sodinokibi | dsggggggggggg[.]rar

Sharing

Copy URL

Twitter E-mail

General

Target

dsggggggggggg.rar
Size

8.9MB
MD5

dbec78bdbaba117fd6b57a0ce38693ed
SHA1

1349841ca7396fcb7ec485d73472eb0c99c754c7
SHA256

92e5a2fb9c2403bcdfffc5d91c7cc959da76e0ddd843b2d43a8a3a858f9c90a6
SHA512

e1b3cccf152e030dbd678b4be1dc3f540d4cedf84bbdc6af9a1cae59c46689179bbf45ba2ff49652d14373c94228d132a557b1abb0bf04b434305ac196c407e0
SSDEEP

196608:T30YHEGK6uym+Nky87wjLVjYQ6JaGJIMwF9ksMQkhXap1GVnJ2/aHkOt2b:FJ/ky7PVJAVwF9khXm1GVnJaOt8

Score

10^/10

upx aspackv2 33 429 sodinokibi

Malware Config

Extracted

Family

sodinokibi

Botnet

Campaign

429

Decoy

rvside.com

tzn.nu

parentsandkids.com

ayudaespiritualtamara.com

universelle.fr

mamajenedesigns.com

buerocenter-butzbach-werbemittel.de

janellrardon.com

katherinealy.com

hm-com.com

the-beauty-guides.com

queertube.net

mneti.ru

bohrlochversicherung.info

rino-gmbh.com

karelinjames.com

janasfokus.com

skolaprome.eu

verbouwingsdouche.nl

dogsunlimitedguide.com

Attributes

net
true
pid
33
prc
dbsnmp.exe
mspub.exe
encsvc.exe
sqbcoreservice.exe
infopath.exe
firefoxconfig.exe
sqlwriter.exe
isqlplussvc.exe
ocautoupds.exe
winword.exe
steam.exe
mydesktopservice.exe
msftesql.exe
ocomm.exe
synctime.exe
mysqld_nt.exe
sqlbrowser.exe
tbirdconfig.exe
powerpnt.exe
wordpad.exe
outlook.exe
thebat.exe
sqlservr.exe
ocssd.exe
thebat64.exe
msaccess.exe
visio.exe
sqlagent.exe
excel.exe
dbeng50.exe
agntsvc.exe
mydesktopqos.exe
thunderbird.exe
mysqld.exe
oracle.exe
mysqld_opt.exe
xfssvccon.exe
onenote.exe
ransom_oneliner
All of your files are encrypted! Find {EXT}-readme.txt and follow instuctions
ransom_template
---=== Welcome. Again. ===--- [+] Whats Happen? [+] Your files are encrypted, and currently unavailable. You can check it: all files on you computer has expansion {EXT}. By the way, everything is possible to recover (restore), but you need to follow our instructions. Otherwise, you cant return your data (NEVER). [+] What guarantees? [+] Its just a business. We absolutely do not care about you and your deals, except getting benefits. If we do not do our work and liabilities - nobody will not cooperate with us. Its not in our interests. To check the ability of returning files, You should go to our website. There you can decrypt one file for free. That is our guarantee. If you will not cooperate with our service - for us, its does not matter. But you will lose your time and data, cause just we have the private key. In practise - time is much more valuable than money. [+] How to get access on website? [+] You have two ways: 1) [Recommended] Using a TOR browser! a) Download and install TOR browser from this site: https://torproject.org/ b) Open our website: http://aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd.onion/{UID} 2) If TOR blocked in your country, try to use VPN! But you can use our secondary website. For this: a) Open your any browser (Chrome, Firefox, Opera, IE, Edge) b) Open our secondary website: http://decryptor.top/{UID} Warning: secondary website can be blocked, thats why first variant much better and more available. When you open our website, put the following data in the input form: Key: {KEY} Extension name: {EXT} ----------------------------------------------------------------------------------------- !!! DANGER !!! DONT try to change files by yourself, DONT use any third party software for restoring your data or antivirus solutions - its may entail damge of the private key and, as result, The Loss all data. !!! !!! !!! ONE MORE TIME: Its in your interests to get your files back. From our side, we (the best specialists) make everything for restoring, but please should not interfere. !!! !!! !!!
sub
429

Signatures

Sodinokibi family
sodinokibi

Sodinokibi/Revil sample 1 IoCs

Processes:

resource	yara_rule
static1/unpack001/5c959580adf1fbdfea872ece4d29ee6a8319a88273a9923988ef8be4197833bd.exe	family_sodinokobi

ASPack v2.12-2.42 1 IoCs

Detects executables packed with ASPack v2.12-2.42

aspackv2

Processes:

resource	yara_rule
static1/unpack001/24ebe7609d56c62fca780bf5ef346aa91c0412418f1f85d591005b4509bcbca9.exe	aspack_v212_v242

UPX packed file 5 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
static1/unpack001/0abe62de95ad966482f445504eb8a385afb8e4b4ba5a36ea34fce13b3da3dad2.exe	upx
static1/unpack001/13ad5c6c04c32e246dba78cf2e3737470af66b0b73553ab8f025ade626b8a120.exe	upx
static1/unpack001/181d5a2aa39493c50bc73723047157d843ecbc22d7cb56766eb737f529910854.exe	upx
static1/unpack001/54edb6518a4ba6561d14cfc2875b281f3a9a87aca7d839c5bc814ef5e6a0229a.exe	upx
static1/unpack001/8d11fa106742bd9038bf92ed3b3912b51f9b768ebd85b380081f61940fd92754.exe	upx

Unsigned PE 35 IoCs

Checks for missing Authenticode signature.

Processes:

resource
unpack001/02db3ec76453f4a8ed495b9befac3ce2d51ef58c22d167e25a20bd050f5094ce.exe
unpack001/09f27e01898779236a9f31185667b9f4a97dd1f30c972386fd995502acfb992e.exe
unpack001/0abe62de95ad966482f445504eb8a385afb8e4b4ba5a36ea34fce13b3da3dad2.exe
unpack002/out.upx
unpack001/13ad5c6c04c32e246dba78cf2e3737470af66b0b73553ab8f025ade626b8a120.exe
unpack003/out.upx
unpack001/181d5a2aa39493c50bc73723047157d843ecbc22d7cb56766eb737f529910854.exe
unpack001/19bdaadf42c44a28941ff6ecea6925de28caf172acb131085d93c7e56ac5fded.exe
unpack001/1f1cc1747387db85919ee8af854dd1afe5239b34a1cdc98c5cea347de804205e.exe
unpack001/1f4e927f6e5ff4ae660f4d99194a9a7c05d5d829c6c3dbe1ee52a00fc740d6a4.exe
unpack001/222d06b23600bbd1fd66b6649618e5f3a7f4d81fcb8dfd961680d949aea31a66.exe
unpack001/23b5ce252f1cb3ff40a3bcb3ea53dd674175c3ad782b00e33ae45c8c87fa265b.exe
unpack001/24ebe7609d56c62fca780bf5ef346aa91c0412418f1f85d591005b4509bcbca9.exe
unpack001/25fcedbb8b0ae97c1e9b7b56e0ce3511976661bbdcf075dfed18b36a58ab5d78.exe
unpack001/26f2bf1fc3ee321d48dce649fae9951220f0f640c69d5433850b469115c144fe.exe
unpack001/32a22a65aa2666a6a34f0be77cb6bd3f275bcd1e1c54ad49e187984d76f49e2f.exe
unpack001/35fdad147c2ab2c36dd7fd1ad1ae26b80be6c501bb22120b741be3ab34be168f.exe
unpack001/36bfd9f40ce0043c878b28ca80dda5315cf681215baf4e1d539456d89b907807.exe
unpack001/39a6618795b858d4f9a976c203bb9bee199db3555b9583b308954ccc09cffc45.exe
unpack001/3c8ac670d8c920170dd431a5a08cbefd62a98e369eb552acbc04a0eeb2f2a198.exe
unpack001/401beec1e5e07bfe7d0ebf18d9219f4f0a504284b6f9aab664e8af6e8bef31c3.exe
unpack001/46c17836fd2d65343ca0d1adae5fa3209a1f2a128736c81f5d7d40fe7ee608b2.exe
unpack001/54edb6518a4ba6561d14cfc2875b281f3a9a87aca7d839c5bc814ef5e6a0229a.exe
unpack001/56ec95785f91418751ad5788f9076af108ae19e03d2e0c0551ae8f8d8f5acba4.exe
unpack001/5c959580adf1fbdfea872ece4d29ee6a8319a88273a9923988ef8be4197833bd.exe
unpack001/675e7e38d969e9c0af164337a180b2941d4a676b7e0c345da1de1b2d42ed31a8.exe
unpack001/6b4f6a820d415a88ee156607b13450cbe0bedad4eb05961c55f5926f86262296.exe
unpack001/721ccbb780b308c6c40817749b6764ad06cd2e56389bba1618a0dadc362d6429.exe
unpack001/75a9ade19696be512a894b659c4bebd174a868f404da5479f4fd96494e04c71d.exe
unpack001/7a2aa7c097a2e48184694d2d70027f7ac4081db7c6d555324aa5f060a37800bd.exe
unpack001/87bcc495ec10c56b860450897f03869b74c66c2a2bd336d4fff67d2d777ad865.exe
unpack001/8d11fa106742bd9038bf92ed3b3912b51f9b768ebd85b380081f61940fd92754.exe
unpack006/out.upx
unpack001/97d846563e9c5da173d27fd11a6f182709c665dba0cb3f85a882c7b3e9cd9a3b.exe
unpack001/9e4e60ee2a8a8ce65072e3aa9b648d4e8ff45474a41d374126f3c045901550c6.exe

Files

dsggggggggggg.rar
.rar
02db3ec76453f4a8ed495b9befac3ce2d51ef58c22d167e25a20bd050f5094ce.exe
.exe windows:5 windows x86 arch:x86

353396c72c961cf620fb378efdfac8d3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

winmm

mciGetErrorStringA
midiOutGetNumDevs
midiOutShortMsg
waveInGetPosition
midiInPrepareHeader
timeGetSystemTime
mciFreeCommandResource
auxGetNumDevs
mmioInstallIOProcW
timeGetTime
mciGetDriverData
mciSendCommandW
DefDriverProc
mixerGetDevCapsW
joyGetNumDevs
mixerGetControlDetailsA
waveOutSetPlaybackRate
WOW32ResolveMultiMediaHandle
mciGetDeviceIDFromElementIDA
mixerClose
mixerGetLineControlsA
midiOutGetID
waveInClose
mciGetErrorStringW
waveInUnprepareHeader
mciSendCommandA
WOWAppExit
auxGetVolume
mciGetDeviceIDA

wow32

WOWDirectedYield16
WOWGlobalUnlockFree16
W32Init
WOW32DriverCallback
CopyDropFilesFrom16
CopyDropFilesFrom32
WOWCallback16
WOWHandle16
WOW32ResolveHandle
WOWGlobalAlloc16
WOWCallback16Ex
WOWGlobalLockSize16
GetCommShadowMSR
WOWGetVDMPointer
WOW32ResolveMemory
WOWUseMciavi16
WOWHandle32
WOWGetVDMPointerUnfix
W32HungAppNotifyThread
WOWGlobalLock16
GetCommHandle
WOWYield16
WOWGlobalFree16
WOWFreeMetafile
WOWGlobalAllocLock16
W32Dispatch

expsrv

PutMem2
rtcMidCharVar
rtUI1FromErrVar
__vbaCyForNext
__vbaPutFxStr4
rtcAppActivate
rtcLowerCaseVar
EbGetObjConnectionCounts
__vbaVar2Vec
__vbaLateIdSt
__vbaNameFile
rtcFV
TipInvokeMethod
rtcInputCharCountVar
__vbaVarAdd
rtcPackDate
rtCyFromErrVar
EVENT_SINK_GetIDsOfNames
rtcFileSeek
rtcExp
Zombie_Invoke

untfs

?Initialize@NTFS_ATTRIBUTE_RECORD@@QAEEPAVIO_DP_DRIVE@@PAX@Z
?TakeCensus@NTFS_SA@@QAEEPAVNTFS_MASTER_FILE_TABLE@@KPAUNTFS_CENSUS_INFO@@@Z
??0NTFS_BITMAP_FILE@@QAE@XZ
?Initialize@NTFS_LOG_FILE@@QAEEPAVNTFS_MASTER_FILE_TABLE@@@Z
?Create@NTFS_FILE_RECORD_SEGMENT@@QAEEPBU_STANDARD_INFORMATION@@G@Z
?Read@NTFS_ATTRIBUTE@@QAEEPAXVBIG_INT@@KPAK@Z
?Initialize@NTFS_MFT_INFO@@QAEEXZ
??0NTFS_SA@@QAE@XZ
?QueryName@NTFS_ATTRIBUTE_RECORD@@QBEEPAVWSTRING@@@Z
??0NTFS_FILE_RECORD_SEGMENT@@QAE@XZ
?QueryNumberOfExtents@NTFS_EXTENT_LIST@@QBEKXZ
?InsertIntoFile@NTFS_ATTRIBUTE@@UAEEPAVNTFS_FILE_RECORD_SEGMENT@@PAVNTFS_BITMAP@@@Z
?QueryExtentList@NTFS_ATTRIBUTE_RECORD@@QBEEPAVNTFS_EXTENT_LIST@@@Z
?WriteRemainingBootCode@NTFS_SA@@QAEEXZ
?Initialize@NTFS_SA@@QAEEPAVLOG_IO_DP_DRIVE@@PAVMESSAGE@@VBIG_INT@@2@Z
??1NTFS_MFT_FILE@@UAE@XZ
?Initialize@NTFS_ATTRIBUTE@@QAEEPAVLOG_IO_DP_DRIVE@@KPBXKKPBVWSTRING@@G@Z
?AllocateFileRecordSegment@NTFS_MASTER_FILE_TABLE@@QAEEPAVBIG_INT@@E@Z
Extend
??0NTFS_BAD_CLUSTER_FILE@@QAE@XZ
??1NTFS_MFT_INFO@@UAE@XZ

msvcp60

??Ystd@@YAAAV?$complex@M@0@AAV10@ABV10@@Z
??Dstd@@YA?AV?$complex@O@0@ABV10@0@Z
??6std@@YAAAV?$basic_ostream@GU?$char_traits@G@std@@@0@AAV10@ABV?$complex@N@0@@Z
?tellg@?$basic_istream@GU?$char_traits@G@std@@@std@@QAE?AV?$fpos@H@2@XZ
?_Getcat@?$codecvt@DDH@std@@SAIXZ
??0?$basic_ios@GU?$char_traits@G@std@@@std@@QAE@ABV01@@Z
?write@?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEAAV12@PBGH@Z
?_Findarr@ios_base@std@@AAEAAU_Iosarray@12@H@Z
??1facet@locale@std@@UAE@XZ
?_Init@?$num_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@IAEXABV_Locinfo@2@@Z
?_Nanv@?$_Ctr@O@std@@SAOO@Z
?find_last_not_of@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIABV12@I@Z
?_Doraise@bad_cast@std@@MBEXXZ
?seekp@?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEAAV12@V?$fpos@H@2@@Z
?_Init@?$codecvt@GDH@std@@IAEXABV_Locinfo@2@@Z
??A?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEABDI@Z
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAPAD0PAH001@Z
?open@?$basic_filebuf@GU?$char_traits@G@std@@@std@@QAEPAV12@PBDF@Z
??1bad_typeid@std@@UAE@XZ
??1?$basic_ifstream@GU?$char_traits@G@std@@@std@@UAE@XZ
?do_out@?$codecvt@DDH@std@@MBEHAAHPBD1AAPBDPAD3AAPAD@Z
?find_last_not_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
??_F?$num_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QAEXXZ
?pubseekpos@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QAE?AV?$fpos@H@2@V32@H@Z
??A?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAGI@Z
??_D?$basic_istringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ

kernel32

CompareFileTime
SetConsoleWindowInfo
HeapCreate
OpenMutexW
VirtualAlloc
LocalAlloc
lstrcatA
GlobalAlloc
SwitchToFiber
GetConsoleAliasExesA
LoadLibraryA
BackupRead
HeapSize
GetCalendarInfoW
BaseCheckAppcompatCache
PrivCopyFileExW
IsBadStringPtrW
GetEnvironmentVariableW
CreateDirectoryA
IsDebuggerPresent
GetUserDefaultUILanguage
RegisterWaitForSingleObject
ReleaseActCtx
FindFirstVolumeA
SetFilePointer
GetPrivateProfileStringA
RaiseException
LCMapStringA
AllocConsole
OpenWaitableTimerW

crtdll

fputc
_ungetch
_putch
_mbschr
_pclose
_isctype
_logb
atoi
_getpid
_loaddll
_vsnprintf
_tell
_timezone_dll
_spawnv
_getw
_mbspbrk
ldexp
_osver_dll
_mbsnset
wcsncmp

ufat

?QueryFreeSectors@REAL_FAT_SA@@QBEKXZ
??0FAT_SA@@QAE@XZ
?QueryLengthOfChain@FAT@@QBEKKPAK@Z
??0EA_SET@@QAE@XZ
??1CLUSTER_CHAIN@@UAE@XZ
??1EA_SET@@UAE@XZ
??0FAT_DIRENT@@QAE@XZ
?QueryLastWriteTime@FAT_DIRENT@@QBEEPAT_LARGE_INTEGER@@@Z
?QueryEaSetClusterNumber@EA_HEADER@@QBEGG@Z
?Initialize@FILEDIR@@QAEEPAVMEM@@PAVLOG_IO_DP_DRIVE@@PAVFAT_SA@@PBVFAT@@K@Z
??0CLUSTER_CHAIN@@QAE@XZ
?Read@REAL_FAT_SA@@UAEEPAVMESSAGE@@@Z
?IsValidLastAccessTime@FAT_DIRENT@@QBEEXZ
?Set12@FAT@@AAEXKK@Z
?QueryAllocatedClusters@FAT@@QBEKXZ
?Write@CLUSTER_CHAIN@@UAEEXZ
??0ROOTDIR@@QAE@XZ
?Initialize@FAT_DIRENT@@QAEEPAX@Z
?FreeChain@FAT@@QAEXK@Z
??1FILEDIR@@UAE@XZ
?IsValidLastWriteTime@FAT_DIRENT@@QBEEXZ
?Index12@FAT@@ABEKK@Z
?AllocChain@FAT@@QAEKKPAK@Z

Sections

.text
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 18KB - Virtual size: 99KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 252B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
09f27e01898779236a9f31185667b9f4a97dd1f30c972386fd995502acfb992e.exe
.exe windows:4 windows x86 arch:x86

0e6d6fc6375377197a2a401b6bbe37ca

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

memset
strncpy
_CIacos
_CIsinh
_CIlog
memcpy
strlen

kernel32

GetModuleHandleA
HeapCreate
HeapDestroy
ExitProcess
GetModuleFileNameA
GetCurrentThreadId
GetCurrentProcessId
HeapAlloc
HeapFree
HeapReAlloc

user32

CallWindowProcA
MessageBoxA
GetWindowThreadProcessId
IsWindowVisible
IsWindowEnabled
GetForegroundWindow
GetWindowLongA
SetWindowPos
EnableWindow
EnumWindows

comctl32

InitCommonControlsEx

ole32

CoInitialize

Sections

.code
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 700B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.text
Size: 208KB - Virtual size: 212KB
0abe62de95ad966482f445504eb8a385afb8e4b4ba5a36ea34fce13b3da3dad2.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

UPX0
Size: - Virtual size: 5.1MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 645KB - Virtual size: 648KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 23KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

MSBCompilScript
MSBPRunScript
MSBRunScript

Sections

CODE
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 43KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 3.8MB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 121B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: - Virtual size: 272B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 94KB - Virtual size: 93KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 105KB - Virtual size: 104KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
13ad5c6c04c32e246dba78cf2e3737470af66b0b73553ab8f025ade626b8a120.exe
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 64KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 44KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 832B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 72KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 632B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
181d5a2aa39493c50bc73723047157d843ecbc22d7cb56766eb737f529910854.exe
.exe windows:6 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 108KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 98KB - Virtual size: 100KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.]UPX1
Size: 76KB - Virtual size: 76KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
19bdaadf42c44a28941ff6ecea6925de28caf172acb131085d93c7e56ac5fded.exe
.exe windows:4 windows x86 arch:x86

f78d9d06b9070b73486ec891ec3620c5

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrlenW
GetModuleFileNameA
DeleteFileW
lstrcpyA
CloseHandle
ReleaseMutex
GetLastError
CreateMutexA
ExitProcess
CreateThread
Sleep
GetModuleHandleA
LoadLibraryW
FreeResource
lstrlenA
WriteFile
SizeofResource
CreateFileW
LoadResource
FindResourceW
GetSystemDirectoryW
lstrcatW
GetTickCount
VirtualAlloc
VirtualAllocEx
VirtualProtectEx
GetModuleHandleW
GetProcAddress
WriteProcessMemory
SetThreadContext
ResumeThread
TerminateProcess
CreateProcessW
GetThreadContext
ReadProcessMemory
VirtualQueryEx

user32

ShowWindow
FindWindowW
DefWindowProcW
DispatchMessageW
TranslateMessage
GetMessageW
UpdateWindow
CreateWindowExW
RegisterClassExW
LoadCursorW
LoadIconW
wsprintfW
SendMessageW

advapi32

RegCloseKey
RegOpenKeyExW
RegDeleteValueW
RegQueryValueExW
RegCreateKeyExW
CreateServiceW
CloseServiceHandle
DeleteService
OpenServiceW
OpenSCManagerW
StartServiceW
ChangeServiceConfigW
RegSetValueExW

msvcrt

realloc
_except_handler3
strchr
strstr
fopen
fclose
fseek
ftell
fread
??2@YAPAXI@Z
malloc

Sections

.text
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 1024B - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 98KB - Virtual size: 98KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
1f1cc1747387db85919ee8af854dd1afe5239b34a1cdc98c5cea347de804205e.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 392KB - Virtual size: 392KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 3KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 16B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 48KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
1f4e927f6e5ff4ae660f4d99194a9a7c05d5d829c6c3dbe1ee52a00fc740d6a4.exe
.exe windows:4 windows x64 arch:x64

efca766733fc46327b4f9355c8be8373

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Imports

advapi32

DeregisterEventSource
RegisterEventSourceW
ReportEventW

gdi32

CreateCompatibleBitmap
DeleteObject
GetDIBits
GetDeviceCaps
GetObjectW

kernel32

AddVectoredExceptionHandler
CloseHandle
CreateEventA
CreateFileW
CreateMutexW
CreateSemaphoreA
DeleteCriticalSection
DuplicateHandle
EnterCriticalSection
FindClose
FindFirstFileW
FindNextFileW
FindResourceW
FreeLibrary
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetEnvironmentVariableW
GetFileSizeEx
GetFileType
GetHandleInformation
GetLastError
GetModuleFileNameW
GetModuleHandleW
GetProcAddress
GetProcessAffinityMask
GetShortPathNameW
GetStartupInfoA
GetStdHandle
GetSystemTimeAsFileTime
GetThreadContext
GetThreadPriority
GetTickCount
GetVersion
GetWindowsDirectoryW
GlobalMemoryStatus
InitializeCriticalSection
IsDBCSLeadByteEx
IsDebuggerPresent
LeaveCriticalSection
LoadLibraryA
LoadLibraryW
LoadResource
LockResource
MoveFileW
MultiByteToWideChar
OutputDebugStringA
QueryPerformanceCounter
RaiseException
ReadFile
ReleaseMutex
ReleaseSemaphore
RemoveVectoredExceptionHandler
ResetEvent
ResumeThread
RtlAddFunctionTable
RtlCaptureContext
RtlLookupFunctionEntry
RtlUnwindEx
RtlVirtualUnwind
SetEvent
SetFilePointerEx
SetLastError
SetProcessAffinityMask
SetThreadContext
SetThreadPriority
SetUnhandledExceptionFilter
SizeofResource
Sleep
SuspendThread
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TryEnterCriticalSection
UnhandledExceptionFilter
VirtualProtect
VirtualQuery
WaitForMultipleObjects
WaitForSingleObject
WideCharToMultiByte
WriteFile

msvcrt

__C_specific_handler
___lc_codepage_func
__dllonexit
__doserrno
__getmainargs
__initenv
__iob_func
__lconv_init
__mb_cur_max
__pioinfo
__set_app_type
__setusermatherr
_acmdln
_amsg_exit
_beginthreadex
_cexit
_endthreadex
_errno
_exit
_fdopen
_filelengthi64
_fileno
_fileno
_fmode
_fstat64
_getch
_gmtime64
_initterm
_localtime64
_lock
_lseeki64
_onexit
_read
_setjmp
_setmode
_strdup
_strnicmp
_time64
_ultoa
_unlock
_vsnprintf
_vsnwprintf
_wfopen
_write
_write
abort
atoi
calloc
exit
fclose
feof
ferror
fflush
fgetpos
fgets
fopen
fprintf
fputc
fputs
fread
free
fseek
fsetpos
ftell
fwrite
getc
getenv
getwc
isalnum
isspace
isupper
iswctype
isxdigit
localeconv
longjmp
malloc
memchr
memcmp
memcpy
memmove
memset
printf
putc
putwc
qsort
raise
realloc
setlocale
setvbuf
signal
sprintf
sscanf
strcat
strchr
strcmp
strcoll
strcpy
strerror
strftime
strlen
strncmp
strncpy
strrchr
strtol
strtoul
strxfrm
tolower
towlower
towupper
ungetc
ungetwc
vfprintf
wcscmp
wcscoll
wcscpy_s
wcsftime
wcslen
wcsstr
wcsxfrm

shell32

ShellExecuteW

user32

GetDC
GetProcessWindowStation
GetUserObjectInformationW
MessageBoxW
ReleaseDC

Sections

.text
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 21KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 305KB - Virtual size: 305KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 92KB - Virtual size: 91KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 110KB - Virtual size: 110KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 50KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 112B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 104B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 856B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
222d06b23600bbd1fd66b6649618e5f3a7f4d81fcb8dfd961680d949aea31a66.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\document.doc.exe\obj\Release\document.doc.exe.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 28KB - Virtual size: 26KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.sdata
Size: 4KB - Virtual size: 105B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
23b5ce252f1cb3ff40a3bcb3ea53dd674175c3ad782b00e33ae45c8c87fa265b.exe
.exe windows:5 windows x86 arch:x86

43ed6e1ea41b9a53f91c91dbf8b95f27

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\vij-cukusix2\pugivacev voki6-hujaco67 sah-foko.pdb

Imports

kernel32

DisconnectNamedPipe
BuildCommDCBA
PostQueuedCompletionStatus
ProcessIdToSessionId
CallNamedPipeA
GetLastError
DeleteFileW
ResetEvent
GetPrivateProfileSectionNamesW
GetFileSize
RemoveDirectoryA
LCMapStringW
AddConsoleAliasW
GetModuleHandleW
GetFileType
MoveFileW
CreateDirectoryExW
GetVersionExW
LocalAlloc
GetFileAttributesW
GetConsoleAliasW
RegisterWaitForSingleObject
EnumCalendarInfoW
VerifyVersionInfoA
GetThreadPriorityBoost
GetProcAddress
FoldStringA
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
SetLastError
RtlUnwind
RaiseException
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
ExitProcess
GetModuleHandleExW
GetModuleFileNameW
MultiByteToWideChar
WideCharToMultiByte
GetStdHandle
WriteFile
GetACP
HeapFree
HeapAlloc
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetProcessHeap
CloseHandle
SetStdHandle
GetStringTypeW
HeapSize
HeapReAlloc
FlushFileBuffers
GetConsoleCP
GetConsoleMode
SetFilePointerEx
WriteConsoleW
DecodePointer
CreateFileW

gdi32

RestoreDC
GetEnhMetaFileHeader

advapi32

ObjectDeleteAuditAlarmW
RegQueryValueW
FreeSid
RegUnLoadKeyW
RegisterEventSourceW
BackupEventLogW

Sections

.text
Size: 43KB - Virtual size: 42KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 166KB - Virtual size: 165KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 19KB - Virtual size: 47.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1008B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
24ebe7609d56c62fca780bf5ef346aa91c0412418f1f85d591005b4509bcbca9.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 191KB - Virtual size: 476KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

DATA
Size: 3KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 11KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.aspack
Size: 6KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
25fcedbb8b0ae97c1e9b7b56e0ce3511976661bbdcf075dfed18b36a58ab5d78.exe
.exe windows:4 windows x86 arch:x86

268a1e0271f20a60427afd9c5f92e4ff

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetLastError

ntdll

RtlEnumerateGenericTableLikeADirectory

user32

ExcludeUpdateRgn

gdi32

LineDDA
GetSystemPaletteEntries
RemoveFontMemResourceEx
GetNearestColor
GetMetaRgn
GetCurrentObject
GetStretchBltMode
PatBlt
GdiSetBatchLimit
StrokeAndFillPath
SetTextJustification
CreateBitmap
DeleteObject
Ellipse
EnumFontsA
EnumObjects
EqualRgn
FlattenPath
GdiGetBatchLimit
ResizePalette

msimg32

TransparentBlt

netapi32

RxNetAccessSetInfo

comdlg32

CommDlgExtendedError

oleaut32

SafeArrayCreateVectorEx

mpr

MultinetGetConnectionPerformanceW

Sections

.text
Size: 274KB - Virtual size: 274KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 113KB - Virtual size: 1.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
26f2bf1fc3ee321d48dce649fae9951220f0f640c69d5433850b469115c144fe.exe
.exe windows:5 windows x86 arch:x86

37fafc84b5539386cee216e006f2d799

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Users\admin\Desktop\FileService\FileCrypt\Release\payload.pdb

Imports

kernel32

LoadResource
WaitForSingleObject
SizeofResource
CreateThread
SetFilePointer
MapViewOfFile
UnmapViewOfFile
SetEndOfFile
CreateFileMappingW
GetTickCount
GetWindowsDirectoryW
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
GetModuleHandleW
lstrlenW
SetEvent
TerminateThread
CreateEventW
InterlockedExchange
SetCurrentDirectoryW
FindResourceW
GetProcessHeap
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetConsoleCP
SetStdHandle
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
InitializeCriticalSectionAndSpinCount
LoadLibraryA
GetCurrentProcessId
QueryPerformanceCounter
SetFileAttributesW
DeleteFileW
CloseHandle
GetModuleFileNameA
GetLastError
FlushFileBuffers
CreateFileW
GetModuleFileNameW
CopyFileW
ReadFile
Sleep
WideCharToMultiByte
WriteFile
CreateProcessW
GetFileSize
GetEnvironmentVariableW
ExitProcess
GetVolumeInformationW
LocalFree
FindNextFileW
LocalAlloc
FindFirstFileW
FindClose
MultiByteToWideChar
GetLogicalDrives
GetStartupInfoA
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
CreateFileA
RtlUnwind
GetStdHandle
HeapReAlloc
VirtualAlloc
DeleteCriticalSection
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetSystemTimeAsFileTime
HeapFree
HeapAlloc
GetConsoleMode
GetCommandLineA
GetProcAddress
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
HeapSize
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringA
LCMapStringW
RaiseException
HeapCreate
VirtualFree

user32

wsprintfA
wsprintfW
MessageBoxA

advapi32

ControlService
RegisterServiceCtrlHandlerW
SetServiceStatus
RegOpenKeyExW
OpenServiceW
OpenSCManagerW
DeleteService
CloseServiceHandle
CreateServiceW
StartServiceCtrlDispatcherW
RegCloseKey
RegFlushKey
RegDeleteValueW
RegCreateKeyExA
RegQueryValueExW

userenv

GetProfilesDirectoryW

mpr

WNetEnumResourceW
WNetOpenEnumW
WNetCloseEnum

Sections

.text
Size: 93KB - Virtual size: 93KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
32a22a65aa2666a6a34f0be77cb6bd3f275bcd1e1c54ad49e187984d76f49e2f.exe
.exe windows:4 windows x86 arch:x86

4afc596e677872a5ef6d27ddd953788c

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

msvcrt

malloc
memset
fopen
fseek
ftell
fread
strlen
fwrite
fclose
_controlfp
__set_app_type
__getmainargs
exit
_XcptFilter
_exit
_except_handler3

Sections

.text
Size: 1024B - Virtual size: 944B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 672B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
35fdad147c2ab2c36dd7fd1ad1ae26b80be6c501bb22120b741be3ab34be168f.exe
.exe windows:6 windows x86 arch:x86

60b49bcc45629d73f7233c4f83703612

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateFileW
GetFileSize
GetFullPathNameW
ReadFile
DeleteFileW
MoveFileW
LoadLibraryW
GetProcAddress
OpenProcess
VirtualAllocEx
WriteProcessMemory
CreateRemoteThread
WaitForSingleObject
VirtualFreeEx
HeapSize
SetStdHandle
GetProcessHeap
Process32NextW
CreateToolhelp32Snapshot
DeleteFileA
GetLastError
GetCurrentDirectoryA
CloseHandle
WriteFile
Sleep
CreateFileA
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetOEMCP
WideCharToMultiByte
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
EncodePointer
DecodePointer
MultiByteToWideChar
SetLastError
InitializeCriticalSectionAndSpinCount
SwitchToThread
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
GetModuleHandleW
CompareStringW
LCMapStringW
GetLocaleInfoW
GetStringTypeW
GetCPInfo
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
InitializeSListHead
RtlUnwind
RaiseException
FreeLibrary
LoadLibraryExW
ExitProcess
GetModuleHandleExW
GetModuleFileNameW
GetStdHandle
GetCommandLineA
GetCommandLineW
HeapAlloc
HeapFree
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetFileType
FlushFileBuffers
GetConsoleCP
GetConsoleMode
GetFileSizeEx
SetFilePointerEx
ReadConsoleW
HeapReAlloc
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
WriteConsoleW

user32

MessageBoxW
MessageBoxA

advapi32

ControlService
ChangeServiceConfigA
StartServiceA
CloseServiceHandle
CreateServiceA
OpenServiceA
OpenSCManagerA
DeleteService

urlmon

URLDownloadToFileW

wininet

DeleteUrlCacheEntryW

Sections

.text
Size: 144KB - Virtual size: 144KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 77KB - Virtual size: 77KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 306KB - Virtual size: 306KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
36bfd9f40ce0043c878b28ca80dda5315cf681215baf4e1d539456d89b907807.exe
.exe windows:4 windows x86 arch:x86

f78d9d06b9070b73486ec891ec3620c5

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrlenW
GetModuleFileNameA
DeleteFileW
lstrcpyA
CloseHandle
ReleaseMutex
GetLastError
CreateMutexA
ExitProcess
CreateThread
Sleep
GetModuleHandleA
LoadLibraryW
FreeResource
lstrlenA
WriteFile
SizeofResource
CreateFileW
LoadResource
FindResourceW
GetSystemDirectoryW
lstrcatW
GetTickCount
VirtualAlloc
VirtualAllocEx
VirtualProtectEx
GetModuleHandleW
GetProcAddress
WriteProcessMemory
SetThreadContext
ResumeThread
TerminateProcess
CreateProcessW
GetThreadContext
ReadProcessMemory
VirtualQueryEx

user32

ShowWindow
FindWindowW
DefWindowProcW
DispatchMessageW
TranslateMessage
GetMessageW
UpdateWindow
CreateWindowExW
RegisterClassExW
LoadCursorW
LoadIconW
wsprintfW
SendMessageW

advapi32

RegCloseKey
RegOpenKeyExW
RegDeleteValueW
RegQueryValueExW
RegCreateKeyExW
CreateServiceW
CloseServiceHandle
DeleteService
OpenServiceW
OpenSCManagerW
StartServiceW
ChangeServiceConfigW
RegSetValueExW

msvcrt

realloc
_except_handler3
strchr
strstr
fopen
fclose
fseek
ftell
fread
??2@YAPAXI@Z
malloc

Sections

.text
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 1024B - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 98KB - Virtual size: 98KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
39a6618795b858d4f9a976c203bb9bee199db3555b9583b308954ccc09cffc45.exe
.exe windows:1 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 61KB - Virtual size: 61KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 1KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 8B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
3c8ac670d8c920170dd431a5a08cbefd62a98e369eb552acbc04a0eeb2f2a198.exe
.exe windows:5 windows x86 arch:x86

7af2fe87a3ab930007d141d21c36ceda

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

user32

GetFocus
MessageBoxA

msvcr90

_onexit
_decode_pointer
_lock
_invoke_watson
_strdup
_crt_debugger_hook
__dllonexit
_unlock
?terminate@@YAXXZ
__set_app_type
_encode_pointer
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_configthreadlocale
_initterm_e
_initterm
_acmdln
exit
_ismbblead
_XcptFilter
_exit
_cexit
__getmainargs
_amsg_exit
realloc
bsearch
qsort
memset
memcpy
fprintf
__iob_func
setbuf
getenv
atoi
malloc
free
strncmp
strrchr
__argv
__argc
strncpy
_snprintf
_stricmp
_except_handler4_common
_controlfp_s

kernel32

IsDebuggerPresent
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
SetUnhandledExceptionFilter
GetStartupInfoA
InterlockedCompareExchange
Sleep
InterlockedExchange
HeapAlloc
IsBadReadPtr
SetLastError
GetProcessHeap
HeapFree
VirtualFree
VirtualProtect
VirtualAlloc
FreeLibrary
GetModuleHandleA
OutputDebugStringA
GetFullPathNameA
LoadLibraryA
GetProcAddress
UnmapViewOfFile
CreateFileA
GetFileSize
CreateFileMappingA
CloseHandle
MapViewOfFile
FindResourceA
LoadResource
LockResource
GetModuleFileNameA
GetLastError
FormatMessageA
LocalFree
lstrlenA
UnhandledExceptionFilter

Sections

.text
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3.7MB - Virtual size: 3.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
401beec1e5e07bfe7d0ebf18d9219f4f0a504284b6f9aab664e8af6e8bef31c3.exe
.exe windows:4 windows x86 arch:x86

15654036c21ef7a700e91621275c5bd9

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

memset
strstr
sprintf
_stricmp
strcmp
tolower
wcslen
wcscpy
_wcsicmp
wcscmp
wcsstr
_wcsnicmp
wcsncmp
wcsncpy
_wcsdup
free
memmove
_isnan
memcpy
wcscat
strlen
strcpy
strcat
memcmp
_CIpow
_CIlog
localtime
mktime
gmtime
_itow
fabs
ceil
malloc
floor
fclose
_vsnwprintf
fmod
sin
cos
abs

kernel32

GetModuleHandleW
HeapCreate
HeapDestroy
ExitProcess
GlobalSize
GlobalAlloc
Sleep
GlobalFree
GetLogicalDrives
GetVolumeInformationW
GetDriveTypeW
MultiByteToWideChar
OpenProcess
CloseHandle
SetErrorMode
GetDiskFreeSpaceExW
GetFileAttributesW
GlobalReAlloc
TerminateProcess
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
QueryPerformanceCounter
QueryPerformanceFrequency
HeapAlloc
HeapFree
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
WaitForSingleObject
CreateThread
GetModuleFileNameW
GetCurrentProcess
DuplicateHandle
CreatePipe
GetStdHandle
CreateProcessW
GetEnvironmentVariableW
SetEnvironmentVariableW
PeekNamedPipe
ReadFile
GetLastError
GetExitCodeProcess
GetCommandLineW
CreateFileW
SetFilePointer
SetEndOfFile
WriteFile
GetFileSize
WideCharToMultiByte
SetUnhandledExceptionFilter
RaiseException
FreeLibrary
LoadLibraryA
GetProcAddress
GetTickCount
TlsAlloc
TlsSetValue
GetCurrentThreadId
TlsGetValue
LoadLibraryW
CreateDirectoryW
SetFileAttributesW
FindFirstFileW
FindClose
DeleteFileW
CopyFileW
FindNextFileW
MoveFileW
HeapReAlloc
GetLocalTime
FlushFileBuffers
WriteConsoleW
GetVersionExW
DeleteCriticalSection
TlsFree
SetLastError
WaitForMultipleObjects
GetCurrentThread
CreateSemaphoreA
ReleaseSemaphore

user32

DestroyWindow
GetPropW
GetWindow
SetActiveWindow
RemovePropW
SendMessageW
UnregisterClassW
DestroyAcceleratorTable
LoadIconW
LoadCursorW
DefWindowProcA
RegisterClassA
CreateWindowExA
RegisterWindowMessageA
CharLowerW
CharUpperW
DestroyIcon
FillRect
GetIconInfo
DrawIconEx

gdi32

DeleteObject
GetStockObject
GetObjectType
GetObjectW
CreateCompatibleDC
SelectObject
CreateSolidBrush
DeleteDC
BitBlt
GdiSetBatchLimit
GdiGetBatchLimit
CreateDIBSection
GetDIBits
CreateBitmap
SetPixel
GetTextExtentPoint32W
SetBkMode
SetTextAlign
SetBkColor
SetTextColor
TextOutW
SetStretchBltMode
SetBrushOrgEx
StretchBlt
GetPixel
CreateFontIndirectW
GetTextMetricsW
CreateCompatibleBitmap

advapi32

OpenSCManagerW
OpenServiceW
StartServiceW
CloseServiceHandle
RegisterServiceCtrlHandlerW
SetServiceStatus
StartServiceCtrlDispatcherW
DeleteService
QueryServiceStatus
ControlService
CreateServiceW
ChangeServiceConfig2W
CryptAcquireContextA
CryptReleaseContext
CryptGenRandom

comctl32

InitCommonControlsEx

oleaut32

SysAllocString

ole32

CoTaskMemFree
CoInitialize
CoCreateInstance
CoUninitialize
RevokeDragDrop

shell32

SHGetSpecialFolderLocation
SHGetPathFromIDListW
ShellExecuteExW

wsock32

closesocket
WSACleanup
WSAStartup
connect
socket
inet_addr
gethostbyname
htons
bind
ioctlsocket
select
__WSAFDIsSet
send
sendto

winmm

timeBeginPeriod

Sections

.code
Size: 73KB - Virtual size: 73KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text
Size: 108KB - Virtual size: 107KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 81KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
46c17836fd2d65343ca0d1adae5fa3209a1f2a128736c81f5d7d40fe7ee608b2.exe
.exe windows:4 windows x86 arch:x86

4afc596e677872a5ef6d27ddd953788c

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

msvcrt

malloc
memset
fopen
fseek
ftell
fread
strlen
fwrite
fclose
_controlfp
__set_app_type
__getmainargs
exit
_XcptFilter
_exit
_except_handler3

Sections

.text
Size: 1024B - Virtual size: 944B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 672B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
54edb6518a4ba6561d14cfc2875b281f3a9a87aca7d839c5bc814ef5e6a0229a.exe
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 104KB - Virtual size: 108KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
56ec95785f91418751ad5788f9076af108ae19e03d2e0c0551ae8f8d8f5acba4.exe
.exe windows:6 windows x86 arch:x86

8df505348d6b0f8009519e11bb59d2db

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateToolhelp32Snapshot
CloseHandle
Process32NextW
GetLastError
CreateFileW
GetFileSize
GetFullPathNameW
DeleteFileW
MoveFileW
LoadLibraryW
GetProcAddress
Sleep
OpenProcess
VirtualAllocEx
WriteProcessMemory
CreateRemoteThread
WaitForSingleObject
VirtualFreeEx
HeapSize
GetProcessHeap
SetStdHandle
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetOEMCP
WideCharToMultiByte
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
EncodePointer
DecodePointer
MultiByteToWideChar
SetLastError
InitializeCriticalSectionAndSpinCount
SwitchToThread
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
GetModuleHandleW
CompareStringW
LCMapStringW
GetLocaleInfoW
GetStringTypeW
GetCPInfo
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
RtlUnwind
RaiseException
FreeLibrary
LoadLibraryExW
ExitProcess
GetModuleHandleExW
GetStdHandle
WriteFile
GetModuleFileNameW
GetCommandLineA
GetCommandLineW
HeapAlloc
HeapFree
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetFileType
FlushFileBuffers
GetConsoleCP
GetConsoleMode
ReadFile
GetFileSizeEx
SetFilePointerEx
ReadConsoleW
HeapReAlloc
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
WriteConsoleW

user32

MessageBoxA

urlmon

URLDownloadToFileW

wininet

DeleteUrlCacheEntryW

Sections

.text
Size: 141KB - Virtual size: 141KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 64KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 306KB - Virtual size: 306KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
5c959580adf1fbdfea872ece4d29ee6a8319a88273a9923988ef8be4197833bd.exe
.dll windows:5 windows x86 arch:x86

e0b0f3e119bdcdb2ff10b051ac75cde0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CreateThread
CloseHandle

Sections

.text
Size: 41KB - Virtual size: 40KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 62KB - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pot5s8
Size: 50KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
675e7e38d969e9c0af164337a180b2941d4a676b7e0c345da1de1b2d42ed31a8.exe
.exe windows:5 windows x86 arch:x86

bf5a4aa99e5b160f8521cadd6bfe73b8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

Imports

kernel32

RaiseException
GetLastError
MultiByteToWideChar
lstrlenA
InterlockedDecrement
GetProcAddress
LoadLibraryA
FreeResource
SizeofResource
LockResource
LoadResource
FindResourceA
GetModuleHandleA
Module32Next
CloseHandle
Module32First
CreateToolhelp32Snapshot
GetCurrentProcessId
SetEndOfFile
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
GetLocaleInfoA
HeapFree
GetProcessHeap
HeapAlloc
GetCommandLineA
HeapCreate
VirtualFree
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
VirtualAlloc
HeapReAlloc
HeapSize
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetModuleHandleW
Sleep
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
WideCharToMultiByte
GetConsoleCP
GetConsoleMode
ReadFile
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
FlushFileBuffers
SetFilePointer
SetHandleCount
GetFileType
GetStartupInfoA
RtlUnwind
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
InitializeCriticalSectionAndSpinCount
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
CompareStringA
CompareStringW
SetEnvironmentVariableA
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetStdHandle
CreateFileA

ole32

OleInitialize

oleaut32

SafeArrayCreate
SafeArrayAccessData
SafeArrayUnaccessData
SafeArrayDestroy
SafeArrayCreateVector
VariantClear
VariantInit
SysFreeString
SysAllocString

Sections

.text
Size: 102KB - Virtual size: 101KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
6b4f6a820d415a88ee156607b13450cbe0bedad4eb05961c55f5926f86262296.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Users\user\Documents\Visual Studio 2013\Projects\PDF\PadC_Downloader\bin\Debug\Output\PadC_Downloader.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
721ccbb780b308c6c40817749b6764ad06cd2e56389bba1618a0dadc362d6429.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Users\Carlos\Desktop\HiddenTear-master\HiddenTear\obj\x86\Release\HiddenTear.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 454KB - Virtual size: 453KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 101KB - Virtual size: 100KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
75a9ade19696be512a894b659c4bebd174a868f404da5479f4fd96494e04c71d.exe
.exe windows:5 windows x86 arch:x86

993552dae29051193848bdafd3c378a0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_AGGRESIVE_WS_TRIM
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\rodizupa60-yocazufajixoka5\mozewaxa45_tuy.pdb

Imports

kernel32

GetBinaryTypeA
GetBinaryTypeW
GetCurrentProcess
GetThreadPriorityBoost
VirtualProtect
AddAtomW
CreateDirectoryExW
MapUserPhysicalPagesScatter
LCMapStringW
FoldStringA
AddConsoleAliasA
ConnectNamedPipe
LocalAlloc
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
RtlUnwind
GetLastError
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
GetStdHandle
WriteFile
GetModuleFileNameW
MultiByteToWideChar
WideCharToMultiByte
ExitProcess
GetModuleHandleExW
GetACP
HeapFree
HeapAlloc
CloseHandle
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetStdHandle
GetFileType
GetStringTypeW
GetProcessHeap
HeapSize
HeapReAlloc
FlushFileBuffers
GetConsoleCP
GetConsoleMode
SetFilePointerEx
WriteConsoleW
DecodePointer
CreateFileW
RaiseException

advapi32

DeleteService

Sections

.text
Size: 42KB - Virtual size: 42KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 206KB - Virtual size: 49.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.fow
Size: 1024B - Virtual size: 1001B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.jodipid
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.gfids
Size: 512B - Virtual size: 172B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
7a2aa7c097a2e48184694d2d70027f7ac4081db7c6d555324aa5f060a37800bd.exe
.exe windows:4 windows x86 arch:x86

71efab0179518ac02b0b90889b9dab6a

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ExitProcess
CloseHandle

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 118B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 928B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
87bcc495ec10c56b860450897f03869b74c66c2a2bd336d4fff67d2d777ad865.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 392KB - Virtual size: 391KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 3KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 16B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
8d11fa106742bd9038bf92ed3b3912b51f9b768ebd85b380081f61940fd92754.exe
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 88KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 122KB - Virtual size: 124KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 137KB - Virtual size: 136KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 39KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 728B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
97d846563e9c5da173d27fd11a6f182709c665dba0cb3f85a882c7b3e9cd9a3b.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
9e4e60ee2a8a8ce65072e3aa9b648d4e8ff45474a41d374126f3c045901550c6.exe
.exe windows:4 windows x86 arch:x86

31a10f02aae886ccb4b8260ae723b46f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ole32

CoUninitialize
CLSIDFromProgID
CoCreateInstance
CoInitialize

kernel32

SetEvent
WaitForSingleObject
ExitProcess
SystemTimeToFileTime
DeleteFileA
SetFilePointer
MoveFileA
CreateFileA
GetCommandLineA
GetExitCodeProcess
CloseHandle
SetEnvironmentVariableA
GetVersionExA
MoveFileExA
GetThreadSelectorEntry
FormatMessageA
FlushFileBuffers
GetProcAddress
DeleteCriticalSection
WaitForMultipleObjects
CreateThread
FindClose
FindNextFileA
GetEnvironmentVariableA
EnterCriticalSection
SetFileTime
LocalFileTimeToFileTime
FindFirstFileA
RemoveDirectoryA
FreeLibrary
GetLastError
SetFileAttributesA
GetDriveTypeA
CreateEventA
CreateProcessA
QueryDosDeviceA
OpenEventA
HeapFree
Sleep
QueryPerformanceCounter
SetLastError
SetUnhandledExceptionFilter
LeaveCriticalSection
GetSystemDirectoryA
DosDateTimeToFileTime
GetModuleFileNameA
GetCurrentProcessId
GetCurrentThreadId
GetSystemTime
GetModuleHandleA
GetTickCount
GetDiskFreeSpaceA
HeapAlloc
GetSystemTimeAsFileTime
DeviceIoControl
GetCurrentDirectoryA
LoadLibraryA
WriteFile
GetProcessHeap
CreateDirectoryA
CreateEventW
SetEndOfFile
CopyFileA
SetErrorMode
SetConsoleTitleA
ConnectNamedPipe
ReadFile
GetCurrentProcess
TerminateProcess
GetFileAttributesA
GetFileSize

advapi32

OpenProcessToken
GetUserNameA
OpenSCManagerA
OpenServiceA
LookupPrivilegeValueA

user32

ChangeDisplaySettingsA
ShowWindow
MessageBoxA
GetKeyNameTextA

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ

.text1
Size: 186KB - Virtual size: 191KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

353396c72c961cf620fb378efdfac8d3

Headers

DLL Characteristics

File Characteristics

Imports

winmm

wow32

expsrv

untfs

msvcp60

kernel32

crtdll

ufat

Sections

.text Size: 5KB - Virtual size: 5KB

.rdata Size: 16KB - Virtual size: 16KB

.data Size: 18KB - Virtual size: 99KB

.rsrc Size: 19KB - Virtual size: 18KB

.reloc Size: 512B - Virtual size: 252B

0e6d6fc6375377197a2a401b6bbe37ca

Headers

File Characteristics

Imports

msvcrt

kernel32

user32

comctl32

ole32

Sections

.code Size: 15KB - Virtual size: 14KB

.text Size: 5KB - Virtual size: 4KB

.rdata Size: 512B - Virtual size: 24B

.data Size: 2KB - Virtual size: 1KB

.rsrc Size: 1024B - Virtual size: 700B

.text Size: 208KB - Virtual size: 212KB

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 5.1MB

UPX1 Size: 645KB - Virtual size: 648KB

.rsrc Size: 23KB - Virtual size: 24KB

Headers

File Characteristics

Exports

Exports

Sections

CODE Size: 1.7MB - Virtual size: 1.7MB

DATA Size: 43KB - Virtual size: 43KB

BSS Size: - Virtual size: 3.8MB

.idata Size: 13KB - Virtual size: 12KB

.edata Size: 512B - Virtual size: 121B

.tls Size: - Virtual size: 272B

.rdata Size: 512B - Virtual size: 24B

.reloc Size: 94KB - Virtual size: 93KB

.rsrc Size: 105KB - Virtual size: 104KB

Headers

DLL Characteristics

File Characteristics

Sections

UPX0 Size: - Virtual size: 64KB

UPX1 Size: 44KB - Virtual size: 44KB

.rsrc Size: 1024B - Virtual size: 4KB

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 6KB - Virtual size: 5KB

.rdata Size: 2KB - Virtual size: 1KB

.data Size: 512B - Virtual size: 832B

.CRT Size: 512B - Virtual size: 4B

.rsrc Size: 72KB - Virtual size: 72KB

.reloc Size: 1024B - Virtual size: 632B

Headers

File Characteristics

.text
Size: 5KB - Virtual size: 5KB

.rdata
Size: 16KB - Virtual size: 16KB

.data
Size: 18KB - Virtual size: 99KB

.rsrc
Size: 19KB - Virtual size: 18KB

.reloc
Size: 512B - Virtual size: 252B

.code
Size: 15KB - Virtual size: 14KB

.text
Size: 5KB - Virtual size: 4KB

.rdata
Size: 512B - Virtual size: 24B

.data
Size: 2KB - Virtual size: 1KB

.rsrc
Size: 1024B - Virtual size: 700B

.text
Size: 208KB - Virtual size: 212KB

UPX0
Size: - Virtual size: 5.1MB

UPX1
Size: 645KB - Virtual size: 648KB

.rsrc
Size: 23KB - Virtual size: 24KB

CODE
Size: 1.7MB - Virtual size: 1.7MB

DATA
Size: 43KB - Virtual size: 43KB

BSS
Size: - Virtual size: 3.8MB

.idata
Size: 13KB - Virtual size: 12KB

.edata
Size: 512B - Virtual size: 121B

.tls
Size: - Virtual size: 272B

.rdata
Size: 512B - Virtual size: 24B

.reloc
Size: 94KB - Virtual size: 93KB

.rsrc
Size: 105KB - Virtual size: 104KB

UPX0
Size: - Virtual size: 64KB

UPX1
Size: 44KB - Virtual size: 44KB

.rsrc
Size: 1024B - Virtual size: 4KB

.text
Size: 6KB - Virtual size: 5KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 512B - Virtual size: 832B

.CRT
Size: 512B - Virtual size: 4B

.rsrc
Size: 72KB - Virtual size: 72KB

.reloc
Size: 1024B - Virtual size: 632B

UPX0
Size: - Virtual size: 108KB

UPX1
Size: 98KB - Virtual size: 100KB

.rsrc
Size: 512B - Virtual size: 4KB

.]UPX1
Size: 76KB - Virtual size: 76KB

.text
Size: 6KB - Virtual size: 5KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 1024B - Virtual size: 6KB

.rsrc
Size: 98KB - Virtual size: 98KB

CODE
Size: 392KB - Virtual size: 392KB

DATA
Size: 5KB - Virtual size: 4KB

BSS
Size: - Virtual size: 3KB

.idata
Size: 9KB - Virtual size: 9KB

.tls
Size: - Virtual size: 16B

.rdata
Size: 512B - Virtual size: 24B

.reloc
Size: 28KB - Virtual size: 27KB

.rsrc
Size: 48KB - Virtual size: 48KB

.text
Size: 1.7MB - Virtual size: 1.7MB

.data
Size: 21KB - Virtual size: 20KB

.rdata
Size: 305KB - Virtual size: 305KB

.pdata
Size: 92KB - Virtual size: 91KB

.xdata
Size: 110KB - Virtual size: 110KB

.bss
Size: - Virtual size: 50KB

.idata
Size: 8KB - Virtual size: 7KB

.CRT
Size: 512B - Virtual size: 112B

.tls
Size: 512B - Virtual size: 104B

.rsrc
Size: 1024B - Virtual size: 856B

.text
Size: 28KB - Virtual size: 26KB

.sdata
Size: 4KB - Virtual size: 105B

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 4KB - Virtual size: 12B