Servidor1[.]650b[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

Servidor1.650b.zip
Size

2.3MB
MD5

201e3b9e07c1733a4f81d2afcfca1558
SHA1

7d0bdcc9e6795b717a35f08a6f72c8f13f59d7f7
SHA256

efaac1ed4192f97139449bd04e153b1c6fc8c962ea3dfa5d2b3dfcd3ffb954aa
SHA512

5f5fdeb6efda308093087adec5d6a5322931e6c7ba9663b1e9a0a3b0b55de9309e55b31a2834c6c98b1b4c26ce6958b1ef74e5e6f100c352464355c8ad670ed8
SSDEEP

49152:2COX1PLHALNIDvV+xCy0v5y1M7Ta0R41HpGkXCURdS4OluUm:2Cfikcy0vE67QNpGMCW/Oluh

Score

3^/10

Malware Config

Signatures

Unsigned PE 12 IoCs

Checks for missing Authenticode signature.

resource
unpack001/app/FreeImage.dll
unpack001/app/escaner.exe
unpack001/escdet.dat
unpack001/escdll.dll
unpack001/esclavohw.osf
unpack001/esclax0.osf
unpack001/escmult.osf
unpack001/escsrv.osf
unpack001/escvar.osf
unpack001/monitor.exe
unpack001/serinter.exe
unpack001/servidor.exe

Files

Servidor1.650b.zip
.zip
LEEME.TXT
_alarma.wav
_beep.wav
app/FreeImage.dll
.dll windows:5 windows x86 arch:x86

52f4a941e787c1ed5083e361d825dd84

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

FreeLibrary
GetProcAddress
LoadLibraryA
SetCurrentDirectoryA
GetModuleFileNameA
GetCurrentDirectoryA
IsBadReadPtr
OutputDebugStringA
SetEndOfFile
SetEnvironmentVariableA
CompareStringW
CompareStringA
GetLocaleInfoW
QueryPerformanceCounter
QueryPerformanceFrequency
InterlockedIncrement
InterlockedDecrement
WideCharToMultiByte
Sleep
InterlockedExchange
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
MultiByteToWideChar
GetLastError
HeapFree
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RaiseException
HeapAlloc
RtlUnwind
HeapReAlloc
FindClose
FileTimeToSystemTime
FileTimeToLocalFileTime
FindFirstFileA
FindNextFileA
DeleteFileA
MoveFileA
GetCurrentThreadId
GetCommandLineA
GetModuleHandleW
ExitProcess
LCMapStringA
LCMapStringW
GetCPInfo
HeapSize
HeapCreate
HeapDestroy
VirtualFree
VirtualAlloc
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
WriteFile
GetStdHandle
GetACP
GetOEMCP
IsValidCodePage
GetModuleHandleA
ReadFile
GetConsoleCP
GetConsoleMode
SetFilePointer
SetHandleCount
GetFileType
GetStartupInfoA
CloseHandle
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
GetTimeZoneInformation
InitializeCriticalSectionAndSpinCount
FlushFileBuffers
GetLocaleInfoA
GetStringTypeA
GetStringTypeW
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
CreateFileW
GetProcessHeap

ws2_32

htonl
ntohs
htons
ntohl

Exports

Exports

?FreeImage_AllocateHeader@@YGPAUFIBITMAP@@JHHHIII@Z
?FreeImage_AllocateHeaderT@@YGPAUFIBITMAP@@JW4FREE_IMAGE_TYPE@@HHHIII@Z
FreeImage_OutputMessageProc
_FreeImage_AcquireMemory@12
_FreeImage_AdjustBrightness@12
_FreeImage_AdjustColors@32
_FreeImage_AdjustContrast@12
_FreeImage_AdjustCurve@12
_FreeImage_AdjustGamma@12
_FreeImage_Allocate@24
_FreeImage_AllocateEx@36
_FreeImage_AllocateExT@40
_FreeImage_AllocateT@28
_FreeImage_AppendPage@8
_FreeImage_ApplyColorMapping@24
_FreeImage_ApplyPaletteIndexMapping@20
_FreeImage_Clone@4
_FreeImage_CloneMetadata@8
_FreeImage_CloneTag@4
_FreeImage_CloseMemory@4
_FreeImage_CloseMultiBitmap@8
_FreeImage_ColorQuantize@8
_FreeImage_ColorQuantizeEx@20
_FreeImage_Composite@16
_FreeImage_ConvertFromRawBits@36
_FreeImage_ConvertLine16To24_555@12
_FreeImage_ConvertLine16To24_565@12
_FreeImage_ConvertLine16To32_555@12
_FreeImage_ConvertLine16To32_565@12
_FreeImage_ConvertLine16To4_555@12
_FreeImage_ConvertLine16To4_565@12
_FreeImage_ConvertLine16To8_555@12
_FreeImage_ConvertLine16To8_565@12
_FreeImage_ConvertLine16_555_To16_565@12
_FreeImage_ConvertLine16_565_To16_555@12
_FreeImage_ConvertLine1To16_555@16
_FreeImage_ConvertLine1To16_565@16
_FreeImage_ConvertLine1To24@16
_FreeImage_ConvertLine1To32@16
_FreeImage_ConvertLine1To4@12
_FreeImage_ConvertLine1To8@12
_FreeImage_ConvertLine24To16_555@12
_FreeImage_ConvertLine24To16_565@12
_FreeImage_ConvertLine24To32@12
_FreeImage_ConvertLine24To4@12
_FreeImage_ConvertLine24To8@12
_FreeImage_ConvertLine32To16_555@12
_FreeImage_ConvertLine32To16_565@12
_FreeImage_ConvertLine32To24@12
_FreeImage_ConvertLine32To4@12
_FreeImage_ConvertLine32To8@12
_FreeImage_ConvertLine4To16_555@16
_FreeImage_ConvertLine4To16_565@16
_FreeImage_ConvertLine4To24@16
_FreeImage_ConvertLine4To32@16
_FreeImage_ConvertLine4To8@12
_FreeImage_ConvertLine8To16_555@16
_FreeImage_ConvertLine8To16_565@16
_FreeImage_ConvertLine8To24@16
_FreeImage_ConvertLine8To32@16
_FreeImage_ConvertLine8To4@16
_FreeImage_ConvertTo16Bits555@4
_FreeImage_ConvertTo16Bits565@4
_FreeImage_ConvertTo24Bits@4
_FreeImage_ConvertTo32Bits@4
_FreeImage_ConvertTo4Bits@4
_FreeImage_ConvertTo8Bits@4
_FreeImage_ConvertToFloat@4
_FreeImage_ConvertToGreyscale@4
_FreeImage_ConvertToRGBF@4
_FreeImage_ConvertToRawBits@32
_FreeImage_ConvertToStandardType@8
_FreeImage_ConvertToType@12
_FreeImage_Copy@20
_FreeImage_CreateICCProfile@12
_FreeImage_CreateTag@0
_FreeImage_DeInitialise@0
_FreeImage_DeletePage@8
_FreeImage_DeleteTag@4
_FreeImage_DestroyICCProfile@4
_FreeImage_Dither@8
_FreeImage_EnlargeCanvas@28
_FreeImage_FIFSupportsExportBPP@8
_FreeImage_FIFSupportsExportType@8
_FreeImage_FIFSupportsICCProfiles@4
_FreeImage_FIFSupportsNoPixels@4
_FreeImage_FIFSupportsReading@4
_FreeImage_FIFSupportsWriting@4
_FreeImage_FillBackground@12
_FreeImage_FindCloseMetadata@4
_FreeImage_FindFirstMetadata@12
_FreeImage_FindNextMetadata@8
_FreeImage_FlipHorizontal@4
_FreeImage_FlipVertical@4
_FreeImage_GetAdjustColorsLookupTable@32
_FreeImage_GetBPP@4
_FreeImage_GetBackgroundColor@8
_FreeImage_GetBits@4
_FreeImage_GetBlueMask@4
_FreeImage_GetChannel@8
_FreeImage_GetColorType@4
_FreeImage_GetColorsUsed@4
_FreeImage_GetComplexChannel@8
_FreeImage_GetCopyrightMessage@0
_FreeImage_GetDIBSize@4
_FreeImage_GetDotsPerMeterX@4
_FreeImage_GetDotsPerMeterY@4
_FreeImage_GetFIFCount@0
_FreeImage_GetFIFDescription@4
_FreeImage_GetFIFExtensionList@4
_FreeImage_GetFIFFromFilename@4
_FreeImage_GetFIFFromFilenameU@4
_FreeImage_GetFIFFromFormat@4
_FreeImage_GetFIFFromMime@4
_FreeImage_GetFIFMimeType@4
_FreeImage_GetFIFRegExpr@4
_FreeImage_GetFileType@8
_FreeImage_GetFileTypeFromHandle@12
_FreeImage_GetFileTypeFromMemory@8
_FreeImage_GetFileTypeU@8
_FreeImage_GetFormatFromFIF@4
_FreeImage_GetGreenMask@4
_FreeImage_GetHeight@4
_FreeImage_GetHistogram@12
_FreeImage_GetICCProfile@4
_FreeImage_GetImageType@4
_FreeImage_GetInfo@4
_FreeImage_GetInfoHeader@4
_FreeImage_GetLine@4
_FreeImage_GetLockedPageNumbers@12
_FreeImage_GetMetadata@16
_FreeImage_GetMetadataCount@8
_FreeImage_GetPageCount@4
_FreeImage_GetPalette@4
_FreeImage_GetPitch@4
_FreeImage_GetPixelColor@16
_FreeImage_GetPixelIndex@16
_FreeImage_GetRedMask@4
_FreeImage_GetScanLine@8
_FreeImage_GetTagCount@4
_FreeImage_GetTagDescription@4
_FreeImage_GetTagID@4
_FreeImage_GetTagKey@4
_FreeImage_GetTagLength@4
_FreeImage_GetTagType@4
_FreeImage_GetTagValue@4
_FreeImage_GetTransparencyCount@4
_FreeImage_GetTransparencyTable@4
_FreeImage_GetTransparentIndex@4
_FreeImage_GetVersion@0
_FreeImage_GetWidth@4
_FreeImage_HasBackgroundColor@4
_FreeImage_HasPixels@4
_FreeImage_Initialise@4
_FreeImage_InsertPage@12
_FreeImage_Invert@4
_FreeImage_IsLittleEndian@0
_FreeImage_IsPluginEnabled@4
_FreeImage_IsTransparent@4
_FreeImage_JPEGCrop@24
_FreeImage_JPEGCropU@24
_FreeImage_JPEGTransform@16
_FreeImage_JPEGTransformU@16
_FreeImage_Load@12
_FreeImage_LoadFromHandle@16
_FreeImage_LoadFromMemory@12
_FreeImage_LoadMultiBitmapFromMemory@12
_FreeImage_LoadU@12
_FreeImage_LockPage@8
_FreeImage_LookupSVGColor@16
_FreeImage_LookupX11Color@16
_FreeImage_MakeThumbnail@12
_FreeImage_MovePage@12
_FreeImage_MultigridPoissonSolver@8
_FreeImage_OpenMemory@8
_FreeImage_OpenMultiBitmap@24
_FreeImage_OpenMultiBitmapFromHandle@16
_FreeImage_Paste@20
_FreeImage_PreMultiplyWithAlpha@4
_FreeImage_ReadMemory@16
_FreeImage_RegisterExternalPlugin@20
_FreeImage_RegisterLocalPlugin@20
_FreeImage_Rescale@16
_FreeImage_Rotate@16
_FreeImage_RotateClassic@12
_FreeImage_RotateEx@48
_FreeImage_Save@16
_FreeImage_SaveMultiBitmapToHandle@20
_FreeImage_SaveMultiBitmapToMemory@16
_FreeImage_SaveToHandle@20
_FreeImage_SaveToMemory@16
_FreeImage_SaveU@16
_FreeImage_SeekMemory@12
_FreeImage_SetBackgroundColor@8
_FreeImage_SetChannel@12
_FreeImage_SetComplexChannel@12
_FreeImage_SetDotsPerMeterX@8
_FreeImage_SetDotsPerMeterY@8
_FreeImage_SetMetadata@16
_FreeImage_SetOutputMessage@4
_FreeImage_SetOutputMessageStdCall@4
_FreeImage_SetPixelColor@16
_FreeImage_SetPixelIndex@16
_FreeImage_SetPluginEnabled@8
_FreeImage_SetTagCount@8
_FreeImage_SetTagDescription@8
_FreeImage_SetTagID@8
_FreeImage_SetTagKey@8
_FreeImage_SetTagLength@8
_FreeImage_SetTagType@8
_FreeImage_SetTagValue@8
_FreeImage_SetTransparencyTable@12
_FreeImage_SetTransparent@8
_FreeImage_SetTransparentIndex@8
_FreeImage_SwapColors@16
_FreeImage_SwapPaletteIndices@12
_FreeImage_TagToString@12
_FreeImage_TellMemory@4
_FreeImage_Threshold@8
_FreeImage_TmoDrago03@20
_FreeImage_TmoFattal02@20
_FreeImage_TmoReinhard05@20
_FreeImage_TmoReinhard05Ex@36
_FreeImage_ToneMapping@24
_FreeImage_Unload@4
_FreeImage_UnlockPage@12
_FreeImage_WriteMemory@16
_FreeImage_ZLibCRC32@12
_FreeImage_ZLibCompress@16
_FreeImage_ZLibGUnzip@16
_FreeImage_ZLibGZip@16
_FreeImage_ZLibUncompress@16

Sections

.text
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 850KB - Virtual size: 850KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 47KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 60KB - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
app/TWAINDSM.dll
.dll windows:5 windows x86 arch:x86

c73771c086e276497a262d7b21181163

Code Sign

70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bf
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

29/01/1996, 00:00

Not After

01/08/2028, 23:59

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

74:9b:9d:de:52:e0:1c:c6:d3:36:47:8a:b2:1a:59:6f
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

09/07/2008, 00:00

Not After

09/07/2011, 23:59

Subject

CN=The TWAIN Working Group,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=The TWAIN Working Group,L=Aptos,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

1e:01:d5:c2:a7:94:01:7b:ed:83:e1:c0:3c:de:a5:ee:06:48:67:0f
Signer

Actual PE Digest

1e:01:d5:c2:a7:94:01:7b:ed:83:e1:c0:3c:de:a5:ee:06:48:67:0f

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\Source\SourceForge TWAIN-DSM\TWAIN_DSM\visual_studio\Release08_32\TWAINDSM.pdb

Imports

kernel32

GlobalLock
GlobalUnlock
GetProcAddress
VirtualProtect
VirtualQuery
IsBadReadPtr
FreeLibrary
GetModuleHandleA
LoadLibraryExA
SetLastError
GetLastError
LoadLibraryA
GetEnvironmentVariableA
GetCurrentThreadId
GlobalFree
ReadFile
GetProcessHeap
SetEndOfFile
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetUserDefaultLangID
GlobalAlloc
MultiByteToWideChar
FindFirstFileA
FindNextFileA
FindClose
GetLocalTime
GetWindowsDirectoryA
RtlUnwind
HeapReAlloc
HeapAlloc
HeapFree
SetEnvironmentVariableA
GetCurrentDirectoryA
SetCurrentDirectoryA
GetDriveTypeA
GetFullPathNameA
EnterCriticalSection
LeaveCriticalSection
GetCommandLineA
RaiseException
GetModuleHandleW
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
InterlockedDecrement
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
DeleteCriticalSection
HeapCreate
HeapDestroy
VirtualFree
VirtualAlloc
Sleep
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
CloseHandle
WriteFile
WideCharToMultiByte
GetConsoleCP
GetConsoleMode
FlushFileBuffers
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
ExitProcess
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
HeapSize
InitializeCriticalSectionAndSpinCount
SetFilePointer
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA

user32

DialogBoxParamW
EnumChildWindows
SetWindowTextW
GetDlgItem
EnableWindow
GetClientRect
GetWindowRect
ClientToScreen
MoveWindow
EndDialog
SendMessageA
MessageBoxA
PostMessageA

gdi32

CreateFontIndirectA

advapi32

RegQueryValueExA
RegCreateKeyExA
RegSetValueExA
RegCloseKey
RegOpenKeyExA

Exports

Exports

DSM_Entry

Sections

.text
Size: 91KB - Virtual size: 90KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
app/escaner.exe
.exe windows:4 windows x86 arch:x86

0baee55e77f0d5a00aa445576803582b

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateFileA
GetLocaleInfoW
GetConsoleOutputCP
WriteConsoleA
IsValidCodePage
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
GetStringTypeW
GetStringTypeA
GetLocaleInfoA
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetOEMCP
GetACP
GetModuleFileNameA
GetConsoleMode
GetConsoleCP
SetHandleCount
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
GetCPInfo
LCMapStringW
LCMapStringA
HeapReAlloc
HeapSize
GetStartupInfoA
GetProcessHeap
GetVersionExA
GetCommandLineA
HeapAlloc
GetStdHandle
GetFileType
WriteConsoleW
SetConsoleCtrlHandler
ExitProcess
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
HeapFree
RtlUnwind
RaiseException
InterlockedExchange
Sleep
LoadLibraryW
SetEndOfFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
CreateFileW
GetCurrentProcess
GlobalFlags
lstrcmpW
lstrcmpiW
GetProcessVersion
GetModuleHandleA
lstrcatW
DeleteFileA
GlobalAddAtomW
GlobalFindAtomW
GlobalDeleteAtom
lstrcpyW
GetModuleHandleW
GetCurrentThreadId
CloseHandle
MultiByteToWideChar
WideCharToMultiByte
InterlockedIncrement
GetVersion
lstrlenW
InterlockedDecrement
TlsGetValue
LocalReAlloc
TlsSetValue
EnterCriticalSection
GlobalReAlloc
LeaveCriticalSection
TlsFree
GlobalHandle
DeleteCriticalSection
TlsAlloc
InitializeCriticalSection
LocalAlloc
lstrcpynW
SetLastError
FormatMessageW
LocalFree
CreateMutexA
GetLastError
FindFirstFileA
FindClose
LoadLibraryA
GetModuleFileNameW
GetProcAddress
GlobalUnlock
GlobalLock
GlobalFree
GlobalAlloc
SetStdHandle
FreeLibrary

user32

GrayStringW
DrawTextW
TabbedTextOutW
DestroyMenu
ClientToScreen
PtInRect
GetClassNameW
GetDC
ReleaseDC
GetSysColorBrush
LoadCursorW
SetWindowTextW
LoadIconW
MapWindowPoints
GetSysColor
SetFocus
AdjustWindowRectEx
GetClientRect
CopyRect
ShowWindow
CreateWindowExA
DestroyWindow
DispatchMessageA
GetMessageA
TranslateMessage
GetTopWindow
GetCapture
WinHelpW
GetClassInfoW
RegisterClassW
GetMenu
GetMenuItemCount
GetSubMenu
GetMenuItemID
GetDesktopWindow
DefWindowProcA
GetDlgItem
GetWindowTextW
GetDlgCtrlID
DefWindowProcW
CreateWindowExW
SetPropW
GetPropW
CallWindowProcW
RemovePropW
GetMessageTime
GetMessagePos
GetForegroundWindow
SetForegroundWindow
GetWindow
SetWindowLongW
SetWindowPos
RegisterWindowMessageW
SystemParametersInfoW
IsIconic
GetWindowPlacement
GetWindowRect
GetSystemMetrics
GetMenuCheckMarkDimensions
LoadBitmapW
GetMenuState
ModifyMenuW
SetMenuItemBitmaps
CheckMenuItem
EnableMenuItem
GetFocus
GetNextDlgTabItem
DispatchMessageW
GetKeyState
CallNextHookEx
PeekMessageW
SetWindowsHookExW
LoadStringW
UnhookWindowsHookEx
GetParent
GetLastActivePopup
IsWindowEnabled
GetWindowLongW
SendMessageW
EnableWindow
MessageBoxW
RegisterClassA
PostQuitMessage
SetTimer
PostMessageW

gdi32

OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
SetBkColor
SetViewportOrgEx
PtVisible
RectVisible
TextOutW
ExtTextOutW
Escape
GetObjectW
GetDeviceCaps
DeleteObject
DeleteDC
SaveDC
RestoreDC
SelectObject
SetMapMode
GetStockObject
CreateBitmap
GetClipBox
SetTextColor

winspool.drv

ClosePrinter
DocumentPropertiesW
OpenPrinterW

freeimage

_FreeImage_Initialise@4
_FreeImage_SetOutputMessage@4
_FreeImage_GetFormatFromFIF@4
_FreeImage_DeInitialise@0

comctl32

ord17

wintrust

WinVerifyTrust

Sections

.text
Size: 172KB - Virtual size: 171KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 44KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
app/freeimage-license.txt
app/twain-license.txt
config/_impresora.txt
config/_reportecajero.txt
config/cupones/_fondo.bmp
config/cupones/_texto.bmp
config/estadisticas/barra.bmp
config/estadisticas/estadisticas.htm
datosimpresora.txt
escdet.dat
.exe windows:6 windows x86 arch:x86

67720c8ba0dd0cac6d61364096add04a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\winddk\5600\src\usb\usb-osf\objfre_wxp_x86\i386\usbview.pdb

Imports

kernel32

UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
GetModuleHandleA
RtlUnwind
GetStartupInfoA
InterlockedCompareExchange
Sleep
InterlockedExchange
CreateFileA
CloseHandle
DeviceIoControl
WideCharToMultiByte
GlobalAlloc
QueryPerformanceCounter
GlobalFree
SetUnhandledExceptionFilter

user32

wsprintfA

msvcrt

_amsg_exit
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_controlfp
_initterm
_acmdln
exit
_ismbblead
_XcptFilter
_exit
_stricmp
sscanf
memset
memcpy
vsprintf
fopen
fprintf
fclose
_cexit
__getmainargs

cfgmgr32

CM_Get_Device_IDA
CM_Get_Parent
CM_Get_Child
CM_Get_DevNode_Registry_PropertyA
CM_Locate_DevNodeA
CM_Get_Sibling

setupapi

SetupDiGetDeviceInterfaceDetailA
SetupDiGetClassDevsA
SetupDiEnumDeviceInterfaces
SetupDiDestroyDeviceInfoList

Sections

.text
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
escdll.dll
.dll windows:4 windows x86 arch:x86

0eaf70db5e79d1e175ae610e729cf7f3

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

EnterCriticalSection
LeaveCriticalSection
GetCommandLineA
ExitProcess
TerminateProcess
GetCurrentProcess
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
GetLastError
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
HeapFree
WriteFile
InitializeCriticalSection
GetVersion
GetStringTypeW
HeapAlloc
GetCPInfo
GetACP
GetOEMCP
VirtualAlloc
HeapReAlloc
GetProcAddress
LoadLibraryA
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetStringTypeA
RtlUnwind
CloseHandle
ReadFile
CreateFileA
SetStdHandle
SetFilePointer
SetEndOfFile

user32

GetFocus
SetWindowsHookExA
UnhookWindowsHookEx
SendMessageA
GetAsyncKeyState
CallNextHookEx

Exports

Exports

??0CEscdll@@QAE@XZ
??4CEscdll@@QAEAAV0@ABV0@@Z
?dll_filtrar_windows@@YAXH@Z
?dll_focos_habilitados@@YAXPAUHWND__@@0@Z
?dll_raton@@YAXH@Z
?dll_renovar@@YAXXZ
?dll_restringir@@YAXH@Z
?dll_teclado@@YAXH@Z
?fnEscdll@@YAHXZ
?iniciar_dll@@YAXJ@Z
?nEscdll@@3HA

Sections

.text
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.SHARDAT
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
esclavohw.osf
.exe windows:6 windows x86 arch:x86

f0e6b0035f363abd021d26653fb9a6de

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\winddk\5600\src\usb\usb-osf-esclavohw\objfre_wxp_x86\i386\usbview.pdb

Imports

kernel32

UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
CreateFileA
QueryPerformanceCounter
GetModuleHandleA
RtlUnwind
GetStartupInfoA
InterlockedCompareExchange
Sleep
InterlockedExchange
CloseHandle
DeviceIoControl
WideCharToMultiByte
GlobalAlloc
GlobalFree
GetTickCount
DeleteFileA
SetUnhandledExceptionFilter

user32

wsprintfA

msvcrt

_amsg_exit
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_controlfp
_initterm
_acmdln
_ismbblead
_XcptFilter
_exit
_cexit
_stricmp
sscanf
memset
memcpy
vsprintf
fopen
fprintf
fclose
exit
__getmainargs

cfgmgr32

CM_Get_Device_IDA
CM_Get_Parent
CM_Get_Child
CM_Get_DevNode_Registry_PropertyA
CM_Locate_DevNodeA
CM_Get_Sibling

setupapi

SetupDiGetDeviceInterfaceDetailA
SetupDiGetClassDevsA
SetupDiEnumDeviceInterfaces
SetupDiDestroyDeviceInfoList

Sections

.text
Size: 71KB - Virtual size: 71KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 23KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
esclax0.osf
.exe windows:1 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

@__lockDebuggerData$qv
@__unlockDebuggerData$qv
__DebuggerHookData
__GetExceptDLLinfo

Sections

CODE
Size: 100KB - Virtual size: 104KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 294KB - Virtual size: 3.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.INIT
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.idata
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
esclent.osf
escmult.osf
.exe windows:1 windows x86 arch:x86

ea7b2ee34262ddfc82157d7d9b945d0f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

WaitForSingleObject
TerminateProcess
lstrcmpiA
WinExec
VirtualFree
UnhandledExceptionFilter
GlobalMemoryStatus
GetProcAddress
WriteFile
CreateFileA
DeleteFileA
EnterCriticalSection
VirtualAlloc
GetSystemDirectoryA
InitializeCriticalSection
RaiseException
SetCurrentDirectoryA
LeaveCriticalSection
GetCurrentProcess
GetFullPathNameA
GetLastError
GetLocalTime
GetModuleFileNameA
GetModuleHandleA
GetStdHandle
GetStartupInfoA
GetCommandLineA
ExitProcess
GetVersion
GlobalAddAtomA
GetFileType
GetEnvironmentStrings
SetConsoleCtrlHandler
RtlUnwind
GetFileAttributesA
OpenProcess
MoveFileA
GetCurrentThreadId
CloseHandle
SetFilePointer
SetHandleCount
SetLocalTime

advapi32

AdjustTokenPrivileges
RegQueryValueExA
OpenProcessToken
RegOpenKeyExA
RegCreateKeyA
LookupPrivilegeValueA
SetServiceStatus
RegCloseKey
RegSetValueExA

gdi32

MoveToEx
LineTo
GetStockObject

user32

EnumWindows
EnumThreadWindows
EndPaint
DispatchMessageA
DefWindowProcA
CreateWindowExA
BeginPaint
ExitWindowsEx
mouse_event
SystemParametersInfoA
ShowWindow
SetWindowPos
SetForegroundWindow
SetCursorPos
SendMessageA
RegisterClassA
RedrawWindow
PostQuitMessage
MessageBoxA
SetTimer
KillTimer
GetWindowThreadProcessId
GetMessageA
TranslateMessage
GetDesktopWindow

winmm

waveOutSetVolume

netapi32

Netbios

Exports

Exports

@__lockDebuggerData$qv
@__unlockDebuggerData$qv
__DebuggerHookData
__GetExceptDLLinfo

Sections

CODE
Size: 25KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
escsrv.osf
.exe windows:4 windows x86 arch:x86

982846d97a12ad34f284d8b30d94ca26

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

inet_addr
__WSAFDIsSet
select
closesocket
recv
WSAStartup
send
gethostbyname
htons
socket
connect

advapi32

RegDeleteKeyA
RegEnumKeyExA
RegCreateKeyA
RegSetValueExA
LookupAccountNameA
RegQueryValueExA
RegCloseKey
IsValidSid
GetSidIdentifierAuthority
GetSidSubAuthorityCount
GetSidSubAuthority
RegOpenKeyA
SetServiceStatus
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
CreateProcessAsUserA
RegisterServiceCtrlHandlerA
StartServiceCtrlDispatcherA
RegOpenKeyExA

user32

wsprintfA
GetTopWindow
RedrawWindow
ExitWindowsEx

ole32

CoInitialize
CoCreateInstance
CoUninitialize

netapi32

Netbios

kernel32

GetStringTypeA
GetStringTypeW
SetEndOfFile
HeapFree
CreateFileA
FlushFileBuffers
SetStdHandle
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetFilePointer
GetLocaleInfoA
HeapSize
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
LCMapStringW
LCMapStringA
GetOEMCP
GetACP
GetCPInfo
LoadLibraryA
GetProcAddress
Sleep
GetVersion
GetCurrentProcess
GetLastError
CloseHandle
_lclose
_lread
OpenFile
MoveFileA
DeleteFileA
WinExec
GetExitCodeProcess
ExitThread
HeapAlloc
GetProcessHeap
FormatMessageA
lstrlenA
SetLastError
lstrcpyA
HeapReAlloc
GetModuleHandleA
ExitProcess
GetCommandLineA
GetVersionExA
GetStartupInfoA
HeapDestroy
HeapCreate
VirtualFree
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
VirtualAlloc
WriteFile
GetStdHandle
GetModuleFileNameA
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
GetCurrentThreadId
InterlockedDecrement
InitializeCriticalSection
WideCharToMultiByte
GetConsoleCP
GetConsoleMode
MultiByteToWideChar
ReadFile
SetHandleCount
GetFileType
RtlUnwind

Exports

Exports

_TrackMouseEvent@4

Sections

.text
Size: 72KB - Virtual size: 69KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
escvar.osf
.dll windows:4 windows x86 arch:x86

060ac78429ff6b1b68f0e813c4432ff7

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

user32

GetClientRect
SetWindowLongA
SendMessageA
IsWindowUnicode
PeekMessageA
TranslateMessage
DispatchMessageA
IsWindow
GetWindowLongA

ole32

CoGetClassObject
OleSetContainedObject
OleInitialize

oleaut32

VariantClear
VariantInit
SysAllocString
SafeArrayCreate
SafeArrayAccessData
SysFreeString
SafeArrayDestroy

kernel32

GetStdHandle
LCMapStringW
LCMapStringA
GetStringTypeW
GetStringTypeA
GetLocaleInfoA
HeapSize
RtlUnwind
HeapReAlloc
VirtualAlloc
GetOEMCP
GetACP
GetCPInfo
InitializeCriticalSection
GlobalFree
GlobalAlloc
MultiByteToWideChar
Sleep
GetTickCount
InterlockedIncrement
InterlockedDecrement
WideCharToMultiByte
lstrcmpW
GetCurrentThreadId
GetCommandLineA
HeapFree
GetVersionExA
HeapAlloc
GetProcessHeap
GetProcAddress
GetModuleHandleA
ExitProcess
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetLastError
SetHandleCount
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
UnhandledExceptionFilter
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
WriteFile
LeaveCriticalSection
EnterCriticalSection
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
IsDebuggerPresent
LoadLibraryA

Exports

Exports

_f1@8
_f2@4
_f3@4
_f4@12
_f5@8
_f6@4
_f7@4

Sections

.text
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
monitor.exe
.exe windows:1 windows x86 arch:x86

afa6d42c9fe3949fb865f3132d6d370b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

FindFirstFileA
OpenFile
GetFileAttributesA
InitializeCriticalSection
RtlUnwind
RaiseException
GetFullPathNameA
GetCommandLineA
GetLocalTime
DeleteFileA
GetProcAddress
GlobalMemoryStatus
GetStdHandle
CreateFileA
VirtualAlloc
GetFileSize
WinExec
GetVersion
ExitProcess
GetFileType
SetLastError
SetConsoleCtrlHandler
FindNextFileA
GetVolumeInformationA
LeaveCriticalSection
lstrlenA
FindClose
FileTimeToLocalFileTime
GetStartupInfoA
FileTimeToDosDateTime
_lclose
lstrcmpiA
_lwrite
_lread
GetLastError
EnterCriticalSection
UnhandledExceptionFilter
GetEnvironmentStrings
VirtualFree
GetModuleHandleA
WriteFile
GetModuleFileNameA
SetHandleCount
GetCurrentThreadId
SetFilePointer
GetCurrentProcess
CloseHandle
ReadFile

advapi32

GetSidSubAuthority
OpenProcessToken
RegOpenKeyExA
LookupPrivilegeValueA
RegQueryValueExA
IsValidSid
RegOpenKeyA
GetSidIdentifierAuthority
AdjustTokenPrivileges
GetSidSubAuthorityCount
RegCloseKey

gdi32

TextOutA
SetDIBits
GetStockObject
DeleteObject
CreateRectRgn
CreateCompatibleBitmap
CombineRgn

user32

LoadIconA
wsprintfA
TrackPopupMenu
ShowWindow
ShowCursor
SetTimer
SetDlgItemTextA
SendMessageA
RegisterClassA
RedrawWindow
MessageBoxA
LoadCursorA
KillTimer
GetWindowTextA
GetTopWindow
GetMessageA
GetDlgItemTextA
GetDlgItemInt
GetDesktopWindow
GetDC
GetCursorPos
EnumWindows
EnumThreadWindows
EndDialog
DispatchMessageA
DialogBoxParamA
DefWindowProcA
GetClientRect
CreateWindowExA
CreatePopupMenu
AppendMenuA
TranslateMessage
ReleaseDC
SetWindowPos
GetWindowRect

shell32

Shell_NotifyIconA

wsock32

WSAStartup
WSAGetLastError
WSACleanup
WSAAsyncSelect
socket
send
recv
inet_addr
htons
gethostbyname
connect
closesocket

winspool.drv

SetJobA
OpenPrinterA
EnumPrintersA
EnumJobsA
ClosePrinter

comctl32

InitCommonControls

Exports

Exports

@__lockDebuggerData$qv
@__unlockDebuggerData$qv
__DebuggerHookData
__GetExceptDLLinfo

Sections

CODE
Size: 45KB - Virtual size: 48KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 12KB - Virtual size: 3.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
serhelp.hlp
serinter.exe
.exe windows:1 windows x86 arch:x86

63a0caa41ecfb537d4a5e2adfa41a475

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

GetStdHandle
GetEnvironmentStrings
CreateFileA
RaiseException
GetFileAttributesA
GlobalMemoryStatus
SetHandleCount
GetVersion
GetLocalTime
GetLastError
GetFileType
InitializeCriticalSection
DeleteFileA
GetModuleHandleA
GetProcAddress
GetCurrentThreadId
CloseHandle
EnterCriticalSection
ExitProcess
SetFilePointer
SetConsoleCtrlHandler
RtlUnwind
GetCommandLineA
MoveFileA
LeaveCriticalSection
GetModuleFileNameA
GetCurrentDirectoryA
TerminateProcess
UnhandledExceptionFilter
VirtualAlloc
VirtualFree
WinExec
WriteFile
GetStartupInfoA

gdi32

MoveToEx
LineTo
GetStockObject

user32

TranslateMessage
SetWindowPos
SetTimer
SetForegroundWindow
SendMessageA
RegisterClassA
RedrawWindow
PostQuitMessage
MessageBoxA
KillTimer
GetMessageA
GetDesktopWindow
EnumThreadWindows
EndPaint
DispatchMessageA
DefWindowProcA
ShowWindow
CreateWindowExA
BeginPaint

winmm

waveOutSetVolume

Exports

Exports

@__lockDebuggerData$qv
@__unlockDebuggerData$qv
__DebuggerHookData
__GetExceptDLLinfo

Sections

CODE
Size: 21KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 4KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
servidor.exe
.exe windows:1 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

@__lockDebuggerData$qv
@__unlockDebuggerData$qv
__DebuggerHookData
__GetExceptDLLinfo

Sections

CODE
Size: 320KB - Virtual size: 324KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 89KB - Virtual size: 10.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.INIT
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.idata
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 22KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 81KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
skins/cbm/cerrarsesion.bmp
skins/cbm/extras.bmp
skins/cbm/inicio.bmp
skins/cbm/internet.bmp
skins/cbm/mensaje.bmp
skins/cbm/menu.bmp
skins/cbm/minimizar.bmp
skins/cbm/notop.bmp
skins/cbm/saldo.bmp
skins/cbm/skin.ini
skins/cbm/tiempo.bmp
skins/cbm/titulo.bmp
skins/cbm/top.bmp
skins/cbm/total.bmp
traducciones/english.txt
traducciones/plantilla.txt
traducciones/portugues.txt

Sharing

General

Malware Config

Signatures

Files

52f4a941e787c1ed5083e361d825dd84

Headers

File Characteristics

Imports

kernel32

ws2_32

Exports

Exports

Sections

.text Size: 1.4MB - Virtual size: 1.4MB

.rdata Size: 850KB - Virtual size: 850KB

.data Size: 47KB - Virtual size: 56KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 60KB - Virtual size: 59KB

c73771c086e276497a262d7b21181163

Code Sign

70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bfCertificate

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate

Extended Key Usages

Key Usages

74:9b:9d:de:52:e0:1c:c6:d3:36:47:8a:b2:1a:59:6fCertificate

Extended Key Usages

Key Usages

1e:01:d5:c2:a7:94:01:7b:ed:83:e1:c0:3c:de:a5:ee:06:48:67:0fSigner

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

Exports

Exports

Sections

.text Size: 91KB - Virtual size: 90KB

.rdata Size: 27KB - Virtual size: 27KB

.data Size: 7KB - Virtual size: 13KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 9KB - Virtual size: 9KB

0baee55e77f0d5a00aa445576803582b

Headers

File Characteristics

Imports

kernel32

user32

gdi32

winspool.drv

freeimage

comctl32

wintrust

Sections

.text Size: 172KB - Virtual size: 171KB

.rdata Size: 44KB - Virtual size: 42KB

.data Size: 8KB - Virtual size: 27KB

.rsrc Size: 4KB - Virtual size: 176B

67720c8ba0dd0cac6d61364096add04a

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

msvcrt

cfgmgr32

setupapi

Sections

.text Size: 9KB - Virtual size: 9KB

.text
Size: 1.4MB - Virtual size: 1.4MB

.rdata
Size: 850KB - Virtual size: 850KB

.data
Size: 47KB - Virtual size: 56KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 60KB - Virtual size: 59KB

70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bf
Certificate

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

74:9b:9d:de:52:e0:1c:c6:d3:36:47:8a:b2:1a:59:6f
Certificate

1e:01:d5:c2:a7:94:01:7b:ed:83:e1:c0:3c:de:a5:ee:06:48:67:0f
Signer

.text
Size: 91KB - Virtual size: 90KB

.rdata
Size: 27KB - Virtual size: 27KB

.data
Size: 7KB - Virtual size: 13KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 9KB - Virtual size: 9KB

.text
Size: 172KB - Virtual size: 171KB

.rdata
Size: 44KB - Virtual size: 42KB

.data
Size: 8KB - Virtual size: 27KB

.rsrc
Size: 4KB - Virtual size: 176B

.text
Size: 9KB - Virtual size: 9KB

.data
Size: 1024B - Virtual size: 1KB

.rsrc
Size: 512B - Virtual size: 16B

.text
Size: 20KB - Virtual size: 17KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 4KB - Virtual size: 4KB

.SHARDAT
Size: 16KB - Virtual size: 12KB

.reloc
Size: 4KB - Virtual size: 3KB

.text
Size: 71KB - Virtual size: 71KB

.data
Size: 23KB - Virtual size: 24KB

.rsrc
Size: 512B - Virtual size: 16B

CODE
Size: 100KB - Virtual size: 104KB

DATA
Size: 294KB - Virtual size: 3.1MB

.INIT
Size: 3KB - Virtual size: 4KB

.idata
Size: 2KB - Virtual size: 4KB

.edata
Size: 512B - Virtual size: 4KB

.reloc
Size: 7KB - Virtual size: 8KB

.rsrc
Size: 1.4MB - Virtual size: 1.4MB

CODE
Size: 25KB - Virtual size: 28KB

DATA
Size: 5KB - Virtual size: 8KB

.idata
Size: 2KB - Virtual size: 4KB

.edata
Size: 512B - Virtual size: 4KB

.reloc
Size: 1KB - Virtual size: 4KB

.rsrc
Size: 512B - Virtual size: 4KB