SM1-LookAlike-Beta6[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

SM1-LookAlike-Beta6.zip
Size

1.3MB
MD5

080a5e86095595bc845d9d6ff9638752
SHA1

28dd4f11864161e6600da42f1449eb1225dd7733
SHA256

d2c06edf185a35932ae75a0bf82416cac397169a3cd5975f033e9a7cd5975cbf
SHA512

bab28ba484fb0d515125f8141864286b29e2bb85105d45d6fe3c40b1d0d92c3b3ddd69811108f7e2508986cff41bcc1b5813130bb92c4bb30e718c1f06b961e9
SSDEEP

24576:U+5h36pqgPe2ENyf8TmfNrmlGpiqQr70Md4f9RHbWLtOkjx2Ro/ubSMxar:V/qWzAfJaGpx5MulR7gtPd2C2bSNr

Score

3^/10

Malware Config

Signatures

Unsigned PE 10 IoCs

Checks for missing Authenticode signature.

resource
unpack001/bin/ASH.exe
unpack001/bin/MakeKeyBin.exe
unpack001/bin/bfgr_wadpacker.exe
unpack001/bin/bfgr_wadunpacker.exe
unpack001/bin/cygcrypto-0.9.8.dll
unpack001/bin/cygwin1.dll
unpack001/bin/nusd.exe
unpack001/bin/u8it.exe
unpack001/bin/xdelta.exe
unpack001/bin/yaz0enc.exe

Files

SM1-LookAlike-Beta6.zip
.zip
HackMenu.cmd
.cmd .vbs
README.rtf
.rtf
bin/ASH.exe
.exe windows:5 windows x86 arch:x86

1f8653606535535fc183cf3936985237

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcr90

exit
__initenv
_initterm
_initterm_e
_configthreadlocale
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
_encode_pointer
_XcptFilter
_crt_debugger_hook
?terminate@@YAXXZ
_unlock
__dllonexit
_lock
_onexit
_decode_pointer
_except_handler4_common
_invoke_watson
_controlfp_s
_exit
_cexit
__getmainargs
_amsg_exit
??2@YAPAXI@Z
fclose
fseek
ftell
fwrite
fread
fopen
printf
__set_app_type
sprintf
memset

kernel32

GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
InterlockedCompareExchange
Sleep
InterlockedExchange
GetSystemTimeAsFileTime

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 912B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 688B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 468B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
bin/MakeKeyBin.exe
.exe windows:4 windows x86 arch:x86

81d856fcea7a0836d2964681629ed4d4

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42

ord4486
ord2554
ord2512
ord5731
ord3922
ord1089
ord5199
ord2396
ord3346
ord5300
ord5302
ord2725
ord4079
ord4698
ord5307
ord5289
ord5714
ord2982
ord3147
ord3259
ord4465
ord3136
ord3262
ord2985
ord3081
ord2976
ord3830
ord3831
ord3825
ord3079
ord4080
ord4622
ord4424
ord3738
ord561
ord825
ord815
ord641
ord2514
ord2621
ord5265
ord4376
ord4853
ord6375
ord4710
ord6052
ord4078
ord1775
ord4407
ord5241
ord2385
ord5163
ord6374
ord4353
ord5280
ord3798
ord4837
ord4441
ord2648
ord2055
ord6376
ord3749
ord5065
ord1727
ord5261
ord2446
ord2124
ord5277
ord4627
ord4425
ord3597
ord324
ord4234
ord1146
ord1168
ord2297
ord2363
ord800
ord4160
ord540
ord2863
ord2379
ord755
ord470
ord1200
ord6334
ord4274
ord4998
ord4673
ord1576

msvcrt

__dllonexit
_onexit
_exit
_XcptFilter
exit
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
_controlfp
fwrite
fclose
__CxxFrameHandler
_setmbcp
fopen

kernel32

GetModuleHandleA
GetStartupInfoA

user32

AppendMenuA
GetSystemMenu
DrawIcon
GetClientRect
GetSystemMetrics
IsIconic
EnableWindow
LoadIconA
SendMessageA

Sections

.text
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 340B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
bin/bfgr_wadpacker.exe
.exe windows:4 windows x86 arch:x86

80273a39b9aa087efe1de5c12fca971f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

cygcrypto-0.9.8

AES_cbc_encrypt
AES_set_decrypt_key
AES_set_encrypt_key
MD5
SHA1

cygwin1

__getreent
__main
_fopen64
_impure_ptr
calloc
cygwin_internal
dll_crt0__FP11per_process
exit
fclose
fflush
fprintf
fputc
fputs
fread
free
fseek
ftell
fwrite
malloc
memcmp
memcpy
memset
perror
printf
putchar
puts
realloc
snprintf
sprintf
strcmp
strncmp
strncpy
strrchr
vsnprintf

kernel32

GetModuleHandleA

Sections

.text
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 800B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 592B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
bin/bfgr_wadunpacker.exe
.exe windows:4 windows x86 arch:x86

9fb8d7f728ecf89510affc2238dffc29

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

cygcrypto-0.9.8

AES_cbc_encrypt
AES_set_decrypt_key
AES_set_encrypt_key
MD5
SHA1

cygwin1

__getreent
__main
_fopen64
_impure_ptr
calloc
chdir
cygwin_internal
dll_crt0__FP11per_process
exit
fclose
fprintf
fputc
fputs
fread
free
fseek
ftell
fwrite
malloc
memcmp
memcpy
memset
mkdir
perror
printf
puts
realloc
snprintf
sprintf
strcmp
strncmp
strncpy
strrchr
vsnprintf

kernel32

GetModuleHandleA

Sections

.text
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 800B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 1024B - Virtual size: 976B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 608B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
bin/cygcrypto-0.9.8.dll
.dll windows:4 windows x86 arch:x86

232134fd0a8433d9513007dbf8171ae4

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

cygwin1

__errno
__getreent
_ctype_
_fopen64
_fstat64
_getegid32
_geteuid32
_getgid32
_getuid32
_impure_ptr
_lseek64
_open64
_stat64
abort
accept
atoi
bind
calloc
chmod
close
closelog
connect
cygwin_detach_dll
cygwin_internal
dlclose
dlerror
dll_dllcrt0
dlopen
dlsym
exit
fclose
fflush
fgets
fileno
fprintf
fputc
fputs
fread
free
fseek
ftell
fwrite
getenv
gethostbyname
getpid
getservbyname
getsockopt
gmtime
ioctl
listen
localtime
malloc
memchr
memcpy
memmove
memset
openlog
perror
printf
qsort
read
realloc
recvfrom
select
send
sendto
setsockopt
setvbuf
shutdown
sigaction
signal
socket
sprintf
sscanf
strcasecmp
strcat
strchr
strcmp
strcpy
strerror
strlen
strncasecmp
strncmp
strncpy
strrchr
strtol
strtoul
sysconf
syslog
tcgetattr
tcsetattr
time
times
vfprintf
write

kernel32

GetModuleHandleA

Exports

Exports

ACCESS_DESCRIPTION_free
ACCESS_DESCRIPTION_it
ACCESS_DESCRIPTION_new
AES_Td
AES_Te
AES_bi_ige_encrypt
AES_cbc_encrypt
AES_cfb128_encrypt
AES_cfb1_encrypt
AES_cfb8_encrypt
AES_cfbr_encrypt_block
AES_ctr128_encrypt
AES_decrypt
AES_ecb_encrypt
AES_encrypt
AES_ige_encrypt
AES_ofb128_encrypt
AES_options
AES_set_decrypt_key
AES_set_encrypt_key
AES_version
ASN1_ANY_it
ASN1_BIT_STRING_asn1_meth
ASN1_BIT_STRING_free
ASN1_BIT_STRING_get_bit
ASN1_BIT_STRING_it
ASN1_BIT_STRING_name_print
ASN1_BIT_STRING_new
ASN1_BIT_STRING_num_asc
ASN1_BIT_STRING_set
ASN1_BIT_STRING_set_asc
ASN1_BIT_STRING_set_bit
ASN1_BMPSTRING_free
ASN1_BMPSTRING_it
ASN1_BMPSTRING_new
ASN1_BOOLEAN_it
ASN1_ENUMERATED_free
ASN1_ENUMERATED_get
ASN1_ENUMERATED_it
ASN1_ENUMERATED_new
ASN1_ENUMERATED_set
ASN1_ENUMERATED_to_BN
ASN1_FBOOLEAN_it
ASN1_GENERALIZEDTIME_check
ASN1_GENERALIZEDTIME_free
ASN1_GENERALIZEDTIME_it
ASN1_GENERALIZEDTIME_new
ASN1_GENERALIZEDTIME_print
ASN1_GENERALIZEDTIME_set
ASN1_GENERALIZEDTIME_set_string
ASN1_GENERALSTRING_free
ASN1_GENERALSTRING_it
ASN1_GENERALSTRING_new
ASN1_HEADER_free
ASN1_HEADER_new
ASN1_IA5STRING_asn1_meth
ASN1_IA5STRING_free
ASN1_IA5STRING_it
ASN1_IA5STRING_new
ASN1_INTEGER_cmp
ASN1_INTEGER_dup
ASN1_INTEGER_free
ASN1_INTEGER_get
ASN1_INTEGER_it
ASN1_INTEGER_new
ASN1_INTEGER_set
ASN1_INTEGER_to_BN
ASN1_NULL_free
ASN1_NULL_it
ASN1_NULL_new
ASN1_OBJECT_create
ASN1_OBJECT_free
ASN1_OBJECT_it
ASN1_OBJECT_new
ASN1_OCTET_STRING_NDEF_it
ASN1_OCTET_STRING_cmp
ASN1_OCTET_STRING_dup
ASN1_OCTET_STRING_free
ASN1_OCTET_STRING_it
ASN1_OCTET_STRING_new
ASN1_OCTET_STRING_set
ASN1_PRINTABLESTRING_free
ASN1_PRINTABLESTRING_it
ASN1_PRINTABLESTRING_new
ASN1_PRINTABLE_free
ASN1_PRINTABLE_it
ASN1_PRINTABLE_new
ASN1_PRINTABLE_type
ASN1_SEQUENCE_it
ASN1_STRING_TABLE_add
ASN1_STRING_TABLE_cleanup
ASN1_STRING_TABLE_get
ASN1_STRING_cmp
ASN1_STRING_data
ASN1_STRING_dup
ASN1_STRING_encode
ASN1_STRING_free
ASN1_STRING_get_default_mask
ASN1_STRING_length
ASN1_STRING_length_set
ASN1_STRING_new
ASN1_STRING_print
ASN1_STRING_print_ex
ASN1_STRING_print_ex_fp
ASN1_STRING_set
ASN1_STRING_set_by_NID
ASN1_STRING_set_default_mask
ASN1_STRING_set_default_mask_asc
ASN1_STRING_to_UTF8
ASN1_STRING_type
ASN1_STRING_type_new
ASN1_T61STRING_free
ASN1_T61STRING_it
ASN1_T61STRING_new
ASN1_TBOOLEAN_it
ASN1_TIME_check
ASN1_TIME_free
ASN1_TIME_it
ASN1_TIME_new
ASN1_TIME_print
ASN1_TIME_set
ASN1_TIME_to_generalizedtime
ASN1_TYPE_free
ASN1_TYPE_get
ASN1_TYPE_get_int_octetstring
ASN1_TYPE_get_octetstring
ASN1_TYPE_new
ASN1_TYPE_set
ASN1_TYPE_set_int_octetstring
ASN1_TYPE_set_octetstring
ASN1_UNIVERSALSTRING_free
ASN1_UNIVERSALSTRING_it
ASN1_UNIVERSALSTRING_new
ASN1_UNIVERSALSTRING_to_string
ASN1_UTCTIME_check
ASN1_UTCTIME_cmp_time_t
ASN1_UTCTIME_free
ASN1_UTCTIME_it
ASN1_UTCTIME_new
ASN1_UTCTIME_print
ASN1_UTCTIME_set
ASN1_UTCTIME_set_string
ASN1_UTF8STRING_free
ASN1_UTF8STRING_it
ASN1_UTF8STRING_new
ASN1_VISIBLESTRING_free
ASN1_VISIBLESTRING_it
ASN1_VISIBLESTRING_new
ASN1_add_oid_module
ASN1_check_infinite_end
ASN1_const_check_infinite_end
ASN1_d2i_bio
ASN1_d2i_fp
ASN1_digest
ASN1_dup
ASN1_generate_nconf
ASN1_generate_v3
ASN1_get_object
ASN1_i2d_bio
ASN1_i2d_fp
ASN1_item_d2i
ASN1_item_d2i_bio
ASN1_item_d2i_fp
ASN1_item_digest
ASN1_item_dup
ASN1_item_ex_d2i
ASN1_item_ex_free
ASN1_item_ex_i2d
ASN1_item_ex_new
ASN1_item_free
ASN1_item_i2d
ASN1_item_i2d_bio
ASN1_item_i2d_fp
ASN1_item_ndef_i2d
ASN1_item_new
ASN1_item_pack
ASN1_item_sign
ASN1_item_unpack
ASN1_item_verify
ASN1_mbstring_copy
ASN1_mbstring_ncopy
ASN1_object_size
ASN1_pack_string
ASN1_parse
ASN1_parse_dump
ASN1_primitive_free
ASN1_primitive_new
ASN1_put_eoc
ASN1_put_object
ASN1_seq_pack
ASN1_seq_unpack
ASN1_sign
ASN1_tag2bit
ASN1_tag2str
ASN1_template_d2i
ASN1_template_free
ASN1_template_i2d
ASN1_template_new
ASN1_unpack_string
ASN1_verify
ASN1_version
AUTHORITY_INFO_ACCESS_free
AUTHORITY_INFO_ACCESS_it
AUTHORITY_INFO_ACCESS_new
AUTHORITY_KEYID_free
AUTHORITY_KEYID_it
AUTHORITY_KEYID_new
BASIC_CONSTRAINTS_free
BASIC_CONSTRAINTS_it
BASIC_CONSTRAINTS_new
BF_cbc_encrypt
BF_cfb64_encrypt
BF_decrypt
BF_ecb_encrypt
BF_encrypt
BF_ofb64_encrypt
BF_options
BF_set_key
BF_version
BIGNUM_it
BIO_ACCEPT_free
BIO_ACCEPT_new
BIO_CONNECT_free
BIO_CONNECT_new
BIO_accept
BIO_callback_ctrl
BIO_clear_flags
BIO_copy_next_retry
BIO_ctrl
BIO_ctrl_get_read_request
BIO_ctrl_get_write_guarantee
BIO_ctrl_pending
BIO_ctrl_reset_read_request
BIO_ctrl_wpending
BIO_debug_callback
BIO_dgram_non_fatal_error
BIO_dgram_should_retry
BIO_dump
BIO_dump_cb
BIO_dump_fp
BIO_dump_indent
BIO_dump_indent_cb
BIO_dump_indent_fp
BIO_dup_chain
BIO_f_base64
BIO_f_buffer
BIO_f_cipher
BIO_f_md
BIO_f_nbio_test
BIO_f_null
BIO_f_reliable
BIO_fd_non_fatal_error
BIO_fd_should_retry
BIO_find_type
BIO_free
BIO_free_all
BIO_get_accept_socket
BIO_get_callback
BIO_get_callback_arg
BIO_get_ex_data
BIO_get_ex_new_index
BIO_get_host_ip
BIO_get_port
BIO_get_retry_BIO
BIO_get_retry_reason
BIO_gethostbyname
BIO_gets
BIO_indent
BIO_int_ctrl
BIO_method_name
BIO_method_type
BIO_new
BIO_new_accept
BIO_new_bio_pair
BIO_new_connect
BIO_new_dgram
BIO_new_fd
BIO_new_file
BIO_new_fp
BIO_new_mem_buf
BIO_new_socket
BIO_next
BIO_nread
BIO_nread0
BIO_number_read
BIO_number_written
BIO_nwrite
BIO_nwrite0
BIO_pop
BIO_printf
BIO_ptr_ctrl
BIO_push
BIO_puts
BIO_read
BIO_s_accept
BIO_s_bio
BIO_s_connect
BIO_s_datagram
BIO_s_fd
BIO_s_file
BIO_s_log
BIO_s_mem
BIO_s_null
BIO_s_socket
BIO_set
BIO_set_callback
BIO_set_callback_arg
BIO_set_cipher
BIO_set_ex_data
BIO_set_flags
BIO_set_tcp_ndelay
BIO_snprintf
BIO_sock_cleanup
BIO_sock_error
BIO_sock_init
BIO_sock_non_fatal_error
BIO_sock_should_retry
BIO_socket_ioctl
BIO_socket_nbio
BIO_test_flags
BIO_vfree
BIO_vprintf
BIO_vsnprintf
BIO_write
BN_BLINDING_convert
BN_BLINDING_convert_ex
BN_BLINDING_create_param
BN_BLINDING_free
BN_BLINDING_get_flags
BN_BLINDING_get_thread_id
BN_BLINDING_invert
BN_BLINDING_invert_ex
BN_BLINDING_new
BN_BLINDING_set_flags
BN_BLINDING_set_thread_id
BN_BLINDING_update
BN_CTX_end
BN_CTX_free
BN_CTX_get
BN_CTX_init
BN_CTX_new
BN_CTX_start
BN_GENCB_call
BN_GF2m_add
BN_GF2m_arr2poly
BN_GF2m_mod
BN_GF2m_mod_arr
BN_GF2m_mod_div
BN_GF2m_mod_div_arr
BN_GF2m_mod_exp
BN_GF2m_mod_exp_arr
BN_GF2m_mod_inv
BN_GF2m_mod_inv_arr
BN_GF2m_mod_mul
BN_GF2m_mod_mul_arr
BN_GF2m_mod_solve_quad
BN_GF2m_mod_solve_quad_arr
BN_GF2m_mod_sqr
BN_GF2m_mod_sqr_arr
BN_GF2m_mod_sqrt
BN_GF2m_mod_sqrt_arr
BN_GF2m_poly2arr
BN_MONT_CTX_copy
BN_MONT_CTX_free
BN_MONT_CTX_init
BN_MONT_CTX_new
BN_MONT_CTX_set
BN_MONT_CTX_set_locked
BN_RECP_CTX_free
BN_RECP_CTX_init
BN_RECP_CTX_new
BN_RECP_CTX_set
BN_add
BN_add_word
BN_bin2bn
BN_bn2bin
BN_bn2dec
BN_bn2hex
BN_bn2mpi
BN_bntest_rand
BN_clear
BN_clear_bit
BN_clear_free
BN_cmp
BN_copy
BN_dec2bn
BN_div
BN_div_recp
BN_div_word
BN_dup
BN_exp
BN_free
BN_from_montgomery
BN_gcd
BN_generate_prime
BN_generate_prime_ex
BN_get0_nist_prime_192
BN_get0_nist_prime_224
BN_get0_nist_prime_256
BN_get0_nist_prime_384
BN_get0_nist_prime_521
BN_get_params
BN_get_word
BN_hex2bn
BN_init
BN_is_bit_set
BN_is_prime
BN_is_prime_ex
BN_is_prime_fasttest
BN_is_prime_fasttest_ex
BN_kronecker
BN_lshift
BN_lshift1
BN_mask_bits
BN_mod_add
BN_mod_add_quick
BN_mod_exp
BN_mod_exp2_mont
BN_mod_exp_mont
BN_mod_exp_mont_consttime
BN_mod_exp_mont_word
BN_mod_exp_recp
BN_mod_exp_simple
BN_mod_inverse
BN_mod_lshift
BN_mod_lshift1
BN_mod_lshift1_quick
BN_mod_lshift_quick
BN_mod_mul
BN_mod_mul_montgomery
BN_mod_mul_reciprocal
BN_mod_sqr
BN_mod_sqrt
BN_mod_sub
BN_mod_sub_quick
BN_mod_word
BN_mpi2bn
BN_mul
BN_mul_word
BN_new
BN_nist_mod_192
BN_nist_mod_224
BN_nist_mod_256
BN_nist_mod_384
BN_nist_mod_521
BN_nnmod
BN_num_bits
BN_num_bits_word
BN_options
BN_print
BN_print_fp
BN_pseudo_rand
BN_pseudo_rand_range
BN_rand
BN_rand_range
BN_reciprocal
BN_rshift
BN_rshift1
BN_set_bit
BN_set_negative
BN_set_params
BN_set_word
BN_sqr
BN_sub
BN_sub_word
BN_swap
BN_to_ASN1_ENUMERATED
BN_to_ASN1_INTEGER
BN_uadd
BN_ucmp
BN_usub
BN_value_one
BN_version
BUF_MEM_free
BUF_MEM_grow
BUF_MEM_grow_clean
BUF_MEM_new
BUF_memdup
BUF_strdup
BUF_strlcat
BUF_strlcpy
BUF_strndup
CAST_S_table0
CAST_S_table1
CAST_S_table2
CAST_S_table3
CAST_S_table4
CAST_S_table5
CAST_S_table6
CAST_S_table7
CAST_cbc_encrypt
CAST_cfb64_encrypt
CAST_decrypt
CAST_ecb_encrypt
CAST_encrypt
CAST_ofb64_encrypt
CAST_set_key
CAST_version
CBIGNUM_it
CERTIFICATEPOLICIES_free

Sections

.text
Size: 723KB - Virtual size: 723KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 53KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 149KB - Virtual size: 149KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 10KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 93KB - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 35KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
bin/cygwin1.dll
.dll windows:4 windows x86 arch:x86

400661656de0b22c9631b8a6779c390b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

advapi32

RegCloseKey

kernel32

AllocConsole
BackupWrite
ClearCommBreak
ClearCommError
CloseHandle
CompareFileTime
CopyFileA
CreateDirectoryA
CreateEventA
CreateFileA
CreateFileMappingA
CreateMailslotA
CreateMutexA
CreateNamedPipeA
CreatePipe
CreateProcessA
CreateSemaphoreA
CreateTapePartition
CreateThread
DebugBreak
DeleteCriticalSection
DeleteFileA
DeviceIoControl
DuplicateHandle
EnterCriticalSection
EraseTape
EscapeCommFunction
ExitProcess
ExitThread
ExpandEnvironmentStringsA
FillConsoleOutputAttribute
FillConsoleOutputCharacterA
FindClose
FindFirstChangeNotificationA
FindFirstFileA
FindNextChangeNotification
FindNextFileA
FlushConsoleInputBuffer
FlushFileBuffers
FlushViewOfFile
FreeConsole
FreeEnvironmentStringsA
FreeLibrary
GetACP
GetBinaryTypeA
GetCommModemStatus
GetCommState
GetCommandLineA
GetComputerNameA
GetConsoleCP
GetConsoleMode
GetConsoleOutputCP
GetConsoleScreenBufferInfo
GetConsoleTitleA
GetCurrentDirectoryA
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetDiskFreeSpaceA
GetDriveTypeA
GetEnvironmentStrings
GetEnvironmentVariableA
GetExitCodeProcess
GetFileAttributesA
GetFileInformationByHandle
GetFileSize
GetFileType
GetFullPathNameA
GetLastError
GetLogicalDriveStringsA
GetLogicalDrives
GetMailslotInfo
GetModuleFileNameA
GetModuleHandleA
GetNumberOfConsoleInputEvents
GetOEMCP
GetOverlappedResult
GetPriorityClass
GetProcAddress
GetProcessTimes
GetStartupInfoA
GetStdHandle
GetSystemDirectoryA
GetSystemInfo
GetSystemTimeAsFileTime
GetTapeParameters
GetTapePosition
GetTapeStatus
GetThreadContext
GetThreadPriority
GetTickCount
GetTimeZoneInformation
GetVersionExA
GetVolumeInformationA
GetWindowsDirectoryA
GlobalAlloc
GlobalFree
GlobalLock
GlobalMemoryStatus
GlobalUnlock
InitializeCriticalSection
IsBadStringPtrA
LeaveCriticalSection
LoadLibraryA
LoadLibraryExA
LockFile
LockFileEx
MapViewOfFile
MapViewOfFileEx
MoveFileA
MoveFileExA
MultiByteToWideChar
OpenEventA
OpenFileMappingA
OpenMutexA
OpenProcess
OpenSemaphoreA
OutputDebugStringA
PeekConsoleInputA
PeekNamedPipe
PrepareTape
PurgeComm
QueryDosDeviceA
QueryPerformanceCounter
QueryPerformanceFrequency
ReadConsoleInputA
ReadConsoleOutputA
ReadFile
ReadProcessMemory
ReleaseMutex
ReleaseSemaphore
RemoveDirectoryA
ResetEvent
ResumeThread
RtlUnwind
ScrollConsoleScreenBufferA
SetCommBreak
SetCommMask
SetCommState
SetCommTimeouts
SetConsoleCtrlHandler
SetConsoleCursorPosition
SetConsoleMode
SetConsoleTextAttribute
SetConsoleTitleA
SetCurrentDirectoryA
SetEndOfFile
SetEnvironmentVariableA
SetErrorMode
SetEvent
SetFileApisToANSI
SetFileApisToOEM
SetFileAttributesA
SetFilePointer
SetFileTime
SetHandleInformation
SetLastError
SetMailslotInfo
SetNamedPipeHandleState
SetPriorityClass
SetStdHandle
SetSystemTime
SetTapeParameters
SetTapePosition
SetThreadAffinityMask
SetThreadContext
SetThreadPriority
Sleep
SuspendThread
TerminateProcess
TerminateThread
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
TransmitCommChar
UnlockFile
UnlockFileEx
UnmapViewOfFile
VirtualAlloc
VirtualFree
VirtualProtect
VirtualProtectEx
VirtualQuery
VirtualQueryEx
WaitCommEvent
WaitForMultipleObjects
WaitForSingleObject
WaitNamedPipeA
WideCharToMultiByte
WriteConsoleOutputA
WriteFile
WriteProcessMemory
WriteTapemark

Exports

Exports

__argc
__argv
__argz_add
__argz_add_sep
__argz_append
__argz_count
__argz_create
__argz_create_sep
__argz_delete
__argz_extract
__argz_insert
__argz_next
__argz_replace
__argz_stringify
__assert
__assertfail
__check_rhosts_file
__cygwin_environ
__cygwin_user_data
__envz_add
__envz_entry
__envz_get
__envz_merge
__envz_remove
__envz_strip
__eprintf
__errno
__f_atan2
__f_atan2f
__f_exp
__f_expf
__f_frexp
__f_frexpf
__f_ldexp
__f_ldexpf
__f_log
__f_log10
__f_log10f
__f_logf
__f_pow
__f_powf
__f_tan
__f_tanf
__fpclassifyd
__fpclassifyf
__getdelim
__getline
__getreent
__infinity
__isinfd
__isinff
__isnand
__isnanf
__main
__mb_cur_max
__mempcpy
__opendir_with_d_ino
__progname
__rcmd_errstr
__signbitd
__signbitf
__signgam
__srget
__srget_r
__swbuf
__swbuf_r
_abort
_abs
_access
_acl
_acl32
_aclcheck
_aclcheck32
_aclfrommode
_aclfrommode32
_aclfrompbits
_aclfrompbits32
_aclfromtext
_aclfromtext32
_aclsort
_aclsort32
_acltomode
_acltomode32
_acltopbits
_acltopbits32
_acltotext
_acltotext32
_acos
_acosf
_acosh
_acoshf
_alarm
_alloca
_alphasort
_asctime
_asctime_r
_asin
_asinf
_asinh
_asinhf
_asprintf
_asprintf_r
_atan
_atan2
_atan2f
_atanf
_atanh
_atanhf
_atexit
_atof
_atoff
_atoi
_atol
_bcmp
_bcopy
_bsearch
_bzero
_cabs
_cabsf
_calloc
_cbrt
_cbrtf
_ceil
_ceilf
_chdir
_check_for_executable
_chmod
_chown
_chown32
_chroot
_clearerr
_clock
_close
_closedir
_copysign
_copysignf
_cos
_cosf
_cosh
_coshf
_creat
_ctime
_ctime_r
_ctype_
_cuserid
_cwait
_daylight
_difftime
_dirfd
_div
_dll_crt0@0
_drand48
_drem
_dremf
_dup
_dup2
_ecvt
_ecvtbuf
_ecvtf
_endgrent
_endmntent
_endpwent
_endutent
_erand48
_erf
_erfc
_erfcf
_erff
_execl
_execle
_execlp
_execv
_execve
_execvp
_exit
_exp
_expf
_expm1
_expm1f
_f_atan2
_f_atan2f
_f_exp
_f_expf
_f_frexp
_f_frexpf
_f_ldexp
_f_ldexpf
_f_log
_f_log10
_f_log10f
_f_logf
_f_pow
_f_powf
_f_tan
_f_tanf
_fabs
_fabsf
_facl
_facl32
_fchdir
_fchmod
_fchown
_fchown32
_fclose
_fcloseall
_fcloseall_r
_fcntl
_fcntl64
_fcvt
_fcvtbuf
_fcvtf
_fdopen
_fdopen64
_feof
_ferror
_fflush
_ffs
_fgetc
_fgetpos
_fgetpos64
_fgets
_fileno
_finite
_finitef
_fiprintf
_floor
_floorf
_fmod
_fmodf
_fnmatch
_fopen
_fopen64
_fork
_fprintf
_fputc
_fputs
_fread
_free
_freopen
_freopen64
_frexp
_frexpf
_fscanf
_fscanf_r
_fseek
_fseeko
_fseeko64
_fsetpos
_fsetpos64
_fstat
_fstat64
_fstatfs
_fsync
_ftell
_ftello
_ftello64
_ftime
_ftok
_ftruncate
_ftruncate64
_fwrite
_gamma
_gamma_r
_gammaf
_gammaf_r
_gcvt
_gcvtf
_get_osfhandle
_getc
_getc_unlocked
_getchar
_getchar_unlocked
_getcwd
_getdomainname
_getdtablesize
_getegid
_getegid32
_getenv
_geteuid
_geteuid32
_getgid
_getgid32
_getgrent
_getgrent32
_getgrgid
_getgrgid32
_getgrnam
_getgrnam32
_getgroups
_getgroups32
_gethostname
_getlogin
_getmntent
_getmode
_getpagesize
_getpass
_getpgrp
_getpid
_getppid
_getpwduid
_getpwent
_getpwnam
_getpwuid
_getpwuid32
_getpwuid_r32
_getrlimit
_getrusage
_gets
_gettimeofday
_getuid
_getuid32
_getutent
_getutid
_getutline
_getw
_getwd
_glob
_globfree
_gmtime
_gmtime_r
_htonl
_htons
_hypot
_hypotf
_ilogb
_ilogbf
_impure_ptr
_index
_infinity
_infinityf
_initgroups32
_ioctl
_iprintf
_isalnum
_isalpha
_isascii
_isatty
_iscntrl
_isdigit
_isgraph
_isinf
_isinff
_islower
_isnan
_isnanf
_isprint
_ispunct
_isspace
_isupper
_isxdigit
_j0
_j0f
_j1
_j1f
_jn
_jnf
_jrand48
_kill
_labs
_lacl
_lchown
_lchown32
_lcong48
_ldexp
_ldexpf
_ldiv
_lgamma
_lgamma_r
_lgammaf
_lgammaf_r
_link
_localeconv
_localtime
_localtime_r
_log
_log10
_log10f
_log1p
_log1pf
_logb
_logbf
_logf
_longjmp
_lrand48
_lseek
_lseek64
_lstat
_lstat64
_malloc
_matherr
_mblen
_mbstowcs
_mbtowc
_memccpy
_memchr
_memcmp
_memcpy
_memmove
_memset
_mkdir
_mknod
_mknod32
_mkstemp
_mktemp
_mktime
_mmap64
_modf
_modff
_mount
_nan
_nanf
_nanosleep
_nextafter
_nextafterf
_nice
_nl_langinfo
_nrand48
_ntohl
_ntohs
_open
_open64
_openlog
_pathconf
_pclose
_perror
_pipe
_poll
_popen
_pow
_powf
_printf
_pthread_cleanup_pop
_pthread_cleanup_push
_putc
_putc_unlocked
_putchar
_putchar_unlocked
_putenv
_puts
_pututline
_putw
_qsort
_raise
_rand
_read
_readdir
_readlink
_readv
_realloc
_remainder
_remainderf
_remove
_rename
_rewind
_rewinddir
_rindex
_rint
_rintf
_rmdir
_sbrk
_scalb
_scalbf
_scalbn
_scalbnf
_scandir
_scanf
_scanf_r
_seed48
_seekdir
_seekdir64
_select
_setbuf
_setdtablesize
_setegid
_setegid32
_setenv
_seteuid
_seteuid32
_setgid
_setgid32
_setgrent
_setgroups
_setgroups32
_setjmp
_setlocale
_setmntent
_setmode
_setpassent
_setpgid
_setpgrp
_setpwent
_setregid
_setregid32
_setreuid
_setreuid32
_setrlimit
_setsid
_settimeofday
_setuid
_setuid32

Sections

.text
Size: 1015KB - Virtual size: 1014KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

/4
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 205KB - Virtual size: 205KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 36KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 31KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 64KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/19
Size: 512B - Virtual size: 260B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

/38
Size: 512B - Virtual size: 16B

IMAGE_SCN_MEM_DISCARDABLE

.idata
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.cygheap
Size: - Virtual size: 576KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
bin/nusd.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

G:\Proj\NUSD\obj\Debug\nusd.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
bin/u8it.exe
.exe windows:4 windows x86 arch:x86

f75e6e6ac70c619ba8d0081495acdc3e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

cygwin1

__main
_fopen64
_impure_ptr
_stat64
calloc
chdir
closedir
cygwin_internal
dll_crt0__FP11per_process
fclose
fread
free
fseek
ftell
fwrite
malloc
memcpy
memset
mkdir
opendir
printf
readdir
realloc
rewinddir
strcmp
strlen

kernel32

GetModuleHandleA

Sections

.text
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 224B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1024B - Virtual size: 828B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
bin/xdelta.exe
.exe windows:5 windows x86 arch:x86

3fc2c2072db94fef44ffa635543f13dc

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\Documents and Settings\jmacd\src\xdelta3\Release\xdelta3.pdb

Imports

kernel32

CreateFileA
SystemTimeToFileTime
SetFilePointerEx
FormatMessageA
WriteFile
ReadFile
GetFileSizeEx
GetStartupInfoA
GetStdHandle
GetLastError
GetLocalTime
CloseHandle
UnhandledExceptionFilter
SetUnhandledExceptionFilter
HeapFree
HeapAlloc
EnterCriticalSection
LeaveCriticalSection
FindClose
FileTimeToSystemTime
FileTimeToLocalFileTime
GetDriveTypeA
FindFirstFileA
GetCommandLineA
TerminateProcess
GetCurrentProcess
IsDebuggerPresent
GetModuleHandleW
Sleep
GetProcAddress
ExitProcess
GetModuleFileNameA
HeapCreate
VirtualFree
DeleteCriticalSection
VirtualAlloc
HeapReAlloc
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetCurrentThreadId
SetHandleCount
GetFileType
WideCharToMultiByte
GetConsoleCP
GetConsoleMode
FlushFileBuffers
GetFileAttributesA
GetFullPathNameA
GetCurrentDirectoryA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
LoadLibraryA
InitializeCriticalSectionAndSpinCount
SetFilePointer
RtlUnwind
GetModuleHandleA
LCMapStringA
MultiByteToWideChar
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetStdHandle
GetExitCodeProcess
WaitForSingleObject
CreateProcessA
CompareStringA
CompareStringW
SetEnvironmentVariableA
GetTimeZoneInformation
HeapSize
RaiseException
DeleteFileA

Sections

.text
Size: 185KB - Virtual size: 185KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 22KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 504B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
bin/yaz0enc.exe
.exe windows:4 windows x86 arch:x86

6cab1c9c27d123acf91684f5ee2349cb

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

MultiByteToWideChar
ExitProcess
TerminateProcess
GetCurrentProcess
GetCommandLineA
GetVersion
RtlUnwind
HeapFree
RaiseException
HeapReAlloc
HeapAlloc
HeapSize
GetLastError
FlushFileBuffers
WriteFile
CloseHandle
ReadFile
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
SetFilePointer
UnhandledExceptionFilter
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
SetUnhandledExceptionFilter
SetStdHandle
CreateFileA
GetCPInfo
GetACP
GetOEMCP
GetProcAddress
LoadLibraryA
IsBadReadPtr
IsBadCodePtr
SetEndOfFile
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW

Sections

.text
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
patches/JP/idx03_CSS.xdl
patches/JP/index02.xdl
patches/JP/index03.xdl
patches/JP/inet_idx.xdl
patches/JP/inet_idx_CSS.xdl
patches/SM/ENG/index02.xdl
patches/SM/ENG/index03.xdl
patches/SM/ENG/inet_idx.xdl
patches/SM/FRA/index02.xdl
patches/SM/FRA/index03.xdl
patches/SM/FRA/inet_idx.xdl
patches/SM/SPA/index02.xdl
patches/SM/SPA/index03.xdl
patches/SM/SPA/inet_idx.xdl
patches/SM/idx03_CSS.xdl
patches/SM/inet_idx_CSS.xdl
patches/SNEEKTMD.xdl
patches/TMD.xdl
patches/chanSel.xdl
patches/mainDOL.xdl

Sharing

General

Malware Config

Signatures

Files

1f8653606535535fc183cf3936985237

Headers

DLL Characteristics

File Characteristics

Imports

msvcr90

kernel32

Sections

.text Size: 4KB - Virtual size: 4KB

.rdata Size: 2KB - Virtual size: 1KB

.data Size: 512B - Virtual size: 912B

.rsrc Size: 1024B - Virtual size: 688B

.reloc Size: 512B - Virtual size: 468B

81d856fcea7a0836d2964681629ed4d4

Headers

File Characteristics

Imports

mfc42

msvcrt

kernel32

user32

Sections

.text Size: 4KB - Virtual size: 2KB

.rdata Size: 4KB - Virtual size: 2KB

.data Size: 4KB - Virtual size: 340B

.rsrc Size: 4KB - Virtual size: 3KB

80273a39b9aa087efe1de5c12fca971f

Headers

File Characteristics

Imports

cygcrypto-0.9.8

cygwin1

kernel32

Sections

.text Size: 9KB - Virtual size: 9KB

.data Size: 1024B - Virtual size: 800B

.rdata Size: 1KB - Virtual size: 1KB

.bss Size: - Virtual size: 592B

.idata Size: 1KB - Virtual size: 1KB

9fb8d7f728ecf89510affc2238dffc29

Headers

File Characteristics

Imports

cygcrypto-0.9.8

cygwin1

kernel32

Sections

.text Size: 9KB - Virtual size: 8KB

.data Size: 1024B - Virtual size: 800B

.rdata Size: 1024B - Virtual size: 976B

.bss Size: - Virtual size: 608B

.idata Size: 1KB - Virtual size: 1KB

232134fd0a8433d9513007dbf8171ae4

Headers

File Characteristics

Imports

cygwin1

kernel32

Exports

Exports

Sections

.text Size: 723KB - Virtual size: 723KB

.data Size: 53KB - Virtual size: 53KB

.rdata Size: 149KB - Virtual size: 149KB

.bss Size: - Virtual size: 10KB

.edata Size: 93KB - Virtual size: 92KB

.idata Size: 3KB - Virtual size: 2KB

.reloc Size: 35KB - Virtual size: 35KB

400661656de0b22c9631b8a6779c390b

Headers

File Characteristics

Imports

advapi32

kernel32

Exports

.text
Size: 4KB - Virtual size: 4KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 512B - Virtual size: 912B

.rsrc
Size: 1024B - Virtual size: 688B

.reloc
Size: 512B - Virtual size: 468B

.text
Size: 4KB - Virtual size: 2KB

.rdata
Size: 4KB - Virtual size: 2KB

.data
Size: 4KB - Virtual size: 340B

.rsrc
Size: 4KB - Virtual size: 3KB

.text
Size: 9KB - Virtual size: 9KB

.data
Size: 1024B - Virtual size: 800B

.rdata
Size: 1KB - Virtual size: 1KB

.bss
Size: - Virtual size: 592B

.idata
Size: 1KB - Virtual size: 1KB

.text
Size: 9KB - Virtual size: 8KB

.data
Size: 1024B - Virtual size: 800B

.rdata
Size: 1024B - Virtual size: 976B

.bss
Size: - Virtual size: 608B

.idata
Size: 1KB - Virtual size: 1KB

.text
Size: 723KB - Virtual size: 723KB

.data
Size: 53KB - Virtual size: 53KB

.rdata
Size: 149KB - Virtual size: 149KB

.bss
Size: - Virtual size: 10KB

.edata
Size: 93KB - Virtual size: 92KB

.idata
Size: 3KB - Virtual size: 2KB

.reloc
Size: 35KB - Virtual size: 35KB

.text
Size: 1015KB - Virtual size: 1014KB

/4
Size: 10KB - Virtual size: 9KB

.data
Size: 44KB - Virtual size: 43KB

.rdata
Size: 205KB - Virtual size: 205KB

.bss
Size: - Virtual size: 36KB

.edata
Size: 31KB - Virtual size: 31KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 64KB - Virtual size: 64KB

/19
Size: 512B - Virtual size: 260B

/38
Size: 512B - Virtual size: 16B

.idata
Size: 36KB - Virtual size: 36KB

.cygheap
Size: - Virtual size: 576KB

.text
Size: 20KB - Virtual size: 20KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 5KB - Virtual size: 5KB

.rdata
Size: 1KB - Virtual size: 1KB

.bss
Size: - Virtual size: 224B

.idata
Size: 1024B - Virtual size: 828B

.text
Size: 185KB - Virtual size: 185KB

.rdata
Size: 13KB - Virtual size: 12KB

.data
Size: 22KB - Virtual size: 72KB

.rsrc
Size: 512B - Virtual size: 504B

.text
Size: 40KB - Virtual size: 39KB

.rdata
Size: 8KB - Virtual size: 6KB

.data
Size: 4KB - Virtual size: 9KB