General

Malware Config

Signatures

Files

• !All malware.zip

  .zip
• 000.exe

  .exe windows:4 windows x86 arch:x86

  f34d5f2d4577ed6d9ceec516c1f5a744

  
  

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA

  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  IMAGE_DLLCHARACTERISTICS_NO_SEH

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_LARGE_ADDRESS_AWARE

  PDB Paths

  C:\Users\FlyTech\Documents\Visual Studio 2015\Projects\Creep\Creep\obj\Debug\000.pdb

  Imports

  mscoree

  _CorExeMain

  Sections

  .text

  Size: 6.7MB - Virtual size: 6.7MB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rsrc

  Size: 4KB - Virtual size: 3KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .reloc

  Size: 512B - Virtual size: 12B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ

• Ana.exe

  .exe windows:5 windows x86 arch:x86

  9222d372923baed7aa9dfa28449a94ea

  
  

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_32BIT_MACHINE

  PDB Paths

  C:\Users\DarkCoderSc\Desktop\Celesty Binder\Stub\STATIC\Stub.pdb

  Imports

  kernel32

  CreateFileA

  FindResourceA

  FreeLibrary

  LoadResource

  WriteFile

  SizeofResource

  GetProcAddress

  LoadLibraryA

  LockResource

  EnumResourceNamesA

  CloseHandle

  FreeResource

  GetWindowsDirectoryA

  OutputDebugStringA

  GetTempPathA

  GetModuleHandleW

  ExitProcess

  DecodePointer

  EncodePointer

  GetCommandLineA

  HeapSetInformation

  GetStartupInfoW

  RaiseException

  TerminateProcess

  GetCurrentProcess

  UnhandledExceptionFilter

  SetUnhandledExceptionFilter

  IsDebuggerPresent

  HeapAlloc

  GetLastError

  HeapFree

  IsProcessorFeaturePresent

  InitializeCriticalSectionAndSpinCount

  DeleteCriticalSection

  LeaveCriticalSection

  EnterCriticalSection

  LoadLibraryW

  TlsAlloc

  TlsGetValue

  TlsSetValue

  TlsFree

  InterlockedIncrement

  SetLastError

  GetCurrentThreadId

  InterlockedDecrement

  GetStdHandle

  GetModuleFileNameW

  Sleep

  HeapSize

  GetModuleFileNameA

  FreeEnvironmentStringsW

  WideCharToMultiByte

  GetEnvironmentStringsW

  SetHandleCount

  GetFileType

  HeapCreate

  QueryPerformanceCounter

  GetTickCount

  GetCurrentProcessId

  GetSystemTimeAsFileTime

  RtlUnwind

  GetCPInfo

  GetACP

  GetOEMCP

  IsValidCodePage

  HeapReAlloc

  LCMapStringW

  MultiByteToWideChar

  GetStringTypeW

  shell32

  ShellExecuteA

  SHGetSpecialFolderPathA

  Sections

  .text

  Size: 30KB - Virtual size: 30KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 12KB - Virtual size: 12KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 3KB - Virtual size: 6KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rsrc

  Size: 2.0MB - Virtual size: 2.0MB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .reloc

  Size: 5KB - Virtual size: 4KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ

• Bad Rabit.exe

  .exe windows:5 windows x86 arch:x86

  e3bda9df66f1f9b2b9b7b068518f2af1

  
  

  Code Sign

  7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b

  Certificate

  Issuer

  CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

  Not Before

  21-12-2012 00:00

  Not After

  30-12-2020 23:59

  Subject

  CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

  Extended Key Usages

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageCertSign

  KeyUsageCRLSign

  0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50

  Certificate

  Issuer

  CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

  Not Before

  18-10-2012 00:00

  Not After

  29-12-2020 23:59

  Subject

  CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

  Extended Key Usages

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageDigitalSignature

  0e:bf:ea:68:d6:77:b3:e2:6c:ab:41:c3:3f:3e:69:de

  Certificate

  Issuer

  CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

  Not Before

  16-12-2016 00:00

  Not After

  17-12-2017 23:59

  Subject

  CN=Symantec Corporation,OU=STAR Security Engines,O=Symantec Corporation,L=Mountain View,ST=California,C=US

  Extended Key Usages

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageDigitalSignature

  52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7

  Certificate

  Issuer

  CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

  Not Before

  08-02-2010 00:00

  Not After

  07-02-2020 23:59

  Subject

  CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

  Extended Key Usages

  ExtKeyUsageClientAuth

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageCertSign

  KeyUsageCRLSign

  2e:6b:e6:bd:11:a8:67:6e:6c:57:90:9e:9b:0d:5f:57

  Certificate

  Issuer

  CN=Symantec Class 3 SHA256 Code Signing CA - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

  Not Before

  15-03-2017 00:00

  Not After

  13-04-2018 23:59

  Subject

  CN=Symantec Corporation,OU=STAR Security Engines,O=Symantec Corporation,L=Mountain View,ST=California,C=US

  Extended Key Usages

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageDigitalSignature

  7c:1b:35:35:4a:e7:db:74:e7:41:5f:11:69:ca:6b:a8

  Certificate

  Issuer

  CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

  Not Before

  22-07-2014 00:00

  Not After

  21-07-2024 23:59

  Subject

  CN=Symantec Class 3 SHA256 Code Signing CA - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

  Extended Key Usages

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageCertSign

  KeyUsageCRLSign

  7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12

  Certificate

  Issuer

  CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

  Not Before

  12-01-2016 00:00

  Not After

  11-01-2031 23:59

  Subject

  CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

  Extended Key Usages

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageCertSign

  KeyUsageCRLSign

  54:58:f2:aa:d7:41:d6:44:bc:84:a9:7b:a0:96:52:e6

  Certificate

  Issuer

  CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

  Not Before

  02-01-2017 00:00

  Not After

  01-04-2028 23:59

  Subject

  CN=Symantec SHA256 TimeStamping Signer - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

  Extended Key Usages

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageDigitalSignature

  c9:13:30:16:a3:e5:cf:bf:b1:aa:8b:50:d1:16:0f:a5:35:73:41:3d:4f:81:f8:71:05:4e:c7:39:6d:5a:8b:17

  Signer

  Actual PE Digest

  c9:13:30:16:a3:e5:cf:bf:b1:aa:8b:50:d1:16:0f:a5:35:73:41:3d:4f:81:f8:71:05:4e:c7:39:6d:5a:8b:17

  Digest Algorithm

  sha256

  PE Digest Matches

  false

  bd:ae:90:d3:3b:42:bf:69:31:7c:f4:d9:c1:9d:fd:c2:69:86:ca:f0

  Signer

  Actual PE Digest

  bd:ae:90:d3:3b:42:bf:69:31:7c:f4:d9:c1:9d:fd:c2:69:86:ca:f0

  Digest Algorithm

  sha1

  PE Digest Matches

  false

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_32BIT_MACHINE

  Imports

  kernel32

  ExitProcess

  GetCommandLineW

  GetFileSize

  CreateProcessW

  HeapAlloc

  HeapFree

  GetModuleHandleW

  GetProcessHeap

  WriteFile

  GetSystemDirectoryW

  ReadFile

  GetModuleFileNameW

  CreateFileW

  lstrcatW

  CloseHandle

  UnhandledExceptionFilter

  GetCurrentProcess

  TerminateProcess

  SetUnhandledExceptionFilter

  user32

  wsprintfW

  shell32

  CommandLineToArgvW

  msvcrt

  wcsstr

  memcpy

  free

  malloc

  Sections

  .text

  Size: 12KB - Virtual size: 11KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 12KB - Virtual size: 12KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 512B - Virtual size: 828B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rsrc

  Size: 28KB - Virtual size: 28KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .reloc

  Size: 1024B - Virtual size: 590B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ

• D34TH 2.0 .bat
• DDOS.bat
• Desktop Puzzle.exe

  .exe windows:1 windows x86 arch:x86

  
  

  Headers

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_LINE_NUMS_STRIPPED

  IMAGE_FILE_LOCAL_SYMS_STRIPPED

  IMAGE_FILE_BYTES_REVERSED_LO

  IMAGE_FILE_32BIT_MACHINE

  IMAGE_FILE_BYTES_REVERSED_HI

  Sections

  CODE

  Size: 194KB - Virtual size: 193KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  DATA

  Size: 3KB - Virtual size: 2KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  BSS

  Size: - Virtual size: 1KB

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .idata

  Size: 7KB - Virtual size: 7KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .tls

  Size: - Virtual size: 8B

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rdata

  Size: 512B - Virtual size: 24B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .reloc

  Size: 14KB - Virtual size: 13KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .rsrc

  Size: 19KB - Virtual size: 19KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

• Memz.exe

  .exe windows:5 windows x86 arch:x86

  52753d226ff5a8a88caf9829928cd5d1

  
  

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  IMAGE_DLLCHARACTERISTICS_NO_SEH

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_32BIT_MACHINE

  Imports

  kernel32

  WriteFile

  CloseHandle

  lstrcmpA

  lstrcmpW

  LoadLibraryA

  GetModuleFileNameW

  GetCommandLineW

  Sleep

  SetPriorityClass

  CreateToolhelp32Snapshot

  Process32FirstW

  Process32NextW

  GlobalAlloc

  GlobalFree

  lstrlenW

  GetCurrentThreadId

  CreateThread

  ExitProcess

  GetCurrentProcess

  OpenProcess

  LocalFree

  LocalAlloc

  CreateFileA

  GetProcAddress

  user32

  GetWindowRect

  MessageBoxW

  SetCursorPos

  GetCursorPos

  GetDesktopWindow

  EnumChildWindows

  CallNextHookEx

  LoadIconW

  ReleaseDC

  UnhookWindowsHookEx

  MessageBoxA

  GetSystemMetrics

  CreateWindowExA

  RegisterClassExA

  DefWindowProcW

  ExitWindowsEx

  DispatchMessageW

  TranslateMessage

  GetWindowDC

  DrawIcon

  SendInput

  SendMessageTimeoutW

  GetMessageW

  SetWindowsHookExW

  gdi32

  BitBlt

  StretchBlt

  advapi32

  OpenProcessToken

  AdjustTokenPrivileges

  LookupPrivilegeValueW

  CryptAcquireContextW

  CryptGenRandom

  shell32

  CommandLineToArgvW

  ShellExecuteW

  ShellExecuteA

  ShellExecuteExW

  winmm

  PlaySoundA

  psapi

  GetProcessImageFileNameA

  Sections

  .text

  Size: 3KB - Virtual size: 2KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 8KB - Virtual size: 8KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 512B - Virtual size: 404B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rsrc

  Size: 512B - Virtual size: 488B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .reloc

  Size: 1024B - Virtual size: 524B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ

• NoEscape.exe

  .exe windows:6 windows x86 arch:x86

  f400a8c725e9bcee856360087d72fec3

  
  

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_32BIT_MACHINE

  IMAGE_FILE_DEBUG_STRIPPED

  Imports

  kernel32

  GetModuleHandleA

  GetProcAddress

  netapi32

  NetUserAdd

  ntdll

  RtlGetVersion

  user32

  GetDC

  gdi32

  BitBlt

  advapi32

  FreeSid

  shell32

  ShellExecuteW

  ole32

  CoTaskMemFree

  bcrypt

  BCryptGenRandom

  vcruntime140

  wcsstr

  api-ms-win-crt-string-l1-1-0

  wmemcpy_s

  api-ms-win-crt-runtime-l1-1-0

  exit

  api-ms-win-crt-math-l1-1-0

  __setusermatherr

  api-ms-win-crt-stdio-l1-1-0

  _set_fmode

  api-ms-win-crt-locale-l1-1-0

  _configthreadlocale

  api-ms-win-crt-heap-l1-1-0

  _set_new_mode

  Sections

  .MPRESS1

  Size: 609KB - Virtual size: 1.8MB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_CNT_UNINITIALIZED_DATA

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .MPRESS2

  Size: 4KB - Virtual size: 3KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_CNT_UNINITIALIZED_DATA

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rsrc

  Size: 18KB - Virtual size: 18KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

• Phantom Crypter.bat

  .bat .vbs
• WannaCrypt0r.exe

  .exe windows:4 windows x86 arch:x86

  68f013d7437aa653a8a98a05807afeb1

  
  

  Headers

  File Characteristics

  IMAGE_FILE_RELOCS_STRIPPED

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_LINE_NUMS_STRIPPED

  IMAGE_FILE_LOCAL_SYMS_STRIPPED

  IMAGE_FILE_32BIT_MACHINE

  Imports

  kernel32

  GetFileAttributesW

  GetFileSizeEx

  CreateFileA

  InitializeCriticalSection

  DeleteCriticalSection

  ReadFile

  GetFileSize

  WriteFile

  LeaveCriticalSection

  EnterCriticalSection

  SetFileAttributesW

  SetCurrentDirectoryW

  CreateDirectoryW

  GetTempPathW

  GetWindowsDirectoryW

  GetFileAttributesA

  SizeofResource

  LockResource

  LoadResource

  MultiByteToWideChar

  Sleep

  OpenMutexA

  GetFullPathNameA

  CopyFileA

  GetModuleFileNameA

  VirtualAlloc

  VirtualFree

  FreeLibrary

  HeapAlloc

  GetProcessHeap

  GetModuleHandleA

  SetLastError

  VirtualProtect

  IsBadReadPtr

  HeapFree

  SystemTimeToFileTime

  LocalFileTimeToFileTime

  CreateDirectoryA

  GetStartupInfoA

  SetFilePointer

  SetFileTime

  GetComputerNameW

  GetCurrentDirectoryA

  SetCurrentDirectoryA

  GlobalAlloc

  LoadLibraryA

  GetProcAddress

  GlobalFree

  CreateProcessA

  CloseHandle

  WaitForSingleObject

  TerminateProcess

  GetExitCodeProcess

  FindResourceA

  user32

  wsprintfA

  advapi32

  CreateServiceA

  OpenServiceA

  StartServiceA

  CloseServiceHandle

  CryptReleaseContext

  RegCreateKeyW

  RegSetValueExA

  RegQueryValueExA

  RegCloseKey

  OpenSCManagerA

  msvcrt

  realloc

  fclose

  fwrite

  fread

  fopen

  sprintf

  rand

  srand

  strcpy

  memset

  strlen

  wcscat

  wcslen

  __CxxFrameHandler

  ??3@YAXPAX@Z

  memcmp

  _except_handler3

  _local_unwind2

  wcsrchr

  swprintf

  ??2@YAPAXI@Z

  memcpy

  strcmp

  strrchr

  __p___argv

  __p___argc

  _stricmp

  free

  malloc

  ??0exception@@QAE@ABV0@@Z

  ??1exception@@UAE@XZ

  ??0exception@@QAE@ABQBD@Z

  _CxxThrowException

  calloc

  strcat

  _mbsstr

  ??1type_info@@UAE@XZ

  _exit

  _XcptFilter

  exit

  _acmdln

  __getmainargs

  _initterm

  __setusermatherr

  _adjust_fdiv

  __p__commode

  __p__fmode

  __set_app_type

  _controlfp

  Sections

  .text

  Size: 28KB - Virtual size: 26KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 24KB - Virtual size: 23KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 8KB - Virtual size: 6KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rsrc

  Size: 3.3MB - Virtual size: 3.3MB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

• infinite locker.bat