6f1449121c5a88a5fcfb408a5915543a_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

6f1449121c5a88a5fcfb408a5915543a_JaffaCakes118
Size

1.2MB
MD5

6f1449121c5a88a5fcfb408a5915543a
SHA1

e1ead1a83c4356a628fc22142652914e5f5242c4
SHA256

7bbb458e6579df29118174eb65579f6f02773e8ead9e89b65933191796774617
SHA512

fb1b2b19c190425ce72af8af399534b4b912f7fdc344ab93f595c33eb58fd2812cde4e9fc7c090a0c48de6458615f0b33a7b280aaa5076b86e49bff510ac105a
SSDEEP

24576:uij4cIfWZMDHDGGpjewI3TWacQjDnArnbzywHnlePH3+Ipi6HU:rIfWZM/GKjFuTh+bewFevOI8aU

Score

3^/10

Malware Config

Signatures

Unsigned PE 8 IoCs

Checks for missing Authenticode signature.

Processes:

resource
unpack001/gpg.exe
unpack001/gpgconf.exe
unpack001/libassuan-0.dll
unpack001/libgcrypt-20.dll
unpack001/libgpg-error-0.dll
unpack001/libnpth-0.dll
unpack001/libsqlite3-0.dll
unpack001/zlib1.dll

Files

6f1449121c5a88a5fcfb408a5915543a_JaffaCakes118
.rar
gpg.exe
.exe windows:4 windows x86 arch:x86

8d17a97aa0c6272cdc09bde220932b9f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

libassuan-0

assuan_begin_confidential
assuan_end_confidential
assuan_inquire
assuan_new
assuan_release
assuan_send_data
assuan_set_gpg_err_source
assuan_set_log_cb
assuan_set_malloc_hooks
assuan_socket_connect
assuan_transact

libgcrypt-20

gcry_calloc
gcry_calloc_secure
gcry_check_version
gcry_cipher_algo_info
gcry_cipher_algo_name
gcry_cipher_close
gcry_cipher_ctl
gcry_cipher_decrypt
gcry_cipher_encrypt
gcry_cipher_get_algo_blklen
gcry_cipher_get_algo_keylen
gcry_cipher_map_name
gcry_cipher_open
gcry_cipher_setiv
gcry_cipher_setkey
gcry_control
gcry_create_nonce
gcry_free
gcry_get_config
gcry_is_secure
gcry_kdf_derive
gcry_malloc
gcry_malloc_secure
gcry_md_algo_info
gcry_md_algo_name
gcry_md_close
gcry_md_copy
gcry_md_ctl
gcry_md_debug
gcry_md_enable
gcry_md_get_algo
gcry_md_get_algo_dlen
gcry_md_hash_buffer
gcry_md_is_enabled
gcry_md_is_secure
gcry_md_map_name
gcry_md_open
gcry_md_read
gcry_md_write
gcry_mpi_aprint
gcry_mpi_cmp
gcry_mpi_copy
gcry_mpi_dump
gcry_mpi_get_flag
gcry_mpi_get_nbits
gcry_mpi_get_opaque
gcry_mpi_print
gcry_mpi_randomize
gcry_mpi_release
gcry_mpi_scan
gcry_mpi_set_flag
gcry_mpi_set_opaque
gcry_mpi_set_opaque_copy
gcry_mpi_snew
gcry_pk_algo_info
gcry_pk_algo_name
gcry_pk_ctl
gcry_pk_encrypt
gcry_pk_get_curve
gcry_pk_get_keygrip
gcry_pk_get_nbits
gcry_pk_map_name
gcry_pk_testkey
gcry_pk_verify
gcry_random_bytes
gcry_random_bytes_secure
gcry_randomize
gcry_realloc
gcry_set_fatalerror_handler
gcry_set_log_handler
gcry_set_outofcore_handler
gcry_set_progress_handler
gcry_sexp_build
gcry_sexp_build_array
gcry_sexp_cadr
gcry_sexp_canon_len
gcry_sexp_extract_param
gcry_sexp_find_token
gcry_sexp_length
gcry_sexp_nth
gcry_sexp_nth_data
gcry_sexp_nth_mpi
gcry_sexp_nth_string
gcry_sexp_release
gcry_sexp_sprint
gcry_sexp_sscan
gcry_strdup
gcry_xcalloc
gcry_xcalloc_secure
gcry_xmalloc
gcry_xmalloc_secure
gcry_xrealloc
gcry_xstrdup

libgpg-error-0

_gpg_w32_bindtextdomain
_gpg_w32_dngettext
_gpg_w32_gettext
_gpg_w32_gettext_localename
_gpg_w32_gettext_use_utf8
_gpg_w32_textdomain
_gpgrt_get_std_stream
_gpgrt_putc_overflow
gpg_err_code_from_errno
gpg_err_code_from_syserror
gpg_err_init
gpg_err_set_errno
gpg_strerror
gpg_strsource
gpgrt_asprintf
gpgrt_bsprintf
gpgrt_fclose
gpgrt_fclose_snatch
gpgrt_fdopen
gpgrt_fdopen_nc
gpgrt_ferror
gpgrt_fflush
gpgrt_fgets
gpgrt_fileno
gpgrt_flockfile
gpgrt_fopen
gpgrt_fopencookie
gpgrt_fopenmem
gpgrt_fprintf
gpgrt_fprintf_unlocked
gpgrt_fputc
gpgrt_fputs
gpgrt_fputs_unlocked
gpgrt_fread
gpgrt_free
gpgrt_funlockfile
gpgrt_fwrite
gpgrt_printf
gpgrt_read
gpgrt_rewind
gpgrt_set_alloc_func
gpgrt_set_binary
gpgrt_setvbuf
gpgrt_snprintf
gpgrt_sysopen
gpgrt_vasprintf
gpgrt_vfprintf
gpgrt_vfprintf_unlocked
gpgrt_w32_iconv
gpgrt_w32_iconv_close
gpgrt_w32_iconv_open
gpgrt_write
gpgrt_write_hexstring
gpgrt_write_sanitized

libsqlite3-0

sqlite3_bind_blob
sqlite3_bind_int
sqlite3_bind_int64
sqlite3_bind_parameter_count
sqlite3_bind_text
sqlite3_busy_handler
sqlite3_busy_timeout
sqlite3_close
sqlite3_column_count
sqlite3_column_name
sqlite3_column_text
sqlite3_column_type
sqlite3_db_handle
sqlite3_errmsg
sqlite3_errstr
sqlite3_exec
sqlite3_finalize
sqlite3_free
sqlite3_malloc
sqlite3_open
sqlite3_prepare_v2
sqlite3_reset
sqlite3_step
sqlite3_vmprintf

zlib1

deflate
deflateEnd
deflateInit2_
deflateInit_
inflate
inflateEnd
inflateInit2_
inflateInit_

advapi32

CopySid
GetLengthSid
GetTokenInformation
IsValidSid
OpenProcessToken
RegCloseKey
RegOpenKeyExA
RegQueryValueExA

kernel32

CloseHandle
CreateDirectoryA
CreateFileA
CreateFileW
CreatePipe
CreateProcessA
DeleteCriticalSection
EnterCriticalSection
ExpandEnvironmentStringsA
FormatMessageA
GetACP
GetConsoleOutputCP
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetEnvironmentVariableA
GetExitCodeProcess
GetFileInformationByHandle
GetFileSize
GetLastError
GetModuleFileNameW
GetModuleHandleA
GetPriorityClass
GetProcAddress
GetStartupInfoA
GetStdHandle
GetSystemDirectoryA
GetSystemTimeAsFileTime
GetTempPathA
GetTickCount
GetVersionExA
InitializeCriticalSection
IsDBCSLeadByte
LeaveCriticalSection
LoadLibraryA
LockFileEx
MultiByteToWideChar
OpenProcess
QueryPerformanceCounter
ReadConsoleA
ReadFile
ResumeThread
SetConsoleMode
SetEnvironmentVariableA
SetFilePointer
SetHandleInformation
SetUnhandledExceptionFilter
Sleep
SystemTimeToFileTime
TerminateProcess
TlsGetValue
UnhandledExceptionFilter
UnlockFileEx
VirtualProtect
VirtualQuery
WaitForMultipleObjects
WaitForSingleObject
WideCharToMultiByte
WriteConsoleA
WriteFile

msvcrt

__dllonexit
__doserrno
__getmainargs
__initenv
__lconv_init
__pioinfo
__set_app_type
__setusermatherr
_acmdln
_amsg_exit
_cexit
_errno
_exit
_filelengthi64
_fileno
_fmode
_fstati64
_get_osfhandle
_initterm
_iob
_lock
_lseeki64
_onexit
_open_osfhandle
_snwprintf
_stati64
time
mktime
localtime
gmtime
calloc
clearerr
exit
fclose
ferror
fflush
fgetc
fgetpos
fgets
fopen
fprintf
fputc
fputs
fread
free
fseek
fsetpos
fwprintf
fwrite
getc
getenv
iscntrl
isgraph
isprint
isspace
isxdigit
malloc
memchr
memcmp
memcpy
memmove
memset
printf
putc
qsort
raise
realloc
remove
rename
setlocale
signal
sprintf
sscanf
strchr
strcmp
strcpy
strcspn
strerror
strftime
strlen
strncmp
strncpy
strpbrk
strrchr
strspn
strstr
strtok
strtol
strtoul
_stricmp
_strnicmp
_unlock
_write
abort
atoi
toupper
ungetc
vfprintf
wcscpy
_write
_unlink
_umask
_stricmp
_strdup
_setmode
_rmdir
_read
_putenv
_open
_mkdir
_memicmp
_isatty
_getpid
_getcwd
_fileno
_fdopen
_dup
_close
_chdir
_access

user32

AllowSetForegroundWindow
MessageBoxW

ws2_32

WSAGetLastError
WSAStartup
closesocket
connect
htons
inet_addr
recv
send
socket

Sections

.text
Size: 893KB - Virtual size: 892KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 166KB - Virtual size: 165KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 6KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 52B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
gpgconf.exe
.exe windows:4 windows x86 arch:x86

560cf3b5dbb5cb0d25a624c6d4fb0e98

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

libgcrypt-20

gcry_calloc
gcry_check_version
gcry_create_nonce
gcry_free
gcry_malloc
gcry_malloc_secure
gcry_realloc
gcry_strdup
gcry_xmalloc
gcry_xstrdup

libgpg-error-0

_gpg_w32_bindtextdomain
_gpg_w32_gettext
_gpg_w32_gettext_use_utf8
_gpg_w32_textdomain
_gpgrt_get_std_stream
_gpgrt_putc_overflow
gpg_err_code_from_errno
gpg_err_code_from_syserror
gpg_err_init
gpg_err_set_errno
gpg_strerror
gpgrt_fclose
gpgrt_fdopen
gpgrt_feof
gpgrt_ferror
gpgrt_fflush
gpgrt_fgetc
gpgrt_fileno
gpgrt_flockfile
gpgrt_fopen
gpgrt_fopencookie
gpgrt_fprintf
gpgrt_fprintf_unlocked
gpgrt_fputc
gpgrt_fputs
gpgrt_fputs_unlocked
gpgrt_fread
gpgrt_funlockfile
gpgrt_fwrite
gpgrt_read_line
gpgrt_set_alloc_func
gpgrt_setvbuf
gpgrt_snprintf
gpgrt_sysopen
gpgrt_vasprintf
gpgrt_vfprintf
gpgrt_vfprintf_unlocked
gpgrt_w32_iconv
gpgrt_w32_iconv_close
gpgrt_w32_iconv_open

advapi32

CopySid
GetLengthSid
GetTokenInformation
GetUserNameA
IsValidSid
OpenProcessToken
RegCloseKey
RegOpenKeyExA
RegQueryValueExA

kernel32

CloseHandle
CreateDirectoryA
CreateFileA
CreateFileW
CreatePipe
CreateProcessA
DeleteCriticalSection
EnterCriticalSection
ExpandEnvironmentStringsA
FormatMessageA
GetACP
GetConsoleOutputCP
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetEnvironmentVariableA
GetExitCodeProcess
GetFileInformationByHandle
GetLastError
GetModuleFileNameW
GetModuleHandleA
GetPriorityClass
GetProcAddress
GetStartupInfoA
GetSystemDirectoryA
GetSystemTimeAsFileTime
GetTempPathA
GetTickCount
InitializeCriticalSection
LeaveCriticalSection
LoadLibraryA
MultiByteToWideChar
OpenProcess
QueryPerformanceCounter
ResumeThread
SetEnvironmentVariableA
SetHandleInformation
SetUnhandledExceptionFilter
Sleep
SystemTimeToFileTime
TerminateProcess
TlsGetValue
UnhandledExceptionFilter
VirtualProtect
VirtualQuery
WaitForMultipleObjects
WideCharToMultiByte

msvcrt

__dllonexit
__getmainargs
__initenv
__lconv_init
__set_app_type
__setusermatherr
_acmdln
_amsg_exit
_cexit
_errno
_exit
_fmode
_fstati64
_get_osfhandle
_initterm
_iob
_lock
_onexit
_open_osfhandle
_snwprintf
time
mktime
localtime
gmtime
calloc
exit
ferror
fflush
fprintf
fputs
free
fwprintf
fwrite
getc
getenv
isspace
malloc
memcmp
memcpy
memmove
raise
realloc
remove
rename
signal
sprintf
strchr
strcmp
strcpy
strcspn
strerror
strftime
strlen
strncmp
strncpy
strpbrk
strrchr
strtol
strtoul
_unlock
abort
atoi
toupper
vfprintf
wcscpy
_write
_unlink
_rmdir
_putenv
_open
_mkdir
_isatty
_getpid
_getcwd
_fdopen
_dup
_close
_chdir
_access

user32

AllowSetForegroundWindow
MessageBoxW

ws2_32

WSAStartup
closesocket
connect
htons
inet_addr
send
socket

Sections

.text
Size: 108KB - Virtual size: 107KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 52B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
lebenslauf_2019_5_6.jpe
.jpg
libassuan-0.dll
.dll windows:4 windows x86 arch:x86

1f4705c612c22f5b8d6acb36e898c5e6

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

libgpg-error-0

gpg_err_code_from_syserror
gpg_err_set_errno
gpg_strerror
gpg_strerror_r
gpg_strsource
gpgrt_asprintf
gpgrt_free
gpgrt_vasprintf

advapi32

CryptAcquireContextA
CryptGenRandom
CryptReleaseContext

kernel32

CloseHandle
CreateFileA
CreateFileW
CreatePipe
CreateProcessA
DeleteCriticalSection
DeleteFileA
DuplicateHandle
EnterCriticalSection
FormatMessageA
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetFileType
GetLastError
GetModuleFileNameW
GetModuleHandleA
GetNamedPipeInfo
GetPriorityClass
GetProcAddress
GetSystemTimeAsFileTime
GetTickCount
InitializeCriticalSection
LeaveCriticalSection
QueryPerformanceCounter
ReadFile
ResumeThread
SetUnhandledExceptionFilter
Sleep
TerminateProcess
TlsGetValue
UnhandledExceptionFilter
VirtualProtect
VirtualQuery
WriteFile

msvcrt

__dllonexit
_amsg_exit
_environ
_errno
_exit
_get_osfhandle
_initterm
_iob
_lock
_onexit
_snwprintf
_vsnprintf
calloc
fclose
fflush
fopen
fprintf
fputs
fread
free
fwprintf
fwrite
getenv
iscntrl
isprint
malloc
memchr
memcmp
memcpy
memset
putc
raise
realloc
sprintf
sscanf
strcat
strchr
strcmp
strcpy
strcspn
strerror
strlen
strncmp
strncpy
strpbrk
strtoul
_unlock
abort
atoi
vfprintf
wcscpy
_getpid
_fileno

user32

MessageBoxW

ws2_32

WSACleanup
WSAGetLastError
WSAStartup
accept
bind
closesocket
connect
getsockname
htonl
htons
inet_addr
ntohs
recv
recvfrom
select
send
sendto
socket

Exports

Exports

__assuan_close
__assuan_connect
__assuan_pipe
__assuan_read
__assuan_recvmsg
__assuan_sendmsg
__assuan_socket
__assuan_socketpair
__assuan_spawn
__assuan_usleep
__assuan_waitpid
__assuan_write
_assuan_w32ce_create_pipe
_assuan_w32ce_finish_pipe
_assuan_w32ce_prepare_pipe
assuan_accept
assuan_begin_confidential
assuan_check_version
assuan_client_parse_response
assuan_client_read_response
assuan_close_input_fd
assuan_close_output_fd
assuan_command_parse_fd
assuan_ctx_set_system_hooks
assuan_end_confidential
assuan_fdopen
assuan_free
assuan_get_active_fds
assuan_get_assuan_log_prefix
assuan_get_command_name
assuan_get_data_fp
assuan_get_flag
assuan_get_gpg_err_source
assuan_get_input_fd
assuan_get_log_cb
assuan_get_malloc_hooks
assuan_get_output_fd
assuan_get_peercred
assuan_get_pid
assuan_get_pointer
assuan_init_pipe_server
assuan_init_socket_server
assuan_inquire
assuan_inquire_ext
assuan_new
assuan_new_ext
assuan_pending_line
assuan_pipe_connect
assuan_process
assuan_process_done
assuan_process_next
assuan_read_line
assuan_receivefd
assuan_register_bye_notify
assuan_register_cancel_notify
assuan_register_command
assuan_register_input_notify
assuan_register_option_handler
assuan_register_output_notify
assuan_register_post_cmd_notify
assuan_register_pre_cmd_notify
assuan_register_reset_notify
assuan_release
assuan_send_data
assuan_sendfd
assuan_set_assuan_log_prefix
assuan_set_assuan_log_stream
assuan_set_error
assuan_set_flag
assuan_set_gpg_err_source
assuan_set_hello_line
assuan_set_io_monitor
assuan_set_log_cb
assuan_set_log_stream
assuan_set_malloc_hooks
assuan_set_okay_line
assuan_set_pointer
assuan_set_sock_nonce
assuan_set_system_hooks
assuan_sock_bind
assuan_sock_check_nonce
assuan_sock_close
assuan_sock_connect
assuan_sock_connect_byname
assuan_sock_deinit
assuan_sock_get_flag
assuan_sock_get_nonce
assuan_sock_init
assuan_sock_new
assuan_sock_set_flag
assuan_sock_set_sockaddr_un
assuan_sock_set_system_hooks
assuan_socket_connect
assuan_socket_connect_fd
assuan_transact
assuan_write_line
assuan_write_status

Sections

.text
Size: 52KB - Virtual size: 52KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 44B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
libgcrypt-20.dll
.dll windows:4 windows x86 arch:x86

f8b2130d8495f2d334f8aed0a9ed26ec

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

libgpg-error-0

gpg_err_code_from_errno
gpg_err_code_from_syserror
gpg_err_set_errno
gpg_strerror
gpg_strsource
gpgrt_fclose
gpgrt_fclose_snatch
gpgrt_ferror
gpgrt_fopenmem
gpgrt_fprintf
gpgrt_get_syscall_clamp
gpgrt_lock_destroy
gpgrt_lock_init
gpgrt_lock_lock
gpgrt_lock_unlock
gpgrt_rewind

advapi32

RegCloseKey
RegOpenKeyExA
RegQueryValueExA

kernel32

CloseHandle
CreateFileA
DeleteCriticalSection
DeviceIoControl
EnterCriticalSection
FreeLibrary
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetLastError
GetModuleFileNameW
GetModuleHandleA
GetProcAddress
GetProcessHeap
GetProcessTimes
GetProcessWorkingSetSize
GetStartupInfoA
GetSystemTimeAsFileTime
GetThreadTimes
GetTickCount
GetTimeZoneInformation
GetVersionExA
GlobalMemoryStatus
InitializeCriticalSection
LeaveCriticalSection
LoadLibraryA
MapViewOfFile
OpenFileMappingA
QueryPerformanceCounter
SetUnhandledExceptionFilter
Sleep
TerminateProcess
TlsGetValue
UnhandledExceptionFilter
UnmapViewOfFile
VirtualProtect
VirtualQuery

msvcrt

__dllonexit
_amsg_exit
_errno
_exit
_initterm
_iob
_lock
_onexit
_snwprintf
_vsnprintf
calloc
clock
fclose
feof
ferror
fflush
fgets
fopen
fprintf
fputs
fread
free
fwprintf
fwrite
getenv
iscntrl
isspace
isxdigit
malloc
memcmp
memcpy
memmove
memset
raise
realloc
strchr
strcmp
strcpy
strcspn
strerror
strlen
strncmp
strpbrk
strtoul
_unlock
abort
atoi
time
vfprintf
wcscpy
_fstat
_write
_stricmp
_read
_open
_getpid
_close
_access

user32

GetActiveWindow
GetCapture
GetCaretPos
GetClipboardOwner
GetClipboardViewer
GetCursorPos
GetDesktopWindow
GetFocus
GetInputState
GetMessagePos
GetMessageTime
GetOpenClipboardWindow
GetProcessWindowStation
MessageBoxW

Exports

Exports

_gcry_mpi_get_const
gcry_calloc
gcry_calloc_secure
gcry_check_version
gcry_cipher_algo_info
gcry_cipher_algo_name
gcry_cipher_authenticate
gcry_cipher_checktag
gcry_cipher_close
gcry_cipher_ctl
gcry_cipher_decrypt
gcry_cipher_encrypt
gcry_cipher_get_algo_blklen
gcry_cipher_get_algo_keylen
gcry_cipher_gettag
gcry_cipher_info
gcry_cipher_map_name
gcry_cipher_mode_from_oid
gcry_cipher_open
gcry_cipher_setctr
gcry_cipher_setiv
gcry_cipher_setkey
gcry_control
gcry_create_nonce
gcry_ctx_release
gcry_err_code_from_errno
gcry_err_code_to_errno
gcry_err_make_from_errno
gcry_error_from_errno
gcry_free
gcry_get_config
gcry_is_secure
gcry_kdf_derive
gcry_log_debug
gcry_log_debughex
gcry_log_debugmpi
gcry_log_debugpnt
gcry_log_debugsxp
gcry_mac_algo_info
gcry_mac_algo_name
gcry_mac_close
gcry_mac_ctl
gcry_mac_get_algo
gcry_mac_get_algo_keylen
gcry_mac_get_algo_maclen
gcry_mac_map_name
gcry_mac_open
gcry_mac_read
gcry_mac_setiv
gcry_mac_setkey
gcry_mac_verify
gcry_mac_write
gcry_malloc
gcry_malloc_secure
gcry_md_algo_info
gcry_md_algo_name
gcry_md_close
gcry_md_copy
gcry_md_ctl
gcry_md_debug
gcry_md_enable
gcry_md_extract
gcry_md_get_algo
gcry_md_get_algo_dlen
gcry_md_hash_buffer
gcry_md_hash_buffers
gcry_md_info
gcry_md_is_enabled
gcry_md_is_secure
gcry_md_map_name
gcry_md_open
gcry_md_read
gcry_md_reset
gcry_md_setkey
gcry_md_write
gcry_mpi_abs
gcry_mpi_add
gcry_mpi_add_ui
gcry_mpi_addm
gcry_mpi_aprint
gcry_mpi_clear_bit
gcry_mpi_clear_flag
gcry_mpi_clear_highbit
gcry_mpi_cmp
gcry_mpi_cmp_ui
gcry_mpi_copy
gcry_mpi_div
gcry_mpi_dump
gcry_mpi_ec_add
gcry_mpi_ec_curve_point
gcry_mpi_ec_decode_point
gcry_mpi_ec_dup
gcry_mpi_ec_get_affine
gcry_mpi_ec_get_mpi
gcry_mpi_ec_get_point
gcry_mpi_ec_mul
gcry_mpi_ec_new
gcry_mpi_ec_set_mpi
gcry_mpi_ec_set_point
gcry_mpi_ec_sub
gcry_mpi_gcd
gcry_mpi_get_flag
gcry_mpi_get_nbits
gcry_mpi_get_opaque
gcry_mpi_invm
gcry_mpi_is_neg
gcry_mpi_lshift
gcry_mpi_mod
gcry_mpi_mul
gcry_mpi_mul_2exp
gcry_mpi_mul_ui
gcry_mpi_mulm
gcry_mpi_neg
gcry_mpi_new
gcry_mpi_point_copy
gcry_mpi_point_get
gcry_mpi_point_new
gcry_mpi_point_release
gcry_mpi_point_set
gcry_mpi_point_snatch_get
gcry_mpi_point_snatch_set
gcry_mpi_powm
gcry_mpi_print
gcry_mpi_randomize
gcry_mpi_release
gcry_mpi_rshift
gcry_mpi_scan
gcry_mpi_set
gcry_mpi_set_bit
gcry_mpi_set_flag
gcry_mpi_set_highbit
gcry_mpi_set_opaque
gcry_mpi_set_opaque_copy
gcry_mpi_set_ui
gcry_mpi_snatch
gcry_mpi_snew
gcry_mpi_sub
gcry_mpi_sub_ui
gcry_mpi_subm
gcry_mpi_swap
gcry_mpi_test_bit
gcry_pk_algo_info
gcry_pk_algo_name
gcry_pk_ctl
gcry_pk_decrypt
gcry_pk_encrypt
gcry_pk_genkey
gcry_pk_get_curve
gcry_pk_get_keygrip
gcry_pk_get_nbits
gcry_pk_get_param
gcry_pk_map_name
gcry_pk_sign
gcry_pk_testkey
gcry_pk_verify
gcry_prime_check
gcry_prime_generate
gcry_prime_group_generator
gcry_prime_release_factors
gcry_pubkey_get_sexp
gcry_random_add_bytes
gcry_random_bytes
gcry_random_bytes_secure
gcry_randomize
gcry_realloc
gcry_set_allocation_handler
gcry_set_fatalerror_handler
gcry_set_gettext_handler
gcry_set_log_handler
gcry_set_outofcore_handler
gcry_set_progress_handler
gcry_sexp_alist
gcry_sexp_append
gcry_sexp_build
gcry_sexp_build_array
gcry_sexp_cadr
gcry_sexp_canon_len
gcry_sexp_car
gcry_sexp_cdr
gcry_sexp_cons
gcry_sexp_create
gcry_sexp_dump
gcry_sexp_extract_param
gcry_sexp_find_token
gcry_sexp_length
gcry_sexp_new
gcry_sexp_nth
gcry_sexp_nth_buffer
gcry_sexp_nth_data
gcry_sexp_nth_mpi
gcry_sexp_nth_string
gcry_sexp_prepend
gcry_sexp_release
gcry_sexp_sprint
gcry_sexp_sscan
gcry_sexp_vlist
gcry_strdup
gcry_strerror
gcry_strsource
gcry_xcalloc
gcry_xcalloc_secure
gcry_xmalloc
gcry_xmalloc_secure
gcry_xrealloc
gcry_xstrdup

Sections

.text
Size: 746KB - Virtual size: 746KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 169KB - Virtual size: 168KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 44B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
libgpg-error-0.dll
.dll windows:4 windows x86 arch:x86

4c2d4ac6b18c464e41c970c7913ffc89

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

advapi32

RegCloseKey
RegOpenKeyExA
RegQueryValueExA

kernel32

CloseHandle
CreateDirectoryA
CreateEventA
CreateFileA
CreateFileW
CreatePipe
CreateProcessA
CreateThread
DeleteCriticalSection
DuplicateHandle
EnterCriticalSection
ExpandEnvironmentStringsA
GetACP
GetCPInfo
GetConsoleOutputCP
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetEnvironmentVariableA
GetExitCodeProcess
GetFileSize
GetLastError
GetModuleFileNameW
GetModuleHandleA
GetPriorityClass
GetProcAddress
GetSystemTimeAsFileTime
GetTempPathA
GetThreadLocale
GetTickCount
InitializeCriticalSection
IsDBCSLeadByteEx
IsValidCodePage
LeaveCriticalSection
LocalAlloc
LocalFree
MultiByteToWideChar
QueryPerformanceCounter
ReadFile
ResetEvent
ResumeThread
SetEnvironmentVariableA
SetEvent
SetFilePointerEx
SetHandleInformation
SetUnhandledExceptionFilter
Sleep
TerminateProcess
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
TryEnterCriticalSection
UnhandledExceptionFilter
VirtualProtect
VirtualQuery
WaitForMultipleObjects
WaitForSingleObject
WideCharToMultiByte
WriteFile

msvcrt

__dllonexit
_amsg_exit
_errno
_exit
_get_osfhandle
_initterm
_iob
_lock
_lseeki64
_onexit
_open_osfhandle
_snwprintf
_vsnprintf
time
localtime
calloc
exit
fclose
ferror
fflush
fopen
fprintf
fputc
fputs
fread
free
fseek
ftell
fwprintf
fwrite
getenv
isspace
malloc
memchr
memcpy
memset
raise
realloc
sprintf
strchr
strcmp
strcpy
strcspn
strerror
strlen
strncmp
strncpy
strpbrk
strrchr
strspn
strtol
strtoul
_stricmp
_strnicmp
_unlock
abort
atoi
vfprintf
wcscpy
_write
_setmode
_read
_putenv
_open
_mkdir
_isatty
_getpid
_getcwd
_fileno
_dup
_close
_chdir
_access

user32

AllowSetForegroundWindow
MessageBoxW

ws2_32

closesocket
connect
htons
inet_addr
send
socket

Exports

Exports

_gpg_w32_bindtextdomain
_gpg_w32_dgettext
_gpg_w32_dngettext
_gpg_w32_gettext
_gpg_w32_gettext_localename
_gpg_w32_gettext_use_utf8
_gpg_w32_textdomain
_gpgrt_get_std_stream
_gpgrt_getc_underflow
_gpgrt_log_assert
_gpgrt_pending
_gpgrt_pending_unlocked
_gpgrt_putc_overflow
_gpgrt_set_std_fd
gpg_err_code_from_errno
gpg_err_code_from_syserror
gpg_err_code_to_errno
gpg_err_deinit
gpg_err_init
gpg_err_set_errno
gpg_error_check_version
gpg_strerror
gpg_strerror_r
gpg_strsource
gpgrt_argparse
gpgrt_asprintf
gpgrt_b64dec_finish
gpgrt_b64dec_proc
gpgrt_b64dec_start
gpgrt_b64enc_finish
gpgrt_b64enc_start
gpgrt_b64enc_write
gpgrt_bsprintf
gpgrt_calloc
gpgrt_chdir
gpgrt_check_version
gpgrt_clearerr
gpgrt_clearerr_unlocked
gpgrt_fclose
gpgrt_fclose_snatch
gpgrt_fdopen
gpgrt_fdopen_nc
gpgrt_feof
gpgrt_feof_unlocked
gpgrt_ferror
gpgrt_ferror_unlocked
gpgrt_fflush
gpgrt_fgetc
gpgrt_fgets
gpgrt_fileno
gpgrt_fileno_unlocked
gpgrt_flockfile
gpgrt_fname_get
gpgrt_fname_set
gpgrt_fopen
gpgrt_fopencookie
gpgrt_fopenmem
gpgrt_fopenmem_init
gpgrt_fpopen
gpgrt_fpopen_nc
gpgrt_fprintf
gpgrt_fprintf_unlocked
gpgrt_fputc
gpgrt_fputs
gpgrt_fputs_unlocked
gpgrt_fread
gpgrt_free
gpgrt_freopen
gpgrt_fseek
gpgrt_fseeko
gpgrt_ftell
gpgrt_ftello
gpgrt_ftrylockfile
gpgrt_funlockfile
gpgrt_fwrite
gpgrt_get_errorcount
gpgrt_get_nonblock
gpgrt_get_syscall_clamp
gpgrt_getcwd
gpgrt_getenv
gpgrt_getline
gpgrt_inc_errorcount
gpgrt_lock_destroy
gpgrt_lock_init
gpgrt_lock_lock
gpgrt_lock_trylock
gpgrt_lock_unlock
gpgrt_log
gpgrt_log_bug
gpgrt_log_clock
gpgrt_log_debug
gpgrt_log_debug_string
gpgrt_log_error
gpgrt_log_fatal
gpgrt_log_flush
gpgrt_log_get_fd
gpgrt_log_get_prefix
gpgrt_log_get_stream
gpgrt_log_info
gpgrt_log_printf
gpgrt_log_printhex
gpgrt_log_set_pid_suffix_cb
gpgrt_log_set_prefix
gpgrt_log_set_sink
gpgrt_log_set_socket_dir_cb
gpgrt_log_string
gpgrt_log_test_fd
gpgrt_logv
gpgrt_logv_prefix
gpgrt_malloc
gpgrt_mkdir
gpgrt_mopen
gpgrt_onclose
gpgrt_opaque_get
gpgrt_opaque_set
gpgrt_poll
gpgrt_printf
gpgrt_printf_unlocked
gpgrt_read
gpgrt_read_line
gpgrt_realloc
gpgrt_rewind
gpgrt_set_alloc_func
gpgrt_set_binary
gpgrt_set_fixed_string_mapper
gpgrt_set_nonblock
gpgrt_set_strusage
gpgrt_set_syscall_clamp
gpgrt_set_usage_outfnc
gpgrt_setbuf
gpgrt_setenv
gpgrt_setvbuf
gpgrt_snprintf
gpgrt_strconcat
gpgrt_strdup
gpgrt_strusage
gpgrt_syshd
gpgrt_syshd_unlocked
gpgrt_sysopen
gpgrt_sysopen_nc
gpgrt_tmpfile
gpgrt_ungetc
gpgrt_usage
gpgrt_vasprintf
gpgrt_vbsprintf
gpgrt_vfprintf
gpgrt_vfprintf_unlocked
gpgrt_vsnprintf
gpgrt_w32_iconv
gpgrt_w32_iconv_close
gpgrt_w32_iconv_open
gpgrt_w32_reg_query_string
gpgrt_write
gpgrt_write_hexstring
gpgrt_write_sanitized
gpgrt_yield

Sections

.text
Size: 112KB - Virtual size: 111KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 448B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 30KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 44B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
libnpth-0.dll
.dll windows:4 windows x86 arch:x86

6e5535e60ee560e808ead377dc8e3f53

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

kernel32

CloseHandle
CreateEventA
CreateMutexA
CreateThread
DeleteCriticalSection
DuplicateHandle
EnterCriticalSection
ExitThread
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetLastError
GetModuleHandleA
GetProcAddress
GetSystemTimeAsFileTime
GetTickCount
InitializeCriticalSection
LeaveCriticalSection
QueryPerformanceCounter
ReleaseMutex
ResetEvent
ResumeThread
SetEvent
SetUnhandledExceptionFilter
Sleep
TerminateProcess
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
UnhandledExceptionFilter
VirtualProtect
VirtualQuery
WaitForMultipleObjects
WaitForSingleObject

msvcrt

__dllonexit
_amsg_exit
_errno
_initterm
_iob
_lock
_onexit
calloc
free
fwrite
malloc
memcpy
memset
strcpy
strlen
strncmp
_unlock
abort
system
vfprintf
_write
_read

ws2_32

WSACloseEvent
WSACreateEvent
WSAEnumNetworkEvents
WSAEventSelect
WSAGetLastError
accept
connect
select

Exports

Exports

npth_accept
npth_attr_destroy
npth_attr_getdetachstate
npth_attr_init
npth_attr_setdetachstate
npth_clock_gettime
npth_cond_broadcast
npth_cond_destroy
npth_cond_init
npth_cond_signal
npth_cond_timedwait
npth_cond_wait
npth_connect
npth_create
npth_detach
npth_eselect
npth_exit
npth_getname_np
npth_getspecific
npth_init
npth_is_protected
npth_join
npth_key_create
npth_key_delete
npth_mutex_destroy
npth_mutex_init
npth_mutex_lock
npth_mutex_timedlock
npth_mutex_trylock
npth_mutex_unlock
npth_mutexattr_destroy
npth_mutexattr_gettype
npth_mutexattr_init
npth_mutexattr_settype
npth_protect
npth_read
npth_recvmsg
npth_rwlock_destroy
npth_rwlock_init
npth_rwlock_rdlock
npth_rwlock_timedrdlock
npth_rwlock_timedwrlock
npth_rwlock_tryrdlock
npth_rwlock_trywrlock
npth_rwlock_unlock
npth_rwlock_wrlock
npth_rwlockattr_destroy
npth_rwlockattr_gettype_np
npth_rwlockattr_init
npth_rwlockattr_settype_np
npth_select
npth_self
npth_sendmsg
npth_setname_np
npth_setspecific
npth_sleep
npth_system
npth_unprotect
npth_usleep
npth_waitpid
npth_write

Sections

.text
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 28B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 5KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 44B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 812B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
libsqlite3-0.dll
.dll windows:4 windows x86 arch:x86

761819ef29ce76fc66708b9a4421ee9a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

kernel32

AreFileApisANSI
CloseHandle
CreateFileA
CreateFileMappingA
CreateFileMappingW
CreateFileW
CreateMutexW
DeleteCriticalSection
DeleteFileA
DeleteFileW
EnterCriticalSection
FlushFileBuffers
FlushViewOfFile
FormatMessageA
FormatMessageW
FreeLibrary
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetDiskFreeSpaceA
GetDiskFreeSpaceW
GetFileAttributesA
GetFileAttributesExW
GetFileAttributesW
GetFileSize
GetFullPathNameA
GetFullPathNameW
GetLastError
GetModuleHandleA
GetProcAddress
GetProcessHeap
GetSystemInfo
GetSystemTime
GetSystemTimeAsFileTime
GetTempPathA
GetTempPathW
GetTickCount
GetVersionExA
GetVersionExW
HeapAlloc
HeapCompact
HeapCreate
HeapDestroy
HeapFree
HeapReAlloc
HeapSize
HeapValidate
InitializeCriticalSection
InterlockedCompareExchange
LeaveCriticalSection
LoadLibraryA
LoadLibraryW
LocalFree
LockFile
LockFileEx
MapViewOfFile
MultiByteToWideChar
OutputDebugStringA
OutputDebugStringW
QueryPerformanceCounter
ReadFile
SetEndOfFile
SetFilePointer
SetUnhandledExceptionFilter
Sleep
SystemTimeToFileTime
TerminateProcess
TlsGetValue
TryEnterCriticalSection
UnhandledExceptionFilter
UnlockFile
UnlockFileEx
UnmapViewOfFile
VirtualProtect
VirtualQuery
WaitForSingleObject
WaitForSingleObjectEx
WideCharToMultiByte
WriteFile

msvcrt

__dllonexit
_amsg_exit
_beginthreadex
_endthreadex
_initterm
_iob
_lock
_onexit
calloc
free
fwrite
localtime
malloc
memcmp
memcpy
memmove
memset
qsort
realloc
strcmp
strlen
strncmp
_unlock
abort
vfprintf

Exports

Exports

sqlite3_aggregate_context
sqlite3_aggregate_count
sqlite3_auto_extension
sqlite3_backup_finish
sqlite3_backup_init
sqlite3_backup_pagecount
sqlite3_backup_remaining
sqlite3_backup_step
sqlite3_bind_blob
sqlite3_bind_blob64
sqlite3_bind_double
sqlite3_bind_int
sqlite3_bind_int64
sqlite3_bind_null
sqlite3_bind_parameter_count
sqlite3_bind_parameter_index
sqlite3_bind_parameter_name
sqlite3_bind_text
sqlite3_bind_text16
sqlite3_bind_text64
sqlite3_bind_value
sqlite3_bind_zeroblob
sqlite3_bind_zeroblob64
sqlite3_blob_bytes
sqlite3_blob_close
sqlite3_blob_open
sqlite3_blob_read
sqlite3_blob_reopen
sqlite3_blob_write
sqlite3_busy_handler
sqlite3_busy_timeout
sqlite3_cancel_auto_extension
sqlite3_changes
sqlite3_clear_bindings
sqlite3_close
sqlite3_close_v2
sqlite3_collation_needed
sqlite3_collation_needed16
sqlite3_column_blob
sqlite3_column_bytes
sqlite3_column_bytes16
sqlite3_column_count
sqlite3_column_decltype
sqlite3_column_decltype16
sqlite3_column_double
sqlite3_column_int
sqlite3_column_int64
sqlite3_column_name
sqlite3_column_name16
sqlite3_column_text
sqlite3_column_text16
sqlite3_column_type
sqlite3_column_value
sqlite3_commit_hook
sqlite3_compileoption_get
sqlite3_compileoption_used
sqlite3_complete
sqlite3_complete16
sqlite3_config
sqlite3_context_db_handle
sqlite3_create_collation
sqlite3_create_collation16
sqlite3_create_collation_v2
sqlite3_create_function
sqlite3_create_function16
sqlite3_create_function_v2
sqlite3_create_module
sqlite3_create_module_v2
sqlite3_data_count
sqlite3_data_directory
sqlite3_db_cacheflush
sqlite3_db_config
sqlite3_db_filename
sqlite3_db_handle
sqlite3_db_mutex
sqlite3_db_readonly
sqlite3_db_release_memory
sqlite3_db_status
sqlite3_declare_vtab
sqlite3_enable_load_extension
sqlite3_enable_shared_cache
sqlite3_errcode
sqlite3_errmsg
sqlite3_errmsg16
sqlite3_errstr
sqlite3_exec
sqlite3_expired
sqlite3_extended_errcode
sqlite3_extended_result_codes
sqlite3_file_control
sqlite3_finalize
sqlite3_free
sqlite3_free_table
sqlite3_get_autocommit
sqlite3_get_auxdata
sqlite3_get_table
sqlite3_global_recover
sqlite3_initialize
sqlite3_interrupt
sqlite3_last_insert_rowid
sqlite3_libversion
sqlite3_libversion_number
sqlite3_limit
sqlite3_load_extension
sqlite3_log
sqlite3_malloc
sqlite3_malloc64
sqlite3_memory_alarm
sqlite3_memory_highwater
sqlite3_memory_used
sqlite3_mprintf
sqlite3_msize
sqlite3_mutex_alloc
sqlite3_mutex_enter
sqlite3_mutex_free
sqlite3_mutex_leave
sqlite3_mutex_try
sqlite3_next_stmt
sqlite3_open
sqlite3_open16
sqlite3_open_v2
sqlite3_os_end
sqlite3_os_init
sqlite3_overload_function
sqlite3_prepare
sqlite3_prepare16
sqlite3_prepare16_v2
sqlite3_prepare_v2
sqlite3_profile
sqlite3_progress_handler
sqlite3_randomness
sqlite3_realloc
sqlite3_realloc64
sqlite3_release_memory
sqlite3_reset
sqlite3_reset_auto_extension
sqlite3_result_blob
sqlite3_result_blob64
sqlite3_result_double
sqlite3_result_error
sqlite3_result_error16
sqlite3_result_error_code
sqlite3_result_error_nomem
sqlite3_result_error_toobig
sqlite3_result_int
sqlite3_result_int64
sqlite3_result_null
sqlite3_result_subtype
sqlite3_result_text
sqlite3_result_text16
sqlite3_result_text16be
sqlite3_result_text16le
sqlite3_result_text64
sqlite3_result_value
sqlite3_result_zeroblob
sqlite3_result_zeroblob64
sqlite3_rollback_hook
sqlite3_rtree_geometry_callback
sqlite3_rtree_query_callback
sqlite3_set_authorizer
sqlite3_set_auxdata
sqlite3_shutdown
sqlite3_sleep
sqlite3_snprintf
sqlite3_soft_heap_limit
sqlite3_soft_heap_limit64
sqlite3_sourceid
sqlite3_sql
sqlite3_status
sqlite3_status64
sqlite3_step
sqlite3_stmt_busy
sqlite3_stmt_readonly
sqlite3_stmt_status
sqlite3_strglob
sqlite3_stricmp
sqlite3_strlike
sqlite3_strnicmp
sqlite3_system_errno
sqlite3_table_column_metadata
sqlite3_temp_directory
sqlite3_test_control
sqlite3_thread_cleanup
sqlite3_threadsafe
sqlite3_total_changes
sqlite3_trace
sqlite3_transfer_bindings
sqlite3_update_hook
sqlite3_uri_boolean
sqlite3_uri_int64
sqlite3_uri_parameter
sqlite3_user_data
sqlite3_value_blob
sqlite3_value_bytes
sqlite3_value_bytes16
sqlite3_value_double
sqlite3_value_dup
sqlite3_value_free
sqlite3_value_int
sqlite3_value_int64
sqlite3_value_numeric_type
sqlite3_value_subtype
sqlite3_value_text
sqlite3_value_text16
sqlite3_value_text16be
sqlite3_value_text16le
sqlite3_value_type
sqlite3_version
sqlite3_vfs_find
sqlite3_vfs_register
sqlite3_vfs_unregister
sqlite3_vmprintf
sqlite3_vsnprintf
sqlite3_vtab_config
sqlite3_vtab_on_conflict
sqlite3_wal_autocheckpoint
sqlite3_wal_checkpoint
sqlite3_wal_checkpoint_v2
sqlite3_wal_hook
sqlite3_win32_is_nt
sqlite3_win32_mbcs_to_utf8
sqlite3_win32_set_directory
sqlite3_win32_sleep
sqlite3_win32_utf8_to_mbcs
sqlite3_win32_write_debug

Sections

.text
Size: 712KB - Virtual size: 712KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 50KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 44B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
trkop.vbs
.vbs
yin1abtn.cq124aqq
zapa.bat
zlib1.dll
.dll windows:4 windows x86 arch:x86

14fd1c643e4c2b92b5a6b5bd6e498f67

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

kernel32

DeleteCriticalSection
EnterCriticalSection
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetLastError
GetModuleHandleA
GetProcAddress
GetSystemTimeAsFileTime
GetTickCount
InitializeCriticalSection
LeaveCriticalSection
QueryPerformanceCounter
SetUnhandledExceptionFilter
Sleep
TerminateProcess
TlsGetValue
UnhandledExceptionFilter
VirtualProtect
VirtualQuery

msvcrt

__dllonexit
_amsg_exit
_errno
_initterm
_iob
_lock
_lseeki64
_onexit
_vsnprintf
calloc
free
fwrite
malloc
memchr
memcpy
memset
strerror
strlen
strncmp
_unlock
_wopen
abort
vfprintf
wcstombs
_write
_read
_open
_close

Exports

Exports

adler32
adler32_combine
adler32_combine64
compress
compress2
compressBound
crc32
crc32_combine
crc32_combine64
deflate
deflateBound
deflateCopy
deflateEnd
deflateInit2_
deflateInit_
deflateParams
deflatePending
deflatePrime
deflateReset
deflateResetKeep
deflateSetDictionary
deflateSetHeader
deflateTune
get_crc_table
gzbuffer
gzclearerr
gzclose
gzclose_r
gzclose_w
gzdirect
gzdopen
gzeof
gzerror
gzflush
gzgetc
gzgetc_
gzgets
gzoffset
gzoffset64
gzopen
gzopen64
gzopen_w
gzprintf
gzputc
gzputs
gzread
gzrewind
gzseek
gzseek64
gzsetparams
gztell
gztell64
gzungetc
gzvprintf
gzwrite
inflate
inflateBack
inflateBackEnd
inflateBackInit_
inflateCopy
inflateEnd
inflateGetDictionary
inflateGetHeader
inflateInit2_
inflateInit_
inflateMark
inflatePrime
inflateReset
inflateReset2
inflateResetKeep
inflateSetDictionary
inflateSync
inflateSyncPoint
inflateUndermine
uncompress
zError
zlibCompileFlags
zlibVersion

Sections

.text
Size: 70KB - Virtual size: 70KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 88B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 44B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 904B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8d17a97aa0c6272cdc09bde220932b9f

Headers

File Characteristics

Imports

libassuan-0

libgcrypt-20

libgpg-error-0

libsqlite3-0

zlib1

advapi32

kernel32

msvcrt

user32

ws2_32

Sections

.text Size: 893KB - Virtual size: 892KB

.data Size: 11KB - Virtual size: 11KB

.rdata Size: 166KB - Virtual size: 165KB

.bss Size: - Virtual size: 6KB

.idata Size: 11KB - Virtual size: 11KB

.CRT Size: 512B - Virtual size: 52B

.tls Size: 512B - Virtual size: 32B

.rsrc Size: 12KB - Virtual size: 12KB

560cf3b5dbb5cb0d25a624c6d4fb0e98

Headers

File Characteristics

Imports

libgcrypt-20

libgpg-error-0

advapi32

kernel32

msvcrt

user32

ws2_32

Sections

.text Size: 108KB - Virtual size: 107KB

.data Size: 9KB - Virtual size: 8KB

.rdata Size: 22KB - Virtual size: 21KB

.bss Size: - Virtual size: 2KB

.idata Size: 6KB - Virtual size: 5KB

.CRT Size: 512B - Virtual size: 52B

.tls Size: 512B - Virtual size: 32B

1f4705c612c22f5b8d6acb36e898c5e6

Headers

File Characteristics

Imports

libgpg-error-0

advapi32

kernel32

msvcrt

user32

ws2_32

Exports

Exports

Sections

.text Size: 52KB - Virtual size: 52KB

.data Size: 512B - Virtual size: 348B

.rdata Size: 7KB - Virtual size: 7KB

.bss Size: - Virtual size: 1KB

.edata Size: 3KB - Virtual size: 3KB

.idata Size: 3KB - Virtual size: 3KB

.CRT Size: 512B - Virtual size: 44B

.tls Size: 512B - Virtual size: 32B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 2KB - Virtual size: 1KB

f8b2130d8495f2d334f8aed0a9ed26ec

Headers

File Characteristics

Imports

libgpg-error-0

advapi32

kernel32

msvcrt

user32

Exports

.text
Size: 893KB - Virtual size: 892KB

.data
Size: 11KB - Virtual size: 11KB

.rdata
Size: 166KB - Virtual size: 165KB

.bss
Size: - Virtual size: 6KB

.idata
Size: 11KB - Virtual size: 11KB

.CRT
Size: 512B - Virtual size: 52B

.tls
Size: 512B - Virtual size: 32B

.rsrc
Size: 12KB - Virtual size: 12KB

.text
Size: 108KB - Virtual size: 107KB

.data
Size: 9KB - Virtual size: 8KB

.rdata
Size: 22KB - Virtual size: 21KB

.bss
Size: - Virtual size: 2KB

.idata
Size: 6KB - Virtual size: 5KB

.CRT
Size: 512B - Virtual size: 52B

.tls
Size: 512B - Virtual size: 32B

.text
Size: 52KB - Virtual size: 52KB

.data
Size: 512B - Virtual size: 348B

.rdata
Size: 7KB - Virtual size: 7KB

.bss
Size: - Virtual size: 1KB

.edata
Size: 3KB - Virtual size: 3KB

.idata
Size: 3KB - Virtual size: 3KB

.CRT
Size: 512B - Virtual size: 44B

.tls
Size: 512B - Virtual size: 32B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 2KB - Virtual size: 1KB

.text
Size: 746KB - Virtual size: 746KB

.data
Size: 26KB - Virtual size: 25KB

.rdata
Size: 169KB - Virtual size: 168KB

.bss
Size: - Virtual size: 1KB

.edata
Size: 6KB - Virtual size: 5KB

.idata
Size: 4KB - Virtual size: 3KB

.CRT
Size: 512B - Virtual size: 44B

.tls
Size: 512B - Virtual size: 32B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 19KB - Virtual size: 18KB

.text
Size: 112KB - Virtual size: 111KB

.data
Size: 512B - Virtual size: 448B

.rdata
Size: 30KB - Virtual size: 29KB

.bss
Size: - Virtual size: 1KB

.edata
Size: 4KB - Virtual size: 4KB

.idata
Size: 4KB - Virtual size: 3KB

.CRT
Size: 512B - Virtual size: 44B

.tls
Size: 512B - Virtual size: 32B

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 6KB - Virtual size: 6KB

.text
Size: 15KB - Virtual size: 15KB

.data
Size: 512B - Virtual size: 28B

.rdata
Size: 1KB - Virtual size: 1KB

.bss
Size: - Virtual size: 5KB

.edata
Size: 2KB - Virtual size: 1KB

.idata
Size: 2KB - Virtual size: 1KB

.CRT
Size: 512B - Virtual size: 44B

.tls
Size: 512B - Virtual size: 32B

.reloc
Size: 1024B - Virtual size: 812B

.text
Size: 712KB - Virtual size: 712KB

.data
Size: 4KB - Virtual size: 4KB

.rdata
Size: 50KB - Virtual size: 50KB

.bss
Size: - Virtual size: 2KB

.edata
Size: 7KB - Virtual size: 6KB

.idata
Size: 3KB - Virtual size: 2KB

.CRT
Size: 512B - Virtual size: 44B

.tls
Size: 512B - Virtual size: 32B