Extracted

Extracted

• 210320-734lqpbv62_pw_infected.zip

  .zip

  Password: infected

• analyseme.exe

  .exe windows:6 windows x86 arch:x86

  Password: infected

  2e71e4e9d7522c32114abd5dde43a654

  
  

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_32BIT_MACHINE

  PDB Paths

  C:\Users\echo\source\repos\btlo\Release\btlo.pdb

  Imports

  kernel32

  WriteProcessMemory

  WaitForSingleObject

  Sleep

  VirtualAllocEx

  CreateProcessW

  CreateRemoteThread

  SetUnhandledExceptionFilter

  GetCurrentProcess

  TerminateProcess

  IsProcessorFeaturePresent

  QueryPerformanceCounter

  GetCurrentProcessId

  GetCurrentThreadId

  GetSystemTimeAsFileTime

  InitializeSListHead

  IsDebuggerPresent

  GetModuleHandleW

  UnhandledExceptionFilter

  msvcp140

  ?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ

  ?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z

  ?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z

  ?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ

  ?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z

  ?getloc@ios_base@std@@QBE?AVlocale@2@XZ

  ?_Getcat@?$ctype@D@std@@SAIPAPBVfacet@locale@2@PBV42@@Z

  ??Bid@locale@std@@QAEIXZ

  ?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ

  ??1_Lockit@std@@QAE@XZ

  ??0_Lockit@std@@QAE@H@Z

  ?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A

  ?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ

  ?uncaught_exception@std@@YA_NXZ

  ?cin@std@@3V?$basic_istream@DU?$char_traits@D@std@@@1@A

  ?id@?$ctype@D@std@@2V0locale@2@A

  ?_Xlength_error@std@@YAXPBD@Z

  ?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ

  ?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QAE_N_N@Z

  vcruntime140

  _except_handler4_common

  memset

  __current_exception_context

  __current_exception

  _CxxThrowException

  __std_exception_copy

  __std_exception_destroy

  __CxxFrameHandler3

  memcpy

  __std_terminate

  api-ms-win-crt-runtime-l1-1-0

  _initialize_onexit_table

  _register_onexit_function

  _crt_atexit

  __p___argv

  _controlfp_s

  __p___argc

  _cexit

  _register_thread_local_exe_atexit_callback

  _invalid_parameter_noinfo_noreturn

  _c_exit

  _exit

  exit

  _initterm_e

  _initterm

  _get_initial_narrow_environment

  _initialize_narrow_environment

  _configure_narrow_argv

  _seh_filter_exe

  _set_app_type

  terminate

  api-ms-win-crt-heap-l1-1-0

  free

  malloc

  _callnewh

  _set_new_mode

  api-ms-win-crt-math-l1-1-0

  __setusermatherr

  api-ms-win-crt-stdio-l1-1-0

  __p__commode

  _set_fmode

  api-ms-win-crt-locale-l1-1-0

  _configthreadlocale

  Sections

  .text

  Size: 7KB - Virtual size: 6KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 6KB - Virtual size: 6KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 512B - Virtual size: 1KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rsrc

  Size: 512B - Virtual size: 480B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .reloc

  Size: 1024B - Virtual size: 768B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ