalLock
OutputDebugStringA
GlobalUnlock
LocalFree
SetFileAttributesW
FileTimeToSystemTime
LocalReAlloc
FindFirstChangeNotificationW
HeapReAlloc
GetShortPathNameW
GetLongPathNameW
FindCloseChangeNotification
GetFileTime
CreateDirectoryW
GetStringTypeW
GlobalFree
SetLastError
GetSystemDirectoryW
CloseHandle
FreeEnvironmentStringsW
GetPrivateProfileStringW
GetCPInfo
DeleteCriticalSection
GetProcessHeap
GetEnvironmentStringsW
UnlockFile
LoadLibraryW
DeleteFileW
InitializeSListHead
MoveFileW
GetUserDefaultLCID
SystemTimeToFileTime
LocalAlloc
GetModuleHandleExW
GetStdHandle
GetVolumeInformationW
EnterCriticalSection
GetProcAddress
GetThreadPriority
GetFileAttributesExW
WriteFile
GlobalAlloc
FileTimeToLocalFileTime
LocalFileTimeToFileTime
GetCommandLineA
GetCurrentProcess
OutputDebugStringW
TlsSetValue
GetSystemDefaultUILanguage
AreFileApisANSI
LoadLibraryA
SetFileTime
GlobalHandle
GetLastError
InitializeCriticalSection
ExitProcess
FormatMessageW
VirtualProtect
HeapFree
GlobalFlags
GetACP
SetThreadAffinityMask
LockResource
GetLocaleInfoW
CreateTimerQueue
VirtualFree
EnumSystemLocalesW
CreateFileW
GetFileType
GetFileAttributesW
GetConsoleCP
GetFullPathNameW
FreeResource
GetModuleFileNameA
GetProcessAffinityMask
RaiseException
SignalObjectAndWait
HeapSize
InitializeCriticalSectionAndSpinCount
HeapAlloc
MulDiv
FindNextFileW
IsDebuggerPresent
lstrcmpA
WriteConsoleW
WaitForSingleObjectEx
lstrcmpW
GetThreadTimes
GetCurrentThreadId
GetCurrentThread
ReadConsoleW
TlsFree
LeaveCriticalSection
FindClose
WaitForSingleObject
GetModuleHandleW
InterlockedIncrement
SetUnhandledExceptionFilter
LCMapStringW
WritePrivateProfileStringW
FindFirstFileW
LoadResource
Sleep
GetFileSizeEx
CreateThread
CreateTimerQueueTimer
GetModuleHandleA
SetEvent
SetFilePointer

shell32

SHSetUnreadMailCountW
SHExtractIconsW
ShellExecuteW
DoEnvironmentSubstW

Sections

.text
Size: 73KB - Virtual size: 76KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 232KB - Virtual size: 232KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 133KB - Virtual size: 132KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 16KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 1024B - Virtual size: 768B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
1DD70E803623D5311B71129976710B11A8942D206A5D8D86CDF8417255F15725.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 154KB - Virtual size: 368KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

DATA
Size: 2KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.aspack
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
1E229029B2D3FF00EDDE061B1AAF470EE437FA8196D97FAD2C2C6C9EDE5B44DA.exe
.exe windows:4 windows x86 arch:x86

dbc1055db78e0eb7de5de4fbdef168b4

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCurrentProcess
VirtualAlloc

user32

GetClipboardOwner
GetOpenClipboardWindow

Sections

.
Size: 676KB - Virtual size: 676KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.
Size: 10KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
21977fc851dfbcd7c5edcc24ef56750065fcd01e5c9fa4f270424f186a83b061.exe
.exe windows:6 windows x86 arch:x86

1fc1ca157c798a8f3ee2422fc024e5e2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetTickCount
GetDriveTypeW
GetLastError
WriteConsoleW
HeapSize
CreateFileW
WinExec
SetStdHandle
FindClose
lstrcpynA
ExitProcess
GetCurrentProcessorNumber
GetLocalTime
OpenMutexA
Sleep
CreateMutexA
GetCurrentThreadId
ReadConsoleW
FindNextFileA
ExpandEnvironmentStringsW
FindFirstFileA
GetLogicalDrives
GetModuleFileNameA
lstrcmpiA
GetFileSize
CloseHandle
CreateFileA
MoveFileExA
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
IsValidCodePage
FindFirstFileExA
GetProcessHeap
SetFilePointerEx
GetConsoleMode
lstrlenA
WriteFile
FreeEnvironmentStringsW
ReadFile
WideCharToMultiByte
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
EncodePointer
DecodePointer
MultiByteToWideChar
SetLastError
InitializeCriticalSectionAndSpinCount
CreateEventW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
GetModuleHandleW
GetProcAddress
LCMapStringW
GetLocaleInfoW
GetStringTypeW
GetCPInfo
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
SetEvent
ResetEvent
WaitForSingleObjectEx
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
GetCurrentProcessId
InitializeSListHead
RtlUnwind
RaiseException
FreeLibrary
LoadLibraryExW
HeapAlloc
HeapReAlloc
HeapFree
GetModuleHandleExW
GetStdHandle
GetACP
GetFileType
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
FlushFileBuffers
GetConsoleCP
SetEndOfFile

user32

GetDC
FillRect
GetSystemMetrics
GetActiveWindow
wsprintfW
DrawTextW
SystemParametersInfoW
wsprintfA
GetClipboardOwner

gdi32

SelectObject
CreateCompatibleBitmap
CreateCompatibleDC
GetDIBits
SetTextColor
SetBkMode
CreateSolidBrush
CreateFontIndirectW

advapi32

RegOpenKeyExW
CryptHashData
CryptDeriveKey
RegCloseKey
RegSetValueExW
CryptSetKeyParam
CryptAcquireContextA
CryptEncrypt
CryptCreateHash

shell32

ShellExecuteA
SHGetPathFromIDListA
SHGetSpecialFolderLocation
ShellExecuteW

shlwapi

PathFindFileNameA
PathFindExtensionA

mpr

WNetEnumResourceA
WNetGetLastErrorA
WNetOpenEnumA
WNetCloseEnum

crypt32

CryptStringToBinaryA
CryptDecodeObjectEx
CryptImportPublicKeyInfo

Sections

.text
Size: 154KB - Virtual size: 154KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 65KB - Virtual size: 65KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 20.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
21e1bc4340221fbccee28d59333c20b20755e34e2f3391b90837172bd07fbf01.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 592KB - Virtual size: 591KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 115KB - Virtual size: 115KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
2272954a2c9f631b4f9c5f6d230287b0989ab3b512bb5f4a282214eadf42085a.exe
.exe windows:5 windows x86 arch:x86

53249f65d2f64c09446341c1827aaa66

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

FindWindowExA
MessageBoxW
PostMessageA
ShowWindow
EndPaint
RegisterClassExA
DrawTextA
OemToCharA
IsDialogMessageW
RemovePropA
SendMessageW
SetWindowTextA
LoadCursorW
LoadImageA
HideCaret
GetClassNameW

odbctrac

TraceSQLError
TraceSQLCancel

kernel32

OpenMutexW
SetEvent
InterlockedDecrement
GetModuleHandleA
WaitForSingleObject
GetDiskFreeSpaceA
GetProcAddress
GetExpandedNameA
GetConsoleTitleA
DefineDosDeviceA
CreateEventW
CreateFileMappingA
ReleaseMutex
GetStartupInfoW
SystemTimeToFileTime
SetErrorMode
GetConsoleAliasW

Exports

Exports

iojraq

Sections

.text
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE

.data
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 265KB - Virtual size: 265KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_WRITE
2C3542B5D9AB4EED2DD88CD74A02236A944AFD76E8717F65DCD544912229CA85.exe
.exe windows:5 windows x86 arch:x86

e836076a09dba03e4d6faa46dda0fefc

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_ISOLATION
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

wininet

HttpSendRequestW
InternetSetOptionW
InternetQueryOptionW
HttpOpenRequestW
HttpQueryInfoW
InternetReadFile
InternetConnectW
InternetOpenW

kernel32

GetTempPathW
GetFileSize
GetCurrentDirectoryW
DeleteFileW
CloseHandle
WriteFile
lstrcmpW
ReadFile
GetModuleHandleW
ExitProcess
HeapCreate
HeapAlloc
GetModuleFileNameW
CreateFileW
lstrlenW

user32

wsprintfW

shell32

ShellExecuteW

Sections

.text
Size: 1024B - Virtual size: 904B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 166B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
3ac7f91e37572c0d15de4de96ab4719531c30536409fda4acb3e0071ab726338.exe
.exe windows:5 windows x86 arch:x86

d594c3da09df47926f98761efef2f7b1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

InitializeCriticalSectionAndSpinCount
InterlockedCompareExchange
InterlockedDecrement
InterlockedExchange
InterlockedExchangeAdd
InterlockedIncrement
InterlockedPushEntrySList
IsProcessorFeaturePresent
IsValidCodePage
LCMapStringW
LeaveCriticalSection
LoadLibraryExA
LoadLibraryExW
LoadResource
LockResource
MultiByteToWideChar
OpenEventW
OpenFileMappingW
OpenJobObjectA
OpenSemaphoreA
PulseEvent
RaiseException
ReadConsoleOutputCharacterW
ReadConsoleOutputW
ReleaseMutex
SearchPathW
HeapValidate
SetDllDirectoryW
SetEnvironmentVariableW
SetErrorMode
SetLastError
SetVolumeLabelW
SizeofResource
Sleep
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
UnhandledExceptionFilter
WaitForSingleObject
WriteConsoleW
WriteFile
WritePrivateProfileStringW
WriteProfileStringA
_lclose
_lwrite
lstrcatW
lstrcmpW
lstrcmpiW
lstrcpyW
lstrcpynW
lstrlenA
lstrlenW
HeapSize
HeapReAlloc
HeapFree
HeapDestroy
HeapAlloc
GetVolumeInformationA
GetVersionExW
GetVersionExA
GetThreadPriorityBoost
GetTempFileNameW
GetSystemTime
GetSystemDirectoryW
GetSystemDirectoryA
GetStringTypeExW
GetQueuedCompletionStatus
GetProfileSectionA
GetProfileIntA
GetProcessHeap
GetProcAddress
GetPrivateProfileStringW
GetPrivateProfileSectionNamesA
GetPrivateProfileIntW
GetOEMCP
GetModuleHandleA
GetModuleFileNameW
GetLastError
GetCurrentThreadId
GetCurrentProcess
GetConsoleMode
GetConsoleDisplayMode
GetConsoleCP
GetConsoleAliasW
GetConsoleAliasExesLengthA
GetComputerNameExW
GetCommandLineW
GetACP
FreeLibrary
FormatMessageW
FlushInstructionCache
FindResourceW
FindResourceExW
FindNextFileA
FindFirstFileExA
FillConsoleOutputCharacterW
ExpandEnvironmentStringsW
ExpandEnvironmentStringsA
ExitProcess
EnterCriticalSection
EndUpdateResourceW
DeleteFileW
DeleteCriticalSection
CreateProcessW
CreateMutexW
CreateMutexA
CreateFileMappingW
CreateFileMappingA
CreateEventW
CreateDirectoryA
CopyFileExA
ConvertThreadToFiber
CompareStringW
CommConfigDialogW
CloseHandle
BindIoCompletionCallback
BeginUpdateResourceW
AddConsoleAliasW
VirtualAlloc
CreateFileW
SetCurrentDirectoryW
GetModuleHandleW

user32

DrawIcon
DrawIconEx
DrawTextExW
DrawTextW
EmptyClipboard
EnableMenuItem
EnableScrollBar
EnableWindow
EndDialog
EndPaint
EnumChildWindows
EnumDesktopWindows
EnumDisplayMonitors
EnumThreadWindows
EnumWindows
EqualRect
FillRect
FindWindowExW
FindWindowW
FrameRect
GetActiveWindow
GetAncestor
GetAsyncKeyState
GetCapture
GetClassInfoA
GetClassInfoExW
GetClassInfoW
GetClassLongW
GetClassNameW
GetClassWord
GetClientRect
GetClipboardSequenceNumber
CopyImage
GetDCEx
GetDlgCtrlID
GetDlgItem
GetDlgItemTextW
GetForegroundWindow
GetIconInfo
GetKeyNameTextW
GetKeyboardLayoutList
GetKeyboardLayoutNameW
GetKeyboardState
GetLastActivePopup
GetMenu
GetMenuDefaultItem
GetMenuItemID
GetMenuItemInfoW
GetMenuState
GetMenuStringW
GetMessageExtraInfo
GetMessagePos
GetMessageW
GetMonitorInfoW
GetParent
GetPropW
GetScrollInfo
GetScrollPos
GetScrollRange
GetSubMenu
GetSysColorBrush
GetSystemMenu
GetUpdateRect
GetWindow
GetWindowContextHelpId
GetWindowDC
GetWindowLongW
GetWindowPlacement
GetWindowRect
GetWindowTextW
GetWindowThreadProcessId
HideCaret
InflateRect
InsertMenuItemW
InsertMenuW
IntersectRect
InvalidateRect
IsCharAlphaNumericW
IsChild
IsDialogMessageA
IsDialogMessageW
IsIconic
IsRectEmpty
IsWindow
IsWindowUnicode
IsZoomed
KillTimer
LoadBitmapW
LoadIconW
LoadImageW
LoadKeyboardLayoutW
LoadMenuW
LoadStringW
MapVirtualKeyW
MapWindowPoints
MessageBeep
MessageBoxA
MessageBoxExW
MessageBoxW
ModifyMenuW
MonitorFromPoint
MonitorFromWindow
MoveWindow
MsgWaitForMultipleObjects
MsgWaitForMultipleObjectsEx
OemToCharBuffA
OffsetRect
OpenClipboard
OpenDesktopW
PeekMessageA
PeekMessageW
PostMessageW
PostQuitMessage
PostThreadMessageW
PtInRect
RealChildWindowFromPoint
RedrawWindow
RegisterClassExW
RegisterClassW
RegisterClipboardFormatW
RegisterHotKey
RegisterWindowMessageW
ReleaseDC
RemoveMenu
RemovePropW
DrawFrameControl
ScrollWindow
SendDlgItemMessageW
SendInput
SendMessageA
SendMessageTimeoutW
SendMessageW
SetActiveWindow
SetCapture
SetClassLongW
SetClipboardData
SetCursor
SetCursorPos
SetDlgItemTextW
SetFocus
SetForegroundWindow
SetKeyboardState
SetLastErrorEx
SetMenu
SetMenuDefaultItem
SetMenuItemInfoW
SetParent
SetPropW
SetRect
SetRectEmpty
SetScrollInfo
SetScrollPos
SetScrollRange
SetTimer
SetWindowLongW
SetWindowPlacement
SetWindowPos
SetWindowRgn
SetWindowTextW
SetWindowsHookExW
ShowCursor
ShowOwnedPopups
ShowScrollBar
ShowWindow
SystemParametersInfoW
TabbedTextOutA
TabbedTextOutW
TrackPopupMenu
TranslateMDISysAccel
TranslateMessage
UnhookWindowsHookEx
UnionRect
UnregisterClassA
UnregisterClassW
UnregisterHotKey
UpdateWindow
WaitMessage
WinHelpW
WindowFromPoint
wsprintfW
wvsprintfW
CloseClipboard
ClientToScreen
ChildWindowFromPoint
CheckMenuItem
CharUpperBuffW
CharToOemBuffA
CharPrevW
CharLowerW
CharLowerBuffW
CallWindowProcW
CallNextHookEx
BeginPaint
AllowSetForegroundWindow
AdjustWindowRectEx
ActivateKeyboardLayout
GetKeyState
GetWindowTextLengthW
LoadCursorW
GetKeyboardLayout
GetClipboardOwner
GetSysColor
GetInputState
CharNextW
DestroyIcon
VkKeyScanA
IsCharAlphaW
VkKeyScanW
GetDoubleClickTime
GetKBCodePage
GetCaretBlinkTime
PaintDesktop
InSendMessage
GetQueueStatus
GetMenuCheckMarkDimensions
WindowFromDC
GetShellWindow
IsCharAlphaNumericA
IsClipboardFormatAvailable
CreatePopupMenu
GetThreadDesktop
LoadCursorFromFileA
GetClipboardViewer
GetProcessWindowStation
ShowCaret
GetWindowTextLengthA
GetMenuContextHelpId
DrawMenuBar
GetTopWindow
GetDC
GetFocus
IsWindowEnabled
EnumClipboardFormats
ReleaseCapture
IsMenu
GetSystemMetrics
IsWindowVisible
GetDesktopWindow
OemKeyScan
IsCharUpperW
GetMessageTime
CloseWindowStation
CharUpperW
GetClipboardData
GetMenuItemCount
DestroyWindow
GetCursor
DrawFocusRect
DrawEdge
DlgDirSelectComboBoxExA
DispatchMessageW
DispatchMessageA
DialogBoxParamW
DialogBoxIndirectParamW
DestroyMenu
DestroyCursor
DeleteMenu
DefWindowProcW
DefMDIChildProcW
DefFrameProcW
CreateWindowExW
CreateMenu
IsCharLowerW
GetKeyboardType
CloseDesktop
CreateIconIndirect
CreateIcon
CreateDialogParamW
CountClipboardFormats
ScreenToClient
CopyRect
GetCursorPos

gdi32

GetDCBrushColor
SaveDC
GetStockObject
GetGraphicsMode
GetStretchBltMode
GetColorSpace
AddFontResourceW
DeleteDC
GetBkColor
DeleteColorSpace
CloseFigure
CreateCompatibleDC
EndDoc
GetBkMode
AbortPath
GetPolyFillMode
GetEnhMetaFileA
CreatePatternBrush
BitBlt
CreateCompatibleBitmap
StrokePath
CreateFontIndirectW
CreatePen
CreateSolidBrush
DPtoLP
DeleteObject
ExtTextOutW
GetDIBColorTable
GetDeviceCaps
GetEnhMetaFileHeader
GetObjectW
PtVisible
Rectangle
RoundRect
SelectObject
SetBkColor
SetBkMode
SetDIBColorTable
SetTextColor
StretchBlt
gdiPlaySpoolStream
SwapBuffers
GetObjectType
GetTextCharacterExtra
GetTextAlign
EndPage
SetMetaRgn
DeleteMetaFile
GetSystemPaletteUse
GetFontLanguageInfo
GetLayout
CloseMetaFile
CreateDIBSection
GetTextCharset

advapi32

RegDeleteKeyW
RegSetValueExW
RegQueryInfoKeyW
RegEnumKeyExW
RegDeleteValueW
RegQueryValueExW
RegCreateKeyExW
RegCloseKey
GetUserNameW
RegOpenKeyExW

shell32

SHFileOperationW
ShellExecuteW
ShellExecuteExW
SHQueryRecycleBinW
SHInvokePrinterCommandW
DoEnvironmentSubstA
DragQueryFileAorW
SHChangeNotify
SHFileOperationA
Shell_NotifyIconW
SHGetMalloc
SHGetPathFromIDListA
SHGetSpecialFolderPathA
SHGetSpecialFolderPathW

ole32

OleInitialize
CoTaskMemRealloc
CoTaskMemFree
CoTaskMemAlloc
CoCreateInstance
OleUninitialize

shlwapi

StrStrW
StrRChrIW
StrRChrIA
StrChrA
PathFindExtensionW

comctl32

InitCommonControlsEx

imm32

ImmDisableIME

Sections

.text
Size: 231KB - Virtual size: 230KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 140KB - Virtual size: 140KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
3c0fe521f6a9cfbfabc1f27a1a64dfc081a63aaaf2a6ce8cd831f6251ee85816.exe
.exe windows:5 windows x86 arch:x86

c0cf0052bc809c1335de5569fdee9950

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCommandLineA
GetCPInfo
GetOEMCP
IsValidCodePage
FindNextFileA
FindFirstFileExA
FindClose
DecodePointer
HeapFree
GetACP
GetModuleHandleExW
ExitProcess
WideCharToMultiByte
MultiByteToWideChar
GetModuleFileNameA
WriteFile
LCMapStringW
SetStdHandle
GetFileType
GetStringTypeW
HeapSize
HeapReAlloc
GetCommandLineW
GetConsoleCP
GetStdHandle
EncodePointer
Process32Next
Process32First
SetLastError
GetModuleFileNameW
LoadLibraryExW
FreeLibrary
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
RtlUnwind
CreateToolhelp32Snapshot
SetConsoleTitleA
CreateTimerQueue
CreateFileW
LoadLibraryA
MulDiv
CreateTapePartition
CloseHandle
CreateIoCompletionPort
GetLastError
GetProcessHeap
HeapAlloc
HeapCreate
RaiseException
TerminateProcess
GetCurrentProcess
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetProcAddress
FlushFileBuffers
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
GetConsoleMode
SetFilePointerEx
WriteConsoleW
GetStartupInfoW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
GetModuleHandleW
CreateEventW
WaitForSingleObjectEx
ResetEvent
SetEvent
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection

user32

PostQuitMessage
DefWindowProcA
SendMessageA
DispatchMessageA
CreateWindowExA
ShowWindow
IsWindowVisible
GetDlgItem
CheckDlgButton
IsDlgButtonChecked
SendDlgItemMessageA
SetFocus
TranslateMessage
RegisterClassA
wsprintfA
DrawFrameControl
RealChildWindowFromPoint
DefMDIChildProcA
LoadCursorA
LoadBitmapA
GetWindow
FindWindowExA
SetWindowLongA
GetWindowLongA
PtInRect
OffsetRect
InvertRect
DrawFocusRect
GetSysColorBrush
GetSysColor
MessageBoxA
SetWindowTextA
GetScrollRange
RedrawWindow
InvalidateRect
EndPaint
BeginPaint
ReleaseDC
GetDC
SetForegroundWindow
GetForegroundWindow
SetActiveWindow
UpdateWindow
DeleteMenu
GetSystemMenu
GetSystemMetrics
GetFocus
GetMessageA

gdi32

SetWindowExtEx
MoveToEx
SetTextJustification
SetTextAlign
SetBkMode
SelectObject
Rectangle
LineTo
GetTextExtentPoint32A
GetTextAlign
GetStockObject
GetDeviceCaps
DeleteObject
CreateSolidBrush
CreatePen
CreateFontA

advapi32

SystemFunction036
AllocateAndInitializeSid
GetSidIdentifierAuthority
GetSidSubAuthorityCount
IsValidSid

shell32

SHBrowseForFolderA

ole32

CLSIDFromString
CoInitialize

ws2_32

WSAStartup
shutdown
closesocket
WSASocketA

netapi32

NetShareGetInfo

avifil32

AVIStreamStart
AVIStreamRelease
AVIFileGetStream
AVIStreamLength
AVIFileOpenA
AVIFileRelease
AVIFileExit
AVIFileInit
AVIStreamGetFrameOpen
AVIStreamGetFrame
AVIStreamGetFrameClose
AVIFileInfoA

msacm32

acmFormatEnumA
acmFormatTagDetailsA
acmMetrics

winmm

mmioAscend

iphlpapi

GetInterfaceInfo
GetIfTable
GetIfEntry

shlwapi

StrChrA
AssocCreate

comctl32

ImageList_AddMasked
ImageList_GetImageCount
ImageList_Create

wintrust

CryptCATAdminAcquireContext
CryptCATAdminEnumCatalogFromHash
CryptCATAdminReleaseContext

rpcrt4

UuidHash

setupapi

SetupDiEnumDeviceInfo
SetupDiDestroyDeviceInfoList
SetupDiGetClassDevsA
SetupDiCallClassInstaller
SetupDiSetClassInstallParamsA

Sections

.text
Size: 65KB - Virtual size: 65KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 31KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 300B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 840KB - Virtual size: 1.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
41c53e90f0861b068eaa512edff28a586128f808b437122399347bcb3774914a.exe
.exe windows:5 windows x86 arch:x86

59e94e5f36f690a93172696aa6586953

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

VirtualAlloc
GetCPInfo
GetOEMCP
HeapAlloc
lstrcmpiW
GetCurrentProcess
lstrcpynW
GetCommandLineA
lstrcmpW
FreeEnvironmentStringsA
HeapFree
GetProcessHeap
GetStartupInfoA
GetEnvironmentVariableW
GetEnvironmentStringsA

user32

ShowStartGlass
EndPaint
IsIconic
GetWindowTextA
SetCursor
BeginPaint
GetCursorPos

oleaut32

SysStringLen
VariantChangeTypeEx
SysAllocStringLen
VarI1FromR8
SafeArrayGetDim
VarDecMul
VarBstrFromR8
VarUI8FromI2
VarDateFromI1
VariantClear
UnRegisterTypeLib
VarTokenizeFormatString
VariantCopyInd
CreateTypeLib2
VarI2FromI8
VarR8Round
VarUI4FromUI8

Sections

.text
Size: 24KB - Virtual size: 43KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 828B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 692B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
467c2b23b785df7b45758143387e9cc5a588718ae0640b3f01b1c19679b011be.exe
.exe windows:5 windows x86 arch:x86

d5af612192dea3485d4c6e2bdcaa0ae7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetDriveTypeW
GetCommProperties
GetModuleHandleW
TerminateProcess
GetProcAddress
LoadLibraryA
AddAtomA
GetCommTimeouts
GetProcessAffinityMask
VirtualProtect
GetTempPathA
GetStringTypeW
MultiByteToWideChar
LCMapStringW
HeapReAlloc
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
LoadLibraryW
GetCommandLineA
HeapSetInformation
GetStartupInfoW
RaiseException
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapAlloc
GetLastError
HeapFree
IsProcessorFeaturePresent
EncodePointer
DecodePointer
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameW
GetModuleFileNameA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
SetHandleCount
InitializeCriticalSectionAndSpinCount
GetFileType
DeleteCriticalSection
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
HeapCreate
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
LeaveCriticalSection
EnterCriticalSection
RtlUnwind
Sleep
HeapSize

user32

EnableScrollBar
LoadImageA

shell32

Shell_NotifyIconA
SHGetFileInfoA
ExtractIconExA
SHGetDiskFreeSpaceExW

msimg32

TransparentBlt
GradientFill
AlphaBlend

Sections

.text
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 320KB - Virtual size: 319KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
5b79b6a81407caf12cf1894346a15e40c4dc017a35105119db3b23c7bf91c7b0.exe
.exe windows:6 windows x86 arch:x86

fcf96dc829b5f24b92a7b578e6908702

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCurrentProcessorNumber
ExitProcess
lstrcpynA
WinExec
GetTickCount
GetDriveTypeW
GetLastError
WriteConsoleW
GetLocalTime
CreateFileW
ReadConsoleW
SetStdHandle
GetLogicalDrives
FreeEnvironmentStringsW
OpenMutexA
Sleep
GetCurrentThreadId
CreateMutexA
FindFirstFileA
FindClose
FindNextFileA
ExpandEnvironmentStringsW
HeapSize
GetModuleFileNameA
GetFileTime
lstrcmpiA
SystemTimeToFileTime
GetFileSize
CloseHandle
FileTimeToSystemTime
CreateFileA
MoveFileExA
lstrlenA
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
IsValidCodePage
FindFirstFileExA
GetProcessHeap
SetFilePointerEx
GetConsoleMode
SetFileTime
WriteFile
ReadFile
WideCharToMultiByte
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
EncodePointer
DecodePointer
MultiByteToWideChar
SetLastError
InitializeCriticalSectionAndSpinCount
CreateEventW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
GetModuleHandleW
GetProcAddress
LCMapStringW
GetLocaleInfoW
GetStringTypeW
GetCPInfo
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
SetEvent
ResetEvent
WaitForSingleObjectEx
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
GetCurrentProcessId
InitializeSListHead
RtlUnwind
RaiseException
FreeLibrary
LoadLibraryExW
HeapAlloc
HeapReAlloc
HeapFree
GetModuleHandleExW
GetStdHandle
GetACP
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetFileType
FlushFileBuffers
GetConsoleCP
SetEndOfFile

user32

GetDC
FillRect
GetSystemMetrics
GetActiveWindow
wsprintfW
DrawTextW
SystemParametersInfoW
wsprintfA
GetClipboardOwner

gdi32

GetDIBits
CreateCompatibleBitmap
SelectObject
CreateCompatibleDC
SetTextColor
SetBkMode
CreateSolidBrush
CreateFontIndirectW

advapi32

RegOpenKeyExW
CryptHashData
CryptDeriveKey
RegCloseKey
RegSetValueExW
CryptSetKeyParam
CryptAcquireContextA
CryptEncrypt
CryptCreateHash

shell32

ShellExecuteA
SHGetPathFromIDListA
SHGetSpecialFolderLocation
ShellExecuteW

shlwapi

PathFindFileNameA
PathFindExtensionA

mpr

WNetEnumResourceA
WNetGetLastErrorA
WNetOpenEnumA
WNetCloseEnum

crypt32

CryptStringToBinaryA
CryptDecodeObjectEx
CryptImportPublicKeyInfo

Sections

.text
Size: 155KB - Virtual size: 154KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 65KB - Virtual size: 65KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 20.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
712affaa8b84e8fb7d4e71feb6c1074185bc43b5a2f265fbfb248f7ed40a5489 (1).exe
.exe windows:5 windows x86 arch:x86

4893cd8c9409b7c6586b6402339acab9

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

oleaut32

SysFreeString
SysReAllocStringLen
SysAllocStringLen
SafeArrayPtrOfIndex
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayCreate
VariantChangeType
VariantCopy
VariantClear
VariantInit

advapi32

RegQueryValueExW
RegOpenKeyExW
RegCloseKey
RegUnLoadKeyW
RegSetValueExW
RegSaveKeyW
RegRestoreKeyW
RegReplaceKeyW
RegQueryValueExW
RegQueryInfoKeyW
RegOpenKeyExW
RegLoadKeyW
RegFlushKey
RegEnumValueW
RegEnumKeyExW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
RegConnectRegistryW
RegCloseKey

user32

CharNextW
LoadStringW
ShowWindow
PeekMessageW
MsgWaitForMultipleObjects
MessageBoxW
LoadStringW
GetSystemMetrics
CharUpperBuffW
CharUpperW
CharLowerBuffW

kernel32

Sleep
VirtualFree
VirtualAlloc
lstrlenW
VirtualQuery
QueryPerformanceCounter
GetTickCount
GetSystemInfo
GetVersion
CompareStringW
IsDBCSLeadByteEx
IsValidLocale
SetThreadLocale
GetSystemDefaultUILanguage
GetUserDefaultUILanguage
GetLocaleInfoW
WideCharToMultiByte
MultiByteToWideChar
GetConsoleOutputCP
GetConsoleCP
GetACP
LoadLibraryExW
GetStartupInfoW
GetProcAddress
GetModuleHandleW
GetModuleFileNameW
GetCommandLineW
FreeLibrary
GetLastError
UnhandledExceptionFilter
RtlUnwind
RaiseException
ExitProcess
ExitThread
SwitchToThread
GetCurrentThreadId
CreateThread
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
FindFirstFileW
FindClose
WriteFile
SetFilePointer
SetEndOfFile
ReadFile
GetFileType
GetFileSize
CreateFileW
GetStdHandle
CloseHandle
GetProcAddress
RaiseException
LoadLibraryA
GetLastError
TlsSetValue
TlsGetValue
LocalFree
LocalAlloc
GetModuleHandleW
FreeLibrary
WriteFile
WinExec
WideCharToMultiByte
WaitForSingleObject
VirtualQueryEx
VirtualQuery
VirtualProtect
VirtualFree
VerSetConditionMask
VerifyVersionInfoW
TryEnterCriticalSection
SwitchToThread
SuspendThread
Sleep
SetThreadPriority
SetLastError
SetFilePointer
SetEvent
SetErrorMode
SetEndOfFile
ResumeThread
ResetEvent
ReadFile
RaiseException
QueryPerformanceFrequency
QueryPerformanceCounter
IsDebuggerPresent
MoveFileW
LocalFree
LoadLibraryW
LeaveCriticalSection
LCMapStringW
IsValidLocale
InitializeCriticalSection
HeapSize
HeapFree
HeapDestroy
HeapCreate
HeapAlloc
GetWindowsDirectoryW
GetVersionExW
GetTimeZoneInformation
GetTickCount
GetThreadPriority
GetThreadLocale
GetTempPathW
GetStdHandle
GetProcAddress
GetModuleHandleW
GetModuleFileNameW
GetLogicalDriveStringsW
GetLocaleInfoW
GetLocalTime
GetLastError
GetFullPathNameW
GetFileSize
GetFileAttributesW
GetExitCodeThread
GetEnvironmentVariableW
GetDriveTypeW
GetDiskFreeSpaceW
GetDateFormatW
GetCurrentThreadId
GetCurrentThread
GetCurrentProcess
GetComputerNameW
GetCPInfoExW
GetCPInfo
GetACP
FreeLibrary
FormatMessageW
FindNextFileW
FindFirstFileW
FindClose
EnumSystemLocalesW
EnumCalendarInfoW
EnterCriticalSection
DeleteCriticalSection
CreateFileW
CreateEventW
CompareStringW
CloseHandle
Sleep
GetConsoleWindow

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

mpr

WNetOpenEnumW
WNetEnumResourceW
WNetCloseEnum

netapi32

NetApiBufferFree
NetWkstaGetInfo

Exports

Exports

TMethodImplementationIntercept
__dbk_fcall_wrapper
dbkFCallWrapperAddr

Sections

.text
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 42KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 24KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.didata
Size: 1024B - Virtual size: 614B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 153B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: - Virtual size: 32B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 92B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 141KB - Virtual size: 141KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 39KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
72716d15ea7d118b8c99dbcb15114188abe468718c876ac52b0779161ef7e821.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 587KB - Virtual size: 586KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 115KB - Virtual size: 115KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
8b04af13b729b0634b1a3c83e5758f25aecb708480bf2e3df524e889b305c621.exe
.exe windows:5 windows x86 arch:x86

caeae43a095cc441a32b8fb2f33dae42

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FreeEnvironmentStringsW
GetEnvironmentStringsW
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
GetModuleFileNameA
GetFileType
LoadLibraryExW
GetModuleFileNameW
WriteFile
GetStdHandle
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
GetCurrentThreadId
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
lstrlenA
GetStartupInfoW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
Sleep
InitializeCriticalSectionAndSpinCount
SetLastError
SetUnhandledExceptionFilter
UnhandledExceptionFilter
HeapSize
GetCommandLineA
RtlUnwind
RaiseException
WideCharToMultiByte
GetModuleHandleExW
ExitProcess
IsProcessorFeaturePresent
IsDebuggerPresent
LCMapStringW
HeapReAlloc
GetStringTypeW
OutputDebugStringW
GetConsoleCP
GetConsoleMode
SetFilePointerEx
FlushFileBuffers
SetStdHandle
WriteConsoleW
DecodePointer
EncodePointer
SetConsoleTitleA
GetUserDefaultLangID
EnumTimeFormatsA
lstrcpyW
CreatePipe
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
GetSystemInfo
CloseHandle
LoadResource
WaitForMultipleObjects
GetLastError
GetCurrentProcess
GetProcessHeap
HeapFree
MultiByteToWideChar
GetFullPathNameA
FindResourceExW
GetModuleHandleW
GetModuleHandleA
CreateFileW
TerminateProcess
lstrlenW
HeapAlloc
HeapCreate
GlobalAlloc
GetProcAddress

user32

MoveWindow
DialogBoxParamA
TranslateMessage
UpdateLayeredWindow
GetMessagePos
PostQuitMessage
SetClipboardData
GetMessageA
ShowWindow
CreateWindowExA
GetDlgItem
RegisterClassExA
GetKeyboardLayout
EmptyClipboard
CharLowerBuffA
SendMessageA
CloseClipboard
DefWindowProcA
SetFocus
RegisterHotKey
SetMessageQueue
OpenClipboard
DispatchMessageA
GetFocus
keybd_event
EnableWindow
GetSystemMetrics
wsprintfA
EndDialog
CreatePopupMenu
AppendMenuA
GetCursorInfo
SetScrollInfo
LoadStringW
GetIconInfo
CopyIcon
DrawIconEx
CopyImage
CreateIcon
LoadIconA
LoadCursorA
CallNextHookEx
GetTopWindow
EnumWindows
GetParent
GetWindowLongA
PtInRect
WindowFromPoint
GetCursorPos
SetCursorPos
MessageBoxA
GetWindowRect
GetClientRect
SetWindowTextA
SetScrollRange
SetScrollPos
GetWindowRgn
SetWindowRgn
GetUpdateRect
EndPaint
BeginPaint
GetDC
TrackPopupMenu

gdi32

CreateCompatibleDC
CreateRectRgn
CreateSolidBrush
CreateCompatibleBitmap
CreateBitmap
SetBkMode
DeleteDC
GdiFlush
ExtTextOutA
CombineRgn
SelectObject
GetStockObject
GetPixel
Ellipse
DeleteObject

winspool.drv

SetPrinterDataExA
DeviceCapabilitiesA

comdlg32

GetSaveFileNameA

advapi32

RegCreateKeyA
GetTokenInformation
AllocateAndInitializeSid
FreeSid
RegSetValueExA
RegOpenKeyExA
RegCreateKeyExA
OpenProcessToken
RegCloseKey
CheckTokenMembership
LookupPrivilegeNameA

shell32

Shell_NotifyIconA
SHBrowseForFolderA

ole32

CoTaskMemAlloc

oleaut32

VariantInit
UnRegisterTypeLi
VariantChangeTypeEx
LoadTypeLibEx

ws2_32

WSCEnumProtocols

winscard

SCardEndTransaction

winmm

timeGetTime

shlwapi

StrCmpNIA
PathAppendA
StrFormatByteSizeA

comctl32

ImageList_Remove
ImageList_Draw
ord17
ImageList_Create

pdh

PdhCollectQueryData
PdhAddCounterA
PdhGetFormattedCounterValue
PdhOpenQueryA

rpcrt4

RpcServerUseProtseqEpA
RpcServerRegisterIfEx

gdiplus

GdipCreateBitmapFromFileICM
GdipCreateBitmapFromFile
GdipDisposeImage
GdipCreateFromHDC
GdipLoadImageFromFile
GdipFree
GdipAlloc
GdipCloneImage
GdipDrawImageI
GdipDeleteGraphics

opengl32

glLoadIdentity
glClear
glMatrixMode

imm32

ImmSetOpenStatus
ImmGetOpenStatus
ImmGetConversionStatus
ImmReleaseContext
ImmGetContext
ImmGetDescriptionA
ImmIsIME

setupapi

CM_Query_Resource_Conflict_List
CM_Query_Arbitrator_Free_Size
CM_Query_Remove_SubTree

uxtheme

OpenThemeData
GetThemeSysSize
CloseThemeData

powrprof

GetPwrCapabilities

Sections

.text
Size: 75KB - Virtual size: 74KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 903KB - Virtual size: 1.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Bit Paymer.exe
.exe windows:4 windows x86 arch:x86

016fe50c549606ee977466a0e8cfdffa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LoadLibraryA
GetProcAddress
GetComputerNameExW

msvcrt

fwrite

netapi32

NetUserSetGroups

rpcrt4

I_RpcServerRegisterForwardFunction
RpcBindingFree

user32

SetDlgItemInt
GetWindowTextW
wsprintfW
wsprintfA
GetClipboardViewer
DdeGetLastError

msacm32

acmFormatDetailsW

Sections

.text
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.code
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

W0KEjK
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

-R*
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1016B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 580B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
KeepCalm.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 117KB - Virtual size: 117KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.sdata
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 99KB - Virtual size: 98KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
LockedIn.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\Artist\Documents\Visual Studio 2017\Projects\Data Locker\Data Locker\obj\Debug\Data Locker.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 516KB - Virtual size: 516KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 132KB - Virtual size: 132KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Purge.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

c:\users\beary\onedrive\documents\visual studio 2017\Projects\PurgeRansomware\PurgeRansomware\obj\Debug\PurgeRansomware.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Scarab.exe
.exe windows:5 windows x86 arch:x86

ac42624e1c698c88c9c9c11516c26efc

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleHandleW
GetTickCount
GlobalAlloc
GetFileAttributesA
GetCompressedFileSizeA
CreateFileW
GetFileSizeEx
GetLastError
GetProcAddress
CloseHandle
CreateFileA
GetStartupInfoW
RaiseException
RtlUnwind
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
EnterCriticalSection
LeaveCriticalSection
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
HeapAlloc
HeapFree
Sleep
ExitProcess
WriteFile
GetModuleFileNameA
GetModuleFileNameW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
HeapCreate
VirtualFree
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
SetFilePointer
WideCharToMultiByte
GetConsoleCP
GetConsoleMode
InitializeCriticalSectionAndSpinCount
VirtualAlloc
HeapReAlloc
GetModuleHandleA
HeapSize
LoadLibraryA
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
FlushFileBuffers
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
MultiByteToWideChar
GetLocaleInfoA
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW

user32

DlgDirSelectExW
PeekMessageA
EndPaint

Sections

.text
Size: 55KB - Virtual size: 55KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 262KB - Virtual size: 262KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
a631ad1b1a59001a5f594880c6ae3337bda98f8ce3bb46cd7a9de0b35cd2bc4b.exe
.exe windows:5 windows x86 arch:x86

c516e8516238a871ed55c8931b909393

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
DeleteCriticalSection
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetModuleFileNameA
GetModuleFileNameW
GetStdHandle
WriteFile
ExitProcess
CloseHandle
RtlUnwind
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
IsProcessorFeaturePresent
HeapFree
GetSystemTimeAsFileTime
SetFilePointer
GetConsoleCP
GetConsoleMode
Sleep
LCMapStringW
GetStringTypeW
CreateFileA
SetStdHandle
FlushFileBuffers
HeapSize
LoadLibraryW
WriteConsoleW
HeapReAlloc
SetEndOfFile
GetProcessHeap
ReadFile
lstrcpyA
CreateThread
lstrcpyW
GetVersionExA
GetModuleHandleA
GetProfileStringA
LoadLibraryA
GetLocalTime
GlobalFree
EnterCriticalSection
GetProcAddress
SetLastError
GetLastError
GlobalUnlock
lstrlenW
lstrcatA
MulDiv
HeapCreate
WideCharToMultiByte
CreateFileW
GetCurrentThreadId
GetModuleHandleW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
IsValidCodePage
GetOEMCP
GetACP
InterlockedDecrement
InterlockedIncrement
GetCPInfo
EncodePointer
DecodePointer
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GlobalAlloc
InitializeCriticalSection
WaitForSingleObject
RaiseException
GetStartupInfoW
HeapSetInformation
GetCommandLineA
GlobalLock
HeapAlloc
GetComputerNameA
MultiByteToWideChar

user32

GetClientRect
GetClassLongA
CopyRect
ValidateRect
EnumDisplayDevicesA
LoadCursorA
FindWindowA
UpdateWindow
GetSystemMetrics
SystemParametersInfoA
DispatchMessageA
AppendMenuA
FrameRect
GetSysColorBrush
ShowWindow
LoadAcceleratorsA
GetDesktopWindow
DefWindowProcA
GetDlgItem
SetClassLongA
TranslateAcceleratorA
EnableMenuItem
ReleaseDC
EndPaint
SetCursor
GetMessageA
CreateWindowExA
LoadStringA
GetFocus
LoadBitmapA
LoadMenuA
LoadIconA
IsWindowEnabled
FindWindowExA
GetWindowRect
CreateMenu
SendMessageA
BeginPaint
GetDC
TranslateMessage
ShowCursor
GetMenu
GetWindowPlacement
SetWindowLongA
GetWindowLongA

gdi32

ExtTextOutA
GetStockObject
GetPixel
CreateEllipticRgn
ExtCreatePen
MoveToEx
BitBlt
PatBlt
SetViewportOrgEx
LineTo
SetTextColor
DeleteDC
CreateFontIndirectA
SetBkColor
CreateDCA
CreateBitmap
DeleteObject
SelectObject
SelectClipRgn
CreateCompatibleDC
CombineRgn
CreateCompatibleBitmap
CreateRectRgn
CreatePen
GetTextMetricsA
SetROP2
SetTextAlign
EnumFontsA

comdlg32

GetSaveFileNameA
GetOpenFileNameA
ChooseFontA
CommDlgExtendedError

advapi32

StartServiceW
StartServiceCtrlDispatcherA
RegisterServiceCtrlHandlerA
CreateServiceA
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
OpenSCManagerA
StartTraceA
SetServiceStatus
LsaClose
CloseServiceHandle

shell32

SHQueryRecycleBinA
SHGetFileInfoA
DragAcceptFiles
SHEmptyRecycleBinA

ole32

CreateStreamOnHGlobal
StgCreateDocfile
CoInitialize
CoMarshalInterface
CoUnmarshalInterface
CreateBindCtx
CoCreateInstance
GetHGlobalFromStream

oleaut32

OleCreatePictureIndirect

netapi32

NetUserEnum
NetApiBufferFree
NetUserAdd
NetLocalGroupAddMember

comctl32

CreatePropertySheetPageW
ord17

pdh

PdhBrowseCountersA
PdhMakeCounterPathA
PdhOpenQueryA

imm32

ImmGetDefaultIMEWnd
ImmGetContext

setupapi

SetupDiGetClassDevsA
SetupDiEnumDeviceInfo
SetupDiDestroyDeviceInfoList

uxtheme

DrawThemeParentBackground
IsThemeBackgroundPartiallyTransparent

usp10

ScriptGetGlyphABCWidth
ScriptFreeCache

snmpapi

SnmpUtilMemFree
SnmpUtilMemAlloc

mscms

OpenColorProfileA

Sections

.text
Size: 101KB - Virtual size: 100KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 122KB - Virtual size: 122KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
a9053a3a52113698143a2b9801509c68d0d8b4b8208da453f0974547df0931bc.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 587KB - Virtual size: 586KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 115KB - Virtual size: 115KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
b764629e1f43851daf984c9372422b65ddceae28f83d6211873f4c8f8672c41c.exe
.exe windows:4 windows x86 arch:x86

9ecee117164e0b870a53dd187cdd7174

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

WaitForSingleObject
InterlockedIncrement
GetCurrentThreadId
GetCurrentThread
ReadFile
GetFileSize
CreateFileA
MoveFileExA
SizeofResource
TerminateThread
LoadResource
FindResourceA
GetProcAddress
GetModuleHandleW
ExitProcess
GetModuleFileNameA
LocalFree
LocalAlloc
CloseHandle
InterlockedDecrement
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
GlobalAlloc
GlobalFree
QueryPerformanceFrequency
QueryPerformanceCounter
GetTickCount
LockResource
Sleep
GetStartupInfoA
GetModuleHandleA

advapi32

StartServiceCtrlDispatcherA
RegisterServiceCtrlHandlerA
ChangeServiceConfig2A
SetServiceStatus
OpenSCManagerA
CreateServiceA
CloseServiceHandle
StartServiceA
CryptGenRandom
CryptAcquireContextA
OpenServiceA

ws2_32

closesocket
recv
send
htonl
ntohl
WSAStartup
inet_ntoa
ioctlsocket
select
htons
socket
connect
inet_addr

msvcp60

??1_Lockit@std@@QAE@XZ
??0_Lockit@std@@QAE@XZ

iphlpapi

GetAdaptersInfo
GetPerAdapterInfo

wininet

InternetOpenA
InternetOpenUrlA
InternetCloseHandle

msvcrt

__set_app_type
_stricmp
__p__fmode
__p__commode
_except_handler3
__setusermatherr
_initterm
__getmainargs
_acmdln
_adjust_fdiv
_controlfp
exit
_XcptFilter
_exit
_onexit
__dllonexit
free
??2@YAPAXI@Z
_ftol
sprintf
_endthreadex
strncpy
rand
_beginthreadex
__CxxFrameHandler
srand
time
__p___argc

Sections

.text
Size: 36KB - Virtual size: 34KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 156KB - Virtual size: 3.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3.4MB - Virtual size: 3.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
cf89f70633865aa06123062a7dc51f8158905afb4b00f6f3597de3edfba97c5c.exe
.exe windows:4 windows x86 arch:x86

4a903567b2a1e8685c977b5dfd30037d

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleHandleA
GetProcAddress
GetLocalTime
GetLastError
HeapFree
RtlUnwind
RaiseException
ExitProcess
GetSystemTimeAsFileTime
GetStartupInfoA
GetCommandLineA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
HeapAlloc
VirtualAlloc
HeapReAlloc
IsBadWritePtr
SetUnhandledExceptionFilter
WriteFile
FlushFileBuffers
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetModuleFileNameA
TerminateProcess
GetCurrentProcess
SetFilePointer
CloseHandle
GetCPInfo
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
IsValidCodePage
GetStringTypeA
MultiByteToWideChar
GetStringTypeW
WideCharToMultiByte
GetTimeZoneInformation
GetStdHandle
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
IsBadReadPtr
IsBadCodePtr
SetStdHandle
ReadFile
LoadLibraryA
InterlockedExchange
VirtualQuery
VirtualProtect
GetSystemInfo
CreateFileW
GetACP
GetOEMCP
HeapSize
GetLocaleInfoW
SetEndOfFile
LCMapStringA
LCMapStringW
CompareStringA
CompareStringW
SetEnvironmentVariableA
CreateFileA

Sections

.text
Size: 92KB - Virtual size: 90KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 784B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
e951e82867a4f3af5a34b714571e9acf99cca794c4ed1895c9025a642d5d4350.exe
.exe windows:5 windows x86 arch:x86

62af716748ca42001336a27fa2f4b371

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

oleaut32

SysFreeString
SysReAllocStringLen
SysAllocStringLen
SafeArrayPtrOfIndex
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayCreate
VariantChangeType
VariantCopy
VariantClear
VariantInit
GetErrorInfo
SysFreeString

advapi32

RegQueryValueExW
RegOpenKeyExW
RegCloseKey
RegUnLoadKeyW
RegSetValueExW
RegSaveKeyW
RegRestoreKeyW
RegReplaceKeyW
RegQueryValueExA
RegQueryValueExW
RegQueryInfoKeyW
RegOpenKeyExA
RegOpenKeyExW
RegLoadKeyW
RegFlushKey
RegEnumValueW
RegEnumKeyExW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
RegConnectRegistryW
RegCloseKey
GetUserNameW

user32

MessageBoxA
CharNextW
LoadStringW
CreateWindowExW
UnregisterClassW
TranslateMessage
ReleaseDC
RegisterClassExW
PostMessageW
PeekMessageW
MsgWaitForMultipleObjects
MessageBoxW
LoadStringW
GetWindowThreadProcessId
GetWindowTextLengthW
GetWindowTextW
GetSystemMetrics
GetKeyboardLayout
GetForegroundWindow
GetDesktopWindow
GetDC
GetClientRect
EnumWindows
DispatchMessageW
DefWindowProcW
CharUpperBuffW
CharUpperW
CharLowerBuffW
CallNextHookEx
CharLowerBuffA
CharUpperBuffA
ActivateKeyboardLayout

kernel32

Sleep
VirtualFree
VirtualAlloc
lstrlenW
VirtualQuery
QueryPerformanceCounter
GetTickCount
GetSystemInfo
GetVersion
CompareStringW
IsValidLocale
SetThreadLocale
GetSystemDefaultUILanguage
GetUserDefaultUILanguage
GetLocaleInfoW
WideCharToMultiByte
MultiByteToWideChar
GetConsoleOutputCP
GetConsoleCP
GetACP
LoadLibraryExW
GetStartupInfoW
GetProcAddress
GetModuleHandleW
GetModuleFileNameW
GetCommandLineW
FreeLibrary
GetLastError
UnhandledExceptionFilter
RtlUnwind
RaiseException
ExitProcess
ExitThread
SwitchToThread
GetCurrentThreadId
CreateThread
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
FindFirstFileW
FindClose
WriteFile
SetFilePointer
SetEndOfFile
ReadFile
GetFileType
GetFileSize
CreateFileW
GetStdHandle
CloseHandle
GetProcAddress
RaiseException
LoadLibraryA
GetLastError
TlsSetValue
TlsGetValue
LocalFree
LocalAlloc
GetModuleHandleW
FreeLibrary
WriteFile
WideCharToMultiByte
WaitForSingleObject
VirtualQueryEx
VirtualQuery
VirtualProtect
VirtualFree
VirtualAlloc
VerSetConditionMask
VerifyVersionInfoW
TryEnterCriticalSection
TerminateProcess
SwitchToThread
SuspendThread
Sleep
SizeofResource
SetThreadPriority
SetLastError
SetFilePointer
SetEvent
SetErrorMode
SetEndOfFile
ResumeThread
ResetEvent
RemoveDirectoryW
ReadFile
RaiseException
IsDebuggerPresent
OpenProcess
MoveFileW
LockResource
LocalFree
LoadResource
LoadLibraryA
LoadLibraryW
LeaveCriticalSection
IsValidLocale
IsBadReadPtr
InitializeCriticalSection
HeapSize
HeapFree
HeapDestroy
HeapCreate
HeapAlloc
GlobalUnlock
GlobalLock
GlobalFree
GlobalAlloc
GetWindowsDirectoryW
GetVolumeInformationW
GetVersionExW
GetTimeZoneInformation
GetTickCount
GetThreadPriority
GetThreadLocale
GetTempPathW
GetSystemInfo
GetSystemTimes
GetStringTypeExA
GetStringTypeExW
GetStdHandle
GetShortPathNameW
GetProcessHeap
GetProcAddress
GetPrivateProfileStringW
GetModuleHandleW
GetModuleFileNameW
GetLogicalDrives
GetLogicalDriveStringsW
GetLocaleInfoW
GetLocalTime
GetLastError
GetFullPathNameW
GetFileSize
GetFileAttributesW
GetExitCodeThread
GetEnvironmentVariableW
GetDriveTypeW
GetDiskFreeSpaceW
GetDateFormatW
GetCurrentThreadId
GetCurrentThread
GetCurrentProcessId
GetCurrentProcess
GetComputerNameW
GetCPInfoExW
GetCPInfo
GetACP
FreeResource
FreeLibrary
FormatMessageW
FindResourceW
FindNextFileW
FindFirstFileW
FindClose
ExitProcess
EnumSystemLocalesW
EnumCalendarInfoW
EnterCriticalSection
DeviceIoControl
DeleteFileW
DeleteCriticalSection
CreateMutexW
CreateFileW
CreateEventW
CopyFileW
CompareStringA
CompareStringW
CloseHandle
Sleep
GetVersionExW

gdi32

SelectObject
GetObjectA
GetObjectW
GetDeviceCaps
GetDIBits
DeleteObject
DeleteDC
CreateCompatibleDC
CreateCompatibleBitmap
BitBlt

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

shfolder

SHGetFolderPathW

ole32

CoTaskMemFree
CoUninitialize
CoInitialize

shell32

ShellExecuteW
FindExecutableW
SHGetSpecialFolderLocation
SHGetPathFromIDListW

crypt32

CryptUnprotectData
CryptUnprotectData

Exports

Exports

SLClose
SLConsumeRight
SLConsumeWindowsRight
SLDepositOfflineConfirmationId
SLFireEvent
SLGenerateOfflineInstallationId
SLGetApplicationInformation
SLGetGenuineInformation
SLGetInstalledProductKeyIds
SLGetInstalledSAMLicenseApplications
SLGetLicense
SLGetLicenseFileId
SLGetLicenseInformation
SLGetLicensingStatusInformation
SLGetPKeyId
SLGetPKeyInformation
SLGetPolicyInformation
SLGetPolicyInformationDWORD
SLGetProductSkuInformation
SLGetSAMLicense
SLGetSLIDList
SLGetServiceInformation
SLGetWindowsInformation
SLGetWindowsInformationDWORD
SLInstallLicense
SLInstallProofOfPurchase
SLInstallSAMLicense
SLIsWindowsGenuineLocal
SLOpen
SLReArmWindows
SLRegisterEvent
SLSetCurrentProductKey
SLSetGenuineInformation
SLUninstallLicense
SLUninstallProofOfPurchase
SLUninstallSAMLicense
SLUnregisterEvent
SLUnregisterWindowsEvent
SLpCheckProductKey
SLpGetGenuineLocal
SLpUpdateComponentTokens
TMethodImplementationIntercept

Sections

.text
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 539KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.didata
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: - Virtual size: 28B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 176KB - Virtual size: 176KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 226KB - Virtual size: 226KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
fa0c321e1aad571daaa3bf642ced8ab10931a05957ce9f17da49317816ca50c7_WthaiV9ed2.exe
.exe windows:5 windows x86 arch:x86

5ba4e678a6340059fb43bdbcf8fb8c57

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetSystemTimes
GlobalAlloc
LoadLibraryW
GetProcAddress
AddAtomA
FindAtomW
GetCommandLineA
GetStartupInfoA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
EnterCriticalSection
LeaveCriticalSection
SetHandleCount
GetStdHandle
GetFileType
DeleteCriticalSection
GetModuleHandleW
Sleep
ExitProcess
WriteFile
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetLastError
GetEnvironmentStringsW
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
HeapCreate
VirtualFree
HeapFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
SetFilePointer
GetConsoleCP
GetConsoleMode
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
InitializeCriticalSectionAndSpinCount
RtlUnwind
LoadLibraryA
HeapAlloc
VirtualAlloc
HeapReAlloc
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
FlushFileBuffers
HeapSize
CreateFileA
CloseHandle

user32

GetMessageTime
CloseClipboard

Sections

.text
Size: 35KB - Virtual size: 35KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 72KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
fc184274ad3908021e4c8ef28f35dc77447ed6457375d2a4e7b411955e042527.exe
.exe windows:5 windows x86 arch:x86

0007f1b6ac8d35411ce207643bd2505c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateFileA
lstrcpynW
WriteProfileStringW
WritePrivateProfileSectionW
WriteFile
WriteConsoleW
WaitForSingleObject
WaitForMultipleObjectsEx
WaitForMultipleObjects
UnhandledExceptionFilter
TerminateProcess
SystemTimeToFileTime
Sleep
SetVolumeLabelA
SetUnhandledExceptionFilter
SetThreadUILanguage
SetThreadContext
SetProcessShutdownParameters
SetMailslotInfo
SetLastError
SetHandleInformation
SetFileApisToOEM
SetEvent
ResetEvent
ReleaseSemaphore
ReleaseMutex
ReleaseActCtx
ReadFile
ReadConsoleInputA
RaiseException
QueryPerformanceFrequency
QueryPerformanceCounter
OutputDebugStringW
MultiByteToWideChar
LockFile
LocalFree
LocalAlloc
LoadLibraryW
LoadLibraryA
LeaveCriticalSection
IsDebuggerPresent
InterlockedExchange
InterlockedCompareExchange
InitializeCriticalSection
HeapSetInformation
HeapAlloc
Heap32ListFirst
Heap32First
GlobalFlags
GetTickCount
GetTempFileNameW
GetSystemTimeAsFileTime
GetSystemPowerStatus
GetStartupInfoW
GetProcessHeap
GetProcAddress
GetNamedPipeHandleStateA
GetModuleHandleW
GetModuleHandleA
GetModuleFileNameW
GetLocalTime
GetLastError
GetFileSizeEx
GetFileInformationByHandle
ActivateActCtx
GetFileAttributesW
GetCurrentThreadId
GetCurrentProcessId
GetCurrentProcess
GetCurrentDirectoryA
GetComputerNameW
GetCommandLineW
GetACP
FreeLibrary
FormatMessageA
FlushFileBuffers
ExitProcess
EnumResourceLanguagesW
EnterCriticalSection
EncodePointer
DeleteFileW
DeleteCriticalSection
DecodePointer
DeactivateActCtx
CreateThread
CreateSemaphoreW
CreateFileW
CreateEventW
CreateDirectoryW
CreateConsoleScreenBuffer
CreateActCtxW
CloseHandle
HeapFree

user32

GetKeyboardType
GetClipboardViewer
GetKeyState
CopyIcon
GetMessagePos
InSendMessage
AnyPopup
IsGUIThread
CloseDesktop
GetSystemMetrics
GetCaretBlinkTime
GetDialogBaseUnits
GetOpenClipboardWindow
GetDesktopWindow
LoadCursorFromFileA
CountClipboardFormats
OpenIcon
IsMenu
LoadCursorFromFileW
IsWindowUnicode
GetQueueStatus
CharLowerA
GetClipboardSequenceNumber
GetShellWindow
CharNextW
GetWindowTextLengthA
IsIconic
VkKeyScanA
CloseClipboard
GetClipboardOwner
GetProcessWindowStation
PaintDesktop
GetDoubleClickTime
CreatePopupMenu
GetSysColor
IsWindow
IsClipboardFormatAvailable
IsCharUpperW
DestroyIcon
GetAsyncKeyState
GetWindowTextLengthW
IsCharAlphaA
IsCharAlphaNumericA
DestroyWindow
CharUpperA
GetMenuContextHelpId
wsprintfW
TranslateMessage
TranslateAcceleratorW
SetWindowContextHelpId
SetDoubleClickTime
RegisterClassW
PostQuitMessage
PeekMessageW
MsgWaitForMultipleObjects
MapVirtualKeyExA
LoadStringW
LoadCursorW
GetUserObjectInformationW
GetThreadDesktop
GetScrollInfo
GetMessageTime
GetMessageA
GetKeyboardLayoutNameW
GetDlgCtrlID
GetClassLongW
GetAltTabInfoW
EndDialog
DrawIconEx
DispatchMessageW
IsCharLowerW
GetInputState
DestroyCursor
LoadIconA
CharNextA
EndMenu
GetFocus
ShowCaret
DestroyMenu
GetDC
GetActiveWindow
IsCharLowerA
CreateMenu
IsWindowEnabled
OemKeyScan
CloseWindow
VkKeyScanW
IsCharAlphaW
GetWindowContextHelpId
CharLowerW
GetWindowDC
GetKeyboardLayout
CharUpperW
CreateWindowExW
DefWindowProcW
LoadIconW

gdi32

GdiEntry14
GdiFullscreenControl
GdiGetSpoolMessage
GetCharWidthI
GetCurrentPositionEx
GetDCOrgEx
GetEnhMetaFileDescriptionA
GetFontAssocStatus
GetMetaFileA
GetMetaFileBitsEx
GetRgnBox
GetStockObject
GetTextMetricsW
PathToRegion
PolyPolyline
PolyTextOutW
SelectPalette
SetDCPenColor
SetTextColor
XFORMOBJ_bApplyXform
bMakePathNameW
GetEnhMetaFileA
AbortDoc
GetLayout
GetPixelFormat
CloseFigure
DeleteDC
AddFontResourceA
GetGraphicsMode
DeleteObject
GetObjectType
GdiConvertRegion
WidenPath
BeginPath
SwapBuffers
GetPolyFillMode
GetBkMode
GetColorSpace
GetFontLanguageInfo
SaveDC
CreatePatternBrush
GdiGetBatchLimit
SetMetaRgn
DeleteColorSpace
UnrealizeObject
AbortPath
CreateCompatibleDC
CancelDC
StrokePath
RealizePalette
GetSystemPaletteUse
EndPath
FlattenPath
GetTextAlign
CreateMetaFileW
GetBkColor
UpdateColors
GetDCPenColor
GdiFlush
GetTextCharset
CreateMetaFileA
EngTextOut
EngCreateBitmap
EngCopyBits
EngAssociateSurface
EndFormPage
EndDoc
DescribePixelFormat
DeleteEnhMetaFile
CreateSolidBrush
CreateScalableFontResourceA
AddFontResourceW
CLIPOBJ_ppoGetPath
CloseEnhMetaFile
CopyEnhMetaFileA
CopyMetaFileW
CreateDCA
CreateEllipticRgnIndirect
CreateICA
CreateRoundRectRgn
FillPath

advapi32

TraceEvent
UnregisterTraceGuids
RegOpenKeyW
SetEntriesInAclW
RegisterTraceGuidsW
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyW
RegCreateKeyExW
RegCloseKey
GetTraceLoggerHandle
GetTraceEnableLevel
GetTraceEnableFlags
GetNamedSecurityInfoW
AllocateAndInitializeSid
SetNamedSecurityInfoW

shell32

DragFinish
DragQueryFileW
ExtractAssociatedIconW
ExtractIconExA
ExtractIconExW
ExtractIconW
SHBrowseForFolderW
SHChangeNotify
SHEmptyRecycleBinW
SHFileOperationA
SHFileOperationW
SHGetDesktopFolder
SHGetFileInfoA
SHGetFileInfoW
SHGetMalloc
SHGetPathFromIDListA
SHGetPathFromIDListW
SHGetSpecialFolderLocation
ShellExecuteExW
ShellExecuteW
Shell_NotifyIconW
DragAcceptFiles

msvcrt

__p__commode
__p__fmode
__set_app_type
__setusermatherr
__wgetmainargs
_adjust_fdiv
_controlfp
_except_handler3
_exit
_ftol
_initterm
_onexit
_wcmdln
exit
wcscat
wcscpy
wcslen
wcsncmp
__CxxFrameHandler
_XcptFilter
_EH_prolog
__dllonexit

imm32

ImmGetContext
ImmGetOpenStatus
ImmReleaseContext

Sections

.text
Size: 251KB - Virtual size: 251KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

79b3362178937bf9559741c46bb9e035

Headers

File Characteristics

Imports

kernel32

Sections

. Size: 1.3MB - Virtual size: 2.1MB

. Size: 3KB - Virtual size: 2KB

. Size: 4KB - Virtual size: 4KB

59d096c737d7e50445f5ef26a4c4324c

Headers

File Characteristics

Imports

kernel32

user32

Sections

.text Size: 676KB - Virtual size: 676KB

.rdata Size: 10KB - Virtual size: 8KB

.data Size: 1.3MB - Virtual size: 1.3MB

.rsrc Size: 4KB - Virtual size: 4KB

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 594KB - Virtual size: 593KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 12B

44f25d61c956e0f747f8bf2a72d8b614

Headers

File Characteristics

Imports

ole32

oleaut32

user32

shlwapi

gdi32

advapi32

winspool.drv

kernel32

shell32

Sections

.text Size: 73KB - Virtual size: 76KB

.data Size: 232KB - Virtual size: 232KB

.rdata Size: 133KB - Virtual size: 132KB

.bss Size: - Virtual size: 16KB

.idata Size: 11KB - Virtual size: 10KB

.CRT Size: 1024B - Virtual size: 768B

.tls Size: 512B - Virtual size: 32B

.rsrc Size: 20KB - Virtual size: 20KB

Headers

File Characteristics

Sections

CODE Size: 154KB - Virtual size: 368KB

DATA Size: 2KB - Virtual size: 8KB

BSS Size: - Virtual size: 4KB

.idata Size: 3KB - Virtual size: 12KB

.tls Size: - Virtual size: 4KB

.rdata Size: 512B - Virtual size: 4KB

.reloc Size: - Virtual size: 28KB

.rsrc Size: 8KB - Virtual size: 32KB

.aspack Size: 12KB - Virtual size: 12KB

.adata Size: - Virtual size: 4KB

dbc1055db78e0eb7de5de4fbdef168b4

Headers

File Characteristics

Imports

kernel32

user32

Sections

. Size: 676KB - Virtual size: 676KB

. Size: 10KB - Virtual size: 8KB

. Size: 1.3MB - Virtual size: 1.3MB

.
Size: 1.3MB - Virtual size: 2.1MB

.
Size: 3KB - Virtual size: 2KB

.
Size: 4KB - Virtual size: 4KB

.text
Size: 676KB - Virtual size: 676KB

.rdata
Size: 10KB - Virtual size: 8KB

.data
Size: 1.3MB - Virtual size: 1.3MB

.rsrc
Size: 4KB - Virtual size: 4KB

.text
Size: 594KB - Virtual size: 593KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 73KB - Virtual size: 76KB

.data
Size: 232KB - Virtual size: 232KB

.rdata
Size: 133KB - Virtual size: 132KB

.bss
Size: - Virtual size: 16KB

.idata
Size: 11KB - Virtual size: 10KB

.CRT
Size: 1024B - Virtual size: 768B

.tls
Size: 512B - Virtual size: 32B

.rsrc
Size: 20KB - Virtual size: 20KB

CODE
Size: 154KB - Virtual size: 368KB

DATA
Size: 2KB - Virtual size: 8KB

BSS
Size: - Virtual size: 4KB

.idata
Size: 3KB - Virtual size: 12KB

.tls
Size: - Virtual size: 4KB

.rdata
Size: 512B - Virtual size: 4KB

.reloc
Size: - Virtual size: 28KB

.rsrc
Size: 8KB - Virtual size: 32KB

.aspack
Size: 12KB - Virtual size: 12KB

.adata
Size: - Virtual size: 4KB

.
Size: 676KB - Virtual size: 676KB

.
Size: 10KB - Virtual size: 8KB

.
Size: 1.3MB - Virtual size: 1.3MB

.
Size: 4KB - Virtual size: 4KB

.text
Size: 154KB - Virtual size: 154KB

.rdata
Size: 65KB - Virtual size: 65KB

.data
Size: 4KB - Virtual size: 20.0MB

.tls
Size: 512B - Virtual size: 9B

.reloc
Size: 10KB - Virtual size: 9KB

.text
Size: 592KB - Virtual size: 591KB

.rsrc
Size: 115KB - Virtual size: 115KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 19KB - Virtual size: 19KB

.data
Size: 13KB - Virtual size: 13KB

.rsrc
Size: 265KB - Virtual size: 265KB

.text
Size: 1024B - Virtual size: 904B

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: - Virtual size: 4B

.rsrc
Size: 512B - Virtual size: 436B

.reloc
Size: 512B - Virtual size: 166B