modiloader | 942f2e2a4446cfd70a4244cd223b56c4_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

942f2e2a4446cfd70a4244cd223b56c4_JaffaCakes118
Size

4.9MB
MD5

942f2e2a4446cfd70a4244cd223b56c4
SHA1

14faf4f53f27c44b504de73a2836b391cc6d2617
SHA256

e9e96bfcecf2f4fdc536cb0e8b1b2a08cb660f4b73a87099deeb7cbf0cb62210
SHA512

a0644fff674365a2a79076647adfec9d58aebe5e58cb9ff1b8392430a7902b1b3731019ffac0a037ddf90f22071529b6f9aac22a3f2ee6a7021ada4960532c00
SSDEEP

98304:cpEC9dCddyqAbQTnKNaLRiv1vtknr5RdMk8h4aMesIqcdoB+UHaTIU:cpZ9kddhAbyKNxtv2rrdd867erxdoBho

Score

10^/10

upx modiloader

Malware Config

Signatures

ModiLoader First Stage 3 IoCs

Processes:

resource	yara_rule
static1/unpack001/l2c.exe	modiloader_stage1
static1/unpack003/out.upx	modiloader_stage1
static1/unpack004/out.upx	modiloader_stage1

Modiloader family
modiloader

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
static1/unpack001/l2c.exe	upx
static1/unpack001/l2cserv.exe	upx
static1/unpack001/l2net.exe	upx
static1/unpack001/l2update.exe	upx

Unsigned PE 8 IoCs

Checks for missing Authenticode signature.

Processes:

resource
unpack001/access.dat
unpack001/l2c.exe
unpack001/l2cserv.exe
unpack003/out.upx
unpack001/l2net.exe
unpack004/out.upx
unpack001/l2update.exe
unpack005/out.upx

Files

942f2e2a4446cfd70a4244cd223b56c4_JaffaCakes118
.rar
CATEGORY.NDX
CHANCE.NDX
DROPLIST.DBF
IDITEMS.NDX
IDNPC.NDX
NPC.DBF
PARAMS.INI
SERVER.INI
access.dat
.dll regsvr32 windows:4 windows x86 arch:x86

d1e10a04ad85a14abc67c0f2a2f79aed

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetLastError
GetLastError
SetEnvironmentVariableA
ReadFile
CreateMailslotA
CreateFileA
GetEnvironmentVariableA
CloseHandle
WriteFile
GetCommandLineA
GetVersion
ExitProcess
TerminateProcess
GetCurrentProcess
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
TlsGetValue
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
GetModuleHandleA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
HeapFree
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
HeapAlloc
GetCPInfo
GetACP
GetOEMCP
VirtualAlloc
HeapReAlloc
GetProcAddress
LoadLibraryA
RtlUnwind
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
InterlockedDecrement
InterlockedIncrement

user32

IsWindow
SendMessageA
GetWindowThreadProcessId

oleaut32

SysAllocStringByteLen

Exports

Exports

CallBuyNowURL
CallBuyNowURLEx
CallCustomerServiceURL
ChangeHardwareLock
CheckCode
ConnectedToServer
CopiesRunning
DllRegisterServer
DllUnregisterServer
Environ
ExpireCurrentKey
FixClock
GetShellProcessID
GetUserString
IncrementCounter
InstallKey
InstallKeyLater
NANOBEGIN
NANOEND
RawFingerprintInfo
SECUREBEGIN
SECUREBEGIN_A
SECUREBEGIN_B
SECUREBEGIN_C
SECUREBEGIN_D
SECUREBEGIN_E
SECUREBEGIN_F
SECUREBEGIN_G
SECUREBEGIN_H
SECUREBEGIN_I
SECUREBEGIN_J
SECUREBEGIN_K
SECUREEND
SECUREEND_A
SECUREEND_B
SECUREEND_C
SECUREEND_D
SECUREEND_E
SECUREEND_F
SECUREEND_G
SECUREEND_H
SECUREEND_I
SECUREEND_J
SECUREEND_K
SetDefaultKey
SetUserString
ShowEnterKeyDialog
ShowReminderMessage
ShowReminderMessage2
UninstallKey
UpdateEnvironment
VBGetCommandLine
VBGetUserString
VerifyKey
WriteHardwareChangeLog
_GetCommandLine

Sections

.text
Size: 20KB - Virtual size: 18KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 736B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
alarm.wav
death.wav
default.ini
faildamage.wav
fullitem.dat
itemalarm.wav
items.DBF
l2c.eng
l2c.exe
.exe windows:4 windows x86 arch:x86

1ba968152c8eb4214524780a94b2d9ea

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

advapi32

GetUserNameA
RegCloseKey
RegCreateKeyExA
RegDeleteKeyA
RegEnumKeyExA
RegFlushKey
RegOpenKeyExA
RegQueryInfoKeyA
RegQueryValueExA
RegSetValueExA

comctl32

ImageList_Add
ImageList_BeginDrag
ImageList_Create
ImageList_Destroy
ImageList_DragEnter
ImageList_DragLeave
ImageList_DragMove
ImageList_DragShowNolock
ImageList_Draw
ImageList_DrawEx
ImageList_EndDrag
ImageList_GetBkColor
ImageList_GetDragImage
ImageList_GetIconSize
ImageList_GetImageCount
ImageList_LoadImage
ImageList_Read
ImageList_Remove
ImageList_Replace
ImageList_ReplaceIcon
ImageList_SetBkColor
ImageList_SetDragCursorImage
ImageList_SetIconSize
ImageList_Write
InitCommonControls

comdlg32

ChooseColorA
GetOpenFileNameA
GetSaveFileNameA

gdi32

Arc
BitBlt
CombineRgn
CopyEnhMetaFileA
CreateBitmap
CreateBrushIndirect
CreateCompatibleBitmap
CreateCompatibleDC
CreateDCA
CreateDIBSection
CreateDIBitmap
CreateFontA
CreateFontIndirectA
CreateHalftonePalette
CreateICA
CreatePalette
CreatePen
CreatePenIndirect
CreatePolygonRgn
CreateRectRgn
CreateRectRgnIndirect
CreateSolidBrush
DeleteDC
DeleteEnhMetaFile
DeleteObject
Ellipse
EndDoc
EndPage
EnumFontFamiliesA
ExcludeClipRect
ExtCreatePen
ExtFloodFill
ExtSelectClipRgn
ExtTextOutA
GetBitmapBits
GetBrushOrgEx
GetClipBox
GetClipRgn
GetCurrentObject
GetCurrentPositionEx
GetDCOrgEx
GetDIBColorTable
GetDIBits
GetDeviceCaps
GetEnhMetaFileBits
GetEnhMetaFileHeader
GetEnhMetaFilePaletteEntries
GetMapMode
GetNearestColor
GetObjectA
GetOutlineTextMetricsA
GetPaletteEntries
GetPixel
GetStockObject
GetSystemPaletteEntries
GetTextExtentPoint32A
GetTextExtentPointA
GetTextMetricsA
GetWinMetaFileBits
GetWindowOrgEx
IntersectClipRect
LPtoDP
LineTo
MaskBlt
MoveToEx
OffsetClipRgn
PatBlt
Pie
PlayEnhMetaFile
PolyPolyline
Polygon
Polyline
RealizePalette
RectVisible
Rectangle
RestoreDC
RoundRect
SaveDC
SelectClipRgn
SelectObject
SelectPalette
SetAbortProc
SetBkColor
SetBkMode
SetBrushOrgEx
SetDIBColorTable
SetEnhMetaFileBits
SetMapMode
SetPixel
SetROP2
SetStretchBltMode
SetTextColor
SetViewportExtEx
SetViewportOrgEx
SetWinMetaFileBits
SetWindowExtEx
SetWindowOrgEx
StartDocA
StartPage
StretchBlt
TextOutA
TranslateCharsetInfo
UnrealizeObject

kernel32

Beep
CloseHandle
CompareStringA
CreateDirectoryA
CreateEventA
CreateFileA
CreateFileMappingA
CreateFileW
CreateMutexA
CreateProcessA
CreateThread
DeleteCriticalSection
DeleteFileA
DisconnectNamedPipe
DuplicateHandle
EnterCriticalSection
EnumCalendarInfoA
EnumSystemLocalesA
ExitProcess
ExitThread
ExpandEnvironmentStringsA
FatalAppExitA
FileTimeToDosDateTime
FileTimeToLocalFileTime
FileTimeToSystemTime
FindClose
FindFirstFileA
FindNextFileA
FindResourceA
FlushFileBuffers
FlushInstructionCache
FormatMessageA
FreeLibrary
FreeResource
GetACP
GetCPInfo
GetCommandLineA
GetComputerNameA
GetCurrentDirectoryA
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetDateFormatA
GetDiskFreeSpaceA
GetEnvironmentVariableA
GetExitCodeProcess
GetExitCodeThread
GetFileAttributesA
GetFileSize
GetFileType
GetFullPathNameA
GetHandleInformation
GetLastError
GetLocalTime
GetLocaleInfoA
GetLocaleInfoW
GetModuleFileNameA
GetModuleHandleA
GetPrivateProfileStringA
GetProcAddress
GetProfileStringA
GetStartupInfoA
GetStdHandle
GetStringTypeExA
GetSystemDefaultLangID
GetSystemInfo
GetSystemTime
GetTempPathA
GetThreadContext
GetThreadLocale
GetThreadPriority
GetTickCount
GetVersion
GetVersionExA
GetWindowsDirectoryA
GlobalAddAtomA
GlobalAlloc
GlobalDeleteAtom
GlobalFindAtomA
GlobalFree
GlobalHandle
GlobalLock
GlobalMemoryStatus
GlobalReAlloc
GlobalSize
GlobalUnlock
InitializeCriticalSection
InterlockedDecrement
InterlockedExchange
InterlockedIncrement
IsDBCSLeadByte
LeaveCriticalSection
LoadLibraryA
LoadLibraryExA
LoadResource
LocalAlloc
LocalFree
LockFile
LockResource
MapViewOfFile
MoveFileA
MulDiv
MultiByteToWideChar
OpenFileMappingA
OpenMutexA
OpenProcess
OutputDebugStringA
QueryPerformanceCounter
RaiseException
ReadFile
ReleaseMutex
ResetEvent
SetLastError
ResumeThread
RtlUnwind
SearchPathA
SetCurrentDirectoryA
SetEndOfFile
SetErrorMode
SetEvent
SetFilePointer
SetPriorityClass
SetProcessAffinityMask
SetThreadLocale
SetThreadPriority
SizeofResource
Sleep
SleepEx
SuspendThread
TerminateProcess
TerminateThread
TlsGetValue
TlsSetValue
UnhandledExceptionFilter
UnlockFile
UnmapViewOfFile
VirtualAlloc
VirtualFree
VirtualProtect
VirtualQuery
WaitForSingleObject
WideCharToMultiByte
WriteFile
WritePrivateProfileStringA
lstrcmp
lstrcpy
lstrcpyn
lstrlen

ole32

CoCreateInstance
CoInitialize
CoTaskMemAlloc
CoUninitialize

oleaut32

GetErrorInfo
SafeArrayAccessData
SafeArrayCreate
SafeArrayGetElement
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayPtrOfIndex
SafeArrayPutElement
SafeArrayUnaccessData
SysAllocStringLen
SysFreeString
SysReAllocStringLen
VariantChangeType
VariantClear
VariantCopy
VariantCopyInd
VariantInit

shell32

DragAcceptFiles
DragFinish
DragQueryFile
ShellExecuteA
Shell_NotifyIcon

user32

ActivateKeyboardLayout
AdjustWindowRectEx
AttachThreadInput
BeginDeferWindowPos
BeginPaint
CallNextHookEx
CallWindowProcA
CharLowerA
CharLowerBuffA
CharNextA
CharToOemA
CharToOemBuffA
CharUpperBuffA
CharUpperBuffW
CheckMenuItem
ChildWindowFromPoint
ClientToScreen
CloseClipboard
CopyRect
CreateCaret
CreateDialogParamA
CreateIcon
CreateMenu
CreatePopupMenu
CreateWindowExA
DefFrameProcA
DefMDIChildProcA
DefWindowProcA
DeferWindowPos
DeleteMenu
DestroyCursor
DestroyMenu
DestroyWindow
DialogBoxParamA
DispatchMessageA
DrawEdge
DrawFocusRect
DrawFrameControl
DrawIcon
DrawIconEx
DrawMenuBar
DrawTextA
DrawTextExA
EmptyClipboard
EnableMenuItem
EnableScrollBar
EnableWindow
EndDeferWindowPos
EndDialog
EndPaint
EnumClipboardFormats
EnumThreadWindows
EnumWindows
EqualRect
FillRect
FindWindowA
FrameRect
GetActiveWindow
GetAsyncKeyState
GetCapture
GetCaretPos
GetClassInfoA
GetClassNameA
GetClientRect
GetClipboardData
GetCursor
GetCursorPos
GetDC
GetDCEx
GetDesktopWindow
GetDlgItem
GetDoubleClickTime
GetFocus
GetForegroundWindow
GetIconInfo
GetKeyNameTextA
GetKeyState
GetKeyboardLayout
GetKeyboardLayoutList
GetKeyboardState
GetKeyboardType
GetLastActivePopup
GetMenu
GetMenuItemCount
GetMenuItemID
GetMenuItemInfoA
GetMenuState
GetMenuStringA
GetMessagePos
GetMessageTime
GetParent
GetPropA
GetScrollInfo
GetScrollPos
GetScrollRange
GetSubMenu
GetSysColor
GetSysColorBrush
GetSystemMenu
GetSystemMetrics
GetTopWindow
GetUpdateRect
GetWindow
GetWindowDC
GetWindowLongA
GetWindowPlacement
GetWindowRect
GetWindowTextA
GetWindowThreadProcessId
HideCaret
InflateRect
InsertMenuA
InsertMenuItemA
IntersectRect
InvalidateRect
InvalidateRgn
IsCharAlphaA
IsCharAlphaNumericA
IsChild
IsClipboardFormatAvailable
IsDialogMessage
IsIconic
IsRectEmpty
IsWindow
IsWindowEnabled
IsWindowVisible
IsZoomed
KillTimer
LoadBitmapA
LoadCursorA
LoadIconA
LoadKeyboardLayoutA
LoadStringA
MapVirtualKeyA
MapVirtualKeyExA
MapWindowPoints
MessageBeep
MessageBoxA
MessageBoxW
MoveWindow
MsgWaitForMultipleObjects
OemToCharA
OemToCharBuffA
OffsetRect
OpenClipboard
PeekMessageA
PostMessageA
PostMessageW
PostQuitMessage
PtInRect
RedrawWindow
RegisterClassA
RegisterClipboardFormatA
RegisterHotKey
ReleaseCapture
ReleaseDC
RemoveMenu
RemovePropA
ScreenToClient
ScrollWindow
ScrollWindowEx
SendMessageA
SendMessageTimeoutA
SetActiveWindow
SetCapture
SetClassLongA
SetClipboardData
SetCursor
SetFocus
SetForegroundWindow
SetKeyboardState
SetMenu
SetMenuItemInfoA
SetParent
SetPropA
SetRect
SetScrollInfo
SetScrollPos
SetScrollRange
SetTimer
SetWindowLongA
SetWindowPlacement
SetWindowPos
SetWindowRgn
SetWindowTextA
SetWindowsHookExA
ShowCaret
ShowCursor
ShowOwnedPopups
ShowScrollBar
ShowWindow
SystemParametersInfoA
TrackPopupMenu
TranslateMDISysAccel
TranslateMessage
UnhookWindowsHookEx
UnionRect
UnloadKeyboardLayout
UnregisterClassA
UnregisterHotKey
UpdateWindow
ValidateRect
WaitForInputIdle
WaitMessage
WinHelpA
WindowFromPoint
keybd_event
mouse_event

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

winmm

sndPlaySoundA

winspool.drv

ClosePrinter
DocumentPropertiesA
EnumPrintersA
OpenPrinterA

wsock32

WSAAsyncSelect
WSACleanup
WSAGetLastError
WSAStartup
closesocket
connect
gethostbyname
gethostname
htons
ioctlsocket
recv
send
socket

Exports

Exports

EurekaLog_AttachedFilesRequestEvent
EurekaLog_CallCreateThread
EurekaLog_CallExceptObject
EurekaLog_CallExitThread
EurekaLog_CallGeneralRaise
EurekaLog_CallResumeThread
EurekaLog_CustomDataRequestEvent
EurekaLog_CustomFieldsRequestEvent
EurekaLog_ExceptionActionNotifyEvent
EurekaLog_ExceptionErrorNotifyEvent
EurekaLog_ExceptionNotifyEvent
EurekaLog_PasswordRequestEvent
EurekaLog_PasswordRequestEventEx
ExceptionManager

Sections

UPX0
Size: 5.3MB - Virtual size: 5.3MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 3.2MB - Virtual size: 3.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 180KB - Virtual size: 180KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 320KB - Virtual size: 320KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adata
Size: 64KB - Virtual size: 64KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 128KB - Virtual size: 128KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 320KB - Virtual size: 320KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ARTeam
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
l2c.rus
l2cserv.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

UPX0
Size: - Virtual size: 464KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 236KB - Virtual size: 240KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 22KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 515KB - Virtual size: 515KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 3KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 16B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 98KB - Virtual size: 98KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
l2net.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

UPX0
Size: - Virtual size: 432KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 229KB - Virtual size: 232KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 18KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 485KB - Virtual size: 485KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 3KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 16B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 86KB - Virtual size: 86KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
l2update.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

UPX0
Size: - Virtual size: 300KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 162KB - Virtual size: 164KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 322KB - Virtual size: 321KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 2KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 16B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 72KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
npcalarm.wav
olympiad.wav
pets.dat
proc.dll
.dll windows:4 windows x86 arch:x86

9196b6fc9dc47b44e0a1f9234a5ff855

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15-06-2007 00:00

Not After

14-06-2012 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16-07-2004 00:00

Not After

15-07-2014 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23-05-2006 17:01

Not After

23-05-2016 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

4c:0c:83:83:26:ab:e2:98:1b:8e:72:72:36:58:43:61
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

12-03-2007 00:00

Not After

11-03-2008 23:59

Subject

CN=Microolap technologies,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Research and development,O=Microolap technologies,L=Chernogolovka,ST=Moscow district,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

ea:34:50:0e:f6:c3:bb:4d:ad:e1:7d:65:c9:79:d0:30:7a:81:f8:72
Signer

Actual PE Digest

ea:34:50:0e:f6:c3:bb:4d:ad:e1:7d:65:c9:79:d0:30:7a:81:f8:72

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\projects\nis_nt\3.2\pssdk_dll\win32\release_dll_eval\pssdk.pdb

Imports

kernel32

GlobalLock
GlobalAlloc
GlobalUnlock
GlobalFree
GlobalHandle
GlobalReAlloc
FindResourceA
FreeResource
LoadResource
SizeofResource
LockResource
GetCurrentProcessId
GetSystemDirectoryW
GetSystemDirectoryA
GetLocalTime
CompareStringW
DeleteFileA
VirtualLock
SetProcessWorkingSetSize
GetProcessWorkingSetSize
VirtualUnlock
InitializeCriticalSectionAndSpinCount
InterlockedIncrement
GetTickCount
InterlockedDecrement
LoadLibraryW
GetProcAddress
DisableThreadLibraryCalls
GetFileSizeEx
GetSystemInfo
GetVersionExA
GetCurrentProcess
VirtualProtect
OpenProcess
GetProcessHeap
HeapReAlloc
HeapAlloc
GetCurrentThreadId
FlushFileBuffers
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
GetLocaleInfoW
GetLocaleInfoA
RtlUnwind
GetConsoleMode
GetConsoleCP
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
SetHandleCount
Sleep
LoadLibraryA
VirtualAlloc
MulDiv
VirtualFree
WriteFile
SetEndOfFile
SetFilePointer
GetFileSize
CreateFileA
CreateFileW
ReadFile
HeapFree
GetSystemTimeAsFileTime
WideCharToMultiByte
MultiByteToWideChar
lstrcmpA
IsBadReadPtr
PostQueuedCompletionStatus
CreateEventA
InitializeCriticalSection
GetLastError
CreateThread
DeleteCriticalSection
PulseEvent
GetQueuedCompletionStatus
CreateIoCompletionPort
EnterCriticalSection
WaitForSingleObjectEx
WaitForMultipleObjects
CreateSemaphoreA
SetEvent
TerminateThread
DeviceIoControl
WaitForSingleObject
ReleaseSemaphore
SetThreadPriority
ResetEvent
LeaveCriticalSection
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
HeapSize
HeapCreate
HeapDestroy
CloseHandle
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetModuleHandleA
ExitProcess
GetCommandLineA
RaiseException
GetStdHandle
GetModuleFileNameA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError

user32

GetDlgItem
EndPaint
LoadCursorA
BeginPaint
EndDialog
GetDesktopWindow
IsWindowVisible
EnumThreadWindows
GetParent
CallWindowProcA
GetPropA
RemovePropA
SetPropA
SetWindowLongA
LoadCursorW
GetClientRect
GetWindowTextLengthA
GetDC
ReleaseDC
GetCursor
SetCursor
GetWindowRect
DrawTextA
DialogBoxParamA
GetWindowTextA
InvalidateRect
DialogBoxParamW
GetWindowTextW
SetWindowTextA
wsprintfA

gdi32

GetDeviceCaps
CreateFontIndirectA
SetTextColor
DeleteObject
SelectObject
SetBkMode

advapi32

ControlService
StartServiceW
CloseServiceHandle
OpenSCManagerW
UnlockServiceDatabase
ChangeServiceConfigW
LockServiceDatabase
CreateServiceW
OpenServiceW
QueryServiceStatus
QueryServiceConfigW
RegQueryValueExW
RegEnumKeyExW
RegDeleteValueW
RegSetValueExW
RegCreateKeyExW
RegQueryInfoKeyW
RegEnumKeyExA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
RegOpenKeyExW
RegQueryInfoKeyA

shell32

ShellExecuteA
ShellExecuteW

ole32

CoInitializeEx
CreateStreamOnHGlobal
CoUninitialize
CoCreateInstance

oleaut32

OleLoadPicture

comctl32

_TrackMouseEvent

Exports

Exports

AdpAsyncRequest
AdpAsyncSend
AdpAsyncSendEx
AdpCfgGetAccessibleState
AdpCfgGetAdapterDescriptionA
AdpCfgGetAdapterDescriptionW
AdpCfgGetAdapterNameA
AdpCfgGetAdapterNameW
AdpCfgGetAdapterType
AdpCfgGetDhcpState
AdpCfgGetIpA
AdpCfgGetIpCount
AdpCfgGetIpDhcpA
AdpCfgGetIpDhcpCount
AdpCfgGetIpDhcpW
AdpCfgGetIpDnsA
AdpCfgGetIpDnsCount
AdpCfgGetIpDnsW
AdpCfgGetIpGatewayA
AdpCfgGetIpGatewayCount
AdpCfgGetIpGatewayW
AdpCfgGetIpW
AdpCfgGetMACAddrSize
AdpCfgGetMACAddress
AdpCfgGetMACHeaderSize
AdpCfgGetMaxPacketSize
AdpCfgGetSubnetMaskA
AdpCfgGetSubnetMaskW
AdpCfgGetZeroBroadcastState
AdpCfgIsWireless
AdpCfgUpdate
AdpCloseAdapter
AdpCreate
AdpDestroy
AdpGetAcceptCount
AdpGetAsyncStatistics
AdpGetConfig
AdpGetConnectStatus
AdpGetLinkSpeed
AdpGetLostCount
AdpGetMacFilter
AdpGetMaxThreadCount
AdpGetMissed
AdpGetOpenTime
AdpGetPacketPool
AdpGetProcessCount
AdpGetReceiveQueue
AdpGetRecvCount
AdpGetRecvWithErr
AdpGetRecvWithoutErr
AdpGetRejectCount
AdpGetSendQueue
AdpGetThreadCount
AdpGetTranWithErr
AdpGetTranWithoutErr
AdpGetUseDontLoopBack
AdpGetUseFastUserFilter
AdpGetUseHighPrecisionTime
AdpGetUserFilter
AdpGetUserFilterActive
AdpIsOpened
AdpOpenAdapter
AdpSetConfig
AdpSetMacFilter
AdpSetOnAsyncRequest
AdpSetOnAsyncSend
AdpSetOnPacketRecv
AdpSetOnStateChange
AdpSetOnStatistics
AdpSetOnThreadBegin
AdpSetOnThreadEnd
AdpSetPacketPool
AdpSetReceiveQueue
AdpSetSendQueue
AdpSetThreadCount
AdpSetUseDontLoopBack
AdpSetUseFastUserFilter
AdpSetUseHighPrecisionTime
AdpSetUserFilter
AdpSetUserFilterActive
AdpSyncRequest
AdpSyncSend
AdpSyncSendEx
AdpUpdateAdapterStatistics
AdpUpdateUserStatistics
BpfAddCmd
BpfAddJmp
BpfCheckFilter
BpfCheckPacket
BpfClear
BpfCompileBPFAsmFromFileA
BpfCompileBPFAsmFromFileW
BpfCompileBPFAsmFromStr
BpfCompileBPFDefinesFromFileA
BpfCompileBPFDefinesFromFileW
BpfCompileBPFDefinesFromStr
BpfCompileToFastBPF
BpfCreate
BpfDecompileBPFAsmToFileA
BpfDecompileBPFAsmToFileW
BpfDecompileBPFAsmToStr
BpfDestroy
BpfGetErrInstruction
BpfGetInstructionsCount
BpfGetProgrammSize
BpfGetUseFastBPF
BpfLoadFromFileA
BpfLoadFromFileW
BpfLoadFromMemory
BpfSaveToFileA
BpfSaveToFileW
BpfSaveToMemory
BpfSetOnBPFAsmError
BpfSetUseFastBPF
FAdpCloseFile
FAdpCreate
FAdpCreateFileA
FAdpCreateFileW
FAdpDestroy
FAdpGetAcceptCount
FAdpGetAutoMode
FAdpGetCapFormat
FAdpGetFileSize
FAdpGetMaxPacketSize
FAdpGetMediumType
FAdpGetNextPacket
FAdpGetOpenTime
FAdpGetProcessCount
FAdpGetQueue
FAdpGetRecvCount
FAdpGetRejectCount
FAdpGetSizeLimit
FAdpGetUseFastUserFilter
FAdpGetUserFilter
FAdpGetUserFilterActive
FAdpIsOpened
FAdpOpenFileA
FAdpOpenFileW
FAdpRewindFile
FAdpSetAutoMode
FAdpSetCapFormat
FAdpSetMaxPacketSize
FAdpSetMediumType
FAdpSetOnFileClose
FAdpSetOnPacketRecv
FAdpSetOnThreadBegin
FAdpSetOnThreadEnd
FAdpSetQueue
FAdpSetSizeLimit
FAdpSetUseFastUserFilter
FAdpSetUserFilter
FAdpSetUserFilterActive
FAdpSyncSend
FAdpSyncSendEx
LbAdpAddFilterTcpPort
LbAdpAddFilterUdpPort
LbAdpCloseAdapter
LbAdpCreate
LbAdpDestroy
LbAdpGetAcceptCount
LbAdpGetCalcCheckSum
LbAdpGetCaptureTcp
LbAdpGetCaptureUdp
LbAdpGetEthEmulation
LbAdpGetLostCount
LbAdpGetMaxThreadCount
LbAdpGetOpenTime
LbAdpGetPacketPool
LbAdpGetProcessCount
LbAdpGetProcessFileByIdA
LbAdpGetProcessFileByIdW
LbAdpGetProcessNameByIdA
LbAdpGetProcessNameByIdW
LbAdpGetReceiveQueue
LbAdpGetRecvCount
LbAdpGetRejectCount
LbAdpGetThreadCount
LbAdpGetUseFastUserFilter
LbAdpGetUseHighPrecisionTime
LbAdpGetUseTcpPortFilters
LbAdpGetUseUdpPortFilters
LbAdpGetUserFilter
LbAdpGetUserFilterActive
LbAdpOpenAdapter
LbAdpRemoveAllTcpPortFilters
LbAdpRemoveAllUdpPortFilters
LbAdpRemoveFilterTcpPort
LbAdpRemoveFilterUdpPort
LbAdpSetCalcCheckSum
LbAdpSetCaptureTcp
LbAdpSetCaptureUdp
LbAdpSetEthEmulation
LbAdpSetOnConnect
LbAdpSetOnDisconnect
LbAdpSetOnPacketRecv
LbAdpSetOnTcpPacketRecv
LbAdpSetOnThreadBegin
LbAdpSetOnThreadEnd
LbAdpSetOnUdpPacketRecv
LbAdpSetPacketPool
LbAdpSetReceiveQueue
LbAdpSetThreadCount
LbAdpSetUseFastUserFilter
LbAdpSetUseHighPrecisionTime
LbAdpSetUseTcpPortFilters
LbAdpSetUseUdpPortFilters
LbAdpSetUserFilter
LbAdpSetUserFilterActive
LbAdpUpdateUserStatistics
LbHstGetAddrType
LbHstGetLocalIPv4
LbHstGetLocalPort
LbHstGetRemoteIPv4
LbHstGetRemotePort
LbSesGetCloseTime
LbSesGetCreateTime
LbSesGetDirection
LbSesGetHosts
LbSesGetLocalDataSize
LbSesGetProcessId
LbSesGetRemoteDataSize
LbSesGetUserData
LbSesSetUserData
MgrAbout
MgrCreate
MgrDestroy
MgrGetAdaptersCfgCount
MgrGetBuildA
MgrGetBuildW
MgrGetFirstAdapterCfg
MgrGetNextAdapterCfg
MgrGetVersionA
MgrGetVersionW
MgrGetWanMonitorState
MgrInitialize
MgrInstallLoopBackA
MgrInstallLoopBackW
MgrInstallProtocolA
MgrInstallProtocolW
MgrIsInitialized
MgrIsLoopBackInstalled
MgrIsProtocolInstalled
MgrRefreshAdapterList
MgrSetOnConfigChange
MgrSetWanMonitorState
MgrUninstallLoopBackA
MgrUninstallLoopBackW
MgrUninstallProtocolA
MgrUninstallProtocolW
MgrUnloadProtocolNtDriver
PktCopyPacketToPacket
PktCreate
PktDestroy
PktGetId
PktGetIncPacketSize
PktGetMark
PktGetMaxPacketSize
PktGetMediumType
PktGetPacketData
PktGetPacketSize
PktGetTimeStamp
PktGetUserData
PktIPGenerate
PktInetCheckSum
PktSetId
PktSetIncPacketSize
PktSetMark
PktSetMediumType
PktSetPacketSize
PktSetTimeStamp
PktSetUserData
PktTCPGenerate
PktTransportCheckSum
PktUDPGenerate
QueAllocItems
QueCreate
QueDestroy
QueFreeItems
QueGetAllocatedSize
QueGetFreeCount
QueGetFreeItem
QueGetFreeItems
QueGetFullCount
QueGetFullItem
QueGetFullItems
QueGetItemsCount
QueGetMaxPacketSize
QueGetOrderingById
QueGetReceiveManyAtOnce
QueIsStarted
QueReturnFreeItem
QueReturnFreeItems
QueReturnFullItem
QueReturnFullItems
QueSetItemsCount
QueSetMaxPacketSize
QueSetOnDeleteItems
QueSetOnPacketRecv
QueSetOnPacketsRecv
QueSetOnThreadBegin
QueSetOnThreadEnd
QueSetOrderingById
QueSetReceiveManyAtOnce
QueStart
QueStop
QueUnblockWaitFree
QueUnblockWaitFull
TcpMgrCloseSession
TcpMgrCreate
TcpMgrDeleteSession
TcpMgrDestroy
TcpMgrGetCheckIpSum
TcpMgrGetCheckTcpSum
TcpMgrGetInvaderMode
TcpMgrGetMaxSessionsCount
TcpMgrGetPendingPacketsCount
TcpMgrGetSessionsCount
TcpMgrGetVirtualMode
TcpMgrProcessPacket
TcpMgrResetOnTimeOut
TcpMgrResetSessions
TcpMgrSetCheckIpSum
TcpMgrSetCheckTcpSum
TcpMgrSetInvaderMode
TcpMgrSetMaxSessionsCount
TcpMgrSetOnClient
TcpMgrSetOnClose
TcpMgrSetOnConnect
TcpMgrSetOnCreate
TcpMgrSetOnDelete
TcpMgrSetOnReturn
TcpMgrSetOnServer
TcpMgrSetVirtualMode
TcpSesGetClientDataSize
TcpSesGetClientIP
TcpSesGetClientIPv6
TcpSesGetClientPacketsCount
TcpSesGetClientPort
TcpSesGetCloseReason
TcpSesGetCreateTime
TcpSesGetLastPacketTime
TcpSesGetServerDataSize
TcpSesGetServerIP
TcpSesGetServerIPv6
TcpSesGetServerPacketsCount
TcpSesGetServerPort
TcpSesGetState
TcpSesGetType
TcpSesGetUserData
TcpSesSetUserData
TcpSesSwapClientServer

Sections

.text
Size: 220KB - Virtual size: 219KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 52KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 128KB - Virtual size: 133KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 36KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
revive.wav
skills.dat
targeting.wav
testpilot.txt
update.ini

Sharing

General

Malware Config

Signatures

Files

d1e10a04ad85a14abc67c0f2a2f79aed

Headers

File Characteristics

Imports

kernel32

user32

oleaut32

Exports

Exports

Sections

.text Size: 20KB - Virtual size: 18KB

.rdata Size: 8KB - Virtual size: 4KB

.data Size: 12KB - Virtual size: 12KB

.rsrc Size: 4KB - Virtual size: 736B

.reloc Size: 4KB - Virtual size: 3KB

1ba968152c8eb4214524780a94b2d9ea

Headers

File Characteristics

Imports

advapi32

comctl32

comdlg32

gdi32

kernel32

ole32

oleaut32

shell32

user32

version

winmm

winspool.drv

wsock32

Exports

Exports

Sections

UPX0 Size: 5.3MB - Virtual size: 5.3MB

UPX1 Size: 3.2MB - Virtual size: 3.2MB

.rsrc Size: 180KB - Virtual size: 180KB

.text Size: 320KB - Virtual size: 320KB

.adata Size: 64KB - Virtual size: 64KB

.data Size: 128KB - Virtual size: 128KB

.pdata Size: 320KB - Virtual size: 320KB

.ARTeam Size: 12KB - Virtual size: 12KB

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 464KB

UPX1 Size: 236KB - Virtual size: 240KB

.rsrc Size: 22KB - Virtual size: 24KB

Headers

File Characteristics

Sections

CODE Size: 515KB - Virtual size: 515KB

DATA Size: 5KB - Virtual size: 5KB

BSS Size: - Virtual size: 3KB

.idata Size: 10KB - Virtual size: 10KB

.tls Size: - Virtual size: 16B

.rdata Size: 512B - Virtual size: 24B

.reloc Size: 36KB - Virtual size: 36KB

.rsrc Size: 98KB - Virtual size: 98KB

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 432KB

UPX1 Size: 229KB - Virtual size: 232KB

.rsrc Size: 18KB - Virtual size: 20KB

Headers

File Characteristics

Sections

CODE Size: 485KB - Virtual size: 485KB

DATA Size: 12KB - Virtual size: 11KB

BSS Size: - Virtual size: 3KB

.idata Size: 10KB - Virtual size: 9KB

.tls Size: - Virtual size: 16B

.rdata Size: 512B - Virtual size: 24B

.text
Size: 20KB - Virtual size: 18KB

.rdata
Size: 8KB - Virtual size: 4KB

.data
Size: 12KB - Virtual size: 12KB

.rsrc
Size: 4KB - Virtual size: 736B

.reloc
Size: 4KB - Virtual size: 3KB

UPX0
Size: 5.3MB - Virtual size: 5.3MB

UPX1
Size: 3.2MB - Virtual size: 3.2MB

.rsrc
Size: 180KB - Virtual size: 180KB

.text
Size: 320KB - Virtual size: 320KB

.adata
Size: 64KB - Virtual size: 64KB

.data
Size: 128KB - Virtual size: 128KB

.pdata
Size: 320KB - Virtual size: 320KB

.ARTeam
Size: 12KB - Virtual size: 12KB

UPX0
Size: - Virtual size: 464KB

UPX1
Size: 236KB - Virtual size: 240KB

.rsrc
Size: 22KB - Virtual size: 24KB

CODE
Size: 515KB - Virtual size: 515KB

DATA
Size: 5KB - Virtual size: 5KB

BSS
Size: - Virtual size: 3KB

.idata
Size: 10KB - Virtual size: 10KB

.tls
Size: - Virtual size: 16B

.rdata
Size: 512B - Virtual size: 24B

.reloc
Size: 36KB - Virtual size: 36KB

.rsrc
Size: 98KB - Virtual size: 98KB

UPX0
Size: - Virtual size: 432KB

UPX1
Size: 229KB - Virtual size: 232KB

.rsrc
Size: 18KB - Virtual size: 20KB

CODE
Size: 485KB - Virtual size: 485KB

DATA
Size: 12KB - Virtual size: 11KB

BSS
Size: - Virtual size: 3KB

.idata
Size: 10KB - Virtual size: 9KB

.tls
Size: - Virtual size: 16B

.rdata
Size: 512B - Virtual size: 24B

.reloc
Size: 36KB - Virtual size: 36KB

.rsrc
Size: 86KB - Virtual size: 86KB

UPX0
Size: - Virtual size: 300KB

UPX1
Size: 162KB - Virtual size: 164KB

.rsrc
Size: 16KB - Virtual size: 20KB

CODE
Size: 322KB - Virtual size: 321KB

DATA
Size: 4KB - Virtual size: 4KB

BSS
Size: - Virtual size: 2KB

.idata
Size: 8KB - Virtual size: 8KB

.tls
Size: - Virtual size: 16B

.rdata
Size: 512B - Virtual size: 24B

.reloc
Size: 23KB - Virtual size: 22KB

.rsrc
Size: 72KB - Virtual size: 72KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

61:0c:12:06:00:00:00:00:00:1b
Certificate

4c:0c:83:83:26:ab:e2:98:1b:8e:72:72:36:58:43:61
Certificate

ea:34:50:0e:f6:c3:bb:4d:ad:e1:7d:65:c9:79:d0:30:7a:81:f8:72
Signer

.text
Size: 220KB - Virtual size: 219KB

.rdata
Size: 52KB - Virtual size: 49KB

.data
Size: 128KB - Virtual size: 133KB

.rsrc
Size: 36KB - Virtual size: 33KB

.reloc
Size: 16KB - Virtual size: 15KB