99ef4f727c8074eef1aef3238d0e3115_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

99ef4f727c8074eef1aef3238d0e3115_JaffaCakes118
Size

2.6MB
MD5

99ef4f727c8074eef1aef3238d0e3115
SHA1

05919cbec345b2bac8dc143db8aa73c450b41423
SHA256

3702f3367d94e89470128cd00009f37536cd07de6ae81ab57d07b3d6d4d6278d
SHA512

929d3f82cb85bf9dbb582dafbc7fd1cb5b8ed0960e7439740c22340a59b4aaa4117263ce477969b8c13a09a8f4a6668eadd66987d41eb0d2f8309f2dd5688339
SSDEEP

49152:39I274Jcu9ocIIAOLGYYNqpYXDa9lpWwJThtzWL4heLMOaG:3edqYZTihDa9l4aTTswBOaG

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/proxyfire.v1.22/bin/proxytrim.exe	upx
static1/unpack001/proxyfire.v1.22/bin/pscan.exe	upx
static1/unpack001/proxyfire.v1.22/bin/tscan.exe	upx
static1/unpack001/proxyfire.v1.22/proxyfire.exe	upx

Unsigned PE 17 IoCs

Checks for missing Authenticode signature.

resource
unpack001/keygen.exe
unpack001/proxyfire.v1.22/bin/ipcountry.exe
unpack001/proxyfire.v1.22/bin/libiconv2.dll
unpack001/proxyfire.v1.22/bin/libintl3.dll
unpack001/proxyfire.v1.22/bin/linefilter.exe
unpack001/proxyfire.v1.22/bin/proxytrim.exe
unpack002/out.upx
unpack001/proxyfire.v1.22/bin/pscan.exe
unpack003/out.upx
unpack001/proxyfire.v1.22/bin/sort.exe
unpack001/proxyfire.v1.22/bin/tscan.exe
unpack004/out.upx
unpack001/proxyfire.v1.22/bin/uniq.exe
unpack001/proxyfire.v1.22/bin/unsort.exe
unpack001/proxyfire.v1.22/proxyfire.exe
unpack005/out.upx
unpack001/proxyfire.v1.22/psapi.dll

Files

99ef4f727c8074eef1aef3238d0e3115_JaffaCakes118
.rar
[rce.su].nfo
file_id.diz
keygen.exe
.exe windows:4 windows x86 arch:x86

bd51a645a9c68bd03b2e51586e5cbdcb

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcAddress
LoadLibraryA

Sections

.data
Size: - Virtual size: 516KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.decode
Size: 158KB - Virtual size: 160KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
ngen.nfo
proxyfire.v1.22/_HELP_Demo Movies.txt
proxyfire.v1.22/_HELP_readme_en.txt
proxyfire.v1.22/_How to register.txt
proxyfire.v1.22/avoid_ip_ranges.txt
proxyfire.v1.22/bin/ipcountry.exe
.exe windows:4 windows x86 arch:x86

06666083bc9d8ab67f02428c2afb3f6f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

WSAStartup
inet_addr
gethostbyname
ntohl

kernel32

WideCharToMultiByte
CompareStringW
CompareStringA
GetTimeZoneInformation
GetCurrentDirectoryA
HeapAlloc
HeapFree
ExitProcess
TerminateProcess
GetCurrentProcess
GetCommandLineA
GetVersion
GetLastError
CloseHandle
GetProcAddress
GetModuleHandleA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
WriteFile
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
UnhandledExceptionFilter
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
SetEnvironmentVariableA
GetEnvironmentStrings
GetEnvironmentStringsW
RtlUnwind
SetStdHandle
FlushFileBuffers
CreateFileA
MultiByteToWideChar
GetStringTypeA
GetStringTypeW
SetFilePointer
ReadFile
GetCPInfo
GetACP
GetOEMCP
LoadLibraryA
SetEndOfFile
LCMapStringA
LCMapStringW
FindClose
FileTimeToSystemTime
FileTimeToLocalFileTime
GetDriveTypeA
FindFirstFileA
GetFullPathNameA

Sections

.text
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
proxyfire.v1.22/bin/libiconv2.dll
.dll .ps1 windows:4 windows x86 arch:x86 polyglot

e1835b7f4804244b03fffd302baaf1d8

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

kernel32

AddAtomA
FindAtomA
GetACP
GetAtomNameA
GetModuleFileNameA

msvcrt

_strdup
__dllonexit
_errno
abort
fflush
free
malloc
memcpy
qsort
sprintf
strchr
strcmp
strcpy
strlen
strncmp

Exports

Exports

DllGetVersion
_libiconv_version
libiconv
libiconv_close
libiconv_open
libiconv_set_relocation_prefix
libiconvctl
libiconvlist
locale_charset

Sections

.text
Size: 867KB - Virtual size: 866KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 64B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 544B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 285B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1024B - Virtual size: 656B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
proxyfire.v1.22/bin/libintl3.dll
.dll windows:4 windows x86 arch:x86

c349ef238a184434495cf4decb73818f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

libiconv2

libiconv
libiconv_close
libiconv_open
libiconv_set_relocation_prefix

advapi32

RegCloseKey
RegOpenKeyExA
RegQueryValueExA

kernel32

AddAtomA
AreFileApisANSI
CloseHandle
CreateDirectoryA
CreateFileA
DeviceIoControl
FindAtomA
FindClose
FindFirstFileA
FindNextFileA
FormatMessageA
FreeLibrary
GetACP
GetAtomNameA
GetCurrentDirectoryA
GetDiskFreeSpaceA
GetDriveTypeA
GetFileAttributesA
GetFileInformationByHandle
GetFileSize
GetFileType
GetFullPathNameA
GetLastError
GetLogicalDriveStringsA
GetModuleFileNameA
GetModuleHandleA
GetProcAddress
GetProcessHeap
GetShortPathNameA
GetSystemInfo
GetSystemTimeAsFileTime
GetThreadLocale
GetTimeZoneInformation
GetVersion
GetVersionExA
GetVolumeInformationA
HeapAlloc
HeapFree
LoadLibraryA
LocalFree
MultiByteToWideChar
PeekNamedPipe
SetErrorMode
SetLastError
UnlockFile
lstrcmpiA
lstrcpyA

msvcrt

_chmod
_close
_getpid
_open
_read
_strdup
_stricmp
__dllonexit
__mb_cur_max
_assert
_close
_errno
_fdopen
_filelengthi64
_flsbuf
_get_osfhandle
_iob
_isctype
_open
_pctype
_snprintf
_snwprintf
_stricmp
_vsnprintf
_vsnwprintf
abort
calloc
fclose
fflush
fgets
fopen
fprintf
fputwc
free
fwrite
getenv
isalpha
malloc
memcpy
printf
realloc
sprintf
sscanf
strcat
strchr
strcmp
strcpy
strcspn
strlen
strncmp
strncpy
strpbrk
strrchr
strspn
strstr
strtoul
tolower
toupper
vfprintf
vfwprintf
vsprintf
wcschr

ole32

CoCreateInstance
CoUninitialize
OleInitialize

Exports

Exports

DllGetVersion
_nl_expand_alias
_nl_explode_name
_nl_find_domain
_nl_find_language
_nl_find_msg
_nl_free_domain_conv
_nl_init_domain_conv
_nl_load_domain
_nl_locale_name
_nl_log_untranslated
_nl_make_l10nflist
_nl_msg_cat_cntr
_nl_normalize_codeset
bind_textdomain_codeset
bindtextdomain
dcgettext
dcngettext
dgettext
dngettext
gettext
libintl_asprintf
libintl_bind_textdomain_codeset
libintl_bindtextdomain
libintl_dcgettext
libintl_dcigettext
libintl_dcngettext
libintl_dgettext
libintl_dngettext
libintl_fprintf
libintl_fwprintf
libintl_gettext
libintl_gettext_extract_plural
libintl_gettext_free_exp
libintl_gettext_germanic_plural
libintl_gettextparse
libintl_ngettext
libintl_nl_current_default_domain
libintl_nl_default_default_domain
libintl_nl_default_dirname
libintl_nl_domain_bindings
libintl_printf
libintl_relocate
libintl_set_relocation_prefix
libintl_snprintf
libintl_sprintf
libintl_swprintf
libintl_textdomain
libintl_vasnprintf
libintl_vasnwprintf
libintl_vasprintf
libintl_vfprintf
libintl_vfwprintf
libintl_vprintf
libintl_vsnprintf
libintl_vsprintf
libintl_vswprintf
libintl_vwprintf
libintl_wprintf
locale_charset
ngettext
textdomain

Sections

.text
Size: 84KB - Virtual size: 83KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 160B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
proxyfire.v1.22/bin/linefilter.exe
.exe windows:4 windows x86 arch:x86

2c7017d9d4d65f0536145afa17705421

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ExitProcess
TerminateProcess
GetCurrentProcess
GetCommandLineA
GetVersion
HeapFree
GetLastError
CloseHandle
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
HeapAlloc
UnhandledExceptionFilter
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
RtlUnwind
WriteFile
VirtualAlloc
HeapReAlloc
SetStdHandle
FlushFileBuffers
ReadFile
CreateFileA
GetCPInfo
GetACP
GetOEMCP
GetProcAddress
LoadLibraryA
SetFilePointer
SetEndOfFile
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW

Sections

.text
Size: 20KB - Virtual size: 18KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
proxyfire.v1.22/bin/proxytrim.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 32KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 18KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX2
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 28KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
proxyfire.v1.22/bin/pscan.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 420KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 29KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX2
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 136KB - Virtual size: 396KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
proxyfire.v1.22/bin/sort.exe
.exe windows:4 windows x86 arch:x86

8805c776cd4373ec750aa5b27a93952f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_DEBUG_STRIPPED

Imports

libintl3

libintl_bindtextdomain
libintl_gettext
libintl_textdomain

advapi32

RegCloseKey
RegOpenKeyExA
RegQueryValueExA

kernel32

AreFileApisANSI
CloseHandle
CreateDirectoryA
CreateFileA
DeleteFileA
DeviceIoControl
ExitProcess
FindClose
FindFirstFileA
FindNextFileA
FreeLibrary
GetCurrentDirectoryA
GetDiskFreeSpaceA
GetDriveTypeA
GetFileAttributesA
GetFileInformationByHandle
GetFileSize
GetFileType
GetFullPathNameA
GetLastError
GetLogicalDriveStringsA
GetModuleFileNameA
GetModuleHandleA
GetProcAddress
GetProcessHeap
GetShortPathNameA
GetSystemInfo
GetSystemTimeAsFileTime
GetTimeZoneInformation
GetVersion
GetVersionExA
GetVolumeInformationA
GlobalMemoryStatus
HeapAlloc
HeapFree
LoadLibraryA
LockFile
MultiByteToWideChar
PeekNamedPipe
SetErrorMode
SetUnhandledExceptionFilter
UnlockFile
lstrcmpiA
lstrcpyA

msvcrt

_chmod
_close
_dup
_fdopen
_getpid
_strdup
_stricmp
__getmainargs
__mb_cur_max
__p__environ
__p__fmode
__pioinfo
__set_app_type
_assert
_cexit
_chmod
_close
_errno
_fdopen
_filelengthi64
_flsbuf
_get_osfhandle
_iob
_isctype
_lseeki64
_onexit
_open
_pctype
_setmode
_stricmp
abort
atexit
calloc
clearerr
ctime
exit
fclose
fflush
fopen
fprintf
fputs
fread
free
fwrite
getenv
isalpha
iswctype
localeconv
malloc
memchr
memcpy
memmove
memset
printf
raise
realloc
setlocale
signal
sprintf
sscanf
strcat
strchr
strcmp
strcoll
strcpy
strerror
strlen
strncmp
strncpy
strpbrk
strrchr
strspn
strstr
strtod
strtol
toupper
vfprintf

msvcp60

mbrtowc

ole32

CoCreateInstance
CoUninitialize
OleInitialize

Sections

.text
Size: 84KB - Virtual size: 84KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 384B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
proxyfire.v1.22/bin/tscan.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 164KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 29KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX2
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 136KB - Virtual size: 139KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
proxyfire.v1.22/bin/uniq.exe
.exe windows:4 windows x86 arch:x86

ebc8b351ebdb598174ffbc8df6a17dd1

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_DEBUG_STRIPPED

Imports

libintl3

libintl_bindtextdomain
libintl_gettext
libintl_textdomain

kernel32

ExitProcess
SetUnhandledExceptionFilter

msvcp60

mbrtowc

msvcrt

__getmainargs
__mb_cur_max
__p__environ
__p__fmode
__set_app_type
_assert
_cexit
_errno
_filbuf
_flsbuf
_iob
_isctype
_onexit
_pctype
_setmode
abort
atexit
calloc
exit
fclose
fflush
fopen
fprintf
fputs
free
fwrite
getenv
iswctype
malloc
memcpy
memset
printf
realloc
setlocale
signal
strchr
strcmp
strcoll
strerror
strlen
strncmp
strtol
strtoul
toupper
vfprintf

Sections

.text
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 720B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
proxyfire.v1.22/bin/unsort.exe
.exe windows:4 windows x86 arch:x86

b1b98eb5644129582ed6cf4fbbabea85

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ExitProcess
TerminateProcess
GetCurrentProcess
GetTimeZoneInformation
GetSystemTime
GetLocalTime
GetCommandLineA
GetVersion
GetLastError
GetFileAttributesA
HeapFree
CloseHandle
UnhandledExceptionFilter
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
HeapDestroy
HeapCreate
VirtualFree
RtlUnwind
WriteFile
HeapAlloc
GetExitCodeProcess
WaitForSingleObject
CreateProcessA
SetFilePointer
VirtualAlloc
HeapReAlloc
SetStdHandle
FlushFileBuffers
ReadFile
CreateFileA
GetCPInfo
GetACP
GetOEMCP
GetProcAddress
LoadLibraryA
MultiByteToWideChar
CompareStringA
CompareStringW
SetEnvironmentVariableA
SetEndOfFile
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
DeleteFileA

Sections

.text
Size: 28KB - Virtual size: 26KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
proxyfire.v1.22/check.ini
proxyfire.v1.22/config.ini
proxyfire.v1.22/country_en.ini
proxyfire.v1.22/country_gb.ini
proxyfire.v1.22/debug_omni.txt
proxyfire.v1.22/deldup.bat
proxyfire.v1.22/deldup2.bat
proxyfire.v1.22/export_ports.txt
proxyfire.v1.22/forumlist.txt
proxyfire.v1.22/help/big5/help_check.txt
proxyfire.v1.22/help/big5/help_color.txt
proxyfire.v1.22/help/big5/help_httpd.txt
proxyfire.v1.22/help/big5/help_ipcountry.txt
proxyfire.v1.22/help/big5/help_list.txt
proxyfire.v1.22/help/big5/help_others.txt
proxyfire.v1.22/help/big5/help_pleecher.txt
proxyfire.v1.22/help/big5/help_psearch.txt
proxyfire.v1.22/help/big5/help_scan.txt
proxyfire.v1.22/help/big5/help_unique.txt
proxyfire.v1.22/help/en/help_check.txt
proxyfire.v1.22/help/en/help_color.txt
proxyfire.v1.22/help/en/help_httpd.txt
proxyfire.v1.22/help/en/help_ipcountry.txt
proxyfire.v1.22/help/en/help_list.txt
proxyfire.v1.22/help/en/help_pleecher.txt
proxyfire.v1.22/help/en/help_psearch.txt
proxyfire.v1.22/help/en/help_scan.txt
proxyfire.v1.22/help/en/help_unique.txt
proxyfire.v1.22/help/gb/_-яг·_T¦+ў.txt
proxyfire.v1.22/help/gb/_-яг·_¦L¦¦T¦¦-.txt
proxyfire.v1.22/help/gb/_Lч¦++в-с.txt
proxyfire.v1.22/help/gb/help.httpd.txt
proxyfire.v1.22/help/gb/help_check.txt
proxyfire.v1.22/help/gb/help_color.txt
proxyfire.v1.22/help/gb/help_httpd.txt
proxyfire.v1.22/help/gb/help_ipcountry.txt
proxyfire.v1.22/help/gb/help_list.txt
proxyfire.v1.22/help/gb/help_others.txt
proxyfire.v1.22/help/gb/help_pleecher.txt
proxyfire.v1.22/help/gb/help_psearch.txt
proxyfire.v1.22/help/gb/help_scan.txt
proxyfire.v1.22/help/gb/help_unique.txt
proxyfire.v1.22/hostnamefilter.txt
proxyfire.v1.22/httpd.ini
proxyfire.v1.22/ipc_progress.txt
proxyfire.v1.22/ipcountry_en.dat
proxyfire.v1.22/ipcountry_gb.dat
proxyfire.v1.22/ips_cn.txt
proxyfire.v1.22/keywords.txt
proxyfire.v1.22/language/Chinese_Simplified(GB).ini
proxyfire.v1.22/language/Chinese_Traditional(BIG5).ini
proxyfire.v1.22/language/English.ini
proxyfire.v1.22/language/selected.txt
proxyfire.v1.22/lists/check/L1+L2+L3.txt
proxyfire.v1.22/lists/check/L1+L2.txt
proxyfire.v1.22/lists/check/L1.txt
proxyfire.v1.22/lists/check/L1_chk.txt
proxyfire.v1.22/lists/check/L2.txt
proxyfire.v1.22/lists/check/L2_chk.txt
proxyfire.v1.22/lists/check/L3.txt
proxyfire.v1.22/lists/check/L3_chk.txt
proxyfire.v1.22/lists/check/gate.txt
proxyfire.v1.22/lists/check/lib.txt
proxyfire.v1.22/lists/check/smtp.txt
proxyfire.v1.22/lists/check/socks4.txt
proxyfire.v1.22/lists/check/socks45.txt
proxyfire.v1.22/lists/check/socks5.txt
proxyfire.v1.22/lists/check/ssl.txt
proxyfire.v1.22/lists/check/tunnel.txt
proxyfire.v1.22/lists/check_report.txt
proxyfire.v1.22/lists/country/CHINA_HONG_KONG_JAPAN_KOREA_MONGOLIA_MACAO_TAIWAN.txt
proxyfire.v1.22/lists/country/GERMANY_FRANCE_NETHERLANDS_BELGIUM_AUSTRIA_SWITZERLAND.txt
proxyfire.v1.22/lists/country/UNITED_KINGDOM_IRELAND_ICELAND_THE_CHANNEL_ISLANDS_ALAND_ISL.txt
proxyfire.v1.22/lists/country/UNITED_STATES_CANADA_BERMUDA_SAINT_PIERRE_AND_MIQUELON.txt
proxyfire.v1.22/lists/country/ipc_all.txt
proxyfire.v1.22/planetlab.txt
proxyfire.v1.22/proxyfire.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Exports

Exports

@$xp$14Jpeg@TJPEGData
@$xp$15Jpeg@TJPEGImage
@$xp$15Jpeg@TJPEGScale
@$xp$21Jpeg@TJPEGPerformance
@$xp$21Jpeg@TJPEGPixelFormat
@$xp$22Jpeg@TJPEGQualityRange
@@Dnslib@Finalize
@@Dnslib@Initialize
@@Hard@Finalize
@@Hard@Initialize
@@Ipranges@Finalize
@@Ipranges@Initialize
@@Pchecker@Finalize
@@Pchecker@Initialize
@@Pfavorite@Finalize
@@Pfavorite@Initialize
@@Pfilter@Finalize
@@Pfilter@Initialize
@@Pscheme@Finalize
@@Pscheme@Initialize
@@Psubmit@Finalize
@@Psubmit@Initialize
@@Rblcheck@Finalize
@@Rblcheck@Initialize
@@Timelimit@Finalize
@@Timelimit@Initialize
@@Unitbrowserproxy@Finalize
@@Unitbrowserproxy@Initialize
@@Unitchecker@Finalize
@@Unitchecker@Initialize
@@Unitclosewait@Finalize
@@Unitclosewait@Initialize
@@Unitcountrysel@Finalize
@@Unitcountrysel@Initialize
@@Unitexportfilter@Finalize
@@Unitexportfilter@Initialize
@@Unitftpadd@Finalize
@@Unitftpadd@Initialize
@@Unitlinefilter@Finalize
@@Unitlinefilter@Initialize
@@Unitmain@Finalize
@@Unitmain@Initialize
@@Unitpopadd@Finalize
@@Unitpopadd@Initialize
@@Unitregister@Finalize
@@Unitregister@Initialize
@@Unitregreminder@Finalize
@@Unitregreminder@Initialize
@@Unitselectlanguage@Finalize
@@Unitselectlanguage@Initialize
@@Unitsplash@Finalize
@@Unitsplash@Initialize
@Jconsts@Finalization$qqrv
@Jconsts@_sChangeJPGSize
@Jconsts@_sJPEGError
@Jconsts@_sJPEGImageFile
@Jconsts@initialization$qqrv
@Jpeg@Finalization$qqrv
@Jpeg@JPEGDefaults
@Jpeg@TJPEGData@
@Jpeg@TJPEGData@$bdtr$qqrv
@Jpeg@TJPEGData@FreeHandle$qqrv
@Jpeg@TJPEGImage@
@Jpeg@TJPEGImage@$bctr$qqrv
@Jpeg@TJPEGImage@$bdtr$qqrv
@Jpeg@TJPEGImage@Assign$qqrp19Classes@TPersistent
@Jpeg@TJPEGImage@AssignTo$qqrp19Classes@TPersistent
@Jpeg@TJPEGImage@CalcOutputDimensions$qqrv
@Jpeg@TJPEGImage@Changed$qqrp14System@TObject
@Jpeg@TJPEGImage@Compress$qqrv
@Jpeg@TJPEGImage@DIBNeeded$qqrv
@Jpeg@TJPEGImage@Draw$qqrp16Graphics@TCanvasrx11Types@TRect
@Jpeg@TJPEGImage@Equals$qqrp17Graphics@TGraphic
@Jpeg@TJPEGImage@FreeBitmap$qqrv
@Jpeg@TJPEGImage@GetBitmap$qqrv
@Jpeg@TJPEGImage@GetEmpty$qqrv
@Jpeg@TJPEGImage@GetGrayscale$qqrv
@Jpeg@TJPEGImage@GetHeight$qqrv
@Jpeg@TJPEGImage@GetPalette$qqrv
@Jpeg@TJPEGImage@GetWidth$qqrv
@Jpeg@TJPEGImage@JPEGNeeded$qqrv
@Jpeg@TJPEGImage@LoadFromClipboardFormat$qqrusuiui
@Jpeg@TJPEGImage@LoadFromStream$qqrp15Classes@TStream
@Jpeg@TJPEGImage@NewBitmap$qqrv
@Jpeg@TJPEGImage@NewImage$qqrv
@Jpeg@TJPEGImage@ReadData$qqrp15Classes@TStream
@Jpeg@TJPEGImage@ReadStream$qqrip15Classes@TStream
@Jpeg@TJPEGImage@SaveToClipboardFormat$qqrrusruit2
@Jpeg@TJPEGImage@SaveToStream$qqrp15Classes@TStream
@Jpeg@TJPEGImage@SetGrayscale$qqro
@Jpeg@TJPEGImage@SetHeight$qqri
@Jpeg@TJPEGImage@SetPalette$qqrui
@Jpeg@TJPEGImage@SetPerformance$qqr21Jpeg@TJPEGPerformance
@Jpeg@TJPEGImage@SetPixelFormat$qqr21Jpeg@TJPEGPixelFormat
@Jpeg@TJPEGImage@SetScale$qqr15Jpeg@TJPEGScale
@Jpeg@TJPEGImage@SetSmoothing$qqro
@Jpeg@TJPEGImage@SetWidth$qqri
@Jpeg@TJPEGImage@WriteData$qqrp15Classes@TStream
@Jpeg@initialization$qqrv
__GetExceptDLLinfo
___CPPdebugHook
_frmBrowserProxy
_frmChecker
_frmCloseWait
_frmCountrySel
_frmExportFilter
_frmFtpAdd
_frmLineFilter
_frmMain
_frmPopAdd
_frmRegReminder
_frmRegister
_frmSelectLanguage
_frmSplash

Sections

UPX0
Size: - Virtual size: 3.4MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 732KB - Virtual size: 732KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 421KB - Virtual size: 424KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Sections

.text
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 476KB - Virtual size: 1.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 13KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.edata
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 415KB - Virtual size: 416KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 110KB - Virtual size: 112KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
proxyfire.v1.22/proxyfire.xpi
.zip
chrome.manifest
chrome/proxyfire.jar
.zip
content/proxyfire/contents.rdf
.xml
content/proxyfire/proxyfire.js
.js
content/proxyfire/proxyfire.xul
.xml
chrome/proxyfire/content/proxyfire/contents.rdf
.xml
chrome/proxyfire/content/proxyfire/proxyfire.js
.js
chrome/proxyfire/content/proxyfire/proxyfire.xul
.xml
install.js
.js
install.rdf
.xml
proxyfire.v1.22/psapi.dll
.dll windows:5 windows x86 arch:x86

a06529690d58edd08ef4703a44d5e7db

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

psapi.pdb

Imports

ntdll

RtlUnwind
wcslen
wcschr
_stricmp
atoi
NtClose
NtStopProfile
_snprintf
DbgPrint
RtlUnicodeToOemN
RtlAdjustPrivilege
RtlMultiByteToUnicodeN
NtAllocateVirtualMemory
NtCreateProfile
NtSetIntervalProfile
NtStartProfile
NtWriteFile
NtSetInformationProcess
NtQueryInformationProcess
NtQueryVirtualMemory
NtQuerySystemInformation
RtlNtStatusToDosError

kernel32

GetSystemInfo
LoadLibraryA
InterlockedExchange
FreeLibrary
GetProcAddress
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
GetLastError
DisableThreadLibraryCalls
OpenFileMappingA
MapViewOfFile
UnmapViewOfFile
CreateFileA
CloseHandle
GetProcessHeap
SetLastError
LocalFree
LocalAlloc
MultiByteToWideChar
WideCharToMultiByte
ReadProcessMemory
RaiseException
SetProcessWorkingSetSize
GetProcessWorkingSetSize
lstrcpyA
lstrlenA
HeapFree
HeapAlloc

Exports

Exports

EmptyWorkingSet
EnumDeviceDrivers
EnumPageFilesA
EnumPageFilesW
EnumProcessModules
EnumProcesses
GetDeviceDriverBaseNameA
GetDeviceDriverBaseNameW
GetDeviceDriverFileNameA
GetDeviceDriverFileNameW
GetMappedFileNameA
GetMappedFileNameW
GetModuleBaseNameA
GetModuleBaseNameW
GetModuleFileNameExA
GetModuleFileNameExW
GetModuleInformation
GetPerformanceInfo
GetProcessImageFileNameA
GetProcessImageFileNameW
GetProcessMemoryInfo
GetWsChanges
InitializeProcessForWsWatch
QueryWorkingSet
QueryWorkingSetEx

Sections

.text
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 992B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
proxyfire.v1.22/psearch1.ini
proxyfire.v1.22/psearch2.ini
proxyfire.v1.22/psearch3.ini
proxyfire.v1.22/psearch4.ini
proxyfire.v1.22/rbl.txt
proxyfire.v1.22/scanfiter.txt
proxyfire.v1.22/scanips.txt
proxyfire.v1.22/scanports.txt
proxyfire.v1.22/scheme.ini
proxyfire.v1.22/smtpcodes.txt
proxyfire.v1.22/tmp/19810722.tmp
proxyfire.v1.22/tmp/check_report.tmp
proxyfire.v1.22/tmp/check_report_uniq.txt
proxyfire.v1.22/tmp/chk_filter_memo1.tmp
proxyfire.v1.22/tmp/chk_filter_memo2.tmp
proxyfire.v1.22/tmp/dangerous_result.txt
proxyfire.v1.22/tmp/sortspeed.txt
proxyfire.v1.22/tmp/sortspeed1.tmp
proxyfire.v1.22/tmp/sortspeed2.tmp

Sharing

General

Malware Config

Signatures

Files

bd51a645a9c68bd03b2e51586e5cbdcb

Headers

File Characteristics

Imports

kernel32

Sections

.data Size: - Virtual size: 516KB

.decode Size: 158KB - Virtual size: 160KB

06666083bc9d8ab67f02428c2afb3f6f

Headers

File Characteristics

Imports

ws2_32

kernel32

Sections

.text Size: 36KB - Virtual size: 35KB

.rdata Size: 4KB - Virtual size: 2KB

.data Size: 4KB - Virtual size: 10KB

e1835b7f4804244b03fffd302baaf1d8

Headers

File Characteristics

Imports

kernel32

msvcrt

Exports

Exports

Sections

.text Size: 867KB - Virtual size: 866KB

.data Size: 512B - Virtual size: 64B

.bss Size: - Virtual size: 544B

.edata Size: 512B - Virtual size: 285B

.idata Size: 1024B - Virtual size: 656B

.rsrc Size: 4KB - Virtual size: 3KB

.reloc Size: 3KB - Virtual size: 2KB

c349ef238a184434495cf4decb73818f

Headers

File Characteristics

Imports

libiconv2

advapi32

kernel32

msvcrt

ole32

Exports

Exports

Sections

.text Size: 84KB - Virtual size: 83KB

.data Size: 512B - Virtual size: 160B

.bss Size: - Virtual size: 1KB

.edata Size: 2KB - Virtual size: 1KB

.idata Size: 3KB - Virtual size: 3KB

.rsrc Size: 4KB - Virtual size: 4KB

.reloc Size: 4KB - Virtual size: 3KB

2c7017d9d4d65f0536145afa17705421

Headers

File Characteristics

Imports

kernel32

Sections

.text Size: 20KB - Virtual size: 18KB

.rdata Size: 4KB - Virtual size: 2KB

.data Size: 4KB - Virtual size: 7KB

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 32KB

UPX1 Size: 18KB - Virtual size: 20KB

UPX2 Size: 512B - Virtual size: 4KB

Headers

File Characteristics

Sections

.text Size: 28KB - Virtual size: 25KB

.rdata Size: 4KB - Virtual size: 2KB

.data Size: 4KB - Virtual size: 9KB

Headers

.data
Size: - Virtual size: 516KB

.decode
Size: 158KB - Virtual size: 160KB

.text
Size: 36KB - Virtual size: 35KB

.rdata
Size: 4KB - Virtual size: 2KB

.data
Size: 4KB - Virtual size: 10KB

.text
Size: 867KB - Virtual size: 866KB

.data
Size: 512B - Virtual size: 64B

.bss
Size: - Virtual size: 544B

.edata
Size: 512B - Virtual size: 285B

.idata
Size: 1024B - Virtual size: 656B

.rsrc
Size: 4KB - Virtual size: 3KB

.reloc
Size: 3KB - Virtual size: 2KB

.text
Size: 84KB - Virtual size: 83KB

.data
Size: 512B - Virtual size: 160B

.bss
Size: - Virtual size: 1KB

.edata
Size: 2KB - Virtual size: 1KB

.idata
Size: 3KB - Virtual size: 3KB

.rsrc
Size: 4KB - Virtual size: 4KB

.reloc
Size: 4KB - Virtual size: 3KB

.text
Size: 20KB - Virtual size: 18KB

.rdata
Size: 4KB - Virtual size: 2KB

.data
Size: 4KB - Virtual size: 7KB

UPX0
Size: - Virtual size: 32KB

UPX1
Size: 18KB - Virtual size: 20KB

UPX2
Size: 512B - Virtual size: 4KB

.text
Size: 28KB - Virtual size: 25KB

.rdata
Size: 4KB - Virtual size: 2KB

.data
Size: 4KB - Virtual size: 9KB

UPX0
Size: - Virtual size: 420KB

UPX1
Size: 29KB - Virtual size: 32KB

UPX2
Size: 512B - Virtual size: 4KB

.text
Size: 40KB - Virtual size: 39KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 136KB - Virtual size: 396KB

.text
Size: 84KB - Virtual size: 84KB

.data
Size: 512B - Virtual size: 384B

.bss
Size: - Virtual size: 2KB

.idata
Size: 4KB - Virtual size: 3KB

.rsrc
Size: 4KB - Virtual size: 3KB

UPX0
Size: - Virtual size: 164KB

UPX1
Size: 29KB - Virtual size: 32KB

UPX2
Size: 512B - Virtual size: 4KB

.text
Size: 40KB - Virtual size: 39KB

.rdata
Size: 8KB - Virtual size: 4KB

.data
Size: 136KB - Virtual size: 139KB

.text
Size: 25KB - Virtual size: 24KB

.data
Size: 512B - Virtual size: 176B

.bss
Size: - Virtual size: 720B

.idata
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 4KB - Virtual size: 3KB

.text
Size: 28KB - Virtual size: 26KB

.rdata
Size: 4KB - Virtual size: 2KB

.data
Size: 4KB - Virtual size: 9KB