ad58c0561b4e43595a9b78e904f80db1d35fc1fb9287f1cd90a63ab6837ed81c

Sharing

Copy URL Twitter E-mail

General

Target

ad58c0561b4e43595a9b78e904f80db1d35fc1fb9287f1cd90a63ab6837ed81c
Size

2.6MB
MD5

db835135635b5f8fc885c694e7c3f40c
SHA1

f11574594772a1bff52f39d3d4d2521e9656415b
SHA256

ad58c0561b4e43595a9b78e904f80db1d35fc1fb9287f1cd90a63ab6837ed81c
SHA512

f3ba1fe6f3c11b24354309805ecc1c4cae196af114502b47b759c7bf7d2f54d06b8ddad55db1a22e21ebd344d2f25bebefc2575b62b6487f9313118c69a79aaa
SSDEEP

49152:X1GrBIC7u4QK/YTrvNbWmMuU4qycIv+CKXQo11yObUSqNktCttxkznGrreLQ:MysucgTzNWuQyck+vbyOFtCtjsOX

Score

3^/10

Malware Config

Signatures

Unsigned PE 11 IoCs

Checks for missing Authenticode signature.

resource
unpack001/SNOW.EXE
unpack001/TaowaTools.exe
unpack001/cygiconv-2.dll
unpack001/cygintl-2.dll
unpack001/cygjpeg-62.dll
unpack001/cygmcrypt-4.dll
unpack001/cygmhash-2.dll
unpack001/cygwin1.dll
unpack001/cygz.dll
unpack001/jsteg.exe
unpack001/steghide.exe

Files

ad58c0561b4e43595a9b78e904f80db1d35fc1fb9287f1cd90a63ab6837ed81c
.zip
SNOW.EXE
.exe windows:4 windows x86 arch:x86

0bdd493f02586a65baea09e06ddc0769

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FreeEnvironmentStringsA
HeapAlloc
ExitProcess
TerminateProcess
GetCurrentProcess
GetCommandLineA
GetVersion
GetLastError
WriteFile
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetProcAddress
GetModuleHandleA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
CloseHandle
UnhandledExceptionFilter
GetModuleFileNameA
HeapFree
MultiByteToWideChar
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
WideCharToMultiByte
GetCPInfo
GetACP
GetOEMCP
RtlUnwind
SetFilePointer
FlushFileBuffers
ReadFile
SetStdHandle
CreateFileA
LoadLibraryA
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW
SetEndOfFile

Sections

.text
Size: 38KB - Virtual size: 37KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 18KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
TaowaTools.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

H:\ctftoolszz\snowGUI\snowGUI\obj\Debug\TaowaTools.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 78KB - Virtual size: 78KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 68KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
TaowaTools.exe.config
.xml
TaowaTools.pdb
crypt.py
crypt.pyc
cygiconv-2.dll
.dll windows:4 windows x86 arch:x86

6c5a1464135cd11ca179056ae7203ee2

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

cygwin1

__errno
__mb_cur_max
_fopen64
abort
calloc
cygwin_conv_to_posix_path
cygwin_detach_dll
cygwin_internal
dll_dllcrt0
fclose
free
fscanf
getc_unlocked
malloc
mbrtowc
memcpy
memset
nl_langinfo
pthread_mutex_lock
pthread_mutex_unlock
qsort
realloc
strchr
strcmp
strcpy
strdup
strlen
strncmp
strtoul
ungetc
wcrtomb

kernel32

AddAtomA
FindAtomA
GetAtomNameA
GetModuleFileNameA
GetModuleHandleA

Exports

Exports

_libiconv_version
aliases2_lookup
aliases_lookup
libiconv
libiconv_close
libiconv_open
libiconv_relocate
libiconv_set_relocation_prefix
libiconvctl
libiconvlist
locale_charset

Sections

.text
Size: 950KB - Virtual size: 949KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 64B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 1024B - Virtual size: 952B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 992B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 341B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
cygintl-2.dll
.dll windows:4 windows x86 arch:x86

6f2f5821b45fc52bc43e1defed443b82

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

cygwin1

__errno
_ctype_
_fopen64
_fstat64
_getegid32
_geteuid32
_getgid32
_getuid32
_open64
abort
bsearch
calloc
close
cygwin_conv_to_posix_path
cygwin_detach_dll
cygwin_internal
dll_dllcrt0
fclose
fgets
free
fscanf
fwrite
getc_unlocked
getcwd
getenv
malloc
memcpy
mempcpy
memset
nl_langinfo
pthread_mutex_lock
pthread_mutex_unlock
putc
qsort
read
realloc
strcasecmp
strchr
strcmp
strcpy
strcspn
strdup
strlen
strncmp
strstr
strtoul
tfind
tsearch
ungetc

cygiconv-2

libiconv
libiconv_close
libiconv_open
libiconv_set_relocation_prefix

kernel32

AddAtomA
FindAtomA
GetAtomNameA
GetModuleFileNameA
GetModuleHandleA

Exports

Exports

_nl_expand_alias
_nl_explode_name
_nl_find_domain
_nl_find_language
_nl_find_msg
_nl_free_domain_conv
_nl_init_domain_conv
_nl_load_domain
_nl_locale_name
_nl_log_untranslated
_nl_make_l10nflist
_nl_msg_cat_cntr
_nl_normalize_codeset
bind_textdomain_codeset
bindtextdomain
dcgettext
dcngettext
dgettext
dngettext
gettext
libintl_bind_textdomain_codeset
libintl_bindtextdomain
libintl_dcgettext
libintl_dcigettext
libintl_dcngettext
libintl_dgettext
libintl_dngettext
libintl_gettext
libintl_gettext_extract_plural
libintl_gettext_free_exp
libintl_gettext_germanic_plural
libintl_gettextparse
libintl_ngettext
libintl_nl_current_default_domain
libintl_nl_default_default_domain
libintl_nl_default_dirname
libintl_nl_domain_bindings
libintl_relocate
libintl_set_relocation_prefix
libintl_textdomain
locale_charset
ngettext
textdomain

Sections

.text
Size: 29KB - Virtual size: 29KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 112B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 1024B - Virtual size: 952B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
cygjpeg-62.dll
.dll windows:4 windows x86 arch:x86

6993c9e5a767b1f8eac8abd60b5bb86f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

cygwin1

__getreent
abort
calloc
cygwin_detach_dll
cygwin_internal
dll_dllcrt0
exit
fflush
fprintf
fread
free
fwrite
getenv
malloc
memcpy
memset
pthread_mutex_lock
pthread_mutex_unlock
realloc
sprintf
sscanf
strlen
strtoul

kernel32

AddAtomA
FindAtomA
GetAtomNameA
GetModuleHandleA

Exports

Exports

jcopy_block_row
jcopy_sample_rows
jdiv_round_up
jinit_1pass_quantizer
jinit_2pass_quantizer
jinit_c_codec
jinit_c_coef_controller
jinit_c_diff_controller
jinit_c_main_controller
jinit_c_master_control
jinit_c_prep_controller
jinit_c_scaler
jinit_color_converter
jinit_color_deconverter
jinit_compress_master
jinit_d_codec
jinit_d_coef_controller
jinit_d_diff_controller
jinit_d_main_controller
jinit_d_post_controller
jinit_d_scaler
jinit_differencer
jinit_downsampler
jinit_forward_dct
jinit_input_controller
jinit_inverse_dct
jinit_lhuff_decoder
jinit_lhuff_encoder
jinit_lossless_c_codec
jinit_lossless_d_codec
jinit_lossy_c_codec
jinit_lossy_d_codec
jinit_marker_reader
jinit_marker_writer
jinit_master_decompress
jinit_memory_mgr
jinit_merged_upsampler
jinit_phuff_decoder
jinit_phuff_encoder
jinit_shuff_decoder
jinit_shuff_encoder
jinit_undifferencer
jinit_upsampler
jpeg_CreateCompress
jpeg_CreateDecompress
jpeg_abort
jpeg_abort_compress
jpeg_abort_decompress
jpeg_add_quant_table
jpeg_alloc_huff_table
jpeg_alloc_quant_table
jpeg_calc_output_dimensions
jpeg_consume_input
jpeg_copy_critical_parameters
jpeg_default_colorspace
jpeg_destroy
jpeg_destroy_compress
jpeg_destroy_decompress
jpeg_fdct_float
jpeg_fdct_ifast
jpeg_fdct_islow
jpeg_fill_bit_buffer
jpeg_finish_compress
jpeg_finish_decompress
jpeg_finish_output
jpeg_free_large
jpeg_free_small
jpeg_gen_optimal_table
jpeg_get_large
jpeg_get_small
jpeg_has_multiple_scans
jpeg_huff_decode
jpeg_idct_1x1
jpeg_idct_2x2
jpeg_idct_4x4
jpeg_idct_float
jpeg_idct_ifast
jpeg_idct_islow
jpeg_input_complete
jpeg_make_c_derived_tbl
jpeg_make_d_derived_tbl
jpeg_mem_available
jpeg_mem_init
jpeg_mem_term
jpeg_natural_order
jpeg_new_colormap
jpeg_open_backing_store
jpeg_quality_scaling
jpeg_read_coefficients
jpeg_read_header
jpeg_read_raw_data
jpeg_read_scanlines
jpeg_resync_to_restart
jpeg_save_markers
jpeg_set_colorspace
jpeg_set_defaults
jpeg_set_linear_quality
jpeg_set_marker_processor
jpeg_set_quality
jpeg_simple_lossless
jpeg_simple_progression
jpeg_start_compress
jpeg_start_decompress
jpeg_start_output
jpeg_std_error
jpeg_std_message_table
jpeg_stdio_dest
jpeg_stdio_src
jpeg_suppress_tables
jpeg_write_coefficients
jpeg_write_m_byte
jpeg_write_m_header
jpeg_write_marker
jpeg_write_raw_data
jpeg_write_scanlines
jpeg_write_tables
jround_up
jzero_far

Sections

.text
Size: 123KB - Virtual size: 122KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 1024B - Virtual size: 952B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 336B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1024B - Virtual size: 812B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
cygmcrypt-4.dll
.dll windows:4 windows x86 arch:x86

f3026a5cb7f2ff2dcb810dfb890b5cea

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

cygwin1

__getreent
__main
_ctype_
abort
calloc
cygwin_detach_dll
cygwin_internal
dll_dllcrt0
free
fwrite
malloc
memcpy
memmove
memset
printf
pthread_mutex_lock
pthread_mutex_unlock
puts
readdir
realloc
sprintf
strcat
strcmp
strcpy
strdup
strlen
strncat
strtoul

kernel32

AddAtomA
FindAtomA
GetAtomNameA
GetModuleHandleA

Exports

Exports

arcfour_LTX__is_block_algorithm
arcfour_LTX__mcrypt_algorithm_version
arcfour_LTX__mcrypt_decrypt
arcfour_LTX__mcrypt_encrypt
arcfour_LTX__mcrypt_get_algo_iv_size
arcfour_LTX__mcrypt_get_algorithms_name
arcfour_LTX__mcrypt_get_block_size
arcfour_LTX__mcrypt_get_key_size
arcfour_LTX__mcrypt_get_size
arcfour_LTX__mcrypt_get_supported_key_sizes
arcfour_LTX__mcrypt_self_test
arcfour_LTX__mcrypt_set_key
blowfish_LTX__is_block_algorithm
blowfish_LTX__mcrypt_algorithm_version
blowfish_LTX__mcrypt_decrypt
blowfish_LTX__mcrypt_encrypt
blowfish_LTX__mcrypt_get_algorithms_name
blowfish_LTX__mcrypt_get_block_size
blowfish_LTX__mcrypt_get_key_size
blowfish_LTX__mcrypt_get_size
blowfish_LTX__mcrypt_get_supported_key_sizes
blowfish_LTX__mcrypt_self_test
blowfish_LTX__mcrypt_set_key
blowfish_compat_LTX__is_block_algorithm
blowfish_compat_LTX__mcrypt_algorithm_version
blowfish_compat_LTX__mcrypt_decrypt
blowfish_compat_LTX__mcrypt_encrypt
blowfish_compat_LTX__mcrypt_get_algorithms_name
blowfish_compat_LTX__mcrypt_get_block_size
blowfish_compat_LTX__mcrypt_get_key_size
blowfish_compat_LTX__mcrypt_get_size
blowfish_compat_LTX__mcrypt_get_supported_key_sizes
blowfish_compat_LTX__mcrypt_self_test
blowfish_compat_LTX__mcrypt_set_key
cast_128_LTX__is_block_algorithm
cast_128_LTX__mcrypt_algorithm_version
cast_128_LTX__mcrypt_decrypt
cast_128_LTX__mcrypt_encrypt
cast_128_LTX__mcrypt_get_algorithms_name
cast_128_LTX__mcrypt_get_block_size
cast_128_LTX__mcrypt_get_key_size
cast_128_LTX__mcrypt_get_size
cast_128_LTX__mcrypt_get_supported_key_sizes
cast_128_LTX__mcrypt_self_test
cast_128_LTX__mcrypt_set_key
cast_256_LTX__is_block_algorithm
cast_256_LTX__mcrypt_algorithm_version
cast_256_LTX__mcrypt_decrypt
cast_256_LTX__mcrypt_encrypt
cast_256_LTX__mcrypt_get_algorithms_name
cast_256_LTX__mcrypt_get_block_size
cast_256_LTX__mcrypt_get_key_size
cast_256_LTX__mcrypt_get_size
cast_256_LTX__mcrypt_get_supported_key_sizes
cast_256_LTX__mcrypt_self_test
cast_256_LTX__mcrypt_set_key
des_LTX__is_block_algorithm
des_LTX__mcrypt_algorithm_version
des_LTX__mcrypt_decrypt
des_LTX__mcrypt_encrypt
des_LTX__mcrypt_get_algorithms_name
des_LTX__mcrypt_get_block_size
des_LTX__mcrypt_get_key_size
des_LTX__mcrypt_get_size
des_LTX__mcrypt_get_supported_key_sizes
des_LTX__mcrypt_self_test
des_LTX__mcrypt_set_key
end_mcrypt
enigma_LTX__is_block_algorithm
enigma_LTX__mcrypt_algorithm_version
enigma_LTX__mcrypt_decrypt
enigma_LTX__mcrypt_encrypt
enigma_LTX__mcrypt_get_algo_iv_size
enigma_LTX__mcrypt_get_algorithms_name
enigma_LTX__mcrypt_get_block_size
enigma_LTX__mcrypt_get_key_size
enigma_LTX__mcrypt_get_size
enigma_LTX__mcrypt_get_supported_key_sizes
enigma_LTX__mcrypt_self_test
enigma_LTX__mcrypt_set_key
gost_LTX__is_block_algorithm
gost_LTX__mcrypt_algorithm_version
gost_LTX__mcrypt_decrypt
gost_LTX__mcrypt_encrypt
gost_LTX__mcrypt_get_algorithms_name
gost_LTX__mcrypt_get_block_size
gost_LTX__mcrypt_get_key_size
gost_LTX__mcrypt_get_size
gost_LTX__mcrypt_get_supported_key_sizes
gost_LTX__mcrypt_self_test
gost_LTX__mcrypt_set_key
init_mcrypt
loki97_LTX__is_block_algorithm
loki97_LTX__mcrypt_algorithm_version
loki97_LTX__mcrypt_decrypt
loki97_LTX__mcrypt_encrypt
loki97_LTX__mcrypt_get_algorithms_name
loki97_LTX__mcrypt_get_block_size
loki97_LTX__mcrypt_get_key_size
loki97_LTX__mcrypt_get_size
loki97_LTX__mcrypt_get_supported_key_sizes
loki97_LTX__mcrypt_self_test
loki97_LTX__mcrypt_set_key
main
mcrypt
mcrypt_algorithm_module_ok
mcrypt_check_version
mcrypt_dlopen
mcrypt_enc_get_algorithms_name
mcrypt_enc_get_block_size
mcrypt_enc_get_iv_size
mcrypt_enc_get_key_size
mcrypt_enc_get_modes_name
mcrypt_enc_get_state
mcrypt_enc_get_supported_key_sizes
mcrypt_enc_is_block_algorithm
mcrypt_enc_is_block_algorithm_mode
mcrypt_enc_is_block_mode
mcrypt_enc_mode_has_iv
mcrypt_enc_self_test
mcrypt_enc_set_state
mcrypt_free
mcrypt_free_p
mcrypt_generic
mcrypt_generic_deinit
mcrypt_generic_end
mcrypt_generic_init
mcrypt_get_algo_iv_size
mcrypt_get_size
mcrypt_list_algorithms
mcrypt_list_modes
mcrypt_mode_get_size
mcrypt_mode_module_ok
mcrypt_module_algorithm_version
mcrypt_module_close
mcrypt_module_get_algo_block_size
mcrypt_module_get_algo_key_size
mcrypt_module_get_algo_supported_key_sizes
mcrypt_module_is_block_algorithm
mcrypt_module_is_block_algorithm_mode
mcrypt_module_is_block_mode
mcrypt_module_mode_version
mcrypt_module_open
mcrypt_module_self_test
mcrypt_module_support_dynamic
mcrypt_mutex_register
mcrypt_perror
mcrypt_readdir
mcrypt_set_key
mcrypt_strerror
mdecrypt
mdecrypt_generic
panama_LTX__is_block_algorithm
panama_LTX__mcrypt_algorithm_version
panama_LTX__mcrypt_decrypt
panama_LTX__mcrypt_encrypt
panama_LTX__mcrypt_get_algo_iv_size
panama_LTX__mcrypt_get_algorithms_name
panama_LTX__mcrypt_get_block_size
panama_LTX__mcrypt_get_key_size
panama_LTX__mcrypt_get_size
panama_LTX__mcrypt_get_supported_key_sizes
panama_LTX__mcrypt_self_test
panama_LTX__mcrypt_set_key
rc2_LTX__is_block_algorithm
rc2_LTX__mcrypt_algorithm_version
rc2_LTX__mcrypt_decrypt
rc2_LTX__mcrypt_encrypt
rc2_LTX__mcrypt_get_algorithms_name
rc2_LTX__mcrypt_get_block_size
rc2_LTX__mcrypt_get_key_size
rc2_LTX__mcrypt_get_size
rc2_LTX__mcrypt_get_supported_key_sizes
rc2_LTX__mcrypt_self_test
rc2_LTX__mcrypt_set_key
rijndael_128_LTX__is_block_algorithm
rijndael_128_LTX__mcrypt_algorithm_version
rijndael_128_LTX__mcrypt_decrypt
rijndael_128_LTX__mcrypt_encrypt
rijndael_128_LTX__mcrypt_get_algorithms_name
rijndael_128_LTX__mcrypt_get_block_size
rijndael_128_LTX__mcrypt_get_key_size
rijndael_128_LTX__mcrypt_get_size
rijndael_128_LTX__mcrypt_get_supported_key_sizes
rijndael_128_LTX__mcrypt_self_test
rijndael_128_LTX__mcrypt_set_key
rijndael_192_LTX__is_block_algorithm
rijndael_192_LTX__mcrypt_algorithm_version
rijndael_192_LTX__mcrypt_decrypt
rijndael_192_LTX__mcrypt_encrypt
rijndael_192_LTX__mcrypt_get_algorithms_name
rijndael_192_LTX__mcrypt_get_block_size
rijndael_192_LTX__mcrypt_get_key_size
rijndael_192_LTX__mcrypt_get_size
rijndael_192_LTX__mcrypt_get_supported_key_sizes
rijndael_192_LTX__mcrypt_self_test
rijndael_192_LTX__mcrypt_set_key
rijndael_256_LTX__is_block_algorithm
rijndael_256_LTX__mcrypt_algorithm_version
rijndael_256_LTX__mcrypt_decrypt
rijndael_256_LTX__mcrypt_encrypt
rijndael_256_LTX__mcrypt_get_algorithms_name
rijndael_256_LTX__mcrypt_get_block_size
rijndael_256_LTX__mcrypt_get_key_size
rijndael_256_LTX__mcrypt_get_size
rijndael_256_LTX__mcrypt_get_supported_key_sizes
rijndael_256_LTX__mcrypt_self_test
rijndael_256_LTX__mcrypt_set_key
safer_sk128_LTX__is_block_algorithm
safer_sk128_LTX__mcrypt_algorithm_version
safer_sk128_LTX__mcrypt_decrypt
safer_sk128_LTX__mcrypt_encrypt
safer_sk128_LTX__mcrypt_get_algorithms_name
safer_sk128_LTX__mcrypt_get_block_size
safer_sk128_LTX__mcrypt_get_key_size
safer_sk128_LTX__mcrypt_get_size
safer_sk128_LTX__mcrypt_get_supported_key_sizes
safer_sk128_LTX__mcrypt_self_test
safer_sk128_LTX__mcrypt_set_key
safer_sk64_LTX__is_block_algorithm
safer_sk64_LTX__mcrypt_algorithm_version
safer_sk64_LTX__mcrypt_decrypt
safer_sk64_LTX__mcrypt_encrypt
safer_sk64_LTX__mcrypt_get_algorithms_name
safer_sk64_LTX__mcrypt_get_block_size
safer_sk64_LTX__mcrypt_get_key_size
safer_sk64_LTX__mcrypt_get_size
safer_sk64_LTX__mcrypt_get_supported_key_sizes
safer_sk64_LTX__mcrypt_self_test
safer_sk64_LTX__mcrypt_set_key
saferplus_LTX__is_block_algorithm
saferplus_LTX__mcrypt_algorithm_version
saferplus_LTX__mcrypt_decrypt
saferplus_LTX__mcrypt_encrypt
saferplus_LTX__mcrypt_get_algorithms_name
saferplus_LTX__mcrypt_get_block_size
saferplus_LTX__mcrypt_get_key_size
saferplus_LTX__mcrypt_get_size
saferplus_LTX__mcrypt_get_supported_key_sizes
saferplus_LTX__mcrypt_self_test
saferplus_LTX__mcrypt_set_key
serpent_LTX__is_block_algorithm
serpent_LTX__mcrypt_algorithm_version
serpent_LTX__mcrypt_decrypt
serpent_LTX__mcrypt_encrypt
serpent_LTX__mcrypt_get_algorithms_name
serpent_LTX__mcrypt_get_block_size
serpent_LTX__mcrypt_get_key_size
serpent_LTX__mcrypt_get_size
serpent_LTX__mcrypt_get_supported_key_sizes
serpent_LTX__mcrypt_self_test
serpent_LTX__mcrypt_set_key
threeway_LTX__is_block_algorithm
threeway_LTX__mcrypt_algorithm_version
threeway_LTX__mcrypt_decrypt
threeway_LTX__mcrypt_encrypt
threeway_LTX__mcrypt_get_algorithms_name
threeway_LTX__mcrypt_get_block_size
threeway_LTX__mcrypt_get_key_size
threeway_LTX__mcrypt_get_size
threeway_LTX__mcrypt_get_supported_key_sizes
threeway_LTX__mcrypt_self_test
threeway_LTX__mcrypt_set_key
tripledes_LTX__is_block_algorithm
tripledes_LTX__mcrypt_algorithm_version
tripledes_LTX__mcrypt_decrypt
tripledes_LTX__mcrypt_encrypt
tripledes_LTX__mcrypt_get_algorithms_name
tripledes_LTX__mcrypt_get_block_size
tripledes_LTX__mcrypt_get_key_size
tripledes_LTX__mcrypt_get_size
tripledes_LTX__mcrypt_get_supported_key_sizes
tripledes_LTX__mcrypt_self_test
tripledes_LTX__mcrypt_set_key
twofish_LTX__is_block_algorithm
twofish_LTX__mcrypt_algorithm_version
twofish_LTX__mcrypt_decrypt
twofish_LTX__mcrypt_encrypt
twofish_LTX__mcrypt_get_algorithms_name
twofish_LTX__mcrypt_get_block_size
twofish_LTX__mcrypt_get_key_size
twofish_LTX__mcrypt_get_size
twofish_LTX__mcrypt_get_supported_key_sizes
twofish_LTX__mcrypt_self_test
twofish_LTX__mcrypt_set_key
wake_LTX__is_block_algorithm
wake_LTX__mcrypt_algorithm_version
wake_LTX__mcrypt_decrypt
wake_LTX__mcrypt_encrypt
wake_LTX__mcrypt_get_algo_iv_size
wake_LTX__mcrypt_get_algorithms_name
wake_LTX__mcrypt_get_block_size
wake_LTX__mcrypt_get_key_size
wake_LTX__mcrypt_get_size
wake_LTX__mcrypt_get_supported_key_sizes
wake_LTX__mcrypt_self_test
wake_LTX__mcrypt_set_key
xtea_LTX__is_block_algorithm
xtea_LTX__mcrypt_algorithm_version
xtea_LTX__mcrypt_decrypt
xtea_LTX__mcrypt_encrypt
xtea_LTX__mcrypt_get_algorithms_name
xtea_LTX__mcrypt_get_block_size
xtea_LTX__mcrypt_get_key_size
xtea_LTX__mcrypt_get_size
xtea_LTX__mcrypt_get_supported_key_sizes
xtea_LTX__mcrypt_self_test
xtea_LTX__mcrypt_set_key

Sections

.text
Size: 153KB - Virtual size: 153KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 1024B - Virtual size: 952B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 23KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1024B - Virtual size: 936B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
cygmhash-2.dll
.dll windows:4 windows x86 arch:x86

2a7fe0ce403e506f483d1f7d39cf496d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

msvcrt

__dllonexit
_errno
abort
calloc
fflush
free
malloc
memcpy
memset
strcpy
strlen
strtol
strtoul

kernel32

AddAtomA
CreateMutexA
FindAtomA
GetAtomNameA
InterlockedIncrement
ReleaseMutex
Sleep
WaitForSingleObject

Exports

Exports

_mhash_get_deinit_func
_mhash_get_final_func
_mhash_get_hash_func
_mhash_get_init_func
_mhash_get_state_size
main
mhash
mhash_bzero
mhash_count
mhash_cp
mhash_deinit
mhash_end
mhash_end_m
mhash_free
mhash_get_block_size
mhash_get_hash_name
mhash_get_hash_name_static
mhash_get_hash_pblock
mhash_get_keygen_max_key_size
mhash_get_keygen_name
mhash_get_keygen_name_static
mhash_get_keygen_salt_size
mhash_get_mhash_algo
mhash_hmac_deinit
mhash_hmac_end
mhash_hmac_end_m
mhash_hmac_init
mhash_init
mhash_init_int
mhash_keygen
mhash_keygen_count
mhash_keygen_ext
mhash_keygen_uses_count
mhash_keygen_uses_hash_algorithm
mhash_keygen_uses_salt
mhash_restore_state_mem
mhash_save_state_mem

Sections

.text
Size: 124KB - Virtual size: 124KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 128B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 1024B - Virtual size: 876B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 128B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1024B - Virtual size: 652B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
cygwin1.dll
.dll windows:4 windows x86 arch:x86

ed7aeeb3bf97d5d41ab0e5302832373c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

kernel32

AllocConsole
BackupRead
BackupSeek
BackupWrite
ClearCommBreak
ClearCommError
CloseHandle
CompareFileTime
CopyFileA
CreateDirectoryA
CreateEventA
CreateFileA
CreateFileMappingA
CreateMutexA
CreatePipe
CreateProcessA
CreateSemaphoreA
CreateThread
DeleteCriticalSection
DeleteFileA
DeviceIoControl
DuplicateHandle
EnterCriticalSection
EraseTape
EscapeCommFunction
ExitProcess
ExitThread
ExpandEnvironmentStringsA
FillConsoleOutputAttribute
FillConsoleOutputCharacterA
FindClose
FindFirstChangeNotificationA
FindFirstFileA
FindNextChangeNotification
FindNextFileA
FlushConsoleInputBuffer
FlushFileBuffers
FlushViewOfFile
FreeConsole
FreeEnvironmentStringsA
FreeLibrary
GetACP
GetCommModemStatus
GetCommState
GetCommandLineA
GetComputerNameA
GetConsoleCP
GetConsoleMode
GetConsoleOutputCP
GetConsoleScreenBufferInfo
GetConsoleTitleA
GetCurrentDirectoryA
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetDiskFreeSpaceA
GetDriveTypeA
GetEnvironmentStrings
GetEnvironmentVariableA
GetExitCodeProcess
GetFileAttributesA
GetFileInformationByHandle
GetFileSize
GetFileType
GetFullPathNameA
GetLastError
GetLogicalDriveStringsA
GetLogicalDrives
GetModuleFileNameA
GetModuleHandleA
GetNumberOfConsoleInputEvents
GetOEMCP
GetOverlappedResult
GetPriorityClass
GetProcAddress
GetProcessTimes
GetStartupInfoA
GetStdHandle
GetSystemDirectoryA
GetSystemInfo
GetSystemTime
GetSystemTimeAsFileTime
GetTapeParameters
GetTapePosition
GetThreadContext
GetThreadPriority
GetTickCount
GetTimeZoneInformation
GetVersionExA
GetVolumeInformationA
GetWindowsDirectoryA
GlobalAlloc
GlobalFree
GlobalLock
GlobalMemoryStatus
GlobalUnlock
InitializeCriticalSection
IsBadReadPtr
IsBadStringPtrA
IsBadWritePtr
LeaveCriticalSection
LoadLibraryA
LoadLibraryExA
LocalFree
LockFile
LockFileEx
MapViewOfFileEx
MoveFileA
MoveFileExA
MultiByteToWideChar
OpenEventA
OpenFileMappingA
OpenMutexA
OpenProcess
OutputDebugStringA
PeekConsoleInputA
PeekNamedPipe
PrepareTape
PurgeComm
QueryDosDeviceA
QueryPerformanceCounter
QueryPerformanceFrequency
ReadConsoleInputA
ReadConsoleOutputA
ReadFile
ReadProcessMemory
ReleaseMutex
ReleaseSemaphore
RemoveDirectoryA
ResetEvent
ResumeThread
ScrollConsoleScreenBufferA
SetCommBreak
SetCommMask
SetCommState
SetCommTimeouts
SetConsoleCtrlHandler
SetConsoleCursorPosition
SetConsoleMode
SetConsoleTextAttribute
SetConsoleTitleA
SetCurrentDirectoryA
SetEndOfFile
SetEnvironmentVariableA
SetErrorMode
SetEvent
SetFileApisToANSI
SetFileApisToOEM
SetFileAttributesA
SetFilePointer
SetFileTime
SetHandleInformation
SetLastError
SetNamedPipeHandleState
SetPriorityClass
SetStdHandle
SetSystemTime
SetTapeParameters
SetTapePosition
SetThreadAffinityMask
SetThreadContext
SetThreadPriority
Sleep
SuspendThread
SystemTimeToFileTime
TerminateProcess
TerminateThread
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
TransmitCommChar
UnlockFile
UnlockFileEx
UnmapViewOfFile
VirtualAlloc
VirtualFree
VirtualProtect
VirtualProtectEx
VirtualQuery
WaitCommEvent
WaitForMultipleObjects
WaitForSingleObject
WideCharToMultiByte
WriteConsoleOutputA
WriteFile
WriteProcessMemory
WriteTapemark

Exports

Exports

__argc
__argv
__assert
__assertfail
__ctype_ptr
__cygwin_environ
__cygwin_user_data
__eprintf
__errno
__f_atan2
__f_atan2f
__f_exp
__f_expf
__f_frexp
__f_frexpf
__f_ldexp
__f_ldexpf
__f_log
__f_log10
__f_log10f
__f_logf
__f_pow
__f_powf
__f_tan
__f_tanf
__fpclassifyd
__fpclassifyf
__getreent
__infinity
__main
__mb_cur_max
__mempcpy
__progname
__signbitd
__signbitf
__signgam
__srget
__swbuf
_abort
_abs
_access
_acl
_acl32
_aclcheck
_aclcheck32
_aclfrommode
_aclfrommode32
_aclfrompbits
_aclfrompbits32
_aclfromtext
_aclfromtext32
_aclsort
_aclsort32
_acltomode
_acltomode32
_acltopbits
_acltopbits32
_acltotext
_acltotext32
_acos
_acosf
_acosh
_acoshf
_alarm
_alloca
_alphasort
_asctime
_asctime_r
_asin
_asinf
_asinh
_asinhf
_asprintf
_asprintf_r
_atan
_atan2
_atan2f
_atanf
_atanh
_atanhf
_atexit
_atof
_atoff
_atoi
_atol
_bcmp
_bcopy
_bsearch
_bzero
_cabs
_cabsf
_calloc
_cbrt
_cbrtf
_ceil
_ceilf
_chdir
_check_for_executable
_chmod
_chown
_chown32
_chroot
_clearerr
_clock
_close
_closedir
_closelog
_copysign
_copysignf
_cos
_cosf
_cosh
_coshf
_creat
_ctime
_ctime_r
_ctype_
_cuserid
_cwait
_daylight
_difftime
_dirfd
_div
_dll_crt0@0
_drand48
_drem
_dremf
_dup
_dup2
_ecvt
_ecvtbuf
_ecvtf
_endgrent
_endmntent
_endpwent
_endutent
_erand48
_erf
_erfc
_erfcf
_erff
_execl
_execle
_execlp
_execv
_execve
_execvp
_exit
_exp
_expf
_expm1
_expm1f
_f_atan2
_f_atan2f
_f_exp
_f_expf
_f_frexp
_f_frexpf
_f_ldexp
_f_ldexpf
_f_log
_f_log10
_f_log10f
_f_logf
_f_pow
_f_powf
_f_tan
_f_tanf
_fabs
_fabsf
_facl
_facl32
_fchdir
_fchmod
_fchown
_fchown32
_fclose
_fcloseall
_fcloseall_r
_fcntl
_fcvt
_fcvtbuf
_fcvtf
_fdopen
_fdopen64
_feof
_ferror
_fflush
_ffs
_fgetc
_fgetpos
_fgetpos64
_fgets
_fileno
_finite
_finitef
_fiprintf
_floor
_floorf
_fmod
_fmodf
_fnmatch
_fopen
_fopen64
_fork
_fprintf
_fputc
_fputs
_fread
_free
_freopen
_freopen64
_frexp
_frexpf
_fscanf
_fscanf_r
_fseek
_fseeko
_fseeko64
_fsetpos
_fsetpos64
_fstat
_fstat64
_fstatfs
_fsync
_ftell
_ftello
_ftello64
_ftime
_ftok
_ftruncate
_ftruncate64
_fwrite
_gamma
_gamma_r
_gammaf
_gammaf_r
_gcvt
_gcvtf
_get_osfhandle
_getc
_getc_unlocked
_getchar
_getchar_unlocked
_getcwd
_getdomainname
_getdtablesize
_getegid
_getegid32
_getenv
_geteuid
_geteuid32
_getgid
_getgid32
_getgrent
_getgrent32
_getgrgid
_getgrgid32
_getgrnam
_getgrnam32
_getgroups
_getgroups32
_gethostname
_getlogin
_getmntent
_getmode
_getpagesize
_getpass
_getpgrp
_getpid
_getppid
_getpwduid
_getpwent
_getpwnam
_getpwuid
_getpwuid32
_getpwuid_r32
_getrlimit
_getrusage
_gets
_gettimeofday
_getuid
_getuid32
_getutent
_getutid
_getutline
_getw
_getwd
_glob
_globfree
_gmtime
_gmtime_r
_htonl
_htons
_hypot
_hypotf
_ilogb
_ilogbf
_index
_infinity
_infinityf
_initgroups32
_ioctl
_iprintf
_isalnum
_isalpha
_isascii
_isatty
_iscntrl
_isdigit
_isgraph
_isinf
_isinff
_islower
_isnan
_isnanf
_isprint
_ispunct
_isspace
_isupper
_isxdigit
_j0
_j0f
_j1
_j1f
_jn
_jnf
_jrand48
_kill
_labs
_lacl
_lchown
_lchown32
_lcong48
_ldexp
_ldexpf
_ldiv
_lgamma
_lgamma_r
_lgammaf
_lgammaf_r
_link
_localeconv
_localtime
_localtime_r
_log
_log10
_log10f
_log1p
_log1pf
_logb
_logbf
_logf
_longjmp
_lrand48
_lseek
_lseek64
_lstat
_lstat64
_malloc
_matherr
_mblen
_mbstowcs
_mbtowc
_memccpy
_memchr
_memcmp
_memcpy
_memmove
_memset
_mkdir
_mknod
_mknod32
_mkstemp
_mktemp
_mktime
_mmap64
_modf
_modff
_mount
_nan
_nanf
_nanosleep
_nextafter
_nextafterf
_nice
_nl_langinfo
_nrand48
_ntohl
_ntohs
_open
_open64
_opendir
_openlog
_pathconf
_pclose
_perror
_pipe
_poll
_popen
_pow
_powf
_printf
_pthread_cleanup_pop
_pthread_cleanup_push
_putc
_putc_unlocked
_putchar
_putchar_unlocked
_putenv
_puts
_pututline
_putw
_qsort
_raise
_rand
_read
_readdir
_readlink
_readv
_realloc
_remainder
_remainderf
_remove
_rename
_rewind
_rewinddir
_rindex
_rint
_rintf
_rmdir
_sbrk
_scalb
_scalbf
_scalbn
_scalbnf
_scandir
_scanf
_scanf_r
_seed48
_seekdir
_seekdir64
_select
_setbuf
_setdtablesize
_setegid
_setegid32
_setenv
_seteuid
_seteuid32
_setgid
_setgid32
_setgrent
_setgroups
_setgroups32
_setjmp
_setlocale
_setmntent
_setmode
_setpassent
_setpgid
_setpgrp
_setpwent
_setregid
_setregid32
_setreuid
_setreuid32
_setrlimit
_setsid
_settimeofday
_setuid
_setuid32
_setutent
_setvbuf
_sigaction
_sigaddset
_sigdelset
_sigemptyset
_sigfillset
_siginterrupt
_sigismember
_signal
_significand
_significandf
_sigpending
_sigprocmask
_sigsuspend
_sin
_sinf
_sinh
_sinhf
_siprintf
_sleep
_snprintf
_spawnl
_spawnle
_spawnlp
_spawnlpe
_spawnv
_spawnve

Sections

.text
Size: 801KB - Virtual size: 801KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 41KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

/4
Size: 512B - Virtual size: 324B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

/17
Size: 1024B - Virtual size: 888B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

/31
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

/46
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

/61
Size: 512B - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

/76
Size: 512B - Virtual size: 288B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

/91
Size: 512B - Virtual size: 264B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

/103
Size: 1024B - Virtual size: 528B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

/115
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

/127
Size: 512B - Virtual size: 48B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

/139
Size: 512B - Virtual size: 120B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

/153
Size: 512B - Virtual size: 232B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

/167
Size: 1024B - Virtual size: 736B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

/180
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

/193
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

/207
Size: 512B - Virtual size: 496B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

/220
Size: 512B - Virtual size: 100B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

/235
Size: 512B - Virtual size: 144B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

/250
Size: 512B - Virtual size: 68B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

/262
Size: 512B - Virtual size: 120B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

/274
Size: 512B - Virtual size: 352B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

/289
Size: 1024B - Virtual size: 584B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

/304
Size: 512B - Virtual size: 288B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

/316
Size: 1024B - Virtual size: 520B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

/328
Size: 512B - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

/341
Size: 512B - Virtual size: 80B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 408B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 225KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 41KB - Virtual size: 41KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
cygz.dll
.dll windows:4 windows x86 arch:x86

e5d137004ca5800366d38a3ecb91ab77

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

cygwin1

__errno
_fdopen64
_fopen64
abort
calloc
cygwin_detach_dll
cygwin_internal
dll_dllcrt0
fclose
fflush
fprintf
fputc
fread
free
fseek
ftell
fwrite
malloc
memcpy
memset
pthread_mutex_lock
pthread_mutex_unlock
realloc
rewind
sprintf
strcat
strcpy
strlen
strtoul
vsprintf

kernel32

AddAtomA
FindAtomA
GetAtomNameA
GetModuleHandleA

Exports

Exports

_dist_code
_length_code
_tr_align
_tr_flush_block
_tr_init
_tr_stored_block
_tr_tally
adler32
compress
compress2
crc32
deflate
deflateCopy
deflateEnd
deflateInit2_
deflateInit_
deflateParams
deflateReset
deflateSetDictionary
deflate_copyright
get_crc_table
gzclose
gzdopen
gzeof
gzerror
gzflush
gzgetc
gzgets
gzopen
gzprintf
gzputc
gzputs
gzread
gzrewind
gzseek
gzsetparams
gztell
gzwrite
inflate
inflateEnd
inflateInit2_
inflateInit_
inflateReset
inflateSetDictionary
inflateSync
inflateSyncPoint
inflate_blocks
inflate_blocks_free
inflate_blocks_new
inflate_blocks_reset
inflate_blocks_sync_point
inflate_codes
inflate_codes_free
inflate_codes_new
inflate_copyright
inflate_fast
inflate_flush
inflate_mask
inflate_set_dictionary
inflate_trees_bits
inflate_trees_dynamic
inflate_trees_fixed
uncompress
zError
z_errmsg
zcalloc
zcfree
zlibVersion

Sections

.text
Size: 49KB - Virtual size: 48KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 1024B - Virtual size: 952B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 336B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1024B - Virtual size: 1016B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 780B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
jsteg.exe
.exe windows:4 windows x64 arch:x64

96c44fa1eee2c4e9b9e77d7bf42d59e6

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Imports

winmm

timeEndPeriod
timeBeginPeriod

ws2_32

WSAGetOverlappedResult

kernel32

WriteFile
WriteConsoleW
WaitForSingleObject
VirtualFree
VirtualAlloc
SwitchToThread
SetWaitableTimer
SetUnhandledExceptionFilter
SetProcessPriorityBoost
SetEvent
SetErrorMode
SetConsoleCtrlHandler
LoadLibraryA
LoadLibraryW
GetSystemInfo
GetStdHandle
GetQueuedCompletionStatus
GetProcessAffinityMask
GetProcAddress
GetEnvironmentStringsW
GetConsoleMode
FreeEnvironmentStringsW
ExitProcess
DuplicateHandle
CreateThread
CreateIoCompletionPort
CreateEventA
CloseHandle
AddVectoredExceptionHandler

Sections

.text
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 80KB - Virtual size: 198KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

/4
Size: 512B - Virtual size: 437B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/18
Size: 89KB - Virtual size: 88KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/30
Size: 94KB - Virtual size: 93KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/43
Size: 48KB - Virtual size: 48KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/59
Size: 51KB - Virtual size: 50KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/75
Size: 512B - Virtual size: 42B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/94
Size: 476KB - Virtual size: 475KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/106
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.idata
Size: 1024B - Virtual size: 1022B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.symtab
Size: 168KB - Virtual size: 168KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
locale/de/LC_MESSAGES/steghide.mo
locale/es/LC_MESSAGES/steghide.mo
locale/fr/LC_MESSAGES/steghide.mo
locale/ro/LC_MESSAGES/steghide.mo
lsb.py
steghide.exe
.exe windows:4 windows x86 arch:x86

c7aa6c64ded2a65ec3ad42d6aa26c8ac

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

cygwin1

__errno
__getreent
__main
_ctype_
_fdopen64
_fopen64
abort
atoi
calloc
cygwin_internal
dll_crt0__FP11per_process
exit
fclose
feof
fflush
fgetc
fileno
fprintf
fputc
fputs
fread
free
fseek
ftell
fwrite
getc
log
malloc
memchr
memcpy
memmove
memset
printf
pthread_mutex_lock
pthread_mutex_unlock
pthread_once
putchar
puts
rand
realloc
rewind
setenv
setlocale
setvbuf
sprintf
sqrt
srand
sscanf
strcat
strcmp
strcoll
strcpy
strdup
strftime
strlen
strncpy
strtod
strtol
strtoll
strtoul
strtoull
strxfrm
tcgetattr
tcsetattr
time
ungetc
vsnprintf

cygintl-2

_nl_msg_cat_cntr
libintl_bind_textdomain_codeset
libintl_bindtextdomain
libintl_gettext
libintl_textdomain
_nl_msg_cat_cntr

cygjpeg-62

jpeg_CreateCompress
jpeg_CreateDecompress
jpeg_copy_critical_parameters
jpeg_destroy_compress
jpeg_destroy_decompress
jpeg_finish_compress
jpeg_finish_decompress
jpeg_read_coefficients
jpeg_read_header
jpeg_std_error
jpeg_stdio_dest
jpeg_stdio_src
jpeg_write_coefficients

cygmcrypt-4

mcrypt_enc_get_algorithms_name
mcrypt_enc_get_block_size
mcrypt_enc_get_iv_size
mcrypt_enc_get_key_size
mcrypt_enc_get_modes_name
mcrypt_enc_mode_has_iv
mcrypt_free_p
mcrypt_generic
mcrypt_generic_deinit
mcrypt_generic_init
mcrypt_list_algorithms
mcrypt_list_modes
mcrypt_module_close
mcrypt_module_is_block_algorithm
mcrypt_module_is_block_algorithm_mode
mcrypt_module_open
mcrypt_perror
mdecrypt_generic

cygmhash-2

mhash
mhash_deinit
mhash_get_block_size
mhash_get_hash_name
mhash_get_mhash_algo
mhash_init
mhash_keygen_ext

cygz

compress2
uncompress

kernel32

AddAtomA
FindAtomA
GetAtomNameA
GetModuleHandleA
GetThreadLocale

Sections

.text
Size: 487KB - Virtual size: 487KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 82KB - Virtual size: 82KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 5KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
tables/1CB4
tables/1CB5
tables/1CB6
tables/1TH4
tables/1TH5
tables/1TH6
tables/1cb0
tables/1cb1
tables/1cb2
tables/1th0
tables/1th1
tables/1th2
tables/2CB4
tables/2CB5
tables/2CB6
tables/2TH4
tables/2TH5
tables/2TH6
tables/2cb0
tables/2cb1
tables/2cb2
tables/2th0
tables/2th1
tables/2th2
tables/ALLOC_4
tables/HUFFCODE
tables/PSY_DATA
tables/absthr_0
tables/absthr_1
tables/absthr_2
tables/alloc_0
tables/alloc_1
tables/alloc_2
tables/alloc_3
tables/dewindow
tables/enwindow
tables/huffdec
tsharkpath.txt

Sharing

General

Malware Config

Signatures

Files

0bdd493f02586a65baea09e06ddc0769

Headers

File Characteristics

Imports

kernel32

Sections

.text Size: 38KB - Virtual size: 37KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 18KB - Virtual size: 39KB

.idata Size: 1KB - Virtual size: 1KB

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mscoree

Sections

.text Size: 78KB - Virtual size: 78KB

.rsrc Size: 68KB - Virtual size: 67KB

.reloc Size: 512B - Virtual size: 12B

6c5a1464135cd11ca179056ae7203ee2

Headers

File Characteristics

Imports

cygwin1

kernel32

Exports

Exports

Sections

.text Size: 950KB - Virtual size: 949KB

.data Size: 512B - Virtual size: 64B

.rdata Size: 1024B - Virtual size: 952B

.bss Size: - Virtual size: 992B

.edata Size: 512B - Virtual size: 341B

.idata Size: 1KB - Virtual size: 1KB

.reloc Size: 3KB - Virtual size: 3KB

6f2f5821b45fc52bc43e1defed443b82

Headers

File Characteristics

Imports

cygwin1

cygiconv-2

kernel32

Exports

Exports

Sections

.text Size: 29KB - Virtual size: 29KB

.data Size: 512B - Virtual size: 112B

.rdata Size: 1024B - Virtual size: 952B

.bss Size: - Virtual size: 1KB

.edata Size: 1KB - Virtual size: 1KB

.idata Size: 2KB - Virtual size: 1KB

.reloc Size: 1KB - Virtual size: 1KB

6993c9e5a767b1f8eac8abd60b5bb86f

Headers

File Characteristics

Imports

cygwin1

kernel32

Exports

Exports

Sections

.text Size: 123KB - Virtual size: 122KB

.data Size: 512B - Virtual size: 48B

.rdata Size: 1024B - Virtual size: 952B

.bss Size: - Virtual size: 336B

.edata Size: 3KB - Virtual size: 3KB

.idata Size: 1024B - Virtual size: 812B

.reloc Size: 1KB - Virtual size: 1KB

f3026a5cb7f2ff2dcb810dfb890b5cea

Headers

File Characteristics

Imports

cygwin1

.text
Size: 38KB - Virtual size: 37KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 18KB - Virtual size: 39KB

.idata
Size: 1KB - Virtual size: 1KB

.text
Size: 78KB - Virtual size: 78KB

.rsrc
Size: 68KB - Virtual size: 67KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 950KB - Virtual size: 949KB

.data
Size: 512B - Virtual size: 64B

.rdata
Size: 1024B - Virtual size: 952B

.bss
Size: - Virtual size: 992B

.edata
Size: 512B - Virtual size: 341B

.idata
Size: 1KB - Virtual size: 1KB

.reloc
Size: 3KB - Virtual size: 3KB

.text
Size: 29KB - Virtual size: 29KB

.data
Size: 512B - Virtual size: 112B

.rdata
Size: 1024B - Virtual size: 952B

.bss
Size: - Virtual size: 1KB

.edata
Size: 1KB - Virtual size: 1KB

.idata
Size: 2KB - Virtual size: 1KB

.reloc
Size: 1KB - Virtual size: 1KB

.text
Size: 123KB - Virtual size: 122KB

.data
Size: 512B - Virtual size: 48B

.rdata
Size: 1024B - Virtual size: 952B

.bss
Size: - Virtual size: 336B

.edata
Size: 3KB - Virtual size: 3KB

.idata
Size: 1024B - Virtual size: 812B

.reloc
Size: 1KB - Virtual size: 1KB

.text
Size: 153KB - Virtual size: 153KB

.data
Size: 7KB - Virtual size: 6KB

.rdata
Size: 1024B - Virtual size: 952B

.bss
Size: - Virtual size: 23KB

.edata
Size: 13KB - Virtual size: 12KB

.idata
Size: 1024B - Virtual size: 936B

.reloc
Size: 4KB - Virtual size: 4KB

.text
Size: 124KB - Virtual size: 124KB

.data
Size: 512B - Virtual size: 128B

.rdata
Size: 1024B - Virtual size: 876B

.bss
Size: - Virtual size: 128B

.edata
Size: 1KB - Virtual size: 1KB

.idata
Size: 1024B - Virtual size: 652B

.reloc
Size: 2KB - Virtual size: 1KB

.text
Size: 801KB - Virtual size: 801KB

.data
Size: 41KB - Virtual size: 41KB

/4
Size: 512B - Virtual size: 324B

/17
Size: 1024B - Virtual size: 888B

/31
Size: 2KB - Virtual size: 1KB

/46
Size: 3KB - Virtual size: 2KB

/61
Size: 512B - Virtual size: 176B

/76
Size: 512B - Virtual size: 288B

/91
Size: 512B - Virtual size: 264B

/103
Size: 1024B - Virtual size: 528B

/115
Size: 512B - Virtual size: 24B

/127
Size: 512B - Virtual size: 48B

/139
Size: 512B - Virtual size: 120B

/153
Size: 512B - Virtual size: 232B

/167
Size: 1024B - Virtual size: 736B

/180
Size: 1KB - Virtual size: 1KB

/193
Size: 1KB - Virtual size: 1KB

/207
Size: 512B - Virtual size: 496B

/220
Size: 512B - Virtual size: 100B

/235
Size: 512B - Virtual size: 144B

/250
Size: 512B - Virtual size: 68B

/262
Size: 512B - Virtual size: 120B

/274
Size: 512B - Virtual size: 352B

/289
Size: 1024B - Virtual size: 584B

/304
Size: 512B - Virtual size: 288B

/316
Size: 1024B - Virtual size: 520B

/328
Size: 512B - Virtual size: 48B

/341
Size: 512B - Virtual size: 80B

.rdata
Size: 512B - Virtual size: 408B

.bss
Size: - Virtual size: 225KB

.edata
Size: 28KB - Virtual size: 28KB

.idata
Size: 6KB - Virtual size: 5KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 41KB - Virtual size: 41KB