C:\Users\Developer\source\repos\ASKBotv3\x64\Release\ASKBot.pdb
Overview
overview
10Static
static
7ASKBot1.exe
windows7-x64
1ASKBot1.exe
windows10-2004-x64
1ASKBot2.exe
windows7-x64
1ASKBot2.exe
windows10-2004-x64
7askbot-upx.exe
windows7-x64
7askbot-upx.exe
windows10-2004-x64
7Sample2.exe
windows7-x64
1Sample2.exe
windows10-2004-x64
7Sample3.exe
windows7-x64
7Sample3.exe
windows10-2004-x64
7Sample4.exe
windows7-x64
7Sample4.exe
windows10-2004-x64
10Sample5.dll
windows10-2004-x64
1Sample6.dll
windows7-x64
1Sample6.dll
windows10-2004-x64
1Behavioral task
behavioral1
Sample
ASKBot1.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
ASKBot1.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral3
Sample
ASKBot2.exe
Resource
win7-20240221-en
Behavioral task
behavioral4
Sample
ASKBot2.exe
Resource
win10v2004-20240426-en
Behavioral task
behavioral5
Sample
askbot-upx.exe
Resource
win7-20240508-en
Behavioral task
behavioral6
Sample
askbot-upx.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral7
Sample
Sample2.exe
Resource
win7-20240221-en
Behavioral task
behavioral8
Sample
Sample2.exe
Resource
win10v2004-20240426-en
Behavioral task
behavioral9
Sample
Sample3.exe
Resource
win7-20240508-en
Behavioral task
behavioral10
Sample
Sample3.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral11
Sample
Sample4.exe
Resource
win7-20240221-en
Behavioral task
behavioral12
Sample
Sample4.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral13
Sample
Sample5.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral14
Sample
Sample6.dll
Resource
win7-20240215-en
Behavioral task
behavioral15
Sample
Sample6.dll
Resource
win10v2004-20240426-en
General
-
Target
0dcdb4d96a44ebaa3e16a60d43d6a6bd8f8b662cc7cb59f2fc9252b6b6e488dc
-
Size
382KB
-
MD5
5678a76745ad0c74c90554ac7f560cba
-
SHA1
dc3d14460c803ca5ff7599be5bcdf32e80cd8fb8
-
SHA256
0dcdb4d96a44ebaa3e16a60d43d6a6bd8f8b662cc7cb59f2fc9252b6b6e488dc
-
SHA512
3b02ea5ddc314a728a6b44296c98cf5924fb4c08aee162f788899f8d764eb1eb61c7c319811ccc887f771d50fefe833909571de89a7d849e165cd7cf07d6cd2e
-
SSDEEP
6144:OsO4GTtZSkkFFzvQsVbrB669lDcFW8ExKiTLR72ekC64O/AeqWwKSVDmUsD+OHzw:GtZLkPzvQ4nx93UiTLJcZAeqa0LsDJTw
Malware Config
Signatures
-
resource yara_rule static1/unpack002/askbot-upx.exe upx static1/unpack001/Sample3.bin upx -
Unsigned PE 10 IoCs
Checks for missing Authenticode signature.
resource unpack001/ASKBot1.bin unpack001/ASKBot2.bin unpack002/askbot-upx.exe unpack003/out.upx unpack001/Sample2.bin unpack001/Sample3.bin unpack004/out.upx unpack001/Sample4.bin unpack001/Sample5.bin unpack001/Sample6.bin
Files
-
0dcdb4d96a44ebaa3e16a60d43d6a6bd8f8b662cc7cb59f2fc9252b6b6e488dc.zip
Password: infected
-
ASKBot1.bin.exe windows:6 windows x64 arch:x64
3da60347841fe236e3ec213c560605d2
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
PDB Paths
Imports
ws2_32
closesocket
WSASocketW
getaddrinfo
WSAStartup
connect
WSACleanup
inet_ntop
crypt32
CryptBinaryToStringA
CryptStringToBinaryA
wininet
InternetCloseHandle
HttpSendRequestA
HttpQueryInfoA
InternetConnectA
InternetOpenA
InternetReadFile
InternetSetOptionA
HttpOpenRequestA
InternetQueryDataAvailable
kernel32
IsDebuggerPresent
RtlCaptureContext
InitializeSListHead
IsProcessorFeaturePresent
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
SetUnhandledExceptionFilter
QueryPerformanceCounter
RtlVirtualUnwind
UnhandledExceptionFilter
WaitForSingleObject
CreateEventW
FreeConsole
HeapFree
GetModuleHandleA
GetLastError
HeapReAlloc
CloseHandle
HeapAlloc
GetProcAddress
GetProcessHeap
GetModuleHandleW
WideCharToMultiByte
CreateProcessA
GetComputerNameA
SizeofResource
FindResourceA
LockResource
LoadResource
RtlLookupFunctionEntry
iphlpapi
GetAdaptersAddresses
vcruntime140
memset
memcmp
__C_specific_handler
__current_exception_context
__current_exception
strchr
api-ms-win-crt-string-l1-1-0
strncat
strncmp
tolower
strncpy
api-ms-win-crt-stdio-l1-1-0
_set_fmode
__p__commode
__stdio_common_vsprintf
__stdio_common_vsscanf
getchar
api-ms-win-crt-heap-l1-1-0
free
_set_new_mode
malloc
realloc
api-ms-win-crt-runtime-l1-1-0
_register_thread_local_exe_atexit_callback
_cexit
__p___argv
exit
_initialize_onexit_table
_register_onexit_function
_crt_atexit
terminate
_seh_filter_exe
_set_app_type
__p___argc
_configure_narrow_argv
_initialize_narrow_environment
_c_exit
_exit
_initterm_e
_initterm
_get_initial_narrow_environment
api-ms-win-crt-convert-l1-1-0
strtod
api-ms-win-crt-math-l1-1-0
_dclass
__setusermatherr
api-ms-win-crt-locale-l1-1-0
_configthreadlocale
Exports
Exports
cJSON_AddArrayToObject
cJSON_AddBoolToObject
cJSON_AddFalseToObject
cJSON_AddItemReferenceToArray
cJSON_AddItemReferenceToObject
cJSON_AddItemToArray
cJSON_AddItemToObject
cJSON_AddItemToObjectCS
cJSON_AddNullToObject
cJSON_AddNumberToObject
cJSON_AddObjectToObject
cJSON_AddRawToObject
cJSON_AddStringToObject
cJSON_AddTrueToObject
cJSON_Compare
cJSON_CreateArray
cJSON_CreateArrayReference
cJSON_CreateBool
cJSON_CreateDoubleArray
cJSON_CreateFalse
cJSON_CreateFloatArray
cJSON_CreateIntArray
cJSON_CreateNull
cJSON_CreateNumber
cJSON_CreateObject
cJSON_CreateObjectReference
cJSON_CreateRaw
cJSON_CreateString
cJSON_CreateStringArray
cJSON_CreateStringReference
cJSON_CreateTrue
cJSON_Delete
cJSON_DeleteItemFromArray
cJSON_DeleteItemFromObject
cJSON_DeleteItemFromObjectCaseSensitive
cJSON_DetachItemFromArray
cJSON_DetachItemFromObject
cJSON_DetachItemFromObjectCaseSensitive
cJSON_DetachItemViaPointer
cJSON_Duplicate
cJSON_GetArrayItem
cJSON_GetArraySize
cJSON_GetErrorPtr
cJSON_GetNumberValue
cJSON_GetObjectItem
cJSON_GetObjectItemCaseSensitive
cJSON_GetStringValue
cJSON_HasObjectItem
cJSON_InitHooks
cJSON_InsertItemInArray
cJSON_IsArray
cJSON_IsBool
cJSON_IsFalse
cJSON_IsInvalid
cJSON_IsNull
cJSON_IsNumber
cJSON_IsObject
cJSON_IsRaw
cJSON_IsString
cJSON_IsTrue
cJSON_Minify
cJSON_Parse
cJSON_ParseWithLength
cJSON_ParseWithLengthOpts
cJSON_ParseWithOpts
cJSON_Print
cJSON_PrintBuffered
cJSON_PrintPreallocated
cJSON_PrintUnformatted
cJSON_ReplaceItemInArray
cJSON_ReplaceItemInObject
cJSON_ReplaceItemInObjectCaseSensitive
cJSON_ReplaceItemViaPointer
cJSON_SetNumberHelper
cJSON_SetValuestring
cJSON_Version
cJSON_free
cJSON_malloc
Sections
.text Size: 33KB - Virtual size: 33KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 8KB - Virtual size: 8KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 672B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 2KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 1024B - Virtual size: 600B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 56B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
ASKBot2.bin.exe windows:6 windows x64 arch:x64
64595986bdd3b60c3ddef52b8fa47847
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
PDB Paths
C:\Users\Developer\source\repos\ASKBotv3\x64\Release\ASKBot.pdb
Imports
ws2_32
closesocket
WSASocketW
getaddrinfo
WSAStartup
connect
WSACleanup
inet_ntop
crypt32
CryptBinaryToStringA
CryptStringToBinaryA
wininet
InternetCloseHandle
HttpSendRequestA
HttpQueryInfoA
InternetConnectA
InternetOpenA
InternetReadFile
InternetSetOptionA
HttpOpenRequestA
InternetQueryDataAvailable
kernel32
IsDebuggerPresent
RtlCaptureContext
InitializeSListHead
IsProcessorFeaturePresent
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
SetUnhandledExceptionFilter
QueryPerformanceCounter
RtlVirtualUnwind
UnhandledExceptionFilter
WaitForSingleObject
CreateEventW
FreeConsole
GetModuleFileNameA
HeapFree
GetEnvironmentVariableA
GetModuleHandleA
CopyFileA
GetLastError
HeapReAlloc
CloseHandle
HeapAlloc
GetProcAddress
GetProcessHeap
GetModuleHandleW
WideCharToMultiByte
CreateProcessA
GetComputerNameA
SizeofResource
FindResourceA
LockResource
LoadResource
RtlLookupFunctionEntry
advapi32
RegOpenKeyExA
RegCloseKey
RegSetValueExA
iphlpapi
GetAdaptersAddresses
vcruntime140
memset
memcmp
__C_specific_handler
__current_exception_context
__current_exception
strstr
strchr
strrchr
api-ms-win-crt-string-l1-1-0
strncat
strncmp
tolower
strncpy
api-ms-win-crt-stdio-l1-1-0
_set_fmode
__p__commode
__stdio_common_vsprintf
__stdio_common_vsscanf
getchar
api-ms-win-crt-heap-l1-1-0
free
_set_new_mode
malloc
realloc
api-ms-win-crt-runtime-l1-1-0
_register_thread_local_exe_atexit_callback
_cexit
__p___argv
exit
_initialize_onexit_table
_register_onexit_function
_crt_atexit
terminate
_seh_filter_exe
_set_app_type
__p___argc
_configure_narrow_argv
_initialize_narrow_environment
_c_exit
_exit
_initterm_e
_initterm
_get_initial_narrow_environment
api-ms-win-crt-convert-l1-1-0
strtod
api-ms-win-crt-math-l1-1-0
_dclass
__setusermatherr
api-ms-win-crt-locale-l1-1-0
_configthreadlocale
Exports
Exports
cJSON_AddArrayToObject
cJSON_AddBoolToObject
cJSON_AddFalseToObject
cJSON_AddItemReferenceToArray
cJSON_AddItemReferenceToObject
cJSON_AddItemToArray
cJSON_AddItemToObject
cJSON_AddItemToObjectCS
cJSON_AddNullToObject
cJSON_AddNumberToObject
cJSON_AddObjectToObject
cJSON_AddRawToObject
cJSON_AddStringToObject
cJSON_AddTrueToObject
cJSON_Compare
cJSON_CreateArray
cJSON_CreateArrayReference
cJSON_CreateBool
cJSON_CreateDoubleArray
cJSON_CreateFalse
cJSON_CreateFloatArray
cJSON_CreateIntArray
cJSON_CreateNull
cJSON_CreateNumber
cJSON_CreateObject
cJSON_CreateObjectReference
cJSON_CreateRaw
cJSON_CreateString
cJSON_CreateStringArray
cJSON_CreateStringReference
cJSON_CreateTrue
cJSON_Delete
cJSON_DeleteItemFromArray
cJSON_DeleteItemFromObject
cJSON_DeleteItemFromObjectCaseSensitive
cJSON_DetachItemFromArray
cJSON_DetachItemFromObject
cJSON_DetachItemFromObjectCaseSensitive
cJSON_DetachItemViaPointer
cJSON_Duplicate
cJSON_GetArrayItem
cJSON_GetArraySize
cJSON_GetErrorPtr
cJSON_GetNumberValue
cJSON_GetObjectItem
cJSON_GetObjectItemCaseSensitive
cJSON_GetStringValue
cJSON_HasObjectItem
cJSON_InitHooks
cJSON_InsertItemInArray
cJSON_IsArray
cJSON_IsBool
cJSON_IsFalse
cJSON_IsInvalid
cJSON_IsNull
cJSON_IsNumber
cJSON_IsObject
cJSON_IsRaw
cJSON_IsString
cJSON_IsTrue
cJSON_Minify
cJSON_Parse
cJSON_ParseWithLength
cJSON_ParseWithLengthOpts
cJSON_ParseWithOpts
cJSON_Print
cJSON_PrintBuffered
cJSON_PrintPreallocated
cJSON_PrintUnformatted
cJSON_ReplaceItemInArray
cJSON_ReplaceItemInObject
cJSON_ReplaceItemInObjectCaseSensitive
cJSON_ReplaceItemViaPointer
cJSON_SetNumberHelper
cJSON_SetValuestring
cJSON_Version
cJSON_free
cJSON_malloc
Sections
.text Size: 34KB - Virtual size: 34KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 9KB - Virtual size: 8KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 1024B - Virtual size: 768B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 2KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 1024B - Virtual size: 600B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 56B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
Labs Readme.txt
-
Sample1.bin.7z
-
askbot-upx.exe.exe windows:6 windows x64 arch:x64
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
Sections
UPX0 Size: - Virtual size: 52KB
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
UPX1 Size: 17KB - Virtual size: 20KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 2KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
-
out.upx.exe windows:6 windows x64 arch:x64
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
Exports
Exports
cJSON_AddArrayToObject
cJSON_AddBoolToObject
cJSON_AddFalseToObject
cJSON_AddItemReferenceToArray
cJSON_AddItemReferenceToObject
cJSON_AddItemToArray
cJSON_AddItemToObject
cJSON_AddItemToObjectCS
cJSON_AddNullToObject
cJSON_AddNumberToObject
cJSON_AddObjectToObject
cJSON_AddRawToObject
cJSON_AddStringToObject
cJSON_AddTrueToObject
cJSON_Compare
cJSON_CreateArray
cJSON_CreateArrayReference
cJSON_CreateBool
cJSON_CreateDoubleArray
cJSON_CreateFalse
cJSON_CreateFloatArray
cJSON_CreateIntArray
cJSON_CreateNull
cJSON_CreateNumber
cJSON_CreateObject
cJSON_CreateObjectReference
cJSON_CreateRaw
cJSON_CreateString
cJSON_CreateStringArray
cJSON_CreateStringReference
cJSON_CreateTrue
cJSON_Delete
cJSON_DeleteItemFromArray
cJSON_DeleteItemFromObject
cJSON_DeleteItemFromObjectCaseSensitive
cJSON_DetachItemFromArray
cJSON_DetachItemFromObject
cJSON_DetachItemFromObjectCaseSensitive
cJSON_DetachItemViaPointer
cJSON_Duplicate
cJSON_GetArrayItem
cJSON_GetArraySize
cJSON_GetErrorPtr
cJSON_GetNumberValue
cJSON_GetObjectItem
cJSON_GetObjectItemCaseSensitive
cJSON_GetStringValue
cJSON_HasObjectItem
cJSON_InitHooks
cJSON_InsertItemInArray
cJSON_IsArray
cJSON_IsBool
cJSON_IsFalse
cJSON_IsInvalid
cJSON_IsNull
cJSON_IsNumber
cJSON_IsObject
cJSON_IsRaw
cJSON_IsString
cJSON_IsTrue
cJSON_Minify
cJSON_Parse
cJSON_ParseWithLength
cJSON_ParseWithLengthOpts
cJSON_ParseWithOpts
cJSON_Print
cJSON_PrintBuffered
cJSON_PrintPreallocated
cJSON_PrintUnformatted
cJSON_ReplaceItemInArray
cJSON_ReplaceItemInObject
cJSON_ReplaceItemInObjectCaseSensitive
cJSON_ReplaceItemViaPointer
cJSON_SetNumberHelper
cJSON_SetValuestring
cJSON_Version
cJSON_free
cJSON_malloc
Sections
.text Size: 34KB - Virtual size: 34KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 9KB - Virtual size: 8KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 1024B - Virtual size: 768B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 2KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 1024B - Virtual size: 600B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 56B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
Sample2.bin.exe windows:6 windows x64 arch:x64
64595986bdd3b60c3ddef52b8fa47847
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
PDB Paths
C:\Users\Developer\source\repos\ASKBotv3\x64\Release\ASKBot.pdb
Imports
ws2_32
closesocket
WSASocketW
getaddrinfo
WSAStartup
connect
WSACleanup
inet_ntop
crypt32
CryptBinaryToStringA
CryptStringToBinaryA
wininet
InternetCloseHandle
HttpSendRequestA
HttpQueryInfoA
InternetConnectA
InternetOpenA
InternetReadFile
InternetSetOptionA
HttpOpenRequestA
InternetQueryDataAvailable
kernel32
IsDebuggerPresent
RtlCaptureContext
InitializeSListHead
IsProcessorFeaturePresent
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
SetUnhandledExceptionFilter
QueryPerformanceCounter
RtlVirtualUnwind
UnhandledExceptionFilter
WaitForSingleObject
CreateEventW
FreeConsole
GetModuleFileNameA
HeapFree
GetEnvironmentVariableA
GetModuleHandleA
CopyFileA
GetLastError
HeapReAlloc
CloseHandle
HeapAlloc
GetProcAddress
GetProcessHeap
GetModuleHandleW
WideCharToMultiByte
CreateProcessA
GetComputerNameA
SizeofResource
FindResourceA
LockResource
LoadResource
RtlLookupFunctionEntry
advapi32
RegOpenKeyExA
RegCloseKey
RegSetValueExA
iphlpapi
GetAdaptersAddresses
vcruntime140
memset
memcmp
__C_specific_handler
__current_exception_context
__current_exception
strstr
strchr
strrchr
api-ms-win-crt-string-l1-1-0
strncat
strncmp
tolower
strncpy
api-ms-win-crt-stdio-l1-1-0
_set_fmode
__p__commode
__stdio_common_vsprintf
__stdio_common_vsscanf
getchar
api-ms-win-crt-heap-l1-1-0
free
_set_new_mode
malloc
realloc
api-ms-win-crt-runtime-l1-1-0
_register_thread_local_exe_atexit_callback
_cexit
__p___argv
exit
_initialize_onexit_table
_register_onexit_function
_crt_atexit
terminate
_seh_filter_exe
_set_app_type
__p___argc
_configure_narrow_argv
_initialize_narrow_environment
_c_exit
_exit
_initterm_e
_initterm
_get_initial_narrow_environment
api-ms-win-crt-convert-l1-1-0
strtod
api-ms-win-crt-math-l1-1-0
_dclass
__setusermatherr
api-ms-win-crt-locale-l1-1-0
_configthreadlocale
Exports
Exports
cJSON_AddArrayToObject
cJSON_AddBoolToObject
cJSON_AddFalseToObject
cJSON_AddItemReferenceToArray
cJSON_AddItemReferenceToObject
cJSON_AddItemToArray
cJSON_AddItemToObject
cJSON_AddItemToObjectCS
cJSON_AddNullToObject
cJSON_AddNumberToObject
cJSON_AddObjectToObject
cJSON_AddRawToObject
cJSON_AddStringToObject
cJSON_AddTrueToObject
cJSON_Compare
cJSON_CreateArray
cJSON_CreateArrayReference
cJSON_CreateBool
cJSON_CreateDoubleArray
cJSON_CreateFalse
cJSON_CreateFloatArray
cJSON_CreateIntArray
cJSON_CreateNull
cJSON_CreateNumber
cJSON_CreateObject
cJSON_CreateObjectReference
cJSON_CreateRaw
cJSON_CreateString
cJSON_CreateStringArray
cJSON_CreateStringReference
cJSON_CreateTrue
cJSON_Delete
cJSON_DeleteItemFromArray
cJSON_DeleteItemFromObject
cJSON_DeleteItemFromObjectCaseSensitive
cJSON_DetachItemFromArray
cJSON_DetachItemFromObject
cJSON_DetachItemFromObjectCaseSensitive
cJSON_DetachItemViaPointer
cJSON_Duplicate
cJSON_GetArrayItem
cJSON_GetArraySize
cJSON_GetErrorPtr
cJSON_GetNumberValue
cJSON_GetObjectItem
cJSON_GetObjectItemCaseSensitive
cJSON_GetStringValue
cJSON_HasObjectItem
cJSON_InitHooks
cJSON_InsertItemInArray
cJSON_IsArray
cJSON_IsBool
cJSON_IsFalse
cJSON_IsInvalid
cJSON_IsNull
cJSON_IsNumber
cJSON_IsObject
cJSON_IsRaw
cJSON_IsString
cJSON_IsTrue
cJSON_Minify
cJSON_Parse
cJSON_ParseWithLength
cJSON_ParseWithLengthOpts
cJSON_ParseWithOpts
cJSON_Print
cJSON_PrintBuffered
cJSON_PrintPreallocated
cJSON_PrintUnformatted
cJSON_ReplaceItemInArray
cJSON_ReplaceItemInObject
cJSON_ReplaceItemInObjectCaseSensitive
cJSON_ReplaceItemViaPointer
cJSON_SetNumberHelper
cJSON_SetValuestring
cJSON_Version
cJSON_free
cJSON_malloc
Sections
.text Size: 34KB - Virtual size: 34KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 9KB - Virtual size: 8KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 1024B - Virtual size: 768B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 2KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 1024B - Virtual size: 600B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 56B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
Sample3.bin.exe windows:6 windows x64 arch:x64
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
Sections
UPX0 Size: - Virtual size: 52KB
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
UPX1 Size: 17KB - Virtual size: 20KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 2KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
-
out.upx.exe windows:6 windows x64 arch:x64
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
Exports
Exports
cJSON_AddArrayToObject
cJSON_AddBoolToObject
cJSON_AddFalseToObject
cJSON_AddItemReferenceToArray
cJSON_AddItemReferenceToObject
cJSON_AddItemToArray
cJSON_AddItemToObject
cJSON_AddItemToObjectCS
cJSON_AddNullToObject
cJSON_AddNumberToObject
cJSON_AddObjectToObject
cJSON_AddRawToObject
cJSON_AddStringToObject
cJSON_AddTrueToObject
cJSON_Compare
cJSON_CreateArray
cJSON_CreateArrayReference
cJSON_CreateBool
cJSON_CreateDoubleArray
cJSON_CreateFalse
cJSON_CreateFloatArray
cJSON_CreateIntArray
cJSON_CreateNull
cJSON_CreateNumber
cJSON_CreateObject
cJSON_CreateObjectReference
cJSON_CreateRaw
cJSON_CreateString
cJSON_CreateStringArray
cJSON_CreateStringReference
cJSON_CreateTrue
cJSON_Delete
cJSON_DeleteItemFromArray
cJSON_DeleteItemFromObject
cJSON_DeleteItemFromObjectCaseSensitive
cJSON_DetachItemFromArray
cJSON_DetachItemFromObject
cJSON_DetachItemFromObjectCaseSensitive
cJSON_DetachItemViaPointer
cJSON_Duplicate
cJSON_GetArrayItem
cJSON_GetArraySize
cJSON_GetErrorPtr
cJSON_GetNumberValue
cJSON_GetObjectItem
cJSON_GetObjectItemCaseSensitive
cJSON_GetStringValue
cJSON_HasObjectItem
cJSON_InitHooks
cJSON_InsertItemInArray
cJSON_IsArray
cJSON_IsBool
cJSON_IsFalse
cJSON_IsInvalid
cJSON_IsNull
cJSON_IsNumber
cJSON_IsObject
cJSON_IsRaw
cJSON_IsString
cJSON_IsTrue
cJSON_Minify
cJSON_Parse
cJSON_ParseWithLength
cJSON_ParseWithLengthOpts
cJSON_ParseWithOpts
cJSON_Print
cJSON_PrintBuffered
cJSON_PrintPreallocated
cJSON_PrintUnformatted
cJSON_ReplaceItemInArray
cJSON_ReplaceItemInObject
cJSON_ReplaceItemInObjectCaseSensitive
cJSON_ReplaceItemViaPointer
cJSON_SetNumberHelper
cJSON_SetValuestring
cJSON_Version
cJSON_free
cJSON_malloc
Sections
.text Size: 34KB - Virtual size: 34KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 9KB - Virtual size: 8KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 1024B - Virtual size: 768B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 2KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 1024B - Virtual size: 600B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 56B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
Sample4.bin.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 289KB - Virtual size: 289KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1024B - Virtual size: 724B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
Sample5.bin.dll windows:10 windows x64 arch:x64
dd0e8e26fa9213a5cfffff1806f14ebe
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
PDB Paths
ntvdm64.pdb
Imports
ntdll
RtlFreeHeap
RtlLookupFunctionEntry
RtlVirtualUnwind
__C_specific_handler
RtlCaptureContext
wcsncmp
wcschr
NtClose
RtlGetThreadErrorMode
RtlInitUnicodeString
NtQueryInformationProcess
RtlAllocateHeap
_vsnwprintf
NtCreateFile
wcscmp
api-ms-win-core-version-l1-1-0
GetFileVersionInfoSizeExW
GetFileVersionInfoExW
VerQueryValueW
api-ms-win-core-processenvironment-l1-1-0
SearchPathW
SetEnvironmentVariableW
ExpandEnvironmentStringsW
GetEnvironmentVariableW
api-ms-win-core-registry-l1-1-0
RegQueryValueExW
RegSetValueExW
RegCloseKey
api-ms-win-core-heap-l1-1-0
HeapAlloc
GetProcessHeap
HeapFree
api-ms-win-core-errorhandling-l1-1-0
SetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetLastError
api-ms-win-core-file-l1-1-0
GetFullPathNameW
api-ms-win-core-wow64-l1-1-1
GetSystemWow64DirectoryW
api-ms-win-core-localization-l1-2-0
FormatMessageW
api-ms-win-core-libraryloader-l1-2-0
DisableThreadLibraryCalls
LoadStringW
GetModuleHandleW
api-ms-win-core-heap-l2-1-0
LocalFree
api-ms-win-core-sysinfo-l1-1-0
GetTickCount
GetSystemTimeAsFileTime
GetSystemWindowsDirectoryW
api-ms-win-core-processthreads-l1-1-0
TerminateProcess
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
api-ms-win-core-profile-l1-1-0
QueryPerformanceCounter
api-ms-win-core-registry-l2-1-0
RegCreateKeyW
RegEnumKeyW
RegOpenKeyW
kernelbase
CreateProcessInternalW
version
VerQueryValueA
api-ms-win-core-delayload-l1-1-1
ResolveDelayLoadedAPI
api-ms-win-core-delayload-l1-1-0
DelayLoadFailureHook
Exports
Exports
DllInstall
NtVdm64CreateProcessInternalW
NtVdm64RaiseInvalid16BitError
Sections
.text Size: 7KB - Virtual size: 7KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 7KB - Virtual size: 6KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 512B - Virtual size: 312B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.didat Size: 512B - Virtual size: 32B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 136B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
Sample6.bin.dll windows:5 windows x86 arch:x86
719f7217317f5e7c875725779feaefbd
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
Imports
kernel32
GetCurrentThreadId
GetCurrentProcessId
GetCurrentProcess
CloseHandle
GetComputerNameA
GetLastError
GetLocalTime
SystemTimeToFileTime
GetTickCount
Sleep
ExitThread
CreateThread
WaitForSingleObject
GetVolumeInformationW
GlobalMemoryStatusEx
CreateEventW
SetEvent
GetTempPathW
LocalFree
SetEnvironmentVariableA
CompareStringW
GetWindowsDirectoryW
CreateFileW
GetProcessHeap
SetEndOfFile
RtlUnwind
LoadLibraryW
GetStringTypeW
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetModuleFileNameA
WriteConsoleW
SetFilePointer
SetStdHandle
LCMapStringW
HeapDestroy
HeapCreate
GetModuleFileNameW
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
GetTimeZoneInformation
GetSystemTimeAsFileTime
GetTimeFormatA
GetDateFormatA
HeapFree
HeapAlloc
HeapReAlloc
MultiByteToWideChar
ReadFile
WriteFile
WideCharToMultiByte
GetConsoleCP
GetConsoleMode
GetCommandLineA
RaiseException
HeapSize
GetProcAddress
GetModuleHandleW
ExitProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
TerminateProcess
FlushFileBuffers
InitializeCriticalSectionAndSpinCount
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoW
IsProcessorFeaturePresent
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
SetLastError
VirtualQuery
ole32
CoCreateGuid
dnsapi
DnsQuery_A
DnsFree
ws2_32
gethostname
send
freeaddrinfo
WSASend
htons
getaddrinfo
shutdown
WSACleanup
WSAGetLastError
WSAStartup
getsockname
connect
getnameinfo
gethostbyname
inet_ntoa
recv
select
setsockopt
WSAIoctl
bind
socket
inet_addr
closesocket
crypt32
CryptProtectData
CryptUnprotectData
iphlpapi
GetAdaptersInfo
Sections
.text Size: 163KB - Virtual size: 163KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 31KB - Virtual size: 31KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 6KB - Virtual size: 14KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 12KB - Virtual size: 12KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ