5cd5bd842a1ca1241c0a5babe59e78c61da9d75fe49269a9d5c4feeae3a7f3ad

Sharing

Copy URL Twitter E-mail

General

Target

5cd5bd842a1ca1241c0a5babe59e78c61da9d75fe49269a9d5c4feeae3a7f3ad
Size

5.7MB
MD5

9e16664dc56eabe955c221c3832001af
SHA1

41824e3a5d1c9e3ba755b720b7583339fc71c966
SHA256

5cd5bd842a1ca1241c0a5babe59e78c61da9d75fe49269a9d5c4feeae3a7f3ad
SHA512

7ad0ddeb93de96022c890b5e76e40d269f91cb4f319d0975dcc92886eb7474ee49c5d6921041f9735c09f28d7da2694a821ff2a2c781e8d3c9135fd8669eced1
SSDEEP

98304:fT8eRqnTDcYDbjdJ53o5cgNknqaj1MsIauUY9ydPwdI8R/0RT32QUxWdUxlZwlvD:fT8esnTDcy36cgSqc1MsIakhI8R/kFdz

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/KiTTY_0.76.0.8/kitty-bin-0.76.0.8/kitty-beta.exe	upx
static1/unpack001/KiTTY_0.76.0.8/kitty-bin-0.76.0.8/kitty.exe	upx
static1/unpack001/KiTTY_0.76.0.8/kitty-bin-0.76.0.8/kitty_portable.exe	upx

Unsigned PE 15 IoCs

Checks for missing Authenticode signature.

resource
unpack001/KiTTY_0.76.0.8/kitty-bin-0.76.0.8/cygtermd.exe
unpack001/KiTTY_0.76.0.8/kitty-bin-0.76.0.8/cygwin1.dll
unpack001/KiTTY_0.76.0.8/kitty-bin-0.76.0.8/genpass.exe
unpack001/KiTTY_0.76.0.8/kitty-bin-0.76.0.8/kageant.exe
unpack001/KiTTY_0.76.0.8/kitty-bin-0.76.0.8/kitty-beta.exe
unpack002/out.upx
unpack001/KiTTY_0.76.0.8/kitty-bin-0.76.0.8/kitty.exe
unpack003/out.upx
unpack001/KiTTY_0.76.0.8/kitty-bin-0.76.0.8/kitty_nocompress.exe
unpack001/KiTTY_0.76.0.8/kitty-bin-0.76.0.8/kitty_portable.exe
unpack004/out.upx
unpack001/KiTTY_0.76.0.8/kitty-bin-0.76.0.8/kittygen.exe
unpack001/KiTTY_0.76.0.8/kitty-bin-0.76.0.8/klink.exe
unpack001/KiTTY_0.76.0.8/kitty-bin-0.76.0.8/kscp.exe
unpack001/KiTTY_0.76.0.8/kitty-bin-0.76.0.8/ksftp.exe

Files

5cd5bd842a1ca1241c0a5babe59e78c61da9d75fe49269a9d5c4feeae3a7f3ad
.zip
KiTTY_0.76.0.8/kitty-bin-0.76.0.8/cygtermd.exe
.exe windows:4 windows x64 arch:x64

43b39567b74e685084b78195561994ae

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

Imports

cygwin1

__assert_func
__cxa_atexit
__errno
__getreent
__main
_dll_crt0
_impure_ptr
calloc
chdir
close
cygwin_detach_dll
cygwin_internal
dll_dllcrt0
dup2
execv
exit
fcntl
fork
fprintf
fputc
free
fwrite
getenv
getlogin
getpgrp
getpwnam
getpwuid
getuid
grantpt
ioctl
malloc
memcpy
open
perror
pipe
posix_memalign
ptsname
putenv
read
realloc
select
setpgrp
setsid
signal
sprintf
strcpy
strerror
strlen
strncpy
tcsetpgrp
unlockpt
vfprintf
waitpid
write

kernel32

GetModuleHandleA
GetProcAddress

Sections

.text
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 104B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.buildid
Size: 512B - Virtual size: 53B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 1024B - Virtual size: 900B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 1024B - Virtual size: 744B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

/4
Size: 1024B - Virtual size: 608B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/19
Size: 112KB - Virtual size: 111KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/31
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/45
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/57
Size: 1024B - Virtual size: 744B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/70
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/81
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
KiTTY_0.76.0.8/kitty-bin-0.76.0.8/cygwin1.dll
.dll windows:4 windows x64 arch:x64

ab2c9941b31956bc0d2c78a10c37e02b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

Imports

kernel32

AddVectoredContinueHandler
AllocConsole
AttachConsole
CallNamedPipeA
CancelIo
CancelSynchronousIo
ClearCommBreak
ClearCommError
CloseHandle
CompareStringW
ConnectNamedPipe
CreateFileA
CreateFileW
CreateNamedPipeA
CreatePipe
CreateProcessW
CreateRemoteThread
CreateSymbolicLinkW
CreateTapePartition
CreateThread
DebugBreak
DeleteCriticalSection
DeviceIoControl
DisconnectNamedPipe
DuplicateHandle
EnterCriticalSection
EraseTape
EscapeCommFunction
ExitProcess
ExitThread
ExpandEnvironmentStringsW
FillConsoleOutputAttribute
FillConsoleOutputCharacterW
FindFirstVolumeW
FindNextVolumeW
FindVolumeClose
FlushConsoleInputBuffer
FlushFileBuffers
FlushViewOfFile
FreeConsole
FreeEnvironmentStringsW
FreeLibrary
GetBinaryTypeW
GetCommModemStatus
GetCommState
GetCommandLineW
GetComputerNameExA
GetConsoleCP
GetConsoleCursorInfo
GetConsoleMode
GetConsoleScreenBufferInfo
GetConsoleWindow
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetEnvironmentStringsW
GetEnvironmentVariableA
GetEnvironmentVariableW
GetExitCodeProcess
GetExitCodeThread
GetFileAttributesA
GetFileSize
GetFileSizeEx
GetFileType
GetHandleInformation
GetLastError
GetLocaleInfoA
GetLocaleInfoW
GetLogicalDriveStringsA
GetLogicalDrives
GetMailslotInfo
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleExA
GetModuleHandleExW
GetNamedPipeClientProcessId
GetNumberOfConsoleInputEvents
GetOverlappedResult
GetPriorityClass
GetProcAddress
GetProcessHeap
GetProcessWorkingSetSize
GetStartupInfoA
GetStdHandle
GetSystemDirectoryW
GetSystemInfo
GetSystemTimeAsFileTime
GetSystemWindowsDirectoryW
GetTapeParameters
GetTapePosition
GetTapeStatus
GetTempPathW
GetThreadContext
GetThreadId
GetThreadPriority
GetTickCount
GetTimeZoneInformation
GetVolumeNameForVolumeMountPointW
GetVolumePathNamesForVolumeNameW
GlobalAlloc
GlobalLock
GlobalMemoryStatusEx
GlobalSize
GlobalUnlock
HeapAlloc
IdnToAscii
IdnToUnicode
InitializeCriticalSection
IsBadStringPtrA
IsDebuggerPresent
IsProcessInJob
LCMapStringW
LeaveCriticalSection
LoadLibraryExA
LoadLibraryExW
LoadLibraryW
LocalFree
LocaleNameToLCID
MapViewOfFile
MapViewOfFileEx
MultiByteToWideChar
OpenProcess
OpenThread
OutputDebugStringA
PeekConsoleInputW
PeekNamedPipe
PrepareTape
PurgeComm
QueryDosDeviceW
QueryInformationJobObject
QueryPerformanceCounter
QueryPerformanceFrequency
QueueUserAPC
RaiseException
ReadConsoleInputW
ReadConsoleOutputW
ReadFile
ReadProcessMemory
ReleaseMutex
ReleaseSemaphore
ResetEvent
ResumeThread
RtlCaptureContext
RtlLookupFunctionEntry
RtlRestoreContext
RtlUnwindEx
RtlVirtualUnwind
ScrollConsoleScreenBufferA
SetCommBreak
SetCommMask
SetCommState
SetCommTimeouts
SetComputerNameExW
SetConsoleCtrlHandler
SetConsoleCursorInfo
SetConsoleCursorPosition
SetConsoleMode
SetConsoleTextAttribute
SetConsoleTitleW
SetConsoleWindowInfo
SetEnvironmentVariableW
SetErrorMode
SetEvent
SetFilePointer
SetFilePointerEx
SetHandleInformation
SetLastError
SetNamedPipeHandleState
SetPriorityClass
SetProcessWorkingSetSize
SetStdHandle
SetSystemTime
SetTapeParameters
SetTapePosition
SetThreadAffinityMask
SetThreadContext
SetThreadPriority
SetThreadStackGuarantee
Sleep
SuspendThread
SwitchToThread
TerminateProcess
TerminateThread
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
TransmitCommChar
UnmapViewOfFile
VirtualAlloc
VirtualFree
VirtualProtect
VirtualProtectEx
VirtualQuery
VirtualQueryEx
WaitCommEvent
WaitForMultipleObjects
WaitForSingleObject
WaitNamedPipeW
WideCharToMultiByte
WriteConsoleOutputW
WriteConsoleW
WriteFile
WriteProcessMemory
WriteTapemark

ntdll

NtAccessCheck
NtAdjustPrivilegesToken
NtAllocateLocallyUniqueId
NtCancelTimer
NtClose
NtCommitTransaction
NtCreateDirectoryObject
NtCreateEvent
NtCreateFile
NtCreateKey
NtCreateMailslotFile
NtCreateMutant
NtCreateSection
NtCreateSemaphore
NtCreateTimer
NtCreateToken
NtCreateTransaction
NtDuplicateToken
NtFlushBuffersFile
NtFsControlFile
NtLockFile
NtLockVirtualMemory
NtMapViewOfSection
NtOpenDirectoryObject
NtOpenEvent
NtOpenFile
NtOpenKey
NtOpenMutant
NtOpenProcessToken
NtOpenSection
NtOpenSemaphore
NtOpenSymbolicLinkObject
NtOpenThreadToken
NtPrivilegeCheck
NtQueryAttributesFile
NtQueryDirectoryFile
NtQueryDirectoryObject
NtQueryEaFile
NtQueryEvent
NtQueryInformationFile
NtQueryInformationProcess
NtQueryInformationThread
NtQueryInformationToken
NtQueryObject
NtQueryQuotaInformationFile
NtQuerySecurityObject
NtQuerySemaphore
NtQuerySymbolicLinkObject
NtQuerySystemInformation
NtQuerySystemTime
NtQueryTimer
NtQueryTimerResolution
NtQueryValueKey
NtQueryVirtualMemory
NtQueryVolumeInformationFile
NtReadFile
NtRollbackTransaction
NtSetEaFile
NtSetEvent
NtSetInformationFile
NtSetInformationThread
NtSetInformationToken
NtSetQuotaInformationFile
NtSetSecurityObject
NtSetTimer
NtSetTimerResolution
NtSetValueKey
NtSetVolumeInformationFile
NtUnlockFile
NtUnlockVirtualMemory
NtUnmapViewOfSection
NtWriteFile
RtlAbsoluteToSelfRelativeSD
RtlAddAccessAllowedAce
RtlAddAccessAllowedAceEx
RtlAddAccessDeniedAceEx
RtlAllocateHeap
RtlAppendUnicodeStringToString
RtlAppendUnicodeToString
RtlCheckRegistryKey
RtlCompareUnicodeString
RtlConvertSidToUnicodeString
RtlCopySid
RtlCopyUnicodeString
RtlCreateAcl
RtlCreateQueryDebugBuffer
RtlCreateSecurityDescriptor
RtlCreateUnicodeStringFromAsciiz
RtlDestroyQueryDebugBuffer
RtlDowncaseUnicodeString
RtlEnterCriticalSection
RtlEqualPrefixSid
RtlEqualSid
RtlEqualUnicodeString
RtlFirstFreeAce
RtlFreeHeap
RtlFreeUnicodeString
RtlGetAce
RtlGetControlSecurityDescriptor
RtlGetCurrentTransaction
RtlGetDaclSecurityDescriptor
RtlGetGroupSecurityDescriptor
RtlGetNtVersionNumbers
RtlGetOwnerSecurityDescriptor
RtlGetVersion
RtlIdentifierAuthoritySid
RtlInitAnsiString
RtlInitUnicodeString
RtlInitializeSid
RtlLeaveCriticalSection
RtlLengthSid
RtlNtStatusToDosError
RtlPrefixUnicodeString
RtlQueryProcessDebugInformation
RtlQueryRegistryValues
RtlSetControlSecurityDescriptor
RtlSetCurrentDirectory_U
RtlSetCurrentTransaction
RtlSetDaclSecurityDescriptor
RtlSetGroupSecurityDescriptor
RtlSetOwnerSecurityDescriptor
RtlSubAuthorityCountSid
RtlSubAuthoritySid
RtlUnicodeStringToAnsiString
RtlUpcaseUnicodeChar
RtlUpcaseUnicodeString

Exports

Exports

GetCommandLineA@0
GetCommandLineW@0
_Exit
__argc
__argv
__assert
__assert_func
__assertfail
__b64_ntop
__b64_pton
__bsd_qsort_r
__check_rhosts_file
__ctype_ptr__
__cxa_atexit
__cxa_finalize
__cygwin_user_data
__dn_comp
__dn_expand
__dn_skipname
__eprintf
__errno
__fbufsize
__flbf
__fpclassifyd
__fpclassifyf
__fpending
__fpurge
__freadable
__freading
__fsetlocking
__fwritable
__fwriting
__getpagesize
__getreent
__gnu_basename
__infinity
__isinfd
__isinff
__isnand
__isnanf
__locale_ctype_ptr
__locale_ctype_ptr_l
__locale_mb_cur_max
__main
__mb_cur_max
__mempcpy
__opendir_with_d_ino
__progname
__rcmd_errstr
__res_close
__res_init
__res_mkquery
__res_nclose
__res_ninit
__res_nmkquery
__res_nquery
__res_nquerydomain
__res_nsearch
__res_nsend
__res_query
__res_querydomain
__res_search
__res_send
__res_state
__signbitd
__signbitf
__signgam
__srget
__srget_r
__swbuf
__swbuf_r
__wrap__ZdaPv
__wrap__ZdaPvRKSt9nothrow_t
__wrap__ZdlPv
__wrap__ZdlPvRKSt9nothrow_t
__wrap__Znam
__wrap__ZnamRKSt9nothrow_t
__wrap__Znwm
__wrap__ZnwmRKSt9nothrow_t
__xdrrec_getrec
__xdrrec_setnonblock
__xpg_sigpause
__xpg_strerror_r
_alloca
_check_for_executable
_ctype_
_daylight
_dll_crt0
_exit
_feinitialise
_fscanf_r
_get_osfhandle
_impure_ptr
_longjmp
_pipe
_pthread_cleanup_pop
_pthread_cleanup_push
_setjmp
_setmode
_sys_errlist
_sys_nerr
_timezone
_tzname
a64l
abort
abs
accept
accept4
access
acl
acl_add_perm
acl_calc_mask
acl_check
acl_clear_perms
acl_cmp
acl_copy_entry
acl_copy_ext
acl_copy_int
acl_create_entry
acl_delete_def_file
acl_delete_entry
acl_delete_perm
acl_dup
acl_entries
acl_equiv_mode
acl_error
acl_extended_fd
acl_extended_file
acl_extended_file_nofollow
acl_free
acl_from_mode
acl_from_text
acl_get_entry
acl_get_fd
acl_get_file
acl_get_perm
acl_get_permset
acl_get_qualifier
acl_get_tag_type
acl_init
acl_set_fd
acl_set_file
acl_set_permset
acl_set_qualifier
acl_set_tag_type
acl_size
acl_to_any_text
acl_to_text
acl_valid
aclcheck
aclfrommode
aclfrompbits
aclfromtext
aclsort
acltomode
acltopbits
acltotext
acos
acosf
acosh
acoshf
acoshl
acosl
alarm
aligned_alloc
alphasort
arc4random
arc4random_addrandom
arc4random_buf
arc4random_stir
arc4random_uniform
argz_add
argz_add_sep
argz_append
argz_count
argz_create
argz_create_sep
argz_delete
argz_extract
argz_insert
argz_next
argz_replace
argz_stringify
asctime
asctime_r
asin
asinf
asinh
asinhf
asinhl
asinl
asnprintf
asprintf
at_quick_exit
atan
atan2
atan2f
atan2l
atanf
atanh
atanhf
atanhl
atanl
atexit
atof
atoff
atoi
atol
atoll
basename
bcmp
bcopy
bind
bindresvport
bindresvport_sa
bsearch
btowc
bzero
cabs
cabsf
cabsl
cacos
cacosf
cacosh
cacoshf
cacoshl
cacosl
calloc
canonicalize_file_name
carg
cargf
cargl
casin
casinf
casinh
casinhf
casinhl
casinl
catan
catanf
catanh
catanhf
catanhl
catanl
cbrt
cbrtf
cbrtl
ccos
ccosf
ccosh
ccoshf
ccoshl
ccosl
ceil
ceilf
ceill
cexp
cexpf
cexpl
cfgetispeed
cfgetospeed
cfmakeraw
cfsetispeed
cfsetospeed
cfsetspeed
chdir
chmod
chown
chroot
cimag
cimagf
cimagl
cleanup_glue
clearerr
clearerr_unlocked
clock
clock_getcpuclockid
clock_getres
clock_gettime
clock_nanosleep
clock_setres
clock_settime
clog
clog10
clog10f
clog10l
clogf
clogl
close
closedir
closelog
confstr
conj
conjf
conjl
connect
copysign
copysignf
copysignl
cos
cosf
cosh
coshf
coshl
cosl
cpow
cpowf
cpowl
cproj
cprojf
cprojl
creal
crealf
creall
creat
csin
csinf
csinh
csinhf
csinhl
csinl
csqrt
csqrtf
csqrtl
ctan
ctanf
ctanh
ctanhf
ctanhl
ctanl
ctermid
ctime
ctime_r
cuserid
cwait
cygwin_attach_handle_to_fd
cygwin_conv_path
cygwin_conv_path_list
cygwin_create_path
cygwin_detach_dll
cygwin_dll_init
cygwin_internal
cygwin_logon_user
cygwin_posix_path_list_p
cygwin_set_impersonation_token
cygwin_split_path
cygwin_stackdump
cygwin_umount
cygwin_winpid_to_pid
daemon
difftime
dirfd
dirname
div
dladdr
dlclose
dlerror
dlfork
dll_crt0__FP11per_process
dll_dllcrt0
dll_entry
dlopen
dlsym
dn_comp
dn_expand
dn_skipname
dprintf
drand48
drem
dremf
dreml
dup
dup2
dup3
duplocale
eaccess
ecvt
ecvtbuf
ecvtf
endgrent
endhostent
endmntent
endprotoent
endpwent
endservent
endusershell
endutent
endutxent
environ
envz_add
envz_entry
envz_get
envz_merge
envz_remove
envz_strip
erand48
erf
erfc
erfcf
erfcl
erff
erfl
err
error
error_at_line
error_message_count
error_one_per_line
error_print_progname
errx
euidaccess
execl
execle
execlp
execv
execve
execvp
execvpe
exit
exp
exp10
exp10f
exp10l
exp2
exp2f
exp2l
expf
expl
explicit_bzero
expm1
expm1f
expm1l
fabs
fabsf
fabsl
faccessat
facl
fchdir
fchmod
fchmodat
fchown
fchownat
fclose
fcloseall
fcntl
fcvt
fcvtbuf
fcvtf
fdatasync
fdim
fdimf
fdiml
fdopen
fdopendir
feclearexcept
fedisableexcept
feenableexcept
fegetenv
fegetexcept
fegetexceptflag
fegetprec
fegetround
feholdexcept
feof
feof_unlocked
feraiseexcept
ferror
ferror_unlocked
fesetenv
fesetexceptflag
fesetprec
fesetround
fetestexcept
feupdateenv
fexecve
fflush
fflush_unlocked
ffs
ffsl
ffsll
fgetc
fgetc_unlocked
fgetpos
fgets
fgets_unlocked
fgetwc
fgetwc_unlocked
fgetws
fgetws_unlocked
fgetxattr
fileno
fileno_unlocked
finite
finitef
finitel
fiprintf
flistxattr
flock
flockfile
floor
floorf

Sections

.text
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

/4
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 154KB - Virtual size: 153KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 336KB - Virtual size: 335KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.buildid
Size: 512B - Virtual size: 53B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 62KB - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 61KB - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 286KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/19
Size: 33KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

/38
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.cygheap
Size: - Virtual size: 3.0MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
KiTTY_0.76.0.8/kitty-bin-0.76.0.8/genpass.exe
.exe windows:4 windows x86 arch:x86

6cdf1395d93fdb0ba770223642b7d696

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegCloseKey
RegOpenKeyExA
RegQueryValueExA

kernel32

DeleteCriticalSection
EnterCriticalSection
ExitProcess
FindClose
FindFirstFileA
FindNextFileA
FreeLibrary
GetCommandLineA
GetLastError
GetModuleHandleA
GetProcAddress
InitializeCriticalSection
LeaveCriticalSection
LoadLibraryA
SetUnhandledExceptionFilter
TlsGetValue
VirtualProtect
VirtualQuery

msvcrt

_strdup
_stricoll
__getmainargs
__mb_cur_max
__p__environ
__p__fmode
__set_app_type
_cexit
_errno
_fpreset
_fullpath
_iob
_isctype
_onexit
_pctype
_setmode
abort
atexit
atoi
calloc
exit
fclose
fgetc
fgets
fopen
fprintf
fputc
fread
free
fwrite
getenv
malloc
mbstowcs
memcpy
printf
puts
rand
realloc
setlocale
signal
sprintf
srand
strcmp
strcoll
strcpy
strlen
strrchr
time
tolower
vfprintf
wcstombs

Sections

.text
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 36B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

/4
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 144B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

/14
Size: 512B - Virtual size: 56B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/29
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/41
Size: 512B - Virtual size: 329B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/55
Size: 512B - Virtual size: 456B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/67
Size: 512B - Virtual size: 56B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/80
Size: 512B - Virtual size: 134B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
KiTTY_0.76.0.8/kitty-bin-0.76.0.8/kageant.exe
.exe windows:4 windows x86 arch:x86

f8ea82bb985629896891f66140364a14

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

advapi32

AllocateAndInitializeSid
CopySid
EqualSid
GetLengthSid
GetUserNameA
InitializeSecurityDescriptor
RegCloseKey
RegCreateKeyA
RegDeleteKeyA
RegDeleteValueA
RegEnumKeyA
RegEnumKeyExA
RegEnumValueA
RegOpenKeyA
RegOpenKeyExA
RegQueryInfoKeyA
RegQueryValueExA
RegSetValueExA
SetSecurityDescriptorDacl
SetSecurityDescriptorOwner

comdlg32

GetOpenFileNameA
GetSaveFileNameA

kernel32

CloseHandle
ConnectNamedPipe
CreateEventA
CreateFileA
CreateFileMappingA
CreateNamedPipeA
CreateThread
DeleteCriticalSection
EnterCriticalSection
ExitProcess
FindClose
FindFirstFileA
FindNextFileA
FormatMessageA
FreeLibrary
GetCommandLineA
GetConsoleMode
GetCurrentDirectoryA
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetFileAttributesA
GetFileAttributesExA
GetLastError
GetModuleFileNameA
GetModuleHandleA
GetOverlappedResult
GetProcAddress
GetStartupInfoA
GetSystemDirectoryA
GetTickCount
InitializeCriticalSection
InterlockedExchange
IsDBCSLeadByteEx
LeaveCriticalSection
LoadLibraryA
LocalAlloc
LocalFree
MapViewOfFile
MultiByteToWideChar
OpenFileMappingA
OpenProcess
ReadFile
SetCurrentDirectoryA
SetEvent
SetHandleInformation
SetUnhandledExceptionFilter
Sleep
TlsGetValue
UnmapViewOfFile
VirtualProtect
VirtualQuery
WaitForSingleObject
WaitNamedPipeA
WideCharToMultiByte
WriteFile

msvcrt

_itoa
_stat
_strdup
_stricoll
_unlink
__getmainargs
__mb_cur_max
__p__environ
__p__fmode
__set_app_type
_assert
_cexit
_errno
_fpreset
_fullpath
_iob
_isctype
_locking
_onexit
_pctype
_rmdir
_setmode
_stat
_stricmp
abort
atexit
atoi
calloc
exit
fclose
fgetc
fgets
fopen
fprintf
fputc
fputs
fread
free
fscanf
fwrite
getenv
iswctype
localeconv
malloc
mbstowcs
memchr
memcmp
memcpy
memmove
memset
printf
puts
rand
realloc
setlocale
signal
sprintf
srand
strcat
strchr
strcmp
strcoll
strcpy
strcspn
strerror
strlen
strncmp
strncpy
strrchr
strspn
strstr
strtol
strtoul
system
time
tolower
vfprintf
wcslen
wcstombs

shell32

ShellExecuteA
Shell_NotifyIconA

user32

AppendMenuA
CreateDialogParamA
CreateMenu
CreatePopupMenu
CreateWindowExA
DefWindowProcA
DestroyIcon
DestroyMenu
DestroyWindow
DialogBoxParamA
DispatchMessageA
EnableWindow
EndDialog
FindWindowA
GetCursorPos
GetDesktopWindow
GetDlgItem
GetDlgItemTextA
GetMenuDefaultItem
GetMenuItemCount
GetMenuItemInfoA
GetMessageA
GetWindowLongA
GetWindowRect
InsertMenuItemA
IsDialogMessageA
IsWindow
LoadIconA
MessageBeep
MessageBoxA
MessageBoxIndirectA
MoveWindow
MsgWaitForMultipleObjects
PeekMessageW
PostMessageA
PostQuitMessage
RegisterClassA
RegisterWindowMessageA
RemoveMenu
SendDlgItemMessageA
SendMessageA
SetActiveWindow
SetDlgItemTextA
SetForegroundWindow
SetMenuDefaultItem
SetWindowLongA
SetWindowPos
ShowWindow
TrackPopupMenu
TranslateMessage

Sections

.text
Size: 373KB - Virtual size: 373KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.eh_fram
Size: 61KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 8KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
KiTTY_0.76.0.8/kitty-bin-0.76.0.8/kitty-beta.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Sections

UPX0
Size: - Virtual size: 1.5MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 696KB - Virtual size: 700KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 66KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Sections

.text
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 280KB - Virtual size: 279KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.eh_fram
Size: 196KB - Virtual size: 196KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 82KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 294KB - Virtual size: 293KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
KiTTY_0.76.0.8/kitty-bin-0.76.0.8/kitty.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Sections

UPX0
Size: - Virtual size: 1.5MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 696KB - Virtual size: 700KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 66KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Sections

.text
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 280KB - Virtual size: 279KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.eh_fram
Size: 196KB - Virtual size: 196KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 82KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 294KB - Virtual size: 293KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
KiTTY_0.76.0.8/kitty-bin-0.76.0.8/kitty_nocompress.exe
.exe windows:4 windows x86 arch:x86

dcf2a4249421817bb8c861f4af0a33c6

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

advapi32

AllocateAndInitializeSid
CopySid
CryptAcquireContextW
CryptCreateHash
CryptDestroyHash
CryptGetHashParam
CryptHashData
EqualSid
GetLengthSid
GetUserNameA
InitializeSecurityDescriptor
RegCloseKey
RegCreateKeyA
RegCreateKeyExA
RegDeleteKeyA
RegDeleteValueA
RegEnumKeyA
RegEnumKeyExA
RegEnumValueA
RegOpenKeyA
RegOpenKeyExA
RegQueryInfoKeyA
RegQueryValueExA
RegSetValueExA
SetSecurityDescriptorDacl
SetSecurityDescriptorOwner

comdlg32

ChooseColorA
ChooseFontA
GetOpenFileNameA
GetSaveFileNameA
PrintDlgA

gdi32

BitBlt
CreateBitmap
CreateCompatibleBitmap
CreateCompatibleDC
CreateDIBSection
CreateFontA
CreateFontIndirectA
CreatePalette
CreatePen
CreateSolidBrush
DeleteDC
DeleteObject
EndDoc
EndPage
ExcludeClipRect
ExtTextOutA
ExtTextOutW
GetBkMode
GetCharABCWidthsFloatA
GetCharWidth32A
GetCharWidth32W
GetCharWidthA
GetCharWidthW
GetCharacterPlacementW
GetDIBits
GetDeviceCaps
GetObjectA
GetOutlineTextMetricsA
GetPixel
GetStockObject
GetTextExtentExPointA
GetTextExtentPoint32A
GetTextMetricsA
IntersectClipRect
LineTo
MoveToEx
PatBlt
Polyline
RealizePalette
Rectangle
SelectObject
SelectPalette
SetBkColor
SetBkMode
SetDIBits
SetMapMode
SetPaletteEntries
SetPixel
SetPixelV
SetTextAlign
SetTextColor
StartDocA
StartPage
StretchBlt
TextOutA
TranslateCharsetInfo
UnrealizeObject
UpdateColors

imm32

ImmGetCompositionStringW
ImmGetContext
ImmReleaseContext
ImmSetCompositionFontA
ImmSetCompositionWindow

kernel32

Beep
ClearCommBreak
CloseHandle
ConnectNamedPipe
CreateDirectoryA
CreateEventA
CreateFileA
CreateFileMappingA
CreateFileW
CreateMutexA
CreateNamedPipeA
CreatePipe
CreateProcessA
CreateThread
DeleteCriticalSection
DeleteFileA
EnterCriticalSection
ExitProcess
ExpandEnvironmentStringsA
FindClose
FindFirstFileA
FindNextFileA
FormatMessageA
FreeLibrary
GetACP
GetCPInfo
GetCommState
GetCommandLineA
GetComputerNameA
GetConsoleMode
GetCurrentDirectoryA
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetEnvironmentVariableA
GetExitCodeProcess
GetFileAttributesA
GetFileAttributesExA
GetFileSize
GetLastError
GetLocalTime
GetLocaleInfoA
GetModuleFileNameA
GetModuleFileNameW
GetModuleHandleA
GetOEMCP
GetOverlappedResult
GetProcAddress
GetProcessTimes
GetShortPathNameA
GetStartupInfoA
GetSystemDirectoryA
GetSystemInfo
GetSystemTime
GetSystemTimeAsFileTime
GetThreadTimes
GetTickCount
GetVersion
GetVersionExA
GetWindowsDirectoryA
GlobalAlloc
GlobalFree
GlobalLock
GlobalMemoryStatus
GlobalUnlock
InitializeCriticalSection
InterlockedExchange
IsDBCSLeadByteEx
LeaveCriticalSection
LoadLibraryA
LoadLibraryExA
LocalAlloc
LocalFileTimeToFileTime
LocalFree
MapViewOfFile
MulDiv
MultiByteToWideChar
OpenFileMappingA
OpenProcess
PeekNamedPipe
QueryPerformanceCounter
ReadFile
ReleaseMutex
SetCommBreak
SetCommState
SetCommTimeouts
SetCurrentDirectoryA
SetEvent
SetHandleInformation
SetUnhandledExceptionFilter
Sleep
TerminateProcess
TlsGetValue
UnmapViewOfFile
VirtualProtect
VirtualQuery
WaitForSingleObject
WaitNamedPipeA
WideCharToMultiByte
WriteFile
lstrcpyA

msvcrt

_chdir
_fileno
_getpid
_itoa
_ltoa
_mkdir
_putenv
_stat
_strdup
_stricmp
_stricoll
_unlink
__getmainargs
__mb_cur_max
__p__environ
__p__fmode
__set_app_type
_assert
_beginthread
_cexit
_errno
_fpreset
_fullpath
_iob
_isctype
_locking
_mkdir
_onexit
_pctype
_rmdir
_setjmp
_setmode
_stat
_stricmp
_strnicmp
abort
atexit
atoi
atol
calloc
ceil
difftime
exit
fclose
fflush
fgetc
fgets
floor
fopen
fprintf
fputc
fputs
fread
free
fscanf
fseek
ftell
fwrite
getenv
gmtime
iswctype
localeconv
localtime
malloc
mbstowcs
memchr
memcmp
memcpy
memmove
memset
mktime
pow
printf
puts
qsort
rand
realloc
rename
rewind
setlocale
signal
sprintf
sqrt
srand
sscanf
strcat
strchr
strcmp
strcoll
strcpy
strcspn
strerror
strftime
strlen
strncmp
strncpy
strrchr
strspn
strstr
strtol
strtoul
system
time
tolower
toupper
towlower
towupper
vfprintf
wcscoll
wcslen
wcsncmp
wcstombs

ole32

CoCreateInstance
CoInitialize
CoUninitialize

psapi

EnumProcessModules
EnumProcesses
GetModuleBaseNameA
GetModuleInformation

shell32

DragFinish
DragQueryFileA
SHBrowseForFolderA
SHGetMalloc
SHGetPathFromIDListA
ShellExecuteA
Shell_NotifyIconA

user32

AppendMenuA
BeginPaint
BringWindowToTop
CallWindowProcA
CheckDlgButton
CheckMenuItem
CheckMenuRadioItem
CheckRadioButton
ChildWindowFromPoint
ClientToScreen
CloseClipboard
CreateCaret
CreateDialogParamA
CreateMenu
CreatePopupMenu
CreateWindowExA
CreateWindowExW
DefDlgProcA
DefWindowProcA
DefWindowProcW
DeleteMenu
DestroyCaret
DestroyIcon
DestroyMenu
DestroyWindow
DialogBoxParamA
DispatchMessageA
DispatchMessageW
DrawEdge
DrawIconEx
EmptyClipboard
EnableMenuItem
EnableWindow
EndDialog
EndPaint
EnumWindows
FillRect
FindWindowA
FlashWindow
GetActiveWindow
GetAsyncKeyState
GetCapture
GetCaretBlinkTime
GetClassLongA
GetClassNameA
GetClientRect
GetClipboardData
GetClipboardOwner
GetCursorPos
GetDC
GetDesktopWindow
GetDlgItem
GetDlgItemInt
GetDlgItemTextA
GetDoubleClickTime
GetForegroundWindow
GetKeyState
GetKeyboardLayout
GetKeyboardState
GetLastActivePopup
GetMenu
GetMenuDefaultItem
GetMenuItemCount
GetMenuItemInfoA
GetMenuState
GetMenuStringA
GetMessageA
GetMessageTime
GetMonitorInfoA
GetParent
GetQueueStatus
GetScrollInfo
GetSysColor
GetSysColorBrush
GetSystemMenu
GetSystemMetrics
GetWindowDC
GetWindowInfo
GetWindowLongA
GetWindowModuleFileNameA
GetWindowPlacement
GetWindowRect
GetWindowTextA
GetWindowTextLengthA
HideCaret
InsertMenuA
InsertMenuItemA
InvalidateRect
IsClipboardFormatAvailable
IsDialogMessageA
IsDlgButtonChecked
IsIconic
IsWindow
IsWindowUnicode
IsWindowVisible
IsZoomed
KillTimer
LoadAcceleratorsA
LoadBitmapA
LoadCursorA
LoadIconA
LoadImageA
LoadStringA
MapDialogRect
MessageBeep
MessageBoxA
MessageBoxIndirectA
ModifyMenuA
MonitorFromPoint
MonitorFromRect
MonitorFromWindow
MoveWindow
MsgWaitForMultipleObjects
OffsetRect
OpenClipboard
PeekMessageA
PeekMessageW
PostMessageA
PostQuitMessage
RedrawWindow
RegisterClassA
RegisterClassW
RegisterClipboardFormatA
RegisterWindowMessageA
ReleaseCapture
ReleaseDC
RemoveMenu
ScreenToClient
SendDlgItemMessageA
SendMessageA
SetActiveWindow
SetCapture
SetCaretPos
SetClassLongA
SetClipboardData
SetCursor
SetDlgItemInt
SetDlgItemTextA
SetFocus
SetForegroundWindow
SetKeyboardState
SetLayeredWindowAttributes
SetMenu
SetMenuDefaultItem
SetMenuItemBitmaps
SetScrollInfo
SetTimer
SetWindowLongA
SetWindowPlacement
SetWindowPos
SetWindowTextA
ShowCaret
ShowCursor
ShowWindow
SwitchToThisWindow
SystemParametersInfoA
ToAsciiEx
TrackPopupMenu
TranslateAcceleratorA
TranslateMessage
UpdateWindow
ValidateRect
WaitForInputIdle
keybd_event

wsock32

closesocket
connect
gethostbyname
htons
inet_ntoa
ioctlsocket
ntohs
send
shutdown
socket

wtsapi32

WTSRegisterSessionNotification

Sections

.text
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 280KB - Virtual size: 279KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.eh_fram
Size: 196KB - Virtual size: 196KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 82KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 294KB - Virtual size: 293KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
KiTTY_0.76.0.8/kitty-bin-0.76.0.8/kitty_portable.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Sections

UPX0
Size: - Virtual size: 1.5MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 696KB - Virtual size: 700KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 66KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Sections

.text
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 280KB - Virtual size: 279KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.eh_fram
Size: 196KB - Virtual size: 196KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 82KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 294KB - Virtual size: 293KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
KiTTY_0.76.0.8/kitty-bin-0.76.0.8/kittygen.exe
.exe windows:4 windows x86 arch:x86

083d87110cf83126c0a4d6c745ac34d9

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

advapi32

AllocateAndInitializeSid
CopySid
GetLengthSid
GetUserNameA
InitializeSecurityDescriptor
RegCloseKey
RegCreateKeyA
RegCreateKeyExA
RegDeleteKeyA
RegDeleteValueA
RegEnumKeyA
RegEnumKeyExA
RegEnumValueA
RegOpenKeyA
RegOpenKeyExA
RegQueryInfoKeyA
RegQueryValueExA
RegSetValueExA
SetSecurityDescriptorDacl
SetSecurityDescriptorOwner

comdlg32

ChooseColorA
ChooseFontA
GetOpenFileNameA
GetSaveFileNameA

gdi32

CreateFontA
DeleteObject
GetDeviceCaps
GetTextExtentExPointA
GetTextExtentPoint32A
GetTextMetricsA
SelectObject
SetMapMode
TextOutA

kernel32

CloseHandle
CreateDirectoryA
CreateFileA
CreateThread
DeleteCriticalSection
DeleteFileA
EnterCriticalSection
ExitProcess
ExpandEnvironmentStringsA
FindClose
FindFirstFileA
FindNextFileA
FormatMessageA
FreeLibrary
GetCommandLineA
GetConsoleMode
GetCurrentDirectoryA
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetEnvironmentVariableA
GetFileAttributesA
GetFileAttributesExA
GetFileSize
GetLastError
GetLocalTime
GetModuleFileNameA
GetModuleHandleA
GetProcAddress
GetProcessTimes
GetStartupInfoA
GetSystemDirectoryA
GetSystemTimeAsFileTime
GetThreadTimes
GetTickCount
GetWindowsDirectoryA
GlobalMemoryStatus
InitializeCriticalSection
InterlockedExchange
IsDBCSLeadByteEx
LeaveCriticalSection
LoadLibraryA
LocalAlloc
LocalFree
MulDiv
MultiByteToWideChar
OpenProcess
QueryPerformanceCounter
ReadFile
SetCurrentDirectoryA
SetUnhandledExceptionFilter
Sleep
TlsGetValue
VirtualProtect
VirtualQuery
WideCharToMultiByte
WriteFile

msvcrt

_itoa
_ltoa
_putenv
_stat
_strdup
_stricmp
_stricoll
_unlink
__getmainargs
__mb_cur_max
__p__environ
__p__fmode
__set_app_type
_assert
_cexit
_errno
_fpreset
_fullpath
_iob
_isctype
_locking
_mkdir
_onexit
_pctype
_rmdir
_setmode
_stat
_stricmp
abort
atexit
atoi
calloc
exit
fclose
fflush
fgetc
fgets
fopen
fprintf
fputc
fputs
fread
free
fscanf
fseek
ftell
fwrite
getenv
iswctype
localeconv
malloc
mbstowcs
memchr
memcmp
memcpy
memmove
memset
pow
printf
puts
qsort
rand
realloc
setlocale
signal
sprintf
srand
sscanf
strcat
strchr
strcmp
strcoll
strcpy
strcspn
strerror
strftime
strlen
strncmp
strncpy
strrchr
strspn
strstr
strtol
strtoul
system
time
tolower
toupper
vfprintf
wcslen
wcstombs

ole32

CoInitialize

shell32

SHBrowseForFolderA
SHGetMalloc
SHGetPathFromIDListA
ShellExecuteA
Shell_NotifyIconA

user32

AppendMenuA
CheckDlgButton
CheckMenuItem
CheckMenuRadioItem
CheckRadioButton
CreateMenu
CreateWindowExA
DialogBoxParamA
DrawEdge
EnableMenuItem
EnableWindow
EndDialog
GetActiveWindow
GetCapture
GetClientRect
GetClipboardOwner
GetCursorPos
GetDC
GetDesktopWindow
GetDlgItem
GetDlgItemInt
GetDlgItemTextA
GetForegroundWindow
GetLastActivePopup
GetMessageTime
GetQueueStatus
GetWindowLongA
GetWindowRect
GetWindowTextA
GetWindowTextLengthA
InvalidateRect
IsDlgButtonChecked
LoadIconA
MapDialogRect
MessageBeep
MessageBoxA
MessageBoxIndirectA
MoveWindow
PostMessageA
RegisterWindowMessageA
ReleaseDC
ScreenToClient
SendDlgItemMessageA
SendMessageA
SetActiveWindow
SetCapture
SetDlgItemInt
SetDlgItemTextA
SetFocus
SetForegroundWindow
SetMenu
SetWindowLongA
SetWindowPos
SetWindowTextA
ShowWindow

Sections

.text
Size: 424KB - Virtual size: 424KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 54KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.eh_fram
Size: 69KB - Virtual size: 69KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 20KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
KiTTY_0.76.0.8/kitty-bin-0.76.0.8/klink.exe
.exe windows:4 windows x86 arch:x86

2f23b2a1a2771693ff21fdfdbc01d12a

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

advapi32

AllocateAndInitializeSid
CopySid
EqualSid
GetLengthSid
GetUserNameA
InitializeSecurityDescriptor
RegCloseKey
RegCreateKeyA
RegCreateKeyExA
RegDeleteKeyA
RegDeleteValueA
RegEnumKeyA
RegEnumKeyExA
RegEnumValueA
RegOpenKeyA
RegOpenKeyExA
RegQueryInfoKeyA
RegQueryValueExA
RegSetValueExA
SetSecurityDescriptorDacl
SetSecurityDescriptorOwner

kernel32

ClearCommBreak
CloseHandle
ConnectNamedPipe
CreateDirectoryA
CreateEventA
CreateFileA
CreateFileMappingA
CreateMutexA
CreateNamedPipeA
CreatePipe
CreateProcessA
CreateThread
DeleteCriticalSection
DeleteFileA
EnterCriticalSection
ExitProcess
ExpandEnvironmentStringsA
FindClose
FindFirstFileA
FindNextFileA
FormatMessageA
FreeLibrary
GetACP
GetCPInfo
GetCommState
GetCommandLineA
GetConsoleMode
GetCurrentDirectoryA
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetEnvironmentVariableA
GetFileAttributesA
GetFileAttributesExA
GetFileSize
GetFileType
GetLastError
GetLocalTime
GetModuleFileNameA
GetModuleHandleA
GetOEMCP
GetOverlappedResult
GetProcAddress
GetProcessTimes
GetStdHandle
GetSystemDirectoryA
GetSystemTimeAsFileTime
GetThreadTimes
GetTickCount
GetVersionExA
GetWindowsDirectoryA
GlobalMemoryStatus
InitializeCriticalSection
InterlockedExchange
IsDBCSLeadByteEx
LeaveCriticalSection
LoadLibraryA
LoadLibraryExA
LocalAlloc
LocalFileTimeToFileTime
LocalFree
MapViewOfFile
MultiByteToWideChar
OpenProcess
QueryPerformanceCounter
ReadFile
ReleaseMutex
SetCommBreak
SetCommState
SetCommTimeouts
SetConsoleMode
SetCurrentDirectoryA
SetEvent
SetHandleInformation
SetUnhandledExceptionFilter
Sleep
TlsGetValue
UnmapViewOfFile
VirtualProtect
VirtualQuery
WaitForMultipleObjects
WaitForSingleObject
WaitNamedPipeA
WideCharToMultiByte
WriteFile

msvcrt

_itoa
_ltoa
_mkdir
_putenv
_stat
_strdup
_stricmp
_stricoll
_unlink
__getmainargs
__mb_cur_max
__p__environ
__p__fmode
__set_app_type
_assert
_cexit
_errno
_fpreset
_fullpath
_iob
_isctype
_locking
_mkdir
_onexit
_pctype
_rmdir
_setmode
_stat
_stricmp
_strnicmp
abort
atexit
atoi
calloc
difftime
exit
fclose
fflush
fgetc
fgets
fopen
fprintf
fputc
fputs
fread
free
fscanf
fseek
ftell
fwrite
getenv
iswctype
localeconv
localtime
malloc
mbstowcs
memchr
memcmp
memcpy
memmove
memset
mktime
printf
puts
qsort
rand
realloc
rewind
setlocale
signal
sprintf
srand
sscanf
strcat
strchr
strcmp
strcoll
strcpy
strcspn
strerror
strftime
strlen
strncmp
strncpy
strrchr
strspn
strstr
strtol
strtoul
system
time
tolower
toupper
vfprintf
wcslen
wcstombs

shell32

Shell_NotifyIconA

user32

FindWindowA
GetActiveWindow
GetCapture
GetClipboardOwner
GetCursorPos
GetForegroundWindow
GetLastActivePopup
GetQueueStatus
MessageBoxA
SendMessageA

wsock32

closesocket
connect
gethostbyname
htons
inet_ntoa
ioctlsocket
send
shutdown
socket

Sections

.text
Size: 675KB - Virtual size: 674KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 116KB - Virtual size: 115KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.eh_fram
Size: 106KB - Virtual size: 105KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 12KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
KiTTY_0.76.0.8/kitty-bin-0.76.0.8/kscp.exe
.exe windows:4 windows x86 arch:x86

d03ac9f9f3f1d1f0c26b0344bc11605e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

advapi32

AllocateAndInitializeSid
CopySid
EqualSid
GetLengthSid
GetUserNameA
InitializeSecurityDescriptor
RegCloseKey
RegCreateKeyA
RegCreateKeyExA
RegDeleteKeyA
RegDeleteValueA
RegEnumKeyA
RegEnumKeyExA
RegEnumValueA
RegOpenKeyA
RegOpenKeyExA
RegQueryInfoKeyA
RegQueryValueExA
RegSetValueExA
SetSecurityDescriptorDacl
SetSecurityDescriptorOwner

kernel32

CloseHandle
ConnectNamedPipe
CreateDirectoryA
CreateEventA
CreateFileA
CreateFileMappingA
CreateMutexA
CreateNamedPipeA
CreatePipe
CreateProcessA
CreateThread
DeleteCriticalSection
DeleteFileA
EnterCriticalSection
ExitProcess
ExpandEnvironmentStringsA
FindClose
FindFirstFileA
FindNextFileA
FormatMessageA
FreeLibrary
GetACP
GetCPInfo
GetCommandLineA
GetConsoleMode
GetCurrentDirectoryA
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetEnvironmentVariableA
GetFileAttributesA
GetFileAttributesExA
GetFileSize
GetFileTime
GetLastError
GetLocalTime
GetModuleFileNameA
GetModuleHandleA
GetOEMCP
GetOverlappedResult
GetProcAddress
GetProcessTimes
GetStdHandle
GetSystemDirectoryA
GetSystemTimeAsFileTime
GetThreadTimes
GetTickCount
GetVersionExA
GetWindowsDirectoryA
GlobalMemoryStatus
InitializeCriticalSection
InterlockedExchange
IsDBCSLeadByteEx
LeaveCriticalSection
LoadLibraryA
LoadLibraryExA
LocalAlloc
LocalFileTimeToFileTime
LocalFree
MapViewOfFile
MultiByteToWideChar
OpenProcess
QueryPerformanceCounter
ReadFile
ReleaseMutex
SetConsoleMode
SetCurrentDirectoryA
SetEvent
SetFilePointer
SetFileTime
SetHandleInformation
SetUnhandledExceptionFilter
Sleep
TlsGetValue
UnmapViewOfFile
VirtualProtect
VirtualQuery
WaitForMultipleObjects
WaitForSingleObject
WaitNamedPipeA
WideCharToMultiByte
WriteFile

msvcrt

_itoa
_ltoa
_mkdir
_putenv
_stat
_strdup
_stricmp
_stricoll
_unlink
__getmainargs
__mb_cur_max
__p__environ
__p__fmode
__set_app_type
_assert
_cexit
_errno
_flsbuf
_fpreset
_fullpath
_iob
_isctype
_locking
_mkdir
_onexit
_pctype
_rmdir
_setmode
_stat
_stricmp
_strnicmp
abort
atexit
atoi
calloc
difftime
exit
fclose
fflush
fgetc
fgets
fopen
fprintf
fputc
fputs
fread
free
fscanf
fseek
ftell
fwrite
getenv
iswctype
localeconv
localtime
malloc
mbstowcs
memchr
memcmp
memcpy
memmove
memset
mktime
printf
puts
qsort
rand
realloc
rewind
setlocale
signal
sprintf
srand
sscanf
strcat
strchr
strcmp
strcoll
strcpy
strcspn
strerror
strftime
strlen
strncmp
strncpy
strrchr
strspn
strstr
strtol
strtoul
system
time
tolower
toupper
vfprintf
wcslen
wcstombs

shell32

Shell_NotifyIconA

user32

FindWindowA
GetActiveWindow
GetCapture
GetClipboardOwner
GetCursorPos
GetForegroundWindow
GetLastActivePopup
GetQueueStatus
MessageBoxA
SendMessageA

wsock32

__WSAFDIsSet
closesocket
connect
gethostbyname
htons
inet_ntoa
ioctlsocket
send
shutdown
socket

Sections

.text
Size: 675KB - Virtual size: 674KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 111KB - Virtual size: 111KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.eh_fram
Size: 106KB - Virtual size: 106KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 11KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
KiTTY_0.76.0.8/kitty-bin-0.76.0.8/ksftp.exe
.exe windows:4 windows x86 arch:x86

a4083b5b3cd64b31aefb2e7b43ef4763

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

advapi32

AllocateAndInitializeSid
CopySid
EqualSid
GetLengthSid
GetUserNameA
InitializeSecurityDescriptor
RegCloseKey
RegCreateKeyA
RegCreateKeyExA
RegDeleteKeyA
RegDeleteValueA
RegEnumKeyA
RegEnumKeyExA
RegEnumValueA
RegOpenKeyA
RegOpenKeyExA
RegQueryInfoKeyA
RegQueryValueExA
RegSetValueExA
SetSecurityDescriptorDacl
SetSecurityDescriptorOwner

kernel32

CloseHandle
ConnectNamedPipe
CreateDirectoryA
CreateEventA
CreateFileA
CreateFileMappingA
CreateMutexA
CreateNamedPipeA
CreatePipe
CreateProcessA
CreateThread
DeleteCriticalSection
DeleteFileA
EnterCriticalSection
ExitProcess
ExpandEnvironmentStringsA
FindClose
FindFirstFileA
FindNextFileA
FormatMessageA
FreeLibrary
GetACP
GetCPInfo
GetCommandLineA
GetConsoleMode
GetCurrentDirectoryA
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetEnvironmentVariableA
GetFileAttributesA
GetFileAttributesExA
GetFileSize
GetFileTime
GetLastError
GetLocalTime
GetModuleFileNameA
GetModuleHandleA
GetOEMCP
GetOverlappedResult
GetProcAddress
GetProcessTimes
GetStdHandle
GetSystemDirectoryA
GetSystemTimeAsFileTime
GetThreadTimes
GetTickCount
GetVersionExA
GetWindowsDirectoryA
GlobalMemoryStatus
InitializeCriticalSection
InterlockedExchange
IsDBCSLeadByteEx
LeaveCriticalSection
LoadLibraryA
LoadLibraryExA
LocalAlloc
LocalFileTimeToFileTime
LocalFree
MapViewOfFile
MultiByteToWideChar
OpenProcess
QueryPerformanceCounter
ReadFile
ReleaseMutex
SetConsoleMode
SetCurrentDirectoryA
SetEvent
SetFilePointer
SetFileTime
SetHandleInformation
SetUnhandledExceptionFilter
Sleep
TlsGetValue
UnmapViewOfFile
VirtualProtect
VirtualQuery
WaitForMultipleObjects
WaitForSingleObject
WaitNamedPipeA
WideCharToMultiByte
WriteFile

msvcrt

_itoa
_ltoa
_mkdir
_putenv
_stat
_strdup
_stricmp
_stricoll
_unlink
__getmainargs
__mb_cur_max
__p__environ
__p__fmode
__set_app_type
_assert
_cexit
_errno
_fpreset
_fullpath
_iob
_isctype
_locking
_mkdir
_onexit
_pctype
_rmdir
_setmode
_stat
_stricmp
_strnicmp
abort
atexit
atoi
calloc
difftime
exit
fclose
fflush
fgetc
fgets
fopen
fprintf
fputc
fputs
fread
free
fscanf
fseek
ftell
fwrite
getenv
iswctype
localeconv
localtime
malloc
mbstowcs
memchr
memcmp
memcpy
memmove
memset
mktime
printf
puts
qsort
rand
realloc
rewind
setlocale
signal
sprintf
srand
sscanf
strcat
strchr
strcmp
strcoll
strcpy
strcspn
strerror
strftime
strlen
strncmp
strncpy
strrchr
strspn
strstr
strtol
strtoul
system
time
tolower
toupper
vfprintf
wcslen
wcstombs

shell32

Shell_NotifyIconA

user32

FindWindowA
GetActiveWindow
GetCapture
GetClipboardOwner
GetCursorPos
GetForegroundWindow
GetLastActivePopup
GetQueueStatus
MessageBoxA
SendMessageA

wsock32

__WSAFDIsSet
closesocket
connect
gethostbyname
htons
inet_ntoa
ioctlsocket
send
shutdown
socket

Sections

.text
Size: 675KB - Virtual size: 675KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 117KB - Virtual size: 117KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.eh_fram
Size: 107KB - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 11KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
软件说明.txt

Sharing

General

Malware Config

Signatures

Files

43b39567b74e685084b78195561994ae

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

cygwin1

kernel32

Sections

.text Size: 14KB - Virtual size: 13KB

.data Size: 512B - Virtual size: 104B

.rdata Size: 3KB - Virtual size: 2KB

.buildid Size: 512B - Virtual size: 53B

.pdata Size: 1024B - Virtual size: 900B

.xdata Size: 1024B - Virtual size: 744B

.bss Size: - Virtual size: 4KB

.idata Size: 2KB - Virtual size: 1KB

.rsrc Size: 1KB - Virtual size: 1KB

/4 Size: 1024B - Virtual size: 608B

/19 Size: 112KB - Virtual size: 111KB

/31 Size: 5KB - Virtual size: 5KB

/45 Size: 6KB - Virtual size: 5KB

/57 Size: 1024B - Virtual size: 744B

/70 Size: 1KB - Virtual size: 1KB

/81 Size: 2KB - Virtual size: 1KB

ab2c9941b31956bc0d2c78a10c37e02b

Headers

File Characteristics

PDB Paths

Imports

kernel32

ntdll

Exports

Exports

Sections

.text Size: 1.7MB - Virtual size: 1.7MB

/4 Size: 12KB - Virtual size: 12KB

.data Size: 154KB - Virtual size: 153KB

.rdata Size: 336KB - Virtual size: 335KB

.buildid Size: 512B - Virtual size: 53B

.pdata Size: 62KB - Virtual size: 61KB

.xdata Size: 61KB - Virtual size: 61KB

.bss Size: - Virtual size: 286KB

.edata Size: 33KB - Virtual size: 33KB

.reloc Size: 19KB - Virtual size: 19KB

/19 Size: 33KB - Virtual size: 32KB

.idata Size: 13KB - Virtual size: 13KB

/38 Size: 512B - Virtual size: 16B

.rsrc Size: 1KB - Virtual size: 1KB

.cygheap Size: - Virtual size: 3.0MB

6cdf1395d93fdb0ba770223642b7d696

Headers

File Characteristics

Imports

advapi32

kernel32

msvcrt

Sections

.text Size: 26KB - Virtual size: 25KB

.data Size: 512B - Virtual size: 36B

.rdata Size: 3KB - Virtual size: 2KB

/4 Size: 4KB - Virtual size: 3KB

.bss Size: - Virtual size: 144B

.idata Size: 2KB - Virtual size: 1KB

.CRT Size: 512B - Virtual size: 24B

.tls Size: 512B - Virtual size: 32B

/14 Size: 512B - Virtual size: 56B

/29 Size: 8KB - Virtual size: 7KB

/41 Size: 512B - Virtual size: 329B

/55 Size: 512B - Virtual size: 456B

/67 Size: 512B - Virtual size: 56B

/80 Size: 512B - Virtual size: 134B

f8ea82bb985629896891f66140364a14

Headers

File Characteristics

.text
Size: 14KB - Virtual size: 13KB

.data
Size: 512B - Virtual size: 104B

.rdata
Size: 3KB - Virtual size: 2KB

.buildid
Size: 512B - Virtual size: 53B

.pdata
Size: 1024B - Virtual size: 900B

.xdata
Size: 1024B - Virtual size: 744B

.bss
Size: - Virtual size: 4KB

.idata
Size: 2KB - Virtual size: 1KB

.rsrc
Size: 1KB - Virtual size: 1KB

/4
Size: 1024B - Virtual size: 608B

/19
Size: 112KB - Virtual size: 111KB

/31
Size: 5KB - Virtual size: 5KB

/45
Size: 6KB - Virtual size: 5KB

/57
Size: 1024B - Virtual size: 744B

/70
Size: 1KB - Virtual size: 1KB

/81
Size: 2KB - Virtual size: 1KB

.text
Size: 1.7MB - Virtual size: 1.7MB

/4
Size: 12KB - Virtual size: 12KB

.data
Size: 154KB - Virtual size: 153KB

.rdata
Size: 336KB - Virtual size: 335KB

.buildid
Size: 512B - Virtual size: 53B

.pdata
Size: 62KB - Virtual size: 61KB

.xdata
Size: 61KB - Virtual size: 61KB

.bss
Size: - Virtual size: 286KB

.edata
Size: 33KB - Virtual size: 33KB

.reloc
Size: 19KB - Virtual size: 19KB

/19
Size: 33KB - Virtual size: 32KB

.idata
Size: 13KB - Virtual size: 13KB

/38
Size: 512B - Virtual size: 16B

.rsrc
Size: 1KB - Virtual size: 1KB

.cygheap
Size: - Virtual size: 3.0MB

.text
Size: 26KB - Virtual size: 25KB

.data
Size: 512B - Virtual size: 36B

.rdata
Size: 3KB - Virtual size: 2KB

/4
Size: 4KB - Virtual size: 3KB

.bss
Size: - Virtual size: 144B

.idata
Size: 2KB - Virtual size: 1KB

.CRT
Size: 512B - Virtual size: 24B

.tls
Size: 512B - Virtual size: 32B

/14
Size: 512B - Virtual size: 56B

/29
Size: 8KB - Virtual size: 7KB

/41
Size: 512B - Virtual size: 329B

/55
Size: 512B - Virtual size: 456B

/67
Size: 512B - Virtual size: 56B

/80
Size: 512B - Virtual size: 134B

.text
Size: 373KB - Virtual size: 373KB

.data
Size: 1KB - Virtual size: 1KB

.rdata
Size: 48KB - Virtual size: 47KB

.eh_fram
Size: 61KB - Virtual size: 60KB

.bss
Size: - Virtual size: 8KB

.idata
Size: 6KB - Virtual size: 5KB

.CRT
Size: 512B - Virtual size: 24B

.tls
Size: 512B - Virtual size: 32B

.rsrc
Size: 9KB - Virtual size: 9KB

UPX0
Size: - Virtual size: 1.5MB

UPX1
Size: 696KB - Virtual size: 700KB

.rsrc
Size: 66KB - Virtual size: 68KB

.text
Size: 1.3MB - Virtual size: 1.3MB

.data
Size: 14KB - Virtual size: 14KB

.rdata
Size: 280KB - Virtual size: 279KB

.eh_fram
Size: 196KB - Virtual size: 196KB

.bss
Size: - Virtual size: 82KB

.idata
Size: 14KB - Virtual size: 14KB

.CRT
Size: 512B - Virtual size: 24B

.tls
Size: 512B - Virtual size: 32B

.rsrc
Size: 294KB - Virtual size: 293KB

UPX0
Size: - Virtual size: 1.5MB

UPX1
Size: 696KB - Virtual size: 700KB

.rsrc
Size: 66KB - Virtual size: 68KB

.text
Size: 1.3MB - Virtual size: 1.3MB

.data
Size: 14KB - Virtual size: 14KB

.rdata
Size: 280KB - Virtual size: 279KB

.eh_fram
Size: 196KB - Virtual size: 196KB

.bss
Size: - Virtual size: 82KB

.idata
Size: 14KB - Virtual size: 14KB

.CRT
Size: 512B - Virtual size: 24B

.tls
Size: 512B - Virtual size: 32B

.rsrc
Size: 294KB - Virtual size: 293KB