netwalker | possible malware[.]zip

Resubmissions

12-06-2024 08:39

240612-kkjltawejn 10

13-04-2024 00:14

240413-ajfhnagf98 10

Sharing

Copy URL

Twitter E-mail

General

Target

possible malware.zip
Size

682.3MB
MD5

ba06cb72b125a0a353b87008d95e86ca
SHA1

9b4d7e2f1087ccbe73012c8237b0609f10576806
SHA256

ba18ff142bae31457031ca49e772b10792ad3a5bdead90cb2c1d37e2a6c2fd59
SHA512

3270783c7b42014ecfa3be771d675cffe75a0ba65cf7d4e0f5e1d61e65a4cee2c6f2e471c0e95ef23799c6a7b2eb7edbca8393d59353f4d6531099dd4def909e
SSDEEP

12582912:Bo4WyWq2xPQ3JjlAd9hpopjS5j/5i7Pdst6n8+fLOzV0fPWc+afxK6kKuq:BoJqJ5Bs9hpop25bvTGLeVJc3xgdq

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

exe.dropper

https://webmail.lax.co.il/owa/auth/Current/Script/jquery-3.5.1.min.js

Extracted

Family

revengerat

Botnet

Guest

voly.ddns.net:88

Mutex

RV_MUTEX-BUPRawrSNddXxdY

Extracted

Family

spynote

voly.ddns.net:1988

Extracted

Family

sandrorat

voly.ddns.net:1962

Extracted

Family

njrat

Version

Hallaj PRO Rat [Fixed]

Botnet

HacKed

voly.ddns.net:81

Mutex

23e6d18d0fa7e25eb8844687c5ca5f5c

Attributes

reg_key
23e6d18d0fa7e25eb8844687c5ca5f5c
splitter
boolLove

Extracted

Family

cobaltstrike

Botnet

http://summerevent.webhop.net:443/safebrowsing/rd/tnOztRgLx1ugKt8uumGcreRFm5CqXD9ge-zzz5sA6WzhC

Attributes

access_type
512
beacon_type
2048
crypto_scheme
256
host
summerevent.webhop.net,/safebrowsing/rd/tnOztRgLx1ugKt8uumGcreRFm5CqXD9ge-zzz5sA6WzhC
http_header1
AAAACgAAAEdBY2NlcHQ6IHRleHQvaHRtbCxhcHBsaWNhdGlvbi94aHRtbCt4bWwsYXBwbGljYXRpb24veG1sO3E9MC45LCovKjtxPTAuOAAAAAoAAAAfQWNjZXB0LUxhbmd1YWdlOiBlbi1VUyxlbjtxPTAuNQAAAAoAAAAeQWNjZXB0LUVuY29kaW5nOiBnemlwLCBkZWZsYXRlAAAABwAAAAAAAAAIAAAAAgAAAAhQUkVGPUlEPQAAAAYAAAAGQ29va2llAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAEdBY2NlcHQ6IHRleHQvaHRtbCxhcHBsaWNhdGlvbi94aHRtbCt4bWwsYXBwbGljYXRpb24veG1sO3E9MC45LCovKjtxPTAuOAAAAAoAAAAfQWNjZXB0LUxhbmd1YWdlOiBlbi1VUyxlbjtxPTAuNQAAAAoAAAAeQWNjZXB0LUVuY29kaW5nOiBnemlwLCBkZWZsYXRlAAAABwAAAAAAAAAIAAAAAgAAABJVPXNSdjg1VUhpakJycldpSHoAAAACAAAACFBSRUY9SUQ9AAAABgAAAAZDb29raWUAAAAHAAAAAQAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_method1
GET
http_method2
POST
jitter
3840
maxdns
247
polling_time
6600
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDmFvK6fWzx+zTnQqAkZAQv6Eqwme1a80cwMNtrYEJShrKKbgpTy71w5Zd9u7EdBClno3HF9U4/9/tkBRw6PPPRa+W6bgpf97I3/Y0z36I5E/h+UP8h076IkzaWyPHbS1QMOiE6AXC3rCERjgirkn1LKUs+Q+zj0LeN8/QHEq/ZqQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/safebrowsing/rd/r8l4jO3947jVxa5wBhEijGc0y77iX4oFy
user_agent
Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0
watermark
0

Extracted

Family

jupyter

Version

DR/1.4

http://45.146.165.219

Extracted

Family

jupyter

Version

DR/1.0

http://45.135.232.131

Signatures

Anchordns family
anchordns

AridViper payload 2 IoCs

Processes:

resource	yara_rule
static1/unpack001/Malware-Feed-master/2020.09.30_ESET-APT?C?23_Android/29ac6e5719aeb0cba63b837ca2cbdb6483044ed5a885c457f6858ae61e2dd4da	family_aridviper
static1/unpack001/Malware-Feed-master/2020.09.30_ESET-APT?C?23_Android/540bbe4d507b0e3691922d97fe1ff62c4e7668b3f1b6c3997083a1c49615e068	family_aridviper

Aridviper family
aridviper

Cobalt Strike reflective loader 1 IoCs

Detects the reflective loader used by Cobalt Strike.

Processes:

resource	yara_rule
static1/unpack001/Malware-Feed-master/2020.11.06_Volexity-OceanLotus_Fake_Websites/cbca9a92a6aa067ff4cab8f1d34ec49ffc9a06c90881f48da369c973182ce06d	cobalt_reflective_dll

Cobaltstrike family
cobaltstrike

ComRAT v4 (Orchestrator DLL) 1 IoCs

File contains strings specific to ComRAT v4 samples first seen in 2017.

Processes:

resource	yara_rule
static1/unpack001/Malware-Feed-master/2020.10.29_CISA-MAR-10310246_Powershell_Backdoor/44d6d67b5328a4d73f72d8a0f9d39fe4bb6539609f90f169483936a8b3b88316	ComRAT

Comrat family
comrat

Detected AnchorDNS Backdoor 16 IoCs

Sample triggered yara rules associated with the AnchorDNS malware family.

backdoor

Processes:

resource	yara_rule
static1/unpack001/Malware-Feed-master/2020.10.29_CISA-Ransomware_Healthcare/0816d66320d221de576c8a9e6af1b05c7656832939876dd99bb8b40029fe694a	family_anchor_dns
static1/unpack001/Malware-Feed-master/2020.10.29_CISA-Ransomware_Healthcare/18d347001057c68c4f2ad1d2f5af73e2dfa69aa46466fa43b40d7da360b79c01	family_anchor_dns
static1/unpack001/Malware-Feed-master/2020.10.29_CISA-Ransomware_Healthcare/2c446cad1e15d82521022281b81f905867e33e9ae33c3e7e4959972d40230775	family_anchor_dns
static1/unpack001/Malware-Feed-master/2020.10.29_CISA-Ransomware_Healthcare/47a16afd03cc206a96000d3d5c6d34b3167abda5ffb8458a601e6b079a948dc5	family_anchor_dns
static1/unpack001/Malware-Feed-master/2020.10.29_CISA-Ransomware_Healthcare/5de47f786534c1fbe8173ac71ab48602fe3462baed77eea70f2b59231ffa69c0	family_anchor_dns
static1/unpack001/Malware-Feed-master/2020.10.29_CISA-Ransomware_Healthcare/73d1283221b18ac00cdd1929d75aefe1275757cac85115a1b2b4bedd9b6d633f	family_anchor_dns
static1/unpack001/Malware-Feed-master/2020.10.29_CISA-Ransomware_Healthcare/7e00743d43b550b6b0d3927a551eba2f0c87d458fb1b546249a092c8ebc6c7b2	family_anchor_dns
static1/unpack001/Malware-Feed-master/2020.10.29_CISA-Ransomware_Healthcare/9067fa96c3f7249241d50425f1198a36c6c23578f14bf501a1664a501f088d69	family_anchor_dns
static1/unpack001/Malware-Feed-master/2020.10.29_CISA-Ransomware_Healthcare/92796e61f7a47521210edfc5e7e2004975ede13b836787b07dde85f80750b0ff	family_anchor_dns
static1/unpack001/Malware-Feed-master/2020.10.29_CISA-Ransomware_Healthcare/9469f92e61d75e88ccc854ac6febd2df4a2a5ee7ec4ecea152b82e05df905325	family_anchor_dns
static1/unpack001/Malware-Feed-master/2020.10.29_CISA-Ransomware_Healthcare/946b706080ad6bafeee90149255755e013eedb22a58711a70bb9ffec934228c2	family_anchor_dns
static1/unpack001/Malware-Feed-master/2020.10.29_CISA-Ransomware_Healthcare/9f2a5f2ca86b24191370315c30a78f8adda1a04e3acac4edb3ac8f1cdc58c20c	family_anchor_dns
static1/unpack001/Malware-Feed-master/2020.10.29_CISA-Ransomware_Healthcare/b1e703bd4df1d3e85ff97b638357b8c96360c9a658930473d37b733dbed51e02	family_anchor_dns
static1/unpack001/Malware-Feed-master/2020.10.29_CISA-Ransomware_Healthcare/d5440b90f2392f378b84be359201cb2870681d9483ec692bd16a8b00ec22122b	family_anchor_dns
static1/unpack001/Malware-Feed-master/2020.10.29_CISA-Ransomware_Healthcare/fb75261336c28d5c4798fe92463a249fc92bc10cb7f1ad4f14041bdf639a7315	family_anchor_dns
static1/unpack001/Malware-Feed-master/2020.10.29_CISA-Ransomware_Healthcare/fdfa3d13a6fc905eebe1e8370e43510f40379360d497dd48d2f64f983bb481b1	family_anchor_dns

Detected Netwalker Ransomware 4 IoCs

Detected unpacked Netwalker executable.

Processes:

resource	yara_rule
static1/unpack001/Malware-Feed-master/2020.07.28_FBI-FLASH-MI-000130-MW/3ba905e1cda7307163d4c8fe3fd03c2fbce7eda030522084e33d0604c204630e	netwalker_ransomware
static1/unpack001/Malware-Feed-master/2020.07.28_FBI-FLASH-MI-000130-MW/58e923ff158fb5aecd293b7a0e0d305296110b83c6e270786edcc4fea1c8404c	netwalker_ransomware
static1/unpack001/Malware-Feed-master/2020.07.28_FBI-FLASH-MI-000130-MW/8f834966a06f34682b78e1644c47ab488b394b80109ddea39fc9a29ed0d56a0c	netwalker_ransomware
static1/unpack001/Malware-Feed-master/2020.07.28_FBI-FLASH-MI-000130-MW/de04d2402154f676f757cf1380671f396f3fc9f7dbb683d9461edd2718c4e09d	netwalker_ransomware

Detected SUNBURST backdoor 7 IoCs

SUNBURST is a backdoor for the SolarWinds Orion platform with extensive capabilities.

backdoor

Processes:

resource	yara_rule
static1/unpack001/Malware-Feed-master/2020.11.08_FireEye-Solarwinds-Hack/019085a76ba7126fff22770d71bd901c325fc68ac55aa743327984e89f4b0134	family_sunburst
static1/unpack001/Malware-Feed-master/2020.11.08_FireEye-Solarwinds-Hack/32519b85c0b422e4656de6e6c41878e95fd95026267daab4215ee59c107d6c77	family_sunburst
static1/unpack001/Malware-Feed-master/2020.11.08_FireEye-Solarwinds-Hack/ce77d116a074dab7a22a0fd4f2c1ab475f16eec42e1ded3c0b0aa8211fe858d6	family_sunburst
static1/unpack001/Malware-Feed-master/2020.12.17_CISA_AA20-352A_APT_Gov_Infrastructure/019085a76ba7126fff22770d71bd901c325fc68ac55aa743327984e89f4b0134	family_sunburst
static1/unpack001/Malware-Feed-master/2020.12.17_CISA_AA20-352A_APT_Gov_Infrastructure/0f5d7e6dfdd62c83eb096ba193b5ae394001bac036745495674156ead6557589	family_sunburst
static1/unpack001/Malware-Feed-master/2020.12.17_CISA_AA20-352A_APT_Gov_Infrastructure/32519b85c0b422e4656de6e6c41878e95fd95026267daab4215ee59c107d6c77	family_sunburst
static1/unpack001/Malware-Feed-master/2020.12.17_CISA_AA20-352A_APT_Gov_Infrastructure/ce77d116a074dab7a22a0fd4f2c1ab475f16eec42e1ded3c0b0aa8211fe858d6	family_sunburst

Detected SUPERNOVA .NET web shell 2 IoCs

SUPERNOVA is a .NET web shell backdoor masquerading as a legitimate SolarWinds web service handler. SUPERNOVA inspects and reponds to HTTP requests with the appropriate HTTP query strings, Cookies, and/or HTML form values (e.g. named codes, class, method, and args).

backdoor

Processes:

resource	yara_rule
static1/unpack001/Malware-Feed-master/2020.11.08_FireEye-Solarwinds-Hack/c15abaf51e78ca56c0376522d699c978217bf041a3bd3c71d09193efa5717c71	family_supernova
static1/unpack001/Malware-Feed-master/2020.12.17_CISA_AA20-352A_APT_Gov_Infrastructure/c15abaf51e78ca56c0376522d699c978217bf041a3bd3c71d09193efa5717c71	family_supernova

Detected TEARDROP fileless dropper 2 IoCs

TEARDROP is a memory-only dropper which can read files/registry keys, decode an embedded payload, and load it directly into memory.

dropper backdoor

Processes:

resource	yara_rule
static1/unpack001/Malware-Feed-master/2020.12.17_CISA_AA20-352A_APT_Gov_Infrastructure/6e4050c6a2d2e5e49606d96dd2922da480f2e0c70082cc7e54449a7dc0d20f8d	family_teardrop
static1/unpack001/Malware-Feed-master/2020.12.17_CISA_AA20-352A_APT_Gov_Infrastructure/b820e8a2057112d0ed73bd7995201dbed79a79e13c79d4bdad81a22f12387e07	family_teardrop

Jupyter Backdoor/Client payload 9 IoCs

Processes:

resource	yara_rule
static1/unpack001/Malware-Feed-master/2020.11.12_Morphisec-Jupiter_Infostealer/06cc1870c2d26b38b13a8dc2e59a302a5454c61e756aee37cbf794fb51af0ba3	family_jupyter
static1/unpack001/Malware-Feed-master/2020.11.12_Morphisec-Jupiter_Infostealer/30e527e45f50d2ba82865c5679a6fa998ee0a1755361ab01673950810d071c85	family_jupyter
static1/unpack001/Malware-Feed-master/2020.11.12_Morphisec-Jupiter_Infostealer/3147cd2ee6938d50d2cdc7e157ad1125de2229bb35454cbde502746d6a36154d	family_jupyter
static1/unpack001/Malware-Feed-master/2020.11.12_Morphisec-Jupiter_Infostealer/33d7f3bb788ea4bf9fffba9e528ec62ad38f02d03e63f78e427238f90a9ac75d	family_jupyter
static1/unpack001/Malware-Feed-master/2020.11.12_Morphisec-Jupiter_Infostealer/5fafaa6539a7360f5a5ccf5c46b5c25e555fc7e11ada655ebd49588ca91b9fcc	family_jupyter
static1/unpack001/Malware-Feed-master/2020.11.12_Morphisec-Jupiter_Infostealer/9d63af1cb88bb6b65e1d6c1f4467a728aeff1b8d07c2ef8c9b2e2f40b696a154	family_jupyter
static1/unpack001/Malware-Feed-master/2020.11.12_Morphisec-Jupiter_Infostealer/c23957924eb604f3844f9e9c6c569c0a3aa6f60edc4ba4ecd42a68eaee3b8e02	family_jupyter
static1/unpack001/Malware-Feed-master/2020.11.12_Morphisec-Jupiter_Infostealer/ce486097ad2491aba8b1c120f6d0aa23eaf59cf698b57d2113faab696d03c601	family_jupyter
static1/unpack001/Malware-Feed-master/2020.11.12_Morphisec-Jupiter_Infostealer/fe2d39309d8bf3d85cacc2308bd36d149bc27f59f95c02b77a1f9f897291a933	family_jupyter

Jupyter family
jupyter
Netwalker family
netwalker
Njrat family
njrat

RevengeRat Executable 4 IoCs

stealer

Processes:

resource	yara_rule
static1/unpack001/Malware-Feed-master/2020.10.23_360-APT-C-44_NAFox/070439ab8730f575894667f729b149c4e93d0c2cc8a39383c4f72cf11bbf78a8	revengerat
static1/unpack001/Malware-Feed-master/2020.10.23_360-APT-C-44_NAFox/242d341e9e85dead14a2825e09c7e593f8726b1fb4d329222d1b5f9fe492d052	revengerat
static1/unpack001/Malware-Feed-master/2020.10.23_360-APT-C-44_NAFox/b9ec260db4481181e2d75ee45be3e4fc97557024a3de639325c2e90f35a77142	revengerat
static1/unpack001/Malware-Feed-master/2020.10.23_360-APT-C-44_NAFox/ea04e170198c09cd049ad24a1f16de2fd0be4f3037665125241456ecdda36e59	revengerat

Revengerat family
revengerat
Sandrorat family
sandrorat

SlothfulMedia Main payload 2 IoCs

Processes:

resource	yara_rule
static1/unpack001/Malware-Feed-master/2020.10.01_CISA-MAR-10303705_RAT_SLOTHFULMEDIA/64d78eec46c9ddd4b9a366de62ba0f2813267dc4393bc79e4c9a51a9bb7e6273	family_slothfulmedia
static1/unpack001/Malware-Feed-master/2020.10.01_CISA-MAR-10303705_RAT_SLOTHFULMEDIA/927d945476191a3523884f4c0784fb71c16b7738bd7f2abd1e3a198af403f0ae	family_slothfulmedia

Slothfulmedia family
slothfulmedia
Spynote family
spynote

Spynote payload 3 IoCs

Processes:

resource	yara_rule
static1/unpack001/Malware-Feed-master/2020.10.23_360-APT-C-44_NAFox/4f5e43c27f8e38d37983771e3b9dc61a9bb253cea8412238bc4feef17f7568ef	family_spynote
static1/unpack001/Malware-Feed-master/2020.10.23_360-APT-C-44_NAFox/50eda2e7c5db3a81f2dd83dbf4c7076d19ef9dbdcecf7338960f19c876ea013a	family_spynote
static1/unpack001/Malware-Feed-master/2020.10.23_360-APT-C-44_NAFox/c77a066c9774e12d6a49589196463c1c96244225dde6b3a6f5af1b7dac34f46c	family_spynote

Sunburst family
sunburst
Supernova family
supernova
Teardrop family
teardrop

Zebrocy Go Variant 2 IoCs

Processes:

resource	yara_rule
static1/unpack001/Malware-Feed-master/2020.10.29_CISA-MAR-10310246_ZEBROCY_Backdoor/0be114fe30ef5042890c17033b63d7c9e0363972fcc15a61433c598dd33f49d1	Zebrocy
static1/unpack001/Malware-Feed-master/2020.10.29_CISA-MAR-10310246_ZEBROCY_Backdoor/2631f95e9a46c821a701269a76b15bb065764cc15a0b268a4d1eac045975c9b8	Zebrocy

Zebrocy family
zebrocy

CryptOne packer 1 IoCs

Detects CryptOne packer defined in NCC blogpost.

cryptone packer

Processes:

resource	yara_rule
static1/unpack001/Malware-Feed-master/2020.07.28_FBI-FLASH-MI-000130-MW/8639825230d5504fd8126ed55b2d7aeb72944ffe17e762801aab8d4f8f880160	cryptone

Office macro that triggers on suspicious action 2 IoCs

Office document macro which triggers in special circumstances - often malicious.

macro macro_on_action

Processes:

resource	yara_rule
static1/unpack001/Malware-Feed-master/2020.09.17_FBI-FLASH-ME-000134-MW/0ee32e3ea3d83da9df6317d7c8c539f0f3622af82ef242d74fdca1e5d4ee427f	office_macro_on_action
static1/unpack001/Malware-Feed-master/2020.10.15_Clearsky-Operation_Quicksand_MuddyWater?s_Offensive_Attack_Against_Israeli/a1282dde503e911d5653e1d9d1214e4780e61c96d1530c3a1be22d88a81dcf5f	office_macro_on_action

Suspicious Office macro 1 IoCs

Office document equipped with macros.

macro

Processes:

resource
static1/unpack001/Malware-Feed-master/2020.09.17_FBI-FLASH-ME-000134-MW/0ee32e3ea3d83da9df6317d7c8c539f0f3622af82ef242d74fdca1e5d4ee427f

ASPack v2.12-2.42 1 IoCs

Detects executables packed with ASPack v2.12-2.42

aspackv2

Processes:

resource	yara_rule
static1/unpack001/Malware-Feed-master/2020.09.18_Checkpoint-Rampant_Kitten/de339d3fe5acf83a0df5991bcce02574e1f2c4749b6d0e8f9edc563ef4f91d79	aspack_v212_v242

UPX packed file 5 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
static1/unpack001/Malware-Feed-master/2020.07.16_CISA-WELLMAIL/83014ab5b3f63b0253cdab6d715f5988ac9014570fa4ab2b267c7cf9ba237d18	upx
static1/unpack001/Malware-Feed-master/2020.09.17_FBI-FLASH-ME-000134-MW/9ce13cd2bd4539852a6b5a1cacd98c7d07e4fe5cb5423a74a5141b84511b4e28	upx
static1/unpack001/Malware-Feed-master/2020.11.12_BlackBerry-CostaRicto/561bf3f3db67996ce81d98f1df91bfa28fb5fc8472ed64606ef8427a97fd8cdd	upx
static1/unpack001/Malware-Feed-master/2020.11.12_BlackBerry-CostaRicto/7424d6daab8407e85285709dd27b8cce7c633d3d4a39050883ad9d82b85198bf	upx
static1/unpack001/Malware-Feed-master/2020.11.12_BlackBerry-CostaRicto/ee0f4afee2940bbe895c1f1f60b8967291a2662ac9dca9f07d9edf400d34b58a	upx

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

Processes:

resource	yara_rule
static1/unpack001/Malware-Feed-master/2020.11.02_FireEye-Live_Off_The_Land_UNC_1945/632be2363c7a13be6d5ce0dca11e387bd0a072cc962b004f0dcf3c1f78982a5a	vmprotect

Declares broadcast receivers with permission to handle system events 1 IoCs

Processes:

description	ioc
Required by device admin receivers to bind with the system. Allows apps to manage device administration features.	android.permission.BIND_DEVICE_ADMIN

Declares services with permission to bind to the system 1 IoCs

Processes:

description	ioc
Required by accessibility services to bind with the system. Allows apps to access accessibility features.	android.permission.BIND_ACCESSIBILITY_SERVICE

Requests dangerous framework permissions 9 IoCs

Processes:

description	ioc
Allows an application to record audio.	android.permission.RECORD_AUDIO
Allows an application to read SMS messages.	android.permission.READ_SMS
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device.	android.permission.READ_PHONE_STATE
Allows an application to read from external storage.	android.permission.READ_EXTERNAL_STORAGE
Allows an application to read the user's contacts data.	android.permission.READ_CONTACTS
Allows an application to read the user's calendar data.	android.permission.READ_CALENDAR
Required to be able to access the camera device.	android.permission.CAMERA
Allows an app to access precise location.	android.permission.ACCESS_FINE_LOCATION
Allows an app to access approximate location.	android.permission.ACCESS_COARSE_LOCATION

AutoIT Executable 4 IoCs

AutoIT scripts compiled to PE executables.

Processes:

resource	yara_rule
static1/unpack004/Original.document.exe	autoit_exe
static1/unpack001/Malware-Feed-master/2020.06.22_FBI-FLASH-MI-000124-MW/7b98cd3800dede6537cf78e7b61eeeda71d251dc97c70cb7c2135c6aa310ab7f	autoit_exe
static1/unpack001/Malware-Feed-master/2020.06.22_FBI-FLASH-MI-000124-MW/da26ba1e13ce4702bd5154789ce1a699ba206c12021d9823380febd795f5b002	autoit_exe
static1/unpack009/AWARENESS NOTICE ON CORONAVIRUS COVID-19 DOCUMENT_pdf.exe	autoit_exe

HTTP links in PDF interactive object 1 IoCs

Detects HTTP links in interactive objects within PDF files.

pdf link

Processes:

resource	yara_rule
static1/unpack001/Malware-Feed-master/2020.11.12_Cisco-CRAT_Lazarus/cb141c743ac41784501e2e84ccd9969aade82b296df077daff3c0734bb26c837	pdf_with_link_action

Detects Pyinstaller 4 IoCs

pyinstaller

Processes:

resource	yara_rule
static1/unpack001/Malware-Feed-master/2020.09.17_FBI-FLASH-ME-000134-MW/0edf56c79475442bdb36cc10a7b50ee927a59053e8a3945018bf5b3d849581e0	pyinstaller
static1/unpack001/Malware-Feed-master/2020.09.17_FBI-FLASH-ME-000134-MW/c8bc6144fe3c97a062572e7d1c3db5ccd1c1f6ea9ceaac4a492aa31befd9e0c9	pyinstaller
static1/unpack001/Malware-Feed-master/2020.09.18_Checkpoint-Rampant_Kitten/13e924700a346234eaf2376c61ef0a36c86d94847b232a4ad772e35e0b9a6e87	pyinstaller
static1/unpack001/Malware-Feed-master/2020.09.18_Checkpoint-Rampant_Kitten/3310c0b2fd8a8d96288eb241f6948cfa0f15b39d2e6ca6687aab45dc6fccf9fc	pyinstaller

Unsigned PE 434 IoCs

Checks for missing Authenticode signature.

Processes:

resource
unpack002/Γενική ειδοποίηση χρονοδιαγράμματος εργασίας στο COVID-19.exe
unpack003/Covid 19 Immunity Tips.exe
unpack004/Original.document.exe
unpack005/COVID-19 WHO RECOMENDED V.exe
unpack001/Malware-Feed-master/2020.06.22_FBI-FLASH-MI-000124-MW/7b98cd3800dede6537cf78e7b61eeeda71d251dc97c70cb7c2135c6aa310ab7f
unpack001/Malware-Feed-master/2020.06.22_FBI-FLASH-MI-000124-MW/d150feb631d6e9050b7fb76db57504e6dcc2715fe03e45db095f50d56a9495a5
unpack001/Malware-Feed-master/2020.06.22_FBI-FLASH-MI-000124-MW/da26ba1e13ce4702bd5154789ce1a699ba206c12021d9823380febd795f5b002
unpack001/Malware-Feed-master/2020.06.22_FBI-FLASH-MI-000124-MW/e4e5c3a6c15beff4e17117075e2c0bd65f176d81e6885134d2b4d97c20d4773a
unpack001/Malware-Feed-master/2020.06.22_FBI-FLASH-MI-000124-MW/f681c1f8c12956a20c27beb9be1112374fefc7651884d7dd92010b40db1e7bee
unpack009/AWARENESS NOTICE ON CORONAVIRUS COVID-19 DOCUMENT_pdf.exe
unpack001/Malware-Feed-master/2020.07.23_FBI-FLASH-AC-000129-TT/1d973d05dee26f74ae352325da741928af4327f7a6be27cdec085a31fbea8100
unpack001/Malware-Feed-master/2020.07.23_FBI-FLASH-AC-000129-TT/37aa87d3408dc3e211d63a3bb38c726787c47c06a19e77f6a14861a91c2dcb35
unpack001/Malware-Feed-master/2020.07.23_FBI-FLASH-AC-000129-TT/a1aa0684813cfe9d7ed5c491c8ab132e5583b4fd02187fdae8aa4d934d933f29
unpack001/Malware-Feed-master/2020.07.28_FBI-FLASH-MI-000130-MW/3ba905e1cda7307163d4c8fe3fd03c2fbce7eda030522084e33d0604c204630e
unpack001/Malware-Feed-master/2020.07.28_FBI-FLASH-MI-000130-MW/58e923ff158fb5aecd293b7a0e0d305296110b83c6e270786edcc4fea1c8404c
unpack001/Malware-Feed-master/2020.07.28_FBI-FLASH-MI-000130-MW/8f834966a06f34682b78e1644c47ab488b394b80109ddea39fc9a29ed0d56a0c
unpack001/Malware-Feed-master/2020.07.28_FBI-FLASH-MI-000130-MW/de04d2402154f676f757cf1380671f396f3fc9f7dbb683d9461edd2718c4e09d
unpack001/Malware-Feed-master/2020.08.03_CISA-Chinese_RAT_TAIDOOR/4a0688baf9661d3737ee82f8992a0a665732c91704f28688f643115648c107d4
unpack001/Malware-Feed-master/2020.08.03_CISA-Chinese_RAT_TAIDOOR/6e6d3a831c03b09d9e4a54859329fbfd428083f8f5bc5f27abbfdd9c47ec0e57
unpack001/Malware-Feed-master/2020.08.19_CISA-North_Korean_RAT_BLINDINGCAN/58027c80c6502327863ddca28c31d352e5707f5903340b9e6ccc0997fcb9631d
unpack001/Malware-Feed-master/2020.08.19_CISA-North_Korean_RAT_BLINDINGCAN/8b53b519623b56ab746fdaf14d3eb402e6fa515cde2113a07f5a3b4050e98050
unpack001/Malware-Feed-master/2020.08.19_CISA-North_Korean_RAT_BLINDINGCAN/bdfd16dc53f5c63da0b68df71c6e61bad300e59fd5748991a6b6a3650f01f9a1
unpack001/Malware-Feed-master/2020.08.26_CISA-MAR-10301706_North_Korean_RAT_VIVACIOUSGIFT/70b494b0a8fdf054926829dcb3235fc7bd0346b6a19faf2a57891c71043b3b38
unpack001/Malware-Feed-master/2020.08.26_CISA-MAR-10301706_North_Korean_RAT_VIVACIOUSGIFT/8cad61422d032119219f465331308c5a61e21c9a3a431b88e1f8b25129b7e2a1
unpack001/Malware-Feed-master/2020.08.26_CISA-MAR-10301706_North_Korean_RAT_VIVACIOUSGIFT/9a776b895e93926e2a758c09e341accb9333edc1243d216a5e53f47c6043c852
unpack001/Malware-Feed-master/2020.08.26_CISA-MAR-10301706_North_Korean_RAT_VIVACIOUSGIFT/a917c1cc198cf36c0f2f6c24652e5c2e94e28d963b128d54f00144d216b2d118
unpack001/Malware-Feed-master/2020.08.26_CISA-MAR-10301706_North_Korean_RAT_VIVACIOUSGIFT/aca598e2c619424077ef8043cb4284729045d296ce95414c83ed70985c892c83
unpack001/Malware-Feed-master/2020.08.26_CISA-MAR-10301706_North_Korean_RAT_VIVACIOUSGIFT/f3ca8f15ca582dd486bd78fd57c2f4d7b958163542561606bebd250c827022de
unpack001/Malware-Feed-master/2020.08.26_CISA-North_Korean_RAT_ECCENTRICBANDWAGON/32a4de070ca005d35a88503717157b0dc3f2e8da76ffd618fca6563aec9c81f8
unpack001/Malware-Feed-master/2020.08.26_CISA-North_Korean_RAT_ECCENTRICBANDWAGON/9ea5aa00e0a738b74066c61b1d35331170a9e0a84df1cc6cef58fd46a8ec5a2e
unpack001/Malware-Feed-master/2020.08.26_CISA-North_Korean_RAT_ECCENTRICBANDWAGON/c6930e298bba86c01d0fe2c8262c46b4fce97c6c5037a193904cfc634246fbec
unpack001/Malware-Feed-master/2020.08.26_CISA-North_Korean_RAT_ECCENTRICBANDWAGON/efd470cfa90b918e5d558e5c8c3821343af06eedfd484dfeb20c4605f9bdc30e
unpack001/Malware-Feed-master/2020.08.26_CISA-North_Korean_RAT_FASTCASH/129b8825eaf61dcc2321aad7b84632233fa4bbc7e24bdf123b507157353930f0
unpack001/Malware-Feed-master/2020.08.26_CISA-North_Korean_RAT_FASTCASH/5cb7a352535b447609849e20aec18c84d8b58e377d9c6365eafb45cdb7ef949b
unpack001/Malware-Feed-master/2020.09.15_CISA-MAR-10297887_Iranian_Web_Shells/10836bda2d6a10791eb9541ad9ef1cb608aa9905766c28037950664cd64c6334
unpack001/Malware-Feed-master/2020.09.15_CISA-MAR-10297887_Iranian_Web_Shells/55b9264bc1f665acd94d922dd13522f48f2c88b02b587e50d5665b72855aa71c
unpack001/Malware-Feed-master/2020.09.17_FBI-FLASH-ME-000134-MW/0edf56c79475442bdb36cc10a7b50ee927a59053e8a3945018bf5b3d849581e0
unpack001/Malware-Feed-master/2020.09.17_FBI-FLASH-ME-000134-MW/0f7759714a57635ec98ab5453e2629e5f6f31a3f46565243addb20f6d0aa7d2c
unpack001/Malware-Feed-master/2020.09.17_FBI-FLASH-ME-000134-MW/15b61b51d46bcf8ae5999d0ae422ca89b2a1aba0c90c818d5c8e419aaa0af831
unpack001/Malware-Feed-master/2020.09.17_FBI-FLASH-ME-000134-MW/333d4455b920c44d278767783aff3383419872f802cc254c105702604d563aea
unpack001/Malware-Feed-master/2020.09.17_FBI-FLASH-ME-000134-MW/3a39f9087fc5cf0aa1d2caed1bef591e3533dd3b7b2a262c632b2737854c8464
unpack001/Malware-Feed-master/2020.09.17_FBI-FLASH-ME-000134-MW/3b193238eca12dacad1dbd55edd31da7d8936a6cbf916278d4e62b145f1ff43c
unpack001/Malware-Feed-master/2020.09.17_FBI-FLASH-ME-000134-MW/590c33ea344a2ee095004d4069122f0afccbfceee422bb5d2838c32a9026a86a
unpack001/Malware-Feed-master/2020.09.17_FBI-FLASH-ME-000134-MW/5b15fe859870c06fa0564faf0901543419640e44d2b392f24102b3e532a94e4b
unpack001/Malware-Feed-master/2020.09.17_FBI-FLASH-ME-000134-MW/60f0e5a448dd3a4581a6dfadc375cd5619a1ab2901bd108dcc85f8d77d074dde
unpack001/Malware-Feed-master/2020.09.17_FBI-FLASH-ME-000134-MW/66c51484b653277a5d40cbd2738b33cba8fb5ccc741f0c24634944ec4cac1142
unpack001/Malware-Feed-master/2020.09.17_FBI-FLASH-ME-000134-MW/875d078761e941c634a982c1eb259ab739c0a925f34f6da6c6a7211507dfcd0c
unpack001/Malware-Feed-master/2020.09.17_FBI-FLASH-ME-000134-MW/96f8c17daa65c4ad24838d3852caa68ffb49fc6b2204b011ec28241d22cc7733
unpack001/Malware-Feed-master/2020.09.17_FBI-FLASH-ME-000134-MW/9ce13cd2bd4539852a6b5a1cacd98c7d07e4fe5cb5423a74a5141b84511b4e28
unpack001/Malware-Feed-master/2020.09.17_FBI-FLASH-ME-000134-MW/bee25b20cddb75b90de027624b454aa3a3c8eac052898226c74a7d73822553fb
unpack001/Malware-Feed-master/2020.09.17_FBI-FLASH-ME-000134-MW/c2ac4367d1a7773e3c77ba4f92be0690b2ac3706be17b3ff87a1e5180a29795b
unpack001/Malware-Feed-master/2020.09.17_FBI-FLASH-ME-000134-MW/c8bc6144fe3c97a062572e7d1c3db5ccd1c1f6ea9ceaac4a492aa31befd9e0c9
unpack001/Malware-Feed-master/2020.09.17_FBI-FLASH-ME-000134-MW/d6ac1d0599bd4972263f0db15815f753dff1644095ba862897eaf50dec9a1f1c
unpack001/Malware-Feed-master/2020.09.17_FBI-FLASH-ME-000134-MW/ded249291d46651cf63618f6bd071dae18e651e7d4ac6bce5ae27c5b6a068b9f
unpack001/Malware-Feed-master/2020.09.17_FBI-FLASH-ME-000134-MW/e59522181911b0fdd183e3451b86bba3454b9c7e18abb895e44ed4c233b3c2dd
unpack001/Malware-Feed-master/2020.09.17_FBI-FLASH-ME-000134-MW/ea9070fc1fe5ea500ef0de631f478d8881d4c9f960cc7730d79d8d33a427fdbe
unpack001/Malware-Feed-master/2020.09.17_FBI-FLASH-ME-000134-MW/eb8883d23bca4d9be3423db41b417c2dce4e1ba5cf2a317fc2d460d99006765f
unpack001/Malware-Feed-master/2020.09.17_FBI-FLASH-ME-000134-MW/f845276dfd9d5753f659dab8c12a38eba1f71fdc16b6faae1316622dc9cab455
unpack001/Malware-Feed-master/2020.09.18_Checkpoint-Rampant_Kitten/013edd19a9e796d54b82dc34a400a0981c5e17fd65a235dd45231e7ef06ee53b
unpack001/Malware-Feed-master/2020.09.18_Checkpoint-Rampant_Kitten/023151cf0fb47d758946fa85a952a2b6758fbbfb762083a01bb70c5a6d96c781
unpack001/Malware-Feed-master/2020.09.18_Checkpoint-Rampant_Kitten/07247bb81cca445e0df110d73ea6bf7eb327cc99b614b99dfbcb5632025c99a0
unpack001/Malware-Feed-master/2020.09.18_Checkpoint-Rampant_Kitten/085a42cf3705bade9cd970f003f82158563aba06e9152e00928778bc0bd9585e
unpack001/Malware-Feed-master/2020.09.18_Checkpoint-Rampant_Kitten/08b61faed24b35224a505dd9cbf39cd59776627de7991161d376134a854c3227
unpack001/Malware-Feed-master/2020.09.18_Checkpoint-Rampant_Kitten/09f953c4abfa799e2137887db5e90ddb993f76d20ce22a5ca290e43ae07074b7

NSIS installer 4 IoCs

installer

Processes:

resource	yara_rule
static1/unpack001/Malware-Feed-master/2020.09.17_FBI-FLASH-ME-000134-MW/590c33ea344a2ee095004d4069122f0afccbfceee422bb5d2838c32a9026a86a	nsis_installer_1
static1/unpack001/Malware-Feed-master/2020.09.17_FBI-FLASH-ME-000134-MW/590c33ea344a2ee095004d4069122f0afccbfceee422bb5d2838c32a9026a86a	nsis_installer_2
static1/unpack001/Malware-Feed-master/2020.09.17_FBI-FLASH-ME-000134-MW/e59522181911b0fdd183e3451b86bba3454b9c7e18abb895e44ed4c233b3c2dd	nsis_installer_1
static1/unpack001/Malware-Feed-master/2020.09.17_FBI-FLASH-ME-000134-MW/e59522181911b0fdd183e3451b86bba3454b9c7e18abb895e44ed4c233b3c2dd	nsis_installer_2

Files

possible malware.zip
.zip
Malware-Feed-master/2020.06.22_FBI-FLASH-MI-000124-MW/15e029c3834435150c76741e714540fcb799662db8cc2c61ba4ef192a781727b
.rar
Γενική ειδοποίηση χρονοδιαγράμματος εργασίας στο COVID-19.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 412KB - Virtual size: 412KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 45KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 3KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 16B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 31KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 261KB - Virtual size: 261KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.06.22_FBI-FLASH-MI-000124-MW/2c464648ff97fd39dab054d0c3e1bd249e244fcc975b697e312796669c7763f1
.zip
Covid 19 Immunity Tips.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 385KB - Virtual size: 385KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.06.22_FBI-FLASH-MI-000124-MW/3e1fb4ff54112a78d8bdccbe596c119201f079010c4f69cdf2c99385e7aee3dc
.zip
Original.document.exe
.exe windows:5 windows x86 arch:x86

7f2222d75bcebeb591b7d884c5b9299b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

wsock32

__WSAFDIsSet
recv
send
setsockopt
ntohs
recvfrom
select
WSAStartup
htons
accept
listen
bind
closesocket
connect
WSACleanup
ioctlsocket
sendto
WSAGetLastError
inet_addr
gethostbyname
gethostname
socket

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

winmm

timeGetTime
waveOutSetVolume
mciSendStringW

comctl32

ImageList_Destroy
ImageList_Remove
ImageList_SetDragCursorImage
ImageList_BeginDrag
ImageList_DragEnter
ImageList_DragLeave
ImageList_EndDrag
ImageList_DragMove
ImageList_Create
InitCommonControlsEx
ImageList_ReplaceIcon

mpr

WNetUseConnectionW
WNetCancelConnection2W
WNetGetConnectionW
WNetAddConnection2W

wininet

InternetReadFile
InternetCloseHandle
InternetOpenW
InternetSetOptionW
InternetCrackUrlW
HttpQueryInfoW
InternetQueryOptionW
HttpOpenRequestW
HttpSendRequestW
FtpOpenFileW
FtpGetFileSize
InternetOpenUrlW
InternetConnectW
InternetQueryDataAvailable

psapi

GetProcessMemoryInfo

iphlpapi

IcmpCreateFile
IcmpCloseHandle
IcmpSendEcho

userenv

UnloadUserProfile
DestroyEnvironmentBlock
CreateEnvironmentBlock
LoadUserProfileW

uxtheme

IsThemeActive

kernel32

HeapAlloc
GetProcessHeap
HeapFree
Sleep
GetCurrentThreadId
MultiByteToWideChar
MulDiv
GetVersionExW
GetSystemInfo
FreeLibrary
LoadLibraryA
GetProcAddress
SetErrorMode
GetModuleFileNameW
WideCharToMultiByte
lstrcpyW
lstrlenW
GetModuleHandleW
QueryPerformanceCounter
VirtualFreeEx
OpenProcess
VirtualAllocEx
WriteProcessMemory
ReadProcessMemory
CreateFileW
SetFilePointerEx
ReadFile
WriteFile
FlushFileBuffers
TerminateProcess
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
SetFileTime
GetFileAttributesW
FindFirstFileW
FindClose
GetLongPathNameW
GetCurrentThread
FindNextFileW
MoveFileW
CopyFileW
CreateDirectoryW
RemoveDirectoryW
SetSystemPowerState
QueryPerformanceFrequency
FindResourceW
LoadResource
LockResource
SizeofResource
EnumResourceNamesW
OutputDebugStringW
GetTempPathW
GetTempFileNameW
DeviceIoControl
GetLocalTime
CompareStringW
DeleteCriticalSection
WaitForSingleObject
LeaveCriticalSection
GetStdHandle
CreatePipe
InterlockedExchange
TerminateThread
LoadLibraryExW
FindResourceExW
VirtualFree
FormatMessageW
GetExitCodeProcess
GetPrivateProfileStringW
WritePrivateProfileStringW
GetPrivateProfileSectionW
WritePrivateProfileSectionW
GetPrivateProfileSectionNamesW
FileTimeToLocalFileTime
FileTimeToSystemTime
SystemTimeToFileTime
LocalFileTimeToFileTime
GetDriveTypeW
GetDiskFreeSpaceExW
GetDiskFreeSpaceW
GetVolumeInformationW
SetVolumeLabelW
CreateHardLinkW
SetFileAttributesW
GetShortPathNameW
CreateEventW
SetEvent
GetEnvironmentVariableW
SetEnvironmentVariableW
GlobalLock
GlobalUnlock
GlobalAlloc
GetFileSize
GlobalFree
GlobalMemoryStatusEx
Beep
GetSystemDirectoryW
GetComputerNameW
GetWindowsDirectoryW
GetCurrentProcessId
GetProcessIoCounters
CreateProcessW
SetPriorityClass
LoadLibraryW
VirtualAlloc
CloseHandle
GetLastError
GetFullPathNameW
SetCurrentDirectoryW
IsDebuggerPresent
GetCurrentDirectoryW
lstrcmpiW
RaiseException
InitializeCriticalSectionAndSpinCount
InterlockedDecrement
InterlockedIncrement
CreateThread
DuplicateHandle
EnterCriticalSection
GetCurrentProcess
ExitProcess
GetModuleHandleExW
ExitThread
GetSystemTimeAsFileTime
ResumeThread
GetCommandLineW
IsProcessorFeaturePresent
HeapSize
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
SetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStartupInfoW
GetStringTypeW
SetStdHandle
GetFileType
GetConsoleCP
GetConsoleMode
RtlUnwind
ReadConsoleW
SetFilePointer
GetTimeZoneInformation
GetDateFormatW
GetTimeFormatW
LCMapStringW
GetEnvironmentStringsW
FreeEnvironmentStringsW
HeapReAlloc
WriteConsoleW
SetEndOfFile
DeleteFileW
SetEnvironmentVariableA

user32

SetWindowPos
GetCursorInfo
RegisterHotKey
ClientToScreen
GetKeyboardLayoutNameW
IsCharAlphaW
IsCharAlphaNumericW
IsCharLowerW
IsCharUpperW
GetMenuStringW
GetSubMenu
GetCaretPos
IsZoomed
MonitorFromPoint
GetMonitorInfoW
SetWindowLongW
SetLayeredWindowAttributes
FlashWindow
GetClassLongW
TranslateAcceleratorW
IsDialogMessageW
GetSysColor
InflateRect
DrawFocusRect
DrawTextW
FrameRect
DrawFrameControl
FillRect
PtInRect
DestroyAcceleratorTable
CreateAcceleratorTableW
SetCursor
GetWindowDC
GetSystemMetrics
DrawMenuBar
GetActiveWindow
CharNextW
wsprintfW
RedrawWindow
DestroyMenu
SetMenu
GetWindowTextLengthW
CreateMenu
IsDlgButtonChecked
DefDlgProcW
CallWindowProcW
ReleaseCapture
SetCapture
MonitorFromRect
LoadImageW
CreateIconFromResourceEx
mouse_event
ExitWindowsEx
SetActiveWindow
FindWindowExW
EnumThreadWindows
SetMenuDefaultItem
InsertMenuItemW
IsMenu
TrackPopupMenuEx
GetCursorPos
CopyImage
CheckMenuRadioItem
GetMenuItemID
GetMenuItemCount
SetMenuItemInfoW
GetMenuItemInfoW
SetForegroundWindow
IsIconic
FindWindowW
UnregisterHotKey
keybd_event
SendInput
GetAsyncKeyState
SetKeyboardState
GetKeyboardState
GetKeyState
VkKeyScanW
LoadStringW
DialogBoxParamW
MessageBeep
EndDialog
SendDlgItemMessageW
GetDlgItem
SetWindowTextW
CopyRect
ReleaseDC
GetDC
EndPaint
BeginPaint
GetClientRect
GetMenu
DestroyWindow
EnumWindows
GetDesktopWindow
IsWindow
IsWindowEnabled
IsWindowVisible
EnableWindow
InvalidateRect
GetWindowLongW
GetWindowThreadProcessId
AttachThreadInput
GetFocus
ScreenToClient
SendMessageTimeoutW
EnumChildWindows
CharUpperBuffW
GetClassNameW
GetParent
GetDlgCtrlID
SendMessageW
MapVirtualKeyW
PostMessageW
GetWindowRect
SetUserObjectSecurity
CloseDesktop
CloseWindowStation
OpenDesktopW
SetProcessWindowStation
GetProcessWindowStation
OpenWindowStationW
GetUserObjectSecurity
AdjustWindowRectEx
SetRect
SetClipboardData
EmptyClipboard
CountClipboardFormats
CloseClipboard
GetClipboardData
IsClipboardFormatAvailable
OpenClipboard
BlockInput
GetMessageW
LockWindowUpdate
DispatchMessageW
TranslateMessage
DeleteMenu
PeekMessageW
MessageBoxW
DefWindowProcW
MoveWindow
SetFocus
PostQuitMessage
KillTimer
CreatePopupMenu
RegisterWindowMessageW
SetTimer
ShowWindow
CreateWindowExW
RegisterClassExW
LoadIconW
LoadCursorW
GetSysColorBrush
GetForegroundWindow
MessageBoxA
DestroyIcon
SystemParametersInfoW
CharLowerBuffW
GetWindowTextW

gdi32

SetPixel
DeleteObject
GetTextExtentPoint32W
ExtCreatePen
StrokeAndFillPath
StrokePath
GetDeviceCaps
CloseFigure
LineTo
AngleArc
CreateCompatibleBitmap
CreateCompatibleDC
MoveToEx
Ellipse
PolyDraw
BeginPath
SelectObject
StretchBlt
GetDIBits
DeleteDC
GetPixel
CreateDCW
GetStockObject
Rectangle
SetViewportOrgEx
GetObjectW
SetBkMode
RoundRect
SetBkColor
CreatePen
CreateSolidBrush
SetTextColor
CreateFontW
GetTextFaceW
EndPath

comdlg32

GetSaveFileNameW
GetOpenFileNameW

advapi32

GetAclInformation
RegEnumValueW
RegDeleteValueW
RegDeleteKeyW
RegEnumKeyExW
RegSetValueExW
RegCreateKeyExW
GetUserNameW
RegOpenKeyExW
RegCloseKey
RegQueryValueExW
RegConnectRegistryW
InitializeSecurityDescriptor
InitializeAcl
AdjustTokenPrivileges
OpenThreadToken
OpenProcessToken
LookupPrivilegeValueW
DuplicateTokenEx
CreateProcessAsUserW
CreateProcessWithLogonW
GetLengthSid
CopySid
InitiateSystemShutdownExW
LogonUserW
AllocateAndInitializeSid
CheckTokenMembership
FreeSid
GetTokenInformation
GetSecurityDescriptorDacl
SetSecurityDescriptorDacl
AddAce
GetAce

shell32

DragQueryPoint
ShellExecuteExW
DragQueryFileW
SHEmptyRecycleBinW
SHGetPathFromIDListW
SHBrowseForFolderW
SHCreateShellItem
SHGetDesktopFolder
SHGetSpecialFolderLocation
SHGetFolderPathW
SHFileOperationW
ExtractIconExW
Shell_NotifyIconW
ShellExecuteW
DragFinish

ole32

CoTaskMemAlloc
CoTaskMemFree
CLSIDFromString
ProgIDFromCLSID
CLSIDFromProgID
OleSetMenuDescriptor
MkParseDisplayName
OleSetContainedObject
CoCreateInstance
IIDFromString
StringFromGUID2
CreateStreamOnHGlobal
CoInitialize
CoUninitialize
GetRunningObjectTable
CoGetInstanceFromFile
CoGetObject
CoInitializeSecurity
CoCreateInstanceEx
CoSetProxyBlanket

oleaut32

RegisterTypeLi
LoadTypeLibEx
VariantCopyInd
SysReAllocString
SysFreeString
SafeArrayDestroyDescriptor
SafeArrayDestroyData
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayAllocData
UnRegisterTypeLi
SafeArrayCreateVector
SysAllocString
SysStringLen
VariantTimeToSystemTime
VarR8FromDec
SafeArrayGetVartype
OleLoadPicture
QueryPathOfRegTypeLi
VariantCopy
VariantClear
CreateDispTypeInfo
CreateStdDispatch
DispCallFunc
VariantChangeType
SafeArrayAllocDescriptorEx
VariantInit

Sections

.text
Size: 557KB - Virtual size: 557KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 179KB - Virtual size: 179KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 598KB - Virtual size: 597KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 41KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.06.22_FBI-FLASH-MI-000124-MW/43670ae43df9e361fa15f09f611da32db104ee207ed5af3e7e7f098ad82a68e0
.zip
COVID-19 WHO RECOMENDED V.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 376KB - Virtual size: 375KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.06.22_FBI-FLASH-MI-000124-MW/47f1570e770d236836c0d3cb50755b6dd91e1be58a0d3e61507c7baacfd27784
.zip
Persons_status_details_list.xlsx
.zip
[Content_Types].xml
.xml
docProps/app.xml
.xml
Malware-Feed-master/2020.06.22_FBI-FLASH-MI-000124-MW/5b0ba8d58a64630cb5fcb80e72520bd2ef6f322003fa2588d4d594620e6685ae
.jar
Malware-Feed-master/2020.06.22_FBI-FLASH-MI-000124-MW/7b98cd3800dede6537cf78e7b61eeeda71d251dc97c70cb7c2135c6aa310ab7f
.exe windows:5 windows x86 arch:x86

7f2222d75bcebeb591b7d884c5b9299b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

wsock32

__WSAFDIsSet
recv
send
setsockopt
ntohs
recvfrom
select
WSAStartup
htons
accept
listen
bind
closesocket
connect
WSACleanup
ioctlsocket
sendto
WSAGetLastError
inet_addr
gethostbyname
gethostname
socket

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

winmm

timeGetTime
waveOutSetVolume
mciSendStringW

comctl32

ImageList_Destroy
ImageList_Remove
ImageList_SetDragCursorImage
ImageList_BeginDrag
ImageList_DragEnter
ImageList_DragLeave
ImageList_EndDrag
ImageList_DragMove
ImageList_Create
InitCommonControlsEx
ImageList_ReplaceIcon

mpr

WNetUseConnectionW
WNetCancelConnection2W
WNetGetConnectionW
WNetAddConnection2W

wininet

InternetReadFile
InternetCloseHandle
InternetOpenW
InternetSetOptionW
InternetCrackUrlW
HttpQueryInfoW
InternetQueryOptionW
HttpOpenRequestW
HttpSendRequestW
FtpOpenFileW
FtpGetFileSize
InternetOpenUrlW
InternetConnectW
InternetQueryDataAvailable

psapi

GetProcessMemoryInfo

iphlpapi

IcmpCreateFile
IcmpCloseHandle
IcmpSendEcho

userenv

UnloadUserProfile
DestroyEnvironmentBlock
CreateEnvironmentBlock
LoadUserProfileW

uxtheme

IsThemeActive

kernel32

HeapAlloc
GetProcessHeap
HeapFree
Sleep
GetCurrentThreadId
MultiByteToWideChar
MulDiv
GetVersionExW
GetSystemInfo
FreeLibrary
LoadLibraryA
GetProcAddress
SetErrorMode
GetModuleFileNameW
WideCharToMultiByte
lstrcpyW
lstrlenW
GetModuleHandleW
QueryPerformanceCounter
VirtualFreeEx
OpenProcess
VirtualAllocEx
WriteProcessMemory
ReadProcessMemory
CreateFileW
SetFilePointerEx
ReadFile
WriteFile
FlushFileBuffers
TerminateProcess
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
SetFileTime
GetFileAttributesW
FindFirstFileW
FindClose
GetLongPathNameW
GetCurrentThread
FindNextFileW
MoveFileW
CopyFileW
CreateDirectoryW
RemoveDirectoryW
SetSystemPowerState
QueryPerformanceFrequency
FindResourceW
LoadResource
LockResource
SizeofResource
EnumResourceNamesW
OutputDebugStringW
GetTempPathW
GetTempFileNameW
DeviceIoControl
GetLocalTime
CompareStringW
DeleteCriticalSection
WaitForSingleObject
LeaveCriticalSection
GetStdHandle
CreatePipe
InterlockedExchange
TerminateThread
LoadLibraryExW
FindResourceExW
VirtualFree
FormatMessageW
GetExitCodeProcess
GetPrivateProfileStringW
WritePrivateProfileStringW
GetPrivateProfileSectionW
WritePrivateProfileSectionW
GetPrivateProfileSectionNamesW
FileTimeToLocalFileTime
FileTimeToSystemTime
SystemTimeToFileTime
LocalFileTimeToFileTime
GetDriveTypeW
GetDiskFreeSpaceExW
GetDiskFreeSpaceW
GetVolumeInformationW
SetVolumeLabelW
CreateHardLinkW
SetFileAttributesW
GetShortPathNameW
CreateEventW
SetEvent
GetEnvironmentVariableW
SetEnvironmentVariableW
GlobalLock
GlobalUnlock
GlobalAlloc
GetFileSize
GlobalFree
GlobalMemoryStatusEx
Beep
GetSystemDirectoryW
GetComputerNameW
GetWindowsDirectoryW
GetCurrentProcessId
GetProcessIoCounters
CreateProcessW
SetPriorityClass
LoadLibraryW
VirtualAlloc
CloseHandle
GetLastError
GetFullPathNameW
SetCurrentDirectoryW
IsDebuggerPresent
GetCurrentDirectoryW
lstrcmpiW
RaiseException
InitializeCriticalSectionAndSpinCount
InterlockedDecrement
InterlockedIncrement
CreateThread
DuplicateHandle
EnterCriticalSection
GetCurrentProcess
ExitProcess
GetModuleHandleExW
ExitThread
GetSystemTimeAsFileTime
ResumeThread
GetCommandLineW
IsProcessorFeaturePresent
HeapSize
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
SetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStartupInfoW
GetStringTypeW
SetStdHandle
GetFileType
GetConsoleCP
GetConsoleMode
RtlUnwind
ReadConsoleW
SetFilePointer
GetTimeZoneInformation
GetDateFormatW
GetTimeFormatW
LCMapStringW
GetEnvironmentStringsW
FreeEnvironmentStringsW
HeapReAlloc
WriteConsoleW
SetEndOfFile
DeleteFileW
SetEnvironmentVariableA

user32

SetWindowPos
GetCursorInfo
RegisterHotKey
ClientToScreen
GetKeyboardLayoutNameW
IsCharAlphaW
IsCharAlphaNumericW
IsCharLowerW
IsCharUpperW
GetMenuStringW
GetSubMenu
GetCaretPos
IsZoomed
MonitorFromPoint
GetMonitorInfoW
SetWindowLongW
SetLayeredWindowAttributes
FlashWindow
GetClassLongW
TranslateAcceleratorW
IsDialogMessageW
GetSysColor
InflateRect
DrawFocusRect
DrawTextW
FrameRect
DrawFrameControl
FillRect
PtInRect
DestroyAcceleratorTable
CreateAcceleratorTableW
SetCursor
GetWindowDC
GetSystemMetrics
DrawMenuBar
GetActiveWindow
CharNextW
wsprintfW
RedrawWindow
DestroyMenu
SetMenu
GetWindowTextLengthW
CreateMenu
IsDlgButtonChecked
DefDlgProcW
CallWindowProcW
ReleaseCapture
SetCapture
MonitorFromRect
LoadImageW
CreateIconFromResourceEx
mouse_event
ExitWindowsEx
SetActiveWindow
FindWindowExW
EnumThreadWindows
SetMenuDefaultItem
InsertMenuItemW
IsMenu
TrackPopupMenuEx
GetCursorPos
CopyImage
CheckMenuRadioItem
GetMenuItemID
GetMenuItemCount
SetMenuItemInfoW
GetMenuItemInfoW
SetForegroundWindow
IsIconic
FindWindowW
UnregisterHotKey
keybd_event
SendInput
GetAsyncKeyState
SetKeyboardState
GetKeyboardState
GetKeyState
VkKeyScanW
LoadStringW
DialogBoxParamW
MessageBeep
EndDialog
SendDlgItemMessageW
GetDlgItem
SetWindowTextW
CopyRect
ReleaseDC
GetDC
EndPaint
BeginPaint
GetClientRect
GetMenu
DestroyWindow
EnumWindows
GetDesktopWindow
IsWindow
IsWindowEnabled
IsWindowVisible
EnableWindow
InvalidateRect
GetWindowLongW
GetWindowThreadProcessId
AttachThreadInput
GetFocus
ScreenToClient
SendMessageTimeoutW
EnumChildWindows
CharUpperBuffW
GetClassNameW
GetParent
GetDlgCtrlID
SendMessageW
MapVirtualKeyW
PostMessageW
GetWindowRect
SetUserObjectSecurity
CloseDesktop
CloseWindowStation
OpenDesktopW
SetProcessWindowStation
GetProcessWindowStation
OpenWindowStationW
GetUserObjectSecurity
AdjustWindowRectEx
SetRect
SetClipboardData
EmptyClipboard
CountClipboardFormats
CloseClipboard
GetClipboardData
IsClipboardFormatAvailable
OpenClipboard
BlockInput
GetMessageW
LockWindowUpdate
DispatchMessageW
TranslateMessage
DeleteMenu
PeekMessageW
MessageBoxW
DefWindowProcW
MoveWindow
SetFocus
PostQuitMessage
KillTimer
CreatePopupMenu
RegisterWindowMessageW
SetTimer
ShowWindow
CreateWindowExW
RegisterClassExW
LoadIconW
LoadCursorW
GetSysColorBrush
GetForegroundWindow
MessageBoxA
DestroyIcon
SystemParametersInfoW
CharLowerBuffW
GetWindowTextW

gdi32

SetPixel
DeleteObject
GetTextExtentPoint32W
ExtCreatePen
StrokeAndFillPath
StrokePath
GetDeviceCaps
CloseFigure
LineTo
AngleArc
CreateCompatibleBitmap
CreateCompatibleDC
MoveToEx
Ellipse
PolyDraw
BeginPath
SelectObject
StretchBlt
GetDIBits
DeleteDC
GetPixel
CreateDCW
GetStockObject
Rectangle
SetViewportOrgEx
GetObjectW
SetBkMode
RoundRect
SetBkColor
CreatePen
CreateSolidBrush
SetTextColor
CreateFontW
GetTextFaceW
EndPath

comdlg32

GetSaveFileNameW
GetOpenFileNameW

advapi32

GetAclInformation
RegEnumValueW
RegDeleteValueW
RegDeleteKeyW
RegEnumKeyExW
RegSetValueExW
RegCreateKeyExW
GetUserNameW
RegOpenKeyExW
RegCloseKey
RegQueryValueExW
RegConnectRegistryW
InitializeSecurityDescriptor
InitializeAcl
AdjustTokenPrivileges
OpenThreadToken
OpenProcessToken
LookupPrivilegeValueW
DuplicateTokenEx
CreateProcessAsUserW
CreateProcessWithLogonW
GetLengthSid
CopySid
InitiateSystemShutdownExW
LogonUserW
AllocateAndInitializeSid
CheckTokenMembership
FreeSid
GetTokenInformation
GetSecurityDescriptorDacl
SetSecurityDescriptorDacl
AddAce
GetAce

shell32

DragQueryPoint
ShellExecuteExW
DragQueryFileW
SHEmptyRecycleBinW
SHGetPathFromIDListW
SHBrowseForFolderW
SHCreateShellItem
SHGetDesktopFolder
SHGetSpecialFolderLocation
SHGetFolderPathW
SHFileOperationW
ExtractIconExW
Shell_NotifyIconW
ShellExecuteW
DragFinish

ole32

CoTaskMemAlloc
CoTaskMemFree
CLSIDFromString
ProgIDFromCLSID
CLSIDFromProgID
OleSetMenuDescriptor
MkParseDisplayName
OleSetContainedObject
CoCreateInstance
IIDFromString
StringFromGUID2
CreateStreamOnHGlobal
CoInitialize
CoUninitialize
GetRunningObjectTable
CoGetInstanceFromFile
CoGetObject
CoInitializeSecurity
CoCreateInstanceEx
CoSetProxyBlanket

oleaut32

RegisterTypeLi
LoadTypeLibEx
VariantCopyInd
SysReAllocString
SysFreeString
SafeArrayDestroyDescriptor
SafeArrayDestroyData
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayAllocData
UnRegisterTypeLi
SafeArrayCreateVector
SysAllocString
SysStringLen
VariantTimeToSystemTime
VarR8FromDec
SafeArrayGetVartype
OleLoadPicture
QueryPathOfRegTypeLi
VariantCopy
VariantClear
CreateDispTypeInfo
CreateStdDispatch
DispCallFunc
VariantChangeType
SafeArrayAllocDescriptorEx
VariantInit

Sections

.text
Size: 557KB - Virtual size: 557KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 179KB - Virtual size: 179KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 598KB - Virtual size: 597KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 41KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.06.22_FBI-FLASH-MI-000124-MW/README.md
Malware-Feed-master/2020.06.22_FBI-FLASH-MI-000124-MW/d150feb631d6e9050b7fb76db57504e6dcc2715fe03e45db095f50d56a9495a5
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 376KB - Virtual size: 375KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.06.22_FBI-FLASH-MI-000124-MW/d56bb81d0f8e4de24dc12a7d963ed95eec36291c71a29d6b434e72f098cc1131
.zip
[Content_Types].xml
.xml
docProps/app.xml
.xml
Malware-Feed-master/2020.06.22_FBI-FLASH-MI-000124-MW/da26ba1e13ce4702bd5154789ce1a699ba206c12021d9823380febd795f5b002
.exe windows:5 windows x86 arch:x86

7f2222d75bcebeb591b7d884c5b9299b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

wsock32

__WSAFDIsSet
recv
send
setsockopt
ntohs
recvfrom
select
WSAStartup
htons
accept
listen
bind
closesocket
connect
WSACleanup
ioctlsocket
sendto
WSAGetLastError
inet_addr
gethostbyname
gethostname
socket

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

winmm

timeGetTime
waveOutSetVolume
mciSendStringW

comctl32

ImageList_Destroy
ImageList_Remove
ImageList_SetDragCursorImage
ImageList_BeginDrag
ImageList_DragEnter
ImageList_DragLeave
ImageList_EndDrag
ImageList_DragMove
ImageList_Create
InitCommonControlsEx
ImageList_ReplaceIcon

mpr

WNetUseConnectionW
WNetCancelConnection2W
WNetGetConnectionW
WNetAddConnection2W

wininet

InternetReadFile
InternetCloseHandle
InternetOpenW
InternetSetOptionW
InternetCrackUrlW
HttpQueryInfoW
InternetQueryOptionW
HttpOpenRequestW
HttpSendRequestW
FtpOpenFileW
FtpGetFileSize
InternetOpenUrlW
InternetConnectW
InternetQueryDataAvailable

psapi

GetProcessMemoryInfo

iphlpapi

IcmpCreateFile
IcmpCloseHandle
IcmpSendEcho

userenv

UnloadUserProfile
DestroyEnvironmentBlock
CreateEnvironmentBlock
LoadUserProfileW

uxtheme

IsThemeActive

kernel32

HeapAlloc
GetProcessHeap
HeapFree
Sleep
GetCurrentThreadId
MultiByteToWideChar
MulDiv
GetVersionExW
GetSystemInfo
FreeLibrary
LoadLibraryA
GetProcAddress
SetErrorMode
GetModuleFileNameW
WideCharToMultiByte
lstrcpyW
lstrlenW
GetModuleHandleW
QueryPerformanceCounter
VirtualFreeEx
OpenProcess
VirtualAllocEx
WriteProcessMemory
ReadProcessMemory
CreateFileW
SetFilePointerEx
ReadFile
WriteFile
FlushFileBuffers
TerminateProcess
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
SetFileTime
GetFileAttributesW
FindFirstFileW
FindClose
GetLongPathNameW
GetCurrentThread
FindNextFileW
MoveFileW
CopyFileW
CreateDirectoryW
RemoveDirectoryW
SetSystemPowerState
QueryPerformanceFrequency
FindResourceW
LoadResource
LockResource
SizeofResource
EnumResourceNamesW
OutputDebugStringW
GetTempPathW
GetTempFileNameW
DeviceIoControl
GetLocalTime
CompareStringW
DeleteCriticalSection
WaitForSingleObject
LeaveCriticalSection
GetStdHandle
CreatePipe
InterlockedExchange
TerminateThread
LoadLibraryExW
FindResourceExW
VirtualFree
FormatMessageW
GetExitCodeProcess
GetPrivateProfileStringW
WritePrivateProfileStringW
GetPrivateProfileSectionW
WritePrivateProfileSectionW
GetPrivateProfileSectionNamesW
FileTimeToLocalFileTime
FileTimeToSystemTime
SystemTimeToFileTime
LocalFileTimeToFileTime
GetDriveTypeW
GetDiskFreeSpaceExW
GetDiskFreeSpaceW
GetVolumeInformationW
SetVolumeLabelW
CreateHardLinkW
SetFileAttributesW
GetShortPathNameW
CreateEventW
SetEvent
GetEnvironmentVariableW
SetEnvironmentVariableW
GlobalLock
GlobalUnlock
GlobalAlloc
GetFileSize
GlobalFree
GlobalMemoryStatusEx
Beep
GetSystemDirectoryW
GetComputerNameW
GetWindowsDirectoryW
GetCurrentProcessId
GetProcessIoCounters
CreateProcessW
SetPriorityClass
LoadLibraryW
VirtualAlloc
CloseHandle
GetLastError
GetFullPathNameW
SetCurrentDirectoryW
IsDebuggerPresent
GetCurrentDirectoryW
lstrcmpiW
RaiseException
InitializeCriticalSectionAndSpinCount
InterlockedDecrement
InterlockedIncrement
CreateThread
DuplicateHandle
EnterCriticalSection
GetCurrentProcess
ExitProcess
GetModuleHandleExW
ExitThread
GetSystemTimeAsFileTime
ResumeThread
GetCommandLineW
IsProcessorFeaturePresent
HeapSize
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
SetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStartupInfoW
GetStringTypeW
SetStdHandle
GetFileType
GetConsoleCP
GetConsoleMode
RtlUnwind
ReadConsoleW
SetFilePointer
GetTimeZoneInformation
GetDateFormatW
GetTimeFormatW
LCMapStringW
GetEnvironmentStringsW
FreeEnvironmentStringsW
HeapReAlloc
WriteConsoleW
SetEndOfFile
DeleteFileW
SetEnvironmentVariableA

user32

SetWindowPos
GetCursorInfo
RegisterHotKey
ClientToScreen
GetKeyboardLayoutNameW
IsCharAlphaW
IsCharAlphaNumericW
IsCharLowerW
IsCharUpperW
GetMenuStringW
GetSubMenu
GetCaretPos
IsZoomed
MonitorFromPoint
GetMonitorInfoW
SetWindowLongW
SetLayeredWindowAttributes
FlashWindow
GetClassLongW
TranslateAcceleratorW
IsDialogMessageW
GetSysColor
InflateRect
DrawFocusRect
DrawTextW
FrameRect
DrawFrameControl
FillRect
PtInRect
DestroyAcceleratorTable
CreateAcceleratorTableW
SetCursor
GetWindowDC
GetSystemMetrics
DrawMenuBar
GetActiveWindow
CharNextW
wsprintfW
RedrawWindow
DestroyMenu
SetMenu
GetWindowTextLengthW
CreateMenu
IsDlgButtonChecked
DefDlgProcW
CallWindowProcW
ReleaseCapture
SetCapture
MonitorFromRect
LoadImageW
CreateIconFromResourceEx
mouse_event
ExitWindowsEx
SetActiveWindow
FindWindowExW
EnumThreadWindows
SetMenuDefaultItem
InsertMenuItemW
IsMenu
TrackPopupMenuEx
GetCursorPos
CopyImage
CheckMenuRadioItem
GetMenuItemID
GetMenuItemCount
SetMenuItemInfoW
GetMenuItemInfoW
SetForegroundWindow
IsIconic
FindWindowW
UnregisterHotKey
keybd_event
SendInput
GetAsyncKeyState
SetKeyboardState
GetKeyboardState
GetKeyState
VkKeyScanW
LoadStringW
DialogBoxParamW
MessageBeep
EndDialog
SendDlgItemMessageW
GetDlgItem
SetWindowTextW
CopyRect
ReleaseDC
GetDC
EndPaint
BeginPaint
GetClientRect
GetMenu
DestroyWindow
EnumWindows
GetDesktopWindow
IsWindow
IsWindowEnabled
IsWindowVisible
EnableWindow
InvalidateRect
GetWindowLongW
GetWindowThreadProcessId
AttachThreadInput
GetFocus
ScreenToClient
SendMessageTimeoutW
EnumChildWindows
CharUpperBuffW
GetClassNameW
GetParent
GetDlgCtrlID
SendMessageW
MapVirtualKeyW
PostMessageW
GetWindowRect
SetUserObjectSecurity
CloseDesktop
CloseWindowStation
OpenDesktopW
SetProcessWindowStation
GetProcessWindowStation
OpenWindowStationW
GetUserObjectSecurity
AdjustWindowRectEx
SetRect
SetClipboardData
EmptyClipboard
CountClipboardFormats
CloseClipboard
GetClipboardData
IsClipboardFormatAvailable
OpenClipboard
BlockInput
GetMessageW
LockWindowUpdate
DispatchMessageW
TranslateMessage
DeleteMenu
PeekMessageW
MessageBoxW
DefWindowProcW
MoveWindow
SetFocus
PostQuitMessage
KillTimer
CreatePopupMenu
RegisterWindowMessageW
SetTimer
ShowWindow
CreateWindowExW
RegisterClassExW
LoadIconW
LoadCursorW
GetSysColorBrush
GetForegroundWindow
MessageBoxA
DestroyIcon
SystemParametersInfoW
CharLowerBuffW
GetWindowTextW

gdi32

SetPixel
DeleteObject
GetTextExtentPoint32W
ExtCreatePen
StrokeAndFillPath
StrokePath
GetDeviceCaps
CloseFigure
LineTo
AngleArc
CreateCompatibleBitmap
CreateCompatibleDC
MoveToEx
Ellipse
PolyDraw
BeginPath
SelectObject
StretchBlt
GetDIBits
DeleteDC
GetPixel
CreateDCW
GetStockObject
Rectangle
SetViewportOrgEx
GetObjectW
SetBkMode
RoundRect
SetBkColor
CreatePen
CreateSolidBrush
SetTextColor
CreateFontW
GetTextFaceW
EndPath

comdlg32

GetSaveFileNameW
GetOpenFileNameW

advapi32

GetAclInformation
RegEnumValueW
RegDeleteValueW
RegDeleteKeyW
RegEnumKeyExW
RegSetValueExW
RegCreateKeyExW
GetUserNameW
RegOpenKeyExW
RegCloseKey
RegQueryValueExW
RegConnectRegistryW
InitializeSecurityDescriptor
InitializeAcl
AdjustTokenPrivileges
OpenThreadToken
OpenProcessToken
LookupPrivilegeValueW
DuplicateTokenEx
CreateProcessAsUserW
CreateProcessWithLogonW
GetLengthSid
CopySid
InitiateSystemShutdownExW
LogonUserW
AllocateAndInitializeSid
CheckTokenMembership
FreeSid
GetTokenInformation
GetSecurityDescriptorDacl
SetSecurityDescriptorDacl
AddAce
GetAce

shell32

DragQueryPoint
ShellExecuteExW
DragQueryFileW
SHEmptyRecycleBinW
SHGetPathFromIDListW
SHBrowseForFolderW
SHCreateShellItem
SHGetDesktopFolder
SHGetSpecialFolderLocation
SHGetFolderPathW
SHFileOperationW
ExtractIconExW
Shell_NotifyIconW
ShellExecuteW
DragFinish

ole32

CoTaskMemAlloc
CoTaskMemFree
CLSIDFromString
ProgIDFromCLSID
CLSIDFromProgID
OleSetMenuDescriptor
MkParseDisplayName
OleSetContainedObject
CoCreateInstance
IIDFromString
StringFromGUID2
CreateStreamOnHGlobal
CoInitialize
CoUninitialize
GetRunningObjectTable
CoGetInstanceFromFile
CoGetObject
CoInitializeSecurity
CoCreateInstanceEx
CoSetProxyBlanket

oleaut32

RegisterTypeLi
LoadTypeLibEx
VariantCopyInd
SysReAllocString
SysFreeString
SafeArrayDestroyDescriptor
SafeArrayDestroyData
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayAllocData
UnRegisterTypeLi
SafeArrayCreateVector
SysAllocString
SysStringLen
VariantTimeToSystemTime
VarR8FromDec
SafeArrayGetVartype
OleLoadPicture
QueryPathOfRegTypeLi
VariantCopy
VariantClear
CreateDispTypeInfo
CreateStdDispatch
DispCallFunc
VariantChangeType
SafeArrayAllocDescriptorEx
VariantInit

Sections

.text
Size: 557KB - Virtual size: 557KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 179KB - Virtual size: 179KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 293KB - Virtual size: 293KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 41KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.06.22_FBI-FLASH-MI-000124-MW/e4e5c3a6c15beff4e17117075e2c0bd65f176d81e6885134d2b4d97c20d4773a
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 385KB - Virtual size: 385KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.06.22_FBI-FLASH-MI-000124-MW/f681c1f8c12956a20c27beb9be1112374fefc7651884d7dd92010b40db1e7bee
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 412KB - Virtual size: 412KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 45KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 3KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 16B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 31KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 261KB - Virtual size: 261KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.06.22_FBI-FLASH-MI-000124-MW/f7b0d6d95f2644e32c22eb3e681e33387ac27d71dd73eee3ff37ce77985ab177
.zip
AWARENESS NOTICE ON CORONAVIRUS COVID-19 DOCUMENT_pdf.exe
.exe windows:5 windows x86 arch:x86

7f2222d75bcebeb591b7d884c5b9299b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

wsock32

__WSAFDIsSet
recv
send
setsockopt
ntohs
recvfrom
select
WSAStartup
htons
accept
listen
bind
closesocket
connect
WSACleanup
ioctlsocket
sendto
WSAGetLastError
inet_addr
gethostbyname
gethostname
socket

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

winmm

timeGetTime
waveOutSetVolume
mciSendStringW

comctl32

ImageList_Destroy
ImageList_Remove
ImageList_SetDragCursorImage
ImageList_BeginDrag
ImageList_DragEnter
ImageList_DragLeave
ImageList_EndDrag
ImageList_DragMove
ImageList_Create
InitCommonControlsEx
ImageList_ReplaceIcon

mpr

WNetUseConnectionW
WNetCancelConnection2W
WNetGetConnectionW
WNetAddConnection2W

wininet

InternetReadFile
InternetCloseHandle
InternetOpenW
InternetSetOptionW
InternetCrackUrlW
HttpQueryInfoW
InternetQueryOptionW
HttpOpenRequestW
HttpSendRequestW
FtpOpenFileW
FtpGetFileSize
InternetOpenUrlW
InternetConnectW
InternetQueryDataAvailable

psapi

GetProcessMemoryInfo

iphlpapi

IcmpCreateFile
IcmpCloseHandle
IcmpSendEcho

userenv

UnloadUserProfile
DestroyEnvironmentBlock
CreateEnvironmentBlock
LoadUserProfileW

uxtheme

IsThemeActive

kernel32

HeapAlloc
GetProcessHeap
HeapFree
Sleep
GetCurrentThreadId
MultiByteToWideChar
MulDiv
GetVersionExW
GetSystemInfo
FreeLibrary
LoadLibraryA
GetProcAddress
SetErrorMode
GetModuleFileNameW
WideCharToMultiByte
lstrcpyW
lstrlenW
GetModuleHandleW
QueryPerformanceCounter
VirtualFreeEx
OpenProcess
VirtualAllocEx
WriteProcessMemory
ReadProcessMemory
CreateFileW
SetFilePointerEx
ReadFile
WriteFile
FlushFileBuffers
TerminateProcess
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
SetFileTime
GetFileAttributesW
FindFirstFileW
FindClose
GetLongPathNameW
GetCurrentThread
FindNextFileW
MoveFileW
CopyFileW
CreateDirectoryW
RemoveDirectoryW
SetSystemPowerState
QueryPerformanceFrequency
FindResourceW
LoadResource
LockResource
SizeofResource
EnumResourceNamesW
OutputDebugStringW
GetTempPathW
GetTempFileNameW
DeviceIoControl
GetLocalTime
CompareStringW
DeleteCriticalSection
WaitForSingleObject
LeaveCriticalSection
GetStdHandle
CreatePipe
InterlockedExchange
TerminateThread
LoadLibraryExW
FindResourceExW
VirtualFree
FormatMessageW
GetExitCodeProcess
GetPrivateProfileStringW
WritePrivateProfileStringW
GetPrivateProfileSectionW
WritePrivateProfileSectionW
GetPrivateProfileSectionNamesW
FileTimeToLocalFileTime
FileTimeToSystemTime
SystemTimeToFileTime
LocalFileTimeToFileTime
GetDriveTypeW
GetDiskFreeSpaceExW
GetDiskFreeSpaceW
GetVolumeInformationW
SetVolumeLabelW
CreateHardLinkW
SetFileAttributesW
GetShortPathNameW
CreateEventW
SetEvent
GetEnvironmentVariableW
SetEnvironmentVariableW
GlobalLock
GlobalUnlock
GlobalAlloc
GetFileSize
GlobalFree
GlobalMemoryStatusEx
Beep
GetSystemDirectoryW
GetComputerNameW
GetWindowsDirectoryW
GetCurrentProcessId
GetProcessIoCounters
CreateProcessW
SetPriorityClass
LoadLibraryW
VirtualAlloc
CloseHandle
GetLastError
GetFullPathNameW
SetCurrentDirectoryW
IsDebuggerPresent
GetCurrentDirectoryW
lstrcmpiW
RaiseException
InitializeCriticalSectionAndSpinCount
InterlockedDecrement
InterlockedIncrement
CreateThread
DuplicateHandle
EnterCriticalSection
GetCurrentProcess
ExitProcess
GetModuleHandleExW
ExitThread
GetSystemTimeAsFileTime
ResumeThread
GetCommandLineW
IsProcessorFeaturePresent
HeapSize
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
SetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStartupInfoW
GetStringTypeW
SetStdHandle
GetFileType
GetConsoleCP
GetConsoleMode
RtlUnwind
ReadConsoleW
SetFilePointer
GetTimeZoneInformation
GetDateFormatW
GetTimeFormatW
LCMapStringW
GetEnvironmentStringsW
FreeEnvironmentStringsW
HeapReAlloc
WriteConsoleW
SetEndOfFile
DeleteFileW
SetEnvironmentVariableA

user32

SetWindowPos
GetCursorInfo
RegisterHotKey
ClientToScreen
GetKeyboardLayoutNameW
IsCharAlphaW
IsCharAlphaNumericW
IsCharLowerW
IsCharUpperW
GetMenuStringW
GetSubMenu
GetCaretPos
IsZoomed
MonitorFromPoint
GetMonitorInfoW
SetWindowLongW
SetLayeredWindowAttributes
FlashWindow
GetClassLongW
TranslateAcceleratorW
IsDialogMessageW
GetSysColor
InflateRect
DrawFocusRect
DrawTextW
FrameRect
DrawFrameControl
FillRect
PtInRect
DestroyAcceleratorTable
CreateAcceleratorTableW
SetCursor
GetWindowDC
GetSystemMetrics
DrawMenuBar
GetActiveWindow
CharNextW
wsprintfW
RedrawWindow
DestroyMenu
SetMenu
GetWindowTextLengthW
CreateMenu
IsDlgButtonChecked
DefDlgProcW
CallWindowProcW
ReleaseCapture
SetCapture
MonitorFromRect
LoadImageW
CreateIconFromResourceEx
mouse_event
ExitWindowsEx
SetActiveWindow
FindWindowExW
EnumThreadWindows
SetMenuDefaultItem
InsertMenuItemW
IsMenu
TrackPopupMenuEx
GetCursorPos
CopyImage
CheckMenuRadioItem
GetMenuItemID
GetMenuItemCount
SetMenuItemInfoW
GetMenuItemInfoW
SetForegroundWindow
IsIconic
FindWindowW
UnregisterHotKey
keybd_event
SendInput
GetAsyncKeyState
SetKeyboardState
GetKeyboardState
GetKeyState
VkKeyScanW
LoadStringW
DialogBoxParamW
MessageBeep
EndDialog
SendDlgItemMessageW
GetDlgItem
SetWindowTextW
CopyRect
ReleaseDC
GetDC
EndPaint
BeginPaint
GetClientRect
GetMenu
DestroyWindow
EnumWindows
GetDesktopWindow
IsWindow
IsWindowEnabled
IsWindowVisible
EnableWindow
InvalidateRect
GetWindowLongW
GetWindowThreadProcessId
AttachThreadInput
GetFocus
ScreenToClient
SendMessageTimeoutW
EnumChildWindows
CharUpperBuffW
GetClassNameW
GetParent
GetDlgCtrlID
SendMessageW
MapVirtualKeyW
PostMessageW
GetWindowRect
SetUserObjectSecurity
CloseDesktop
CloseWindowStation
OpenDesktopW
SetProcessWindowStation
GetProcessWindowStation
OpenWindowStationW
GetUserObjectSecurity
AdjustWindowRectEx
SetRect
SetClipboardData
EmptyClipboard
CountClipboardFormats
CloseClipboard
GetClipboardData
IsClipboardFormatAvailable
OpenClipboard
BlockInput
GetMessageW
LockWindowUpdate
DispatchMessageW
TranslateMessage
DeleteMenu
PeekMessageW
MessageBoxW
DefWindowProcW
MoveWindow
SetFocus
PostQuitMessage
KillTimer
CreatePopupMenu
RegisterWindowMessageW
SetTimer
ShowWindow
CreateWindowExW
RegisterClassExW
LoadIconW
LoadCursorW
GetSysColorBrush
GetForegroundWindow
MessageBoxA
DestroyIcon
SystemParametersInfoW
CharLowerBuffW
GetWindowTextW

gdi32

SetPixel
DeleteObject
GetTextExtentPoint32W
ExtCreatePen
StrokeAndFillPath
StrokePath
GetDeviceCaps
CloseFigure
LineTo
AngleArc
CreateCompatibleBitmap
CreateCompatibleDC
MoveToEx
Ellipse
PolyDraw
BeginPath
SelectObject
StretchBlt
GetDIBits
DeleteDC
GetPixel
CreateDCW
GetStockObject
Rectangle
SetViewportOrgEx
GetObjectW
SetBkMode
RoundRect
SetBkColor
CreatePen
CreateSolidBrush
SetTextColor
CreateFontW
GetTextFaceW
EndPath

comdlg32

GetSaveFileNameW
GetOpenFileNameW

advapi32

GetAclInformation
RegEnumValueW
RegDeleteValueW
RegDeleteKeyW
RegEnumKeyExW
RegSetValueExW
RegCreateKeyExW
GetUserNameW
RegOpenKeyExW
RegCloseKey
RegQueryValueExW
RegConnectRegistryW
InitializeSecurityDescriptor
InitializeAcl
AdjustTokenPrivileges
OpenThreadToken
OpenProcessToken
LookupPrivilegeValueW
DuplicateTokenEx
CreateProcessAsUserW
CreateProcessWithLogonW
GetLengthSid
CopySid
InitiateSystemShutdownExW
LogonUserW
AllocateAndInitializeSid
CheckTokenMembership
FreeSid
GetTokenInformation
GetSecurityDescriptorDacl
SetSecurityDescriptorDacl
AddAce
GetAce

shell32

DragQueryPoint
ShellExecuteExW
DragQueryFileW
SHEmptyRecycleBinW
SHGetPathFromIDListW
SHBrowseForFolderW
SHCreateShellItem
SHGetDesktopFolder
SHGetSpecialFolderLocation
SHGetFolderPathW
SHFileOperationW
ExtractIconExW
Shell_NotifyIconW
ShellExecuteW
DragFinish

ole32

CoTaskMemAlloc
CoTaskMemFree
CLSIDFromString
ProgIDFromCLSID
CLSIDFromProgID
OleSetMenuDescriptor
MkParseDisplayName
OleSetContainedObject
CoCreateInstance
IIDFromString
StringFromGUID2
CreateStreamOnHGlobal
CoInitialize
CoUninitialize
GetRunningObjectTable
CoGetInstanceFromFile
CoGetObject
CoInitializeSecurity
CoCreateInstanceEx
CoSetProxyBlanket

oleaut32

RegisterTypeLi
LoadTypeLibEx
VariantCopyInd
SysReAllocString
SysFreeString
SafeArrayDestroyDescriptor
SafeArrayDestroyData
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayAllocData
UnRegisterTypeLi
SafeArrayCreateVector
SysAllocString
SysStringLen
VariantTimeToSystemTime
VarR8FromDec
SafeArrayGetVartype
OleLoadPicture
QueryPathOfRegTypeLi
VariantCopy
VariantClear
CreateDispTypeInfo
CreateStdDispatch
DispCallFunc
VariantChangeType
SafeArrayAllocDescriptorEx
VariantInit

Sections

.text
Size: 557KB - Virtual size: 557KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 179KB - Virtual size: 179KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 293KB - Virtual size: 293KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 41KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.07.16_CISA-WELLMAIL/0c5ad1e8fe43583e279201cdb1046aea742bae59685e6da24e963a41df987494
.elf linux x64
Malware-Feed-master/2020.07.16_CISA-WELLMAIL/83014ab5b3f63b0253cdab6d715f5988ac9014570fa4ab2b267c7cf9ba237d18
.elf linux x64
Malware-Feed-master/2020.07.16_CISA-WELLMAIL/README.md
Malware-Feed-master/2020.07.23_FBI-FLASH-AC-000129-TT/1d973d05dee26f74ae352325da741928af4327f7a6be27cdec085a31fbea8100
.dll windows:5 windows x86 arch:x86

fdeeb82d6e64cbb5daab6f4bdc0ac718

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

F:\DLL\dll-client-0309\Release\SvcDll.pdb

Imports

kernel32

GetSystemDirectoryW
GetSystemWow64DirectoryW
CloseHandle
GetModuleFileNameW
GetNativeSystemInfo
Sleep
FreeConsole
OutputDebugStringA
GetFileAttributesW
GetEnvironmentVariableW
FlushFileBuffers
GetStringTypeW
WriteConsoleW
SetStdHandle
OutputDebugStringW
EncodePointer
DecodePointer
GetCommandLineA
GetCurrentThreadId
IsDebuggerPresent
IsProcessorFeaturePresent
RaiseException
GetLastError
HeapFree
HeapAlloc
ExitProcess
GetModuleHandleExW
GetProcAddress
MultiByteToWideChar
WideCharToMultiByte
HeapSize
SetLastError
GetProcessHeap
GetStdHandle
GetFileType
DeleteCriticalSection
GetStartupInfoW
GetModuleFileNameA
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetEnvironmentStringsW
FreeEnvironmentStringsW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleW
EnterCriticalSection
LeaveCriticalSection
RtlUnwind
WriteFile
GetConsoleCP
GetConsoleMode
SetFilePointerEx
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
LoadLibraryExW
HeapReAlloc
LCMapStringW
CreateFileW

advapi32

RegSetValueExW
RegCloseKey
RegDeleteValueW
ControlService
DeleteService
QueryServiceStatus
OpenServiceW
CloseServiceHandle
StartServiceW
RegCreateKeyW
ChangeServiceConfig2W
RegisterServiceCtrlHandlerW
SetServiceStatus
RegOpenKeyExW
OpenSCManagerW
CreateServiceW

shell32

ShellExecuteW

urlmon

URLDownloadToFileW

ws2_32

WSAStartup
gethostbyname

Exports

Exports

InsertSvc
InstallService
ServiceMain
UninstallSvc

Sections

.text
Size: 63KB - Virtual size: 63KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 488B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.07.23_FBI-FLASH-AC-000129-TT/37aa87d3408dc3e211d63a3bb38c726787c47c06a19e77f6a14861a91c2dcb35
.dll windows:6 windows x86 arch:x86

4787bea98786556d37f584cdc26e328e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

E:\TEST\test-0902\InstallDLL\Release\SReg.pdb

Imports

kernel32

CreateFileW
WriteFile
CloseHandle
VerSetConditionMask
VerifyVersionInfoW
GetProcAddress
GetModuleHandleW
GetCurrentProcess
SystemTimeToFileTime
SetFileTime
SetFileAttributesW
Wow64DisableWow64FsRedirection
Wow64RevertWow64FsRedirection
GetEnvironmentVariableW
GetModuleFileNameW
Sleep
DeleteFileW
FreeLibrary
DecodePointer
SetFilePointerEx
GetConsoleMode
GetConsoleCP
FlushFileBuffers
HeapReAlloc
HeapSize
SetStdHandle
GetStringTypeW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
RtlUnwind
InterlockedFlushSList
GetLastError
SetLastError
EncodePointer
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
RaiseException
ExitProcess
GetModuleHandleExW
HeapFree
HeapAlloc
GetStdHandle
GetFileType
LCMapStringW
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
MultiByteToWideChar
WideCharToMultiByte
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetProcessHeap
WriteConsoleW

user32

wsprintfW

ole32

CoInitialize
CoGetObject
CoUninitialize

shlwapi

PathRemoveFileSpecW
PathAppendW

Exports

Exports

WriteService
WriteServiceByeName
WriteStartINF

Sections

.text
Size: 70KB - Virtual size: 69KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 229KB - Virtual size: 232KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.07.23_FBI-FLASH-AC-000129-TT/README.md
Malware-Feed-master/2020.07.23_FBI-FLASH-AC-000129-TT/a1aa0684813cfe9d7ed5c491c8ab132e5583b4fd02187fdae8aa4d934d933f29
.dll windows:5 windows x64 arch:x64

8cd57b39e762f70669270bf3b4f21707

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

F:\DLL\dll-client-0309\x64\Release\SvcDll.pdb

Imports

kernel32

GetSystemDirectoryW
GetSystemWow64DirectoryW
CloseHandle
GetModuleFileNameW
GetNativeSystemInfo
Sleep
FreeConsole
OutputDebugStringA
GetFileAttributesW
GetEnvironmentVariableW
FlushFileBuffers
GetStringTypeW
WriteConsoleW
SetStdHandle
OutputDebugStringW
EncodePointer
DecodePointer
GetCommandLineA
GetCurrentThreadId
IsDebuggerPresent
IsProcessorFeaturePresent
GetLastError
HeapFree
HeapAlloc
RtlPcToFileHeader
RaiseException
ExitProcess
GetModuleHandleExW
GetProcAddress
MultiByteToWideChar
WideCharToMultiByte
HeapSize
RtlUnwindEx
SetLastError
GetProcessHeap
GetStdHandle
GetFileType
DeleteCriticalSection
GetStartupInfoW
GetModuleFileNameA
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetEnvironmentStringsW
FreeEnvironmentStringsW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleW
EnterCriticalSection
LeaveCriticalSection
WriteFile
GetConsoleCP
GetConsoleMode
SetFilePointerEx
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
LoadLibraryExW
HeapReAlloc
LCMapStringW
CreateFileW

advapi32

RegSetValueExW
RegCloseKey
RegDeleteValueW
ControlService
DeleteService
QueryServiceStatus
OpenServiceW
CloseServiceHandle
StartServiceW
RegCreateKeyW
ChangeServiceConfig2W
RegisterServiceCtrlHandlerW
SetServiceStatus
RegOpenKeyExW
OpenSCManagerW
CreateServiceW

shell32

ShellExecuteW

urlmon

URLDownloadToFileW

ws2_32

WSAStartup
gethostbyname

Exports

Exports

InsertSvc
InstallService
ServiceMain
UninstallSvc

Sections

.text
Size: 68KB - Virtual size: 68KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 40KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 488B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.07.27_CISA-Legacy_Malware_Targeting_QNAP_NAS/09ab3031796bea1b8b79fcfd2b86dac8f38b1f95f0fce6bd2590361f6dcd6764
.sh linux
Malware-Feed-master/2020.07.27_CISA-Legacy_Malware_Targeting_QNAP_NAS/13f3ea4783a6c8d5ec0b0d342dcdd0de668694b9c1b533ce640ae4571fdbf63c
.sh linux
Malware-Feed-master/2020.07.27_CISA-Legacy_Malware_Targeting_QNAP_NAS/15892206207fdef1a60af17684ea18bcaa5434a1c7bdca55f460bb69abec0bdc
.sh linux
Malware-Feed-master/2020.07.27_CISA-Legacy_Malware_Targeting_QNAP_NAS/18a4f2e7847a2c4e3c9a949cc610044bde319184ef1f4d23a8053e5087ab641b
.elf linux x64
Malware-Feed-master/2020.07.27_CISA-Legacy_Malware_Targeting_QNAP_NAS/3615f0019e9a64a78ccb57faa99380db0b36146ec62df768361bca2d9a5c27f2
.elf linux x64
Malware-Feed-master/2020.07.27_CISA-Legacy_Malware_Targeting_QNAP_NAS/3c38e7bb004b000bd90ad94446437096f46140292a138bfc9f7e44dc136bac8d
.sh linux
Malware-Feed-master/2020.07.27_CISA-Legacy_Malware_Targeting_QNAP_NAS/3cb052a7da6cda9609c32b5bafa11b76c2bb0f74b61277fecf464d3c0baeac0e
Malware-Feed-master/2020.07.27_CISA-Legacy_Malware_Targeting_QNAP_NAS/473c5df2617cee5a1f73880c2d66ad9668eeb2e6c0c86a2e9e33757976391d1a
.sh linux
Malware-Feed-master/2020.07.27_CISA-Legacy_Malware_Targeting_QNAP_NAS/4b514278a3ad03f5efb9488f41585458c7d42d0028e48f6e45c944047f3a15e9
.sh linux
Malware-Feed-master/2020.07.27_CISA-Legacy_Malware_Targeting_QNAP_NAS/5130282cdb4e371b5b9257e6c992fb7c11243b2511a6d4185eafc0faa0e0a3a6
.sh linux
Malware-Feed-master/2020.07.27_CISA-Legacy_Malware_Targeting_QNAP_NAS/55b5671876f463f2f75db423b188a1d478a466c5e68e6f9d4f340396f6558b9f
.sh linux
Malware-Feed-master/2020.07.27_CISA-Legacy_Malware_Targeting_QNAP_NAS/5cb5dce0a1e03fc4d3ffc831e4a356bce80e928423b374fc80ee997e7c62d3f8
.sh linux
Malware-Feed-master/2020.07.27_CISA-Legacy_Malware_Targeting_QNAP_NAS/62426146b8fcaeaf6abb24d42543c6374b5f51e06c32206ccb9042350b832ea8
.sh linux
Malware-Feed-master/2020.07.27_CISA-Legacy_Malware_Targeting_QNAP_NAS/6e0f793025537edf285c5749b3fcd83a689db0f1c697abe70561399938380f89
.elf linux x64
Malware-Feed-master/2020.07.27_CISA-Legacy_Malware_Targeting_QNAP_NAS/845759bb54b992a6abcbca4af9662e94794b8d7c87063387b05034ce779f7d52
.elf linux x64
Malware-Feed-master/2020.07.27_CISA-Legacy_Malware_Targeting_QNAP_NAS/8fd16e639f99cdaa7a2b730fc9af34a203c41fb353eaa250a536a09caf78253b
.sh linux
Malware-Feed-master/2020.07.27_CISA-Legacy_Malware_Targeting_QNAP_NAS/9526ccdeb9bf7cfd9b34d290bdb49ab6a6acefc17bff0e85d9ebb46cca8b9dc2
.sh linux
Malware-Feed-master/2020.07.27_CISA-Legacy_Malware_Targeting_QNAP_NAS/9791c5f567838f1705bd46e880e38e21e9f3400c353c2bf55a9fa9f130f3f077
.sh linux
Malware-Feed-master/2020.07.27_CISA-Legacy_Malware_Targeting_QNAP_NAS/README.md
Malware-Feed-master/2020.07.27_CISA-Legacy_Malware_Targeting_QNAP_NAS/a569332b52d484f40b910f2f0763b13c085c7d93dcdc7fea0aeb3a3e3366ba5d
.sh linux
Malware-Feed-master/2020.07.27_CISA-Legacy_Malware_Targeting_QNAP_NAS/a9364f3faffa71acb51b7035738cbd5e7438721b9d2be120e46b5fd3b23c6c18
.sh linux
Malware-Feed-master/2020.07.27_CISA-Legacy_Malware_Targeting_QNAP_NAS/fa3c2f8e3309ee67e7684abc6602eea0d1d18d5d799a266209ce594947269346
.sh linux
Malware-Feed-master/2020.07.28_FBI-FLASH-MI-000130-MW/3337e3875b05e0bfba69ab926532e3f179e8cfbf162ebb60ce58a0281437a7ef
.exe windows:5 windows x86 arch:x86

c1e59519b5e5d84af07afa6f5a8625f1

Code Sign

33:00:00:00:98:04:58:cb:7f:23:09:b0:9e:00:00:00:00:00:98
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

30-03-2016 19:21

Not After

30-06-2017 19:21

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:7AFA-E41C-E142,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:01:0a:2c:79:ae:d7:79:7b:a6:ac:00:01:00:00:01:0a
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04-06-2015 17:42

Not After

04-09-2016 17:42

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:33:26:1a:00:00:00:00:00:31
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

31-08-2010 22:19

Not After

31-08-2020 22:29

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03-04-2007 12:53

Not After

03-04-2021 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:64:47:84:94:86:db:41:19:38:00:00:00:00:00:64
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

28-10-2015 20:31

Not After

28-01-2017 20:31

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08-07-2011 20:59

Not After

08-07-2026 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0c:4f:c5:97:fa:40:70:59:c9:4b:35:34:f4:9b:c0:90:a1:1c:cb:4e:4e:6d:96:9a:f2:67:e1:4d:69:35:9f:71
Signer

Actual PE Digest

0c:4f:c5:97:fa:40:70:59:c9:4b:35:34:f4:9b:c0:90:a1:1c:cb:4e:4e:6d:96:9a:f2:67:e1:4d:69:35:9f:71

Digest Algorithm

sha256

PE Digest Matches

true

b4:77:bc:a0:7b:c3:2e:88:63:11:99:73:bc:91:f6:a5:5f:10:40:5f
Signer

Actual PE Digest

b4:77:bc:a0:7b:c3:2e:88:63:11:99:73:bc:91:f6:a5:5f:10:40:5f

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

netapi32

NetServerEnum
NetApiBufferFree

ws2_32

gethostname
WSAStartup
inet_ntoa
gethostbyname

mpr

WNetCancelConnection2W
WNetAddConnection2W

kernel32

GetExitCodeProcess
ResumeThread
WaitForMultipleObjects
GetFileTime
DuplicateHandle
DisconnectNamedPipe
SetNamedPipeHandleState
TransactNamedPipe
CreateEventW
GetCurrentProcessId
GetFullPathNameW
SetFileAttributesW
GetFileAttributesW
CopyFileW
WaitNamedPipeW
SetConsoleCtrlHandler
SetConsoleTitleW
ReadConsoleW
GetVersion
SetProcessAffinityMask
ReadFile
GetConsoleScreenBufferInfo
MultiByteToWideChar
GetComputerNameW
DeleteFileW
CreateFileW
GetSystemDirectoryW
FindResourceW
LoadLibraryExW
FormatMessageA
GetTickCount
CloseHandle
WriteFile
SizeofResource
LoadResource
Sleep
WaitForSingleObject
SetEndOfFile
SetEvent
SetLastError
GetLastError
GetCurrentProcess
FreeLibrary
LockResource
SetPriorityClass
GetModuleFileNameW
GetCommandLineW
GetModuleHandleW
LoadLibraryW
GetStdHandle
GetFileType
LocalFree
LocalAlloc
GetProcAddress
FreeEnvironmentStringsW
LCMapStringW
OutputDebugStringW
HeapSize
HeapReAlloc
SetFilePointerEx
WriteConsoleW
GetEnvironmentVariableW
RaiseException
LoadLibraryExA
EncodePointer
DecodePointer
ExitProcess
GetModuleHandleExW
WideCharToMultiByte
HeapFree
HeapAlloc
GetConsoleMode
ReadConsoleInputA
SetConsoleMode
EnterCriticalSection
LeaveCriticalSection
SetStdHandle
CreateThread
GetCurrentThreadId
ExitThread
IsDebuggerPresent
IsProcessorFeaturePresent
GetStringTypeW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
DeleteCriticalSection
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStartupInfoW
GetProcessHeap
FlushFileBuffers
GetConsoleCP
RtlUnwind
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetEnvironmentStringsW

comdlg32

PrintDlgW

advapi32

LsaClose
CreateProcessAsUserW
CryptHashData
CryptCreateHash
CryptDecrypt
CryptEncrypt
CryptImportKey
CryptExportKey
CryptDestroyKey
CryptDeriveKey
CryptGenKey
CryptReleaseContext
CryptAcquireContextW
StartServiceW
QueryServiceStatus
OpenServiceW
OpenSCManagerW
DeleteService
CreateServiceW
ControlService
CloseServiceHandle
OpenProcessToken
LsaEnumerateAccountRights
LsaOpenPolicy
LsaFreeMemory
SetSecurityInfo
GetSecurityInfo
LookupPrivilegeValueW
AddAccessAllowedAce
GetAce
AddAce
InitializeAcl
GetLengthSid
FreeSid
AllocateAndInitializeSid
SetTokenInformation
GetTokenInformation
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
RegOpenKeyW
RegCreateKeyW
RegCloseKey

Sections

.text
Size: 97KB - Virtual size: 97KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 58KB - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 183KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 144KB - Virtual size: 143KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.07.28_FBI-FLASH-MI-000130-MW/3ba905e1cda7307163d4c8fe3fd03c2fbce7eda030522084e33d0604c204630e
.exe windows:6 windows x86 arch:x86

e82dd51b077167be63c004bed23d0c1e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NO_ISOLATION
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

Sleep

Sections

.text
Size: 58KB - Virtual size: 58KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 808B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.07.28_FBI-FLASH-MI-000130-MW/58e923ff158fb5aecd293b7a0e0d305296110b83c6e270786edcc4fea1c8404c
.exe windows:6 windows x86 arch:x86

e82dd51b077167be63c004bed23d0c1e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

Sleep

Sections

.text
Size: 84KB - Virtual size: 83KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.07.28_FBI-FLASH-MI-000130-MW/8639825230d5504fd8126ed55b2d7aeb72944ffe17e762801aab8d4f8f880160
.exe windows:1 windows x86 arch:x86

bd929e3c80fcb583a4f0c6130deb2c49

Code Sign

17:16:bb:93:fb:a9:a2:41:ba:a8:2e:c7:5e:ff:0c
Certificate

Issuer

CN=EWBTCAXQKUMDTHCXCZ

Not Before

07-03-2020 07:19

Not After

31-12-2039 23:59

Subject

CN=EWBTCAXQKUMDTHCXCZ

Extended Key Usages

ExtKeyUsageCodeSigning

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4b
Certificate

Issuer

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Not Before

07-06-2005 08:09

Not After

30-05-2020 10:48

Subject

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

62:5c:4d:90:8c:d5:42:fb:ab:2e:a5:73:3f:f1:54:19
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

27-04-2011 00:00

Not After

30-05-2020 10:48

Subject

CN=COMODO Time Stamping CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

2b:73:db:74:63:11:4c:5a:5b:32:4a:f2:30:57:72:49
Certificate

Issuer

CN=COMODO Time Stamping CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

02-05-2019 00:00

Not After

30-05-2020 10:48

Subject

CN=Sectigo SHA-1 Time Stamping Signer,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

e8:5c:d2:a6:c2:c7:26:15:c4:86:90:7f:ac:d9:2d:79:4c:63:6d:10
Signer

Actual PE Digest

e8:5c:d2:a6:c2:c7:26:15:c4:86:90:7f:ac:d9:2d:79:4c:63:6d:10

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcAddress
GetModuleHandleA
LoadLibraryA
RaiseException
CreateThread
LocalFree
CloseHandle
CreateEventW
SetEvent
CreateProcessW
GetVersionExA
GetVersionExW
GetLastError
SetLastError
GetModuleFileNameW
lstrcmpiW
FormatMessageW
GetCommandLineW
CreateFileW
FlushFileBuffers
GetStringTypeW
GetSystemTimeAsFileTime
HeapSetInformation
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapAlloc
HeapFree
IsProcessorFeaturePresent
EncodePointer
DecodePointer
EnterCriticalSection
LeaveCriticalSection
GetModuleHandleW
ExitProcess
WriteFile
GetStdHandle
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
InitializeCriticalSectionAndSpinCount
GetFileType
GetStartupInfoW
DeleteCriticalSection
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
GetCurrentThreadId
InterlockedDecrement
HeapCreate
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
RtlUnwind
Sleep
HeapSize
SetFilePointer
WideCharToMultiByte
GetConsoleCP
GetConsoleMode
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LoadLibraryW
HeapReAlloc
SetStdHandle
WriteConsoleW
MultiByteToWideChar
LCMapStringW
SetErrorMode
VirtualAlloc

user32

MessageBoxA
SetClassLongW
EnumDisplayMonitors
GetClipCursor
GetProcessWindowStation
GetWindowInfo
LoadMenuA
ShowScrollBar
InvalidateRect
MonitorFromPoint
AdjustWindowRectEx
InflateRect
GetUserObjectSecurity
PostThreadMessageW
GetMenuContextHelpId
CreateIconFromResourceEx
GetTopWindow
SetWindowRgn
CreateIcon
UnpackDDElParam
EnumWindowStationsA
SendInput
TrackPopupMenu
MsgWaitForMultipleObjects
LoadIconA
GetOpenClipboardWindow
IsMenu
GetMessagePos
CharNextA

gdi32

UnrealizeObject
TranslateCharsetInfo
SetTextAlign
GetCharWidthInfo
RoundRect
CopyEnhMetaFileA
EngGetCurrentCodePage
SetDIBitsToDevice
EngReleaseSemaphore
GetDIBits
GetBrushOrgEx
ExtCreateRegion
GetPixelFormat
XLATEOBJ_hGetColorTransform
GetEnhMetaFileA
CreateDiscardableBitmap
CreateBitmap
TextOutW
GetViewportOrgEx
SetColorSpace
GetHFONT
CreateRoundRectRgn
PolyPatBlt
FONTOBJ_pQueryGlyphAttrs
EngBitBlt
EnumICMProfilesW
CreateRectRgnIndirect
OffsetRgn
StrokeAndFillPath
SetBitmapBits
GetRandomRgn
CreateColorSpaceW
GetStockObject
AddFontResourceW
GetLayout
RealizePalette

comdlg32

PrintDlgW

advapi32

RegQueryValueExW
SetSecurityDescriptorDacl
StartServiceW
ControlService
RegOpenKeyExW
SetServiceStatus
RegisterServiceCtrlHandlerExW
StartServiceCtrlDispatcherW
DeleteService
CreateServiceW
QueryServiceStatus
OpenServiceW
OpenSCManagerW
CloseServiceHandle
RegCloseKey
RegOpenKeyA
RegQueryValueExA

shell32

ShellExecuteExW
SHGetSpecialFolderLocation
DuplicateIcon
ExtractIconExW
DragFinish
SHGetSettings
Shell_NotifyIconW
ShellExecuteEx
SHGetDesktopFolder
SHLoadInProc
SHLoadNonloadedIconOverlayIdentifiers
SHGetInstanceExplorer
ShellExecuteW
ExtractIconW
SHGetDataFromIDListA

ole32

OleUninitialize
CoCreateInstance
CoUninitialize
CoInitialize

shlwapi

StrCmpNIA
StrCmpNA

comctl32

ImageList_Destroy
InitializeFlatSB

Sections

.text
Size: 78KB - Virtual size: 78KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 209KB - Virtual size: 209KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.07.28_FBI-FLASH-MI-000130-MW/8f834966a06f34682b78e1644c47ab488b394b80109ddea39fc9a29ed0d56a0c
.exe windows:6 windows x86 arch:x86

cdd344983e4f44182600c69cb4fab21d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

OutputDebugStringW

Sections

.text
Size: 69KB - Virtual size: 68KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 924B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 824B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 892B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.07.28_FBI-FLASH-MI-000130-MW/9f9027b5db5c408ee43ef2a7c7dd1aecbdb244ef6b16d9aafb599e8c40368967
Malware-Feed-master/2020.07.28_FBI-FLASH-MI-000130-MW/README.md
Malware-Feed-master/2020.07.28_FBI-FLASH-MI-000130-MW/ad8d379a4431cabd079a1c34add903451e11f06652fe28d3f3edb6c469c43893
Malware-Feed-master/2020.07.28_FBI-FLASH-MI-000130-MW/de04d2402154f676f757cf1380671f396f3fc9f7dbb683d9461edd2718c4e09d
.exe windows:6 windows x86 arch:x86

e82dd51b077167be63c004bed23d0c1e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

Sleep

Sections

.text
Size: 84KB - Virtual size: 83KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.07.28_FBI-FLASH-MI-000130-MW/fd29001b8b635e6c51270788bab7af0bb5adba6917c278b93161cfc2bc7bd6ae
.ps1
Malware-Feed-master/2020.08.03_CISA-Chinese_RAT_TAIDOOR/0d0ccfe7cd476e2e2498b854cef2e6f959df817e52924b3a8bcdae7a8faaa686
Malware-Feed-master/2020.08.03_CISA-Chinese_RAT_TAIDOOR/363ea096a3f6d06d56dc97ff1618607d462f366139df70c88310bbf77b9f9f90
Malware-Feed-master/2020.08.03_CISA-Chinese_RAT_TAIDOOR/4a0688baf9661d3737ee82f8992a0a665732c91704f28688f643115648c107d4
.dll windows:5 windows x86 arch:x86

dbb469cb14550e6085a14b4b2d41ede9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\Users\user\Desktop\DllHijackPlusInject\version\Release\MemoryLoad.pdb

Imports

kernel32

FreeConsole
ReadFile
DisableThreadLibraryCalls
GetModuleFileNameA
CloseHandle
FreeLibrary
HeapAlloc
Sleep
VirtualFree
GetProcessHeap
IsBadReadPtr
GetProcAddress
VirtualAlloc
LoadLibraryA
VirtualProtect
GetFileSize
HeapFree
CreateFileA
GetLastError
HeapReAlloc
GetCurrentThreadId
DecodePointer
GetCommandLineA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
EncodePointer
RaiseException
HeapCreate
HeapDestroy
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
GetModuleHandleW
SetLastError
InterlockedDecrement
ExitProcess
SetHandleCount
GetStdHandle
InitializeCriticalSectionAndSpinCount
GetFileType
GetStartupInfoW
DeleteCriticalSection
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
HeapSize
WriteFile
GetModuleFileNameW
LeaveCriticalSection
EnterCriticalSection
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LoadLibraryW
RtlUnwind
LCMapStringW
MultiByteToWideChar
GetStringTypeW
IsProcessorFeaturePresent

advapi32

SetServiceStatus
RegisterServiceCtrlHandlerW

Exports

Exports

MyStart
ServiceMain

Sections

.text
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.08.03_CISA-Chinese_RAT_TAIDOOR/6e6d3a831c03b09d9e4a54859329fbfd428083f8f5bc5f27abbfdd9c47ec0e57
.dll windows:5 windows x64 arch:x64

956b48719c7be61f48572c8fa464e00c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\Users\user\Desktop\MemLoad(pass symantec)\version\x64\Release\MemoryLoad.pdb

Imports

kernel32

FreeConsole
ReadFile
DisableThreadLibraryCalls
GetModuleFileNameA
CloseHandle
FreeLibrary
HeapAlloc
Sleep
VirtualFree
GetProcessHeap
IsBadReadPtr
GetProcAddress
VirtualAlloc
LoadLibraryA
VirtualProtect
GetFileSize
HeapFree
CreateFileA
GetLastError
HeapReAlloc
GetCurrentThreadId
FlsSetValue
GetCommandLineA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
EncodePointer
DecodePointer
RaiseException
RtlPcToFileHeader
HeapSetInformation
GetVersion
HeapCreate
HeapDestroy
RtlUnwindEx
FlsGetValue
FlsFree
SetLastError
FlsAlloc
GetModuleHandleW
ExitProcess
SetHandleCount
GetStdHandle
InitializeCriticalSectionAndSpinCount
GetFileType
GetStartupInfoW
DeleteCriticalSection
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
HeapSize
WriteFile
GetModuleFileNameW
LeaveCriticalSection
EnterCriticalSection
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LoadLibraryW
LCMapStringW
MultiByteToWideChar
GetStringTypeW

advapi32

SetServiceStatus
RegisterServiceCtrlHandlerW

Exports

Exports

MyStart
ServiceMain

Sections

.text
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 952B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.08.03_CISA-Chinese_RAT_TAIDOOR/README.md
Malware-Feed-master/2020.08.19_CISA-North_Korean_RAT_BLINDINGCAN/58027c80c6502327863ddca28c31d352e5707f5903340b9e6ccc0997fcb9631d
.dll windows:5 windows x64 arch:x64

af2479dbb1f93be4fc4a092cbbd4df85

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

FileTimeToLocalFileTime
DeleteFileW
GetFileInformationByHandle
LocalFree
lstrlenA
GetTickCount
Sleep
GetFileSize
lstrcmpA
GetDriveTypeW
CreateProcessW
WaitForSingleObject
GetComputerNameW
GetLogicalDrives
SetFileTime
InitializeCriticalSection
GetProcessTimes
OpenProcess
TerminateThread
CopyFileW
LeaveCriticalSection
GetExitCodeProcess
GetFileAttributesW
TerminateProcess
GetModuleFileNameW
lstrcmpW
GetCurrentDirectoryW
MoveFileW
EnterCriticalSection
GetLocalTime
Process32FirstW
GetExitCodeThread
SetCurrentDirectoryW
Module32FirstW
GetOEMCP
Process32NextW
lstrcmpiW
CreateToolhelp32Snapshot
GetFileTime
CloseHandle
GetDiskFreeSpaceExW
CreateThread
FindNextFileW
LocalAlloc
FindClose
GetLastError
GetTempPathW
lstrlenW
MultiByteToWideChar
GetACP
CreateFileW
ReadFile
lstrcpynW
WriteConsoleW
SetStdHandle
WideCharToMultiByte
WriteFile
SetFilePointer
FindFirstFileW
GetTempFileNameW
HeapReAlloc
HeapSize
GetStringTypeW
LCMapStringW
GetConsoleMode
FlushFileBuffers
GetConsoleCP
LoadLibraryW
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetModuleFileNameA
DeleteCriticalSection
GetStartupInfoW
GetFileType
InitializeCriticalSectionAndSpinCount
SetHandleCount
RtlUnwindEx
RtlPcToFileHeader
RaiseException
IsValidCodePage
GetCPInfo
FlsAlloc
GetDiskFreeSpaceExA
FileTimeToDosDateTime
HeapFree
HeapAlloc
GetCurrentThreadId
FlsSetValue
GetCommandLineA
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
HeapSetInformation
GetVersion
HeapCreate
HeapDestroy
GetProcAddress
GetModuleHandleW
ExitProcess
DecodePointer
GetStdHandle
EncodePointer
FlsGetValue
FlsFree
SetLastError

advapi32

LookupAccountSidW
RegEnumKeyExA
RegOpenKeyExA
RegQueryInfoKeyA
RegCloseKey
OpenProcessToken
RegOpenKeyExW
RegQueryValueExW
CreateProcessAsUserW
GetTokenInformation

oleaut32

SystemTimeToVariantTime

cabinet

ord10
ord14
ord11
ord13

urlmon

ObtainUserAgentString

winhttp

WinHttpReceiveResponse
WinHttpSetTimeouts
WinHttpSetOption
WinHttpSendRequest
WinHttpWriteData
WinHttpConnect
WinHttpCloseHandle
WinHttpOpen
WinHttpOpenRequest
WinHttpGetProxyForUrl
WinHttpReadData
WinHttpAddRequestHeaders
WinHttpQueryDataAvailable

ws2_32

closesocket
socket
htons
select
connect
ioctlsocket
inet_addr
inet_ntoa

wtsapi32

WTSEnumerateSessionsW
WTSQueryUserToken

iphlpapi

GetAdaptersInfo

Sections

.text
Size: 88KB - Virtual size: 88KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 30KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.08.19_CISA-North_Korean_RAT_BLINDINGCAN/6a3446b8a47f0ab4f536015218b22653fff8b18c595fbc5b0c09d857eba7c7a1
.docx office2007
Malware-Feed-master/2020.08.19_CISA-North_Korean_RAT_BLINDINGCAN/7933716892e0d6053057f5f2df0ccadf5b06dc739fea79ee533dd0cec98ca971
.docx office2007
Malware-Feed-master/2020.08.19_CISA-North_Korean_RAT_BLINDINGCAN/8b53b519623b56ab746fdaf14d3eb402e6fa515cde2113a07f5a3b4050e98050
.dll windows:5 windows x64 arch:x64

7e564082b35201e421694b4ecea4ed0a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

FreeLibrary
GetModuleHandleW
Sleep
CreateThread
GetCurrentThreadId
FlsSetValue
GetCommandLineA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
RtlUnwindEx
EncodePointer
FlsGetValue
FlsFree
SetLastError
GetLastError
FlsAlloc
HeapFree
GetProcAddress
ExitProcess
DecodePointer
SetHandleCount
GetStdHandle
InitializeCriticalSectionAndSpinCount
GetFileType
GetStartupInfoW
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapSetInformation
GetVersion
HeapCreate
HeapDestroy
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
LeaveCriticalSection
EnterCriticalSection
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
HeapAlloc
HeapReAlloc
LoadLibraryW
WriteFile
GetModuleFileNameW
LCMapStringW
MultiByteToWideChar
GetStringTypeW
HeapSize

Sections

.text
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 434B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.08.19_CISA-North_Korean_RAT_BLINDINGCAN/README.md
Malware-Feed-master/2020.08.19_CISA-North_Korean_RAT_BLINDINGCAN/bdfd16dc53f5c63da0b68df71c6e61bad300e59fd5748991a6b6a3650f01f9a1
.dll windows:5 windows x86 arch:x86

920679e3a916eba5c0309f6381f49d76

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

FileTimeToLocalFileTime
DeleteFileW
GetFileInformationByHandle
LocalFree
lstrlenA
GetTickCount
Sleep
GetFileSize
lstrcmpA
GetDriveTypeW
CreateProcessW
WaitForSingleObject
GetComputerNameW
GetLogicalDrives
SetFileTime
InitializeCriticalSection
GetProcessTimes
OpenProcess
TerminateThread
CopyFileW
LeaveCriticalSection
GetExitCodeProcess
GetFileAttributesW
TerminateProcess
GetModuleFileNameW
lstrcmpW
GetCurrentDirectoryW
MoveFileW
EnterCriticalSection
GetLocalTime
Process32FirstW
GetExitCodeThread
SetCurrentDirectoryW
Module32FirstW
GetOEMCP
Process32NextW
lstrcmpiW
CreateToolhelp32Snapshot
GetFileTime
CloseHandle
GetDiskFreeSpaceExW
CreateThread
FindNextFileW
LocalAlloc
FindClose
GetLastError
GetTempPathW
lstrlenW
MultiByteToWideChar
GetACP
CreateFileW
ReadFile
lstrcpynW
IsProcessorFeaturePresent
WriteConsoleW
WideCharToMultiByte
WriteFile
SetFilePointer
FindFirstFileW
GetTempFileNameW
SetStdHandle
HeapReAlloc
HeapSize
GetStringTypeW
FlushFileBuffers
LCMapStringW
RtlUnwind
GetConsoleMode
GetConsoleCP
LoadLibraryW
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetModuleFileNameA
DeleteCriticalSection
GetStartupInfoW
GetFileType
InitializeCriticalSectionAndSpinCount
SetHandleCount
RaiseException
IsValidCodePage
GetCPInfo
GetDiskFreeSpaceExA
FileTimeToDosDateTime
HeapFree
HeapAlloc
GetCurrentThreadId
DecodePointer
GetCommandLineA
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapCreate
HeapDestroy
GetProcAddress
GetModuleHandleW
ExitProcess
GetStdHandle
EncodePointer
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
InterlockedDecrement

advapi32

LookupAccountSidW
RegEnumKeyExA
RegOpenKeyExA
RegQueryInfoKeyA
RegCloseKey
OpenProcessToken
RegOpenKeyExW
RegQueryValueExW
CreateProcessAsUserW
GetTokenInformation

oleaut32

SystemTimeToVariantTime

cabinet

ord10
ord14
ord11
ord13

urlmon

ObtainUserAgentString

winhttp

WinHttpReceiveResponse
WinHttpSetTimeouts
WinHttpSetOption
WinHttpSendRequest
WinHttpWriteData
WinHttpConnect
WinHttpQueryDataAvailable
WinHttpOpen
WinHttpOpenRequest
WinHttpGetProxyForUrl
WinHttpReadData
WinHttpAddRequestHeaders
WinHttpCloseHandle

ws2_32

closesocket
socket
htons
select
connect
ioctlsocket
inet_addr
inet_ntoa

wtsapi32

WTSEnumerateSessionsW
WTSQueryUserToken

iphlpapi

GetAdaptersInfo

Sections

.text
Size: 80KB - Virtual size: 79KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.08.26_CISA-MAR-10301706_North_Korean_RAT_VIVACIOUSGIFT/70b494b0a8fdf054926829dcb3235fc7bd0346b6a19faf2a57891c71043b3b38
.exe windows:5 windows x86 arch:x86

baa93d47220682c04d92f7797d9224ce

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrcpy

comctl32

InitCommonControls

Sections

Size: 116KB - Virtual size: 236KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 512B - Virtual size: 2.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

dworqjxn
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

omrcmqfn
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Malware-Feed-master/2020.08.26_CISA-MAR-10301706_North_Korean_RAT_VIVACIOUSGIFT/8cad61422d032119219f465331308c5a61e21c9a3a431b88e1f8b25129b7e2a1
.dll windows:5 windows x64 arch:x64

1cd9192feb9402723bdada868b8c98de

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

ReadFile
CreateFileW
FlushFileBuffers
FindClose
CloseHandle
HeapReAlloc
HeapAlloc
HeapFree
GetProcessHeap
HeapDestroy
HeapCreate
InitializeCriticalSection
LeaveCriticalSection
DeleteCriticalSection
WideCharToMultiByte
MultiByteToWideChar
GetTimeZoneInformation
ExitProcess
CreateThread
SetEnvironmentVariableA
CompareStringW
WriteFile
WaitForSingleObject
GetCurrentDirectoryW
PeekNamedPipe
GetFileInformationByHandle
GetFullPathNameA
FindFirstFileExA
GetDriveTypeA
FileTimeToLocalFileTime
FileTimeToSystemTime
ExitThread
Sleep
EnterCriticalSection
GetTickCount
ExpandEnvironmentStringsA
VerSetConditionMask
VerifyVersionInfoA
SleepEx
FormatMessageA
SetEndOfFile
WriteConsoleW
SetStdHandle
CreateFileA
GetConsoleMode
GetConsoleCP
GetStringTypeW
LCMapStringW
GetCurrentProcessId
QueryPerformanceCounter
GetEnvironmentStringsW
GetDriveTypeW
FreeEnvironmentStringsW
GetModuleFileNameA
EncodePointer
DecodePointer
GetLastError
GetSystemTimeAsFileTime
GetProcAddress
GetModuleHandleW
GetCurrentThreadId
FlsSetValue
GetCommandLineA
RaiseException
RtlPcToFileHeader
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
HeapSize
RtlUnwindEx
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
FlsGetValue
FlsFree
SetLastError
FlsAlloc
HeapSetInformation
GetVersion
GetStdHandle
GetModuleFileNameW
InitializeCriticalSectionAndSpinCount
SetHandleCount
GetFileType
GetStartupInfoW
SetFilePointer
LoadLibraryW

advapi32

CryptDestroyKey
CryptImportKey
CryptGenRandom
CryptAcquireContextA
CryptHashData
CryptDestroyHash
CryptCreateHash
CryptReleaseContext
CryptAcquireContextW
CryptGetHashParam
CryptEncrypt

shlwapi

StrTrimA

ws2_32

bind
socket
freeaddrinfo
WSASetLastError
closesocket
WSACleanup
htonl
htons
ntohs
recv
send
__WSAFDIsSet
getsockopt
getpeername
gethostname
setsockopt
shutdown
getsockname
WSAGetLastError
select
getaddrinfo
WSAStartup
WSAIoctl
ioctlsocket
connect

Sections

.text
Size: 355KB - Virtual size: 355KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 80KB - Virtual size: 79KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.08.26_CISA-MAR-10301706_North_Korean_RAT_VIVACIOUSGIFT/9a776b895e93926e2a758c09e341accb9333edc1243d216a5e53f47c6043c852
.exe windows:5 windows x86 arch:x86

6b8fa355d78d649f199232a25e22d630

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ReadFile
CreateFileW
FlushFileBuffers
FindClose
CloseHandle
HeapReAlloc
HeapAlloc
HeapFree
GetProcessHeap
HeapDestroy
HeapCreate
WideCharToMultiByte
MultiByteToWideChar
WriteFile
GetTimeZoneInformation
CreateThread
GetDriveTypeW
SetEnvironmentVariableA
WaitForSingleObject
CompareStringW
WriteConsoleW
SetStdHandle
GetCurrentDirectoryW
CreateFileA
PeekNamedPipe
GetFileInformationByHandle
GetFullPathNameA
SetFilePointer
GetConsoleMode
GetConsoleCP
FindFirstFileExA
GetDriveTypeA
FileTimeToLocalFileTime
FileTimeToSystemTime
ExitThread
Sleep
GetTickCount
ExpandEnvironmentStringsA
VerSetConditionMask
VerifyVersionInfoA
SleepEx
InitializeCriticalSection
FormatMessageA
IsProcessorFeaturePresent
RtlUnwind
HeapSize
GetProcAddress
GetModuleHandleW
ExitProcess
DecodePointer
GetCommandLineA
HeapSetInformation
GetStartupInfoW
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
EncodePointer
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
SetLastError
GetCurrentThreadId
GetLastError
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
LoadLibraryW
GetStdHandle
GetModuleFileNameW
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
LCMapStringW
GetStringTypeW
SetEndOfFile

advapi32

CryptAcquireContextA
CryptEncrypt
CryptImportKey
CryptHashData
CryptDestroyHash
CryptCreateHash
CryptReleaseContext
CryptAcquireContextW
CryptGetHashParam
CryptDestroyKey

shlwapi

StrTrimA

ws2_32

recv
bind
socket
__WSAFDIsSet
ntohs
htons
getsockopt
WSACleanup
gethostname
freeaddrinfo
WSASetLastError
closesocket
send
setsockopt
shutdown
getsockname
WSAGetLastError
select
getaddrinfo
WSAStartup
connect
WSAIoctl
ioctlsocket
getpeername

Sections

.text
Size: 194KB - Virtual size: 193KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.08.26_CISA-MAR-10301706_North_Korean_RAT_VIVACIOUSGIFT/README.md
Malware-Feed-master/2020.08.26_CISA-MAR-10301706_North_Korean_RAT_VIVACIOUSGIFT/a917c1cc198cf36c0f2f6c24652e5c2e94e28d963b128d54f00144d216b2d118
.exe windows:5 windows x86 arch:x86

3415ed7e09a44243bcabe4422aeef7dc

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ReadFile
CreateFileW
FlushFileBuffers
FindClose
CloseHandle
HeapReAlloc
HeapAlloc
HeapFree
GetProcessHeap
HeapDestroy
HeapCreate
InitializeCriticalSection
LeaveCriticalSection
DeleteCriticalSection
WideCharToMultiByte
MultiByteToWideChar
GetTimeZoneInformation
CreateThread
SetEnvironmentVariableA
CompareStringW
WriteFile
WaitForSingleObject
GetCurrentDirectoryW
PeekNamedPipe
GetFileInformationByHandle
GetFullPathNameA
FindFirstFileExA
GetDriveTypeA
FileTimeToLocalFileTime
FileTimeToSystemTime
ExitThread
Sleep
EnterCriticalSection
GetTickCount
ExpandEnvironmentStringsA
VerSetConditionMask
VerifyVersionInfoA
SleepEx
FormatMessageA
SetEndOfFile
WriteConsoleW
SetStdHandle
CreateFileA
GetConsoleMode
GetConsoleCP
GetStringTypeW
LCMapStringW
GetCurrentProcessId
QueryPerformanceCounter
GetEnvironmentStringsW
GetDriveTypeW
FreeEnvironmentStringsW
GetModuleFileNameA
EncodePointer
DecodePointer
GetLastError
GetSystemTimeAsFileTime
GetProcAddress
GetModuleHandleW
ExitProcess
GetCommandLineA
HeapSetInformation
GetStartupInfoW
RaiseException
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapSize
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
SetLastError
GetCurrentThreadId
IsProcessorFeaturePresent
GetStdHandle
GetModuleFileNameW
InitializeCriticalSectionAndSpinCount
RtlUnwind
SetHandleCount
GetFileType
SetFilePointer
LoadLibraryW

advapi32

CryptDestroyKey
CryptImportKey
CryptGenRandom
CryptAcquireContextA
CryptHashData
CryptDestroyHash
CryptCreateHash
CryptReleaseContext
CryptAcquireContextW
CryptGetHashParam
CryptEncrypt

shlwapi

StrTrimA

ws2_32

bind
socket
freeaddrinfo
WSASetLastError
closesocket
WSACleanup
htonl
htons
ntohs
recv
send
__WSAFDIsSet
getsockopt
getpeername
gethostname
setsockopt
shutdown
getsockname
WSAGetLastError
select
getaddrinfo
WSAStartup
WSAIoctl
ioctlsocket
connect

Sections

.text
Size: 326KB - Virtual size: 325KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 50KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.08.26_CISA-MAR-10301706_North_Korean_RAT_VIVACIOUSGIFT/aca598e2c619424077ef8043cb4284729045d296ce95414c83ed70985c892c83
.exe windows:5 windows x86 arch:x86

6b8fa355d78d649f199232a25e22d630

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ReadFile
CreateFileW
FlushFileBuffers
FindClose
CloseHandle
HeapReAlloc
HeapAlloc
HeapFree
GetProcessHeap
HeapDestroy
HeapCreate
WideCharToMultiByte
MultiByteToWideChar
WriteFile
GetTimeZoneInformation
CreateThread
GetDriveTypeW
SetEnvironmentVariableA
WaitForSingleObject
CompareStringW
WriteConsoleW
SetStdHandle
GetCurrentDirectoryW
CreateFileA
PeekNamedPipe
GetFileInformationByHandle
GetFullPathNameA
SetFilePointer
GetConsoleMode
GetConsoleCP
FindFirstFileExA
GetDriveTypeA
FileTimeToLocalFileTime
FileTimeToSystemTime
ExitThread
Sleep
GetTickCount
ExpandEnvironmentStringsA
VerSetConditionMask
VerifyVersionInfoA
SleepEx
InitializeCriticalSection
FormatMessageA
IsProcessorFeaturePresent
RtlUnwind
HeapSize
GetProcAddress
GetModuleHandleW
ExitProcess
DecodePointer
GetCommandLineA
HeapSetInformation
GetStartupInfoW
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
EncodePointer
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
SetLastError
GetCurrentThreadId
GetLastError
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
LoadLibraryW
GetStdHandle
GetModuleFileNameW
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
LCMapStringW
GetStringTypeW
SetEndOfFile

advapi32

CryptAcquireContextA
CryptEncrypt
CryptImportKey
CryptHashData
CryptDestroyHash
CryptCreateHash
CryptReleaseContext
CryptAcquireContextW
CryptGetHashParam
CryptDestroyKey

shlwapi

StrTrimA

ws2_32

recv
bind
socket
__WSAFDIsSet
ntohs
htons
getsockopt
WSACleanup
gethostname
freeaddrinfo
WSASetLastError
closesocket
send
setsockopt
shutdown
getsockname
WSAGetLastError
select
getaddrinfo
WSAStartup
connect
WSAIoctl
ioctlsocket
getpeername

Sections

.text
Size: 194KB - Virtual size: 193KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.08.26_CISA-MAR-10301706_North_Korean_RAT_VIVACIOUSGIFT/f3ca8f15ca582dd486bd78fd57c2f4d7b958163542561606bebd250c827022de
.exe windows:5 windows x64 arch:x64

b2b084698f33fd93bc9e72f0c2af26b5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

ReadFile
CreateFileW
FlushFileBuffers
FindClose
CloseHandle
HeapReAlloc
HeapAlloc
HeapFree
GetProcessHeap
HeapDestroy
HeapCreate
WideCharToMultiByte
MultiByteToWideChar
WriteFile
GetTimeZoneInformation
CreateThread
GetDriveTypeW
SetEnvironmentVariableA
WaitForSingleObject
CompareStringW
WriteConsoleW
SetStdHandle
GetCurrentDirectoryW
CreateFileA
PeekNamedPipe
GetFileInformationByHandle
GetFullPathNameA
SetFilePointer
GetConsoleMode
GetConsoleCP
FindFirstFileExA
GetDriveTypeA
FileTimeToLocalFileTime
FileTimeToSystemTime
ExitThread
Sleep
GetTickCount
ExpandEnvironmentStringsA
VerSetConditionMask
VerifyVersionInfoA
SleepEx
InitializeCriticalSection
FormatMessageA
HeapSize
GetStringTypeW
GetProcAddress
GetModuleHandleW
ExitProcess
DecodePointer
GetCommandLineA
GetStartupInfoW
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
EncodePointer
FlsGetValue
FlsSetValue
FlsFree
SetLastError
GetCurrentThreadId
GetLastError
FlsAlloc
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
LoadLibraryW
RtlUnwindEx
GetStdHandle
GetModuleFileNameW
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
HeapSetInformation
GetVersion
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
LCMapStringW
SetEndOfFile

advapi32

CryptAcquireContextA
CryptEncrypt
CryptImportKey
CryptHashData
CryptDestroyHash
CryptCreateHash
CryptReleaseContext
CryptAcquireContextW
CryptGetHashParam
CryptDestroyKey

shlwapi

StrTrimA

ws2_32

recv
bind
socket
__WSAFDIsSet
ntohs
htons
getsockopt
WSACleanup
gethostname
freeaddrinfo
WSASetLastError
closesocket
send
setsockopt
shutdown
getsockname
WSAGetLastError
select
getaddrinfo
WSAStartup
connect
WSAIoctl
ioctlsocket
getpeername

Sections

.text
Size: 207KB - Virtual size: 207KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 30KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.08.26_CISA-North_Korean_RAT_ECCENTRICBANDWAGON/32a4de070ca005d35a88503717157b0dc3f2e8da76ffd618fca6563aec9c81f8
.dll windows:5 windows x64 arch:x64

f0faa229b086ea5053b4268855f0c8ba

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

shlwapi

PathFileExistsA

kernel32

Sleep
RemoveDirectoryA
CreateFileA
WriteFile
GlobalLock
GlobalUnlock
GetLocalTime
GetCurrentThreadId
TerminateThread
GetLastError
SetFilePointer
ReadFile
SystemTimeToFileTime
FileTimeToSystemTime
FindClose
CreateFileMappingA
MapViewOfFile
UnmapViewOfFile
GetTickCount
CreateFileW
GetProcessHeap
SetEndOfFile
HeapReAlloc
GetStringTypeW
HeapSize
FlushFileBuffers
WriteConsoleW
LoadLibraryW
FindNextFileA
FindFirstFileA
CreateThread
CreateDirectoryA
GetTempPathA
CloseHandle
CompareStringW
UnhandledExceptionFilter
HeapFree
HeapAlloc
DeleteFileA
GetSystemTimeAsFileTime
FlsSetValue
GetCommandLineA
TerminateProcess
GetCurrentProcess
SetEnvironmentVariableA
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
HeapSetInformation
GetVersion
HeapCreate
HeapDestroy
DecodePointer
EncodePointer
RtlUnwindEx
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
GetProcAddress
GetModuleHandleW
ExitProcess
GetStdHandle
GetModuleFileNameW
WideCharToMultiByte
GetConsoleCP
GetConsoleMode
SetStdHandle
GetFileType
SetHandleCount
GetStartupInfoW
DeleteCriticalSection
MultiByteToWideChar
FlsGetValue
FlsFree
SetLastError
FlsAlloc
GetTimeZoneInformation
RaiseException
RtlPcToFileHeader
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringW
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetCurrentProcessId

user32

GetSystemMetrics
EnumDisplayMonitors
GetDC
GetKeyNameTextA
GetKeyState
GetDesktopWindow
GetAsyncKeyState
GetWindowTextA
GetForegroundWindow
CloseClipboard
GetClipboardData
OpenClipboard
MapVirtualKeyA

gdi32

CreateCompatibleBitmap
CreateCompatibleDC
GetDeviceCaps
GetDIBits
SelectObject
DeleteObject
DeleteDC
BitBlt

Exports

Exports

Process

Sections

.text
Size: 90KB - Virtual size: 89KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 30KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.08.26_CISA-North_Korean_RAT_ECCENTRICBANDWAGON/9ea5aa00e0a738b74066c61b1d35331170a9e0a84df1cc6cef58fd46a8ec5a2e
.dll windows:6 windows x64 arch:x64

b113cba285f3c4ed179422f54692f4e3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

shlwapi

PathFileExistsA

kernel32

DeleteFileA
CreateThread
GetLocalTime
GlobalLock
RemoveDirectoryA
WinExec
CreateDirectoryA
GlobalUnlock
GetLastError
ReadFile
WriteFile
SetFilePointer
CloseHandle
SystemTimeToFileTime
UnmapViewOfFile
TerminateThread
CreateFileMappingA
MapViewOfFile
GetTickCount
SetEndOfFile
HeapSize
WriteConsoleW
FlushFileBuffers
CreateFileW
GetProcessHeap
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetTempPathA
Sleep
MultiByteToWideChar
FindClose
InitializeCriticalSection
LeaveCriticalSection
FindNextFileA
FindFirstFileA
EnterCriticalSection
FileTimeToSystemTime
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
RtlPcToFileHeader
EncodePointer
RaiseException
GetModuleFileNameW
RtlUnwindEx
InterlockedFlushSList
SetLastError
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
DeleteCriticalSection
ExitProcess
GetModuleHandleExW
GetModuleFileNameA
WideCharToMultiByte
HeapFree
HeapAlloc
SetFilePointerEx
GetConsoleMode
ReadConsoleW
GetStdHandle
GetFileType
SetStdHandle
CompareStringW
LCMapStringW
DeleteFileW
GetTimeZoneInformation
GetACP
GetConsoleCP
GetStringTypeW
HeapReAlloc
FindFirstFileExA
IsValidCodePage
GetOEMCP
GetCPInfo

user32

GetDC
EnumDisplayMonitors
GetSystemMetrics
GetKeyState
GetAsyncKeyState
GetDesktopWindow
CloseClipboard
MapVirtualKeyA
GetForegroundWindow
GetClipboardData
GetKeyNameTextW
GetWindowTextW
OpenClipboard

gdi32

CreateCompatibleBitmap
SelectObject
CreateCompatibleDC
GetDIBits
GetDeviceCaps
DeleteDC
DeleteObject
BitBlt

advapi32

SystemFunction036
GetUserNameA

Sections

.text
Size: 134KB - Virtual size: 134KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 56KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 512B - Virtual size: 228B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.08.26_CISA-North_Korean_RAT_ECCENTRICBANDWAGON/README.md
Malware-Feed-master/2020.08.26_CISA-North_Korean_RAT_ECCENTRICBANDWAGON/c6930e298bba86c01d0fe2c8262c46b4fce97c6c5037a193904cfc634246fbec
.exe windows:6 windows x86 arch:x86

a8623b2da60776df129ebe0430d48d85

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

PathFileExistsA

kernel32

GlobalLock
RemoveDirectoryA
CreateDirectoryA
GlobalUnlock
GetLastError
ReadFile
WriteFile
SetFilePointer
CloseHandle
SystemTimeToFileTime
UnmapViewOfFile
FileTimeToSystemTime
CreateFileMappingA
GetLocalTime
MapViewOfFile
GetTickCount
SetEndOfFile
HeapSize
WriteConsoleW
FlushFileBuffers
CreateFileW
GetProcessHeap
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetCPInfo
GetOEMCP
CreateThread
DeleteFileA
TerminateThread
GetTempPathA
Sleep
MultiByteToWideChar
FindClose
FindFirstFileA
FindNextFileA
DecodePointer
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
EncodePointer
GetModuleFileNameW
RaiseException
SetLastError
RtlUnwind
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
GetStdHandle
WideCharToMultiByte
ExitProcess
GetModuleHandleExW
GetACP
HeapFree
HeapAlloc
SetStdHandle
GetFileType
SetFilePointerEx
CompareStringW
LCMapStringW
DeleteFileW
GetTimeZoneInformation
GetConsoleCP
GetConsoleMode
GetStringTypeW
ReadConsoleW
HeapReAlloc
FindFirstFileExW
FindNextFileW
IsValidCodePage

user32

GetDC
EnumDisplayMonitors
GetSystemMetrics
GetKeyState
GetAsyncKeyState
GetDesktopWindow
CloseClipboard
MapVirtualKeyA
GetForegroundWindow
GetClipboardData
GetKeyNameTextW
GetWindowTextW
OpenClipboard

gdi32

CreateCompatibleBitmap
SelectObject
CreateCompatibleDC
GetDIBits
GetDeviceCaps
DeleteDC
DeleteObject
BitBlt

advapi32

SystemFunction036
GetUserNameA

Exports

Exports

Process

Sections

.text
Size: 122KB - Virtual size: 121KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 38KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 284B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.08.26_CISA-North_Korean_RAT_ECCENTRICBANDWAGON/efd470cfa90b918e5d558e5c8c3821343af06eedfd484dfeb20c4605f9bdc30e
.dll windows:5 windows x64 arch:x64

f0faa229b086ea5053b4268855f0c8ba

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

shlwapi

PathFileExistsA

kernel32

Sleep
RemoveDirectoryA
CreateFileA
WriteFile
GlobalLock
GlobalUnlock
GetLocalTime
GetCurrentThreadId
TerminateThread
GetLastError
SetFilePointer
ReadFile
SystemTimeToFileTime
FileTimeToSystemTime
FindClose
CreateFileMappingA
MapViewOfFile
UnmapViewOfFile
GetTickCount
CreateFileW
GetProcessHeap
SetEndOfFile
HeapReAlloc
GetStringTypeW
HeapSize
FlushFileBuffers
WriteConsoleW
LoadLibraryW
FindNextFileA
FindFirstFileA
CreateThread
CreateDirectoryA
GetTempPathA
CloseHandle
CompareStringW
UnhandledExceptionFilter
HeapFree
HeapAlloc
DeleteFileA
GetSystemTimeAsFileTime
FlsSetValue
GetCommandLineA
TerminateProcess
GetCurrentProcess
SetEnvironmentVariableA
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
HeapSetInformation
GetVersion
HeapCreate
HeapDestroy
DecodePointer
EncodePointer
RtlUnwindEx
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
GetProcAddress
GetModuleHandleW
ExitProcess
GetStdHandle
GetModuleFileNameW
WideCharToMultiByte
GetConsoleCP
GetConsoleMode
SetStdHandle
GetFileType
SetHandleCount
GetStartupInfoW
DeleteCriticalSection
MultiByteToWideChar
FlsGetValue
FlsFree
SetLastError
FlsAlloc
GetTimeZoneInformation
RaiseException
RtlPcToFileHeader
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringW
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetCurrentProcessId

user32

GetSystemMetrics
EnumDisplayMonitors
GetDC
GetKeyNameTextA
GetKeyState
GetDesktopWindow
GetAsyncKeyState
GetWindowTextA
GetForegroundWindow
CloseClipboard
GetClipboardData
OpenClipboard
MapVirtualKeyA

gdi32

CreateCompatibleBitmap
CreateCompatibleDC
GetDeviceCaps
GetDIBits
SelectObject
DeleteObject
DeleteDC
BitBlt

Exports

Exports

Process

Sections

.text
Size: 90KB - Virtual size: 89KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 30KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.08.26_CISA-North_Korean_RAT_FASTCASH/129b8825eaf61dcc2321aad7b84632233fa4bbc7e24bdf123b507157353930f0
.dll windows:5 windows x86 arch:x86

0ab159bd939411cb8df935bd9e7b5835

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CloseHandle
CreateThread
DisableThreadLibraryCalls
GetLocalTime
GetCurrentProcessId
GetCurrentThreadId
GetProcAddress
GetModuleHandleA
GetCurrentThread
GlobalAlloc
GlobalFree
GetLastError
Sleep
CreateDirectoryA
VirtualQuery
InterlockedCompareExchange
VirtualProtect
ResumeThread
FlushInstructionCache
GetCurrentProcess
SetThreadContext
GetThreadContext
VirtualFree
SuspendThread
DebugBreak
VirtualAlloc
SetLastError
SetEndOfFile
CreateFileW
HeapSize
HeapReAlloc
CreateFileA
HeapFree
HeapAlloc
DecodePointer
GetCommandLineA
RtlUnwind
IsProcessorFeaturePresent
WriteFile
WideCharToMultiByte
GetConsoleCP
GetConsoleMode
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
EncodePointer
TerminateProcess
EnterCriticalSection
LeaveCriticalSection
SetHandleCount
GetStdHandle
InitializeCriticalSectionAndSpinCount
GetFileType
GetStartupInfoW
DeleteCriticalSection
GetModuleHandleW
ExitProcess
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LCMapStringW
MultiByteToWideChar
HeapCreate
HeapDestroy
GetModuleFileNameW
ReadFile
SetFilePointer
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
RaiseException
WriteConsoleW
SetStdHandle
FlushFileBuffers
LoadLibraryW
GetStringTypeW
GetProcessHeap

ws2_32

send
recv
WSAGetLastError
inet_ntoa
WSASetLastError
getpeername
ntohs

Sections

.text
Size: 83KB - Virtual size: 82KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.08.26_CISA-North_Korean_RAT_FASTCASH/39cbad3b2aac6298537a85f0463453d54ab2660c913f4f35ba98fffeb0b15655
.exe windows:5 windows x86 arch:x86

c9febdea3218b92a46f739082f26471e

Code Sign

18:da:d1:9e:26:7d:e8:bb:4a:21:58:cd:cc:6b:3b:4a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08-11-2006 00:00

Not After

16-07-2036 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

19:1a:32:cb:75:9c:97:b8:cf:ac:11:8d:d5:12:7f:49
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

04-03-2014 00:00

Not After

03-03-2024 23:59

Subject

CN=Symantec Class 3 Extended Validation Code Signing CA - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

5a:d4:ce:11:6b:13:1d:af:8d:78:4c:6f:ab:2e:a1:f1
Certificate

Issuer

CN=Symantec Class 3 Extended Validation Code Signing CA - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

13-05-2019 00:00

Not After

12-05-2020 23:59

Subject

SERIALNUMBER=10904381,CN=ORDARA LTD,O=ORDARA LTD,L=Andover,ST=Hampshire,C=GB,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.1=#1307416e646f766572,1.3.6.1.4.1.311.60.2.1.2=#130948616d707368697265,1.3.6.1.4.1.311.60.2.1.3=#13024742

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

Issuer

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22-10-2014 00:00

Not After

22-10-2024 00:00

Subject

CN=DigiCert Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10-11-2006 00:00

Not After

10-11-2021 00:00

Subject

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageEmailProtection
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

72:18:81:0f:cf:d6:77:9d:0a:cf:54:aa:c0:7d:19:37:02:cb:30:ac
Signer

Actual PE Digest

72:18:81:0f:cf:d6:77:9d:0a:cf:54:aa:c0:7d:19:37:02:cb:30:ac

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LoadLibraryA
GetLastError
OpenProcess
VirtualAllocEx
WriteProcessMemory
GetProcAddress
WaitForSingleObject
CreateToolhelp32Snapshot
Module32First
Module32Next
CloseHandle
GetCurrentProcess
GetModuleHandleA
GetLocalTime
GetModuleHandleW
ExitProcess
DecodePointer
GetCommandLineA
HeapSetInformation
GetStartupInfoW
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
EncodePointer
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
RtlUnwind
SetHandleCount
GetStdHandle
GetFileType
DeleteCriticalSection
HeapFree
LoadLibraryW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
WriteFile
GetModuleFileNameW
GetModuleFileNameA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapCreate
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
SetFilePointer
GetConsoleCP
GetConsoleMode
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
Sleep
CreateFileA
SetStdHandle
FlushFileBuffers
HeapSize
WriteConsoleW
MultiByteToWideChar
LCMapStringW
GetStringTypeW
HeapAlloc
HeapReAlloc
IsProcessorFeaturePresent
SetEndOfFile
GetProcessHeap
ReadFile
CreateFileW

advapi32

LookupPrivilegeValueA
OpenProcessToken
AdjustTokenPrivileges

shlwapi

PathFileExistsA

Sections

.text
Size: 38KB - Virtual size: 37KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.08.26_CISA-North_Korean_RAT_FASTCASH/5cb7a352535b447609849e20aec18c84d8b58e377d9c6365eafb45cdb7ef949b
.dll windows:5 windows x86 arch:x86

76e8a4f811b021cf503340a0077515cc

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CreateDirectoryA
Sleep
VirtualProtect
CloseHandle
CreateThread
DisableThreadLibraryCalls
GetLocalTime
GetCurrentThreadId
GetCurrentProcessId
GetProcAddress
GetModuleHandleA
GlobalAlloc
GetTickCount
GetCurrentThread
VirtualQuery
InterlockedCompareExchange
ResumeThread
FlushInstructionCache
GetCurrentProcess
SetThreadContext
GetThreadContext
VirtualFree
GetLastError
SuspendThread
DebugBreak
VirtualAlloc
SetLastError
GetProcessHeap
SetEndOfFile
HeapSize
HeapReAlloc
GetStringTypeW
HeapFree
HeapAlloc
GetSystemTimeAsFileTime
DecodePointer
GetCommandLineA
RtlUnwind
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
EncodePointer
EnterCriticalSection
LeaveCriticalSection
SetHandleCount
GetStdHandle
InitializeCriticalSectionAndSpinCount
GetFileType
GetStartupInfoW
DeleteCriticalSection
IsProcessorFeaturePresent
MultiByteToWideChar
ReadFile
SetFilePointer
WriteFile
WideCharToMultiByte
GetConsoleCP
GetConsoleMode
HeapCreate
HeapDestroy
GetModuleHandleW
ExitProcess
GetModuleFileNameW
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LCMapStringW
FlushFileBuffers
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
RaiseException
SetStdHandle
CreateFileA
WriteConsoleW
LoadLibraryW
CreateFileW

ws2_32

htons
socket
connect
recv
closesocket
inet_ntoa
send
getpeername
ntohs
WSAGetLastError
WSASetLastError

Sections

.text
Size: 87KB - Virtual size: 87KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.08.26_CISA-North_Korean_RAT_FASTCASH/README.md
Malware-Feed-master/2020.09.15_CISA-MAR-10297887_Iranian_Web_Shells/10836bda2d6a10791eb9541ad9ef1cb608aa9905766c28037950664cd64c6334
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

PDB Paths

C:\Code\KeeTheft\KeeTheft\bin\ReleaseKeeTheft.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 718KB - Virtual size: 718KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.09.15_CISA-MAR-10297887_Iranian_Web_Shells/4a1fc30ffeee48f213e256fa7bff77d8abd8acd81e3b2eb3b9c40bd3e2b04756
Malware-Feed-master/2020.09.15_CISA-MAR-10297887_Iranian_Web_Shells/51e9cadeab1b33260c4ccb2c63f5860a77dd58541d7fb0840ad52d0a1abedd21
Malware-Feed-master/2020.09.15_CISA-MAR-10297887_Iranian_Web_Shells/547440bd037a149ac7ac58bc5aaa65d079537e7a87dc93bb92edf0de7648761c
Malware-Feed-master/2020.09.15_CISA-MAR-10297887_Iranian_Web_Shells/55b9264bc1f665acd94d922dd13522f48f2c88b02b587e50d5665b72855aa71c
.exe windows:6 windows x64 arch:x64

91802a615b3a5c4bcc05bc5f66a5b219

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

WriteFile
WriteConsoleW
WaitForMultipleObjects
WaitForSingleObject
VirtualQuery
VirtualFree
VirtualAlloc
SwitchToThread
SuspendThread
SetWaitableTimer
SetUnhandledExceptionFilter
SetProcessPriorityBoost
SetEvent
SetErrorMode
SetConsoleCtrlHandler
ResumeThread
PostQueuedCompletionStatus
LoadLibraryA
LoadLibraryW
SetThreadContext
GetThreadContext
GetSystemInfo
GetSystemDirectoryA
GetStdHandle
GetQueuedCompletionStatus
GetProcessAffinityMask
GetProcAddress
GetEnvironmentStringsW
GetConsoleMode
FreeEnvironmentStringsW
ExitProcess
DuplicateHandle
CreateThread
CreateIoCompletionPort
CreateEventA
CloseHandle
AddVectoredExceptionHandler

Sections

.text
Size: 4.3MB - Virtual size: 4.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5.4MB - Virtual size: 5.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 362KB - Virtual size: 571KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.symtab
Size: 512B - Virtual size: 4B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.09.15_CISA-MAR-10297887_Iranian_Web_Shells/913ee2b048093162ff54dca050024f07200cdeaf13ffd56c449acb9e6d5fbda0
.ps1
Malware-Feed-master/2020.09.15_CISA-MAR-10297887_Iranian_Web_Shells/REAMDE.md
Malware-Feed-master/2020.09.15_CISA-MAR-10297887_Iranian_Web_Shells/b443032aa281440017d1dcc3ae0a70d1d30d4f2f2b3f064f95f285e243559249
Malware-Feed-master/2020.09.17_FBI-FLASH-ME-000134-MW/03532fd04cf596cdd0feaa3083dbbba8a726739ea03a43fb73c4577a9dc45c1a
Malware-Feed-master/2020.09.17_FBI-FLASH-ME-000134-MW/0edf56c79475442bdb36cc10a7b50ee927a59053e8a3945018bf5b3d849581e0
.exe windows:4 windows x64 arch:x64

2c9e98790fd9f920c8aca8d84943961f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

CreateProcessW
DeleteCriticalSection
EnterCriticalSection
ExpandEnvironmentStringsW
FormatMessageA
GetCommandLineW
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetEnvironmentVariableW
GetExitCodeProcess
GetLastError
GetModuleFileNameW
GetModuleHandleA
GetProcAddress
GetShortPathNameW
GetStartupInfoW
GetSystemTimeAsFileTime
GetTempPathW
GetTickCount
InitializeCriticalSection
LeaveCriticalSection
LoadLibraryA
LoadLibraryExW
MultiByteToWideChar
QueryPerformanceCounter
RtlAddFunctionTable
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
SetDllDirectoryW
SetEnvironmentVariableW
SetUnhandledExceptionFilter
Sleep
TerminateProcess
TlsGetValue
UnhandledExceptionFilter
VirtualProtect
VirtualQuery
WaitForSingleObject
WideCharToMultiByte
__C_specific_handler

msvcrt

__argc
__dllonexit
__iob_func
__lconv_init
__set_app_type
__setusermatherr
__wargv
__wgetmainargs
__winitenv
_amsg_exit
_cexit
_fileno
_findclose
_fmode
_fullpath
_get_osfhandle
_getpid
_initterm
_lock
_onexit
_setmode
_stat64
_strdup
_unlock
_vsnprintf
_vsnwprintf
_wcmdln
_wfindfirst64
_wfindnext64
_wfopen
_wmkdir
_wremove
_wrmdir
_wstat64
_wtempnam
abort
calloc
clearerr
exit
fclose
feof
ferror
fflush
fprintf
fread
free
fseek
ftell
fwrite
getenv
malloc
mbstowcs
memcpy
memset
setbuf
setlocale
signal
sprintf
strcat
strchr
strcmp
strcpy
strlen
strncat
strncmp
strncpy
strrchr
strtok
vfprintf
wcscat
wcscmp
wcscpy
wcslen

ws2_32

ntohl

Sections

.text
Size: 39KB - Virtual size: 39KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 168B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 51KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 104B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 104B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 59KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Malware-Feed-master/2020.09.17_FBI-FLASH-ME-000134-MW/0ee32e3ea3d83da9df6317d7c8c539f0f3622af82ef242d74fdca1e5d4ee427f
.doc windows office2003

ThisDocument

Class1
Malware-Feed-master/2020.09.17_FBI-FLASH-ME-000134-MW/0f7759714a57635ec98ab5453e2629e5f6f31a3f46565243addb20f6d0aa7d2c
.dll windows:5 windows x64 arch:x64

274d6608a484e2f74ac362caed0d1793

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

CloseHandle
FileTimeToLocalFileTime
GetFileInformationByHandle
GetTempPathA
DeleteFileA
GetFileSize
FindFirstFileW
SystemTimeToFileTime
MoveFileExW
CreateDirectoryW
GetTickCount
GetTempPathW
FindClose
lstrcmpiW
FindNextFileW
DeleteFileW
GetSystemTime
GlobalSize
GlobalLock
GetSystemDirectoryW
Sleep
GlobalUnlock
CreateThread
LoadLibraryW
GetProcAddress
CompareStringA
HeapSize
GetStringTypeW
LCMapStringW
GetModuleFileNameW
IsValidCodePage
WriteFile
GetACP
GetCPInfo
EnterCriticalSection
LeaveCriticalSection
GetCurrentProcessId
QueryPerformanceCounter
HeapDestroy
HeapCreate
GetVersion
HeapSetInformation
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetModuleFileNameA
DeleteCriticalSection
GetStartupInfoW
GetFileType
InitializeCriticalSectionAndSpinCount
GetStdHandle
SetHandleCount
ExitProcess
GetModuleHandleW
RtlUnwindEx
FlsAlloc
GetLastError
lstrlenW
MultiByteToWideChar
CompareStringW
CreateFileW
ReadFile
SetFilePointer
HeapReAlloc
lstrlenA
FileTimeToDosDateTime
GetTempFileNameA
SetLastError
FlsFree
FlsGetValue
GetCurrentProcess
TerminateProcess
DecodePointer
EncodePointer
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCommandLineA
FlsSetValue
GetCurrentThreadId
GetVersionExW
WideCharToMultiByte
GetSystemTimeAsFileTime
GetProcessHeap
HeapFree
HeapAlloc
GetOEMCP
RaiseException

user32

PostQuitMessage
CharLowerW
wsprintfA
wsprintfW
DispatchMessageW
RegisterClassA
DefWindowProcW
SetClipboardViewer
UpdateWindow
SendMessageW
OpenClipboard
SetWindowsHookExW
ShowWindow
GetDesktopWindow
ChangeClipboardChain
CreateWindowExA
SystemParametersInfoW
GetKeyState
GetWindowTextW
GetKeyboardLayout
GetAsyncKeyState
GetWindowThreadProcessId
CloseClipboard
SetTimer
GetMessageW
GetPriorityClipboardFormat
GetKeyboardLayoutNameW
IsClipboardFormatAvailable
LoadCursorW
CallNextHookEx
GetClientRect
GetDC
TranslateMessage
GetForegroundWindow
LoadIconW
GetClipboardData

gdi32

DeleteObject
SelectObject
CreateCompatibleDC
CreateCompatibleBitmap
GetStockObject
BitBlt

advapi32

RegOpenKeyExW
RegQueryValueExW
RegCloseKey
GetUserNameW

shell32

SHFileOperationW
SHGetFolderPathW
DragQueryFileW

ole32

CreateStreamOnHGlobal

shlwapi

PathRemoveFileSpecW
PathAppendW
PathFindFileNameA
PathRemoveBackslashW
PathRemoveExtensionW
PathFindFileNameW
PathAddBackslashW
PathFileExistsW
PathAddExtensionW

cabinet

ord14
ord13
ord10
ord11

gdiplus

GdiplusShutdown
GdipSaveImageToStream
GdipFree
GdiplusStartup
GdipAlloc
GdipGetImageEncodersSize
GdipDisposeImage
GdipCreateBitmapFromHBITMAP
GdipGetImageEncoders
GdipCloneImage

Exports

Exports

BootUI

Sections

.text
Size: 71KB - Virtual size: 71KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

text
Size: 1024B - Virtual size: 702B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE

data
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.09.17_FBI-FLASH-ME-000134-MW/15b61b51d46bcf8ae5999d0ae422ca89b2a1aba0c90c818d5c8e419aaa0af831
.dll windows:6 windows x86 arch:x86

6153eafca52655d2b7d08a2506cac4b8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\Users\RS01212M\AppData\Roaming\generator\Proj1\autoGetKbd\Release\autoGetKbd.pdb

Imports

logging

?KyBuffer@TextFile@Saving@@SAXV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z

kernel32

GetModuleHandleW
CreateFileW
WriteConsoleW
FlushFileBuffers
SetFilePointerEx
GetConsoleMode
GetConsoleCP
WriteFile
HeapSize
SetStdHandle
GetCommandLineW
GetCommandLineA
WideCharToMultiByte
MultiByteToWideChar
GetStringTypeW
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
EncodePointer
DecodePointer
SetLastError
InitializeCriticalSectionAndSpinCount
CreateEventW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
GetProcAddress
LCMapStringW
GetLocaleInfoW
GetCPInfo
CloseHandle
SetEvent
ResetEvent
WaitForSingleObjectEx
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
InitializeSListHead
RtlUnwind
RaiseException
GetLastError
FreeLibrary
LoadLibraryExW
GetModuleFileNameW
InterlockedFlushSList
ExitProcess
GetModuleHandleExW
HeapAlloc
HeapReAlloc
HeapFree
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetACP
GetProcessHeap
GetStdHandle
GetFileType
IsValidCodePage
GetOEMCP
GetEnvironmentStringsW
FreeEnvironmentStringsW

user32

TranslateMessage
GetMessageW
SetWindowsHookExW
CallNextHookEx
GetWindowTextA
DispatchMessageW
ToUnicodeEx
GetKeyboardLayout
GetWindowThreadProcessId
GetGUIThreadInfo
GetKeyboardState
UnhookWindowsHookEx
GetForegroundWindow

advapi32

SystemFunction036

Exports

Exports

?execHooking@clsHooking@Hooking@@SAXXZ

Sections

.text
Size: 99KB - Virtual size: 98KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 43KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.09.17_FBI-FLASH-ME-000134-MW/333d4455b920c44d278767783aff3383419872f802cc254c105702604d563aea
.exe windows:4 windows x86 arch:x86

ef4b3bea8854ad98b71e7d5b8c147431

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

CryptAcquireContextA
CryptAcquireContextW
CryptCreateHash
CryptDecrypt
CryptDeriveKey
CryptDestroyHash
CryptDestroyKey
CryptEncrypt
CryptGenKey
CryptGetUserKey
CryptHashData
CryptReleaseContext
RegCloseKey
RegOpenKeyExA
RegOpenKeyExW
RegQueryValueExW
RegSetValueExA
RegSetValueExW

kernel32

CloseHandle
CreateFileW
CreateProcessW
DeleteCriticalSection
DeleteFileW
EnterCriticalSection
ExitProcess
FindResourceA
GetCommandLineA
GetCurrentProcess
GetLastError
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleW
GetProcAddress
GetStartupInfoA
GetVersion
GetWindowsDirectoryW
InitializeCriticalSection
LeaveCriticalSection
LoadResource
LockResource
MoveFileW
ReadFile
SetUnhandledExceptionFilter
SizeofResource
Sleep
TlsGetValue
VirtualProtect
VirtualQuery
WaitForSingleObject
WriteFile

msvcrt

_strdup
_wcsdup
_wcsicmp
__getmainargs
__mb_cur_max
__p__environ
__p__fmode
__set_app_type
_atoi64
_cexit
_iob
_isctype
_onexit
_pctype
_setmode
_waccess
_wfopen
_wmkdir
abort
atexit
calloc
exit
fclose
fgets
fopen
fread
free
fseek
ftell
fwrite
malloc
memcpy
rand
rewind
signal
sprintf
srand
strchr
strcmp
strncpy
swprintf
time
vfprintf
wcscat
wcscpy
wcslen
wcsncpy
wcsstr
wcstombs

shell32

SHGetFolderPathW

user32

CreateDialogParamA
CreateWindowExA
DestroyWindow
DispatchMessageA
EndDialog
GetDlgItem
GetForegroundWindow
GetMessageA
IsWindow
LoadCursorA
LoadIconA
MessageBoxA
MessageBoxW
PostQuitMessage
SendMessageW
ShowWindow
TranslateMessage
UpdateWindow

Sections

.text
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

/4
Size: 1024B - Virtual size: 1016B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

/14
Size: 512B - Virtual size: 56B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/29
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/41
Size: 512B - Virtual size: 187B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/55
Size: 512B - Virtual size: 308B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/67
Size: 512B - Virtual size: 56B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.09.17_FBI-FLASH-ME-000134-MW/3a39f9087fc5cf0aa1d2caed1bef591e3533dd3b7b2a262c632b2737854c8464
.exe windows:6 windows x86 arch:x86

bfc206eec01057a8d2eddbe5a9d33311

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Users\RS01212M\AppData\Roaming\generator\proj1-FTPCenter\FTPCenter\Release\FTPCenter.pdb

Imports

kernel32

FindNextFileW
FindClose
Sleep
FindFirstFileW
Process32FirstW
Process32NextW
CloseHandle
CreateToolhelp32Snapshot
GetLastError
CreateFileW
HeapSize
ReadConsoleW
WriteConsoleW
SetStdHandle
FindNextFileA
FindFirstFileExA
WideCharToMultiByte
DuplicateHandle
WaitForSingleObjectEx
GetCurrentProcess
GetCurrentThread
GetCurrentThreadId
GetExitCodeThread
EnterCriticalSection
LeaveCriticalSection
TryEnterCriticalSection
DeleteCriticalSection
EncodePointer
DecodePointer
MultiByteToWideChar
QueryPerformanceCounter
SetLastError
InitializeCriticalSectionAndSpinCount
CreateEventW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
GetTickCount
GetModuleHandleW
GetProcAddress
CompareStringW
LCMapStringW
GetLocaleInfoW
GetStringTypeW
GetCPInfo
SetEvent
ResetEvent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
GetCurrentProcessId
InitializeSListHead
CreateTimerQueue
SignalObjectAndWait
SwitchToThread
CreateThread
SetThreadPriority
GetThreadPriority
GetLogicalProcessorInformation
CreateTimerQueueTimer
ChangeTimerQueueTimer
DeleteTimerQueueTimer
GetNumaHighestNodeNumber
GetProcessAffinityMask
SetThreadAffinityMask
RegisterWaitForSingleObject
UnregisterWait
GetThreadTimes
FreeLibrary
FreeLibraryAndExitThread
GetModuleFileNameW
GetModuleHandleA
LoadLibraryExW
GetVersionExW
VirtualAlloc
VirtualFree
VirtualProtect
ReleaseSemaphore
InterlockedPopEntrySList
InterlockedPushEntrySList
InterlockedFlushSList
QueryDepthSList
UnregisterWaitEx
LoadLibraryW
WaitForSingleObject
RtlUnwind
RaiseException
ExitProcess
GetModuleHandleExW
HeapAlloc
ExitThread
HeapFree
HeapReAlloc
GetStdHandle
WriteFile
GetModuleFileNameA
GetCommandLineA
GetCommandLineW
GetACP
DeleteFileW
GetExitCodeProcess
CreateProcessA
GetFileAttributesExW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetFileType
GetProcessHeap
FlushFileBuffers
GetConsoleCP
GetConsoleMode
ReadFile
SetFilePointerEx
IsValidCodePage
GetOEMCP
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA

shell32

SHGetKnownFolderPath
SHGetFolderPathW

wininet

FtpPutFileW
InternetCloseHandle
InternetOpenW
InternetConnectW

advapi32

SystemFunction036

Sections

.text
Size: 245KB - Virtual size: 244KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 65KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 233KB - Virtual size: 232KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.09.17_FBI-FLASH-ME-000134-MW/3b193238eca12dacad1dbd55edd31da7d8936a6cbf916278d4e62b145f1ff43c
.exe windows:5 windows x86 arch:x86

4cfda23baf1e2e983ddfeca47a5c755a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\Projects\WinRAR\SFX\build\sfxrar32\Release\sfxrar.pdb

Imports

comctl32

InitCommonControlsEx

shlwapi

SHAutoComplete

kernel32

FindClose
FindNextFileW
FindFirstFileW
GetVersionExW
GetCurrentDirectoryW
GetFullPathNameW
GetModuleFileNameW
FindResourceW
GetModuleHandleW
FreeLibrary
GetProcAddress
LoadLibraryW
GetCurrentProcessId
GetLocaleInfoW
GetNumberFormatW
SetEnvironmentVariableW
ExpandEnvironmentStringsW
WaitForSingleObject
GetDateFormatW
GetTimeFormatW
FileTimeToSystemTime
FileTimeToLocalFileTime
GetExitCodeProcess
GetTempPathW
MoveFileExW
UnmapViewOfFile
Sleep
MapViewOfFile
GetCommandLineW
CreateFileMappingW
GetTickCount
OpenFileMappingW
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
CreateThread
GetProcessAffinityMask
CreateEventW
CreateSemaphoreW
ReleaseSemaphore
ResetEvent
SetEvent
SetThreadPriority
SystemTimeToFileTime
GetSystemTime
SystemTimeToTzSpecificLocalTime
TzSpecificLocalTimeToSystemTime
LocalFileTimeToFileTime
WideCharToMultiByte
MultiByteToWideChar
CompareStringW
IsDBCSLeadByte
SetFileTime
SetFileAttributesW
SetCurrentDirectoryW
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
LoadLibraryA
GetConsoleMode
GetConsoleCP
InitializeCriticalSectionAndSpinCount
QueryPerformanceCounter
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetModuleHandleA
LCMapStringW
LCMapStringA
IsValidCodePage
GetOEMCP
GetACP
GetModuleFileNameA
ExitProcess
HeapSize
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
VirtualAlloc
VirtualFree
HeapCreate
InterlockedDecrement
GetCurrentThreadId
InterlockedIncrement
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetStartupInfoA
GetCommandLineA
RaiseException
GetFileAttributesW
FlushFileBuffers
ReadFile
GetFileType
SetEndOfFile
SetFilePointer
WriteFile
GetStdHandle
GetLongPathNameW
GetShortPathNameW
GlobalAlloc
MoveFileW
CreateFileW
CreateDirectoryW
DeviceIoControl
RemoveDirectoryW
DeleteFileW
CreateHardLinkW
GetCurrentProcess
CloseHandle
SetLastError
GetLastError
CreateFileA
GetCPInfo
GetSystemTimeAsFileTime
HeapAlloc
HeapReAlloc
HeapFree
RtlUnwind

user32

EnableWindow
GetDlgItem
ShowWindow
SetWindowLongW
GetDC
ReleaseDC
FindWindowExW
GetParent
MapWindowPoints
CreateWindowExW
UpdateWindow
LoadCursorW
RegisterClassExW
DefWindowProcW
DestroyWindow
CopyRect
IsWindow
CharUpperW
OemToCharBuffA
LoadIconW
LoadBitmapW
PostMessageW
GetSysColor
SetForegroundWindow
MessageBoxW
WaitForInputIdle
IsWindowVisible
DialogBoxParamW
DestroyIcon
SetFocus
GetClassNameW
SendDlgItemMessageW
EndDialog
GetDlgItemTextW
SetDlgItemTextW
wvsprintfW
SendMessageW
PeekMessageW
GetMessageW
TranslateMessage
DispatchMessageW
LoadStringW
GetWindowRect
GetClientRect
SetWindowPos
GetWindowTextW
SetWindowTextW
GetSystemMetrics
GetWindow
GetWindowLongW

gdi32

GetDeviceCaps
CreateCompatibleDC
CreateCompatibleBitmap
SelectObject
StretchBlt
DeleteDC
GetObjectW
DeleteObject
CreateDIBSection

comdlg32

GetSaveFileNameW
CommDlgExtendedError
GetOpenFileNameW

advapi32

RegOpenKeyExW
RegQueryValueExW
RegCreateKeyExW
RegSetValueExW
RegCloseKey
SetFileSecurityW
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges

shell32

SHBrowseForFolderW
ShellExecuteExW
SHGetSpecialFolderLocation
SHFileOperationW
SHGetPathFromIDListW
SHGetMalloc
SHChangeNotify
SHGetFileInfoW

ole32

CLSIDFromString
CoCreateInstance
OleInitialize
OleUninitialize
CreateStreamOnHGlobal

oleaut32

VariantInit

Sections

.text
Size: 161KB - Virtual size: 161KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 133KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.09.17_FBI-FLASH-ME-000134-MW/590c33ea344a2ee095004d4069122f0afccbfceee422bb5d2838c32a9026a86a
.exe windows:4 windows x86 arch:x86

3abe302b6d9a1256e6a915429af4ffd2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetTempPathA
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
SetEnvironmentVariableA
Sleep
GetTickCount
GetCommandLineA
lstrlenA
GetVersion
SetErrorMode
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GetWindowsDirectoryA
SetCurrentDirectoryA
GetLastError
CreateDirectoryA
CreateProcessA
RemoveDirectoryA
CreateFileA
GetTempFileNameA
ReadFile
WriteFile
lstrcpyA
MoveFileExA
lstrcatA
GetSystemDirectoryA
GetProcAddress
GetExitCodeProcess
WaitForSingleObject
CompareFileTime
SetFileAttributesA
GetFileAttributesA
GetShortPathNameA
MoveFileA
GetFullPathNameA
SetFileTime
SearchPathA
CloseHandle
lstrcmpiA
CreateThread
GlobalLock
lstrcmpA
FindFirstFileA
FindNextFileA
DeleteFileA
SetFilePointer
GetPrivateProfileStringA
FindClose
MultiByteToWideChar
FreeLibrary
MulDiv
WritePrivateProfileStringA
LoadLibraryExA
GetModuleHandleA
GlobalAlloc
GlobalFree
ExpandEnvironmentStringsA

user32

ScreenToClient
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
PostQuitMessage
GetWindowRect
EnableMenuItem
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
ReleaseDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndDialog
RegisterClassA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
ExitWindowsEx
GetDC
CreateDialogParamA
SetTimer
GetDlgItem
SetWindowLongA
SetForegroundWindow
LoadImageA
IsWindow
SendMessageTimeoutA
FindWindowExA
OpenClipboard
TrackPopupMenu
AppendMenuA
EndPaint
DestroyWindow
wsprintfA
ShowWindow
SetWindowTextA

gdi32

SelectObject
SetBkMode
CreateFontIndirectA
SetTextColor
DeleteObject
GetDeviceCaps
CreateBrushIndirect
SetBkColor

shell32

SHGetSpecialFolderLocation
ShellExecuteExA
SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
SHFileOperationA

advapi32

AdjustTokenPrivileges
RegCreateKeyExA
RegOpenKeyExA
SetFileSecurityA
OpenProcessToken
LookupPrivilegeValueA
RegEnumValueA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegSetValueExA
RegQueryValueExA
RegEnumKeyA

comctl32

ImageList_Create
ImageList_AddMasked
ImageList_Destroy
ord17

ole32

OleUninitialize
OleInitialize
CoTaskMemFree
CoCreateInstance

Sections

.text
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 106KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 40KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.09.17_FBI-FLASH-ME-000134-MW/5b15fe859870c06fa0564faf0901543419640e44d2b392f24102b3e532a94e4b
.dll windows:6 windows x86 arch:x86

e2eaabf6b90ee914a2e63f6f8185b66b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\Users\RS01212M\AppData\Roaming\generator\Proj1\autoGetKbd\Release\autoScreenShot.pdb

Imports

logging

?getConfigurationMain@TextFile@Saving@@SA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@XZ
?KyBuffer@TextFile@Saving@@SAXV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z

kernel32

CreateFileW
HeapSize
GetLocalTime
Sleep
DeleteFileW
CreateDirectoryW
ReadConsoleW
WriteConsoleW
SetStdHandle
GetCommandLineW
GetCommandLineA
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetOEMCP
IsValidCodePage
WideCharToMultiByte
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
EncodePointer
DecodePointer
MultiByteToWideChar
SetLastError
InitializeCriticalSectionAndSpinCount
CreateEventW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
GetModuleHandleW
GetProcAddress
CompareStringW
LCMapStringW
GetLocaleInfoW
GetStringTypeW
GetCPInfo
CloseHandle
SetEvent
ResetEvent
WaitForSingleObjectEx
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
InitializeSListHead
RtlUnwind
RaiseException
GetLastError
FreeLibrary
LoadLibraryExW
GetModuleFileNameW
InterlockedFlushSList
HeapAlloc
HeapReAlloc
HeapFree
ExitProcess
GetModuleHandleExW
GetACP
GetStdHandle
GetFileType
WaitForSingleObject
GetExitCodeProcess
CreateProcessA
GetFileAttributesExW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetProcessHeap
FlushFileBuffers
WriteFile
GetConsoleCP
GetConsoleMode
ReadFile
SetFilePointerEx

user32

ReleaseDC
GetSystemMetrics
GetDC

gdi32

DeleteObject
BitBlt
SelectObject
CreateCompatibleBitmap
CreateCompatibleDC

shell32

SHGetKnownFolderPath

gdiplus

GdipDisposeImage
GdipGetImageEncoders
GdipSaveImageToFile
GdipCreateBitmapFromHBITMAP
GdipGetImageEncodersSize
GdiplusStartup
GdiplusShutdown

advapi32

SystemFunction036

Exports

Exports

?screenShotPrinting@Desktop@nsScreenShot@@SAXH@Z

Sections

.text
Size: 144KB - Virtual size: 144KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.09.17_FBI-FLASH-ME-000134-MW/60f0e5a448dd3a4581a6dfadc375cd5619a1ab2901bd108dcc85f8d77d074dde
.exe windows:4 windows x86 arch:x86

862c13c712cdc26f842fc544c7e15f3e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

advapi32

CryptAcquireContextA
CryptGetUserKey
CryptReleaseContext
CryptGenKey
CryptDestroyKey
CryptAcquireContextW
CryptCreateHash
CryptHashData
CryptDestroyHash
CryptDeriveKey
CryptEncrypt
CryptDecrypt

gdi32

CreateCompatibleDC
CreateCompatibleBitmap
SelectObject
BitBlt
DeleteObject

gdiplus

GdipFree
GdipDisposeImage
GdipDeleteCustomLineCap
GdipCloneImage
GdipAlloc
GdipDeletePrivateFontCollection
GdipDeleteCachedBitmap
GdipGetImageEncodersSize
GdipGetImageEncoders
GdiplusStartup
GdipCreateBitmapFromHBITMAP
GdipSaveImageToFile
GdiplusShutdown

kernel32

AddAtomA
CloseHandle
CreateFileMappingA
CreateFileW
CreateMutexA
CreateSemaphoreA
DeleteCriticalSection
DeleteFileW
EnterCriticalSection
ExitProcess
FileTimeToSystemTime
FindAtomA
GetAtomNameA
GetCommandLineA
GetCommandLineW
GetCurrentThreadId
GetFileInformationByHandle
GetFileSize
GetLastError
GetLocalTime
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleW
GetProcAddress
GetStartupInfoA
GetTickCount
InitializeCriticalSection
InterlockedDecrement
InterlockedIncrement
LeaveCriticalSection
MapViewOfFile
MoveFileW
ReadFile
ReleaseMutex
ReleaseSemaphore
SetFilePointer
SetLastError
SetUnhandledExceptionFilter
Sleep
SystemTimeToFileTime
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
UnmapViewOfFile
VirtualProtect
VirtualQuery
WaitForSingleObject
WideCharToMultiByte
WriteFile
lstrlenA

msvcrt

_wcsicmp
_write
__getmainargs
__p__environ
__p__fmode
__set_app_type
_cexit
_iob
_onexit
_setmode
_waccess
_wfopen
_wmkdir
abort
atexit
calloc
fclose
fputc
fputs
fread
free
fseek
ftell
fwrite
localtime
malloc
mbstowcs
memcmp
memcpy
pow
rand
realloc
rewind
signal
sprintf
srand
strcmp
strcpy
strncpy
swprintf
time
vfprintf
wcscat
wcscmp
wcscpy
wcsftime
wcslen
wcsncpy
wcsstr
wcstombs

shell32

CommandLineToArgvW

user32

GetClipboardData
GetCursorPos
GetDC
GetDesktopWindow
GetForegroundWindow
GetSystemMetrics
GetWindowDC
GetWindowRect
IsClipboardFormatAvailable
OpenClipboard
ReleaseDC

Sections

.text
Size: 79KB - Virtual size: 79KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.eh_fram
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 19KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Malware-Feed-master/2020.09.17_FBI-FLASH-ME-000134-MW/66c51484b653277a5d40cbd2738b33cba8fb5ccc741f0c24634944ec4cac1142
.exe windows:6 windows x86 arch:x86

dd93996dab281a7944d6c11075f125de

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

UnmapViewOfFile
SystemTimeToFileTime
GetTickCount
WriteFile
FileTimeToSystemTime
ReadFile
CreateFileW
GetLocalTime
GetFileInformationByHandle
GlobalLock
GlobalUnlock
InterlockedDecrement
GetTempFileNameW
CreateProcessW
GetExitCodeProcess
GetModuleFileNameW
PeekNamedPipe
SetHandleInformation
CreatePipe
FindFirstFileW
CompareFileTime
FindClose
FindNextFileW
FindResourceW
LoadResource
GetModuleHandleExW
SizeofResource
LockResource
LocalFree
EncodePointer
GetFileAttributesExW
GetSystemTimeAsFileTime
HeapFree
WriteConsoleW
FlushFileBuffers
SetStdHandle
GetCurrentDirectoryW
SetFilePointer
HeapSize
LoadLibraryW
OutputDebugStringW
LCMapStringEx
GetStringTypeW
SetFilePointerEx
GetConsoleMode
GetConsoleCP
RtlUnwind
RaiseException
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetTickCount64
QueryPerformanceCounter
InitOnceExecuteOnce
GetFileType
LoadLibraryExW
GetFileSize
GetTempPathW
GetLastError
TerminateProcess
GetModuleHandleW
GetCurrentProcess
CloseHandle
CreateThread
ReleaseMutex
WaitForSingleObject
CreateMutexW
DeleteFileW
GetStdHandle
GetStartupInfoW
FlsFree
FlsSetValue
ExitProcess
GetProcAddress
GetCommandLineW
FlsGetValue
FlsAlloc
SetUnhandledExceptionFilter
UnhandledExceptionFilter
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
MoveFileW
MultiByteToWideChar
WideCharToMultiByte
GetCurrentThreadId
InterlockedIncrement
GetDriveTypeW
Sleep
SetLastError
GetProcessHeap
GetFullPathNameW
HeapReAlloc
HeapAlloc
IsProcessorFeaturePresent
IsDebuggerPresent
DecodePointer

user32

GetForegroundWindow
GetAsyncKeyState
CallNextHookEx
GetKeyState
GetWindowTextW
GetKeyboardState
GetKeyboardLayout
GetKeyNameTextW
DispatchMessageW
DefWindowProcW
GetWindowThreadProcessId
MessageBoxW
SetWindowsHookExW
ShowWindow
CreateWindowExA
LoadIconW
RegisterClassExW
TranslateMessage
LoadCursorW
PostQuitMessage
GetMessageW
DestroyWindow
GetCursorPos
GetDesktopWindow
ToUnicodeEx
UpdateWindow
GetWindowRect
GetDC
GetSystemMetrics
GetWindowTextLengthW
IsIconic
EnumWindows
IsWindowVisible
CloseClipboard
IsClipboardFormatAvailable
GetClipboardData
OpenClipboard

gdi32

CreateCompatibleBitmap
BitBlt
DeleteObject
SelectObject
CreateCompatibleDC

advapi32

RegCreateKeyExW
RegOpenKeyExW
RegSetValueExW
GetUserNameW

shell32

ShellExecuteA

ole32

CreateStreamOnHGlobal
CoInitialize
CoCreateInstance

oleaut32

SysFreeString
VariantInit
SysAllocString

dnsapi

DnsQuery_W
DnsFree

shlwapi

StrStrIW
PathMatchSpecW

iphlpapi

GetAdaptersInfo

gdiplus

GdiplusStartup
GdipCloneImage
GdipGetImageEncoders
GdiplusShutdown
GdipSaveImageToStream
GdipFree
GdipAlloc
GdipGetImageEncodersSize
GdipDisposeImage
GdipCreateBitmapFromHBITMAP

Sections

.text
Size: 117KB - Virtual size: 117KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 56KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.09.17_FBI-FLASH-ME-000134-MW/875d078761e941c634a982c1eb259ab739c0a925f34f6da6c6a7211507dfcd0c
.dll windows:6 windows x86 arch:x86

29ea21cf1c5e82e35ce9af647648e5f9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\Users\RS01212M\AppData\Roaming\generator\Proj1\autoGetKbd\Release\Logging.pdb

Imports

kernel32

WaitForSingleObject
ReleaseMutex
CreateMutexW
GetLastError
GetLocalTime
DeleteFileW
FindFirstFileW
FindNextFileW
FindClose
CopyFileW
CloseHandle
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
SetEvent
ResetEvent
WaitForSingleObjectEx
CreateEventW
GetModuleHandleW
GetProcAddress
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
WideCharToMultiByte
MultiByteToWideChar
GetStringTypeW
EncodePointer
DecodePointer
SetLastError
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
CompareStringW
LCMapStringW
GetLocaleInfoW
GetCPInfo
FreeLibrary
LoadLibraryExW
GetModuleFileNameW
RaiseException
InterlockedFlushSList
RtlUnwind
ExitProcess
GetModuleHandleExW
HeapAlloc
HeapReAlloc
HeapFree
GetACP
GetStdHandle
GetFileType
GetDateFormatW
GetTimeFormatW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetExitCodeProcess
CreateProcessA
GetFileAttributesExW
FlushFileBuffers
WriteFile
GetConsoleCP
GetConsoleMode
ReadFile
SetFilePointerEx
IsValidCodePage
GetOEMCP
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
GetProcessHeap
GetCommandLineA
GetCommandLineW
GetTimeZoneInformation
SetStdHandle
ReadConsoleW
WriteConsoleW
HeapSize
CreateFileW
SetEndOfFile
CreateDirectoryW

shell32

SHGetKnownFolderPath

shlwapi

PathIsDirectoryEmptyW

advapi32

SystemFunction036

Exports

Exports

?ConfigPath@TextFile@Saving@@SAXXZ
?KyBuffer@TextFile@Saving@@SAXV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z
?getConfigurationMain@TextFile@Saving@@SA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@XZ
?savingToOldFolder@TextFile@Saving@@SAXXZ

Sections

.text
Size: 295KB - Virtual size: 294KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 64KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.09.17_FBI-FLASH-ME-000134-MW/93a973d625fe697e7004e90db45c872660ece35a97816355aadf545801ce40bd
.vbs
Malware-Feed-master/2020.09.17_FBI-FLASH-ME-000134-MW/96f8c17daa65c4ad24838d3852caa68ffb49fc6b2204b011ec28241d22cc7733
.exe windows:4 windows x86 arch:x86

6d26c857784eea32ac92dcb74e598644

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

oleaut32

VariantCopy
SysAllocStringLen
SysFreeString
SysStringByteLen
SysStringLen
VariantClear
SysAllocString

user32

CharUpperW

advapi32

OpenProcessToken
GetFileSecurityW
SetFileSecurityW
RegQueryValueExW
RegCloseKey
RegOpenKeyExW
AdjustTokenPrivileges
LookupPrivilegeValueW

msvcrt

_controlfp
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
__p___initenv
exit
_XcptFilter
_exit
_onexit
__dllonexit
??1type_info@@UAE@XZ
?terminate@@YAXXZ
_except_handler3
_beginthreadex
memcmp
_purecall
strlen
memset
wcscmp
wcsstr
strcmp
memmove
fputs
fputc
fflush
fgetc
fclose
_iob
free
_CxxThrowException
malloc
memcpy
__CxxFrameHandler
_isatty
_fileno

kernel32

WaitForSingleObject
SetEvent
InitializeCriticalSection
VirtualAlloc
SetConsoleMode
GetConsoleMode
GetVersionExW
SetFileApisToOEM
GetCommandLineW
GetConsoleScreenBufferInfo
SetConsoleCtrlHandler
DeleteCriticalSection
IsProcessorFeaturePresent
EnterCriticalSection
LeaveCriticalSection
GetProcessTimes
OpenEventW
OpenFileMappingW
MapViewOfFile
UnmapViewOfFile
SetProcessAffinityMask
GetStdHandle
GetSystemTimeAsFileTime
FileTimeToDosDateTime
GlobalMemoryStatus
GetSystemInfo
GetProcessAffinityMask
FileTimeToLocalFileTime
FileTimeToSystemTime
CompareFileTime
GetCurrentProcess
GetDiskFreeSpaceW
GetFileInformationByHandle
SetEndOfFile
WriteFile
ReadFile
DeviceIoControl
SetFilePointer
GetFileSize
GetLogicalDriveStringsW
GetLastError
MultiByteToWideChar
WideCharToMultiByte
FreeLibrary
LoadLibraryExW
LoadLibraryW
GetModuleFileNameW
LocalFree
FormatMessageW
GetFileAttributesW
CloseHandle
SetFileTime
CreateFileW
SetFileAttributesW
RemoveDirectoryW
MoveFileW
GetProcAddress
GetModuleHandleW
CreateDirectoryW
DeleteFileW
SetLastError
SetCurrentDirectoryW
GetCurrentDirectoryW
GetTempPathW
GetCurrentProcessId
GetTickCount
GetCurrentThreadId
FindClose
FindFirstFileW
FindNextFileW
GetModuleHandleA
VirtualFree

Sections

.text
Size: 216KB - Virtual size: 216KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 46KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.sxdata
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 363KB - Virtual size: 362KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.09.17_FBI-FLASH-ME-000134-MW/9ce13cd2bd4539852a6b5a1cacd98c7d07e4fe5cb5423a74a5141b84511b4e28
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 72KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 41KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Malware-Feed-master/2020.09.17_FBI-FLASH-ME-000134-MW/9f30986f2dc078cb827f61605186c25b938378f54d97028e65276a2c85abf3dd
.vbs
Malware-Feed-master/2020.09.17_FBI-FLASH-ME-000134-MW/README.md
Malware-Feed-master/2020.09.17_FBI-FLASH-ME-000134-MW/a1481b251328b50d268b815debd614f539039e6e7012c90b66daee717712d524
.apk android arch:arm64 arch:arm arch:mips64 arch:mips arch:x86 arch:x64

com.android.providers.optimizer

com.android.providers.optimizer.ao

Activities

com.android.providers.optimizer.ao

android.intent.action.MAIN

Permissions

android.permission.RECEIVE_BOOT_COMPLETED
android.permission.INTERNET
android.permission.ACCESS_NETWORK_STATE
android.permission.RECORD_AUDIO
android.permission.READ_SMS
android.permission.READ_PHONE_STATE
android.permission.READ_EXTERNAL_STORAGE
android.permission.READ_CONTACTS
android.permission.READ_CALENDAR
android.permission.CAMERA
android.permission.ACCESS_FINE_LOCATION
android.permission.ACCESS_COARSE_LOCATION

Receivers

com.android.providers.optimizer.ar

android.intent.action.BOOT_COMPLETED

com.android.providers.optimizer.ad

android.app.action.DEVICE_ADMIN_ENABLED
android.app.action.ACTION_PASSWORD_CHANGED
android.app.action.ACTION_PASSWORD_FAILED
android.app.action.ACTION_PASSWORD_SUCCEEDED

Services

com.android.providers.optimizer.s

android.accessibilityservice.AccessibilityService
Malware-Feed-master/2020.09.17_FBI-FLASH-ME-000134-MW/ad48423b4392462bac6b8e936d671532567e7f745915ba21288bb8ed675bb39f
Malware-Feed-master/2020.09.17_FBI-FLASH-ME-000134-MW/bee25b20cddb75b90de027624b454aa3a3c8eac052898226c74a7d73822553fb
.exe windows:6 windows x86 arch:x86

a39a51c29cb1cd157a382f48eb649f48

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Users\RS01212M\AppData\Roaming\generator\proj1-FTPCenter\FTPCenter\Release\Task.pdb

Imports

kernel32

Process32NextW
CloseHandle
Process32FirstW
CreateToolhelp32Snapshot
Sleep
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
SetEvent
ResetEvent
WaitForSingleObjectEx
CreateEventW
GetModuleHandleW
GetProcAddress
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
WideCharToMultiByte
DuplicateHandle
GetCurrentThread
GetExitCodeThread
TryEnterCriticalSection
EncodePointer
DecodePointer
MultiByteToWideChar
SetLastError
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetTickCount
CompareStringW
LCMapStringW
GetLocaleInfoW
GetStringTypeW
GetCPInfo
GetLastError
FreeLibrary
LoadLibraryExW
GetModuleFileNameW
RaiseException
InterlockedPushEntrySList
InterlockedFlushSList
RtlUnwind
ExitProcess
GetModuleHandleExW
GetStdHandle
WriteFile
GetModuleFileNameA
GetCommandLineA
GetCommandLineW
GetACP
HeapAlloc
CreateThread
ExitThread
FreeLibraryAndExitThread
HeapFree
HeapReAlloc
GetFileType
WaitForSingleObject
GetExitCodeProcess
CreateProcessA
GetFileAttributesExW
FlushFileBuffers
GetConsoleCP
GetConsoleMode
ReadFile
SetFilePointerEx
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
IsValidCodePage
GetOEMCP
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
GetProcessHeap
FindClose
FindFirstFileExA
FindNextFileA
SetStdHandle
ReadConsoleW
WriteConsoleW
HeapSize
CreateFileW
SetEndOfFile
CreateTimerQueue
SignalObjectAndWait
SwitchToThread
SetThreadPriority
GetThreadPriority
GetLogicalProcessorInformation
CreateTimerQueueTimer
ChangeTimerQueueTimer
DeleteTimerQueueTimer
GetNumaHighestNodeNumber
GetProcessAffinityMask
SetThreadAffinityMask
RegisterWaitForSingleObject
UnregisterWait
GetThreadTimes
GetModuleHandleA
GetVersionExW
VirtualAlloc
VirtualFree
VirtualProtect
ReleaseSemaphore
InterlockedPopEntrySList
QueryDepthSList
UnregisterWaitEx
LoadLibraryW

shell32

SHGetFolderPathW

advapi32

SystemFunction036

Sections

.text
Size: 226KB - Virtual size: 226KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 62KB - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 67KB - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.09.17_FBI-FLASH-ME-000134-MW/c2ac4367d1a7773e3c77ba4f92be0690b2ac3706be17b3ff87a1e5180a29795b
.dll windows:5 windows x64 arch:x64

9dfa7d1b7ab40ef1124100a066e748a3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

GetSystemDirectoryW
LoadLibraryW
Sleep
GetModuleFileNameW
lstrlenW
GetProcAddress
CreateThread
HeapSize
GetStringTypeW
MultiByteToWideChar
GetCurrentThreadId
FlsSetValue
GetCommandLineA
GetLastError
HeapFree
RtlUnwindEx
EncodePointer
FlsGetValue
FlsFree
SetLastError
FlsAlloc
GetModuleHandleW
ExitProcess
DecodePointer
SetHandleCount
GetStdHandle
InitializeCriticalSectionAndSpinCount
GetFileType
GetStartupInfoW
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapSetInformation
GetVersion
HeapCreate
HeapDestroy
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
TerminateProcess
GetCurrentProcess
LeaveCriticalSection
EnterCriticalSection
HeapAlloc
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
HeapReAlloc
WriteFile
LCMapStringW

user32

CharLowerW

shlwapi

PathFileExistsW
PathFindFileNameW
PathAppendW

Sections

.text
Size: 21KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 934B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.09.17_FBI-FLASH-ME-000134-MW/c8bc6144fe3c97a062572e7d1c3db5ccd1c1f6ea9ceaac4a492aa31befd9e0c9
.exe windows:5 windows x64 arch:x64

0822777feb8e7fd010d6791c4438bd5d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

user32

MessageBoxA

kernel32

CloseHandle
SetEndOfFile
GetLastError
SetDllDirectoryW
GetModuleFileNameW
GetProcAddress
GetCommandLineW
GetEnvironmentVariableW
SetEnvironmentVariableW
ExpandEnvironmentStringsW
GetTempPathW
WaitForSingleObject
Sleep
GetExitCodeProcess
CreateProcessW
GetStartupInfoW
LoadLibraryExW
GetShortPathNameW
FormatMessageA
LoadLibraryA
MultiByteToWideChar
WideCharToMultiByte
HeapReAlloc
HeapSize
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetModuleHandleW
RtlUnwindEx
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetCommandLineA
ReadFile
CreateFileW
GetDriveTypeW
GetFileType
RaiseException
PeekNamedPipe
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
GetFullPathNameW
GetFullPathNameA
CreateDirectoryW
RemoveDirectoryW
FindClose
FindFirstFileExW
FindNextFileW
SetStdHandle
SetConsoleCtrlHandler
DeleteFileW
GetStdHandle
WriteFile
ExitProcess
GetModuleHandleExW
GetACP
HeapFree
HeapAlloc
GetConsoleMode
ReadConsoleW
SetFilePointerEx
GetConsoleCP
CompareStringW
LCMapStringW
GetCurrentDirectoryW
FlushFileBuffers
SetEnvironmentVariableA
GetFileAttributesExW
IsValidCodePage
GetOEMCP
GetCPInfo
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetStringTypeW
GetProcessHeap
WriteConsoleW
GetTimeZoneInformation

ws2_32

ntohl

Sections

.text
Size: 130KB - Virtual size: 130KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 61KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 512B - Virtual size: 172B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 59KB - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.09.17_FBI-FLASH-ME-000134-MW/d6ac1d0599bd4972263f0db15815f753dff1644095ba862897eaf50dec9a1f1c
.dll windows:4 windows x86 arch:x86

77f306126855a0e2b18a1df504ca2a48

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

oleaut32

SysAllocStringByteLen
SysAllocStringLen
SysAllocString
SysFreeString
SysStringLen
VariantCopy
VariantClear

user32

CharPrevExA
CharUpperW

msvcrt

_adjust_fdiv
_initterm
_onexit
__dllonexit
?terminate@@YAXXZ
??1type_info@@UAE@XZ
_except_handler3
_beginthreadex
strchr
strcat
strcpy
memset
realloc
free
malloc
strlen
wcscmp
strcmp
strstr
_CxxThrowException
memmove
memcpy
memcmp
_purecall
__CxxFrameHandler

kernel32

GetModuleHandleW
InitializeCriticalSection
ReleaseSemaphore
CreateSemaphoreW
ResetEvent
SetEvent
CreateEventW
WaitForSingleObject
InterlockedIncrement
VirtualFree
VirtualAlloc
QueryPerformanceCounter
FileTimeToLocalFileTime
DeleteCriticalSection
GetVersionExW
LocalFileTimeToFileTime
WaitForMultipleObjects
EnterCriticalSection
LeaveCriticalSection
GetSystemTimeAsFileTime
FileTimeToDosDateTime
DosDateTimeToFileTime
GlobalMemoryStatus
GetSystemInfo
GetCurrentProcess
GetProcessAffinityMask
CompareFileTime
WriteFile
ReadFile
GetFileAttributesW
GetModuleHandleA
GetLastError
MultiByteToWideChar
WideCharToMultiByte
CloseHandle
CreateFileW
SetFileAttributesW
GetProcAddress
CreateDirectoryW
DeleteFileW
SetLastError
GetTempPathW
GetCurrentProcessId
GetTickCount
GetCurrentThreadId
FindClose
FindFirstFileW

Exports

Exports

CreateDecoder
CreateEncoder
CreateObject
GetHandlerProperty
GetHandlerProperty2
GetHashers
GetIsArc
GetMethodProperty
GetNumberOfFormats
GetNumberOfMethods
SetCaseSensitive
SetCodecs
SetLargePageMode

Sections

.text
Size: 844KB - Virtual size: 844KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 117KB - Virtual size: 116KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.sxdata
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 95KB - Virtual size: 94KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 35KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.09.17_FBI-FLASH-ME-000134-MW/ded249291d46651cf63618f6bd071dae18e651e7d4ac6bce5ae27c5b6a068b9f
.exe windows:4 windows x86 arch:x86

f3605538045c5df3fda0025d07f93a4d

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

advapi32

CryptAcquireContextA
CryptGetUserKey
CryptReleaseContext
CryptGenKey
CryptDestroyKey
CryptAcquireContextW
CryptCreateHash
CryptHashData
CryptDestroyHash
CryptDeriveKey
CryptEncrypt
CryptDecrypt

gdi32

DeleteObject
CreateCompatibleDC
CreateCompatibleBitmap
SelectObject
BitBlt

gdiplus

GdipCloneImage
GdipAlloc
GdipFree
GdipDisposeImage
GdipDeletePrivateFontCollection
GdipDeleteCachedBitmap
GdipDeleteCustomLineCap
GdipGetImageEncodersSize
GdipGetImageEncoders
GdiplusStartup
GdipCreateBitmapFromHBITMAP
GdipSaveImageToFile
GdiplusShutdown

kernel32

AddAtomA
CloseHandle
CreateEventA
CreateFileMappingA
CreateFileW
CreateMutexA
CreateSemaphoreA
DeleteCriticalSection
DeleteFileW
DuplicateHandle
EnterCriticalSection
ExitProcess
FileTimeToSystemTime
FindAtomA
GetAtomNameA
GetCommandLineA
GetCommandLineW
GetCurrentProcess
GetCurrentThread
GetCurrentThreadId
GetFileInformationByHandle
GetFileSize
GetHandleInformation
GetLastError
GetLocalTime
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleW
GetProcAddress
GetProcessAffinityMask
GetStartupInfoA
GetThreadContext
GetThreadPriority
GetTickCount
InitializeCriticalSection
InterlockedDecrement
InterlockedExchange
InterlockedExchangeAdd
InterlockedIncrement
LeaveCriticalSection
MapViewOfFile
MoveFileW
ReadFile
ReleaseMutex
ReleaseSemaphore
ResetEvent
ResumeThread
SetCriticalSectionSpinCount
SetEvent
SetFilePointer
SetLastError
SetProcessAffinityMask
SetThreadContext
SetThreadPriority
SetUnhandledExceptionFilter
Sleep
SuspendThread
SystemTimeToFileTime
TlsAlloc
TlsGetValue
TlsSetValue
TryEnterCriticalSection
UnmapViewOfFile
VirtualProtect
VirtualQuery
WaitForMultipleObjects
WaitForSingleObject
WideCharToMultiByte
WriteFile
lstrlenA

msvcrt

_wcsicmp
_write
__getmainargs
__p__environ
__p__fmode
__set_app_type
_beginthreadex
_cexit
_endthreadex
_ftime
_iob
_onexit
_setjmp
_setmode
_waccess
_wfopen
_wmkdir
abort
atexit
calloc
exit
fclose
fprintf
fputc
fputs
fread
free
fseek
ftell
fwrite
localtime
longjmp
malloc
mbstowcs
memcmp
memcpy
memmove
memset
pow
printf
rand
realloc
rewind
signal
sprintf
srand
strcmp
strcpy
strlen
strncpy
swprintf
time
vfprintf
wcscat
wcscmp
wcscpy
wcsftime
wcslen
wcsncpy
wcsstr
wcstombs

shell32

CommandLineToArgvW

user32

GetClipboardData
GetCursorPos
GetDC
GetDesktopWindow
GetForegroundWindow
GetSystemMetrics
GetWindowDC
GetWindowRect
IsClipboardFormatAvailable
OpenClipboard
ReleaseDC

Sections

.text
Size: 130KB - Virtual size: 129KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 20B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.eh_fram
Size: 1024B - Virtual size: 1016B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 20KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 28B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Malware-Feed-master/2020.09.17_FBI-FLASH-ME-000134-MW/e59522181911b0fdd183e3451b86bba3454b9c7e18abb895e44ed4c233b3c2dd
.exe windows:4 windows x86 arch:x86

3abe302b6d9a1256e6a915429af4ffd2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetTempPathA
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
SetEnvironmentVariableA
Sleep
GetTickCount
GetCommandLineA
lstrlenA
GetVersion
SetErrorMode
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GetWindowsDirectoryA
SetCurrentDirectoryA
GetLastError
CreateDirectoryA
CreateProcessA
RemoveDirectoryA
CreateFileA
GetTempFileNameA
ReadFile
WriteFile
lstrcpyA
MoveFileExA
lstrcatA
GetSystemDirectoryA
GetProcAddress
GetExitCodeProcess
WaitForSingleObject
CompareFileTime
SetFileAttributesA
GetFileAttributesA
GetShortPathNameA
MoveFileA
GetFullPathNameA
SetFileTime
SearchPathA
CloseHandle
lstrcmpiA
CreateThread
GlobalLock
lstrcmpA
FindFirstFileA
FindNextFileA
DeleteFileA
SetFilePointer
GetPrivateProfileStringA
FindClose
MultiByteToWideChar
FreeLibrary
MulDiv
WritePrivateProfileStringA
LoadLibraryExA
GetModuleHandleA
GlobalAlloc
GlobalFree
ExpandEnvironmentStringsA

user32

ScreenToClient
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
PostQuitMessage
GetWindowRect
EnableMenuItem
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
ReleaseDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndDialog
RegisterClassA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
ExitWindowsEx
GetDC
CreateDialogParamA
SetTimer
GetDlgItem
SetWindowLongA
SetForegroundWindow
LoadImageA
IsWindow
SendMessageTimeoutA
FindWindowExA
OpenClipboard
TrackPopupMenu
AppendMenuA
EndPaint
DestroyWindow
wsprintfA
ShowWindow
SetWindowTextA

gdi32

SelectObject
SetBkMode
CreateFontIndirectA
SetTextColor
DeleteObject
GetDeviceCaps
CreateBrushIndirect
SetBkColor

shell32

SHGetSpecialFolderLocation
ShellExecuteExA
SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
SHFileOperationA

advapi32

AdjustTokenPrivileges
RegCreateKeyExA
RegOpenKeyExA
SetFileSecurityA
OpenProcessToken
LookupPrivilegeValueA
RegEnumValueA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegSetValueExA
RegQueryValueExA
RegEnumKeyA

comctl32

ImageList_Create
ImageList_AddMasked
ImageList_Destroy
ord17

ole32

OleUninitialize
OleInitialize
CoTaskMemFree
CoCreateInstance

Sections

.text
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 106KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 40KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 41KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.09.17_FBI-FLASH-ME-000134-MW/ea9070fc1fe5ea500ef0de631f478d8881d4c9f960cc7730d79d8d33a427fdbe
.exe windows:4 windows x86 arch:x86

d3b82c859b4f03fdd805e53cafbc9c9b

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

d3d9

Direct3DCreate9

d3dx9_43

D3DXCreateTextureFromResourceA
D3DXCreateSprite

kernel32

AddAtomA
CloseHandle
CreateEventA
CreateFileW
CreateMutexA
CreateSemaphoreA
CreateThread
DeleteCriticalSection
DuplicateHandle
EnterCriticalSection
ExitProcess
FindAtomA
GetAtomNameA
GetCommandLineA
GetCommandLineW
GetCurrentProcess
GetCurrentThread
GetCurrentThreadId
GetFileSize
GetHandleInformation
GetLastError
GetModuleHandleA
GetProcAddress
GetProcessAffinityMask
GetStartupInfoA
GetThreadContext
GetThreadPriority
GetTickCount
InitializeCriticalSection
InterlockedDecrement
InterlockedExchange
InterlockedExchangeAdd
InterlockedIncrement
IsDBCSLeadByteEx
LeaveCriticalSection
MultiByteToWideChar
ReadFile
ReleaseMutex
ReleaseSemaphore
ResetEvent
ResumeThread
SetCriticalSectionSpinCount
SetEvent
SetLastError
SetProcessAffinityMask
SetThreadContext
SetThreadPriority
SetUnhandledExceptionFilter
Sleep
SuspendThread
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TryEnterCriticalSection
VirtualProtect
VirtualQuery
WaitForMultipleObjects
WaitForSingleObject
WideCharToMultiByte

msvcrt

_wcsdup
_write
__getmainargs
__mb_cur_max
__p__environ
__p__fmode
__set_app_type
_beginthreadex
_cexit
_endthreadex
_errno
_ftime
_iob
_onexit
_setjmp
_setmode
abort
atexit
atoi
calloc
exit
fprintf
fputc
fputs
free
fwrite
getenv
iswctype
localeconv
longjmp
malloc
memchr
memcmp
memcpy
memmove
memset
printf
puts
realloc
setlocale
signal
sprintf
strchr
strcmp
strcoll
strerror
strftime
strlen
strtod
strxfrm
swprintf
towlower
towupper
vfprintf
wcscoll
wcsftime
wcslen
wcsstr
wcsxfrm

shell32

CommandLineToArgvW

user32

CreateWindowExA
DefWindowProcA
DispatchMessageA
GetSystemMetrics
LoadBitmapA
LoadCursorA
LoadIconA
PeekMessageA
PostQuitMessage
RegisterClassExA
ShowWindow
TranslateMessage
wsprintfW

winhttp

WinHttpOpen
WinHttpConnect
WinHttpOpenRequest
WinHttpAddRequestHeaders
WinHttpSendRequest
WinHttpReceiveResponse
WinHttpQueryHeaders
WinHttpCloseHandle
WinHttpQueryDataAvailable
WinHttpReadData

Sections

.text
Size: 378KB - Virtual size: 378KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 596B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.eh_fram
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 25KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 28B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 222KB - Virtual size: 222KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Malware-Feed-master/2020.09.17_FBI-FLASH-ME-000134-MW/eb8883d23bca4d9be3423db41b417c2dce4e1ba5cf2a317fc2d460d99006765f
.exe windows:6 windows x86 arch:x86

924620af135f046bdef1200c17859fc6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Users\RS01212M\AppData\Roaming\generator\Proj1\autoGetKbd\Release\MyApplication.pdb

Imports

logging

?ConfigPath@TextFile@Saving@@SAXXZ
?savingToOldFolder@TextFile@Saving@@SAXXZ

autoscreenshot

?screenShotPrinting@Desktop@nsScreenShot@@SAXH@Z

autogetkbd

?execHooking@clsHooking@Hooking@@SAXXZ

kernel32

RegisterWaitForSingleObject
HeapSize
ReadConsoleW
WriteConsoleW
SetStdHandle
CreateToolhelp32Snapshot
Sleep
Process32NextW
Process32FirstW
CloseHandle
FindNextFileA
FindFirstFileExA
FindClose
WideCharToMultiByte
EnterCriticalSection
LeaveCriticalSection
TryEnterCriticalSection
DeleteCriticalSection
GetCurrentThreadId
DuplicateHandle
WaitForSingleObjectEx
GetCurrentProcess
GetCurrentThread
GetExitCodeThread
QueryPerformanceCounter
SetLastError
InitializeCriticalSectionAndSpinCount
CreateEventW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
GetTickCount
GetModuleHandleW
GetProcAddress
EncodePointer
DecodePointer
MultiByteToWideChar
CompareStringW
LCMapStringW
GetLocaleInfoW
GetStringTypeW
GetCPInfo
SetEvent
ResetEvent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
GetCurrentProcessId
InitializeSListHead
CreateTimerQueue
GetLastError
SignalObjectAndWait
SwitchToThread
CreateThread
SetThreadPriority
GetThreadPriority
GetLogicalProcessorInformation
CreateTimerQueueTimer
ChangeTimerQueueTimer
DeleteTimerQueueTimer
GetNumaHighestNodeNumber
GetProcessAffinityMask
SetThreadAffinityMask
UnregisterWait
GetThreadTimes
FreeLibrary
FreeLibraryAndExitThread
GetModuleFileNameW
GetModuleHandleA
LoadLibraryExW
GetVersionExW
VirtualAlloc
VirtualFree
VirtualProtect
ReleaseSemaphore
InterlockedPopEntrySList
InterlockedPushEntrySList
InterlockedFlushSList
QueryDepthSList
UnregisterWaitEx
LoadLibraryW
RtlUnwind
RaiseException
ExitProcess
GetModuleHandleExW
GetConsoleMode
ReadConsoleInputA
SetConsoleMode
HeapAlloc
HeapFree
ExitThread
HeapReAlloc
GetStdHandle
WriteFile
GetModuleFileNameA
GetCommandLineA
GetCommandLineW
GetACP
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
CreateFileW
GetProcessHeap
GetFileType
FlushFileBuffers
GetConsoleCP
ReadFile
SetFilePointerEx
IsValidCodePage
GetOEMCP
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA

advapi32

SystemFunction036

Sections

.text
Size: 208KB - Virtual size: 208KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 61KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 67KB - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.09.17_FBI-FLASH-ME-000134-MW/f845276dfd9d5753f659dab8c12a38eba1f71fdc16b6faae1316622dc9cab455
.exe windows:5 windows x64 arch:x64

fed7ea9a160cc21d44b88832a9514ee5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

GetFileSize
GetCurrentProcess
GetSystemDirectoryA
GetModuleFileNameA
LocalFree
WriteConsoleW
HeapSize
FlushFileBuffers
GetConsoleMode
LocalFileTimeToFileTime
SetFileTime
CreateFileA
DosDateTimeToFileTime
DeleteFileA
CloseHandle
CompareStringA
GetLastError
MultiByteToWideChar
CreateFileW
ReadFile
WriteFile
SetFilePointer
HeapReAlloc
GetConsoleCP
LoadLibraryW
GetStringTypeW
SetStdHandle
LCMapStringW
CreateDirectoryA
WideCharToMultiByte
GetSystemTimeAsFileTime
GetProcessHeap
HeapFree
HeapAlloc
lstrlenA
GetCommandLineA
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
EncodePointer
DecodePointer
RtlUnwindEx
EnterCriticalSection
LeaveCriticalSection
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
FlsGetValue
FlsSetValue
FlsFree
SetLastError
GetCurrentThreadId
FlsAlloc
GetProcAddress
GetModuleHandleW
ExitProcess
GetStdHandle
GetModuleFileNameW
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
InitializeCriticalSectionAndSpinCount
GetFileType
GetStartupInfoW
DeleteCriticalSection
HeapSetInformation
GetVersion
HeapCreate
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
Sleep

user32

CharLowerA

advapi32

GetUserNameW
SetSecurityDescriptorControl
SetSecurityDescriptorGroup
GetTokenInformation
CopySid
RegSetValueExA
RegQueryValueExA
RegCloseKey
SetSecurityDescriptorSacl
IsValidSecurityDescriptor
SetEntriesInAclW
SetSecurityDescriptorOwner
RegOpenKeyExA
SetSecurityDescriptorDacl
LookupAccountNameW
InitializeSecurityDescriptor
OpenProcessToken

shell32

ShellExecuteA

shlwapi

PathAppendA
PathFileExistsA
PathFindFileNameA
PathRemoveFileSpecA

cabinet

ord23
ord22
ord20

Sections

.text
Size: 50KB - Virtual size: 50KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 448B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.09.17_FBI-FLASH-ME-000134-MW/fc2c7cfde5175a5dfcb3519d65b7dcf8d1303b0c2a3ee92d0a7ba4400940974b
Malware-Feed-master/2020.09.18_Checkpoint-Rampant_Kitten/013edd19a9e796d54b82dc34a400a0981c5e17fd65a235dd45231e7ef06ee53b
.exe windows:5 windows x86 arch:x86

245a5a365f2934f27bd1b1adf6e05422

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\Users\To-ph\Desktop\bypass 93-09-17\SelfExtract_Unicode_921028\Release\Example.pdb

Imports

shell32

ShellExecuteW

kernel32

VirtualAlloc
CopyFileW
GetTempPathW
GetShortPathNameW
GetModuleFileNameW
WideCharToMultiByte
InterlockedIncrement
InterlockedDecrement
InterlockedCompareExchange
InterlockedExchange
MultiByteToWideChar
Sleep
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RaiseException
GetCPInfo
GetLastError
HeapFree
RtlUnwind
GetCommandLineA
GetStartupInfoA
LCMapStringA
LCMapStringW
GetStringTypeW
HeapAlloc
GetModuleHandleW
GetProcAddress
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetCurrentThreadId
GetStringTypeA
HeapCreate
VirtualFree
HeapReAlloc
SetHandleCount
GetStdHandle
GetFileType
WriteFile
GetConsoleCP
GetConsoleMode
FlushFileBuffers
ReadFile
SetFilePointer
CloseHandle
ExitProcess
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
GetACP
GetOEMCP
IsValidCodePage
GetLocaleInfoA
HeapSize
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
GetLocaleInfoW
InitializeCriticalSectionAndSpinCount
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetStdHandle
CreateFileW
LoadLibraryA
CreateFileA
SetEndOfFile
GetProcessHeap

Sections

.text
Size: 101KB - Virtual size: 101KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 282KB - Virtual size: 281KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.09.18_Checkpoint-Rampant_Kitten/023151cf0fb47d758946fa85a952a2b6758fbbfb762083a01bb70c5a6d96c781
.exe windows:5 windows x64 arch:x64

c2f96b3b616c28eb7ebba5ee95605fda

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\To-ph\Desktop\93.03.05\downloader-uncompltednl-64-930307\x64\Debug\pa2-64.pdb

Imports

kernel32

GetProcAddress
FreeLibrary
CopyFileW
CreateDirectoryW
LoadLibraryA
GetModuleFileNameW
GetShortPathNameW
GetVersionExA
CompareStringW
CompareStringA
FlushFileBuffers
CloseHandle
CreateFileA
RaiseException
RtlPcToFileHeader
GetCommandLineA
GetStartupInfoA
HeapSize
HeapValidate
IsBadReadPtr
RtlUnwindEx
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
FatalAppExitA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
DebugBreak
WideCharToMultiByte
MultiByteToWideChar
lstrlenA
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
GetModuleHandleW
Sleep
ExitProcess
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetLastError
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
EncodePointer
DecodePointer
TlsAlloc
FlsGetValue
FlsSetValue
FlsAlloc
FlsFree
SetLastError
GetCurrentThread
HeapSetInformation
HeapCreate
HeapDestroy
WriteFile
HeapAlloc
HeapReAlloc
HeapQueryInformation
HeapFree
GetACP
GetOEMCP
GetCPInfo
IsValidCodePage
InitializeCriticalSectionAndSpinCount
OutputDebugStringA
WriteConsoleW
OutputDebugStringW
SetConsoleCtrlHandler
LoadLibraryW
GetProcessHeap
VirtualQuery
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetTimeFormatA
GetDateFormatA
GetLocaleInfoA
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
GetLocaleInfoW
GetTimeZoneInformation
SetFilePointer
GetConsoleCP
GetConsoleMode
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
SetEnvironmentVariableA

user32

FindWindowExA
FindWindowA

shell32

SHGetSpecialFolderPathW

Sections

.text
Size: 436KB - Virtual size: 435KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 86KB - Virtual size: 86KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.09.18_Checkpoint-Rampant_Kitten/07247bb81cca445e0df110d73ea6bf7eb327cc99b614b99dfbcb5632025c99a0
.exe windows:5 windows x86 arch:x86

a42dc50e3192a1164db2bc45bf0a51e3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\Users\MRH\Desktop\Source 920208\SelfExtract_Unicode_921028\Debug\Example.pdb

Imports

shlwapi

PathFileExistsW

shell32

ShellExecuteW

kernel32

GetStdHandle
CompareStringW
CompareStringA
SetEndOfFile
CopyFileW
GetTempPathW
GetShortPathNameW
GetModuleFileNameW
InterlockedIncrement
InterlockedDecrement
WideCharToMultiByte
MultiByteToWideChar
InterlockedCompareExchange
InterlockedExchange
Sleep
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
RaiseException
RtlUnwind
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCPInfo
GetCommandLineA
GetStartupInfoA
HeapValidate
IsBadReadPtr
GetLastError
LCMapStringA
LCMapStringW
GetStringTypeW
DebugBreak
lstrlenA
GetProcAddress
LoadLibraryA
FatalAppExitA
TlsGetValue
GetModuleHandleW
TlsAlloc
TlsSetValue
GetCurrentThreadId
TlsFree
SetLastError
GetCurrentThread
WriteFile
GetConsoleCP
GetConsoleMode
SetHandleCount
SetEnvironmentVariableA
GetFileType
ReadFile
SetFilePointer
FlushFileBuffers
CloseHandle
OutputDebugStringA
WriteConsoleW
OutputDebugStringW
ExitProcess
SetConsoleCtrlHandler
LoadLibraryW
GetStringTypeA
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapDestroy
HeapCreate
HeapFree
VirtualFree
HeapAlloc
HeapSize
HeapReAlloc
VirtualAlloc
GetACP
GetOEMCP
IsValidCodePage
GetTimeFormatA
GetDateFormatA
GetLocaleInfoA
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
GetProcessHeap
VirtualQuery
FreeLibrary
InitializeCriticalSectionAndSpinCount
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
GetLocaleInfoW
CreateFileW
GetTimeZoneInformation
CreateFileA

Sections

.textbss
Size: - Virtual size: 225KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 479KB - Virtual size: 479KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 87KB - Virtual size: 87KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 282KB - Virtual size: 281KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.09.18_Checkpoint-Rampant_Kitten/085a42cf3705bade9cd970f003f82158563aba06e9152e00928778bc0bd9585e
.exe windows:5 windows x86 arch:x86

a42dc50e3192a1164db2bc45bf0a51e3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\Users\MRH\Desktop\Source 920208\SelfExtract_Unicode_921028\Debug\Example.pdb

Imports

shlwapi

PathFileExistsW

shell32

ShellExecuteW

kernel32

GetStdHandle
CompareStringW
CompareStringA
SetEndOfFile
CopyFileW
GetTempPathW
GetShortPathNameW
GetModuleFileNameW
InterlockedIncrement
InterlockedDecrement
WideCharToMultiByte
MultiByteToWideChar
InterlockedCompareExchange
InterlockedExchange
Sleep
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
RaiseException
RtlUnwind
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCPInfo
GetCommandLineA
GetStartupInfoA
HeapValidate
IsBadReadPtr
GetLastError
LCMapStringA
LCMapStringW
GetStringTypeW
DebugBreak
lstrlenA
GetProcAddress
LoadLibraryA
FatalAppExitA
TlsGetValue
GetModuleHandleW
TlsAlloc
TlsSetValue
GetCurrentThreadId
TlsFree
SetLastError
GetCurrentThread
WriteFile
GetConsoleCP
GetConsoleMode
SetHandleCount
SetEnvironmentVariableA
GetFileType
ReadFile
SetFilePointer
FlushFileBuffers
CloseHandle
OutputDebugStringA
WriteConsoleW
OutputDebugStringW
ExitProcess
SetConsoleCtrlHandler
LoadLibraryW
GetStringTypeA
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapDestroy
HeapCreate
HeapFree
VirtualFree
HeapAlloc
HeapSize
HeapReAlloc
VirtualAlloc
GetACP
GetOEMCP
IsValidCodePage
GetTimeFormatA
GetDateFormatA
GetLocaleInfoA
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
GetProcessHeap
VirtualQuery
FreeLibrary
InitializeCriticalSectionAndSpinCount
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
GetLocaleInfoW
CreateFileW
GetTimeZoneInformation
CreateFileA

Sections

.textbss
Size: - Virtual size: 225KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 479KB - Virtual size: 479KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 87KB - Virtual size: 87KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 282KB - Virtual size: 281KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.09.18_Checkpoint-Rampant_Kitten/08b61faed24b35224a505dd9cbf39cd59776627de7991161d376134a854c3227
.dll windows:5 windows x86 arch:x86

2f30f140af237bf8066a4d456cae3034

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\Users\TOPH\Desktop\sefareshi-downloader-folder\32-whois-931011-tagged-DesDoc\HookInjEx_DLL\Debug\HookInjEx.pdb

Imports

shlwapi

PathFileExistsW
PathFindExtensionW

ws2_32

recv
WSACleanup
send
shutdown
connect
inet_addr
htons
socket
inet_ntoa
gethostbyname
WSAStartup
ntohs
closesocket

wininet

InternetCheckConnectionA

crypt32

CryptUnprotectData

kernel32

GlobalLock
MoveFileW
Sleep
CreateDirectoryW
DeleteFileW
CloseHandle
ReadFile
SetFilePointer
CreateFileW
GetLastError
WaitForSingleObject
CreateProcessW
GetComputerNameA
GetShortPathNameW
GetTempPathW
FindClose
FindFirstFileW
GetFileAttributesW
FindNextFileW
CopyFileW
SetFileTime
SystemTimeToFileTime
TzSpecificLocalTimeToSystemTime
GetFileSize
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
GetFileTime
DeleteCriticalSection
InitializeCriticalSection
GetVolumeInformationA
GetDriveTypeA
GetLogicalDriveStringsA
SetCurrentDirectoryA
VirtualFree
GetLocalTime
VirtualAlloc
WriteFile
HeapFree
HeapAlloc
GetProcessHeap
GetComputerNameW
DisableThreadLibraryCalls
FreeLibrary
LoadLibraryA
GetModuleFileNameA
FindResourceA
SizeofResource
LockResource
LoadResource
FindResourceExA
InterlockedCompareExchange
WideCharToMultiByte
MultiByteToWideChar
AreFileApisANSI
SetEndOfFile
FlushFileBuffers
UnlockFile
LockFile
LockFileEx
GetVersionExA
UnmapViewOfFile
UnlockFileEx
MapViewOfFile
CreateFileMappingA
CreateFileA
GetTempPathA
GlobalUnlock
DeleteFileA
GetFileAttributesExW
GetFullPathNameA
GetFullPathNameW
GetDiskFreeSpaceA
GetDiskFreeSpaceW
LoadLibraryW
FormatMessageA
LocalFree
FormatMessageW
GetProcAddress
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTime
GetSystemTimeAsFileTime
GetSystemInfo
GetStringTypeA
HeapCreate
GetEnvironmentStrings
FreeEnvironmentStringsA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetModuleHandleA
GetConsoleMode
GetConsoleCP
SetConsoleCtrlHandler
ExitProcess
WriteConsoleW
SetLastError
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
IsValidCodePage
GetOEMCP
GetACP
GetTimeZoneInformation
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
DebugBreak
FatalAppExitA
GetCPInfo
LCMapStringW
InterlockedExchange
LCMapStringA
IsBadReadPtr
EnterCriticalSection
LeaveCriticalSection
GetTickCount
GetStringTypeW
GetLocaleInfoA
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
InitializeCriticalSectionAndSpinCount
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
CompareStringW
SetEnvironmentVariableA
SetEnvironmentVariableW
GetLocaleInfoW
CompareStringA
InterlockedDecrement
InterlockedIncrement
SetEvent
OpenEventA
OutputDebugStringA
OutputDebugStringW
HeapValidate
GetCommandLineA
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetDateFormatA
GetTimeFormatA
ResumeThread
ExitThread
GetCurrentThreadId
CreateThread
VirtualQuery
GetModuleHandleW
RaiseException
FileTimeToLocalFileTime
GetFileAttributesA
VirtualProtect
RtlUnwind
GetModuleFileNameW
OpenFileMappingA
GetCurrentThread
HeapDestroy
HeapSize
HeapReAlloc
lstrlenA
LocalFileTimeToFileTime

user32

GetKeyboardState
GetPriorityClipboardFormat
DefWindowProcA
CloseClipboard
GetClipboardData
OpenClipboard
IsClipboardFormatAvailable
GetWindowTextW
GetForegroundWindow
PostQuitMessage
ChangeClipboardChain
SendMessageA
SetClipboardViewer
DispatchMessageA
TranslateMessage
GetMessageA
SetTimer
CallNextHookEx
ToUnicodeEx
GetKeyboardLayout
GetWindowThreadProcessId
UnhookWindowsHookEx
CreateWindowExA
RegisterClassExA
LoadCursorA
LoadIconA
SystemParametersInfoA
RegisterWindowMessageA
CallWindowProcA
SetWindowsHookExA
SetWindowLongA

gdi32

RestoreDC
GetObjectA
CreateDCA
CreateCompatibleDC
GetDeviceCaps
CreateDIBSection
SaveDC
SelectObject
BitBlt
DeleteObject
DeleteDC

advapi32

OpenThreadToken
RegCreateKeyA
GetUserNameW
RevertToSelf
SetThreadToken
RegSetValueExW
RegSetValueExA

shell32

SHGetSpecialFolderPathA
SHGetSpecialFolderPathW
ShellExecuteW
DragQueryFileA
DragQueryFileW

gdiplus

GdiplusShutdown
GdipDisposeImage
GdipFree
GdipCloneImage
GdipAlloc
GdipCreateBitmapFromScan0
GdipCreateBitmapFromHBITMAP
GdipGetImageEncodersSize
GdipGetImageEncoders
GdiplusStartup
GdipSaveImageToFile

urlmon

URLDownloadToFileW
URLDownloadToFileA

iphlpapi

GetTcpTable
GetAdaptersInfo

winmm

mixerClose
mixerGetNumDevs
mixerOpen
mixerGetDevCapsA
mixerGetLineInfoA
waveInOpen
waveInPrepareHeader
waveInAddBuffer
waveInStart
waveInReset
waveInUnprepareHeader
waveInClose

Exports

Exports

?InjectDll@@YAHPAUHWND__@@QAGHH@Z
?g_bSubclassed@@3HA
?strcat_s2@@YAHPADHPBD@Z
?strcpy_s2@@YAHPADHPBD@Z
?wcscat_s2@@YAHPAGHPBG@Z
?wcscpy_s2@@YAHPAGHPBG@Z

Sections

.textbss
Size: - Virtual size: 677KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 165KB - Virtual size: 165KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.shared
Size: 38KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.09.18_Checkpoint-Rampant_Kitten/09f953c4abfa799e2137887db5e90ddb993f76d20ce22a5ca290e43ae07074b7
.dll windows:5 windows x86 arch:x86

b2c47c180c97a2e6e3bbde8da002c294

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\Users\To-ph\Desktop\93.03.05\downloader-uncompltednl-32-930307\Debug\pa2_dll.pdb

Imports

kernel32

GetModuleFileNameA
DeleteFileW
GetComputerNameW
CompareStringW
CompareStringA
SetEndOfFile
CreateFileA
GetLocaleInfoW
GetTimeZoneInformation
LoadLibraryA
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
VirtualQuery
GetProcessHeap
FreeLibrary
DisableThreadLibraryCalls
GetShortPathNameW
CreateDirectoryW
Sleep
InitializeCriticalSectionAndSpinCount
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
GetLocaleInfoA
GetStringTypeW
CreateFileW
MoveFileW
InterlockedIncrement
InterlockedDecrement
InterlockedExchange
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
ResumeThread
GetLastError
CreateThread
ExitThread
CloseHandle
MultiByteToWideChar
RtlUnwind
RaiseException
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetModuleFileNameW
GetCurrentThreadId
GetCommandLineA
HeapValidate
IsBadReadPtr
WideCharToMultiByte
LCMapStringA
LCMapStringW
GetCPInfo
FatalAppExitA
DebugBreak
lstrlenA
GetProcAddress
TlsGetValue
GetModuleHandleW
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetCurrentThread
ExitProcess
GetACP
GetOEMCP
IsValidCodePage
WriteFile
GetConsoleCP
GetConsoleMode
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
ReadFile
SetFilePointer
FlushFileBuffers
OutputDebugStringA
WriteConsoleW
OutputDebugStringW
SetConsoleCtrlHandler
LoadLibraryW
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapDestroy
HeapCreate
HeapFree
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
HeapAlloc
HeapSize
HeapReAlloc
VirtualAlloc
GetTimeFormatA
GetDateFormatA
GetStringTypeA
SetEnvironmentVariableA

user32

DispatchMessageA
GetWindowThreadProcessId
SetWindowsHookExA
SendMessageA
CallWindowProcA
UnhookWindowsHookEx
CallNextHookEx
RegisterWindowMessageA
SetTimer
GetMessageA
TranslateMessage

advapi32

GetUserNameW
RegCreateKeyA
RegSetValueExA
RegSetValueExW

shell32

SHGetSpecialFolderPathW

shlwapi

PathFileExistsW

urlmon

URLDownloadToFileW

iphlpapi

GetAdaptersInfo

Exports

Exports

InjectDll

Sections

.textbss
Size: - Virtual size: 215KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 460KB - Virtual size: 459KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 88KB - Virtual size: 87KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.shared
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.09.18_Checkpoint-Rampant_Kitten/0af51a0ffb5798fb90a14070809fa9909195068ad1b91c1cadf5633b521e5132
.exe windows:5 windows x86 arch:x86

a4bd8c5fbd80e712fce08f60143ed84e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Users\TOPH\Desktop\node 32\downloader-uncompltednl-32-930307-faz\Debug\pa2.pdb

Imports

kernel32

GetProcAddress
GetShortPathNameW
GetCurrentProcess
GetModuleHandleA
FreeLibrary
LoadLibraryA
GetTempPathW
GetCurrentDirectoryW
Sleep
CopyFileW
CreateDirectoryW
GetModuleFileNameW
GetVersionExA
CompareStringW
CompareStringA
SetEndOfFile
CreateFileA
GetLocaleInfoW
GetTimeZoneInformation
CreateFileW
GetConsoleOutputCP
InterlockedIncrement
InterlockedDecrement
InterlockedExchange
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetLastError
MultiByteToWideChar
RtlUnwind
RaiseException
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCommandLineA
GetStartupInfoA
HeapValidate
IsBadReadPtr
WideCharToMultiByte
LCMapStringA
LCMapStringW
GetCPInfo
FatalAppExitA
DebugBreak
lstrlenA
GetACP
GetOEMCP
IsValidCodePage
TlsGetValue
GetModuleHandleW
TlsAlloc
TlsSetValue
GetCurrentThreadId
TlsFree
SetLastError
GetCurrentThread
WriteFile
GetConsoleCP
GetConsoleMode
SetHandleCount
GetStdHandle
GetFileType
ReadFile
SetFilePointer
FlushFileBuffers
CloseHandle
OutputDebugStringA
WriteConsoleW
OutputDebugStringW
ExitProcess
SetConsoleCtrlHandler
LoadLibraryW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapDestroy
HeapCreate
HeapFree
VirtualFree
HeapAlloc
HeapSize
HeapReAlloc
VirtualAlloc
GetTimeFormatA
GetDateFormatA
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
InitializeCriticalSectionAndSpinCount
GetProcessHeap
VirtualQuery
SetStdHandle
WriteConsoleA
SetEnvironmentVariableA

user32

FindWindowExA
FindWindowA

shell32

SHGetSpecialFolderPathW
ShellExecuteW

shlwapi

PathFileExistsW

Sections

.textbss
Size: - Virtual size: 217KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 463KB - Virtual size: 463KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 87KB - Virtual size: 87KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.09.18_Checkpoint-Rampant_Kitten/0e4a8eb2fe861c45071626da24147e922b167efb543e37ace7466c74c1e98be6
.exe windows:5 windows x64 arch:x64

ad072cb86af239191553e12b165426e4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

D:\Desktop 96\labrator\Other Lan+zoggy - eset\32-without-H-F-S-V-961217 - TR-tel-debug\HookInjEx\Debug\HookInjEx.pdb

Imports

kernel32

GetCurrentDirectoryW
LoadLibraryA
CreateFileW
ExitProcess
GetShortPathNameW
GetProcAddress
CopyFileW
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
SetLastError
InitializeCriticalSectionAndSpinCount
CreateEventW
Sleep
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
GetTickCount
GetModuleHandleW
IsDebuggerPresent
RaiseException
MultiByteToWideChar
WideCharToMultiByte
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
InitializeSListHead
GetStartupInfoW
GetLastError
HeapAlloc
HeapFree
GetProcessHeap
VirtualQuery
RtlPcToFileHeader
RtlUnwindEx
GetModuleFileNameW
InterlockedPushEntrySList
InterlockedFlushSList
LoadLibraryExW
EncodePointer
GetModuleFileNameA
GetModuleHandleExW
HeapSize
HeapValidate
GetSystemInfo
GetStdHandle
WriteFile
GetACP
GetCurrentThread
GetFileType
OutputDebugStringA
OutputDebugStringW
WriteConsoleW
CloseHandle
WaitForSingleObjectEx
CreateThread
SetConsoleCtrlHandler
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
HeapReAlloc
HeapQueryInformation
FindClose
FindFirstFileExA
FindFirstFileExW
FindNextFileA
FindNextFileW
IsValidCodePage
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
SetEnvironmentVariableW
SetStdHandle
GetStringTypeW
FlushFileBuffers
GetConsoleCP
GetConsoleMode
SetFilePointerEx
FreeLibrary

user32

FindWindowExW

drvupdtd

?NCDevCall@@YAHPEAUHWND__@@QEAGHH@Z
?wcscat_s2@@YAHPEAGHPEBG@Z
?wcscpy_s2@@YAHPEAGHPEBG@Z

advapi32

SystemFunction036

Sections

.text
Size: 814KB - Virtual size: 814KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 205KB - Virtual size: 204KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 38KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.00cfg
Size: 512B - Virtual size: 283B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.09.18_Checkpoint-Rampant_Kitten/0f7082926241659fbebd229cdc41abe358be49110a80729b9ee891f2f7dcdf16
.exe windows:6 windows x86 arch:x86

cd9bf5bced3d238099c1801d60fa6baa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\Desktop 96\labrator\Other Lan+zoggy - eset\rreegg32 961214 without expire date\HookInjEx\Debug\HookInjEx.pdb

Imports

shlwapi

PathFileExistsW

kernel32

DeleteFileW
DecodePointer
RaiseException
GetLastError
SetLastError
HeapDestroy
HeapAlloc
HeapReAlloc
HeapFree
HeapSize
GetProcessHeap
InitializeCriticalSectionEx
DeleteCriticalSection
Sleep
FreeLibrary
GetProcAddress
LoadLibraryA
CopyFileW
MultiByteToWideChar
CreateFileW
FlushFileBuffers
SetFilePointerEx
GetConsoleMode
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
CreateEventW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
GetTickCount
GetModuleHandleW
IsDebuggerPresent
OutputDebugStringW
CloseHandle
SetEvent
ResetEvent
WaitForSingleObjectEx
IsProcessorFeaturePresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
WideCharToMultiByte
GetCurrentProcess
TerminateProcess
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
InitializeSListHead
VirtualQuery
RtlUnwind
LoadLibraryExW
GetModuleFileNameW
InterlockedPushEntrySList
InterlockedFlushSList
EncodePointer
GetModuleFileNameA
GetModuleHandleExW
HeapValidate
GetSystemInfo
ExitProcess
GetStdHandle
WriteFile
GetACP
GetCurrentThread
GetFileType
OutputDebugStringA
WriteConsoleW
CreateThread
SetConsoleCtrlHandler
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
HeapQueryInformation
FindClose
FindFirstFileExA
FindFirstFileExW
FindNextFileA
FindNextFileW
IsValidCodePage
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
SetEnvironmentVariableW
SetStdHandle
GetStringTypeW
GetConsoleCP

user32

UnregisterClassA

shell32

SHGetSpecialFolderPathW

advapi32

SystemFunction036

Sections

.text
Size: 697KB - Virtual size: 697KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 159KB - Virtual size: 159KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 1024B - Virtual size: 777B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.00cfg
Size: 512B - Virtual size: 260B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.09.18_Checkpoint-Rampant_Kitten/13e924700a346234eaf2376c61ef0a36c86d94847b232a4ad772e35e0b9a6e87
.exe windows:5 windows x86 arch:x86

4df47bd79d7fe79953651a03293f0e8f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetLastError
SetDllDirectoryW
GetModuleFileNameW
GetProcAddress
GetCommandLineW
GetEnvironmentVariableW
SetEnvironmentVariableW
ExpandEnvironmentStringsW
GetTempPathW
WaitForSingleObject
Sleep
GetExitCodeProcess
CreateProcessW
GetStartupInfoW
LoadLibraryExW
GetShortPathNameW
FormatMessageW
LoadLibraryA
MultiByteToWideChar
WideCharToMultiByte
DecodePointer
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetModuleHandleW
RtlUnwind
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetCommandLineA
ReadFile
CreateFileW
GetDriveTypeW
GetFileType
CloseHandle
PeekNamedPipe
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
GetFullPathNameW
GetFullPathNameA
CreateDirectoryW
RemoveDirectoryW
FindClose
FindFirstFileExW
FindNextFileW
SetStdHandle
SetConsoleCtrlHandler
DeleteFileW
GetStdHandle
WriteFile
ExitProcess
GetModuleHandleExW
GetACP
HeapFree
HeapAlloc
GetConsoleMode
ReadConsoleW
SetFilePointerEx
GetConsoleCP
CompareStringW
LCMapStringW
GetCurrentDirectoryW
FlushFileBuffers
SetEnvironmentVariableA
GetFileAttributesExW
IsValidCodePage
GetOEMCP
GetCPInfo
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetStringTypeW
GetProcessHeap
WriteConsoleW
GetTimeZoneInformation
HeapSize
HeapReAlloc
SetEndOfFile
RaiseException

ws2_32

ntohl

Sections

.text
Size: 125KB - Virtual size: 124KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 44KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 184B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 122KB - Virtual size: 121KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.09.18_Checkpoint-Rampant_Kitten/1b8cd7c93dce63878dadae0cf77482ae367477841a4604c6a842158466790737
.exe windows:5 windows x86 arch:x86

a42dc50e3192a1164db2bc45bf0a51e3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\Users\MRH\Desktop\Source 920208\SelfExtract_Unicode_921028\Debug\Example.pdb

Imports

shlwapi

PathFileExistsW

shell32

ShellExecuteW

kernel32

GetStdHandle
CompareStringW
CompareStringA
SetEndOfFile
CopyFileW
GetTempPathW
GetShortPathNameW
GetModuleFileNameW
InterlockedIncrement
InterlockedDecrement
WideCharToMultiByte
MultiByteToWideChar
InterlockedCompareExchange
InterlockedExchange
Sleep
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
RaiseException
RtlUnwind
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCPInfo
GetCommandLineA
GetStartupInfoA
HeapValidate
IsBadReadPtr
GetLastError
LCMapStringA
LCMapStringW
GetStringTypeW
DebugBreak
lstrlenA
GetProcAddress
LoadLibraryA
FatalAppExitA
TlsGetValue
GetModuleHandleW
TlsAlloc
TlsSetValue
GetCurrentThreadId
TlsFree
SetLastError
GetCurrentThread
WriteFile
GetConsoleCP
GetConsoleMode
SetHandleCount
SetEnvironmentVariableA
GetFileType
ReadFile
SetFilePointer
FlushFileBuffers
CloseHandle
OutputDebugStringA
WriteConsoleW
OutputDebugStringW
ExitProcess
SetConsoleCtrlHandler
LoadLibraryW
GetStringTypeA
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapDestroy
HeapCreate
HeapFree
VirtualFree
HeapAlloc
HeapSize
HeapReAlloc
VirtualAlloc
GetACP
GetOEMCP
IsValidCodePage
GetTimeFormatA
GetDateFormatA
GetLocaleInfoA
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
GetProcessHeap
VirtualQuery
FreeLibrary
InitializeCriticalSectionAndSpinCount
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
GetLocaleInfoW
CreateFileW
GetTimeZoneInformation
CreateFileA

Sections

.textbss
Size: - Virtual size: 225KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 479KB - Virtual size: 479KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 87KB - Virtual size: 87KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 282KB - Virtual size: 281KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.09.18_Checkpoint-Rampant_Kitten/21118e91cc1537c849a382d87cb113568c5e6d6ce204e8f4592c26f74f713f79
.exe windows:5 windows x86 arch:x86

481c2ae9a9e00cae2e2b92d2047964db

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

wininet

InternetGetConnectedState
DeleteUrlCacheEntryW

winspool.drv

DocumentPropertiesW
ClosePrinter
OpenPrinterW
GetDefaultPrinterW
EnumPrintersW

comctl32

ImageList_GetImageInfo
FlatSB_SetScrollInfo
InitCommonControls
ImageList_DragMove
ImageList_Destroy
_TrackMouseEvent
ImageList_DragShowNolock
ImageList_Add
FlatSB_SetScrollProp
ImageList_GetDragImage
ImageList_Create
ImageList_EndDrag
ImageList_DrawEx
ImageList_SetImageCount
FlatSB_GetScrollPos
FlatSB_SetScrollPos
InitializeFlatSB
ImageList_Copy
FlatSB_GetScrollInfo
ImageList_Write
ImageList_SetBkColor
ImageList_GetBkColor
ImageList_BeginDrag
ImageList_GetIcon
ImageList_Replace
ImageList_GetImageCount
ImageList_DragEnter
ImageList_GetIconSize
ImageList_SetIconSize
ImageList_Read
ImageList_DragLeave
ImageList_LoadImageW
ImageList_Draw
ImageList_Remove
ImageList_ReplaceIcon
ImageList_SetOverlayImage

shell32

Shell_NotifyIconW
ShellExecuteW

urlmon

URLDownloadToFileW

user32

CopyImage
CreateWindowExW
GetMenuItemInfoW
SetMenuItemInfoW
DefFrameProcW
GetDCEx
PeekMessageW
MonitorFromWindow
GetDlgCtrlID
SetTimer
WindowFromPoint
BeginPaint
RegisterClipboardFormatW
FrameRect
MapVirtualKeyW
IsWindowUnicode
RegisterWindowMessageW
FillRect
GetMenuStringW
DispatchMessageW
CreateAcceleratorTableW
SendMessageA
IsClipboardFormatAvailable
DefMDIChildProcW
EnumWindows
GetClassInfoW
ShowOwnedPopups
GetSystemMenu
GetScrollRange
GetScrollPos
SetScrollPos
GetActiveWindow
SetActiveWindow
DrawEdge
GetKeyboardLayoutList
LoadBitmapW
DrawFocusRect
EnumChildWindows
GetScrollBarInfo
ReleaseCapture
UnhookWindowsHookEx
LoadCursorW
GetCapture
SetCapture
CreatePopupMenu
ScrollWindow
ShowCaret
GetMenuItemID
GetLastActivePopup
CharLowerBuffW
GetSystemMetrics
SetWindowLongW
PostMessageW
DrawMenuBar
SetParent
IsZoomed
CharUpperBuffW
GetClientRect
IsChild
ClientToScreen
GetClipboardData
SetClipboardData
SetWindowPlacement
IsIconic
CallNextHookEx
GetMonitorInfoW
ShowWindow
CheckMenuItem
CharUpperW
DefWindowProcW
GetForegroundWindow
SetForegroundWindow
GetWindowTextW
GetWindowTextLengthW
EnableWindow
DestroyWindow
IsDialogMessageW
EndMenu
RegisterClassW
CharNextW
GetWindowThreadProcessId
RedrawWindow
GetDC
GetFocus
SetFocus
EndPaint
ReleaseDC
MsgWaitForMultipleObjectsEx
LoadKeyboardLayoutW
GetClassLongW
ActivateKeyboardLayout
GetParent
DrawTextW
SetScrollRange
MonitorFromRect
InsertMenuItemW
PeekMessageA
GetPropW
SetClassLongW
MessageBoxW
MessageBeep
SetPropW
RemovePropW
UpdateWindow
GetSubMenu
MsgWaitForMultipleObjects
DestroyMenu
DestroyIcon
SetWindowsHookExW
EmptyClipboard
IsWindowVisible
DispatchMessageA
UnregisterClassW
GetTopWindow
SendMessageW
AdjustWindowRectEx
DrawIcon
IsWindow
EnumThreadWindows
InvalidateRect
GetKeyboardState
DrawFrameControl
ScreenToClient
SetCursor
CreateIcon
CreateMenu
LoadStringW
CharLowerW
SetWindowRgn
SetWindowPos
GetMenuItemCount
RemoveMenu
GetSysColorBrush
GetKeyboardLayoutNameW
GetWindowDC
TranslateMessage
OpenClipboard
DrawTextExW
MapWindowPoints
EnumDisplayMonitors
CallWindowProcW
CountClipboardFormats
CloseClipboard
DestroyCursor
EnumClipboardFormats
GetScrollInfo
SetWindowTextW
GetMessageExtraInfo
EnableScrollBar
GetSysColor
TrackPopupMenu
CopyIcon
DrawIconEx
PostQuitMessage
GetClassNameW
ShowScrollBar
EnableMenuItem
GetIconInfo
GetMessagePos
SetScrollInfo
GetKeyNameTextW
GetDesktopWindow
GetCursorPos
SetCursorPos
HideCaret
GetMenu
GetMenuState
SetMenu
SetRect
GetKeyState
FindWindowExW
MonitorFromPoint
SystemParametersInfoW
LoadIconW
GetCursor
GetWindow
GetWindowLongW
GetWindowRect
InsertMenuW
KillTimer
WaitMessage
IsWindowEnabled
IsDialogMessageA
TranslateMDISysAccel
GetWindowPlacement
FindWindowW
DeleteMenu
GetKeyboardLayout

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

oleaut32

SysFreeString
VariantClear
VariantInit
GetErrorInfo
SysReAllocStringLen
SafeArrayCreate
SysAllocStringLen
SafeArrayPtrOfIndex
SafeArrayGetUBound
SafeArrayGetLBound
VariantCopy
VariantChangeType

advapi32

RegSetValueExW
RegConnectRegistryW
RegEnumKeyExW
RegLoadKeyW
GetUserNameW
RegDeleteKeyW
RegOpenKeyExW
RegQueryInfoKeyW
RegUnLoadKeyW
RegSaveKeyW
RegDeleteValueW
RegReplaceKeyW
RegFlushKey
RegQueryValueExW
RegEnumValueW
RegCloseKey
RegCreateKeyExW
RegRestoreKeyW

netapi32

NetWkstaGetInfo
NetApiBufferFree

msvcrt

memcpy
memset

kernel32

GetACP
LocalFree
CloseHandle
GetCurrentProcessId
SizeofResource
VirtualProtect
QueryPerformanceFrequency
IsDebuggerPresent
FindNextFileW
GetFullPathNameW
VirtualFree
ExitProcess
HeapAlloc
GetCPInfoExW
GlobalSize
GetLongPathNameW
RtlUnwind
GetCPInfo
EnumSystemLocalesW
GetStdHandle
GetTimeZoneInformation
FileTimeToLocalFileTime
SystemTimeToTzSpecificLocalTime
GetModuleHandleW
FreeLibrary
TryEnterCriticalSection
HeapDestroy
FileTimeToDosDateTime
ReadFile
CreateProcessW
HeapSize
GetLastError
GetModuleFileNameW
SetLastError
GlobalAlloc
GlobalUnlock
FindResourceW
CreateThread
CompareStringW
CopyFileW
CreateMutexW
LoadLibraryA
ResetEvent
MulDiv
FreeResource
GetDriveTypeW
GetVersion
RaiseException
MoveFileW
GlobalAddAtomW
FormatMessageW
OpenProcess
SwitchToThread
GetExitCodeThread
GetCurrentThread
LoadLibraryExW
LockResource
FileTimeToSystemTime
GetCurrentThreadId
UnhandledExceptionFilter
VirtualQuery
GlobalFindAtomW
VirtualQueryEx
GlobalFree
Sleep
EnterCriticalSection
SetFilePointer
LoadResource
SuspendThread
GetTickCount
WaitForMultipleObjects
GetFileSize
GetStartupInfoW
GlobalDeleteAtom
GetFileAttributesW
InitializeCriticalSection
GetThreadPriority
GetCurrentProcess
SetThreadPriority
GlobalLock
VirtualAlloc
GetSystemInfo
GetCommandLineW
GetTempPathW
LeaveCriticalSection
GetProcAddress
ResumeThread
GetLogicalDriveStringsW
GetVersionExW
VerifyVersionInfoW
HeapCreate
GetDiskFreeSpaceW
VerSetConditionMask
FindFirstFileW
GetUserDefaultUILanguage
lstrlenW
QueryPerformanceCounter
SetEndOfFile
HeapFree
WideCharToMultiByte
FindClose
MultiByteToWideChar
LoadLibraryW
SetEvent
CreateFileW
GetLocaleInfoW
EnumResourceNamesW
DeleteFileW
GetEnvironmentVariableW
GetLocalTime
WaitForSingleObject
WriteFile
ExitThread
DeleteCriticalSection
GetDateFormatW
TlsGetValue
SetErrorMode
GetComputerNameW
IsValidLocale
TlsSetValue
CreateDirectoryW
GetSystemDefaultUILanguage
EnumCalendarInfoW
LocalAlloc
RemoveDirectoryW
CreateEventW
WaitForMultipleObjectsEx
SetThreadLocale
GetThreadLocale

shfolder

SHGetFolderPathW

ole32

IsEqualGUID
OleInitialize
OleUninitialize
CoInitialize
CoCreateInstance
CoUninitialize
CoTaskMemFree
CoTaskMemAlloc

iphlpapi

GetAdaptersInfo
GetNumberOfInterfaces

gdi32

Pie
SetBkMode
CreateCompatibleBitmap
GetEnhMetaFileHeader
RectVisible
AngleArc
ResizePalette
SetAbortProc
SetTextColor
StretchBlt
RoundRect
RestoreDC
SetRectRgn
GetTextMetricsW
GetWindowOrgEx
CreatePalette
PolyBezierTo
CreateICW
CreateDCW
GetStockObject
CreateSolidBrush
Polygon
MoveToEx
PlayEnhMetaFile
Ellipse
StartPage
GetBitmapBits
StartDocW
AbortDoc
GetSystemPaletteEntries
GetEnhMetaFileBits
GetEnhMetaFilePaletteEntries
CreatePenIndirect
CreateFontIndirectW
PolyBezier
EndDoc
GetObjectW
GetWinMetaFileBits
SetROP2
GetEnhMetaFileDescriptionW
ArcTo
Arc
SelectPalette
ExcludeClipRect
MaskBlt
SetWindowOrgEx
EndPage
DeleteEnhMetaFile
Chord
SetDIBits
SetViewportOrgEx
CreateRectRgn
RealizePalette
SetDIBColorTable
GetDIBColorTable
CreateBrushIndirect
PatBlt
SetEnhMetaFileBits
Rectangle
SaveDC
DeleteDC
FrameRgn
BitBlt
GetDeviceCaps
GetTextExtentPoint32W
GetClipBox
IntersectClipRect
Polyline
CreateBitmap
SetWinMetaFileBits
GetStretchBltMode
CreateDIBitmap
SetStretchBltMode
GetDIBits
CreateDIBSection
LineTo
GetRgnBox
EnumFontsW
CreateHalftonePalette
SelectObject
DeleteObject
ExtFloodFill
UnrealizeObject
CopyEnhMetaFileW
SetBkColor
CreateCompatibleDC
GetBrushOrgEx
GetCurrentPositionEx
GetNearestPaletteIndex
GetTextExtentPointW
ExtTextOutW
SetBrushOrgEx
GetPixel
GdiFlush
SetPixel
EnumFontFamiliesExW
StretchDIBits
GetPaletteEntries

Exports

Exports

TMethodImplementationIntercept
__dbk_fcall_wrapper
dbkFCallWrapperAddr

Sections

.text
Size: 2.6MB - Virtual size: 2.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 60KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 26KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.didata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 162B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: - Virtual size: 72B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 93B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 237KB - Virtual size: 236KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 409KB - Virtual size: 409KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.debug
Size: 10.8MB - Virtual size: 10.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.09.18_Checkpoint-Rampant_Kitten/233ee2ea02322d3da68217ab4b51722a4a3aa833667a45377dfd4742d5979c4c
.exe windows:5 windows x86 arch:x86

e5420782542be729da73f4d04115ce35

Code Sign

97:2f:ad:a2:bc:13:fa:55:c5:d4:7f:ef:56:ae:e0:f4
Certificate

Issuer

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

23-05-2019 00:00

Not After

23-05-2023 23:59

Subject

CN=Sublime HQ Pty Ltd,O=Sublime HQ Pty Ltd,POSTALCODE=2028,STREET=377 New South Head Rd+STREET=Suite 102,L=Doubte Bay,ST=NSW,C=AU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02-11-2018 00:00

Not After

31-12-2030 23:59

Subject

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:fd:6d:30:fc:a3:ca:51:a8:1b:bc:64:0e:35:03:2d
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

01-02-2010 00:00

Not After

18-01-2038 23:59

Subject

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

3d:1a:35:72:30:15:82:63:30:d0:13:71:7e:82:41:08
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

02-05-2019 00:00

Not After

01-08-2030 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #1,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02-05-2019 00:00

Not After

18-01-2038 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

e3:aa:31:21:34:f5:8f:a2:b3:be:51:d5:91:c2:0f:7c:a5:54:d1:f5:0a:cf:02:b5:e5:31:d8:96:a4:51:23:7a
Signer

Actual PE Digest

e3:aa:31:21:34:f5:8f:a2:b3:be:51:d5:91:c2:0f:7c:a5:54:d1:f5:0a:cf:02:b5:e5:31:d8:96:a4:51:23:7a

Digest Algorithm

sha256

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

winspool.drv

DocumentPropertiesW
ClosePrinter
OpenPrinterW
GetDefaultPrinterW
EnumPrintersW

comctl32

ImageList_GetImageInfo
FlatSB_SetScrollInfo
ImageList_DragMove
ImageList_Destroy
_TrackMouseEvent
ImageList_DragShowNolock
ImageList_Add
FlatSB_SetScrollProp
ImageList_GetDragImage
ImageList_Create
ImageList_EndDrag
ImageList_DrawEx
ImageList_SetImageCount
FlatSB_GetScrollPos
FlatSB_SetScrollPos
InitializeFlatSB
ImageList_Copy
FlatSB_GetScrollInfo
ImageList_Write
ImageList_SetBkColor
ImageList_GetBkColor
ImageList_BeginDrag
ImageList_GetIcon
ImageList_Replace
ImageList_GetImageCount
ImageList_DragEnter
ImageList_GetIconSize
ImageList_SetIconSize
ImageList_Read
ImageList_DragLeave
ImageList_LoadImageW
ImageList_Draw
ImageList_Remove
ImageList_ReplaceIcon
ImageList_SetOverlayImage

shell32

Shell_NotifyIconW
ShellExecuteW

user32

CopyImage
CreateWindowExW
GetMenuItemInfoW
SetMenuItemInfoW
DefFrameProcW
GetDCEx
PeekMessageW
MonitorFromWindow
GetDlgCtrlID
SetTimer
WindowFromPoint
BeginPaint
RegisterClipboardFormatW
FrameRect
MapVirtualKeyW
IsWindowUnicode
RegisterWindowMessageW
FillRect
GetMenuStringW
DispatchMessageW
CreateAcceleratorTableW
SendMessageA
DefMDIChildProcW
EnumWindows
GetClassInfoW
ShowOwnedPopups
GetSystemMenu
GetScrollRange
SetScrollPos
GetScrollPos
GetActiveWindow
SetActiveWindow
DrawEdge
GetKeyboardLayoutList
LoadBitmapW
DrawFocusRect
EnumChildWindows
GetScrollBarInfo
ReleaseCapture
UnhookWindowsHookEx
LoadCursorW
GetCapture
SetCapture
CreatePopupMenu
ScrollWindow
ShowCaret
GetMenuItemID
GetLastActivePopup
CharLowerBuffW
GetSystemMetrics
SetWindowLongW
PostMessageW
DrawMenuBar
SetParent
IsZoomed
CharUpperBuffW
GetClientRect
IsChild
ClientToScreen
GetClipboardData
SetClipboardData
SetWindowPlacement
IsIconic
CallNextHookEx
GetMonitorInfoW
ShowWindow
CheckMenuItem
CharUpperW
DefWindowProcW
GetForegroundWindow
SetForegroundWindow
GetWindowTextW
EnableWindow
DestroyWindow
IsDialogMessageW
EndMenu
RegisterClassW
CharNextW
GetWindowThreadProcessId
RedrawWindow
GetDC
GetFocus
SetFocus
EndPaint
ReleaseDC
MsgWaitForMultipleObjectsEx
LoadKeyboardLayoutW
GetClassLongW
ActivateKeyboardLayout
GetParent
DrawTextW
SetScrollRange
MonitorFromRect
InsertMenuItemW
PeekMessageA
GetPropW
SetClassLongW
MessageBoxW
MessageBeep
SetPropW
RemovePropW
UpdateWindow
GetSubMenu
MsgWaitForMultipleObjects
DestroyMenu
DestroyIcon
SetWindowsHookExW
EmptyClipboard
IsWindowVisible
DispatchMessageA
UnregisterClassW
GetTopWindow
SendMessageW
AdjustWindowRectEx
DrawIcon
IsWindow
EnumThreadWindows
InvalidateRect
GetKeyboardState
DrawFrameControl
ScreenToClient
SetCursor
CreateIcon
CreateMenu
LoadStringW
CharLowerW
SetWindowRgn
SetWindowPos
GetMenuItemCount
RemoveMenu
GetSysColorBrush
GetKeyboardLayoutNameW
GetWindowDC
TranslateMessage
OpenClipboard
DrawTextExW
MapWindowPoints
EnumDisplayMonitors
CallWindowProcW
CloseClipboard
DestroyCursor
GetScrollInfo
SetWindowTextW
GetMessageExtraInfo
EnableScrollBar
GetSysColor
TrackPopupMenu
CopyIcon
DrawIconEx
PostQuitMessage
GetClassNameW
ShowScrollBar
EnableMenuItem
GetIconInfo
GetMessagePos
SetScrollInfo
GetKeyNameTextW
GetDesktopWindow
GetCursorPos
SetCursorPos
HideCaret
GetMenu
GetMenuState
SetMenu
SetRect
GetKeyState
FindWindowExW
MonitorFromPoint
SystemParametersInfoW
LoadIconW
GetCursor
GetWindow
GetWindowLongW
GetWindowRect
InsertMenuW
KillTimer
WaitMessage
IsWindowEnabled
IsDialogMessageA
TranslateMDISysAccel
GetWindowPlacement
FindWindowW
DeleteMenu
GetKeyboardLayout

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

oleaut32

SysFreeString
VariantClear
VariantInit
GetErrorInfo
SysReAllocStringLen
SafeArrayCreate
SysAllocStringLen
SafeArrayPtrOfIndex
SafeArrayGetUBound
SafeArrayGetLBound
VariantCopy
VariantChangeType

advapi32

RegSetValueExW
RegConnectRegistryW
RegEnumKeyExW
RegLoadKeyW
GetUserNameW
RegDeleteKeyW
RegOpenKeyExW
RegQueryInfoKeyW
RegUnLoadKeyW
RegSaveKeyW
RegDeleteValueW
RegReplaceKeyW
RegFlushKey
RegQueryValueExW
RegEnumValueW
RegCloseKey
RegCreateKeyExW
RegRestoreKeyW

netapi32

NetWkstaGetInfo
NetApiBufferFree

kernel32

SetFileAttributesW
QueryDosDeviceW
GetACP
LocalFree
CloseHandle
GetCurrentProcessId
SizeofResource
VirtualProtect
QueryPerformanceFrequency
IsDebuggerPresent
FindNextFileW
VirtualFree
GetFullPathNameW
ExitProcess
HeapAlloc
GetCPInfoExW
RtlUnwind
GetCPInfo
EnumSystemLocalesW
GetStdHandle
FileTimeToLocalFileTime
GetModuleHandleW
FreeLibrary
TryEnterCriticalSection
HeapDestroy
FileTimeToDosDateTime
ReadFile
CreateProcessW
HeapSize
GetLastError
GetModuleFileNameW
SetLastError
GlobalAlloc
GlobalUnlock
FindResourceW
CreateThread
CompareStringW
CopyFileW
MapViewOfFile
CreateMutexW
LoadLibraryA
ResetEvent
GetVolumeInformationW
MulDiv
FreeResource
GetDriveTypeW
GetVersion
RaiseException
GlobalAddAtomW
FormatMessageW
SwitchToThread
GetExitCodeThread
GetCurrentThread
LoadLibraryExW
LockResource
GetCurrentThreadId
UnhandledExceptionFilter
VirtualQuery
GlobalFindAtomW
VirtualQueryEx
GlobalFree
Sleep
EnterCriticalSection
SetFilePointer
LoadResource
SuspendThread
GetTickCount
GetFileSize
GetStartupInfoW
GlobalDeleteAtom
GetFileAttributesW
InitializeCriticalSection
GetThreadPriority
GetCurrentProcess
SetThreadPriority
GlobalLock
VirtualAlloc
GetSystemInfo
GetCommandLineW
LeaveCriticalSection
GetProcAddress
ResumeThread
GetLogicalDriveStringsW
GetVersionExW
VerifyVersionInfoW
HeapCreate
GetDiskFreeSpaceW
VerSetConditionMask
FindFirstFileW
GetUserDefaultUILanguage
UnmapViewOfFile
lstrlenW
QueryPerformanceCounter
SetEndOfFile
HeapFree
WideCharToMultiByte
FindClose
MultiByteToWideChar
LoadLibraryW
SetEvent
CreateFileW
GetLocaleInfoW
EnumResourceNamesW
DeleteFileW
GetLocalTime
WaitForSingleObject
WriteFile
CreateFileMappingW
ExitThread
DeleteCriticalSection
GetDateFormatW
TlsGetValue
SetErrorMode
IsValidLocale
TlsSetValue
CreateDirectoryW
GetSystemDefaultUILanguage
EnumCalendarInfoW
LocalAlloc
RemoveDirectoryW
CreateEventW
WaitForMultipleObjectsEx
SetThreadLocale
GetThreadLocale

shfolder

SHGetFolderPathW

ole32

IsEqualGUID
OleInitialize
OleUninitialize
CoInitialize
CoCreateInstance
CoUninitialize
CoTaskMemFree
CoTaskMemAlloc

iphlpapi

GetAdaptersInfo
GetNumberOfInterfaces

gdi32

Pie
SetBkMode
CreateCompatibleBitmap
GetEnhMetaFileHeader
RectVisible
AngleArc
SetAbortProc
SetTextColor
StretchBlt
RoundRect
RestoreDC
SetRectRgn
GetTextMetricsW
GetWindowOrgEx
CreatePalette
PolyBezierTo
CreateICW
CreateDCW
GetStockObject
CreateSolidBrush
Polygon
MoveToEx
PlayEnhMetaFile
Ellipse
StartPage
GetBitmapBits
StartDocW
GetSystemPaletteEntries
GetEnhMetaFileBits
AbortDoc
GetEnhMetaFilePaletteEntries
CreatePenIndirect
CreateFontIndirectW
PolyBezier
EndDoc
GetObjectW
GetWinMetaFileBits
SetROP2
GetEnhMetaFileDescriptionW
ArcTo
Arc
SelectPalette
ExcludeClipRect
MaskBlt
SetWindowOrgEx
EndPage
DeleteEnhMetaFile
Chord
SetDIBits
SetViewportOrgEx
CreateRectRgn
RealizePalette
SetDIBColorTable
GetDIBColorTable
CreateBrushIndirect
PatBlt
SetEnhMetaFileBits
Rectangle
SaveDC
DeleteDC
FrameRgn
BitBlt
GetDeviceCaps
GetTextExtentPoint32W
GetClipBox
IntersectClipRect
Polyline
CreateBitmap
SetWinMetaFileBits
GetStretchBltMode
CreateDIBitmap
SetStretchBltMode
GetDIBits
CreateDIBSection
LineTo
GetRgnBox
EnumFontsW
CreateHalftonePalette
SelectObject
DeleteObject
ExtFloodFill
UnrealizeObject
CopyEnhMetaFileW
SetBkColor
CreateCompatibleDC
GetBrushOrgEx
GetCurrentPositionEx
GetTextExtentPointW
ExtTextOutW
SetBrushOrgEx
GetPixel
GdiFlush
SetPixel
EnumFontFamiliesExW
StretchDIBits
GetPaletteEntries

Exports

Exports

TMethodImplementationIntercept
__dbk_fcall_wrapper
dbkFCallWrapperAddr

Sections

.text
Size: 2.0MB - Virtual size: 2.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 21KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 24KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.didata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 160B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: - Virtual size: 72B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 93B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 184KB - Virtual size: 184KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 7.1MB - Virtual size: 7.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.09.18_Checkpoint-Rampant_Kitten/2c4156bb1d1e3f0abafd5d03fad277f6aab705cb917bc07e05de3170fd80854f
.dll windows:6 windows x64 arch:x64

7c44a2cda521ab585eb00bcd1f0aa486

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

D:\Desktop 96\labrator\Other Lan+zoggy - eset\32-without-H-F-S-V-961217 - TR-tel-norton-2\HookInjEx_DLL\Release\HookInjEx.pdb

Imports

shlwapi

PathFindExtensionW
PathFileExistsW

ws2_32

inet_addr
inet_ntoa
recv
htons
shutdown
socket
gethostbyname
WSAStartup
connect
send
WSACleanup
closesocket

wininet

InternetCheckConnectionA
DeleteUrlCacheEntryW

crypt32

CryptUnprotectData

kernel32

FindFirstFileExA
FindFirstFileExW
FindNextFileA
DecodePointer
LockResource
FreeLibrary
DisableThreadLibraryCalls
GetProcAddress
GlobalLock
GlobalUnlock
HeapDestroy
HeapAlloc
HeapReAlloc
HeapFree
HeapSize
GetProcessHeap
GetShortPathNameW
RaiseException
GetLastError
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
WaitForSingleObject
Sleep
LoadResource
SizeofResource
GetFileSize
ReadFile
SetFilePointer
FindClose
GetFileTime
SetFileTime
CloseHandle
SystemTimeToTzSpecificLocalTime
TzSpecificLocalTimeToSystemTime
SystemTimeToFileTime
FileTimeToSystemTime
GetTickCount
GetLogicalDriveStringsA
LoadLibraryA
CreateProcessW
FindResourceW
FindResourceExW
GetDriveTypeA
SetCurrentDirectoryA
CreateFileW
GetFileAttributesW
DeleteFileW
FindFirstFileW
CopyFileW
GetVolumeInformationA
LocalFree
GetCurrentProcessId
LockFile
UnlockFile
LockFileEx
UnlockFileEx
FindNextFileW
FlushFileBuffers
SetEndOfFile
GetSystemTime
GetSystemTimeAsFileTime
GetSystemInfo
FormatMessageA
FormatMessageW
MapViewOfFile
UnmapViewOfFile
CreateFileMappingA
LoadLibraryW
GetTempPathA
GetTempPathW
GetDiskFreeSpaceA
GetDiskFreeSpaceW
GetFullPathNameA
GetFullPathNameW
CreateFileA
GetFileAttributesA
GetFileAttributesExW
DeleteFileA
AreFileApisANSI
QueryPerformanceCounter
GetVersionExA
MultiByteToWideChar
WideCharToMultiByte
SetConsoleCtrlHandler
GetTimeZoneInformation
SetFilePointerEx
ReadConsoleW
GetConsoleMode
GetConsoleCP
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetTimeFormatW
GetCurrentThreadId
GetDateFormatW
GetFileType
GetStdHandle
GetACP
GetCurrentThread
GetModuleFileNameA
ExitProcess
IsValidCodePage
GetOEMCP
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
SetEnvironmentVariableW
SetStdHandle
WriteConsoleW
OutputDebugStringA
InitializeSListHead
GetStartupInfoW
WaitForSingleObjectEx
ResetEvent
SetEvent
IsProcessorFeaturePresent
GetModuleHandleExW
FreeLibraryAndExitThread
ResumeThread
ExitThread
CreateThread
VirtualQuery
VirtualProtect
VirtualAlloc
InterlockedFlushSList
InterlockedPushEntrySList
GetModuleFileNameW
LoadLibraryExW
RtlPcToFileHeader
WriteFile
EncodePointer
SetLastError
CreateEventW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleW
CompareStringW
LCMapStringW
GetLocaleInfoW
GetStringTypeW
GetCPInfo
IsDebuggerPresent
OutputDebugStringW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
RtlUnwindEx

user32

DispatchMessageA
ToUnicodeEx
GetKeyboardLayout
RegisterWindowMessageA
GetMessageA
TranslateMessage
GetPriorityClipboardFormat
DefWindowProcA
PostQuitMessage
UnregisterClassA
RegisterClassExA
GetKeyboardState
LoadIconA
LoadCursorA
SetWindowsHookExA
GetWindowThreadProcessId
GetForegroundWindow

gdi32

GetObjectA
CreateDIBSection
SelectObject
SaveDC
RestoreDC
DeleteObject
DeleteDC
CreateDCA
CreateCompatibleDC
BitBlt
GetDeviceCaps

shell32

SHGetSpecialFolderPathW
SHGetSpecialFolderPathA
DragQueryFileW
DragQueryFileA

gdiplus

GdipGetImageEncoders
GdipGetImageEncodersSize
GdipCreateBitmapFromHBITMAP
GdipCreateBitmapFromScan0
GdipSaveImageToFile
GdipDisposeImage
GdipCloneImage
GdiplusShutdown
GdiplusStartup
GdipFree
GdipAlloc

iphlpapi

GetAdaptersInfo

advapi32

SystemFunction036

Exports

Exports

?NCDevCall@@YAHPEAUHWND__@@QEAGHH@Z
?g_bSubclassed@@3HA
?mywcscat2@@YAHPEAGHPEBG@Z
?mywcscpy2@@YAHPEAGHPEBG@Z
?strcat_s2@@YAHPEADHPEBD@Z
?strcpy_s2@@YAHPEADHPEBD@Z

Sections

.text
Size: 975KB - Virtual size: 975KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 249KB - Virtual size: 248KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 47KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.shared
Size: 31KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.09.18_Checkpoint-Rampant_Kitten/2d161588e7314ed268144b14bf00ff02b4b875f140d5ff8ba51ed50318e4b603
.exe windows:5 windows x86 arch:x86

481c2ae9a9e00cae2e2b92d2047964db

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

wininet

InternetGetConnectedState
DeleteUrlCacheEntryW

winspool.drv

DocumentPropertiesW
ClosePrinter
OpenPrinterW
GetDefaultPrinterW
EnumPrintersW

comctl32

ImageList_GetImageInfo
FlatSB_SetScrollInfo
InitCommonControls
ImageList_DragMove
ImageList_Destroy
_TrackMouseEvent
ImageList_DragShowNolock
ImageList_Add
FlatSB_SetScrollProp
ImageList_GetDragImage
ImageList_Create
ImageList_EndDrag
ImageList_DrawEx
ImageList_SetImageCount
FlatSB_GetScrollPos
FlatSB_SetScrollPos
InitializeFlatSB
ImageList_Copy
FlatSB_GetScrollInfo
ImageList_Write
ImageList_SetBkColor
ImageList_GetBkColor
ImageList_BeginDrag
ImageList_GetIcon
ImageList_Replace
ImageList_GetImageCount
ImageList_DragEnter
ImageList_GetIconSize
ImageList_SetIconSize
ImageList_Read
ImageList_DragLeave
ImageList_LoadImageW
ImageList_Draw
ImageList_Remove
ImageList_ReplaceIcon
ImageList_SetOverlayImage

shell32

Shell_NotifyIconW
ShellExecuteW

urlmon

URLDownloadToFileW

user32

CopyImage
CreateWindowExW
GetMenuItemInfoW
SetMenuItemInfoW
DefFrameProcW
GetDCEx
PeekMessageW
MonitorFromWindow
GetDlgCtrlID
SetTimer
WindowFromPoint
BeginPaint
RegisterClipboardFormatW
FrameRect
MapVirtualKeyW
IsWindowUnicode
RegisterWindowMessageW
FillRect
GetMenuStringW
DispatchMessageW
CreateAcceleratorTableW
SendMessageA
IsClipboardFormatAvailable
DefMDIChildProcW
EnumWindows
GetClassInfoW
ShowOwnedPopups
GetSystemMenu
GetScrollRange
GetScrollPos
SetScrollPos
GetActiveWindow
SetActiveWindow
DrawEdge
GetKeyboardLayoutList
LoadBitmapW
DrawFocusRect
EnumChildWindows
GetScrollBarInfo
ReleaseCapture
UnhookWindowsHookEx
LoadCursorW
GetCapture
SetCapture
CreatePopupMenu
ScrollWindow
ShowCaret
GetMenuItemID
GetLastActivePopup
CharLowerBuffW
GetSystemMetrics
SetWindowLongW
PostMessageW
DrawMenuBar
SetParent
IsZoomed
CharUpperBuffW
GetClientRect
IsChild
ClientToScreen
GetClipboardData
SetClipboardData
SetWindowPlacement
IsIconic
CallNextHookEx
GetMonitorInfoW
ShowWindow
CheckMenuItem
CharUpperW
DefWindowProcW
GetForegroundWindow
SetForegroundWindow
GetWindowTextW
GetWindowTextLengthW
EnableWindow
DestroyWindow
IsDialogMessageW
EndMenu
RegisterClassW
CharNextW
GetWindowThreadProcessId
RedrawWindow
GetDC
GetFocus
SetFocus
EndPaint
ReleaseDC
MsgWaitForMultipleObjectsEx
LoadKeyboardLayoutW
GetClassLongW
ActivateKeyboardLayout
GetParent
DrawTextW
SetScrollRange
MonitorFromRect
InsertMenuItemW
PeekMessageA
GetPropW
SetClassLongW
MessageBoxW
MessageBeep
SetPropW
RemovePropW
UpdateWindow
GetSubMenu
MsgWaitForMultipleObjects
DestroyMenu
DestroyIcon
SetWindowsHookExW
EmptyClipboard
IsWindowVisible
DispatchMessageA
UnregisterClassW
GetTopWindow
SendMessageW
AdjustWindowRectEx
DrawIcon
IsWindow
EnumThreadWindows
InvalidateRect
GetKeyboardState
DrawFrameControl
ScreenToClient
SetCursor
CreateIcon
CreateMenu
LoadStringW
CharLowerW
SetWindowRgn
SetWindowPos
GetMenuItemCount
RemoveMenu
GetSysColorBrush
GetKeyboardLayoutNameW
GetWindowDC
TranslateMessage
OpenClipboard
DrawTextExW
MapWindowPoints
EnumDisplayMonitors
CallWindowProcW
CountClipboardFormats
CloseClipboard
DestroyCursor
EnumClipboardFormats
GetScrollInfo
SetWindowTextW
GetMessageExtraInfo
EnableScrollBar
GetSysColor
TrackPopupMenu
CopyIcon
DrawIconEx
PostQuitMessage
GetClassNameW
ShowScrollBar
EnableMenuItem
GetIconInfo
GetMessagePos
SetScrollInfo
GetKeyNameTextW
GetDesktopWindow
GetCursorPos
SetCursorPos
HideCaret
GetMenu
GetMenuState
SetMenu
SetRect
GetKeyState
FindWindowExW
MonitorFromPoint
SystemParametersInfoW
LoadIconW
GetCursor
GetWindow
GetWindowLongW
GetWindowRect
InsertMenuW
KillTimer
WaitMessage
IsWindowEnabled
IsDialogMessageA
TranslateMDISysAccel
GetWindowPlacement
FindWindowW
DeleteMenu
GetKeyboardLayout

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

oleaut32

SysFreeString
VariantClear
VariantInit
GetErrorInfo
SysReAllocStringLen
SafeArrayCreate
SysAllocStringLen
SafeArrayPtrOfIndex
SafeArrayGetUBound
SafeArrayGetLBound
VariantCopy
VariantChangeType

advapi32

RegSetValueExW
RegConnectRegistryW
RegEnumKeyExW
RegLoadKeyW
GetUserNameW
RegDeleteKeyW
RegOpenKeyExW
RegQueryInfoKeyW
RegUnLoadKeyW
RegSaveKeyW
RegDeleteValueW
RegReplaceKeyW
RegFlushKey
RegQueryValueExW
RegEnumValueW
RegCloseKey
RegCreateKeyExW
RegRestoreKeyW

netapi32

NetWkstaGetInfo
NetApiBufferFree

msvcrt

memcpy
memset

kernel32

GetACP
LocalFree
CloseHandle
GetCurrentProcessId
SizeofResource
VirtualProtect
QueryPerformanceFrequency
IsDebuggerPresent
FindNextFileW
GetFullPathNameW
VirtualFree
ExitProcess
HeapAlloc
GetCPInfoExW
GlobalSize
GetLongPathNameW
RtlUnwind
GetCPInfo
EnumSystemLocalesW
GetStdHandle
GetTimeZoneInformation
FileTimeToLocalFileTime
SystemTimeToTzSpecificLocalTime
GetModuleHandleW
FreeLibrary
TryEnterCriticalSection
HeapDestroy
FileTimeToDosDateTime
ReadFile
CreateProcessW
HeapSize
GetLastError
GetModuleFileNameW
SetLastError
GlobalAlloc
GlobalUnlock
FindResourceW
CreateThread
CompareStringW
CopyFileW
CreateMutexW
LoadLibraryA
ResetEvent
MulDiv
FreeResource
GetDriveTypeW
GetVersion
RaiseException
MoveFileW
GlobalAddAtomW
FormatMessageW
OpenProcess
SwitchToThread
GetExitCodeThread
GetCurrentThread
LoadLibraryExW
LockResource
FileTimeToSystemTime
GetCurrentThreadId
UnhandledExceptionFilter
VirtualQuery
GlobalFindAtomW
VirtualQueryEx
GlobalFree
Sleep
EnterCriticalSection
SetFilePointer
LoadResource
SuspendThread
GetTickCount
WaitForMultipleObjects
GetFileSize
GetStartupInfoW
GlobalDeleteAtom
GetFileAttributesW
InitializeCriticalSection
GetThreadPriority
GetCurrentProcess
SetThreadPriority
GlobalLock
VirtualAlloc
GetSystemInfo
GetCommandLineW
GetTempPathW
LeaveCriticalSection
GetProcAddress
ResumeThread
GetLogicalDriveStringsW
GetVersionExW
VerifyVersionInfoW
HeapCreate
GetDiskFreeSpaceW
VerSetConditionMask
FindFirstFileW
GetUserDefaultUILanguage
lstrlenW
QueryPerformanceCounter
SetEndOfFile
HeapFree
WideCharToMultiByte
FindClose
MultiByteToWideChar
LoadLibraryW
SetEvent
CreateFileW
GetLocaleInfoW
EnumResourceNamesW
DeleteFileW
GetEnvironmentVariableW
GetLocalTime
WaitForSingleObject
WriteFile
ExitThread
DeleteCriticalSection
GetDateFormatW
TlsGetValue
SetErrorMode
GetComputerNameW
IsValidLocale
TlsSetValue
CreateDirectoryW
GetSystemDefaultUILanguage
EnumCalendarInfoW
LocalAlloc
RemoveDirectoryW
CreateEventW
WaitForMultipleObjectsEx
SetThreadLocale
GetThreadLocale

shfolder

SHGetFolderPathW

ole32

IsEqualGUID
OleInitialize
OleUninitialize
CoInitialize
CoCreateInstance
CoUninitialize
CoTaskMemFree
CoTaskMemAlloc

iphlpapi

GetAdaptersInfo
GetNumberOfInterfaces

gdi32

Pie
SetBkMode
CreateCompatibleBitmap
GetEnhMetaFileHeader
RectVisible
AngleArc
ResizePalette
SetAbortProc
SetTextColor
StretchBlt
RoundRect
RestoreDC
SetRectRgn
GetTextMetricsW
GetWindowOrgEx
CreatePalette
PolyBezierTo
CreateICW
CreateDCW
GetStockObject
CreateSolidBrush
Polygon
MoveToEx
PlayEnhMetaFile
Ellipse
StartPage
GetBitmapBits
StartDocW
AbortDoc
GetSystemPaletteEntries
GetEnhMetaFileBits
GetEnhMetaFilePaletteEntries
CreatePenIndirect
CreateFontIndirectW
PolyBezier
EndDoc
GetObjectW
GetWinMetaFileBits
SetROP2
GetEnhMetaFileDescriptionW
ArcTo
Arc
SelectPalette
ExcludeClipRect
MaskBlt
SetWindowOrgEx
EndPage
DeleteEnhMetaFile
Chord
SetDIBits
SetViewportOrgEx
CreateRectRgn
RealizePalette
SetDIBColorTable
GetDIBColorTable
CreateBrushIndirect
PatBlt
SetEnhMetaFileBits
Rectangle
SaveDC
DeleteDC
FrameRgn
BitBlt
GetDeviceCaps
GetTextExtentPoint32W
GetClipBox
IntersectClipRect
Polyline
CreateBitmap
SetWinMetaFileBits
GetStretchBltMode
CreateDIBitmap
SetStretchBltMode
GetDIBits
CreateDIBSection
LineTo
GetRgnBox
EnumFontsW
CreateHalftonePalette
SelectObject
DeleteObject
ExtFloodFill
UnrealizeObject
CopyEnhMetaFileW
SetBkColor
CreateCompatibleDC
GetBrushOrgEx
GetCurrentPositionEx
GetNearestPaletteIndex
GetTextExtentPointW
ExtTextOutW
SetBrushOrgEx
GetPixel
GdiFlush
SetPixel
EnumFontFamiliesExW
StretchDIBits
GetPaletteEntries

Exports

Exports

TMethodImplementationIntercept
__dbk_fcall_wrapper
dbkFCallWrapperAddr

Sections

.text
Size: 2.7MB - Virtual size: 2.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 60KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 26KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.didata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 162B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: - Virtual size: 72B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 93B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 238KB - Virtual size: 238KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 409KB - Virtual size: 409KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.debug
Size: 10.9MB - Virtual size: 10.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.09.18_Checkpoint-Rampant_Kitten/2e656ea0b05ffa6cd945848176d1c9fb6174a6253b2a42891487d120358f0bec
.dll windows:5 windows x64 arch:x64

b1d90be5c5fb19b199058b8771669d89

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\Users\To-ph\Desktop\93.03.05\downloader-uncompltednl-64-930307\x64\Debug\pa2_64dll.pdb

Imports

kernel32

GetModuleFileNameA
DeleteFileW
GetComputerNameW
CompareStringW
CompareStringA
SetEndOfFile
CreateFileA
GetLocaleInfoW
GetTimeZoneInformation
LoadLibraryA
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
VirtualQuery
GetProcessHeap
FreeLibrary
DisableThreadLibraryCalls
GetShortPathNameW
CreateDirectoryW
Sleep
InitializeCriticalSectionAndSpinCount
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
GetLocaleInfoA
GetStringTypeW
CreateFileW
MoveFileW
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
ResumeThread
GetLastError
CreateThread
ExitThread
CloseHandle
MultiByteToWideChar
RtlLookupFunctionEntry
RtlUnwindEx
RaiseException
RtlPcToFileHeader
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlCaptureContext
GetModuleFileNameW
GetCurrentThreadId
FlsSetValue
GetCommandLineA
HeapSize
HeapValidate
IsBadReadPtr
WideCharToMultiByte
LCMapStringA
LCMapStringW
GetCPInfo
FatalAppExitA
EncodePointer
DecodePointer
TlsAlloc
FlsGetValue
FlsAlloc
FlsFree
SetLastError
GetCurrentThread
GetModuleHandleW
GetProcAddress
ExitProcess
GetACP
GetOEMCP
IsValidCodePage
DebugBreak
lstrlenA
WriteFile
GetConsoleCP
GetConsoleMode
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
ReadFile
SetFilePointer
FlushFileBuffers
OutputDebugStringA
WriteConsoleW
OutputDebugStringW
SetConsoleCtrlHandler
LoadLibraryW
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapSetInformation
HeapCreate
HeapDestroy
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
HeapAlloc
HeapReAlloc
HeapQueryInformation
HeapFree
GetTimeFormatA
GetDateFormatA
GetStringTypeA
SetEnvironmentVariableA

user32

DispatchMessageA
GetWindowThreadProcessId
SetWindowsHookExA
SendMessageA
CallWindowProcA
UnhookWindowsHookEx
CallNextHookEx
RegisterWindowMessageA
SetTimer
GetMessageA
TranslateMessage

advapi32

GetUserNameW
RegCreateKeyA
RegSetValueExA
RegSetValueExW

shell32

SHGetSpecialFolderPathW

shlwapi

PathFileExistsW

urlmon

URLDownloadToFileW

iphlpapi

GetAdaptersInfo

Exports

Exports

InjectDll

Sections

.text
Size: 549KB - Virtual size: 549KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 120KB - Virtual size: 120KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.shared
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.09.18_Checkpoint-Rampant_Kitten/3010d9eddb0b97b7f61025d05b543f572c7900170240b56bd9568efb79799f11
.exe windows:5 windows x86 arch:x86

3eaa732d4dae53340f9646bdd85dac41

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\Projects\WinRAR\SFX\build\sfxrar32\Release\sfxrar.pdb

Imports

comctl32

InitCommonControlsEx

shlwapi

SHAutoComplete

kernel32

ReadFile
GetFileAttributesW
SetFileAttributesW
FindNextFileW
GetFullPathNameW
GetModuleFileNameW
FindResourceW
GetModuleHandleW
FreeLibrary
GetProcAddress
LoadLibraryW
GetCurrentProcessId
GetLocaleInfoW
GetNumberFormatW
ExpandEnvironmentStringsW
WaitForSingleObject
DosDateTimeToFileTime
GetDateFormatW
GetTimeFormatW
FileTimeToSystemTime
FileTimeToLocalFileTime
GetExitCodeProcess
GetTempPathW
MoveFileExW
Sleep
UnmapViewOfFile
MapViewOfFile
GetCommandLineW
CreateFileMappingW
GetTickCount
SetEnvironmentVariableW
OpenFileMappingW
CreateThread
EnterCriticalSection
LeaveCriticalSection
GetProcessAffinityMask
ReleaseSemaphore
ResetEvent
DeleteCriticalSection
SetEvent
SetThreadPriority
InitializeCriticalSection
CreateEventW
CreateSemaphoreW
SystemTimeToFileTime
GetSystemTime
LocalFileTimeToFileTime
WideCharToMultiByte
MultiByteToWideChar
CompareStringW
IsDBCSLeadByte
FindFirstFileW
GetFileType
SetCurrentDirectoryW
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
LoadLibraryA
GetConsoleMode
GetConsoleCP
InitializeCriticalSectionAndSpinCount
QueryPerformanceCounter
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
LCMapStringW
LCMapStringA
IsValidCodePage
GetOEMCP
GetACP
GetModuleFileNameA
ExitProcess
HeapSize
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
VirtualAlloc
VirtualFree
HeapCreate
InterlockedDecrement
GetCurrentThreadId
InterlockedIncrement
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetStartupInfoA
GetCommandLineA
RaiseException
GetSystemTimeAsFileTime
SetEndOfFile
SetFilePointer
GetStdHandle
WriteFile
FlushFileBuffers
GetLongPathNameW
MoveFileW
GetShortPathNameW
CreateDirectoryW
RemoveDirectoryW
GlobalAlloc
DeleteFileW
FindClose
CreateFileW
DeviceIoControl
SetFileTime
GetCurrentProcess
CloseHandle
CreateHardLinkW
SetLastError
GetLastError
GetCurrentDirectoryW
CreateFileA
GetCPInfo
HeapAlloc
HeapReAlloc
HeapFree
RtlUnwind

user32

EnableWindow
ShowWindow
GetDlgItem
MessageBoxW
FindWindowExW
GetParent
MapWindowPoints
CreateWindowExW
UpdateWindow
LoadCursorW
RegisterClassExW
DefWindowProcW
DestroyWindow
CopyRect
IsWindow
CharUpperW
OemToCharBuffA
LoadIconW
PostMessageW
GetSysColor
SetForegroundWindow
WaitForInputIdle
IsWindowVisible
DialogBoxParamW
DestroyIcon
SetFocus
GetClassNameW
SendDlgItemMessageW
EndDialog
GetDlgItemTextW
SetDlgItemTextW
wvsprintfW
SendMessageW
GetDC
ReleaseDC
PeekMessageW
GetMessageW
TranslateMessage
DispatchMessageW
LoadStringW
GetWindowRect
GetClientRect
SetWindowPos
GetWindowTextW
SetWindowTextW
GetSystemMetrics
GetWindow
GetWindowLongW
SetWindowLongW
LoadBitmapW

gdi32

GetDeviceCaps
CreateCompatibleDC
GetObjectW
CreateCompatibleBitmap
SelectObject
StretchBlt
DeleteDC
DeleteObject

comdlg32

GetSaveFileNameW
CommDlgExtendedError
GetOpenFileNameW

advapi32

RegOpenKeyExW
RegQueryValueExW
RegCreateKeyExW
RegSetValueExW
RegCloseKey
SetFileSecurityW
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges

shell32

SHChangeNotify
SHGetFileInfoW
SHGetMalloc
SHGetSpecialFolderLocation
SHGetPathFromIDListW
SHBrowseForFolderW
ShellExecuteExW
SHFileOperationW

ole32

CLSIDFromString
CoCreateInstance
OleInitialize
OleUninitialize
CreateStreamOnHGlobal

oleaut32

VariantInit

Sections

.text
Size: 148KB - Virtual size: 148KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 133KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 374KB - Virtual size: 373KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.09.18_Checkpoint-Rampant_Kitten/3310c0b2fd8a8d96288eb241f6948cfa0f15b39d2e6ca6687aab45dc6fccf9fc
.exe windows:5 windows x86 arch:x86

fc40519af20116c903e3ff836e366e39

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetLastError
SetDllDirectoryW
GetModuleFileNameW
GetProcAddress
GetCommandLineW
GetEnvironmentVariableW
SetEnvironmentVariableW
ExpandEnvironmentStringsW
GetTempPathW
WaitForSingleObject
Sleep
GetExitCodeProcess
CreateProcessW
GetStartupInfoW
LoadLibraryExW
GetShortPathNameW
FormatMessageA
LoadLibraryA
MultiByteToWideChar
WideCharToMultiByte
DecodePointer
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetModuleHandleW
RtlUnwind
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetCommandLineA
ReadFile
CreateFileW
GetDriveTypeW
GetFileType
CloseHandle
PeekNamedPipe
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
GetFullPathNameW
GetFullPathNameA
CreateDirectoryW
RemoveDirectoryW
FindClose
FindFirstFileExW
FindNextFileW
SetStdHandle
SetConsoleCtrlHandler
DeleteFileW
GetStdHandle
WriteFile
ExitProcess
GetModuleHandleExW
GetACP
HeapFree
HeapAlloc
GetConsoleMode
ReadConsoleW
SetFilePointerEx
GetConsoleCP
CompareStringW
LCMapStringW
GetCurrentDirectoryW
FlushFileBuffers
SetEnvironmentVariableA
GetFileAttributesExW
IsValidCodePage
GetOEMCP
GetCPInfo
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetStringTypeW
GetProcessHeap
WriteConsoleW
GetTimeZoneInformation
HeapSize
HeapReAlloc
SetEndOfFile
RaiseException

ws2_32

ntohl

Sections

.text
Size: 124KB - Virtual size: 124KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 44KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 184B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 161KB - Virtual size: 160KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.09.18_Checkpoint-Rampant_Kitten/35e3f08ae93a7b4cd3e77a6438e318cd3c3b41efa5def52e5ebd182347e94fd9
.exe windows:5 windows x64 arch:x64

6923318f99d9ebcffcca0d03fc6cf229

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\TOPH\Desktop\node 32\downloader-uncompltednl-64-930307-faz\x64\Debug\pa2-64.pdb

Imports

kernel32

GetProcAddress
FreeLibrary
CopyFileW
LoadLibraryA
GetModuleFileNameW
CreateDirectoryW
GetShortPathNameW
GetVersionExA
CompareStringW
CompareStringA
FlushFileBuffers
CloseHandle
CreateFileA
RaiseException
RtlPcToFileHeader
GetCommandLineA
GetStartupInfoA
HeapSize
HeapValidate
IsBadReadPtr
RtlUnwindEx
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
FatalAppExitA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
DebugBreak
WideCharToMultiByte
MultiByteToWideChar
lstrlenA
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
GetModuleHandleW
Sleep
ExitProcess
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetLastError
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
EncodePointer
DecodePointer
TlsAlloc
FlsGetValue
FlsSetValue
FlsAlloc
FlsFree
SetLastError
GetCurrentThread
HeapSetInformation
HeapCreate
HeapDestroy
WriteFile
HeapAlloc
HeapReAlloc
HeapQueryInformation
HeapFree
GetACP
GetOEMCP
GetCPInfo
IsValidCodePage
InitializeCriticalSectionAndSpinCount
OutputDebugStringA
WriteConsoleW
OutputDebugStringW
SetConsoleCtrlHandler
LoadLibraryW
GetProcessHeap
VirtualQuery
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetTimeFormatA
GetDateFormatA
GetLocaleInfoA
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
GetLocaleInfoW
GetTimeZoneInformation
SetFilePointer
GetConsoleCP
GetConsoleMode
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
SetEnvironmentVariableA

user32

FindWindowExA
FindWindowA

shell32

SHGetSpecialFolderPathW

Sections

.text
Size: 436KB - Virtual size: 435KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 86KB - Virtual size: 86KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.09.18_Checkpoint-Rampant_Kitten/37f40214d2f150597c52cb868c1e2f723d9c2d3155ab18ab2f1279eaf09bdf71
.exe windows:5 windows x86 arch:x86

9402b48d966c911f0785b076b349b5ef

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\Projects\WinRAR\SFX\build\sfxrar32\Release\sfxrar.pdb

Imports

comctl32

ord17

kernel32

DeleteFileA
DeleteFileW
CreateDirectoryA
CreateDirectoryW
FindClose
FindNextFileA
FindFirstFileA
FindNextFileW
FindFirstFileW
GetTickCount
WideCharToMultiByte
MultiByteToWideChar
GetVersionExA
GlobalAlloc
lstrlenA
GetModuleFileNameA
FindResourceA
GetModuleHandleA
HeapAlloc
GetProcessHeap
HeapFree
HeapReAlloc
CompareStringA
ExitProcess
GetLocaleInfoA
GetNumberFormatA
lstrcmpiA
GetProcAddress
GetDateFormatA
GetTimeFormatA
FileTimeToSystemTime
FileTimeToLocalFileTime
ExpandEnvironmentStringsA
WaitForSingleObject
SetCurrentDirectoryA
Sleep
GetTempPathA
MoveFileExA
UnmapViewOfFile
GetCommandLineA
MapViewOfFile
CreateFileMappingA
GetModuleFileNameW
SetEnvironmentVariableA
OpenFileMappingA
LocalFileTimeToFileTime
SystemTimeToFileTime
GetSystemTime
IsDBCSLeadByte
GetCPInfo
FreeLibrary
LoadLibraryA
GetCurrentDirectoryA
GetFullPathNameA
SetFileAttributesW
SetFileAttributesA
GetFileAttributesW
GetFileAttributesA
WriteFile
SetLastError
GetStdHandle
ReadFile
CreateFileW
CreateFileA
GetFileType
SetEndOfFile
SetFilePointer
MoveFileA
SetFileTime
GetCurrentProcess
CloseHandle
GetLastError
DosDateTimeToFileTime

user32

ReleaseDC
GetDC
SendMessageA
wsprintfA
SetDlgItemTextA
EndDialog
DestroyIcon
SendDlgItemMessageA
GetDlgItemTextA
DialogBoxParamA
IsWindowVisible
WaitForInputIdle
GetSysColor
PostMessageA
SetMenu
SetFocus
LoadBitmapA
LoadIconA
CharToOemA
OemToCharA
GetClassNameA
CharUpperA
GetWindowRect
GetParent
MapWindowPoints
CreateWindowExA
UpdateWindow
SetWindowTextA
LoadCursorA
RegisterClassExA
SetWindowLongA
GetWindowLongA
DefWindowProcA
PeekMessageA
GetMessageA
TranslateMessage
DispatchMessageA
GetClientRect
CopyRect
IsWindow
MessageBoxA
ShowWindow
GetDlgItem
EnableWindow
FindWindowExA
wvsprintfA
CharToOemBuffA
LoadStringA
SetWindowPos
GetWindowTextA
GetWindow
GetSystemMetrics
OemToCharBuffA
DestroyWindow

gdi32

GetDeviceCaps
GetObjectA
CreateCompatibleBitmap
SelectObject
StretchBlt
CreateCompatibleDC
DeleteObject
DeleteDC

comdlg32

GetSaveFileNameA
CommDlgExtendedError
GetOpenFileNameA

advapi32

LookupPrivilegeValueA
RegOpenKeyExA
RegQueryValueExA
RegCreateKeyExA
RegSetValueExA
RegCloseKey
SetFileSecurityW
SetFileSecurityA
OpenProcessToken
AdjustTokenPrivileges

shell32

ShellExecuteExA
SHFileOperationA
SHGetFileInfoA
SHGetSpecialFolderLocation
SHGetMalloc
SHBrowseForFolderA
SHGetPathFromIDListA
SHChangeNotify

ole32

CreateStreamOnHGlobal
OleInitialize
CoCreateInstance
OleUninitialize
CLSIDFromString

oleaut32

VariantInit

Sections

.text
Size: 66KB - Virtual size: 65KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.09.18_Checkpoint-Rampant_Kitten/3cedd91bb4c7a5874a3ad286addb0860c33931ceb09d2c18385b7d6cab6953e0
.dll windows:6 windows x64 arch:x64

02388178994bda5d7422d75721a3575b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

D:\Desktop 96\labrator\Other Lan+zoggy - eset\32-without-H-F-S-V-961217 - TR-tel-debug\HookInjEx_DLL\Debug\HookInjEx.pdb

Imports

shlwapi

PathFindExtensionW
PathFileExistsW

ws2_32

inet_addr
inet_ntoa
recv
htons
shutdown
socket
gethostbyname
WSAStartup
connect
send
WSACleanup
closesocket

wininet

InternetCheckConnectionA
DeleteUrlCacheEntryW

crypt32

CryptUnprotectData

kernel32

SetConsoleCtrlHandler
GetTimeZoneInformation
FindFirstFileExA
DecodePointer
LockResource
FreeLibrary
DisableThreadLibraryCalls
GetProcAddress
GlobalLock
GlobalUnlock
HeapDestroy
HeapAlloc
HeapReAlloc
HeapFree
HeapSize
GetProcessHeap
GetShortPathNameW
RaiseException
GetLastError
SetLastError
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
WaitForSingleObject
Sleep
LoadResource
SizeofResource
GetFileSize
ReadFile
SetFilePointer
FindClose
GetFileTime
SetFileTime
CloseHandle
SystemTimeToTzSpecificLocalTime
TzSpecificLocalTimeToSystemTime
SystemTimeToFileTime
FileTimeToSystemTime
GetTickCount
GetLogicalDriveStringsA
LoadLibraryA
CreateProcessW
FindResourceW
FindResourceExW
GetDriveTypeA
SetCurrentDirectoryA
CreateDirectoryW
CreateFileW
GetFileAttributesW
DeleteFileW
FindFirstFileW
CopyFileW
MoveFileW
GetVolumeInformationA
MultiByteToWideChar
LocalFree
GetCurrentProcessId
LockFile
FindFirstFileExW
LockFileEx
UnlockFileEx
WriteFile
FlushFileBuffers
SetEndOfFile
GetSystemTime
GetSystemTimeAsFileTime
GetSystemInfo
FormatMessageA
FormatMessageW
MapViewOfFile
UnmapViewOfFile
CreateFileMappingA
LoadLibraryW
GetTempPathA
GetTempPathW
GetDiskFreeSpaceA
GetDiskFreeSpaceW
GetFullPathNameA
GetFullPathNameW
CreateFileA
GetFileAttributesA
GetFileAttributesExW
DeleteFileA
AreFileApisANSI
QueryPerformanceCounter
GetVersionExA
WideCharToMultiByte
WriteConsoleW
OutputDebugStringA
HeapQueryInformation
SetFilePointerEx
ReadConsoleW
GetConsoleMode
GetConsoleCP
EnumSystemLocalesW
GetUserDefaultLCID
VirtualQuery
IsValidLocale
GetTimeFormatW
GetDateFormatW
GetFileType
GetStdHandle
GetACP
GetCurrentThread
ExitProcess
FindNextFileA
FindNextFileW
IsValidCodePage
GetOEMCP
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
SetEnvironmentVariableW
SetStdHandle
RtlPcToFileHeader
InitializeSListHead
GetCurrentThreadId
GetStartupInfoW
WaitForSingleObjectEx
ResetEvent
FreeLibraryAndExitThread
ResumeThread
ExitThread
CreateThread
GetModuleHandleExW
GetModuleFileNameA
HeapValidate
VirtualProtect
VirtualAlloc
InterlockedFlushSList
InterlockedPushEntrySList
GetModuleFileNameW
RtlUnwindEx
UnlockFile
EncodePointer
CreateEventW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleW
CompareStringW
LCMapStringW
GetLocaleInfoW
GetStringTypeW
GetCPInfo
IsDebuggerPresent
OutputDebugStringW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
SetEvent
LoadLibraryExW

user32

DispatchMessageA
ToUnicodeEx
GetKeyboardLayout
RegisterWindowMessageA
GetMessageA
TranslateMessage
RegisterClassExA
DefWindowProcA
PostQuitMessage
UnregisterClassA
GetPriorityClipboardFormat
GetKeyboardState
LoadIconA
LoadCursorA
SetWindowsHookExA
GetWindowThreadProcessId
GetForegroundWindow

gdi32

GetObjectA
CreateDIBSection
SelectObject
SaveDC
RestoreDC
DeleteObject
DeleteDC
CreateDCA
CreateCompatibleDC
BitBlt
GetDeviceCaps

shell32

SHGetSpecialFolderPathW
SHGetSpecialFolderPathA
DragQueryFileW
DragQueryFileA

gdiplus

GdipGetImageEncoders
GdipGetImageEncodersSize
GdipCreateBitmapFromHBITMAP
GdipCreateBitmapFromScan0
GdipSaveImageToFile
GdipDisposeImage
GdipCloneImage
GdiplusShutdown
GdiplusStartup
GdipFree
GdipAlloc

iphlpapi

GetAdaptersInfo

advapi32

SystemFunction036

Exports

Exports

?NCDevCall@@YAHPEAUHWND__@@QEAGHH@Z
?g_bSubclassed@@3HA
?strcat_s2@@YAHPEADHPEBD@Z
?strcpy_s2@@YAHPEADHPEBD@Z
?wcscat_s2@@YAHPEAGHPEBG@Z
?wcscpy_s2@@YAHPEAGHPEBG@Z

Sections

.text
Size: 2.3MB - Virtual size: 2.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 547KB - Virtual size: 546KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 40KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 97KB - Virtual size: 97KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.shared
Size: 38KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 1024B - Virtual size: 777B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.00cfg
Size: 512B - Virtual size: 283B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.09.18_Checkpoint-Rampant_Kitten/3ff1864e5fe1ebcce0a60c9594c9ac9f2eedd94367680dc3d77ca39a0b0e3d06
.dll windows:5 windows x86 arch:x86

ca9eb4aff278287efecbe0016bdb9930

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

shlwapi

PathFindExtensionW
PathFileExistsW

ws2_32

send
connect
inet_addr
htons
WSACleanup
closesocket
socket
inet_ntoa
gethostbyname
WSAStartup
shutdown
recv

wininet

InternetCheckConnectionA

crypt32

CryptUnprotectData

kernel32

SizeofResource
LockResource
LoadResource
FindResourceA
FindResourceExA
LeaveCriticalSection
EnterCriticalSection
GetTickCount
DeleteFileW
CloseHandle
ReadFile
SetFilePointer
CreateFileW
GetLastError
WaitForSingleObject
CreateProcessW
Sleep
DeleteCriticalSection
FindClose
InitializeCriticalSection
FindFirstFileW
MoveFileW
FindNextFileW
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
GetFileTime
GetShortPathNameW
DisableThreadLibraryCalls
CopyFileW
CreateDirectoryW
GetTempPathW
GetFileAttributesW
SetFileTime
SystemTimeToFileTime
TzSpecificLocalTimeToSystemTime
GetFileSize
GetVolumeInformationA
GetDriveTypeA
GetLogicalDriveStringsA
SetCurrentDirectoryA
FreeLibrary
LoadLibraryA
GetModuleFileNameA
InterlockedCompareExchange
GetVersionExA
MultiByteToWideChar
WideCharToMultiByte
AreFileApisANSI
WriteFile
SetEndOfFile
FlushFileBuffers
UnlockFile
LockFile
LockFileEx
UnlockFileEx
GetFileAttributesA
DeleteFileA
GetFileAttributesExW
LoadLibraryW
GetProcAddress
GetStringTypeA
GetCurrentProcessId
GetSystemTime
GetSystemTimeAsFileTime
UnmapViewOfFile
GetTempPathA
LocalFree
FormatMessageA
FormatMessageW
GetFullPathNameA
GetFullPathNameW
GetDiskFreeSpaceA
GetDiskFreeSpaceW
CreateFileA
GetSystemInfo
MapViewOfFile
CreateFileMappingA
GetLocaleInfoA
GetEnvironmentStrings
FreeEnvironmentStringsA
GetModuleHandleA
GetConsoleMode
GetConsoleCP
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetStartupInfoA
GetFileType
SetHandleCount
SetLastError
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
IsValidCodePage
GetCurrentThreadId
GetOEMCP
GetACP
GetStdHandle
ExitProcess
HeapCreate
VirtualFree
GetTimeZoneInformation
GetCPInfo
GetStringTypeW
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
InitializeCriticalSectionAndSpinCount
SetStdHandle
CompareStringW
SetEnvironmentVariableA
SetEnvironmentVariableW
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetLocaleInfoW
CreateThread
ResumeThread
ExitThread
GetProcessHeap
HeapSize
HeapReAlloc
HeapFree
LCMapStringW
LCMapStringA
GetCommandLineA
GetDateFormatA
GetTimeFormatA
RtlUnwind
VirtualQuery
GetModuleHandleW
VirtualAlloc
VirtualProtect
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
QueryPerformanceCounter
CompareStringA
InterlockedIncrement
InterlockedDecrement
InterlockedExchange
RaiseException
HeapDestroy
HeapAlloc
TerminateProcess

user32

RegisterWindowMessageA
CallWindowProcA
CallNextHookEx
ToUnicodeEx
GetKeyboardLayout
GetWindowThreadProcessId
GetKeyboardState
GetWindowTextW
GetForegroundWindow
SystemParametersInfoA
UnhookWindowsHookEx
SetWindowsHookExA
SetWindowLongA
SetTimer
GetMessageA
TranslateMessage
DispatchMessageA
SendMessageA

gdi32

CreateDCA
CreateCompatibleDC
GetDeviceCaps
SaveDC
SelectObject
BitBlt
RestoreDC
DeleteDC
DeleteObject
GetObjectA
CreateDIBSection

advapi32

RegSetValueExW
RegCreateKeyA
RegSetValueExA

shell32

ShellExecuteW
SHGetSpecialFolderPathW

gdiplus

GdipAlloc
GdipCloneImage
GdiplusShutdown
GdiplusStartup
GdipGetImageEncoders
GdipGetImageEncodersSize
GdipCreateBitmapFromHBITMAP
GdipCreateBitmapFromScan0
GdipSaveImageToFile
GdipFree
GdipDisposeImage

urlmon

URLDownloadToFileW

iphlpapi

GetAdaptersInfo

Exports

Exports

?InjectDll@@YAHPAUHWND__@@QAGHH@Z
?g_bSubclassed@@3HA
?strcat_s2@@YAHPADHPBD@Z
?strcpy_s2@@YAHPADHPBD@Z
?wcscat_s2@@YAHPAGHPBG@Z
?wcscpy_s2@@YAHPAGHPBG@Z

Sections

.text
Size: 429KB - Virtual size: 428KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 63KB - Virtual size: 63KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.shared
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.09.18_Checkpoint-Rampant_Kitten/409da7a4f191e37d3d3aa8f36e8c3789fc998b63241a5f05c6816e54ed7dcd3a
.dotm office2007
Malware-Feed-master/2020.09.18_Checkpoint-Rampant_Kitten/41629c54b2f3dd68897c04a8ed10f7c78534ba67a048da75885a857f68b37624
.exe windows:5 windows x86 arch:x86

e5420782542be729da73f4d04115ce35

Code Sign

6b:32:6a:0f:03:28:d3:7a:1d:53:0b:fd:23:bd:48:e2
Certificate

Issuer

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

29-10-2015 11:30

Not After

09-06-2027 11:30

Subject

CN=Certum Code Signing CA SHA2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

10:0d:34:f8:90:8a:df:ca:54:bd:cc:60:13:9a:7d:a8
Certificate

Issuer

CN=Certum Code Signing CA SHA2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

31-01-2018 15:40

Not After

31-01-2019 15:40

Subject

CN=Open Source Developer\, Dominik Reichl,O=Open Source Developer,L=Metzingen,C=DE,1.2.840.113549.1.9.1=#0c166365727440646f6d696e696b2d72656963686c2e6465

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

fe:67:e4:f1:5a:24:e3:c6:0d:54:7c:a0:20:c2:76:70
Certificate

Issuer

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

08-03-2016 13:10

Not After

30-05-2027 13:10

Subject

CN=Certum EV TSA SHA2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

6b:32:6a:0f:03:28:d3:7a:1d:53:0b:fd:23:bd:48:e2
Certificate

Issuer

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

29-10-2015 11:30

Not After

09-06-2027 11:30

Subject

CN=Certum Code Signing CA SHA2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

10:0d:34:f8:90:8a:df:ca:54:bd:cc:60:13:9a:7d:a8
Certificate

Issuer

CN=Certum Code Signing CA SHA2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

31-01-2018 15:40

Not After

31-01-2019 15:40

Subject

CN=Open Source Developer\, Dominik Reichl,O=Open Source Developer,L=Metzingen,C=DE,1.2.840.113549.1.9.1=#0c166365727440646f6d696e696b2d72656963686c2e6465

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

fe:67:e4:f1:5a:24:e3:c6:0d:54:7c:a0:20:c2:76:70
Certificate

Issuer

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

08-03-2016 13:10

Not After

30-05-2027 13:10

Subject

CN=Certum EV TSA SHA2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

31:52:f5:89:7d:09:50:0f:42:fb:c8:95:09:36:67:6e:17:e6:a7:8f:9a:0e:93:f4:2d:76:a7:72:8c:cc:a0:55
Signer

Actual PE Digest

31:52:f5:89:7d:09:50:0f:42:fb:c8:95:09:36:67:6e:17:e6:a7:8f:9a:0e:93:f4:2d:76:a7:72:8c:cc:a0:55

Digest Algorithm

sha256

PE Digest Matches

false

1e:8e:fc:bd:9f:84:a9:5f:cb:65:a5:14:8e:5f:02:bb:f9:aa:04:d3
Signer

Actual PE Digest

1e:8e:fc:bd:9f:84:a9:5f:cb:65:a5:14:8e:5f:02:bb:f9:aa:04:d3

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

winspool.drv

DocumentPropertiesW
ClosePrinter
OpenPrinterW
GetDefaultPrinterW
EnumPrintersW

comctl32

ImageList_GetImageInfo
FlatSB_SetScrollInfo
ImageList_DragMove
ImageList_Destroy
_TrackMouseEvent
ImageList_DragShowNolock
ImageList_Add
FlatSB_SetScrollProp
ImageList_GetDragImage
ImageList_Create
ImageList_EndDrag
ImageList_DrawEx
ImageList_SetImageCount
FlatSB_GetScrollPos
FlatSB_SetScrollPos
InitializeFlatSB
ImageList_Copy
FlatSB_GetScrollInfo
ImageList_Write
ImageList_SetBkColor
ImageList_GetBkColor
ImageList_BeginDrag
ImageList_GetIcon
ImageList_Replace
ImageList_GetImageCount
ImageList_DragEnter
ImageList_GetIconSize
ImageList_SetIconSize
ImageList_Read
ImageList_DragLeave
ImageList_LoadImageW
ImageList_Draw
ImageList_Remove
ImageList_ReplaceIcon
ImageList_SetOverlayImage

shell32

Shell_NotifyIconW
ShellExecuteW

user32

CopyImage
CreateWindowExW
GetMenuItemInfoW
SetMenuItemInfoW
DefFrameProcW
GetDCEx
PeekMessageW
MonitorFromWindow
GetDlgCtrlID
SetTimer
WindowFromPoint
BeginPaint
RegisterClipboardFormatW
FrameRect
MapVirtualKeyW
IsWindowUnicode
RegisterWindowMessageW
FillRect
GetMenuStringW
DispatchMessageW
CreateAcceleratorTableW
SendMessageA
DefMDIChildProcW
EnumWindows
GetClassInfoW
ShowOwnedPopups
GetSystemMenu
GetScrollRange
SetScrollPos
GetScrollPos
GetActiveWindow
SetActiveWindow
DrawEdge
GetKeyboardLayoutList
LoadBitmapW
DrawFocusRect
EnumChildWindows
GetScrollBarInfo
ReleaseCapture
UnhookWindowsHookEx
LoadCursorW
GetCapture
SetCapture
CreatePopupMenu
ScrollWindow
ShowCaret
GetMenuItemID
GetLastActivePopup
CharLowerBuffW
GetSystemMetrics
SetWindowLongW
PostMessageW
DrawMenuBar
SetParent
IsZoomed
CharUpperBuffW
GetClientRect
IsChild
ClientToScreen
GetClipboardData
SetClipboardData
SetWindowPlacement
IsIconic
CallNextHookEx
GetMonitorInfoW
ShowWindow
CheckMenuItem
CharUpperW
DefWindowProcW
GetForegroundWindow
SetForegroundWindow
GetWindowTextW
EnableWindow
DestroyWindow
IsDialogMessageW
EndMenu
RegisterClassW
CharNextW
GetWindowThreadProcessId
RedrawWindow
GetDC
GetFocus
SetFocus
EndPaint
ReleaseDC
MsgWaitForMultipleObjectsEx
LoadKeyboardLayoutW
GetClassLongW
ActivateKeyboardLayout
GetParent
DrawTextW
SetScrollRange
MonitorFromRect
InsertMenuItemW
PeekMessageA
GetPropW
SetClassLongW
MessageBoxW
MessageBeep
SetPropW
RemovePropW
UpdateWindow
GetSubMenu
MsgWaitForMultipleObjects
DestroyMenu
DestroyIcon
SetWindowsHookExW
EmptyClipboard
IsWindowVisible
DispatchMessageA
UnregisterClassW
GetTopWindow
SendMessageW
AdjustWindowRectEx
DrawIcon
IsWindow
EnumThreadWindows
InvalidateRect
GetKeyboardState
DrawFrameControl
ScreenToClient
SetCursor
CreateIcon
CreateMenu
LoadStringW
CharLowerW
SetWindowRgn
SetWindowPos
GetMenuItemCount
RemoveMenu
GetSysColorBrush
GetKeyboardLayoutNameW
GetWindowDC
TranslateMessage
OpenClipboard
DrawTextExW
MapWindowPoints
EnumDisplayMonitors
CallWindowProcW
CloseClipboard
DestroyCursor
GetScrollInfo
SetWindowTextW
GetMessageExtraInfo
EnableScrollBar
GetSysColor
TrackPopupMenu
CopyIcon
DrawIconEx
PostQuitMessage
GetClassNameW
ShowScrollBar
EnableMenuItem
GetIconInfo
GetMessagePos
SetScrollInfo
GetKeyNameTextW
GetDesktopWindow
GetCursorPos
SetCursorPos
HideCaret
GetMenu
GetMenuState
SetMenu
SetRect
GetKeyState
FindWindowExW
MonitorFromPoint
SystemParametersInfoW
LoadIconW
GetCursor
GetWindow
GetWindowLongW
GetWindowRect
InsertMenuW
KillTimer
WaitMessage
IsWindowEnabled
IsDialogMessageA
TranslateMDISysAccel
GetWindowPlacement
FindWindowW
DeleteMenu
GetKeyboardLayout

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

oleaut32

SysFreeString
VariantClear
VariantInit
GetErrorInfo
SysReAllocStringLen
SafeArrayCreate
SysAllocStringLen
SafeArrayPtrOfIndex
SafeArrayGetUBound
SafeArrayGetLBound
VariantCopy
VariantChangeType

advapi32

RegSetValueExW
RegConnectRegistryW
RegEnumKeyExW
RegLoadKeyW
GetUserNameW
RegDeleteKeyW
RegOpenKeyExW
RegQueryInfoKeyW
RegUnLoadKeyW
RegSaveKeyW
RegDeleteValueW
RegReplaceKeyW
RegFlushKey
RegQueryValueExW
RegEnumValueW
RegCloseKey
RegCreateKeyExW
RegRestoreKeyW

netapi32

NetWkstaGetInfo
NetApiBufferFree

kernel32

SetFileAttributesW
QueryDosDeviceW
GetACP
LocalFree
CloseHandle
GetCurrentProcessId
SizeofResource
VirtualProtect
QueryPerformanceFrequency
IsDebuggerPresent
FindNextFileW
VirtualFree
GetFullPathNameW
ExitProcess
HeapAlloc
GetCPInfoExW
RtlUnwind
GetCPInfo
EnumSystemLocalesW
GetStdHandle
FileTimeToLocalFileTime
GetModuleHandleW
FreeLibrary
TryEnterCriticalSection
HeapDestroy
FileTimeToDosDateTime
ReadFile
CreateProcessW
HeapSize
GetLastError
GetModuleFileNameW
SetLastError
GlobalAlloc
GlobalUnlock
FindResourceW
CreateThread
CompareStringW
CopyFileW
MapViewOfFile
CreateMutexW
LoadLibraryA
ResetEvent
GetVolumeInformationW
MulDiv
FreeResource
GetDriveTypeW
GetVersion
RaiseException
GlobalAddAtomW
FormatMessageW
SwitchToThread
GetExitCodeThread
GetCurrentThread
LoadLibraryExW
LockResource
GetCurrentThreadId
UnhandledExceptionFilter
VirtualQuery
GlobalFindAtomW
VirtualQueryEx
GlobalFree
Sleep
EnterCriticalSection
SetFilePointer
LoadResource
SuspendThread
GetTickCount
GetFileSize
GetStartupInfoW
GlobalDeleteAtom
GetFileAttributesW
InitializeCriticalSection
GetThreadPriority
GetCurrentProcess
SetThreadPriority
GlobalLock
VirtualAlloc
GetSystemInfo
GetCommandLineW
LeaveCriticalSection
GetProcAddress
ResumeThread
GetLogicalDriveStringsW
GetVersionExW
VerifyVersionInfoW
HeapCreate
GetDiskFreeSpaceW
VerSetConditionMask
FindFirstFileW
GetUserDefaultUILanguage
UnmapViewOfFile
lstrlenW
QueryPerformanceCounter
SetEndOfFile
HeapFree
WideCharToMultiByte
FindClose
MultiByteToWideChar
LoadLibraryW
SetEvent
CreateFileW
GetLocaleInfoW
EnumResourceNamesW
DeleteFileW
GetLocalTime
WaitForSingleObject
WriteFile
CreateFileMappingW
ExitThread
DeleteCriticalSection
GetDateFormatW
TlsGetValue
SetErrorMode
IsValidLocale
TlsSetValue
CreateDirectoryW
GetSystemDefaultUILanguage
EnumCalendarInfoW
LocalAlloc
RemoveDirectoryW
CreateEventW
WaitForMultipleObjectsEx
SetThreadLocale
GetThreadLocale

shfolder

SHGetFolderPathW

ole32

IsEqualGUID
OleInitialize
OleUninitialize
CoInitialize
CoCreateInstance
CoUninitialize
CoTaskMemFree
CoTaskMemAlloc

iphlpapi

GetAdaptersInfo
GetNumberOfInterfaces

gdi32

Pie
SetBkMode
CreateCompatibleBitmap
GetEnhMetaFileHeader
RectVisible
AngleArc
SetAbortProc
SetTextColor
StretchBlt
RoundRect
RestoreDC
SetRectRgn
GetTextMetricsW
GetWindowOrgEx
CreatePalette
PolyBezierTo
CreateICW
CreateDCW
GetStockObject
CreateSolidBrush
Polygon
MoveToEx
PlayEnhMetaFile
Ellipse
StartPage
GetBitmapBits
StartDocW
GetSystemPaletteEntries
GetEnhMetaFileBits
AbortDoc
GetEnhMetaFilePaletteEntries
CreatePenIndirect
CreateFontIndirectW
PolyBezier
EndDoc
GetObjectW
GetWinMetaFileBits
SetROP2
GetEnhMetaFileDescriptionW
ArcTo
Arc
SelectPalette
ExcludeClipRect
MaskBlt
SetWindowOrgEx
EndPage
DeleteEnhMetaFile
Chord
SetDIBits
SetViewportOrgEx
CreateRectRgn
RealizePalette
SetDIBColorTable
GetDIBColorTable
CreateBrushIndirect
PatBlt
SetEnhMetaFileBits
Rectangle
SaveDC
DeleteDC
FrameRgn
BitBlt
GetDeviceCaps
GetTextExtentPoint32W
GetClipBox
IntersectClipRect
Polyline
CreateBitmap
SetWinMetaFileBits
GetStretchBltMode
CreateDIBitmap
SetStretchBltMode
GetDIBits
CreateDIBSection
LineTo
GetRgnBox
EnumFontsW
CreateHalftonePalette
SelectObject
DeleteObject
ExtFloodFill
UnrealizeObject
CopyEnhMetaFileW
SetBkColor
CreateCompatibleDC
GetBrushOrgEx
GetCurrentPositionEx
GetTextExtentPointW
ExtTextOutW
SetBrushOrgEx
GetPixel
GdiFlush
SetPixel
EnumFontFamiliesExW
StretchDIBits
GetPaletteEntries

Exports

Exports

TMethodImplementationIntercept
__dbk_fcall_wrapper
dbkFCallWrapperAddr

Sections

.text
Size: 2.0MB - Virtual size: 2.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 21KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 24KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.didata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 160B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: - Virtual size: 72B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 93B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 184KB - Virtual size: 184KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 7.1MB - Virtual size: 7.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.09.18_Checkpoint-Rampant_Kitten/41d3378e99a410756170056e4941e86325826c45389ae18172114be535a73355
.exe windows:5 windows x86 arch:x86

a42dc50e3192a1164db2bc45bf0a51e3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\Users\MRH\Desktop\Source 920208\SelfExtract_Unicode_921028\Debug\Example.pdb

Imports

shlwapi

PathFileExistsW

shell32

ShellExecuteW

kernel32

GetStdHandle
CompareStringW
CompareStringA
SetEndOfFile
CopyFileW
GetTempPathW
GetShortPathNameW
GetModuleFileNameW
InterlockedIncrement
InterlockedDecrement
WideCharToMultiByte
MultiByteToWideChar
InterlockedCompareExchange
InterlockedExchange
Sleep
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
RaiseException
RtlUnwind
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCPInfo
GetCommandLineA
GetStartupInfoA
HeapValidate
IsBadReadPtr
GetLastError
LCMapStringA
LCMapStringW
GetStringTypeW
DebugBreak
lstrlenA
GetProcAddress
LoadLibraryA
FatalAppExitA
TlsGetValue
GetModuleHandleW
TlsAlloc
TlsSetValue
GetCurrentThreadId
TlsFree
SetLastError
GetCurrentThread
WriteFile
GetConsoleCP
GetConsoleMode
SetHandleCount
SetEnvironmentVariableA
GetFileType
ReadFile
SetFilePointer
FlushFileBuffers
CloseHandle
OutputDebugStringA
WriteConsoleW
OutputDebugStringW
ExitProcess
SetConsoleCtrlHandler
LoadLibraryW
GetStringTypeA
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapDestroy
HeapCreate
HeapFree
VirtualFree
HeapAlloc
HeapSize
HeapReAlloc
VirtualAlloc
GetACP
GetOEMCP
IsValidCodePage
GetTimeFormatA
GetDateFormatA
GetLocaleInfoA
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
GetProcessHeap
VirtualQuery
FreeLibrary
InitializeCriticalSectionAndSpinCount
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
GetLocaleInfoW
CreateFileW
GetTimeZoneInformation
CreateFileA

Sections

.textbss
Size: - Virtual size: 225KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 479KB - Virtual size: 479KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 87KB - Virtual size: 87KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 282KB - Virtual size: 281KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.09.18_Checkpoint-Rampant_Kitten/4415e6240b037f4ac693c7e4a88f5ab2567b68dddbaa8fbfb0b40d37748fa8ba
.exe windows:5 windows x86 arch:x86

c54321c97535def48d8ace5e45ef3375

Code Sign

01:34:25:92:a0:01:0c:b1:10:9c:11:c0:51:9c:fd:24
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

03-05-2019 00:00

Not After

11-05-2022 12:00

Subject

CN=Notepad\+\+,O=Notepad\+\+,L=Saint Cloud,ST=Ile-de-France,C=FR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22-10-2013 12:00

Not After

22-10-2028 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

Issuer

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22-10-2014 00:00

Not After

22-10-2024 00:00

Subject

CN=DigiCert Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10-11-2006 00:00

Not After

10-11-2021 00:00

Subject

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageEmailProtection
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

72:f2:a3:55:b8:a8:54:75:3e:14:d8:5f:ec:08:71:1f:ff:48:7e:cf
Signer

Actual PE Digest

72:f2:a3:55:b8:a8:54:75:3e:14:d8:5f:ec:08:71:1f:ff:48:7e:cf

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

winspool.drv

DocumentPropertiesW
ClosePrinter
OpenPrinterW
GetDefaultPrinterW
EnumPrintersW

comctl32

ImageList_GetImageInfo
FlatSB_SetScrollInfo
ImageList_DragMove
ImageList_Destroy
_TrackMouseEvent
ImageList_DragShowNolock
ImageList_Add
FlatSB_SetScrollProp
ImageList_GetDragImage
ImageList_Create
ImageList_EndDrag
ImageList_DrawEx
ImageList_SetImageCount
FlatSB_GetScrollPos
FlatSB_SetScrollPos
InitializeFlatSB
ImageList_Copy
FlatSB_GetScrollInfo
ImageList_Write
ImageList_SetBkColor
ImageList_GetBkColor
ImageList_BeginDrag
ImageList_GetIcon
ImageList_Replace
ImageList_GetImageCount
ImageList_DragEnter
ImageList_GetIconSize
ImageList_SetIconSize
ImageList_Read
ImageList_DragLeave
ImageList_LoadImageW
ImageList_Draw
ImageList_Remove
ImageList_ReplaceIcon
ImageList_SetOverlayImage

shell32

Shell_NotifyIconW
ShellExecuteW

user32

CopyImage
CreateWindowExW
GetMenuItemInfoW
SetMenuItemInfoW
DefFrameProcW
GetDCEx
PeekMessageW
MonitorFromWindow
GetDlgCtrlID
SetTimer
WindowFromPoint
BeginPaint
RegisterClipboardFormatW
FrameRect
MapVirtualKeyW
IsWindowUnicode
RegisterWindowMessageW
FillRect
GetMenuStringW
DispatchMessageW
CreateAcceleratorTableW
SendMessageA
DefMDIChildProcW
EnumWindows
GetClassInfoW
ShowOwnedPopups
GetSystemMenu
GetScrollRange
SetScrollPos
GetScrollPos
GetActiveWindow
SetActiveWindow
DrawEdge
GetKeyboardLayoutList
LoadBitmapW
DrawFocusRect
EnumChildWindows
GetScrollBarInfo
ReleaseCapture
UnhookWindowsHookEx
LoadCursorW
GetCapture
SetCapture
CreatePopupMenu
ScrollWindow
ShowCaret
GetMenuItemID
GetLastActivePopup
CharLowerBuffW
GetSystemMetrics
SetWindowLongW
PostMessageW
DrawMenuBar
SetParent
IsZoomed
CharUpperBuffW
GetClientRect
IsChild
ClientToScreen
GetClipboardData
SetClipboardData
SetWindowPlacement
IsIconic
CallNextHookEx
GetMonitorInfoW
ShowWindow
CheckMenuItem
CharUpperW
DefWindowProcW
GetForegroundWindow
SetForegroundWindow
GetWindowTextW
EnableWindow
DestroyWindow
IsDialogMessageW
EndMenu
RegisterClassW
CharNextW
GetWindowThreadProcessId
RedrawWindow
GetDC
GetFocus
SetFocus
EndPaint
ReleaseDC
MsgWaitForMultipleObjectsEx
LoadKeyboardLayoutW
GetClassLongW
ActivateKeyboardLayout
GetParent
DrawTextW
SetScrollRange
MonitorFromRect
InsertMenuItemW
PeekMessageA
GetPropW
SetClassLongW
MessageBoxW
MessageBeep
SetPropW
RemovePropW
UpdateWindow
GetSubMenu
MsgWaitForMultipleObjects
DestroyMenu
DestroyIcon
SetWindowsHookExW
EmptyClipboard
IsWindowVisible
DispatchMessageA
UnregisterClassW
GetTopWindow
SendMessageW
AdjustWindowRectEx
DrawIcon
IsWindow
EnumThreadWindows
GetMessageTime
InvalidateRect
GetKeyboardState
DrawFrameControl
ScreenToClient
SetCursor
CreateIcon
CreateMenu
LoadStringW
CharLowerW
SetWindowRgn
SetWindowPos
GetMenuItemCount
RemoveMenu
GetSysColorBrush
GetKeyboardLayoutNameW
GetWindowDC
TranslateMessage
OpenClipboard
DrawTextExW
MapWindowPoints
EnumDisplayMonitors
CallWindowProcW
CloseClipboard
DestroyCursor
GetScrollInfo
SetWindowTextW
GetMessageExtraInfo
EnableScrollBar
GetSysColor
TrackPopupMenu
CopyIcon
DrawIconEx
PostQuitMessage
GetClassNameW
ShowScrollBar
EnableMenuItem
GetIconInfo
GetMessagePos
SetScrollInfo
GetKeyNameTextW
GetDesktopWindow
GetCursorPos
SetCursorPos
HideCaret
GetMenu
GetMenuState
SetMenu
SetRect
GetKeyState
FindWindowExW
MonitorFromPoint
SystemParametersInfoW
LoadIconW
GetCursor
GetWindow
GetWindowLongW
GetWindowRect
InsertMenuW
KillTimer
WaitMessage
IsWindowEnabled
IsDialogMessageA
TranslateMDISysAccel
GetWindowPlacement
FindWindowW
DeleteMenu
GetKeyboardLayout

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

oleaut32

SysFreeString
VariantClear
VariantInit
GetErrorInfo
SysReAllocStringLen
SafeArrayCreate
GetActiveObject
SysAllocStringLen
SafeArrayPtrOfIndex
SafeArrayGetUBound
SafeArrayGetLBound
VariantCopy
VariantChangeType

advapi32

RegSetValueExW
RegConnectRegistryW
RegEnumKeyExW
RegLoadKeyW
GetUserNameW
RegDeleteKeyW
RegOpenKeyExW
RegQueryInfoKeyW
RegUnLoadKeyW
RegSaveKeyW
RegDeleteValueW
RegReplaceKeyW
RegFlushKey
RegQueryValueExW
RegEnumValueW
RegCloseKey
RegCreateKeyExW
RegRestoreKeyW

netapi32

NetWkstaGetInfo
NetApiBufferFree

kernel32

GetACP
LocalFree
CloseHandle
GetCurrentProcessId
SizeofResource
VirtualProtect
QueryPerformanceFrequency
IsDebuggerPresent
VirtualFree
GetFullPathNameW
ExitProcess
HeapAlloc
GetCPInfoExW
GlobalSize
RtlUnwind
GetCPInfo
EnumSystemLocalesW
CreateWaitableTimerW
GetStdHandle
GetTimeZoneInformation
GetModuleHandleW
FreeLibrary
TryEnterCriticalSection
HeapDestroy
ReadFile
GetUserDefaultLCID
CreateProcessW
HeapSize
GetLastError
GetModuleFileNameW
SetLastError
GlobalAlloc
GlobalUnlock
FindResourceW
CreateThread
CompareStringW
CreateMutexW
LoadLibraryA
ResetEvent
MulDiv
FreeResource
GetVersion
RaiseException
GlobalAddAtomW
FormatMessageW
SwitchToThread
GetExitCodeThread
GetCurrentThread
LoadLibraryExW
LockResource
GetCurrentThreadId
UnhandledExceptionFilter
VirtualQuery
GlobalFindAtomW
VirtualQueryEx
GlobalFree
Sleep
EnterCriticalSection
SetFilePointer
LoadResource
SuspendThread
GetTickCount
GetFileSize
GetStartupInfoW
GlobalDeleteAtom
GetFileAttributesW
InitializeCriticalSection
GetThreadPriority
GetCurrentProcess
SetThreadPriority
GlobalLock
VirtualAlloc
GetSystemInfo
GetCommandLineW
GetTempPathW
LeaveCriticalSection
GetProcAddress
ResumeThread
SetWaitableTimer
CancelWaitableTimer
GetVersionExW
VerifyVersionInfoW
HeapCreate
GetDiskFreeSpaceW
VerSetConditionMask
FindFirstFileW
GetUserDefaultUILanguage
lstrlenW
QueryPerformanceCounter
SetEndOfFile
HeapFree
WideCharToMultiByte
FindClose
MultiByteToWideChar
LoadLibraryW
SetEvent
CreateFileW
GetLocaleInfoW
EnumResourceNamesW
DeleteFileW
GetLocalTime
WaitForSingleObject
WriteFile
ExitThread
DeleteCriticalSection
GetDateFormatW
TlsGetValue
SetErrorMode
GetComputerNameW
IsValidLocale
TlsSetValue
CreateDirectoryW
GetSystemDefaultUILanguage
EnumCalendarInfoW
LocalAlloc
RemoveDirectoryW
CreateEventW
WaitForMultipleObjectsEx
SetThreadLocale
GetThreadLocale

shfolder

SHGetFolderPathW

ole32

OleRegEnumVerbs
IsAccelerator
CoCreateInstance
CoUninitialize
IsEqualGUID
CreateStreamOnHGlobal
OleInitialize
ProgIDFromCLSID
OleUninitialize
CoGetClassObject
CoInitialize
CoTaskMemFree
OleDraw
CoTaskMemAlloc
OleSetMenuDescriptor
StringFromCLSID

iphlpapi

GetAdaptersInfo
GetNumberOfInterfaces

gdi32

Pie
SetBkMode
CreateCompatibleBitmap
GetEnhMetaFileHeader
CloseEnhMetaFile
RectVisible
AngleArc
SetAbortProc
SetTextColor
StretchBlt
RoundRect
RestoreDC
SetRectRgn
GetTextMetricsW
GetWindowOrgEx
CreatePalette
PolyBezierTo
CreateICW
CreateDCW
GetStockObject
CreateSolidBrush
Polygon
MoveToEx
PlayEnhMetaFile
Ellipse
StartPage
GetBitmapBits
StartDocW
AbortDoc
GetSystemPaletteEntries
GetEnhMetaFileBits
GetEnhMetaFilePaletteEntries
CreatePenIndirect
SetMapMode
CreateFontIndirectW
PolyBezier
LPtoDP
EndDoc
GetObjectW
GetWinMetaFileBits
SetROP2
GetEnhMetaFileDescriptionW
ArcTo
CreateEnhMetaFileW
Arc
SelectPalette
ExcludeClipRect
MaskBlt
SetWindowOrgEx
EndPage
DeleteEnhMetaFile
Chord
SetDIBits
SetViewportOrgEx
CreateRectRgn
RealizePalette
SetDIBColorTable
GetDIBColorTable
CreateBrushIndirect
PatBlt
SetEnhMetaFileBits
Rectangle
SaveDC
DeleteDC
FrameRgn
BitBlt
GetDeviceCaps
GetTextExtentPoint32W
GetClipBox
IntersectClipRect
Polyline
CreateBitmap
SetWinMetaFileBits
GetStretchBltMode
CreateDIBitmap
SetStretchBltMode
GetDIBits
CreateDIBSection
LineTo
GetRgnBox
EnumFontsW
CreateHalftonePalette
SelectObject
DeleteObject
ExtFloodFill
UnrealizeObject
CopyEnhMetaFileW
SetBkColor
CreateCompatibleDC
GetBrushOrgEx
GetCurrentPositionEx
GetTextExtentPointW
ExtTextOutW
SetBrushOrgEx
GetPixel
GdiFlush
SetPixel
EnumFontFamiliesExW
StretchDIBits
GetPaletteEntries

Exports

Exports

TMethodImplementationIntercept
__dbk_fcall_wrapper
dbkFCallWrapperAddr

Sections

.text
Size: 2.3MB - Virtual size: 2.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 24KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.didata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: - Virtual size: 72B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 93B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 219KB - Virtual size: 219KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 2.0MB - Virtual size: 2.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.debug
Size: 13.8MB - Virtual size: 13.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.09.18_Checkpoint-Rampant_Kitten/4c0c33fff8d4929f7a0d742f1d251b61794b185538b8ceb4939283d1b3d73795
.dll windows:5 windows x64 arch:x64

b03ea68ff3fa8b884c907f0f3599b2f3

Code Sign

bd:12:ac:19:af:9e:c0:fa:52:83:a8:24:59:7c:0a:57
Certificate

Issuer

CN=COMODO RSA Extended Validation Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

23-09-2019 00:00

Not After

22-09-2020 23:59

Subject

SERIALNUMBER=94349,CN=Telegram FZ-LLC,O=Telegram FZ-LLC,STREET=Business Central Towers\, Tower A\, Office 2301 2303,L=Dubai,ST=Dubai,C=AE,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.3=#13024145

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

6d:d4:72:eb:02:ae:04:06:e3:dd:84:3f:5f:e1:45:e1
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

03-12-2014 00:00

Not After

02-12-2029 23:59

Subject

CN=COMODO RSA Extended Validation Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

3d:1a:35:72:30:15:82:63:30:d0:13:71:7e:82:41:08
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

02-05-2019 00:00

Not After

01-08-2030 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #1,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02-05-2019 00:00

Not After

18-01-2038 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

48:d0:14:7d:94:f7:4e:07:c6:86:0f:3b:81:a7:56:2e:53:21:32:07
Signer

Actual PE Digest

48:d0:14:7d:94:f7:4e:07:c6:86:0f:3b:81:a7:56:2e:53:21:32:07

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

EnterCriticalSection
RtlUnwindEx
GetACP
CloseHandle
LocalFree
TlsAlloc
GetTickCount
TerminateThread
VirtualFree
GetStartupInfoW
ExitProcess
GetFileAttributesW
InitializeCriticalSection
VirtualAlloc
WriteProcessMemory
RtlUnwind
GetCPInfo
GetCommandLineW
GetSystemInfo
GetProcAddress
LeaveCriticalSection
EnumSystemLocalesW
VirtualAllocEx
GetStdHandle
GetVersionExW
VerifyVersionInfoW
GetModuleHandleW
FreeLibrary
GetDiskFreeSpaceW
VerSetConditionMask
GetUserDefaultUILanguage
FindFirstFileW
TlsFree
CreateRemoteThread
SetLastError
GetModuleFileNameW
GetLastError
lstrlenW
CreateThread
CompareStringW
WideCharToMultiByte
MultiByteToWideChar
FindClose
LoadLibraryW
LoadLibraryA
ResetEvent
SetEvent
CreateFileW
GetLocaleInfoW
GetVersion
DeleteFileW
MoveFileW
RaiseException
OpenProcess
SwitchToThread
GetLocalTime
WaitForSingleObject
WriteFile
DeleteCriticalSection
TlsGetValue
IsValidLocale
TlsSetValue
VirtualFreeEx
LoadLibraryExW
GetSystemDefaultUILanguage
EnumCalendarInfoW
LocalAlloc
GetCurrentThreadId
UnhandledExceptionFilter
VirtualQuery
CreateEventW
GetThreadLocale
Sleep
SetThreadLocale

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

user32

GetMessageW
CharUpperBuffW
CharNextW
TranslateMessage
CharLowerBuffW
LoadStringW
CharUpperW
GetSystemMetrics
DispatchMessageW
MessageBoxW

oleaut32

SysAllocStringLen
SysFreeString
SysReAllocStringLen

netapi32

NetWkstaGetInfo
NetApiBufferFree

advapi32

RegQueryValueExW
RegCloseKey
RegOpenKeyExW

Exports

Exports

StartWork2
__dbk_fcall_wrapper
dbkFCallWrapperAddr

Sections

.text
Size: 175KB - Virtual size: 175KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 42KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.didata
Size: 1024B - Virtual size: 608B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 143B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 69B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.pdata
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.09.18_Checkpoint-Rampant_Kitten/4ea4671ef8678197dbc82a584832d0dd23d67b0427873ac610bb266d0678f305
.exe windows:5 windows x86 arch:x86

c14d32f92d4369cceb5d08372bfbfa6e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

GetACP
LocalFree
CloseHandle
GetCurrentProcessId
SizeofResource
VirtualProtect
QueryPerformanceFrequency
IsDebuggerPresent
VirtualFree
GetFullPathNameW
ExitProcess
HeapAlloc
GetCPInfoExW
GlobalSize
RtlUnwind
GetCPInfo
EnumSystemLocalesW
GetStdHandle
GetTimeZoneInformation
GetModuleHandleW
FreeLibrary
TryEnterCriticalSection
HeapDestroy
ReadFile
GetUserDefaultLCID
HeapSize
GetLastError
GetModuleFileNameW
SetLastError
GlobalAlloc
GlobalUnlock
FindResourceW
CreateThread
CompareStringW
CreateMutexW
LoadLibraryA
ResetEvent
MulDiv
FreeResource
GetVersion
RaiseException
GlobalAddAtomW
FormatMessageW
SwitchToThread
GetExitCodeThread
GetCurrentThread
LoadLibraryExW
LockResource
GetCurrentThreadId
UnhandledExceptionFilter
VirtualQuery
GlobalFindAtomW
VirtualQueryEx
GlobalFree
Sleep
EnterCriticalSection
SetFilePointer
LoadResource
SuspendThread
GetTickCount
GetStartupInfoW
GlobalDeleteAtom
GetFileAttributesW
InitializeCriticalSection
GetThreadPriority
GetCurrentProcess
SetThreadPriority
GlobalLock
VirtualAlloc
GetSystemInfo
GetCommandLineW
LeaveCriticalSection
GetProcAddress
ResumeThread
GetVersionExW
VerifyVersionInfoW
HeapCreate
VerSetConditionMask
GetDiskFreeSpaceW
FindFirstFileW
GetUserDefaultUILanguage
lstrlenW
QueryPerformanceCounter
SetEndOfFile
HeapFree
WideCharToMultiByte
FindClose
MultiByteToWideChar
LoadLibraryW
SetEvent
CreateFileW
GetLocaleInfoW
EnumResourceNamesW
DeleteFileW
GetLocalTime
WaitForSingleObject
WriteFile
ExitThread
DeleteCriticalSection
GetDateFormatW
TlsGetValue
SetErrorMode
GetComputerNameW
IsValidLocale
TlsSetValue
GetSystemDefaultUILanguage
EnumCalendarInfoW
LocalAlloc
RemoveDirectoryW
CreateEventW
WaitForMultipleObjectsEx
SetThreadLocale
GetThreadLocale

winspool.drv

DocumentPropertiesW
ClosePrinter
OpenPrinterW
GetDefaultPrinterW
EnumPrintersW

comctl32

ImageList_GetImageInfo
FlatSB_SetScrollInfo
ImageList_DragMove
ImageList_Destroy
_TrackMouseEvent
ImageList_DragShowNolock
ImageList_Add
FlatSB_SetScrollProp
ImageList_GetDragImage
ImageList_Create
ImageList_EndDrag
ImageList_DrawEx
ImageList_SetImageCount
FlatSB_GetScrollPos
FlatSB_SetScrollPos
InitializeFlatSB
ImageList_Copy
FlatSB_GetScrollInfo
ImageList_Write
ImageList_SetBkColor
ImageList_GetBkColor
ImageList_BeginDrag
ImageList_GetIcon
ImageList_Replace
ImageList_GetImageCount
ImageList_DragEnter
ImageList_GetIconSize
ImageList_SetIconSize
ImageList_Read
ImageList_DragLeave
ImageList_LoadImageW
ImageList_Draw
ImageList_Remove
ImageList_ReplaceIcon
ImageList_SetOverlayImage

shell32

Shell_NotifyIconW

ole32

OleRegEnumVerbs
IsAccelerator
CoCreateInstance
CoUninitialize
IsEqualGUID
CreateStreamOnHGlobal
OleInitialize
ProgIDFromCLSID
CoGetMalloc
OleUninitialize
CoGetClassObject
CoInitialize
CoTaskMemFree
OleDraw
CoTaskMemAlloc
OleSetMenuDescriptor
StringFromCLSID

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

user32

CopyImage
CreateWindowExW
GetMenuItemInfoW
SetMenuItemInfoW
DefFrameProcW
GetDCEx
PeekMessageW
MonitorFromWindow
GetDlgCtrlID
SetTimer
WindowFromPoint
BeginPaint
RegisterClipboardFormatW
FrameRect
MapVirtualKeyW
IsWindowUnicode
RegisterWindowMessageW
FillRect
GetMenuStringW
DispatchMessageW
CreateAcceleratorTableW
SendMessageA
DefMDIChildProcW
EnumWindows
GetClassInfoW
GetClassInfoExW
ShowOwnedPopups
GetSystemMenu
GetScrollRange
SetScrollPos
GetScrollPos
GetActiveWindow
SetActiveWindow
DrawEdge
GetKeyboardLayoutList
LoadBitmapW
DrawFocusRect
EnumChildWindows
GetScrollBarInfo
ReleaseCapture
UnhookWindowsHookEx
LoadCursorW
GetCapture
SetCapture
CreatePopupMenu
ScrollWindow
ShowCaret
GetMenuItemID
GetLastActivePopup
CharLowerBuffW
GetSystemMetrics
SetWindowLongW
PostMessageW
DrawMenuBar
SetParent
IsZoomed
CharUpperBuffW
GetClientRect
IsChild
ClientToScreen
GetClipboardData
SetClipboardData
SetWindowPlacement
IsIconic
CallNextHookEx
GetMonitorInfoW
ShowWindow
CheckMenuItem
CharUpperW
DefWindowProcW
GetForegroundWindow
SetForegroundWindow
GetWindowTextW
EnableWindow
DestroyWindow
IsDialogMessageW
EndMenu
RegisterClassW
CharNextW
GetWindowThreadProcessId
RedrawWindow
GetDC
GetFocus
SetFocus
EndPaint
ReleaseDC
MsgWaitForMultipleObjectsEx
LoadKeyboardLayoutW
GetClassLongW
ActivateKeyboardLayout
GetParent
DrawTextW
SetScrollRange
MonitorFromRect
InsertMenuItemW
PeekMessageA
GetPropW
SetClassLongW
MessageBoxW
MessageBeep
SetPropW
RemovePropW
UpdateWindow
GetSubMenu
MsgWaitForMultipleObjects
DestroyMenu
DestroyIcon
SetWindowsHookExW
EmptyClipboard
IsWindowVisible
DispatchMessageA
UnregisterClassW
GetTopWindow
SendMessageW
AdjustWindowRectEx
DrawIcon
IsWindow
EnumThreadWindows
GetMessageTime
InvalidateRect
GetKeyboardState
DrawFrameControl
ScreenToClient
SetCursor
CreateIcon
CreateMenu
LoadStringW
CharLowerW
SetWindowRgn
SetWindowPos
GetMenuItemCount
RemoveMenu
GetSysColorBrush
GetKeyboardLayoutNameW
GetWindowDC
TranslateMessage
OpenClipboard
DrawTextExW
MapWindowPoints
EnumDisplayMonitors
CallWindowProcW
CloseClipboard
DestroyCursor
GetScrollInfo
SetWindowTextW
GetMessageExtraInfo
EnableScrollBar
GetSysColor
TrackPopupMenu
CopyIcon
DrawIconEx
PostQuitMessage
GetClassNameW
ShowScrollBar
EnableMenuItem
GetIconInfo
GetMessagePos
SetScrollInfo
GetKeyNameTextW
GetDesktopWindow
GetCursorPos
SetCursorPos
HideCaret
GetMenu
GetMenuState
SetMenu
SetRect
GetKeyState
FindWindowExW
MonitorFromPoint
SystemParametersInfoW
LoadIconW
GetCursor
GetWindow
GetWindowLongW
GetWindowRect
InsertMenuW
KillTimer
WaitMessage
IsWindowEnabled
IsDialogMessageA
TranslateMDISysAccel
GetWindowPlacement
FindWindowW
DeleteMenu
GetKeyboardLayout

oleaut32

SafeArrayPutElement
GetErrorInfo
VariantInit
VariantClear
SysFreeString
SafeArrayAccessData
SysReAllocStringLen
SafeArrayCreate
SafeArrayGetElement
GetActiveObject
SysAllocStringLen
SafeArrayUnaccessData
SafeArrayPtrOfIndex
VariantCopy
SafeArrayGetUBound
SafeArrayGetLBound
VariantCopyInd
VariantChangeType

netapi32

NetWkstaGetInfo
NetApiBufferFree

advapi32

RegSetValueExW
RegConnectRegistryW
RegEnumKeyExW
RegLoadKeyW
GetUserNameW
RegDeleteKeyW
RegOpenKeyExW
RegQueryInfoKeyW
RegUnLoadKeyW
RegSaveKeyW
RegDeleteValueW
RegReplaceKeyW
RegFlushKey
RegQueryValueExW
RegEnumValueW
RegCloseKey
RegCreateKeyExW
RegRestoreKeyW

gdi32

Pie
SetBkMode
CreateCompatibleBitmap
GetEnhMetaFileHeader
CloseEnhMetaFile
RectVisible
AngleArc
SetAbortProc
SetTextColor
StretchBlt
RoundRect
RestoreDC
SetRectRgn
GetTextMetricsW
GetWindowOrgEx
CreatePalette
PolyBezierTo
CreateICW
CreateDCW
GetStockObject
CreateSolidBrush
Polygon
MoveToEx
PlayEnhMetaFile
Ellipse
StartPage
GetBitmapBits
StartDocW
AbortDoc
GetSystemPaletteEntries
GetEnhMetaFileBits
GetEnhMetaFilePaletteEntries
CreatePenIndirect
SetMapMode
CreateFontIndirectW
PolyBezier
LPtoDP
EndDoc
GetObjectW
GetWinMetaFileBits
SetROP2
GetEnhMetaFileDescriptionW
ArcTo
CreateEnhMetaFileW
Arc
SelectPalette
ExcludeClipRect
MaskBlt
SetWindowOrgEx
EndPage
DeleteEnhMetaFile
Chord
SetDIBits
SetViewportOrgEx
CreateRectRgn
RealizePalette
SetDIBColorTable
GetDIBColorTable
CreateBrushIndirect
PatBlt
SetEnhMetaFileBits
Rectangle
SaveDC
DeleteDC
FrameRgn
BitBlt
GetDeviceCaps
GetTextExtentPoint32W
GetClipBox
IntersectClipRect
Polyline
CreateBitmap
SetWinMetaFileBits
GetStretchBltMode
CreateDIBitmap
SetStretchBltMode
GetDIBits
CreateDIBSection
LineTo
GetRgnBox
EnumFontsW
CreateHalftonePalette
SelectObject
DeleteObject
ExtFloodFill
UnrealizeObject
CopyEnhMetaFileW
SetBkColor
CreateCompatibleDC
GetBrushOrgEx
GetCurrentPositionEx
GetTextExtentPointW
ExtTextOutW
SetBrushOrgEx
GetPixel
GdiFlush
SetPixel
EnumFontFamiliesExW
StretchDIBits
GetPaletteEntries

Exports

Exports

TMethodImplementationIntercept
__dbk_fcall_wrapper
dbkFCallWrapperAddr

Sections

.text
Size: 2.0MB - Virtual size: 2.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 24KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.didata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 162B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: - Virtual size: 72B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 93B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 193KB - Virtual size: 193KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 397KB - Virtual size: 397KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.debug
Size: 13.2MB - Virtual size: 13.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.09.18_Checkpoint-Rampant_Kitten/509ab695001be527b6c32f2d200067f2d433169e86724336579e08ea44799dd6
.exe windows:5 windows x86 arch:x86

2a5a94916f342c239faa16a5490028d3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\Aslan\C\Telegram\Desktop\TBuild32\tdesktop\out\Release\Updater.exe.pdb

Imports

kernel32

FindNextFileW
GetCurrentProcess
WriteFile
ExpandEnvironmentStringsW
RemoveDirectoryW
GetModuleFileNameW
GetEnvironmentVariableW
FindClose
CreateFileW
GetCurrentThreadId
Sleep
FormatMessageW
GetLastError
GetFullPathNameW
CloseHandle
LoadLibraryW
GetLocalTime
GetProcAddress
LocalFree
GetCurrentProcessId
GetModuleHandleW
CopyFileW
SetUnhandledExceptionFilter
FlushFileBuffers
WriteConsoleW
SetFilePointerEx
GetCommandLineW
FindFirstFileExW
ReadFile
DeleteFileW
CreateDirectoryW
GetConsoleMode
GetConsoleCP
HeapReAlloc
HeapSize
GetStringTypeW
SetStdHandle
GetProcessHeap
UnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
GetSystemTimeAsFileTime
InitializeSListHead
RtlUnwind
RaiseException
SetLastError
EncodePointer
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
ExitProcess
GetModuleHandleExW
GetStdHandle
HeapAlloc
HeapFree
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
MultiByteToWideChar
WideCharToMultiByte
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetFileType
LCMapStringW
DecodePointer

user32

MessageBoxW
wsprintfW

advapi32

RegSetValueExW
RegOpenKeyExW
RegQueryValueExW
RegCloseKey

shell32

ShellExecuteW
CommandLineToArgvW
SHFileOperationW

ole32

CoCreateInstance
CoUninitialize
CoInitialize

shlwapi

PathCanonicalizeW

Sections

.text
Size: 76KB - Virtual size: 75KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 31KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.09.18_Checkpoint-Rampant_Kitten/512e28afe8d32008cd8a9e95c938d2551689098ea93f75ba2a23c246248d7124
.dll windows:5 windows x64 arch:x64

5b939fd5d98e82f59abf200ee8adfded

Code Sign

bd:12:ac:19:af:9e:c0:fa:52:83:a8:24:59:7c:0a:57
Certificate

Issuer

CN=COMODO RSA Extended Validation Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

23-09-2019 00:00

Not After

22-09-2020 23:59

Subject

SERIALNUMBER=94349,CN=Telegram FZ-LLC,O=Telegram FZ-LLC,STREET=Business Central Towers\, Tower A\, Office 2301 2303,L=Dubai,ST=Dubai,C=AE,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.3=#13024145

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

6d:d4:72:eb:02:ae:04:06:e3:dd:84:3f:5f:e1:45:e1
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

03-12-2014 00:00

Not After

02-12-2029 23:59

Subject

CN=COMODO RSA Extended Validation Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

3d:1a:35:72:30:15:82:63:30:d0:13:71:7e:82:41:08
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

02-05-2019 00:00

Not After

01-08-2030 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #1,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02-05-2019 00:00

Not After

18-01-2038 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

b9:72:37:e6:cf:55:ba:47:e4:88:0b:df:b2:d9:de:44:d8:49:38:73
Signer

Actual PE Digest

b9:72:37:e6:cf:55:ba:47:e4:88:0b:df:b2:d9:de:44:d8:49:38:73

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

winspool.drv

DocumentPropertiesW
ClosePrinter
OpenPrinterW
GetDefaultPrinterW
EnumPrintersW

comctl32

ImageList_GetImageInfo
FlatSB_SetScrollInfo
InitCommonControls
ImageList_DragMove
ImageList_Destroy
_TrackMouseEvent
ImageList_DragShowNolock
ImageList_Add
FlatSB_SetScrollProp
ImageList_GetDragImage
ImageList_Create
ImageList_EndDrag
ImageList_DrawEx
ImageList_SetImageCount
FlatSB_GetScrollPos
FlatSB_SetScrollPos
InitializeFlatSB
ImageList_Copy
FlatSB_GetScrollInfo
ImageList_Write
ImageList_SetBkColor
ImageList_GetBkColor
ImageList_BeginDrag
ImageList_GetIcon
ImageList_Replace
ImageList_GetImageCount
ImageList_DragEnter
ImageList_GetIconSize
ImageList_SetIconSize
ImageList_Read
ImageList_DragLeave
ImageList_LoadImageW
ImageList_Draw
ImageList_Remove
ImageList_ReplaceIcon
ImageList_SetOverlayImage

shell32

Shell_NotifyIconW

user32

CopyImage
CreateWindowExW
GetMenuItemInfoW
SetMenuItemInfoW
DefFrameProcW
GetDCEx
PeekMessageW
MonitorFromWindow
GetDlgCtrlID
SetTimer
WindowFromPoint
BeginPaint
RegisterClipboardFormatW
FrameRect
MapVirtualKeyW
IsWindowUnicode
RegisterWindowMessageW
FillRect
GetMenuStringW
DispatchMessageW
CreateAcceleratorTableW
SendMessageA
IsClipboardFormatAvailable
DefMDIChildProcW
EnumWindows
GetClassInfoW
ShowOwnedPopups
GetSystemMenu
GetScrollRange
GetScrollPos
SetScrollPos
GetActiveWindow
SetActiveWindow
DrawEdge
GetKeyboardLayoutList
LoadBitmapW
DrawFocusRect
EnumChildWindows
GetScrollBarInfo
ReleaseCapture
UnhookWindowsHookEx
LoadCursorW
GetCapture
SetCapture
CreatePopupMenu
ScrollWindow
ShowCaret
GetMenuItemID
GetLastActivePopup
CharLowerBuffW
GetSystemMetrics
PostMessageW
DrawMenuBar
SetParent
IsZoomed
CharUpperBuffW
GetClientRect
IsChild
GetClassLongPtrW
SetClassLongPtrW
ClientToScreen
GetClipboardData
SetClipboardData
SetWindowPlacement
IsIconic
CallNextHookEx
GetMonitorInfoW
ShowWindow
CheckMenuItem
CharUpperW
DefWindowProcW
GetForegroundWindow
SetForegroundWindow
GetWindowTextW
GetWindowTextLengthW
EnableWindow
DestroyWindow
IsDialogMessageW
EndMenu
RegisterClassW
CharNextW
GetWindowThreadProcessId
RedrawWindow
GetDC
GetFocus
SetFocus
EndPaint
ReleaseDC
MsgWaitForMultipleObjectsEx
LoadKeyboardLayoutW
ActivateKeyboardLayout
GetParent
DrawTextW
SetScrollRange
MonitorFromRect
InsertMenuItemW
PeekMessageA
GetPropW
MessageBoxW
MessageBeep
SetPropW
RemovePropW
UpdateWindow
GetSubMenu
MsgWaitForMultipleObjects
DestroyMenu
DestroyIcon
SetWindowsHookExW
EmptyClipboard
IsWindowVisible
DispatchMessageA
UnregisterClassW
GetTopWindow
SendMessageW
AdjustWindowRectEx
DrawIcon
IsWindow
EnumThreadWindows
InvalidateRect
GetKeyboardState
DrawFrameControl
ScreenToClient
GetWindowLongPtrW
SetWindowLongPtrW
SetCursor
CreateIcon
CreateMenu
LoadStringW
CharLowerW
SetWindowRgn
SetWindowPos
GetMenuItemCount
RemoveMenu
GetSysColorBrush
GetKeyboardLayoutNameW
GetWindowDC
TranslateMessage
OpenClipboard
DrawTextExW
MapWindowPoints
EnumDisplayMonitors
CallWindowProcW
CountClipboardFormats
CloseClipboard
DestroyCursor
EnumClipboardFormats
GetScrollInfo
SetWindowTextW
GetMessageExtraInfo
EnableScrollBar
GetSysColor
TrackPopupMenu
CopyIcon
DrawIconEx
PostQuitMessage
GetClassNameW
ShowScrollBar
EnableMenuItem
GetIconInfo
GetMessagePos
SetScrollInfo
GetKeyNameTextW
GetDesktopWindow
GetCursorPos
SetCursorPos
HideCaret
GetMenu
GetMenuState
SetMenu
SetRect
GetKeyState
FindWindowExW
MonitorFromPoint
SystemParametersInfoW
LoadIconW
GetCursor
GetWindow
GetWindowRect
InsertMenuW
KillTimer
PostThreadMessageW
WaitMessage
IsWindowEnabled
IsDialogMessageA
TranslateMDISysAccel
GetWindowPlacement
FindWindowW
DeleteMenu
GetKeyboardLayout

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

oleaut32

SafeArrayPutElement
SetErrorInfo
GetErrorInfo
VariantInit
VariantClear
SysFreeString
SafeArrayAccessData
SysReAllocStringLen
SafeArrayCreate
CreateErrorInfo
SafeArrayGetElement
SysAllocStringLen
SafeArrayUnaccessData
SafeArrayPtrOfIndex
VariantCopy
SafeArrayGetUBound
SafeArrayGetLBound
VariantCopyInd
VariantChangeType

advapi32

RegSetValueExW
RegConnectRegistryW
RegEnumKeyExW
RegLoadKeyW
GetUserNameW
RegDeleteKeyW
RegOpenKeyExW
RegQueryInfoKeyW
RegUnLoadKeyW
RegSaveKeyW
RegDeleteValueW
RegReplaceKeyW
RegFlushKey
RegQueryValueExW
RegEnumValueW
RegCloseKey
RegCreateKeyExW
RegRestoreKeyW

netapi32

NetWkstaGetInfo
NetApiBufferFree

msvcrt

memcpy
memset

winhttp

WinHttpGetIEProxyConfigForCurrentUser
WinHttpSetTimeouts
WinHttpSetStatusCallback
WinHttpConnect
WinHttpReceiveResponse
WinHttpQueryAuthSchemes
WinHttpGetProxyForUrl
WinHttpReadData
WinHttpCloseHandle
WinHttpQueryHeaders
WinHttpOpenRequest
WinHttpAddRequestHeaders
WinHttpOpen
WinHttpWriteData
WinHttpSetCredentials
WinHttpQueryDataAvailable
WinHttpSetOption
WinHttpSendRequest
WinHttpQueryOption

kernel32

SetFileAttributesW
RtlUnwindEx
QueryDosDeviceW
GetACP
GetExitCodeProcess
CloseHandle
LocalFree
GetCurrentProcessId
SizeofResource
VirtualProtect
TlsAlloc
TerminateThread
QueryPerformanceFrequency
IsDebuggerPresent
FindNextFileW
GetFullPathNameW
VirtualFree
ExitProcess
HeapAlloc
GetCPInfoExW
GlobalSize
GetLongPathNameW
RtlUnwind
GetCPInfo
EnumSystemLocalesW
CreateWaitableTimerW
GetStdHandle
GetTimeZoneInformation
FileTimeToLocalFileTime
SystemTimeToTzSpecificLocalTime
GetModuleHandleW
FreeLibrary
TryEnterCriticalSection
HeapDestroy
FileTimeToDosDateTime
ReadFile
CreateProcessW
HeapSize
GetLastError
GetModuleFileNameW
SetLastError
GlobalAlloc
GlobalUnlock
FindResourceW
CreateThread
CompareStringW
CopyFileW
MapViewOfFile
CreateMutexW
LoadLibraryA
GetVolumeInformationW
ResetEvent
MulDiv
FreeResource
GetDriveTypeW
GetVersion
RaiseException
MoveFileW
GlobalAddAtomW
FormatMessageW
OpenProcess
SwitchToThread
GetExitCodeThread
OutputDebugStringW
GetCurrentThread
GetFileAttributesExW
LoadLibraryExW
LockResource
FileTimeToSystemTime
GetCurrentThreadId
UnhandledExceptionFilter
GlobalFindAtomW
VirtualQuery
VirtualQueryEx
GlobalFree
Sleep
EnterCriticalSection
SetFilePointer
LoadResource
SuspendThread
GetTickCount
GetFileSize
GlobalDeleteAtom
GetStartupInfoW
GetFileAttributesW
InitializeCriticalSection
GetThreadPriority
GetCurrentProcess
SetThreadPriority
GlobalLock
VirtualAlloc
GetTempPathW
GetSystemInfo
GetCommandLineW
LeaveCriticalSection
GetProcAddress
ResumeThread
SetWaitableTimer
GetLogicalDriveStringsW
CancelWaitableTimer
GetVersionExW
VerifyVersionInfoW
HeapCreate
LCMapStringW
GetDiskFreeSpaceW
VerSetConditionMask
FindFirstFileW
GetUserDefaultUILanguage
TlsFree
UnmapViewOfFile
lstrlenW
QueryPerformanceCounter
SetEndOfFile
HeapFree
WideCharToMultiByte
FindClose
MultiByteToWideChar
LoadLibraryW
SetEvent
CreateFileW
GetLocaleInfoW
EnumResourceNamesW
DeleteFileW
GetEnvironmentVariableW
GetLocalTime
WaitForSingleObject
WriteFile
CreateFileMappingW
ExitThread
DeleteCriticalSection
GetDateFormatW
TlsGetValue
SetErrorMode
GetComputerNameW
IsValidLocale
TlsSetValue
CreateDirectoryW
GetSystemDefaultUILanguage
EnumCalendarInfoW
LocalAlloc
RemoveDirectoryW
CreateEventW
WaitForMultipleObjectsEx
GetThreadLocale
SetThreadLocale

shfolder

SHGetFolderPathW

ole32

IsEqualGUID
OleInitialize
OleUninitialize
CoInitialize
CoCreateInstance
CoUninitialize
CoTaskMemFree
CoTaskMemAlloc

iphlpapi

GetAdaptersInfo
GetNumberOfInterfaces

gdi32

Pie
SetBkMode
CreateCompatibleBitmap
GetEnhMetaFileHeader
RectVisible
AngleArc
SetAbortProc
SetTextColor
StretchBlt
RoundRect
RestoreDC
SetRectRgn
GetTextMetricsW
GetWindowOrgEx
CreatePalette
PolyBezierTo
CreateICW
CreateDCW
GetStockObject
CreateSolidBrush
Polygon
MoveToEx
PlayEnhMetaFile
Ellipse
StartPage
GetBitmapBits
StartDocW
GetSystemPaletteEntries
GetEnhMetaFileBits
AbortDoc
GetEnhMetaFilePaletteEntries
CreatePenIndirect
CreateFontIndirectW
PolyBezier
EndDoc
GetObjectW
GetWinMetaFileBits
SetROP2
GetEnhMetaFileDescriptionW
ArcTo
Arc
SelectPalette
ExcludeClipRect
MaskBlt
SetWindowOrgEx
EndPage
DeleteEnhMetaFile
Chord
SetDIBits
SetViewportOrgEx
CreateRectRgn
RealizePalette
SetDIBColorTable
GetDIBColorTable
CreateBrushIndirect
PatBlt
SetEnhMetaFileBits
Rectangle
SaveDC
DeleteDC
FrameRgn
BitBlt
GetDeviceCaps
GetTextExtentPoint32W
GetClipBox
IntersectClipRect
Polyline
CreateBitmap
SetWinMetaFileBits
GetStretchBltMode
CreateDIBitmap
SetStretchBltMode
GetDIBits
CreateDIBSection
LineTo
GetRgnBox
EnumFontsW
CreateHalftonePalette
SelectObject
DeleteObject
ExtFloodFill
UnrealizeObject
CopyEnhMetaFileW
SetBkColor
CreateCompatibleDC
GetBrushOrgEx
GetCurrentPositionEx
GetTextExtentPointW
ExtTextOutW
SetBrushOrgEx
GetPixel
GdiFlush
SetPixel
EnumFontFamiliesExW
StretchDIBits
GetPaletteEntries

Exports

Exports

StartBase
TMethodImplementationIntercept
__dbk_fcall_wrapper
dbkFCallWrapperAddr

Sections

.text
Size: 5.3MB - Virtual size: 5.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 494KB - Virtual size: 494KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 60KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.didata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 183B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 69B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 264KB - Virtual size: 264KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.pdata
Size: 305KB - Virtual size: 304KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 47KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.09.18_Checkpoint-Rampant_Kitten/55c5a17976d253c7c4df1b59973c6104cc336c5482d2063d511d54d512fe04ca
.exe windows:5 windows x64 arch:x64

23b639809bfdff3e1999684fb635cbf8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

D:\Desktop 96\labrator\Other Lan+zoggy - eset\32-without-H-F-S-V-961217 - TR-tel-norton-2\HookInjEx\Release\HookInjEx.pdb

Imports

shlwapi

PathFileExistsW

kernel32

ExitProcess
LoadLibraryA
GetShortPathNameW
CopyFileW
CreateFileW
WriteConsoleW
GetProcAddress
FreeLibrary
GetCurrentDirectoryW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
RtlPcToFileHeader
EncodePointer
RaiseException
RtlUnwindEx
GetLastError
GetModuleFileNameW
InterlockedPushEntrySList
InterlockedFlushSList
SetLastError
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
GetStdHandle
WriteFile
GetModuleFileNameA
MultiByteToWideChar
WideCharToMultiByte
GetModuleHandleExW
GetACP
HeapFree
HeapAlloc
GetCurrentThread
OutputDebugStringA
OutputDebugStringW
CloseHandle
WaitForSingleObjectEx
CreateThread
FindClose
FindFirstFileExA
FindFirstFileExW
FindNextFileA
FindNextFileW
IsValidCodePage
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
SetEnvironmentVariableW
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
SetStdHandle
GetFileType
GetStringTypeW
GetProcessHeap
SetConsoleCtrlHandler
HeapSize
HeapReAlloc
FlushFileBuffers
GetConsoleCP
GetConsoleMode
SetFilePointerEx

user32

FindWindowExW

drvupdtd

?mywcscpy2@@YAHPEAGHPEBG@Z
?NCDevCall@@YAHPEAUHWND__@@QEAGHH@Z

advapi32

SystemFunction036

Exports

Exports

?mywcscat2@@YAHPEAGHPEBG@Z

Sections

.text
Size: 291KB - Virtual size: 291KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 72KB - Virtual size: 71KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 512B - Virtual size: 476B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.09.18_Checkpoint-Rampant_Kitten/58018aac8beb89271ef88d0fd4ada64079e1af09fad441e7b39a2463f95602f4
.dll windows:5 windows x86 arch:x86

2f30f140af237bf8066a4d456cae3034

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\Users\To-ph\Desktop\93.03.05\32-whois-931011-tagged-DesDoc\HookInjEx_DLL\Debug\HookInjEx.pdb

Imports

shlwapi

PathFileExistsW
PathFindExtensionW

ws2_32

recv
WSACleanup
send
shutdown
connect
inet_addr
htons
socket
inet_ntoa
gethostbyname
WSAStartup
ntohs
closesocket

wininet

InternetCheckConnectionA

crypt32

CryptUnprotectData

kernel32

GlobalLock
MoveFileW
Sleep
CreateDirectoryW
DeleteFileW
CloseHandle
ReadFile
SetFilePointer
CreateFileW
GetLastError
WaitForSingleObject
CreateProcessW
GetComputerNameA
GetShortPathNameW
GetTempPathW
FindClose
FindFirstFileW
GetFileAttributesW
FindNextFileW
CopyFileW
SetFileTime
SystemTimeToFileTime
TzSpecificLocalTimeToSystemTime
GetFileSize
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
GetFileTime
DeleteCriticalSection
InitializeCriticalSection
GetVolumeInformationA
GetDriveTypeA
GetLogicalDriveStringsA
SetCurrentDirectoryA
VirtualFree
GetLocalTime
VirtualAlloc
WriteFile
HeapFree
HeapAlloc
GetProcessHeap
GetComputerNameW
DisableThreadLibraryCalls
FreeLibrary
LoadLibraryA
GetModuleFileNameA
FindResourceA
SizeofResource
LockResource
LoadResource
FindResourceExA
InterlockedCompareExchange
WideCharToMultiByte
MultiByteToWideChar
AreFileApisANSI
SetEndOfFile
FlushFileBuffers
UnlockFile
LockFile
LockFileEx
GetVersionExA
UnmapViewOfFile
UnlockFileEx
MapViewOfFile
CreateFileMappingA
CreateFileA
GetTempPathA
GlobalUnlock
DeleteFileA
GetFileAttributesExW
GetFullPathNameA
GetFullPathNameW
GetDiskFreeSpaceA
GetDiskFreeSpaceW
LoadLibraryW
FormatMessageA
LocalFree
FormatMessageW
GetProcAddress
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTime
GetSystemTimeAsFileTime
GetSystemInfo
GetStringTypeA
HeapCreate
GetEnvironmentStrings
FreeEnvironmentStringsA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetModuleHandleA
GetConsoleMode
GetConsoleCP
SetConsoleCtrlHandler
ExitProcess
WriteConsoleW
SetLastError
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
IsValidCodePage
GetOEMCP
GetACP
GetTimeZoneInformation
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
DebugBreak
FatalAppExitA
GetCPInfo
LCMapStringW
InterlockedExchange
LCMapStringA
IsBadReadPtr
EnterCriticalSection
LeaveCriticalSection
GetTickCount
GetStringTypeW
GetLocaleInfoA
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
InitializeCriticalSectionAndSpinCount
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
CompareStringW
SetEnvironmentVariableA
SetEnvironmentVariableW
GetLocaleInfoW
CompareStringA
InterlockedDecrement
InterlockedIncrement
SetEvent
OpenEventA
OutputDebugStringA
OutputDebugStringW
HeapValidate
GetCommandLineA
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetDateFormatA
GetTimeFormatA
ResumeThread
ExitThread
GetCurrentThreadId
CreateThread
VirtualQuery
GetModuleHandleW
RaiseException
FileTimeToLocalFileTime
GetFileAttributesA
VirtualProtect
RtlUnwind
GetModuleFileNameW
OpenFileMappingA
GetCurrentThread
HeapDestroy
HeapSize
HeapReAlloc
lstrlenA
LocalFileTimeToFileTime

user32

GetKeyboardState
GetPriorityClipboardFormat
DefWindowProcA
CloseClipboard
GetClipboardData
OpenClipboard
IsClipboardFormatAvailable
GetWindowTextW
GetForegroundWindow
PostQuitMessage
ChangeClipboardChain
SendMessageA
SetClipboardViewer
DispatchMessageA
TranslateMessage
GetMessageA
SetTimer
CallNextHookEx
ToUnicodeEx
GetKeyboardLayout
GetWindowThreadProcessId
UnhookWindowsHookEx
CreateWindowExA
RegisterClassExA
LoadCursorA
LoadIconA
SystemParametersInfoA
RegisterWindowMessageA
CallWindowProcA
SetWindowsHookExA
SetWindowLongA

gdi32

RestoreDC
GetObjectA
CreateDCA
CreateCompatibleDC
GetDeviceCaps
CreateDIBSection
SaveDC
SelectObject
BitBlt
DeleteObject
DeleteDC

advapi32

OpenThreadToken
RegCreateKeyA
GetUserNameW
RevertToSelf
SetThreadToken
RegSetValueExW
RegSetValueExA

shell32

SHGetSpecialFolderPathA
SHGetSpecialFolderPathW
ShellExecuteW
DragQueryFileA
DragQueryFileW

gdiplus

GdiplusShutdown
GdipDisposeImage
GdipFree
GdipCloneImage
GdipAlloc
GdipCreateBitmapFromScan0
GdipCreateBitmapFromHBITMAP
GdipGetImageEncodersSize
GdipGetImageEncoders
GdiplusStartup
GdipSaveImageToFile

urlmon

URLDownloadToFileW
URLDownloadToFileA

iphlpapi

GetTcpTable
GetAdaptersInfo

winmm

mixerClose
mixerGetNumDevs
mixerOpen
mixerGetDevCapsA
mixerGetLineInfoA
waveInOpen
waveInPrepareHeader
waveInAddBuffer
waveInStart
waveInReset
waveInUnprepareHeader
waveInClose

Exports

Exports

?InjectDll@@YAHPAUHWND__@@QAGHH@Z
?g_bSubclassed@@3HA
?strcat_s2@@YAHPADHPBD@Z
?strcpy_s2@@YAHPADHPBD@Z
?wcscat_s2@@YAHPAGHPBG@Z
?wcscpy_s2@@YAHPAGHPBG@Z

Sections

.textbss
Size: - Virtual size: 677KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 165KB - Virtual size: 165KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.shared
Size: 38KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.09.18_Checkpoint-Rampant_Kitten/5a8f53f7c65af0cb3f269f8653405cd7bd98fae5c256e6264e5ebc5f75ea6c08
.dll windows:5 windows x64 arch:x64

4fdbb8679556662ce250c42aa1aa209e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

c:\Users\TOPH\Desktop\sefareshi-downloader-folder\32-whois-931011-tagged-DesDoc\HookInjEx_DLL\Debug\HookInjEx.pdb

Imports

shlwapi

PathFileExistsW
PathFindExtensionW

ws2_32

ntohs
WSAStartup
gethostbyname
inet_ntoa
socket
htons
inet_addr
shutdown
send
WSACleanup
recv
closesocket
connect

wininet

InternetCheckConnectionA

crypt32

CryptUnprotectData

kernel32

GlobalLock
MoveFileW
Sleep
CreateDirectoryW
DeleteFileW
CloseHandle
ReadFile
SetFilePointer
CreateFileW
GetLastError
WaitForSingleObject
CreateProcessW
GetComputerNameA
GetShortPathNameW
GetTempPathW
FindClose
FindFirstFileW
GetFileAttributesW
FindNextFileW
CopyFileW
SetFileTime
SystemTimeToFileTime
TzSpecificLocalTimeToSystemTime
GetFileSize
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
GetFileTime
DeleteCriticalSection
InitializeCriticalSection
GetVolumeInformationA
GetDriveTypeA
GetLogicalDriveStringsA
SetCurrentDirectoryA
VirtualFree
GetLocalTime
VirtualAlloc
WriteFile
HeapFree
HeapAlloc
GetProcessHeap
GetComputerNameW
DisableThreadLibraryCalls
FreeLibrary
LoadLibraryA
GetModuleFileNameA
FindResourceA
SizeofResource
LockResource
LoadResource
FindResourceExA
WideCharToMultiByte
MultiByteToWideChar
AreFileApisANSI
SetEndOfFile
FlushFileBuffers
UnlockFile
LockFile
LockFileEx
GetVersionExA
UnmapViewOfFile
UnlockFileEx
MapViewOfFile
CreateFileMappingA
CreateFileA
GetTempPathA
GetFileAttributesA
DeleteFileA
GetFileAttributesExW
GetFullPathNameA
GetFullPathNameW
GetDiskFreeSpaceA
GetDiskFreeSpaceW
LoadLibraryW
FormatMessageA
LocalFree
FormatMessageW
GlobalUnlock
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTime
GetSystemTimeAsFileTime
GetSystemInfo
HeapSize
HeapReAlloc
CompareStringA
GetLocaleInfoW
SetEnvironmentVariableW
SetEnvironmentVariableA
CompareStringW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
InitializeCriticalSectionAndSpinCount
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
HeapQueryInformation
HeapCreate
HeapSetInformation
GetEnvironmentStrings
FreeEnvironmentStringsA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetConsoleMode
GetConsoleCP
SetConsoleCtrlHandler
ExitProcess
WriteConsoleW
SetLastError
FlsFree
FlsAlloc
GetTickCount
FlsGetValue
TlsAlloc
DecodePointer
EncodePointer
IsValidCodePage
GetOEMCP
GetACP
GetTimeZoneInformation
GetStartupInfoA
GetFileType
lstrlenA
GetStdHandle
SetHandleCount
DebugBreak
FatalAppExitA
GetCPInfo
OutputDebugStringW
OutputDebugStringA
OpenEventA
SetEvent
LocalFileTimeToFileTime
FileTimeToLocalFileTime
LCMapStringW
LCMapStringA
IsBadReadPtr
HeapValidate
GetCommandLineA
FlsSetValue
RtlPcToFileHeader
RtlCaptureContext
RtlVirtualUnwind
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetDateFormatA
EnterCriticalSection
GetProcAddress
LeaveCriticalSection
GetTimeFormatA
ResumeThread
ExitThread
GetCurrentThreadId
CreateThread
VirtualQuery
GetModuleHandleW
VirtualProtect
RtlUnwindEx
RtlLookupFunctionEntry
GetModuleFileNameW
OpenFileMappingA
GetCurrentThread
RaiseException
HeapDestroy

user32

SetTimer
UnhookWindowsHookEx
CallWindowProcA
SetWindowLongA
RegisterWindowMessageA
SystemParametersInfoA
LoadIconA
LoadCursorA
RegisterClassExA
CreateWindowExA
GetKeyboardState
GetWindowThreadProcessId
GetPriorityClipboardFormat
DefWindowProcA
CloseClipboard
GetClipboardData
OpenClipboard
IsClipboardFormatAvailable
GetWindowTextW
GetForegroundWindow
PostQuitMessage
ChangeClipboardChain
SendMessageA
SetClipboardViewer
DispatchMessageA
TranslateMessage
GetMessageA
CallNextHookEx
ToUnicodeEx
GetKeyboardLayout
SetWindowsHookExA

gdi32

GetObjectA
CreateCompatibleDC
GetDeviceCaps
CreateDIBSection
SaveDC
SelectObject
BitBlt
RestoreDC
DeleteObject
CreateDCA
DeleteDC

advapi32

RevertToSelf
SetThreadToken
RegSetValueExW
GetUserNameW
RegCreateKeyA
RegSetValueExA
OpenThreadToken

shell32

SHGetSpecialFolderPathA
SHGetSpecialFolderPathW
ShellExecuteW
DragQueryFileA
DragQueryFileW

gdiplus

GdipSaveImageToFile
GdipDisposeImage
GdipFree
GdipCloneImage
GdipAlloc
GdipCreateBitmapFromScan0
GdipCreateBitmapFromHBITMAP
GdipGetImageEncodersSize
GdipGetImageEncoders
GdiplusStartup
GdiplusShutdown

urlmon

URLDownloadToFileW
URLDownloadToFileA

iphlpapi

GetAdaptersInfo
GetTcpTable

winmm

waveInReset
waveInStart
waveInAddBuffer
waveInUnprepareHeader
waveInOpen
mixerClose
mixerGetLineInfoA
waveInClose
waveInPrepareHeader
mixerGetDevCapsA
mixerOpen
mixerGetNumDevs

Exports

Exports

?InjectDll@@YAHPEAUHWND__@@QEAGHH@Z
?g_bSubclassed@@3HA
?strcat_s2@@YAHPEADHPEBD@Z
?strcpy_s2@@YAHPEADHPEBD@Z
?wcscat_s2@@YAHPEAGHPEBG@Z
?wcscpy_s2@@YAHPEAGHPEBG@Z

Sections

.text
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 318KB - Virtual size: 318KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 41KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 56KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.shared
Size: 38KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.09.18_Checkpoint-Rampant_Kitten/5eb4c94c9927e90426b6227754ae97fca06d468d5512d15773c48817ea082dbf
.exe windows:5 windows x86 arch:x86

373ecdb116e8661ac345159102603357

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Users\To-ph\Desktop\93.03.05\Webcam931101\Debug\Webcam.pdb

Imports

kernel32

CompareStringA
FlushFileBuffers
CompareStringW
GetTickCount
RaiseException
GetConsoleOutputCP
CloseHandle
WriteConsoleA
SetStdHandle
CreateFileA
MoveFileW
GetSystemTimeAsFileTime
GetCommandLineA
GetStartupInfoA
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
HeapValidate
IsBadReadPtr
GetModuleFileNameW
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
WideCharToMultiByte
GetTimeZoneInformation
QueryPerformanceCounter
GetCurrentThreadId
GetCurrentProcessId
GetModuleHandleW
Sleep
InterlockedIncrement
InterlockedDecrement
GetProcAddress
ExitProcess
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetLastError
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
HeapDestroy
HeapCreate
HeapFree
VirtualFree
WriteFile
InitializeCriticalSectionAndSpinCount
HeapAlloc
HeapSize
HeapReAlloc
VirtualAlloc
GetACP
GetOEMCP
GetCPInfo
IsValidCodePage
DebugBreak
OutputDebugStringA
WriteConsoleW
OutputDebugStringW
LoadLibraryW
RtlUnwind
SetFilePointer
GetConsoleCP
GetConsoleMode
MultiByteToWideChar
LoadLibraryA
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
SetEnvironmentVariableA

user32

IsWindow
SendMessageA
PostQuitMessage
DefWindowProcA
LoadCursorA
RegisterClassW
CreateWindowExW
ShowWindow
UpdateWindow
LoadIconA

gdi32

GetStockObject

shell32

SHGetSpecialFolderPathW

avicap32

capCreateCaptureWindowW

Sections

.text
Size: 117KB - Virtual size: 117KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 35KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.09.18_Checkpoint-Rampant_Kitten/63a655fde88ea26c73cea1e1764305e44203db771f64155b3b3e3d805203f65a
.exe windows:5 windows x86 arch:x86

4dcb6ccf5c9c4fae7a0fb756a40c24b2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\Users\To-ph\Desktop\93.03.05\32-whois-931011-tagged-DesDoc\HookInjEx\Debug\HookInjEx.pdb

Imports

shlwapi

PathFileExistsW

kernel32

TlsSetValue
CompareStringW
GetModuleFileNameW
ExitProcess
CopyFileW
GetCurrentDirectoryW
GetVersionExA
GetShortPathNameW
CompareStringA
FlushFileBuffers
CloseHandle
CreateFileA
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetConsoleMode
GetConsoleCP
GetCommandLineA
GetStartupInfoA
IsDebuggerPresent
RaiseException
DebugBreak
WideCharToMultiByte
MultiByteToWideChar
lstrlenA
GetProcAddress
LoadLibraryA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
GetModuleHandleW
Sleep
InterlockedIncrement
InterlockedDecrement
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetLastError
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
DeleteCriticalSection
HeapValidate
IsBadReadPtr
TlsGetValue
TlsAlloc
SetEnvironmentVariableA
TlsFree
SetLastError
GetCurrentThread
HeapDestroy
HeapCreate
HeapFree
VirtualFree
WriteFile
HeapAlloc
GetProcessHeap
VirtualQuery
FreeLibrary
GetACP
GetOEMCP
GetCPInfo
IsValidCodePage
EnterCriticalSection
LeaveCriticalSection
FatalAppExitA
SetConsoleCtrlHandler
InterlockedExchange
InitializeCriticalSectionAndSpinCount
HeapSize
HeapReAlloc
VirtualAlloc
RtlUnwind
OutputDebugStringA
WriteConsoleW
OutputDebugStringW
LoadLibraryW
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoW
GetLocaleInfoA
GetTimeFormatA
GetDateFormatA
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
GetTimeZoneInformation
SetFilePointer

user32

FindWindowA
FindWindowExA

shell32

SHGetSpecialFolderPathW

dhtmlh

?wcscpy_s2@@YAHPAGHPBG@Z
?wcscat_s2@@YAHPAGHPBG@Z
?InjectDll@@YAHPAUHWND__@@QAGHH@Z

Sections

.textbss
Size: - Virtual size: 166KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 349KB - Virtual size: 348KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 68KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.09.18_Checkpoint-Rampant_Kitten/65a3dec040bddf615bd2ce8c9f08ff074442fb521ac97b869e51d35a417719e9
.exe windows:5 windows x86 arch:x86

481c2ae9a9e00cae2e2b92d2047964db

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

wininet

InternetGetConnectedState
DeleteUrlCacheEntryW

winspool.drv

DocumentPropertiesW
ClosePrinter
OpenPrinterW
GetDefaultPrinterW
EnumPrintersW

comctl32

ImageList_GetImageInfo
FlatSB_SetScrollInfo
InitCommonControls
ImageList_DragMove
ImageList_Destroy
_TrackMouseEvent
ImageList_DragShowNolock
ImageList_Add
FlatSB_SetScrollProp
ImageList_GetDragImage
ImageList_Create
ImageList_EndDrag
ImageList_DrawEx
ImageList_SetImageCount
FlatSB_GetScrollPos
FlatSB_SetScrollPos
InitializeFlatSB
ImageList_Copy
FlatSB_GetScrollInfo
ImageList_Write
ImageList_SetBkColor
ImageList_GetBkColor
ImageList_BeginDrag
ImageList_GetIcon
ImageList_Replace
ImageList_GetImageCount
ImageList_DragEnter
ImageList_GetIconSize
ImageList_SetIconSize
ImageList_Read
ImageList_DragLeave
ImageList_LoadImageW
ImageList_Draw
ImageList_Remove
ImageList_ReplaceIcon
ImageList_SetOverlayImage

shell32

Shell_NotifyIconW
ShellExecuteW

urlmon

URLDownloadToFileW

user32

CopyImage
CreateWindowExW
GetMenuItemInfoW
SetMenuItemInfoW
DefFrameProcW
GetDCEx
PeekMessageW
MonitorFromWindow
GetDlgCtrlID
SetTimer
WindowFromPoint
BeginPaint
RegisterClipboardFormatW
FrameRect
MapVirtualKeyW
IsWindowUnicode
RegisterWindowMessageW
FillRect
GetMenuStringW
DispatchMessageW
CreateAcceleratorTableW
SendMessageA
IsClipboardFormatAvailable
DefMDIChildProcW
EnumWindows
GetClassInfoW
ShowOwnedPopups
GetSystemMenu
GetScrollRange
GetScrollPos
SetScrollPos
GetActiveWindow
SetActiveWindow
DrawEdge
GetKeyboardLayoutList
LoadBitmapW
DrawFocusRect
EnumChildWindows
GetScrollBarInfo
ReleaseCapture
UnhookWindowsHookEx
LoadCursorW
GetCapture
SetCapture
CreatePopupMenu
ScrollWindow
ShowCaret
GetMenuItemID
GetLastActivePopup
CharLowerBuffW
GetSystemMetrics
SetWindowLongW
PostMessageW
DrawMenuBar
SetParent
IsZoomed
CharUpperBuffW
GetClientRect
IsChild
ClientToScreen
GetClipboardData
SetClipboardData
SetWindowPlacement
IsIconic
CallNextHookEx
GetMonitorInfoW
ShowWindow
CheckMenuItem
CharUpperW
DefWindowProcW
GetForegroundWindow
SetForegroundWindow
GetWindowTextW
GetWindowTextLengthW
EnableWindow
DestroyWindow
IsDialogMessageW
EndMenu
RegisterClassW
CharNextW
GetWindowThreadProcessId
RedrawWindow
GetDC
GetFocus
SetFocus
EndPaint
ReleaseDC
MsgWaitForMultipleObjectsEx
LoadKeyboardLayoutW
GetClassLongW
ActivateKeyboardLayout
GetParent
DrawTextW
SetScrollRange
MonitorFromRect
InsertMenuItemW
PeekMessageA
GetPropW
SetClassLongW
MessageBoxW
MessageBeep
SetPropW
RemovePropW
UpdateWindow
GetSubMenu
MsgWaitForMultipleObjects
DestroyMenu
DestroyIcon
SetWindowsHookExW
EmptyClipboard
IsWindowVisible
DispatchMessageA
UnregisterClassW
GetTopWindow
SendMessageW
AdjustWindowRectEx
DrawIcon
IsWindow
EnumThreadWindows
InvalidateRect
GetKeyboardState
DrawFrameControl
ScreenToClient
SetCursor
CreateIcon
CreateMenu
LoadStringW
CharLowerW
SetWindowRgn
SetWindowPos
GetMenuItemCount
RemoveMenu
GetSysColorBrush
GetKeyboardLayoutNameW
GetWindowDC
TranslateMessage
OpenClipboard
DrawTextExW
MapWindowPoints
EnumDisplayMonitors
CallWindowProcW
CountClipboardFormats
CloseClipboard
DestroyCursor
EnumClipboardFormats
GetScrollInfo
SetWindowTextW
GetMessageExtraInfo
EnableScrollBar
GetSysColor
TrackPopupMenu
CopyIcon
DrawIconEx
PostQuitMessage
GetClassNameW
ShowScrollBar
EnableMenuItem
GetIconInfo
GetMessagePos
SetScrollInfo
GetKeyNameTextW
GetDesktopWindow
GetCursorPos
SetCursorPos
HideCaret
GetMenu
GetMenuState
SetMenu
SetRect
GetKeyState
FindWindowExW
MonitorFromPoint
SystemParametersInfoW
LoadIconW
GetCursor
GetWindow
GetWindowLongW
GetWindowRect
InsertMenuW
KillTimer
WaitMessage
IsWindowEnabled
IsDialogMessageA
TranslateMDISysAccel
GetWindowPlacement
FindWindowW
DeleteMenu
GetKeyboardLayout

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

oleaut32

SysFreeString
VariantClear
VariantInit
GetErrorInfo
SysReAllocStringLen
SafeArrayCreate
SysAllocStringLen
SafeArrayPtrOfIndex
SafeArrayGetUBound
SafeArrayGetLBound
VariantCopy
VariantChangeType

advapi32

RegSetValueExW
RegConnectRegistryW
RegEnumKeyExW
RegLoadKeyW
GetUserNameW
RegDeleteKeyW
RegOpenKeyExW
RegQueryInfoKeyW
RegUnLoadKeyW
RegSaveKeyW
RegDeleteValueW
RegReplaceKeyW
RegFlushKey
RegQueryValueExW
RegEnumValueW
RegCloseKey
RegCreateKeyExW
RegRestoreKeyW

netapi32

NetWkstaGetInfo
NetApiBufferFree

msvcrt

memcpy
memset

kernel32

GetACP
LocalFree
CloseHandle
GetCurrentProcessId
SizeofResource
VirtualProtect
QueryPerformanceFrequency
IsDebuggerPresent
FindNextFileW
GetFullPathNameW
VirtualFree
ExitProcess
HeapAlloc
GetCPInfoExW
GlobalSize
GetLongPathNameW
RtlUnwind
GetCPInfo
EnumSystemLocalesW
GetStdHandle
GetTimeZoneInformation
FileTimeToLocalFileTime
SystemTimeToTzSpecificLocalTime
GetModuleHandleW
FreeLibrary
TryEnterCriticalSection
HeapDestroy
FileTimeToDosDateTime
ReadFile
CreateProcessW
HeapSize
GetLastError
GetModuleFileNameW
SetLastError
GlobalAlloc
GlobalUnlock
FindResourceW
CreateThread
CompareStringW
CopyFileW
CreateMutexW
LoadLibraryA
ResetEvent
MulDiv
FreeResource
GetDriveTypeW
GetVersion
RaiseException
MoveFileW
GlobalAddAtomW
FormatMessageW
OpenProcess
SwitchToThread
GetExitCodeThread
GetCurrentThread
LoadLibraryExW
LockResource
FileTimeToSystemTime
GetCurrentThreadId
UnhandledExceptionFilter
VirtualQuery
GlobalFindAtomW
VirtualQueryEx
GlobalFree
Sleep
EnterCriticalSection
SetFilePointer
LoadResource
SuspendThread
GetTickCount
WaitForMultipleObjects
GetFileSize
GetStartupInfoW
GlobalDeleteAtom
GetFileAttributesW
InitializeCriticalSection
GetThreadPriority
GetCurrentProcess
SetThreadPriority
GlobalLock
VirtualAlloc
GetSystemInfo
GetCommandLineW
GetTempPathW
LeaveCriticalSection
GetProcAddress
ResumeThread
GetLogicalDriveStringsW
GetVersionExW
VerifyVersionInfoW
HeapCreate
GetDiskFreeSpaceW
VerSetConditionMask
FindFirstFileW
GetUserDefaultUILanguage
lstrlenW
QueryPerformanceCounter
SetEndOfFile
HeapFree
WideCharToMultiByte
FindClose
MultiByteToWideChar
LoadLibraryW
SetEvent
CreateFileW
GetLocaleInfoW
EnumResourceNamesW
DeleteFileW
GetEnvironmentVariableW
GetLocalTime
WaitForSingleObject
WriteFile
ExitThread
DeleteCriticalSection
GetDateFormatW
TlsGetValue
SetErrorMode
GetComputerNameW
IsValidLocale
TlsSetValue
CreateDirectoryW
GetSystemDefaultUILanguage
EnumCalendarInfoW
LocalAlloc
RemoveDirectoryW
CreateEventW
WaitForMultipleObjectsEx
SetThreadLocale
GetThreadLocale

shfolder

SHGetFolderPathW

ole32

IsEqualGUID
OleInitialize
OleUninitialize
CoInitialize
CoCreateInstance
CoUninitialize
CoTaskMemFree
CoTaskMemAlloc

iphlpapi

GetAdaptersInfo
GetNumberOfInterfaces

gdi32

Pie
SetBkMode
CreateCompatibleBitmap
GetEnhMetaFileHeader
RectVisible
AngleArc
ResizePalette
SetAbortProc
SetTextColor
StretchBlt
RoundRect
RestoreDC
SetRectRgn
GetTextMetricsW
GetWindowOrgEx
CreatePalette
PolyBezierTo
CreateICW
CreateDCW
GetStockObject
CreateSolidBrush
Polygon
MoveToEx
PlayEnhMetaFile
Ellipse
StartPage
GetBitmapBits
StartDocW
AbortDoc
GetSystemPaletteEntries
GetEnhMetaFileBits
GetEnhMetaFilePaletteEntries
CreatePenIndirect
CreateFontIndirectW
PolyBezier
EndDoc
GetObjectW
GetWinMetaFileBits
SetROP2
GetEnhMetaFileDescriptionW
ArcTo
Arc
SelectPalette
ExcludeClipRect
MaskBlt
SetWindowOrgEx
EndPage
DeleteEnhMetaFile
Chord
SetDIBits
SetViewportOrgEx
CreateRectRgn
RealizePalette
SetDIBColorTable
GetDIBColorTable
CreateBrushIndirect
PatBlt
SetEnhMetaFileBits
Rectangle
SaveDC
DeleteDC
FrameRgn
BitBlt
GetDeviceCaps
GetTextExtentPoint32W
GetClipBox
IntersectClipRect
Polyline
CreateBitmap
SetWinMetaFileBits
GetStretchBltMode
CreateDIBitmap
SetStretchBltMode
GetDIBits
CreateDIBSection
LineTo
GetRgnBox
EnumFontsW
CreateHalftonePalette
SelectObject
DeleteObject
ExtFloodFill
UnrealizeObject
CopyEnhMetaFileW
SetBkColor
CreateCompatibleDC
GetBrushOrgEx
GetCurrentPositionEx
GetNearestPaletteIndex
GetTextExtentPointW
ExtTextOutW
SetBrushOrgEx
GetPixel
GdiFlush
SetPixel
EnumFontFamiliesExW
StretchDIBits
GetPaletteEntries

Exports

Exports

TMethodImplementationIntercept
__dbk_fcall_wrapper
dbkFCallWrapperAddr

Sections

.text
Size: 2.7MB - Virtual size: 2.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 60KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 26KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.didata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 162B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: - Virtual size: 72B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 93B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 238KB - Virtual size: 238KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 409KB - Virtual size: 409KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.debug
Size: 10.9MB - Virtual size: 10.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.09.18_Checkpoint-Rampant_Kitten/71085b661fea6cf040586b462b07ce8e0471fb9208c4f69cfd168e168beab6fe
.exe windows:6 windows x86 arch:x86

3538fbfd62659e560272da83e2ff2a49

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Users\Mrh\Desktop\labrator\hard+USB+Other Lan\uflScan 951021-copy flash\HookInjEx\Debug\HookInjEx.pdb

Imports

shlwapi

PathFileExistsW
PathFileExistsA

kernel32

SetEndOfFile
CreateFileW
DeleteFileW
GetDriveTypeA
GetFileTime
GetShortPathNameW
SetFileTime
DecodePointer
CloseHandle
RaiseException
GetLastError
SetLastError
HeapDestroy
HeapAlloc
HeapReAlloc
HeapFree
HeapSize
GetProcessHeap
InitializeCriticalSectionEx
DeleteCriticalSection
WaitForSingleObject
Sleep
CreateProcessW
GetTickCount
GetLogicalDriveStringsA
GetVolumeInformationA
SystemTimeToTzSpecificLocalTime
TzSpecificLocalTimeToSystemTime
FileTimeToSystemTime
SystemTimeToFileTime
MultiByteToWideChar
SetStdHandle
SetEnvironmentVariableW
SetEnvironmentVariableA
FreeEnvironmentStringsW
FormatMessageW
WideCharToMultiByte
EnterCriticalSection
LeaveCriticalSection
EncodePointer
InitializeCriticalSectionAndSpinCount
CreateEventW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
GetModuleHandleW
GetProcAddress
CompareStringW
LCMapStringW
GetLocaleInfoW
GetStringTypeW
GetCPInfo
IsDebuggerPresent
OutputDebugStringW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
SetEvent
ResetEvent
WaitForSingleObjectEx
GetStartupInfoW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
InitializeSListHead
VirtualQuery
FreeLibrary
RtlUnwind
LoadLibraryExW
GetModuleFileNameW
InterlockedPushEntrySList
InterlockedFlushSList
HeapValidate
GetSystemInfo
GetModuleFileNameA
GetModuleHandleExW
ExitProcess
GetStdHandle
WriteFile
GetACP
GetCurrentThread
GetFileType
GetDateFormatW
GetTimeFormatW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
FlushFileBuffers
GetConsoleCP
GetConsoleMode
ReadFile
ReadConsoleW
SetFilePointerEx
HeapQueryInformation
OutputDebugStringA
WriteConsoleW
CreateThread
SetConsoleCtrlHandler
GetTimeZoneInformation
FindClose
FindFirstFileExA
FindFirstFileExW
FindNextFileA
FindNextFileW
IsValidCodePage
GetOEMCP
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW

user32

UnregisterClassA

shell32

SHGetSpecialFolderPathW

advapi32

SystemFunction036

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 242KB - Virtual size: 242KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 1024B - Virtual size: 777B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.00cfg
Size: 512B - Virtual size: 260B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.09.18_Checkpoint-Rampant_Kitten/75972d15f3b2e97d52b9f8a6f42ea85976ed5bb9d609c3bf93ee98d6f4f4a648
.dll windows:5 windows x86 arch:x86

517820f74a9e7d8b0e1d35fb1f2a9762

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\Users\TOPH\Desktop\node 32\downloader-uncompltednl-32-930307-faz\Debug\pa2_dll.pdb

Imports

kernel32

FreeLibrary
LoadLibraryA
GetModuleFileNameA
CompareStringW
CompareStringA
SetEndOfFile
CreateFileA
GetLocaleInfoW
GetTimeZoneInformation
GetComputerNameW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
VirtualQuery
GetProcessHeap
DeleteFileW
DisableThreadLibraryCalls
GetShortPathNameW
CreateDirectoryW
Sleep
InitializeCriticalSectionAndSpinCount
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
GetLocaleInfoA
GetStringTypeW
CreateFileW
MoveFileW
InterlockedIncrement
InterlockedDecrement
InterlockedExchange
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
ResumeThread
GetLastError
CreateThread
ExitThread
CloseHandle
MultiByteToWideChar
RtlUnwind
RaiseException
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetModuleFileNameW
GetCurrentThreadId
GetCommandLineA
HeapValidate
IsBadReadPtr
WideCharToMultiByte
LCMapStringA
LCMapStringW
GetCPInfo
FatalAppExitA
DebugBreak
lstrlenA
GetProcAddress
TlsGetValue
GetModuleHandleW
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetCurrentThread
ExitProcess
GetACP
GetOEMCP
IsValidCodePage
WriteFile
GetConsoleCP
GetConsoleMode
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
ReadFile
SetFilePointer
FlushFileBuffers
OutputDebugStringA
WriteConsoleW
OutputDebugStringW
SetConsoleCtrlHandler
LoadLibraryW
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapDestroy
HeapCreate
HeapFree
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
HeapAlloc
HeapSize
HeapReAlloc
VirtualAlloc
GetTimeFormatA
GetDateFormatA
GetStringTypeA
SetEnvironmentVariableA

user32

DispatchMessageA
GetWindowThreadProcessId
SetWindowsHookExA
SendMessageA
CallWindowProcA
UnhookWindowsHookEx
CallNextHookEx
RegisterWindowMessageA
SetTimer
GetMessageA
TranslateMessage

advapi32

GetUserNameW
RegSetValueExA
RegCreateKeyA
RegSetValueExW

shell32

SHGetSpecialFolderPathW

shlwapi

PathFileExistsW

urlmon

URLDownloadToFileW

iphlpapi

GetAdaptersInfo

Exports

Exports

InjectDll

Sections

.textbss
Size: - Virtual size: 215KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 460KB - Virtual size: 460KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 88KB - Virtual size: 87KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.shared
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.09.18_Checkpoint-Rampant_Kitten/79baf679e84b02a660e03602ff7aa4c9c86a92e0885b1a298c672db842be258d
.dll windows:6 windows x64 arch:x64

ba5cf0b9cddf6df73555035f6f8259ec

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

D:\Desktop 96\labrator\Other Lan+zoggy - eset\32-without-H-F-S-V-961217 - TR-tel-all detection\HookInjEx_DLL\Release\HookInjEx.pdb

Imports

shlwapi

PathFindExtensionW
PathFileExistsW

ws2_32

inet_addr
inet_ntoa
recv
htons
shutdown
socket
gethostbyname
WSAStartup
connect
send
WSACleanup
closesocket

wininet

InternetCheckConnectionA
DeleteUrlCacheEntryW

crypt32

CryptUnprotectData

kernel32

FindFirstFileExA
FindFirstFileExW
FindNextFileA
DecodePointer
LockResource
FreeLibrary
DisableThreadLibraryCalls
GetProcAddress
GlobalLock
GlobalUnlock
HeapDestroy
HeapAlloc
HeapReAlloc
HeapFree
HeapSize
GetProcessHeap
GetShortPathNameW
RaiseException
GetLastError
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
WaitForSingleObject
Sleep
LoadResource
SizeofResource
GetFileSize
ReadFile
SetFilePointer
FindClose
GetFileTime
SetFileTime
CloseHandle
SystemTimeToTzSpecificLocalTime
TzSpecificLocalTimeToSystemTime
SystemTimeToFileTime
FileTimeToSystemTime
GetTickCount
GetLogicalDriveStringsA
LoadLibraryA
CreateProcessW
FindResourceW
FindResourceExW
GetDriveTypeA
SetCurrentDirectoryA
CreateDirectoryW
CreateFileW
GetFileAttributesW
DeleteFileW
FindFirstFileW
CopyFileW
MoveFileW
GetVolumeInformationA
LocalFree
GetCurrentProcessId
LockFile
UnlockFile
LockFileEx
FindNextFileW
WriteFile
FlushFileBuffers
SetEndOfFile
GetSystemTime
GetSystemTimeAsFileTime
GetSystemInfo
FormatMessageA
FormatMessageW
MapViewOfFile
UnmapViewOfFile
CreateFileMappingA
LoadLibraryW
GetTempPathA
GetTempPathW
GetDiskFreeSpaceA
GetDiskFreeSpaceW
GetFullPathNameA
GetFullPathNameW
CreateFileA
GetFileAttributesA
GetFileAttributesExW
DeleteFileA
AreFileApisANSI
QueryPerformanceCounter
GetVersionExA
MultiByteToWideChar
WideCharToMultiByte
SetConsoleCtrlHandler
GetTimeZoneInformation
SetFilePointerEx
ReadConsoleW
GetConsoleMode
GetConsoleCP
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetCurrentThreadId
GetTimeFormatW
GetDateFormatW
GetFileType
GetStdHandle
GetACP
GetCurrentThread
GetModuleFileNameA
ExitProcess
IsValidCodePage
GetOEMCP
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
SetEnvironmentVariableW
SetStdHandle
WriteConsoleW
OutputDebugStringA
InitializeSListHead
GetStartupInfoW
WaitForSingleObjectEx
ResetEvent
SetEvent
IsProcessorFeaturePresent
GetModuleHandleExW
FreeLibraryAndExitThread
ResumeThread
ExitThread
CreateThread
VirtualQuery
VirtualProtect
VirtualAlloc
InterlockedFlushSList
InterlockedPushEntrySList
GetModuleFileNameW
LoadLibraryExW
RtlPcToFileHeader
UnlockFileEx
EncodePointer
SetLastError
CreateEventW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleW
CompareStringW
LCMapStringW
GetLocaleInfoW
GetStringTypeW
GetCPInfo
IsDebuggerPresent
OutputDebugStringW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
RtlUnwindEx

user32

DispatchMessageA
ToUnicodeEx
GetKeyboardLayout
RegisterWindowMessageA
GetMessageA
TranslateMessage
RegisterClassExA
DefWindowProcA
PostQuitMessage
UnregisterClassA
GetPriorityClipboardFormat
GetKeyboardState
LoadIconA
LoadCursorA
SetWindowsHookExA
GetWindowThreadProcessId
GetForegroundWindow

gdi32

GetObjectA
CreateDIBSection
SelectObject
SaveDC
RestoreDC
DeleteObject
DeleteDC
CreateDCA
CreateCompatibleDC
BitBlt
GetDeviceCaps

shell32

SHGetSpecialFolderPathW
SHGetSpecialFolderPathA
DragQueryFileW
DragQueryFileA

gdiplus

GdipGetImageEncoders
GdipGetImageEncodersSize
GdipCreateBitmapFromHBITMAP
GdipCreateBitmapFromScan0
GdipSaveImageToFile
GdipDisposeImage
GdipCloneImage
GdiplusShutdown
GdiplusStartup
GdipFree
GdipAlloc

iphlpapi

GetAdaptersInfo

advapi32

SystemFunction036

Exports

Exports

?NCDevCall@@YAHPEAUHWND__@@QEAGHH@Z
?g_bSubclassed@@3HA
?strcat_s2@@YAHPEADHPEBD@Z
?strcpy_s2@@YAHPEADHPEBD@Z
?wcscat_s2@@YAHPEAGHPEBG@Z
?wcscpy_s2@@YAHPEAGHPEBG@Z

Sections

.text
Size: 980KB - Virtual size: 980KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 250KB - Virtual size: 249KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 47KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.shared
Size: 31KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.09.18_Checkpoint-Rampant_Kitten/815a89091ed15779071bbd6d7ad207a0041a199a562f105595278258880f1e03
.exe windows:5 windows x86 arch:x86

3eaa732d4dae53340f9646bdd85dac41

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\Projects\WinRAR\SFX\build\sfxrar32\Release\sfxrar.pdb

Imports

comctl32

InitCommonControlsEx

shlwapi

SHAutoComplete

kernel32

ReadFile
GetFileAttributesW
SetFileAttributesW
FindNextFileW
GetFullPathNameW
GetModuleFileNameW
FindResourceW
GetModuleHandleW
FreeLibrary
GetProcAddress
LoadLibraryW
GetCurrentProcessId
GetLocaleInfoW
GetNumberFormatW
ExpandEnvironmentStringsW
WaitForSingleObject
DosDateTimeToFileTime
GetDateFormatW
GetTimeFormatW
FileTimeToSystemTime
FileTimeToLocalFileTime
GetExitCodeProcess
GetTempPathW
MoveFileExW
Sleep
UnmapViewOfFile
MapViewOfFile
GetCommandLineW
CreateFileMappingW
GetTickCount
SetEnvironmentVariableW
OpenFileMappingW
CreateThread
EnterCriticalSection
LeaveCriticalSection
GetProcessAffinityMask
ReleaseSemaphore
ResetEvent
DeleteCriticalSection
SetEvent
SetThreadPriority
InitializeCriticalSection
CreateEventW
CreateSemaphoreW
SystemTimeToFileTime
GetSystemTime
LocalFileTimeToFileTime
WideCharToMultiByte
MultiByteToWideChar
CompareStringW
IsDBCSLeadByte
FindFirstFileW
GetFileType
SetCurrentDirectoryW
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
LoadLibraryA
GetConsoleMode
GetConsoleCP
InitializeCriticalSectionAndSpinCount
QueryPerformanceCounter
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
LCMapStringW
LCMapStringA
IsValidCodePage
GetOEMCP
GetACP
GetModuleFileNameA
ExitProcess
HeapSize
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
VirtualAlloc
VirtualFree
HeapCreate
InterlockedDecrement
GetCurrentThreadId
InterlockedIncrement
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetStartupInfoA
GetCommandLineA
RaiseException
GetSystemTimeAsFileTime
SetEndOfFile
SetFilePointer
GetStdHandle
WriteFile
FlushFileBuffers
GetLongPathNameW
MoveFileW
GetShortPathNameW
CreateDirectoryW
RemoveDirectoryW
GlobalAlloc
DeleteFileW
FindClose
CreateFileW
DeviceIoControl
SetFileTime
GetCurrentProcess
CloseHandle
CreateHardLinkW
SetLastError
GetLastError
GetCurrentDirectoryW
CreateFileA
GetCPInfo
HeapAlloc
HeapReAlloc
HeapFree
RtlUnwind

user32

EnableWindow
ShowWindow
GetDlgItem
MessageBoxW
FindWindowExW
GetParent
MapWindowPoints
CreateWindowExW
UpdateWindow
LoadCursorW
RegisterClassExW
DefWindowProcW
DestroyWindow
CopyRect
IsWindow
CharUpperW
OemToCharBuffA
LoadIconW
PostMessageW
GetSysColor
SetForegroundWindow
WaitForInputIdle
IsWindowVisible
DialogBoxParamW
DestroyIcon
SetFocus
GetClassNameW
SendDlgItemMessageW
EndDialog
GetDlgItemTextW
SetDlgItemTextW
wvsprintfW
SendMessageW
GetDC
ReleaseDC
PeekMessageW
GetMessageW
TranslateMessage
DispatchMessageW
LoadStringW
GetWindowRect
GetClientRect
SetWindowPos
GetWindowTextW
SetWindowTextW
GetSystemMetrics
GetWindow
GetWindowLongW
SetWindowLongW
LoadBitmapW

gdi32

GetDeviceCaps
CreateCompatibleDC
GetObjectW
CreateCompatibleBitmap
SelectObject
StretchBlt
DeleteDC
DeleteObject

comdlg32

GetSaveFileNameW
CommDlgExtendedError
GetOpenFileNameW

advapi32

RegOpenKeyExW
RegQueryValueExW
RegCreateKeyExW
RegSetValueExW
RegCloseKey
SetFileSecurityW
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges

shell32

SHChangeNotify
SHGetFileInfoW
SHGetMalloc
SHGetSpecialFolderLocation
SHGetPathFromIDListW
SHBrowseForFolderW
ShellExecuteExW
SHFileOperationW

ole32

CLSIDFromString
CoCreateInstance
OleInitialize
OleUninitialize
CreateStreamOnHGlobal

oleaut32

VariantInit

Sections

.text
Size: 148KB - Virtual size: 148KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 133KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 78KB - Virtual size: 78KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.09.18_Checkpoint-Rampant_Kitten/845a0e5720a6288794a6452adb8d3e7c22f5e6e6b9d4f7481fbd30e3efba4f28
.exe windows:5 windows x86 arch:x86

9402b48d966c911f0785b076b349b5ef

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\Projects\WinRAR\SFX\build\sfxrar32\Release\sfxrar.pdb

Imports

comctl32

ord17

kernel32

DeleteFileA
DeleteFileW
CreateDirectoryA
CreateDirectoryW
FindClose
FindNextFileA
FindFirstFileA
FindNextFileW
FindFirstFileW
GetTickCount
WideCharToMultiByte
MultiByteToWideChar
GetVersionExA
GlobalAlloc
lstrlenA
GetModuleFileNameA
FindResourceA
GetModuleHandleA
HeapAlloc
GetProcessHeap
HeapFree
HeapReAlloc
CompareStringA
ExitProcess
GetLocaleInfoA
GetNumberFormatA
lstrcmpiA
GetProcAddress
GetDateFormatA
GetTimeFormatA
FileTimeToSystemTime
FileTimeToLocalFileTime
ExpandEnvironmentStringsA
WaitForSingleObject
SetCurrentDirectoryA
Sleep
GetTempPathA
MoveFileExA
UnmapViewOfFile
GetCommandLineA
MapViewOfFile
CreateFileMappingA
GetModuleFileNameW
SetEnvironmentVariableA
OpenFileMappingA
LocalFileTimeToFileTime
SystemTimeToFileTime
GetSystemTime
IsDBCSLeadByte
GetCPInfo
FreeLibrary
LoadLibraryA
GetCurrentDirectoryA
GetFullPathNameA
SetFileAttributesW
SetFileAttributesA
GetFileAttributesW
GetFileAttributesA
WriteFile
SetLastError
GetStdHandle
ReadFile
CreateFileW
CreateFileA
GetFileType
SetEndOfFile
SetFilePointer
MoveFileA
SetFileTime
GetCurrentProcess
CloseHandle
GetLastError
DosDateTimeToFileTime

user32

ReleaseDC
GetDC
SendMessageA
wsprintfA
SetDlgItemTextA
EndDialog
DestroyIcon
SendDlgItemMessageA
GetDlgItemTextA
DialogBoxParamA
IsWindowVisible
WaitForInputIdle
GetSysColor
PostMessageA
SetMenu
SetFocus
LoadBitmapA
LoadIconA
CharToOemA
OemToCharA
GetClassNameA
CharUpperA
GetWindowRect
GetParent
MapWindowPoints
CreateWindowExA
UpdateWindow
SetWindowTextA
LoadCursorA
RegisterClassExA
SetWindowLongA
GetWindowLongA
DefWindowProcA
PeekMessageA
GetMessageA
TranslateMessage
DispatchMessageA
GetClientRect
CopyRect
IsWindow
MessageBoxA
ShowWindow
GetDlgItem
EnableWindow
FindWindowExA
wvsprintfA
CharToOemBuffA
LoadStringA
SetWindowPos
GetWindowTextA
GetWindow
GetSystemMetrics
OemToCharBuffA
DestroyWindow

gdi32

GetDeviceCaps
GetObjectA
CreateCompatibleBitmap
SelectObject
StretchBlt
CreateCompatibleDC
DeleteObject
DeleteDC

comdlg32

GetSaveFileNameA
CommDlgExtendedError
GetOpenFileNameA

advapi32

LookupPrivilegeValueA
RegOpenKeyExA
RegQueryValueExA
RegCreateKeyExA
RegSetValueExA
RegCloseKey
SetFileSecurityW
SetFileSecurityA
OpenProcessToken
AdjustTokenPrivileges

shell32

ShellExecuteExA
SHFileOperationA
SHGetFileInfoA
SHGetSpecialFolderLocation
SHGetMalloc
SHBrowseForFolderA
SHGetPathFromIDListA
SHChangeNotify

ole32

CreateStreamOnHGlobal
OleInitialize
CoCreateInstance
OleUninitialize
CLSIDFromString

oleaut32

VariantInit

Sections

.text
Size: 66KB - Virtual size: 65KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 77KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.09.18_Checkpoint-Rampant_Kitten/986a9bd00d5b22431ab949916828aa25542afae4875b5cee00f703424b5ffb34
.exe windows:5 windows x86 arch:x86

9402b48d966c911f0785b076b349b5ef

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\Projects\WinRAR\SFX\build\sfxrar32\Release\sfxrar.pdb

Imports

comctl32

ord17

kernel32

DeleteFileA
DeleteFileW
CreateDirectoryA
CreateDirectoryW
FindClose
FindNextFileA
FindFirstFileA
FindNextFileW
FindFirstFileW
GetTickCount
WideCharToMultiByte
MultiByteToWideChar
GetVersionExA
GlobalAlloc
lstrlenA
GetModuleFileNameA
FindResourceA
GetModuleHandleA
HeapAlloc
GetProcessHeap
HeapFree
HeapReAlloc
CompareStringA
ExitProcess
GetLocaleInfoA
GetNumberFormatA
lstrcmpiA
GetProcAddress
GetDateFormatA
GetTimeFormatA
FileTimeToSystemTime
FileTimeToLocalFileTime
ExpandEnvironmentStringsA
WaitForSingleObject
SetCurrentDirectoryA
Sleep
GetTempPathA
MoveFileExA
UnmapViewOfFile
GetCommandLineA
MapViewOfFile
CreateFileMappingA
GetModuleFileNameW
SetEnvironmentVariableA
OpenFileMappingA
LocalFileTimeToFileTime
SystemTimeToFileTime
GetSystemTime
IsDBCSLeadByte
GetCPInfo
FreeLibrary
LoadLibraryA
GetCurrentDirectoryA
GetFullPathNameA
SetFileAttributesW
SetFileAttributesA
GetFileAttributesW
GetFileAttributesA
WriteFile
SetLastError
GetStdHandle
ReadFile
CreateFileW
CreateFileA
GetFileType
SetEndOfFile
SetFilePointer
MoveFileA
SetFileTime
GetCurrentProcess
CloseHandle
GetLastError
DosDateTimeToFileTime

user32

ReleaseDC
GetDC
SendMessageA
wsprintfA
SetDlgItemTextA
EndDialog
DestroyIcon
SendDlgItemMessageA
GetDlgItemTextA
DialogBoxParamA
IsWindowVisible
WaitForInputIdle
GetSysColor
PostMessageA
SetMenu
SetFocus
LoadBitmapA
LoadIconA
CharToOemA
OemToCharA
GetClassNameA
CharUpperA
GetWindowRect
GetParent
MapWindowPoints
CreateWindowExA
UpdateWindow
SetWindowTextA
LoadCursorA
RegisterClassExA
SetWindowLongA
GetWindowLongA
DefWindowProcA
PeekMessageA
GetMessageA
TranslateMessage
DispatchMessageA
GetClientRect
CopyRect
IsWindow
MessageBoxA
ShowWindow
GetDlgItem
EnableWindow
FindWindowExA
wvsprintfA
CharToOemBuffA
LoadStringA
SetWindowPos
GetWindowTextA
GetWindow
GetSystemMetrics
OemToCharBuffA
DestroyWindow

gdi32

GetDeviceCaps
GetObjectA
CreateCompatibleBitmap
SelectObject
StretchBlt
CreateCompatibleDC
DeleteObject
DeleteDC

comdlg32

GetSaveFileNameA
CommDlgExtendedError
GetOpenFileNameA

advapi32

LookupPrivilegeValueA
RegOpenKeyExA
RegQueryValueExA
RegCreateKeyExA
RegSetValueExA
RegCloseKey
SetFileSecurityW
SetFileSecurityA
OpenProcessToken
AdjustTokenPrivileges

shell32

ShellExecuteExA
SHFileOperationA
SHGetFileInfoA
SHGetSpecialFolderLocation
SHGetMalloc
SHBrowseForFolderA
SHGetPathFromIDListA
SHChangeNotify

ole32

CreateStreamOnHGlobal
OleInitialize
CoCreateInstance
OleUninitialize
CLSIDFromString

oleaut32

VariantInit

Sections

.text
Size: 66KB - Virtual size: 65KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.09.18_Checkpoint-Rampant_Kitten/9c75a6957a0294d929787b6e8217e4127b77cc2702c19ddb8e0b6319dc3b5127
.exe windows:5 windows x86 arch:x86

04b71059322c92c1866be52b1d757887

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Users\To-ph\Desktop\bypass 93-09-17\Webcam921119\Release\Webcam.pdb

Imports

kernel32

CompareStringA
CompareStringW
GetStringTypeW
GetStringTypeA
LCMapStringW
SetEnvironmentVariableA
MultiByteToWideChar
LCMapStringA
GetTickCount
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
GetSystemTimeAsFileTime
GetModuleHandleW
Sleep
GetProcAddress
ExitProcess
GetCommandLineA
GetStartupInfoA
GetLastError
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
WideCharToMultiByte
GetTimeZoneInformation
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
WriteFile
GetStdHandle
GetModuleFileNameA
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
LoadLibraryA
InitializeCriticalSectionAndSpinCount
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
HeapCreate
VirtualFree
QueryPerformanceCounter
GetCurrentProcessId
VirtualAlloc
GetCPInfo
RtlUnwind
GetACP
GetOEMCP
IsValidCodePage
GetLocaleInfoA

user32

PostQuitMessage
LoadCursorW
LoadIconW
ShowWindow
CreateWindowExW
RegisterClassW
SendMessageW
UpdateWindow
DefWindowProcW
IsWindow

gdi32

GetStockObject

shell32

SHGetSpecialFolderPathW

avicap32

capCreateCaptureWindowW

Sections

.text
Size: 34KB - Virtual size: 33KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.09.18_Checkpoint-Rampant_Kitten/README.md
Malware-Feed-master/2020.09.18_Checkpoint-Rampant_Kitten/a4fcc308e9a364d29057cc76dbe6a8c32ce24a1dbae5c0b6306471f61cbefb29
.dll windows:6 windows x64 arch:x64

c6215bc9388f25b2e2bdd503839e0712

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

D:\Desktop 96\labrator\Other Lan+zoggy - eset\32-without-H-F-S-V-961217 - TR-tel-debug - deepfreeze\HookInjEx_DLL\Release\HookInjEx.pdb

Imports

shlwapi

PathFindExtensionW
PathFileExistsW

ws2_32

inet_addr
inet_ntoa
recv
htons
shutdown
socket
gethostbyname
WSAStartup
connect
send
WSACleanup
closesocket

wininet

InternetCheckConnectionA
DeleteUrlCacheEntryW

crypt32

CryptUnprotectData

kernel32

SetConsoleCtrlHandler
DecodePointer
LockResource
FreeLibrary
DisableThreadLibraryCalls
GetProcAddress
GlobalLock
GlobalUnlock
HeapDestroy
HeapAlloc
HeapReAlloc
HeapFree
HeapSize
GetProcessHeap
GetShortPathNameW
RaiseException
GetLastError
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
WaitForSingleObject
Sleep
LoadResource
SizeofResource
GetFileSize
ReadFile
SetFilePointer
FindClose
GetFileTime
SetFileTime
CloseHandle
SystemTimeToTzSpecificLocalTime
TzSpecificLocalTimeToSystemTime
SystemTimeToFileTime
FileTimeToSystemTime
GetTickCount
GetLogicalDriveStringsA
LoadLibraryA
CreateProcessW
FindResourceW
FindResourceExW
GetDriveTypeA
SetCurrentDirectoryA
CreateDirectoryW
CreateFileW
GetFileAttributesW
DeleteFileW
FindFirstFileW
CopyFileW
MoveFileW
GetVolumeInformationA
LocalFree
GetCurrentProcessId
LockFile
UnlockFile
LockFileEx
UnlockFileEx
WriteFile
FindFirstFileExA
SetEndOfFile
GetSystemTime
GetSystemTimeAsFileTime
GetSystemInfo
FormatMessageA
FormatMessageW
MapViewOfFile
UnmapViewOfFile
CreateFileMappingA
LoadLibraryW
GetTempPathA
GetTempPathW
GetDiskFreeSpaceA
GetDiskFreeSpaceW
GetFullPathNameA
GetFullPathNameW
CreateFileA
GetFileAttributesA
GetFileAttributesExW
DeleteFileA
AreFileApisANSI
QueryPerformanceCounter
GetVersionExA
MultiByteToWideChar
WideCharToMultiByte
GetTimeZoneInformation
SetFilePointerEx
ReadConsoleW
GetConsoleMode
GetConsoleCP
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetTimeFormatW
GetDateFormatW
GetFileType
GetStartupInfoW
GetStdHandle
GetACP
GetCurrentThread
GetModuleFileNameA
ExitProcess
GetModuleHandleExW
FindFirstFileExW
FindNextFileA
FindNextFileW
IsValidCodePage
GetOEMCP
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
SetEnvironmentVariableW
SetStdHandle
WriteConsoleW
OutputDebugStringA
GetCurrentThreadId
WaitForSingleObjectEx
ResetEvent
SetEvent
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
FreeLibraryAndExitThread
ResumeThread
ExitThread
CreateThread
VirtualQuery
VirtualProtect
VirtualAlloc
InterlockedFlushSList
InterlockedPushEntrySList
GetModuleFileNameW
LoadLibraryExW
RtlUnwindEx
InitializeSListHead
FlushFileBuffers
EncodePointer
SetLastError
CreateEventW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleW
CompareStringW
LCMapStringW
GetLocaleInfoW
GetStringTypeW
GetCPInfo
IsDebuggerPresent
OutputDebugStringW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
RtlPcToFileHeader

user32

DispatchMessageA
ToUnicodeEx
GetKeyboardLayout
RegisterWindowMessageA
GetMessageA
TranslateMessage
GetKeyboardState
DefWindowProcA
PostQuitMessage
UnregisterClassA
RegisterClassExA
GetPriorityClipboardFormat
LoadIconA
LoadCursorA
SetWindowsHookExA
GetWindowThreadProcessId
GetForegroundWindow

gdi32

GetObjectA
CreateDIBSection
SelectObject
SaveDC
GetDeviceCaps
DeleteObject
DeleteDC
CreateDCA
CreateCompatibleDC
BitBlt
RestoreDC

advapi32

RegCreateKeyA
RegSetValueExW
SystemFunction036

shell32

SHGetSpecialFolderPathW
SHGetSpecialFolderPathA
ShellExecuteW
DragQueryFileW
DragQueryFileA

gdiplus

GdipGetImageEncoders
GdipGetImageEncodersSize
GdipCreateBitmapFromHBITMAP
GdipCreateBitmapFromScan0
GdipSaveImageToFile
GdipDisposeImage
GdipCloneImage
GdiplusShutdown
GdiplusStartup
GdipFree
GdipAlloc

iphlpapi

GetAdaptersInfo

Exports

Exports

?NCDevCall@@YAHPEAUHWND__@@QEAGHH@Z
?g_bSubclassed@@3HA
?strcat_s2@@YAHPEADHPEBD@Z
?strcpy_s2@@YAHPEADHPEBD@Z
?wcscat_s2@@YAHPEAGHPEBG@Z
?wcscpy_s2@@YAHPEAGHPEBG@Z

Sections

.text
Size: 981KB - Virtual size: 980KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 250KB - Virtual size: 249KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 47KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.shared
Size: 31KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.09.18_Checkpoint-Rampant_Kitten/a60f5b41251d0bf126fc3c2b836de7d59aa608fd6d37726d71960dd408575512
.dll windows:5 windows x86 arch:x86

2f30f140af237bf8066a4d456cae3034

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\Users\TOPH\Desktop\node 32\32-whois-931011-tagged-DesDoc\HookInjEx_DLL\Debug\HookInjEx.pdb

Imports

shlwapi

PathFileExistsW
PathFindExtensionW

ws2_32

recv
WSACleanup
send
shutdown
connect
inet_addr
htons
socket
inet_ntoa
gethostbyname
WSAStartup
ntohs
closesocket

wininet

InternetCheckConnectionA

crypt32

CryptUnprotectData

kernel32

GlobalLock
MoveFileW
Sleep
CreateDirectoryW
DeleteFileW
CloseHandle
ReadFile
SetFilePointer
CreateFileW
GetLastError
WaitForSingleObject
CreateProcessW
GetComputerNameA
GetShortPathNameW
GetTempPathW
FindClose
FindFirstFileW
GetFileAttributesW
FindNextFileW
CopyFileW
SetFileTime
SystemTimeToFileTime
TzSpecificLocalTimeToSystemTime
GetFileSize
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
GetFileTime
DeleteCriticalSection
InitializeCriticalSection
GetVolumeInformationA
GetDriveTypeA
GetLogicalDriveStringsA
SetCurrentDirectoryA
VirtualFree
GetLocalTime
VirtualAlloc
WriteFile
HeapFree
HeapAlloc
GetProcessHeap
GetComputerNameW
DisableThreadLibraryCalls
FreeLibrary
LoadLibraryA
GetModuleFileNameA
FindResourceA
SizeofResource
LockResource
LoadResource
FindResourceExA
InterlockedCompareExchange
WideCharToMultiByte
MultiByteToWideChar
AreFileApisANSI
SetEndOfFile
FlushFileBuffers
UnlockFile
LockFile
LockFileEx
GetVersionExA
UnmapViewOfFile
UnlockFileEx
MapViewOfFile
CreateFileMappingA
CreateFileA
GetTempPathA
GlobalUnlock
DeleteFileA
GetFileAttributesExW
GetFullPathNameA
GetFullPathNameW
GetDiskFreeSpaceA
GetDiskFreeSpaceW
LoadLibraryW
FormatMessageA
LocalFree
FormatMessageW
GetProcAddress
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTime
GetSystemTimeAsFileTime
GetSystemInfo
GetStringTypeA
HeapCreate
GetEnvironmentStrings
FreeEnvironmentStringsA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetModuleHandleA
GetConsoleMode
GetConsoleCP
SetConsoleCtrlHandler
ExitProcess
WriteConsoleW
SetLastError
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
IsValidCodePage
GetOEMCP
GetACP
GetTimeZoneInformation
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
DebugBreak
FatalAppExitA
GetCPInfo
LCMapStringW
InterlockedExchange
LCMapStringA
IsBadReadPtr
EnterCriticalSection
LeaveCriticalSection
GetTickCount
GetStringTypeW
GetLocaleInfoA
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
InitializeCriticalSectionAndSpinCount
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
CompareStringW
SetEnvironmentVariableA
SetEnvironmentVariableW
GetLocaleInfoW
CompareStringA
InterlockedDecrement
InterlockedIncrement
SetEvent
OpenEventA
OutputDebugStringA
OutputDebugStringW
HeapValidate
GetCommandLineA
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetDateFormatA
GetTimeFormatA
ResumeThread
ExitThread
GetCurrentThreadId
CreateThread
VirtualQuery
GetModuleHandleW
RaiseException
FileTimeToLocalFileTime
GetFileAttributesA
VirtualProtect
RtlUnwind
GetModuleFileNameW
OpenFileMappingA
GetCurrentThread
HeapDestroy
HeapSize
HeapReAlloc
lstrlenA
LocalFileTimeToFileTime

user32

GetKeyboardState
GetPriorityClipboardFormat
DefWindowProcA
CloseClipboard
GetClipboardData
OpenClipboard
IsClipboardFormatAvailable
GetWindowTextW
GetForegroundWindow
PostQuitMessage
ChangeClipboardChain
SendMessageA
SetClipboardViewer
DispatchMessageA
TranslateMessage
GetMessageA
SetTimer
CallNextHookEx
ToUnicodeEx
GetKeyboardLayout
GetWindowThreadProcessId
UnhookWindowsHookEx
CreateWindowExA
RegisterClassExA
LoadCursorA
LoadIconA
SystemParametersInfoA
RegisterWindowMessageA
CallWindowProcA
SetWindowsHookExA
SetWindowLongA

gdi32

RestoreDC
GetObjectA
CreateDCA
CreateCompatibleDC
GetDeviceCaps
CreateDIBSection
SaveDC
SelectObject
BitBlt
DeleteObject
DeleteDC

advapi32

OpenThreadToken
RegCreateKeyA
GetUserNameW
RevertToSelf
SetThreadToken
RegSetValueExW
RegSetValueExA

shell32

SHGetSpecialFolderPathA
SHGetSpecialFolderPathW
ShellExecuteW
DragQueryFileA
DragQueryFileW

gdiplus

GdiplusShutdown
GdipDisposeImage
GdipFree
GdipCloneImage
GdipAlloc
GdipCreateBitmapFromScan0
GdipCreateBitmapFromHBITMAP
GdipGetImageEncodersSize
GdipGetImageEncoders
GdiplusStartup
GdipSaveImageToFile

urlmon

URLDownloadToFileW
URLDownloadToFileA

iphlpapi

GetTcpTable
GetAdaptersInfo

winmm

mixerClose
mixerGetNumDevs
mixerOpen
mixerGetDevCapsA
mixerGetLineInfoA
waveInOpen
waveInPrepareHeader
waveInAddBuffer
waveInStart
waveInReset
waveInUnprepareHeader
waveInClose

Exports

Exports

?InjectDll@@YAHPAUHWND__@@QAGHH@Z
?g_bSubclassed@@3HA
?strcat_s2@@YAHPADHPBD@Z
?strcpy_s2@@YAHPADHPBD@Z
?wcscat_s2@@YAHPAGHPBG@Z
?wcscpy_s2@@YAHPAGHPBG@Z

Sections

.textbss
Size: - Virtual size: 677KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 165KB - Virtual size: 165KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.shared
Size: 38KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.09.18_Checkpoint-Rampant_Kitten/a713a2749e9791243a89471a2603bf1f32ec11c9179771ca46fb5583b8412cb0
.exe windows:5 windows x86 arch:x86

96d6233921441d891ccc11016bcbfc55

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Aslan\C\Telegram\Desktop\TBuild32\tdesktop\out\Release\Updater.exe.pdb

Imports

kernel32

FindNextFileW
GetCurrentProcess
WriteFile
ExpandEnvironmentStringsW
RemoveDirectoryW
GetModuleFileNameW
GetEnvironmentVariableW
FindClose
CreateFileW
GetCurrentThreadId
Sleep
FormatMessageW
GetLastError
DeleteFileW
GetFullPathNameW
LoadLibraryW
GetLocalTime
GetProcAddress
LocalFree
GetCurrentProcessId
GetModuleHandleW
CopyFileW
MoveFileW
SetUnhandledExceptionFilter
FlushFileBuffers
WriteConsoleW
SetFilePointerEx
GetCommandLineW
FindFirstFileExW
ReadFile
CloseHandle
CreateDirectoryW
GetConsoleMode
GetConsoleCP
HeapReAlloc
HeapSize
GetStringTypeW
SetStdHandle
GetFileType
GetProcessHeap
UnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
GetSystemTimeAsFileTime
InitializeSListHead
RtlUnwind
RaiseException
SetLastError
EncodePointer
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
ExitProcess
GetModuleHandleExW
GetStdHandle
HeapAlloc
HeapFree
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
MultiByteToWideChar
WideCharToMultiByte
GetEnvironmentStringsW
FreeEnvironmentStringsW
LCMapStringW
DecodePointer

user32

MessageBoxW
wsprintfW

advapi32

RegSetValueExW
RegOpenKeyExW
RegQueryValueExW
RegCloseKey

shell32

ShellExecuteW
CommandLineToArgvW
SHFileOperationW

ole32

CoCreateInstance
CoUninitialize
CoInitialize

shlwapi

PathCanonicalizeW

Sections

.text
Size: 76KB - Virtual size: 76KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.09.18_Checkpoint-Rampant_Kitten/af31cc534aa49f02e6c18a8cf3fd4c9cf366d462ee7caaf8c2a461405382073f
.dll windows:5 windows x64 arch:x64

6e8b250f57c8cd1496c69704c8ed5aba

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\Users\TOPH\Desktop\node 32\downloader-uncompltednl-64-930307-faz\x64\Debug\pa2_64dll.pdb

Imports

kernel32

FreeLibrary
LoadLibraryA
GetModuleFileNameA
CompareStringW
CompareStringA
SetEndOfFile
CreateFileA
GetLocaleInfoW
GetTimeZoneInformation
DisableThreadLibraryCalls
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
VirtualQuery
GetProcessHeap
GetShortPathNameW
GetComputerNameW
DeleteFileW
CreateDirectoryW
Sleep
InitializeCriticalSectionAndSpinCount
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
GetLocaleInfoA
GetStringTypeW
CreateFileW
MoveFileW
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
ResumeThread
GetLastError
CreateThread
ExitThread
CloseHandle
MultiByteToWideChar
RtlLookupFunctionEntry
RtlUnwindEx
RaiseException
RtlPcToFileHeader
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlCaptureContext
GetModuleFileNameW
GetCurrentThreadId
FlsSetValue
GetCommandLineA
HeapSize
HeapValidate
IsBadReadPtr
WideCharToMultiByte
LCMapStringA
LCMapStringW
GetCPInfo
FatalAppExitA
DebugBreak
lstrlenA
GetProcAddress
EncodePointer
DecodePointer
TlsAlloc
FlsGetValue
FlsAlloc
FlsFree
SetLastError
GetCurrentThread
GetModuleHandleW
ExitProcess
GetACP
GetOEMCP
IsValidCodePage
WriteFile
GetConsoleCP
GetConsoleMode
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
ReadFile
SetFilePointer
FlushFileBuffers
OutputDebugStringA
WriteConsoleW
OutputDebugStringW
SetConsoleCtrlHandler
LoadLibraryW
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapSetInformation
HeapCreate
HeapDestroy
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
HeapAlloc
HeapReAlloc
HeapQueryInformation
HeapFree
GetTimeFormatA
GetDateFormatA
GetStringTypeA
SetEnvironmentVariableA

user32

DispatchMessageA
GetWindowThreadProcessId
SetWindowsHookExA
SendMessageA
CallWindowProcA
UnhookWindowsHookEx
CallNextHookEx
RegisterWindowMessageA
SetTimer
GetMessageA
TranslateMessage

advapi32

GetUserNameW
RegSetValueExA
RegCreateKeyA
RegSetValueExW

shell32

SHGetSpecialFolderPathW

shlwapi

PathFileExistsW

urlmon

URLDownloadToFileW

iphlpapi

GetAdaptersInfo

Exports

Exports

InjectDll

Sections

.text
Size: 550KB - Virtual size: 549KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 121KB - Virtual size: 120KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.shared
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.09.18_Checkpoint-Rampant_Kitten/b26b024fa7be56d2b2e3815d8e97434f95b30bf25cda4259d3e20c14a92bd8ec
.exe windows:5 windows x86 arch:x86

4dcb6ccf5c9c4fae7a0fb756a40c24b2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\Users\TOPH\Desktop\sefareshi-downloader-folder\32-whois-931011-tagged-DesDoc\HookInjEx\Debug\HookInjEx.pdb

Imports

shlwapi

PathFileExistsW

kernel32

TlsSetValue
CompareStringW
GetModuleFileNameW
ExitProcess
CopyFileW
GetCurrentDirectoryW
GetVersionExA
GetShortPathNameW
CompareStringA
FlushFileBuffers
CloseHandle
CreateFileA
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetConsoleMode
GetConsoleCP
GetCommandLineA
GetStartupInfoA
IsDebuggerPresent
RaiseException
DebugBreak
WideCharToMultiByte
MultiByteToWideChar
lstrlenA
GetProcAddress
LoadLibraryA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
GetModuleHandleW
Sleep
InterlockedIncrement
InterlockedDecrement
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetLastError
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
DeleteCriticalSection
HeapValidate
IsBadReadPtr
TlsGetValue
TlsAlloc
SetEnvironmentVariableA
TlsFree
SetLastError
GetCurrentThread
HeapDestroy
HeapCreate
HeapFree
VirtualFree
WriteFile
HeapAlloc
GetProcessHeap
VirtualQuery
FreeLibrary
GetACP
GetOEMCP
GetCPInfo
IsValidCodePage
EnterCriticalSection
LeaveCriticalSection
FatalAppExitA
SetConsoleCtrlHandler
InterlockedExchange
InitializeCriticalSectionAndSpinCount
HeapSize
HeapReAlloc
VirtualAlloc
RtlUnwind
OutputDebugStringA
WriteConsoleW
OutputDebugStringW
LoadLibraryW
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoW
GetLocaleInfoA
GetTimeFormatA
GetDateFormatA
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
GetTimeZoneInformation
SetFilePointer

user32

FindWindowA
FindWindowExA

shell32

SHGetSpecialFolderPathW

dhtmlh

?wcscpy_s2@@YAHPAGHPBG@Z
?wcscat_s2@@YAHPAGHPBG@Z
?InjectDll@@YAHPAUHWND__@@QAGHH@Z

Sections

.textbss
Size: - Virtual size: 166KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 349KB - Virtual size: 348KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 68KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.09.18_Checkpoint-Rampant_Kitten/b5e571eb492eaee853abdf8b6202f7e543f09d8343a85f467cd4806f8e19a14f
.exe windows:5 windows x86 arch:x86

3eaa732d4dae53340f9646bdd85dac41

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\Projects\WinRAR\SFX\build\sfxrar32\Release\sfxrar.pdb

Imports

comctl32

InitCommonControlsEx

shlwapi

SHAutoComplete

kernel32

ReadFile
GetFileAttributesW
SetFileAttributesW
FindNextFileW
GetFullPathNameW
GetModuleFileNameW
FindResourceW
GetModuleHandleW
FreeLibrary
GetProcAddress
LoadLibraryW
GetCurrentProcessId
GetLocaleInfoW
GetNumberFormatW
ExpandEnvironmentStringsW
WaitForSingleObject
DosDateTimeToFileTime
GetDateFormatW
GetTimeFormatW
FileTimeToSystemTime
FileTimeToLocalFileTime
GetExitCodeProcess
GetTempPathW
MoveFileExW
Sleep
UnmapViewOfFile
MapViewOfFile
GetCommandLineW
CreateFileMappingW
GetTickCount
SetEnvironmentVariableW
OpenFileMappingW
CreateThread
EnterCriticalSection
LeaveCriticalSection
GetProcessAffinityMask
ReleaseSemaphore
ResetEvent
DeleteCriticalSection
SetEvent
SetThreadPriority
InitializeCriticalSection
CreateEventW
CreateSemaphoreW
SystemTimeToFileTime
GetSystemTime
LocalFileTimeToFileTime
WideCharToMultiByte
MultiByteToWideChar
CompareStringW
IsDBCSLeadByte
FindFirstFileW
GetFileType
SetCurrentDirectoryW
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
LoadLibraryA
GetConsoleMode
GetConsoleCP
InitializeCriticalSectionAndSpinCount
QueryPerformanceCounter
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
LCMapStringW
LCMapStringA
IsValidCodePage
GetOEMCP
GetACP
GetModuleFileNameA
ExitProcess
HeapSize
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
VirtualAlloc
VirtualFree
HeapCreate
InterlockedDecrement
GetCurrentThreadId
InterlockedIncrement
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetStartupInfoA
GetCommandLineA
RaiseException
GetSystemTimeAsFileTime
SetEndOfFile
SetFilePointer
GetStdHandle
WriteFile
FlushFileBuffers
GetLongPathNameW
MoveFileW
GetShortPathNameW
CreateDirectoryW
RemoveDirectoryW
GlobalAlloc
DeleteFileW
FindClose
CreateFileW
DeviceIoControl
SetFileTime
GetCurrentProcess
CloseHandle
CreateHardLinkW
SetLastError
GetLastError
GetCurrentDirectoryW
CreateFileA
GetCPInfo
HeapAlloc
HeapReAlloc
HeapFree
RtlUnwind

user32

EnableWindow
ShowWindow
GetDlgItem
MessageBoxW
FindWindowExW
GetParent
MapWindowPoints
CreateWindowExW
UpdateWindow
LoadCursorW
RegisterClassExW
DefWindowProcW
DestroyWindow
CopyRect
IsWindow
CharUpperW
OemToCharBuffA
LoadIconW
PostMessageW
GetSysColor
SetForegroundWindow
WaitForInputIdle
IsWindowVisible
DialogBoxParamW
DestroyIcon
SetFocus
GetClassNameW
SendDlgItemMessageW
EndDialog
GetDlgItemTextW
SetDlgItemTextW
wvsprintfW
SendMessageW
GetDC
ReleaseDC
PeekMessageW
GetMessageW
TranslateMessage
DispatchMessageW
LoadStringW
GetWindowRect
GetClientRect
SetWindowPos
GetWindowTextW
SetWindowTextW
GetSystemMetrics
GetWindow
GetWindowLongW
SetWindowLongW
LoadBitmapW

gdi32

GetDeviceCaps
CreateCompatibleDC
GetObjectW
CreateCompatibleBitmap
SelectObject
StretchBlt
DeleteDC
DeleteObject

comdlg32

GetSaveFileNameW
CommDlgExtendedError
GetOpenFileNameW

advapi32

RegOpenKeyExW
RegQueryValueExW
RegCreateKeyExW
RegSetValueExW
RegCloseKey
SetFileSecurityW
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges

shell32

SHChangeNotify
SHGetFileInfoW
SHGetMalloc
SHGetSpecialFolderLocation
SHGetPathFromIDListW
SHBrowseForFolderW
ShellExecuteExW
SHFileOperationW

ole32

CLSIDFromString
CoCreateInstance
OleInitialize
OleUninitialize
CreateStreamOnHGlobal

oleaut32

VariantInit

Sections

.text
Size: 148KB - Virtual size: 148KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 133KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 374KB - Virtual size: 373KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.09.18_Checkpoint-Rampant_Kitten/b65676321e2138affd5c38a1f2b882f19ac1ca9bf414b6f3d44e35c43c36ae78
.exe windows:5 windows x86 arch:x86

481c2ae9a9e00cae2e2b92d2047964db

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

wininet

InternetGetConnectedState
DeleteUrlCacheEntryW

winspool.drv

DocumentPropertiesW
ClosePrinter
OpenPrinterW
GetDefaultPrinterW
EnumPrintersW

comctl32

ImageList_GetImageInfo
FlatSB_SetScrollInfo
InitCommonControls
ImageList_DragMove
ImageList_Destroy
_TrackMouseEvent
ImageList_DragShowNolock
ImageList_Add
FlatSB_SetScrollProp
ImageList_GetDragImage
ImageList_Create
ImageList_EndDrag
ImageList_DrawEx
ImageList_SetImageCount
FlatSB_GetScrollPos
FlatSB_SetScrollPos
InitializeFlatSB
ImageList_Copy
FlatSB_GetScrollInfo
ImageList_Write
ImageList_SetBkColor
ImageList_GetBkColor
ImageList_BeginDrag
ImageList_GetIcon
ImageList_Replace
ImageList_GetImageCount
ImageList_DragEnter
ImageList_GetIconSize
ImageList_SetIconSize
ImageList_Read
ImageList_DragLeave
ImageList_LoadImageW
ImageList_Draw
ImageList_Remove
ImageList_ReplaceIcon
ImageList_SetOverlayImage

shell32

Shell_NotifyIconW
ShellExecuteW

urlmon

URLDownloadToFileW

user32

CopyImage
CreateWindowExW
GetMenuItemInfoW
SetMenuItemInfoW
DefFrameProcW
GetDCEx
PeekMessageW
MonitorFromWindow
GetDlgCtrlID
SetTimer
WindowFromPoint
BeginPaint
RegisterClipboardFormatW
FrameRect
MapVirtualKeyW
IsWindowUnicode
RegisterWindowMessageW
FillRect
GetMenuStringW
DispatchMessageW
CreateAcceleratorTableW
SendMessageA
IsClipboardFormatAvailable
DefMDIChildProcW
EnumWindows
GetClassInfoW
ShowOwnedPopups
GetSystemMenu
GetScrollRange
GetScrollPos
SetScrollPos
GetActiveWindow
SetActiveWindow
DrawEdge
GetKeyboardLayoutList
LoadBitmapW
DrawFocusRect
EnumChildWindows
GetScrollBarInfo
ReleaseCapture
UnhookWindowsHookEx
LoadCursorW
GetCapture
SetCapture
CreatePopupMenu
ScrollWindow
ShowCaret
GetMenuItemID
GetLastActivePopup
CharLowerBuffW
GetSystemMetrics
SetWindowLongW
PostMessageW
DrawMenuBar
SetParent
IsZoomed
CharUpperBuffW
GetClientRect
IsChild
ClientToScreen
GetClipboardData
SetClipboardData
SetWindowPlacement
IsIconic
CallNextHookEx
GetMonitorInfoW
ShowWindow
CheckMenuItem
CharUpperW
DefWindowProcW
GetForegroundWindow
SetForegroundWindow
GetWindowTextW
GetWindowTextLengthW
EnableWindow
DestroyWindow
IsDialogMessageW
EndMenu
RegisterClassW
CharNextW
GetWindowThreadProcessId
RedrawWindow
GetDC
GetFocus
SetFocus
EndPaint
ReleaseDC
MsgWaitForMultipleObjectsEx
LoadKeyboardLayoutW
GetClassLongW
ActivateKeyboardLayout
GetParent
DrawTextW
SetScrollRange
MonitorFromRect
InsertMenuItemW
PeekMessageA
GetPropW
SetClassLongW
MessageBoxW
MessageBeep
SetPropW
RemovePropW
UpdateWindow
GetSubMenu
MsgWaitForMultipleObjects
DestroyMenu
DestroyIcon
SetWindowsHookExW
EmptyClipboard
IsWindowVisible
DispatchMessageA
UnregisterClassW
GetTopWindow
SendMessageW
AdjustWindowRectEx
DrawIcon
IsWindow
EnumThreadWindows
InvalidateRect
GetKeyboardState
DrawFrameControl
ScreenToClient
SetCursor
CreateIcon
CreateMenu
LoadStringW
CharLowerW
SetWindowRgn
SetWindowPos
GetMenuItemCount
RemoveMenu
GetSysColorBrush
GetKeyboardLayoutNameW
GetWindowDC
TranslateMessage
OpenClipboard
DrawTextExW
MapWindowPoints
EnumDisplayMonitors
CallWindowProcW
CountClipboardFormats
CloseClipboard
DestroyCursor
EnumClipboardFormats
GetScrollInfo
SetWindowTextW
GetMessageExtraInfo
EnableScrollBar
GetSysColor
TrackPopupMenu
CopyIcon
DrawIconEx
PostQuitMessage
GetClassNameW
ShowScrollBar
EnableMenuItem
GetIconInfo
GetMessagePos
SetScrollInfo
GetKeyNameTextW
GetDesktopWindow
GetCursorPos
SetCursorPos
HideCaret
GetMenu
GetMenuState
SetMenu
SetRect
GetKeyState
FindWindowExW
MonitorFromPoint
SystemParametersInfoW
LoadIconW
GetCursor
GetWindow
GetWindowLongW
GetWindowRect
InsertMenuW
KillTimer
WaitMessage
IsWindowEnabled
IsDialogMessageA
TranslateMDISysAccel
GetWindowPlacement
FindWindowW
DeleteMenu
GetKeyboardLayout

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

oleaut32

SysFreeString
VariantClear
VariantInit
GetErrorInfo
SysReAllocStringLen
SafeArrayCreate
SysAllocStringLen
SafeArrayPtrOfIndex
SafeArrayGetUBound
SafeArrayGetLBound
VariantCopy
VariantChangeType

advapi32

RegSetValueExW
RegConnectRegistryW
RegEnumKeyExW
RegLoadKeyW
GetUserNameW
RegDeleteKeyW
RegOpenKeyExW
RegQueryInfoKeyW
RegUnLoadKeyW
RegSaveKeyW
RegDeleteValueW
RegReplaceKeyW
RegFlushKey
RegQueryValueExW
RegEnumValueW
RegCloseKey
RegCreateKeyExW
RegRestoreKeyW

netapi32

NetWkstaGetInfo
NetApiBufferFree

msvcrt

memcpy
memset

kernel32

GetACP
LocalFree
CloseHandle
GetCurrentProcessId
SizeofResource
VirtualProtect
QueryPerformanceFrequency
IsDebuggerPresent
FindNextFileW
GetFullPathNameW
VirtualFree
ExitProcess
HeapAlloc
GetCPInfoExW
GlobalSize
GetLongPathNameW
RtlUnwind
GetCPInfo
EnumSystemLocalesW
GetStdHandle
GetTimeZoneInformation
FileTimeToLocalFileTime
SystemTimeToTzSpecificLocalTime
GetModuleHandleW
FreeLibrary
TryEnterCriticalSection
HeapDestroy
FileTimeToDosDateTime
ReadFile
CreateProcessW
HeapSize
GetLastError
GetModuleFileNameW
SetLastError
GlobalAlloc
GlobalUnlock
FindResourceW
CreateThread
CompareStringW
CopyFileW
CreateMutexW
LoadLibraryA
ResetEvent
MulDiv
FreeResource
GetDriveTypeW
GetVersion
RaiseException
MoveFileW
GlobalAddAtomW
FormatMessageW
OpenProcess
SwitchToThread
GetExitCodeThread
GetCurrentThread
LoadLibraryExW
LockResource
FileTimeToSystemTime
GetCurrentThreadId
UnhandledExceptionFilter
VirtualQuery
GlobalFindAtomW
VirtualQueryEx
GlobalFree
Sleep
EnterCriticalSection
SetFilePointer
LoadResource
SuspendThread
GetTickCount
WaitForMultipleObjects
GetFileSize
GetStartupInfoW
GlobalDeleteAtom
GetFileAttributesW
InitializeCriticalSection
GetThreadPriority
GetCurrentProcess
SetThreadPriority
GlobalLock
VirtualAlloc
GetSystemInfo
GetCommandLineW
GetTempPathW
LeaveCriticalSection
GetProcAddress
ResumeThread
GetLogicalDriveStringsW
GetVersionExW
VerifyVersionInfoW
HeapCreate
GetDiskFreeSpaceW
VerSetConditionMask
FindFirstFileW
GetUserDefaultUILanguage
lstrlenW
QueryPerformanceCounter
SetEndOfFile
HeapFree
WideCharToMultiByte
FindClose
MultiByteToWideChar
LoadLibraryW
SetEvent
CreateFileW
GetLocaleInfoW
EnumResourceNamesW
DeleteFileW
GetEnvironmentVariableW
GetLocalTime
WaitForSingleObject
WriteFile
ExitThread
DeleteCriticalSection
GetDateFormatW
TlsGetValue
SetErrorMode
GetComputerNameW
IsValidLocale
TlsSetValue
CreateDirectoryW
GetSystemDefaultUILanguage
EnumCalendarInfoW
LocalAlloc
RemoveDirectoryW
CreateEventW
WaitForMultipleObjectsEx
SetThreadLocale
GetThreadLocale

shfolder

SHGetFolderPathW

ole32

IsEqualGUID
OleInitialize
OleUninitialize
CoInitialize
CoCreateInstance
CoUninitialize
CoTaskMemFree
CoTaskMemAlloc

iphlpapi

GetAdaptersInfo
GetNumberOfInterfaces

gdi32

Pie
SetBkMode
CreateCompatibleBitmap
GetEnhMetaFileHeader
RectVisible
AngleArc
ResizePalette
SetAbortProc
SetTextColor
StretchBlt
RoundRect
RestoreDC
SetRectRgn
GetTextMetricsW
GetWindowOrgEx
CreatePalette
PolyBezierTo
CreateICW
CreateDCW
GetStockObject
CreateSolidBrush
Polygon
MoveToEx
PlayEnhMetaFile
Ellipse
StartPage
GetBitmapBits
StartDocW
AbortDoc
GetSystemPaletteEntries
GetEnhMetaFileBits
GetEnhMetaFilePaletteEntries
CreatePenIndirect
CreateFontIndirectW
PolyBezier
EndDoc
GetObjectW
GetWinMetaFileBits
SetROP2
GetEnhMetaFileDescriptionW
ArcTo
Arc
SelectPalette
ExcludeClipRect
MaskBlt
SetWindowOrgEx
EndPage
DeleteEnhMetaFile
Chord
SetDIBits
SetViewportOrgEx
CreateRectRgn
RealizePalette
SetDIBColorTable
GetDIBColorTable
CreateBrushIndirect
PatBlt
SetEnhMetaFileBits
Rectangle
SaveDC
DeleteDC
FrameRgn
BitBlt
GetDeviceCaps
GetTextExtentPoint32W
GetClipBox
IntersectClipRect
Polyline
CreateBitmap
SetWinMetaFileBits
GetStretchBltMode
CreateDIBitmap
SetStretchBltMode
GetDIBits
CreateDIBSection
LineTo
GetRgnBox
EnumFontsW
CreateHalftonePalette
SelectObject
DeleteObject
ExtFloodFill
UnrealizeObject
CopyEnhMetaFileW
SetBkColor
CreateCompatibleDC
GetBrushOrgEx
GetCurrentPositionEx
GetNearestPaletteIndex
GetTextExtentPointW
ExtTextOutW
SetBrushOrgEx
GetPixel
GdiFlush
SetPixel
EnumFontFamiliesExW
StretchDIBits
GetPaletteEntries

Exports

Exports

TMethodImplementationIntercept
__dbk_fcall_wrapper
dbkFCallWrapperAddr

Sections

.text
Size: 2.6MB - Virtual size: 2.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 60KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 26KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.didata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 162B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: - Virtual size: 72B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 93B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 236KB - Virtual size: 236KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 410KB - Virtual size: 409KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.debug
Size: 10.8MB - Virtual size: 10.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.09.18_Checkpoint-Rampant_Kitten/b743c9b4968b65577d60d0f3a3c4ae6dd6beedf08a02625836d598f8600a1321
.docx office2007
Malware-Feed-master/2020.09.18_Checkpoint-Rampant_Kitten/b7730f9a05be8a0f25a3979b2f8d2fed791340a32385a9fd37d0e8b81119627d
.exe windows:5 windows x86 arch:x86

9402b48d966c911f0785b076b349b5ef

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\Projects\WinRAR\SFX\build\sfxrar32\Release\sfxrar.pdb

Imports

comctl32

ord17

kernel32

DeleteFileA
DeleteFileW
CreateDirectoryA
CreateDirectoryW
FindClose
FindNextFileA
FindFirstFileA
FindNextFileW
FindFirstFileW
GetTickCount
WideCharToMultiByte
MultiByteToWideChar
GetVersionExA
GlobalAlloc
lstrlenA
GetModuleFileNameA
FindResourceA
GetModuleHandleA
HeapAlloc
GetProcessHeap
HeapFree
HeapReAlloc
CompareStringA
ExitProcess
GetLocaleInfoA
GetNumberFormatA
lstrcmpiA
GetProcAddress
GetDateFormatA
GetTimeFormatA
FileTimeToSystemTime
FileTimeToLocalFileTime
ExpandEnvironmentStringsA
WaitForSingleObject
SetCurrentDirectoryA
Sleep
GetTempPathA
MoveFileExA
UnmapViewOfFile
GetCommandLineA
MapViewOfFile
CreateFileMappingA
GetModuleFileNameW
SetEnvironmentVariableA
OpenFileMappingA
LocalFileTimeToFileTime
SystemTimeToFileTime
GetSystemTime
IsDBCSLeadByte
GetCPInfo
FreeLibrary
LoadLibraryA
GetCurrentDirectoryA
GetFullPathNameA
SetFileAttributesW
SetFileAttributesA
GetFileAttributesW
GetFileAttributesA
WriteFile
SetLastError
GetStdHandle
ReadFile
CreateFileW
CreateFileA
GetFileType
SetEndOfFile
SetFilePointer
MoveFileA
SetFileTime
GetCurrentProcess
CloseHandle
GetLastError
DosDateTimeToFileTime

user32

ReleaseDC
GetDC
SendMessageA
wsprintfA
SetDlgItemTextA
EndDialog
DestroyIcon
SendDlgItemMessageA
GetDlgItemTextA
DialogBoxParamA
IsWindowVisible
WaitForInputIdle
GetSysColor
PostMessageA
SetMenu
SetFocus
LoadBitmapA
LoadIconA
CharToOemA
OemToCharA
GetClassNameA
CharUpperA
GetWindowRect
GetParent
MapWindowPoints
CreateWindowExA
UpdateWindow
SetWindowTextA
LoadCursorA
RegisterClassExA
SetWindowLongA
GetWindowLongA
DefWindowProcA
PeekMessageA
GetMessageA
TranslateMessage
DispatchMessageA
GetClientRect
CopyRect
IsWindow
MessageBoxA
ShowWindow
GetDlgItem
EnableWindow
FindWindowExA
wvsprintfA
CharToOemBuffA
LoadStringA
SetWindowPos
GetWindowTextA
GetWindow
GetSystemMetrics
OemToCharBuffA
DestroyWindow

gdi32

GetDeviceCaps
GetObjectA
CreateCompatibleBitmap
SelectObject
StretchBlt
CreateCompatibleDC
DeleteObject
DeleteDC

comdlg32

GetSaveFileNameA
CommDlgExtendedError
GetOpenFileNameA

advapi32

LookupPrivilegeValueA
RegOpenKeyExA
RegQueryValueExA
RegCreateKeyExA
RegSetValueExA
RegCloseKey
SetFileSecurityW
SetFileSecurityA
OpenProcessToken
AdjustTokenPrivileges

shell32

ShellExecuteExA
SHFileOperationA
SHGetFileInfoA
SHGetSpecialFolderLocation
SHGetMalloc
SHBrowseForFolderA
SHGetPathFromIDListA
SHChangeNotify

ole32

CreateStreamOnHGlobal
OleInitialize
CoCreateInstance
OleUninitialize
CLSIDFromString

oleaut32

VariantInit

Sections

.text
Size: 66KB - Virtual size: 65KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 148KB - Virtual size: 147KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.09.18_Checkpoint-Rampant_Kitten/b778ab921e7268334efdc8aa371909c4bbd0f1621e39ab9d7e37167fe448581e
.pptx office2007
Malware-Feed-master/2020.09.18_Checkpoint-Rampant_Kitten/baf779a4a3c9d901eff32a46a004bbb258551cac57d63f0a878d882d2ebbdcf3
.exe windows:5 windows x86 arch:x86

7a81f46ba8be0283c33302f6a952b5db

Code Sign

6b:32:6a:0f:03:28:d3:7a:1d:53:0b:fd:23:bd:48:e2
Certificate

Issuer

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

29-10-2015 11:30

Not After

09-06-2027 11:30

Subject

CN=Certum Code Signing CA SHA2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

10:0d:34:f8:90:8a:df:ca:54:bd:cc:60:13:9a:7d:a8
Certificate

Issuer

CN=Certum Code Signing CA SHA2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

31-01-2018 15:40

Not After

31-01-2019 15:40

Subject

CN=Open Source Developer\, Dominik Reichl,O=Open Source Developer,L=Metzingen,C=DE,1.2.840.113549.1.9.1=#0c166365727440646f6d696e696b2d72656963686c2e6465

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

fe:67:e4:f1:5a:24:e3:c6:0d:54:7c:a0:20:c2:76:70
Certificate

Issuer

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

08-03-2016 13:10

Not After

30-05-2027 13:10

Subject

CN=Certum EV TSA SHA2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

6b:32:6a:0f:03:28:d3:7a:1d:53:0b:fd:23:bd:48:e2
Certificate

Issuer

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

29-10-2015 11:30

Not After

09-06-2027 11:30

Subject

CN=Certum Code Signing CA SHA2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

10:0d:34:f8:90:8a:df:ca:54:bd:cc:60:13:9a:7d:a8
Certificate

Issuer

CN=Certum Code Signing CA SHA2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

31-01-2018 15:40

Not After

31-01-2019 15:40

Subject

CN=Open Source Developer\, Dominik Reichl,O=Open Source Developer,L=Metzingen,C=DE,1.2.840.113549.1.9.1=#0c166365727440646f6d696e696b2d72656963686c2e6465

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

fe:67:e4:f1:5a:24:e3:c6:0d:54:7c:a0:20:c2:76:70
Certificate

Issuer

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

08-03-2016 13:10

Not After

30-05-2027 13:10

Subject

CN=Certum EV TSA SHA2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

8d:26:99:ec:8b:4e:1e:38:db:22:7f:bc:2e:f7:c4:0c:58:bf:5c:b2:6b:af:40:21:ee:67:a8:7b:74:b2:2a:4f
Signer

Actual PE Digest

8d:26:99:ec:8b:4e:1e:38:db:22:7f:bc:2e:f7:c4:0c:58:bf:5c:b2:6b:af:40:21:ee:67:a8:7b:74:b2:2a:4f

Digest Algorithm

sha256

PE Digest Matches

false

d1:bd:87:05:a1:5d:66:9b:05:d2:47:f2:79:a8:a3:8c:12:6e:79:c2
Signer

Actual PE Digest

d1:bd:87:05:a1:5d:66:9b:05:d2:47:f2:79:a8:a3:8c:12:6e:79:c2

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

wininet

DeleteUrlCacheEntryW

winspool.drv

DocumentPropertiesW
ClosePrinter
OpenPrinterW
GetDefaultPrinterW
EnumPrintersW

comctl32

ImageList_GetImageInfo
FlatSB_SetScrollInfo
ImageList_DragMove
ImageList_Destroy
_TrackMouseEvent
ImageList_DragShowNolock
ImageList_Add
FlatSB_SetScrollProp
ImageList_GetDragImage
ImageList_Create
ImageList_EndDrag
ImageList_DrawEx
ImageList_SetImageCount
FlatSB_GetScrollPos
FlatSB_SetScrollPos
InitializeFlatSB
ImageList_Copy
FlatSB_GetScrollInfo
ImageList_Write
ImageList_SetBkColor
ImageList_GetBkColor
ImageList_BeginDrag
ImageList_GetIcon
ImageList_Replace
ImageList_GetImageCount
ImageList_DragEnter
ImageList_GetIconSize
ImageList_SetIconSize
ImageList_Read
ImageList_DragLeave
ImageList_LoadImageW
ImageList_Draw
ImageList_Remove
ImageList_ReplaceIcon
ImageList_SetOverlayImage

shell32

Shell_NotifyIconW
ShellExecuteW

urlmon

URLDownloadToFileW

user32

CopyImage
CreateWindowExW
GetMenuItemInfoW
SetMenuItemInfoW
DefFrameProcW
GetDCEx
PeekMessageW
MonitorFromWindow
GetDlgCtrlID
SetTimer
WindowFromPoint
BeginPaint
RegisterClipboardFormatW
FrameRect
MapVirtualKeyW
IsWindowUnicode
RegisterWindowMessageW
FillRect
GetMenuStringW
DispatchMessageW
CreateAcceleratorTableW
SendMessageA
DefMDIChildProcW
EnumWindows
GetClassInfoW
ShowOwnedPopups
GetSystemMenu
GetScrollRange
SetScrollPos
GetScrollPos
GetActiveWindow
SetActiveWindow
DrawEdge
GetKeyboardLayoutList
LoadBitmapW
DrawFocusRect
EnumChildWindows
GetScrollBarInfo
ReleaseCapture
UnhookWindowsHookEx
LoadCursorW
GetCapture
SetCapture
CreatePopupMenu
ScrollWindow
ShowCaret
GetMenuItemID
GetLastActivePopup
CharLowerBuffW
GetSystemMetrics
SetWindowLongW
PostMessageW
DrawMenuBar
SetParent
IsZoomed
CharUpperBuffW
GetClientRect
IsChild
ClientToScreen
GetClipboardData
SetClipboardData
SetWindowPlacement
IsIconic
CallNextHookEx
GetMonitorInfoW
ShowWindow
CheckMenuItem
CharUpperW
DefWindowProcW
GetForegroundWindow
SetForegroundWindow
GetWindowTextW
EnableWindow
DestroyWindow
IsDialogMessageW
EndMenu
RegisterClassW
CharNextW
GetWindowThreadProcessId
RedrawWindow
GetDC
GetFocus
SetFocus
EndPaint
ReleaseDC
MsgWaitForMultipleObjectsEx
LoadKeyboardLayoutW
GetClassLongW
ActivateKeyboardLayout
GetParent
DrawTextW
SetScrollRange
MonitorFromRect
InsertMenuItemW
PeekMessageA
GetPropW
SetClassLongW
MessageBoxW
MessageBeep
SetPropW
RemovePropW
UpdateWindow
GetSubMenu
MsgWaitForMultipleObjects
DestroyMenu
DestroyIcon
SetWindowsHookExW
EmptyClipboard
IsWindowVisible
DispatchMessageA
UnregisterClassW
GetTopWindow
SendMessageW
AdjustWindowRectEx
DrawIcon
IsWindow
EnumThreadWindows
InvalidateRect
GetKeyboardState
DrawFrameControl
ScreenToClient
SetCursor
CreateIcon
CreateMenu
LoadStringW
CharLowerW
SetWindowRgn
SetWindowPos
GetMenuItemCount
RemoveMenu
GetSysColorBrush
GetKeyboardLayoutNameW
GetWindowDC
TranslateMessage
OpenClipboard
DrawTextExW
MapWindowPoints
EnumDisplayMonitors
CallWindowProcW
CloseClipboard
DestroyCursor
GetScrollInfo
SetWindowTextW
GetMessageExtraInfo
EnableScrollBar
GetSysColor
TrackPopupMenu
CopyIcon
DrawIconEx
PostQuitMessage
GetClassNameW
ShowScrollBar
EnableMenuItem
GetIconInfo
GetMessagePos
SetScrollInfo
GetKeyNameTextW
GetDesktopWindow
GetCursorPos
SetCursorPos
HideCaret
GetMenu
GetMenuState
SetMenu
SetRect
GetKeyState
FindWindowExW
MonitorFromPoint
SystemParametersInfoW
LoadIconW
GetCursor
GetWindow
GetWindowLongW
GetWindowRect
InsertMenuW
KillTimer
WaitMessage
IsWindowEnabled
IsDialogMessageA
TranslateMDISysAccel
GetWindowPlacement
FindWindowW
DeleteMenu
GetKeyboardLayout

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

oleaut32

SysFreeString
VariantClear
VariantInit
GetErrorInfo
SysReAllocStringLen
SafeArrayCreate
SysAllocStringLen
SafeArrayPtrOfIndex
SafeArrayGetUBound
SafeArrayGetLBound
VariantCopy
VariantChangeType

advapi32

RegSetValueExW
RegConnectRegistryW
RegEnumKeyExW
RegLoadKeyW
GetUserNameW
RegDeleteKeyW
RegOpenKeyExW
RegQueryInfoKeyW
RegUnLoadKeyW
RegSaveKeyW
RegDeleteValueW
RegReplaceKeyW
RegFlushKey
RegQueryValueExW
RegEnumValueW
RegCloseKey
RegCreateKeyExW
RegRestoreKeyW

netapi32

NetWkstaGetInfo
NetApiBufferFree

kernel32

GetACP
LocalFree
CloseHandle
GetCurrentProcessId
SizeofResource
VirtualProtect
QueryPerformanceFrequency
IsDebuggerPresent
FindNextFileW
VirtualFree
GetFullPathNameW
ExitProcess
HeapAlloc
GetCPInfoExW
RtlUnwind
GetCPInfo
EnumSystemLocalesW
GetStdHandle
FileTimeToLocalFileTime
GetModuleHandleW
FreeLibrary
TryEnterCriticalSection
HeapDestroy
FileTimeToDosDateTime
ReadFile
HeapSize
GetLastError
GetModuleFileNameW
SetLastError
GlobalAlloc
GlobalUnlock
FindResourceW
CreateThread
CompareStringW
CopyFileW
CreateMutexW
LoadLibraryA
ResetEvent
MulDiv
FreeResource
GetVersion
RaiseException
GlobalAddAtomW
FormatMessageW
SwitchToThread
GetExitCodeThread
GetCurrentThread
LoadLibraryExW
LockResource
GetCurrentThreadId
UnhandledExceptionFilter
VirtualQuery
GlobalFindAtomW
VirtualQueryEx
GlobalFree
Sleep
EnterCriticalSection
SetFilePointer
LoadResource
SuspendThread
GetTickCount
GetStartupInfoW
GlobalDeleteAtom
GetFileAttributesW
InitializeCriticalSection
GetThreadPriority
GetCurrentProcess
SetThreadPriority
GlobalLock
VirtualAlloc
GetSystemInfo
GetCommandLineW
LeaveCriticalSection
GetProcAddress
ResumeThread
GetLogicalDriveStringsW
GetVersionExW
VerifyVersionInfoW
HeapCreate
VerSetConditionMask
GetDiskFreeSpaceW
FindFirstFileW
GetUserDefaultUILanguage
lstrlenW
QueryPerformanceCounter
SetEndOfFile
HeapFree
WideCharToMultiByte
FindClose
MultiByteToWideChar
LoadLibraryW
SetEvent
CreateFileW
GetLocaleInfoW
EnumResourceNamesW
DeleteFileW
GetLocalTime
WaitForSingleObject
WriteFile
ExitThread
DeleteCriticalSection
TlsGetValue
GetDateFormatW
SetErrorMode
IsValidLocale
TlsSetValue
CreateDirectoryW
GetSystemDefaultUILanguage
EnumCalendarInfoW
LocalAlloc
RemoveDirectoryW
CreateEventW
WaitForMultipleObjectsEx
SetThreadLocale
GetThreadLocale

shfolder

SHGetFolderPathW

ole32

IsEqualGUID
OleInitialize
OleUninitialize
CoInitialize
CoCreateInstance
CoUninitialize
CoTaskMemFree
CoTaskMemAlloc

iphlpapi

GetAdaptersInfo
GetNumberOfInterfaces

gdi32

Pie
SetBkMode
CreateCompatibleBitmap
GetEnhMetaFileHeader
RectVisible
AngleArc
SetAbortProc
SetTextColor
StretchBlt
RoundRect
RestoreDC
SetRectRgn
GetTextMetricsW
GetWindowOrgEx
CreatePalette
PolyBezierTo
CreateICW
CreateDCW
GetStockObject
CreateSolidBrush
Polygon
MoveToEx
PlayEnhMetaFile
Ellipse
StartPage
GetBitmapBits
StartDocW
GetSystemPaletteEntries
GetEnhMetaFileBits
AbortDoc
GetEnhMetaFilePaletteEntries
CreatePenIndirect
CreateFontIndirectW
PolyBezier
EndDoc
GetObjectW
GetWinMetaFileBits
SetROP2
GetEnhMetaFileDescriptionW
ArcTo
Arc
SelectPalette
ExcludeClipRect
MaskBlt
SetWindowOrgEx
EndPage
DeleteEnhMetaFile
Chord
SetDIBits
SetViewportOrgEx
CreateRectRgn
RealizePalette
SetDIBColorTable
GetDIBColorTable
CreateBrushIndirect
PatBlt
SetEnhMetaFileBits
Rectangle
SaveDC
DeleteDC
FrameRgn
BitBlt
GetDeviceCaps
GetTextExtentPoint32W
GetClipBox
IntersectClipRect
Polyline
CreateBitmap
SetWinMetaFileBits
GetStretchBltMode
CreateDIBitmap
SetStretchBltMode
GetDIBits
CreateDIBSection
LineTo
GetRgnBox
EnumFontsW
CreateHalftonePalette
SelectObject
DeleteObject
ExtFloodFill
UnrealizeObject
CopyEnhMetaFileW
SetBkColor
CreateCompatibleDC
GetBrushOrgEx
GetCurrentPositionEx
GetTextExtentPointW
ExtTextOutW
SetBrushOrgEx
GetPixel
GdiFlush
SetPixel
EnumFontFamiliesExW
StretchDIBits
GetPaletteEntries

Exports

Exports

TMethodImplementationIntercept
__dbk_fcall_wrapper
dbkFCallWrapperAddr

Sections

.text
Size: 2.0MB - Virtual size: 2.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 24KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.didata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: - Virtual size: 72B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 93B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 184KB - Virtual size: 184KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 161KB - Virtual size: 161KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.debug
Size: 9.4MB - Virtual size: 9.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.09.18_Checkpoint-Rampant_Kitten/bfb2a7f8e7396f8edee131eca9715ab8b2fc957478b7cf0d58840a707b718e09
.exe windows:5 windows x86 arch:x86

9402b48d966c911f0785b076b349b5ef

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\Projects\WinRAR\SFX\build\sfxrar32\Release\sfxrar.pdb

Imports

comctl32

ord17

kernel32

DeleteFileA
DeleteFileW
CreateDirectoryA
CreateDirectoryW
FindClose
FindNextFileA
FindFirstFileA
FindNextFileW
FindFirstFileW
GetTickCount
WideCharToMultiByte
MultiByteToWideChar
GetVersionExA
GlobalAlloc
lstrlenA
GetModuleFileNameA
FindResourceA
GetModuleHandleA
HeapAlloc
GetProcessHeap
HeapFree
HeapReAlloc
CompareStringA
ExitProcess
GetLocaleInfoA
GetNumberFormatA
lstrcmpiA
GetProcAddress
GetDateFormatA
GetTimeFormatA
FileTimeToSystemTime
FileTimeToLocalFileTime
ExpandEnvironmentStringsA
WaitForSingleObject
SetCurrentDirectoryA
Sleep
GetTempPathA
MoveFileExA
UnmapViewOfFile
GetCommandLineA
MapViewOfFile
CreateFileMappingA
GetModuleFileNameW
SetEnvironmentVariableA
OpenFileMappingA
LocalFileTimeToFileTime
SystemTimeToFileTime
GetSystemTime
IsDBCSLeadByte
GetCPInfo
FreeLibrary
LoadLibraryA
GetCurrentDirectoryA
GetFullPathNameA
SetFileAttributesW
SetFileAttributesA
GetFileAttributesW
GetFileAttributesA
WriteFile
SetLastError
GetStdHandle
ReadFile
CreateFileW
CreateFileA
GetFileType
SetEndOfFile
SetFilePointer
MoveFileA
SetFileTime
GetCurrentProcess
CloseHandle
GetLastError
DosDateTimeToFileTime

user32

ReleaseDC
GetDC
SendMessageA
wsprintfA
SetDlgItemTextA
EndDialog
DestroyIcon
SendDlgItemMessageA
GetDlgItemTextA
DialogBoxParamA
IsWindowVisible
WaitForInputIdle
GetSysColor
PostMessageA
SetMenu
SetFocus
LoadBitmapA
LoadIconA
CharToOemA
OemToCharA
GetClassNameA
CharUpperA
GetWindowRect
GetParent
MapWindowPoints
CreateWindowExA
UpdateWindow
SetWindowTextA
LoadCursorA
RegisterClassExA
SetWindowLongA
GetWindowLongA
DefWindowProcA
PeekMessageA
GetMessageA
TranslateMessage
DispatchMessageA
GetClientRect
CopyRect
IsWindow
MessageBoxA
ShowWindow
GetDlgItem
EnableWindow
FindWindowExA
wvsprintfA
CharToOemBuffA
LoadStringA
SetWindowPos
GetWindowTextA
GetWindow
GetSystemMetrics
OemToCharBuffA
DestroyWindow

gdi32

GetDeviceCaps
GetObjectA
CreateCompatibleBitmap
SelectObject
StretchBlt
CreateCompatibleDC
DeleteObject
DeleteDC

comdlg32

GetSaveFileNameA
CommDlgExtendedError
GetOpenFileNameA

advapi32

LookupPrivilegeValueA
RegOpenKeyExA
RegQueryValueExA
RegCreateKeyExA
RegSetValueExA
RegCloseKey
SetFileSecurityW
SetFileSecurityA
OpenProcessToken
AdjustTokenPrivileges

shell32

ShellExecuteExA
SHFileOperationA
SHGetFileInfoA
SHGetSpecialFolderLocation
SHGetMalloc
SHBrowseForFolderA
SHGetPathFromIDListA
SHChangeNotify

ole32

CreateStreamOnHGlobal
OleInitialize
CoCreateInstance
OleUninitialize
CLSIDFromString

oleaut32

VariantInit

Sections

.text
Size: 66KB - Virtual size: 65KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.09.18_Checkpoint-Rampant_Kitten/cec533ecd881f014efa7416867d6e3c6b4362741e97c1609860c6223935dec8d
.exe windows:5 windows x86 arch:x86

481c2ae9a9e00cae2e2b92d2047964db

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

wininet

InternetGetConnectedState
DeleteUrlCacheEntryW

winspool.drv

DocumentPropertiesW
ClosePrinter
OpenPrinterW
GetDefaultPrinterW
EnumPrintersW

comctl32

ImageList_GetImageInfo
FlatSB_SetScrollInfo
InitCommonControls
ImageList_DragMove
ImageList_Destroy
_TrackMouseEvent
ImageList_DragShowNolock
ImageList_Add
FlatSB_SetScrollProp
ImageList_GetDragImage
ImageList_Create
ImageList_EndDrag
ImageList_DrawEx
ImageList_SetImageCount
FlatSB_GetScrollPos
FlatSB_SetScrollPos
InitializeFlatSB
ImageList_Copy
FlatSB_GetScrollInfo
ImageList_Write
ImageList_SetBkColor
ImageList_GetBkColor
ImageList_BeginDrag
ImageList_GetIcon
ImageList_Replace
ImageList_GetImageCount
ImageList_DragEnter
ImageList_GetIconSize
ImageList_SetIconSize
ImageList_Read
ImageList_DragLeave
ImageList_LoadImageW
ImageList_Draw
ImageList_Remove
ImageList_ReplaceIcon
ImageList_SetOverlayImage

shell32

Shell_NotifyIconW
ShellExecuteW

urlmon

URLDownloadToFileW

user32

CopyImage
CreateWindowExW
GetMenuItemInfoW
SetMenuItemInfoW
DefFrameProcW
GetDCEx
PeekMessageW
MonitorFromWindow
GetDlgCtrlID
SetTimer
WindowFromPoint
BeginPaint
RegisterClipboardFormatW
FrameRect
MapVirtualKeyW
IsWindowUnicode
RegisterWindowMessageW
FillRect
GetMenuStringW
DispatchMessageW
CreateAcceleratorTableW
SendMessageA
IsClipboardFormatAvailable
DefMDIChildProcW
EnumWindows
GetClassInfoW
ShowOwnedPopups
GetSystemMenu
GetScrollRange
GetScrollPos
SetScrollPos
GetActiveWindow
SetActiveWindow
DrawEdge
GetKeyboardLayoutList
LoadBitmapW
DrawFocusRect
EnumChildWindows
GetScrollBarInfo
ReleaseCapture
UnhookWindowsHookEx
LoadCursorW
GetCapture
SetCapture
CreatePopupMenu
ScrollWindow
ShowCaret
GetMenuItemID
GetLastActivePopup
CharLowerBuffW
GetSystemMetrics
SetWindowLongW
PostMessageW
DrawMenuBar
SetParent
IsZoomed
CharUpperBuffW
GetClientRect
IsChild
ClientToScreen
GetClipboardData
SetClipboardData
SetWindowPlacement
IsIconic
CallNextHookEx
GetMonitorInfoW
ShowWindow
CheckMenuItem
CharUpperW
DefWindowProcW
GetForegroundWindow
SetForegroundWindow
GetWindowTextW
GetWindowTextLengthW
EnableWindow
DestroyWindow
IsDialogMessageW
EndMenu
RegisterClassW
CharNextW
GetWindowThreadProcessId
RedrawWindow
GetDC
GetFocus
SetFocus
EndPaint
ReleaseDC
MsgWaitForMultipleObjectsEx
LoadKeyboardLayoutW
GetClassLongW
ActivateKeyboardLayout
GetParent
DrawTextW
SetScrollRange
MonitorFromRect
InsertMenuItemW
PeekMessageA
GetPropW
SetClassLongW
MessageBoxW
MessageBeep
SetPropW
RemovePropW
UpdateWindow
GetSubMenu
MsgWaitForMultipleObjects
DestroyMenu
DestroyIcon
SetWindowsHookExW
EmptyClipboard
IsWindowVisible
DispatchMessageA
UnregisterClassW
GetTopWindow
SendMessageW
AdjustWindowRectEx
DrawIcon
IsWindow
EnumThreadWindows
InvalidateRect
GetKeyboardState
DrawFrameControl
ScreenToClient
SetCursor
CreateIcon
CreateMenu
LoadStringW
CharLowerW
SetWindowRgn
SetWindowPos
GetMenuItemCount
RemoveMenu
GetSysColorBrush
GetKeyboardLayoutNameW
GetWindowDC
TranslateMessage
OpenClipboard
DrawTextExW
MapWindowPoints
EnumDisplayMonitors
CallWindowProcW
CountClipboardFormats
CloseClipboard
DestroyCursor
EnumClipboardFormats
GetScrollInfo
SetWindowTextW
GetMessageExtraInfo
EnableScrollBar
GetSysColor
TrackPopupMenu
CopyIcon
DrawIconEx
PostQuitMessage
GetClassNameW
ShowScrollBar
EnableMenuItem
GetIconInfo
GetMessagePos
SetScrollInfo
GetKeyNameTextW
GetDesktopWindow
GetCursorPos
SetCursorPos
HideCaret
GetMenu
GetMenuState
SetMenu
SetRect
GetKeyState
FindWindowExW
MonitorFromPoint
SystemParametersInfoW
LoadIconW
GetCursor
GetWindow
GetWindowLongW
GetWindowRect
InsertMenuW
KillTimer
WaitMessage
IsWindowEnabled
IsDialogMessageA
TranslateMDISysAccel
GetWindowPlacement
FindWindowW
DeleteMenu
GetKeyboardLayout

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

oleaut32

SysFreeString
VariantClear
VariantInit
GetErrorInfo
SysReAllocStringLen
SafeArrayCreate
SysAllocStringLen
SafeArrayPtrOfIndex
SafeArrayGetUBound
SafeArrayGetLBound
VariantCopy
VariantChangeType

advapi32

RegSetValueExW
RegConnectRegistryW
RegEnumKeyExW
RegLoadKeyW
GetUserNameW
RegDeleteKeyW
RegOpenKeyExW
RegQueryInfoKeyW
RegUnLoadKeyW
RegSaveKeyW
RegDeleteValueW
RegReplaceKeyW
RegFlushKey
RegQueryValueExW
RegEnumValueW
RegCloseKey
RegCreateKeyExW
RegRestoreKeyW

netapi32

NetWkstaGetInfo
NetApiBufferFree

msvcrt

memcpy
memset

kernel32

GetACP
LocalFree
CloseHandle
GetCurrentProcessId
SizeofResource
VirtualProtect
QueryPerformanceFrequency
IsDebuggerPresent
FindNextFileW
GetFullPathNameW
VirtualFree
ExitProcess
HeapAlloc
GetCPInfoExW
GlobalSize
GetLongPathNameW
RtlUnwind
GetCPInfo
EnumSystemLocalesW
GetStdHandle
GetTimeZoneInformation
FileTimeToLocalFileTime
SystemTimeToTzSpecificLocalTime
GetModuleHandleW
FreeLibrary
TryEnterCriticalSection
HeapDestroy
FileTimeToDosDateTime
ReadFile
CreateProcessW
HeapSize
GetLastError
GetModuleFileNameW
SetLastError
GlobalAlloc
GlobalUnlock
FindResourceW
CreateThread
CompareStringW
CopyFileW
CreateMutexW
LoadLibraryA
ResetEvent
MulDiv
FreeResource
GetDriveTypeW
GetVersion
RaiseException
MoveFileW
GlobalAddAtomW
FormatMessageW
OpenProcess
SwitchToThread
GetExitCodeThread
GetCurrentThread
LoadLibraryExW
LockResource
FileTimeToSystemTime
GetCurrentThreadId
UnhandledExceptionFilter
VirtualQuery
GlobalFindAtomW
VirtualQueryEx
GlobalFree
Sleep
EnterCriticalSection
SetFilePointer
LoadResource
SuspendThread
GetTickCount
WaitForMultipleObjects
GetFileSize
GetStartupInfoW
GlobalDeleteAtom
GetFileAttributesW
InitializeCriticalSection
GetThreadPriority
GetCurrentProcess
SetThreadPriority
GlobalLock
VirtualAlloc
GetSystemInfo
GetCommandLineW
GetTempPathW
LeaveCriticalSection
GetProcAddress
ResumeThread
GetLogicalDriveStringsW
GetVersionExW
VerifyVersionInfoW
HeapCreate
GetDiskFreeSpaceW
VerSetConditionMask
FindFirstFileW
GetUserDefaultUILanguage
lstrlenW
QueryPerformanceCounter
SetEndOfFile
HeapFree
WideCharToMultiByte
FindClose
MultiByteToWideChar
LoadLibraryW
SetEvent
CreateFileW
GetLocaleInfoW
EnumResourceNamesW
DeleteFileW
GetEnvironmentVariableW
GetLocalTime
WaitForSingleObject
WriteFile
ExitThread
DeleteCriticalSection
GetDateFormatW
TlsGetValue
SetErrorMode
GetComputerNameW
IsValidLocale
TlsSetValue
CreateDirectoryW
GetSystemDefaultUILanguage
EnumCalendarInfoW
LocalAlloc
RemoveDirectoryW
CreateEventW
WaitForMultipleObjectsEx
SetThreadLocale
GetThreadLocale

shfolder

SHGetFolderPathW

ole32

IsEqualGUID
OleInitialize
OleUninitialize
CoInitialize
CoCreateInstance
CoUninitialize
CoTaskMemFree
CoTaskMemAlloc

iphlpapi

GetAdaptersInfo
GetNumberOfInterfaces

gdi32

Pie
SetBkMode
CreateCompatibleBitmap
GetEnhMetaFileHeader
RectVisible
AngleArc
ResizePalette
SetAbortProc
SetTextColor
StretchBlt
RoundRect
RestoreDC
SetRectRgn
GetTextMetricsW
GetWindowOrgEx
CreatePalette
PolyBezierTo
CreateICW
CreateDCW
GetStockObject
CreateSolidBrush
Polygon
MoveToEx
PlayEnhMetaFile
Ellipse
StartPage
GetBitmapBits
StartDocW
AbortDoc
GetSystemPaletteEntries
GetEnhMetaFileBits
GetEnhMetaFilePaletteEntries
CreatePenIndirect
CreateFontIndirectW
PolyBezier
EndDoc
GetObjectW
GetWinMetaFileBits
SetROP2
GetEnhMetaFileDescriptionW
ArcTo
Arc
SelectPalette
ExcludeClipRect
MaskBlt
SetWindowOrgEx
EndPage
DeleteEnhMetaFile
Chord
SetDIBits
SetViewportOrgEx
CreateRectRgn
RealizePalette
SetDIBColorTable
GetDIBColorTable
CreateBrushIndirect
PatBlt
SetEnhMetaFileBits
Rectangle
SaveDC
DeleteDC
FrameRgn
BitBlt
GetDeviceCaps
GetTextExtentPoint32W
GetClipBox
IntersectClipRect
Polyline
CreateBitmap
SetWinMetaFileBits
GetStretchBltMode
CreateDIBitmap
SetStretchBltMode
GetDIBits
CreateDIBSection
LineTo
GetRgnBox
EnumFontsW
CreateHalftonePalette
SelectObject
DeleteObject
ExtFloodFill
UnrealizeObject
CopyEnhMetaFileW
SetBkColor
CreateCompatibleDC
GetBrushOrgEx
GetCurrentPositionEx
GetNearestPaletteIndex
GetTextExtentPointW
ExtTextOutW
SetBrushOrgEx
GetPixel
GdiFlush
SetPixel
EnumFontFamiliesExW
StretchDIBits
GetPaletteEntries

Exports

Exports

TMethodImplementationIntercept
__dbk_fcall_wrapper
dbkFCallWrapperAddr

Sections

.text
Size: 2.6MB - Virtual size: 2.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 60KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 26KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.didata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 162B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: - Virtual size: 72B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 93B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 236KB - Virtual size: 236KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 410KB - Virtual size: 409KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.debug
Size: 10.8MB - Virtual size: 10.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.09.18_Checkpoint-Rampant_Kitten/d148562a49a09333b2b02d13e12b183d4c3fcf23fbb024d4e0b440631a3a3663
.exe windows:5 windows x86 arch:x86

14be35a179d97709e06a3cb0b991a8c7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\Users\To-ph\Desktop\93.03.05\rreegg32 931028-debug-tagged\HookInjEx\Debug\HookInjEx.pdb

Imports

shlwapi

PathFileExistsW

kernel32

IsValidCodePage
CompareStringW
GetEnvironmentVariableW
GetShortPathNameW
GetModuleFileNameW
Sleep
DeleteFileW
CopyFileW
CompareStringA
SetEndOfFile
CreateFileA
InterlockedIncrement
InterlockedDecrement
WideCharToMultiByte
InterlockedExchange
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
MultiByteToWideChar
InterlockedCompareExchange
RtlUnwind
GetTimeFormatA
GetDateFormatA
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RaiseException
GetCommandLineA
GetStartupInfoA
HeapValidate
IsBadReadPtr
GetLastError
LCMapStringA
LCMapStringW
GetCPInfo
FatalAppExitA
DebugBreak
lstrlenA
GetProcAddress
LoadLibraryA
TlsGetValue
GetModuleHandleW
TlsAlloc
TlsSetValue
GetCurrentThreadId
TlsFree
SetLastError
GetCurrentThread
GetACP
GetOEMCP
SetEnvironmentVariableA
GetTimeZoneInformation
GetStdHandle
WriteFile
OutputDebugStringA
WriteConsoleW
GetFileType
OutputDebugStringW
ExitProcess
SetConsoleCtrlHandler
LoadLibraryW
GetConsoleCP
GetConsoleMode
SetHandleCount
ReadFile
SetFilePointer
FlushFileBuffers
CloseHandle
GetModuleHandleA
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapDestroy
HeapCreate
HeapFree
VirtualFree
HeapAlloc
HeapSize
HeapReAlloc
VirtualAlloc
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
InitializeCriticalSectionAndSpinCount
GetProcessHeap
VirtualQuery
FreeLibrary
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
CreateFileW
GetLocaleInfoW

shell32

ShellExecuteW
SHGetSpecialFolderPathW

Sections

.textbss
Size: - Virtual size: 252KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 536KB - Virtual size: 535KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 97KB - Virtual size: 96KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.09.18_Checkpoint-Rampant_Kitten/d3bb736d8a8b500c75ad853392afac37fd8cd519b274db4cba9451d2f1899059
.exe windows:5 windows x64 arch:x64

664ce13b85a439adc1523d91441c8ceb

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

c:\Users\TOPH\Desktop\sefareshi-downloader-folder\32-whois-931011-tagged-DesDoc\HookInjEx\Debug\HookInjEx.pdb

Imports

shlwapi

PathFileExistsW

kernel32

DecodePointer
CompareStringW
GetModuleFileNameW
ExitProcess
CopyFileW
GetCurrentDirectoryW
GetVersionExA
GetShortPathNameW
CompareStringA
FlushFileBuffers
CloseHandle
CreateFileA
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetConsoleMode
GetConsoleCP
GetCommandLineA
GetStartupInfoA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
RaiseException
DebugBreak
WideCharToMultiByte
MultiByteToWideChar
lstrlenA
GetProcAddress
LoadLibraryA
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
RtlUnwindEx
GetModuleHandleW
Sleep
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetLastError
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
DeleteCriticalSection
HeapSize
HeapValidate
IsBadReadPtr
EncodePointer
SetEnvironmentVariableA
TlsAlloc
FlsGetValue
FlsSetValue
FlsAlloc
FlsFree
SetLastError
GetCurrentThread
HeapSetInformation
HeapCreate
HeapDestroy
WriteFile
HeapFree
HeapAlloc
GetProcessHeap
VirtualQuery
FreeLibrary
GetACP
GetOEMCP
GetCPInfo
IsValidCodePage
EnterCriticalSection
LeaveCriticalSection
FatalAppExitA
SetConsoleCtrlHandler
InitializeCriticalSectionAndSpinCount
HeapReAlloc
HeapQueryInformation
OutputDebugStringA
WriteConsoleW
OutputDebugStringW
LoadLibraryW
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoW
GetLocaleInfoA
GetTimeFormatA
GetDateFormatA
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
RtlPcToFileHeader
GetTimeZoneInformation
SetFilePointer

user32

FindWindowA
FindWindowExA

shell32

SHGetSpecialFolderPathW

dhtmlh

?wcscpy_s2@@YAHPEAGHPEBG@Z
?wcscat_s2@@YAHPEAGHPEBG@Z
?InjectDll@@YAHPEAUHWND__@@QEAGHH@Z

Sections

.text
Size: 425KB - Virtual size: 425KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 83KB - Virtual size: 83KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.09.18_Checkpoint-Rampant_Kitten/d8395183c234836b9138d0ade196b8ab60aae6add8c84e004df049a27afe5ffa
.zip
Malware-Feed-master/2020.09.18_Checkpoint-Rampant_Kitten/dc627b6419366cdf50eccfa3d1995c111b71112e5abb725b6096b9e0026af395
.exe windows:5 windows x86 arch:x86

481c2ae9a9e00cae2e2b92d2047964db

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

wininet

InternetGetConnectedState
DeleteUrlCacheEntryW

winspool.drv

DocumentPropertiesW
ClosePrinter
OpenPrinterW
GetDefaultPrinterW
EnumPrintersW

comctl32

ImageList_GetImageInfo
FlatSB_SetScrollInfo
InitCommonControls
ImageList_DragMove
ImageList_Destroy
_TrackMouseEvent
ImageList_DragShowNolock
ImageList_Add
FlatSB_SetScrollProp
ImageList_GetDragImage
ImageList_Create
ImageList_EndDrag
ImageList_DrawEx
ImageList_SetImageCount
FlatSB_GetScrollPos
FlatSB_SetScrollPos
InitializeFlatSB
ImageList_Copy
FlatSB_GetScrollInfo
ImageList_Write
ImageList_SetBkColor
ImageList_GetBkColor
ImageList_BeginDrag
ImageList_GetIcon
ImageList_Replace
ImageList_GetImageCount
ImageList_DragEnter
ImageList_GetIconSize
ImageList_SetIconSize
ImageList_Read
ImageList_DragLeave
ImageList_LoadImageW
ImageList_Draw
ImageList_Remove
ImageList_ReplaceIcon
ImageList_SetOverlayImage

shell32

Shell_NotifyIconW
ShellExecuteW

urlmon

URLDownloadToFileW

user32

CopyImage
CreateWindowExW
GetMenuItemInfoW
SetMenuItemInfoW
DefFrameProcW
GetDCEx
PeekMessageW
MonitorFromWindow
GetDlgCtrlID
SetTimer
WindowFromPoint
BeginPaint
RegisterClipboardFormatW
FrameRect
MapVirtualKeyW
IsWindowUnicode
RegisterWindowMessageW
FillRect
GetMenuStringW
DispatchMessageW
CreateAcceleratorTableW
SendMessageA
IsClipboardFormatAvailable
DefMDIChildProcW
EnumWindows
GetClassInfoW
ShowOwnedPopups
GetSystemMenu
GetScrollRange
GetScrollPos
SetScrollPos
GetActiveWindow
SetActiveWindow
DrawEdge
GetKeyboardLayoutList
LoadBitmapW
DrawFocusRect
EnumChildWindows
GetScrollBarInfo
ReleaseCapture
UnhookWindowsHookEx
LoadCursorW
GetCapture
SetCapture
CreatePopupMenu
ScrollWindow
ShowCaret
GetMenuItemID
GetLastActivePopup
CharLowerBuffW
GetSystemMetrics
SetWindowLongW
PostMessageW
DrawMenuBar
SetParent
IsZoomed
CharUpperBuffW
GetClientRect
IsChild
ClientToScreen
GetClipboardData
SetClipboardData
SetWindowPlacement
IsIconic
CallNextHookEx
GetMonitorInfoW
ShowWindow
CheckMenuItem
CharUpperW
DefWindowProcW
GetForegroundWindow
SetForegroundWindow
GetWindowTextW
GetWindowTextLengthW
EnableWindow
DestroyWindow
IsDialogMessageW
EndMenu
RegisterClassW
CharNextW
GetWindowThreadProcessId
RedrawWindow
GetDC
GetFocus
SetFocus
EndPaint
ReleaseDC
MsgWaitForMultipleObjectsEx
LoadKeyboardLayoutW
GetClassLongW
ActivateKeyboardLayout
GetParent
DrawTextW
SetScrollRange
MonitorFromRect
InsertMenuItemW
PeekMessageA
GetPropW
SetClassLongW
MessageBoxW
MessageBeep
SetPropW
RemovePropW
UpdateWindow
GetSubMenu
MsgWaitForMultipleObjects
DestroyMenu
DestroyIcon
SetWindowsHookExW
EmptyClipboard
IsWindowVisible
DispatchMessageA
UnregisterClassW
GetTopWindow
SendMessageW
AdjustWindowRectEx
DrawIcon
IsWindow
EnumThreadWindows
InvalidateRect
GetKeyboardState
DrawFrameControl
ScreenToClient
SetCursor
CreateIcon
CreateMenu
LoadStringW
CharLowerW
SetWindowRgn
SetWindowPos
GetMenuItemCount
RemoveMenu
GetSysColorBrush
GetKeyboardLayoutNameW
GetWindowDC
TranslateMessage
OpenClipboard
DrawTextExW
MapWindowPoints
EnumDisplayMonitors
CallWindowProcW
CountClipboardFormats
CloseClipboard
DestroyCursor
EnumClipboardFormats
GetScrollInfo
SetWindowTextW
GetMessageExtraInfo
EnableScrollBar
GetSysColor
TrackPopupMenu
CopyIcon
DrawIconEx
PostQuitMessage
GetClassNameW
ShowScrollBar
EnableMenuItem
GetIconInfo
GetMessagePos
SetScrollInfo
GetKeyNameTextW
GetDesktopWindow
GetCursorPos
SetCursorPos
HideCaret
GetMenu
GetMenuState
SetMenu
SetRect
GetKeyState
FindWindowExW
MonitorFromPoint
SystemParametersInfoW
LoadIconW
GetCursor
GetWindow
GetWindowLongW
GetWindowRect
InsertMenuW
KillTimer
WaitMessage
IsWindowEnabled
IsDialogMessageA
TranslateMDISysAccel
GetWindowPlacement
FindWindowW
DeleteMenu
GetKeyboardLayout

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

oleaut32

SysFreeString
VariantClear
VariantInit
GetErrorInfo
SysReAllocStringLen
SafeArrayCreate
SysAllocStringLen
SafeArrayPtrOfIndex
SafeArrayGetUBound
SafeArrayGetLBound
VariantCopy
VariantChangeType

advapi32

RegSetValueExW
RegConnectRegistryW
RegEnumKeyExW
RegLoadKeyW
GetUserNameW
RegDeleteKeyW
RegOpenKeyExW
RegQueryInfoKeyW
RegUnLoadKeyW
RegSaveKeyW
RegDeleteValueW
RegReplaceKeyW
RegFlushKey
RegQueryValueExW
RegEnumValueW
RegCloseKey
RegCreateKeyExW
RegRestoreKeyW

netapi32

NetWkstaGetInfo
NetApiBufferFree

msvcrt

memcpy
memset

kernel32

GetACP
LocalFree
CloseHandle
GetCurrentProcessId
SizeofResource
VirtualProtect
QueryPerformanceFrequency
IsDebuggerPresent
FindNextFileW
GetFullPathNameW
VirtualFree
ExitProcess
HeapAlloc
GetCPInfoExW
GlobalSize
GetLongPathNameW
RtlUnwind
GetCPInfo
EnumSystemLocalesW
GetStdHandle
GetTimeZoneInformation
FileTimeToLocalFileTime
SystemTimeToTzSpecificLocalTime
GetModuleHandleW
FreeLibrary
TryEnterCriticalSection
HeapDestroy
FileTimeToDosDateTime
ReadFile
CreateProcessW
HeapSize
GetLastError
GetModuleFileNameW
SetLastError
GlobalAlloc
GlobalUnlock
FindResourceW
CreateThread
CompareStringW
CopyFileW
CreateMutexW
LoadLibraryA
ResetEvent
MulDiv
FreeResource
GetDriveTypeW
GetVersion
RaiseException
MoveFileW
GlobalAddAtomW
FormatMessageW
OpenProcess
SwitchToThread
GetExitCodeThread
GetCurrentThread
LoadLibraryExW
LockResource
FileTimeToSystemTime
GetCurrentThreadId
UnhandledExceptionFilter
VirtualQuery
GlobalFindAtomW
VirtualQueryEx
GlobalFree
Sleep
EnterCriticalSection
SetFilePointer
LoadResource
SuspendThread
GetTickCount
WaitForMultipleObjects
GetFileSize
GetStartupInfoW
GlobalDeleteAtom
GetFileAttributesW
InitializeCriticalSection
GetThreadPriority
GetCurrentProcess
SetThreadPriority
GlobalLock
VirtualAlloc
GetSystemInfo
GetCommandLineW
GetTempPathW
LeaveCriticalSection
GetProcAddress
ResumeThread
GetLogicalDriveStringsW
GetVersionExW
VerifyVersionInfoW
HeapCreate
GetDiskFreeSpaceW
VerSetConditionMask
FindFirstFileW
GetUserDefaultUILanguage
lstrlenW
QueryPerformanceCounter
SetEndOfFile
HeapFree
WideCharToMultiByte
FindClose
MultiByteToWideChar
LoadLibraryW
SetEvent
CreateFileW
GetLocaleInfoW
EnumResourceNamesW
DeleteFileW
GetEnvironmentVariableW
GetLocalTime
WaitForSingleObject
WriteFile
ExitThread
DeleteCriticalSection
GetDateFormatW
TlsGetValue
SetErrorMode
GetComputerNameW
IsValidLocale
TlsSetValue
CreateDirectoryW
GetSystemDefaultUILanguage
EnumCalendarInfoW
LocalAlloc
RemoveDirectoryW
CreateEventW
WaitForMultipleObjectsEx
SetThreadLocale
GetThreadLocale

shfolder

SHGetFolderPathW

ole32

IsEqualGUID
OleInitialize
OleUninitialize
CoInitialize
CoCreateInstance
CoUninitialize
CoTaskMemFree
CoTaskMemAlloc

iphlpapi

GetAdaptersInfo
GetNumberOfInterfaces

gdi32

Pie
SetBkMode
CreateCompatibleBitmap
GetEnhMetaFileHeader
RectVisible
AngleArc
ResizePalette
SetAbortProc
SetTextColor
StretchBlt
RoundRect
RestoreDC
SetRectRgn
GetTextMetricsW
GetWindowOrgEx
CreatePalette
PolyBezierTo
CreateICW
CreateDCW
GetStockObject
CreateSolidBrush
Polygon
MoveToEx
PlayEnhMetaFile
Ellipse
StartPage
GetBitmapBits
StartDocW
AbortDoc
GetSystemPaletteEntries
GetEnhMetaFileBits
GetEnhMetaFilePaletteEntries
CreatePenIndirect
CreateFontIndirectW
PolyBezier
EndDoc
GetObjectW
GetWinMetaFileBits
SetROP2
GetEnhMetaFileDescriptionW
ArcTo
Arc
SelectPalette
ExcludeClipRect
MaskBlt
SetWindowOrgEx
EndPage
DeleteEnhMetaFile
Chord
SetDIBits
SetViewportOrgEx
CreateRectRgn
RealizePalette
SetDIBColorTable
GetDIBColorTable
CreateBrushIndirect
PatBlt
SetEnhMetaFileBits
Rectangle
SaveDC
DeleteDC
FrameRgn
BitBlt
GetDeviceCaps
GetTextExtentPoint32W
GetClipBox
IntersectClipRect
Polyline
CreateBitmap
SetWinMetaFileBits
GetStretchBltMode
CreateDIBitmap
SetStretchBltMode
GetDIBits
CreateDIBSection
LineTo
GetRgnBox
EnumFontsW
CreateHalftonePalette
SelectObject
DeleteObject
ExtFloodFill
UnrealizeObject
CopyEnhMetaFileW
SetBkColor
CreateCompatibleDC
GetBrushOrgEx
GetCurrentPositionEx
GetNearestPaletteIndex
GetTextExtentPointW
ExtTextOutW
SetBrushOrgEx
GetPixel
GdiFlush
SetPixel
EnumFontFamiliesExW
StretchDIBits
GetPaletteEntries

Exports

Exports

TMethodImplementationIntercept
__dbk_fcall_wrapper
dbkFCallWrapperAddr

Sections

.text
Size: 2.6MB - Virtual size: 2.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 60KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 26KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.didata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 162B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: - Virtual size: 72B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 93B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 236KB - Virtual size: 236KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 408KB - Virtual size: 408KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.debug
Size: 10.8MB - Virtual size: 10.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.09.18_Checkpoint-Rampant_Kitten/de339d3fe5acf83a0df5991bcce02574e1f2c4749b6d0e8f9edc563ef4f91d79
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 397KB - Virtual size: 1.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

DATA
Size: 8KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: 512B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 61KB - Virtual size: 192KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adata
Size: 512B - Virtual size: 64KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 10KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc1
Size: 8KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 716KB - Virtual size: 768KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 69KB - Virtual size: 420KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.Geddon
Size: 4KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.aspack
Size: 15KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Malware-Feed-master/2020.09.18_Checkpoint-Rampant_Kitten/dff78dc100c1efd116de1a1d9e0b9169380801a1e7e864d63dc81a263f8929e8
.exe windows:5 windows x86 arch:x86

71c1f6ca6fed8c97dd8fbacdfa1975d1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\Users\TOPH\Desktop\sefareshi-downloader-folder\rreegg32 931028-debug-tagged\HookInjEx\Debug\HookInjEx.pdb

Imports

shlwapi

PathFileExistsW

kernel32

GetFileType
CompareStringW
GetEnvironmentVariableW
GetShortPathNameW
GetModuleFileNameW
Sleep
DeleteFileW
CopyFileW
CompareStringA
SetEndOfFile
CreateFileA
InterlockedIncrement
InterlockedDecrement
InterlockedExchange
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
RtlUnwind
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RaiseException
GetCommandLineA
GetStartupInfoA
HeapValidate
IsBadReadPtr
GetLastError
MultiByteToWideChar
WideCharToMultiByte
LCMapStringA
LCMapStringW
GetCPInfo
FatalAppExitA
DebugBreak
lstrlenA
GetProcAddress
LoadLibraryA
TlsGetValue
GetModuleHandleW
TlsAlloc
TlsSetValue
GetCurrentThreadId
TlsFree
SetLastError
GetCurrentThread
GetStdHandle
WriteFile
OutputDebugStringA
WriteConsoleW
SetEnvironmentVariableA
OutputDebugStringW
ExitProcess
SetConsoleCtrlHandler
LoadLibraryW
GetConsoleCP
GetConsoleMode
SetHandleCount
ReadFile
SetFilePointer
FlushFileBuffers
CloseHandle
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapDestroy
HeapCreate
HeapFree
VirtualFree
HeapAlloc
HeapSize
HeapReAlloc
VirtualAlloc
GetACP
GetOEMCP
IsValidCodePage
GetTimeFormatA
GetDateFormatA
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
InitializeCriticalSectionAndSpinCount
GetProcessHeap
VirtualQuery
FreeLibrary
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
CreateFileW
GetTimeZoneInformation
GetLocaleInfoW

shell32

ShellExecuteW
SHGetSpecialFolderPathW

Sections

.textbss
Size: - Virtual size: 217KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 464KB - Virtual size: 464KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 88KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.09.18_Checkpoint-Rampant_Kitten/e444a49b260e815c7d2f3e309f7c7b62226d4f0658fc756ec0aed5effb5226a8
.exe windows:5 windows x86 arch:x86

16bd99f04a8d46818b0ad52a26d58308

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

oleaut32

SysFreeString
SysReAllocStringLen
SysAllocStringLen
SafeArrayPtrOfIndex
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayCreate
VariantChangeType
VariantCopy
VariantClear
VariantInit
GetErrorInfo
SysFreeString

advapi32

RegQueryValueExW
RegOpenKeyExW
RegCloseKey
RegUnLoadKeyW
RegSetValueExW
RegSaveKeyW
RegRestoreKeyW
RegReplaceKeyW
RegQueryValueExW
RegQueryInfoKeyW
RegOpenKeyExW
RegLoadKeyW
RegFlushKey
RegEnumValueW
RegEnumKeyExW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
RegConnectRegistryW
RegCloseKey

user32

CharNextW
LoadStringW
SetClassLongW
GetClassLongW
SetWindowLongW
GetWindowLongW
CreateWindowExW
WindowFromPoint
WaitMessage
UpdateWindow
UnregisterClassW
UnhookWindowsHookEx
TranslateMessage
TranslateMDISysAccel
TrackPopupMenu
SystemParametersInfoW
ShowWindow
ShowScrollBar
ShowOwnedPopups
ShowCaret
SetWindowRgn
SetWindowsHookExW
SetWindowTextW
SetWindowPos
SetWindowPlacement
SetTimer
SetScrollRange
SetScrollPos
SetScrollInfo
SetRect
SetPropW
SetParent
SetMenuItemInfoW
SetMenu
SetForegroundWindow
SetFocus
SetCursorPos
SetCursor
SetClipboardData
SetCapture
SetActiveWindow
SendMessageA
SendMessageW
ScrollWindow
ScreenToClient
RemovePropW
RemoveMenu
ReleaseDC
ReleaseCapture
RegisterWindowMessageW
RegisterClipboardFormatW
RegisterClassW
RedrawWindow
PostQuitMessage
PostMessageW
PeekMessageA
PeekMessageW
OpenClipboard
MsgWaitForMultipleObjectsEx
MsgWaitForMultipleObjects
MessageBoxW
MessageBeep
MapWindowPoints
MapVirtualKeyW
LoadStringW
LoadKeyboardLayoutW
LoadIconW
LoadCursorW
LoadBitmapW
KillTimer
IsZoomed
IsWindowVisible
IsWindowUnicode
IsWindowEnabled
IsWindow
IsIconic
IsDialogMessageA
IsDialogMessageW
IsChild
InvalidateRect
InsertMenuItemW
InsertMenuW
HideCaret
GetWindowThreadProcessId
GetWindowTextW
GetWindowRect
GetWindowPlacement
GetWindowDC
GetTopWindow
GetSystemMetrics
GetSystemMenu
GetSysColorBrush
GetSysColor
GetSubMenu
GetScrollRange
GetScrollPos
GetScrollInfo
GetPropW
GetParent
GetWindow
GetMessagePos
GetMessageExtraInfo
GetMenuStringW
GetMenuState
GetMenuItemInfoW
GetMenuItemID
GetMenuItemCount
GetMenu
GetLastActivePopup
GetKeyboardState
GetKeyboardLayoutNameW
GetKeyboardLayoutList
GetKeyboardLayout
GetKeyState
GetKeyNameTextW
GetIconInfo
GetForegroundWindow
GetFocus
GetDlgCtrlID
GetDesktopWindow
GetDCEx
GetDC
GetCursorPos
GetCursor
GetClipboardData
GetClientRect
GetClassNameW
GetClassInfoExW
GetClassInfoW
GetCapture
GetActiveWindow
FrameRect
FindWindowExW
FindWindowW
FillRect
EnumWindows
EnumThreadWindows
EnumChildWindows
EndPaint
EndMenu
EnableWindow
EnableScrollBar
EnableMenuItem
EmptyClipboard
DrawTextExW
DrawTextW
DrawMenuBar
DrawIconEx
DrawIcon
DrawFrameControl
DrawFocusRect
DrawEdge
DispatchMessageA
DispatchMessageW
DestroyWindow
DestroyMenu
DestroyIcon
DestroyCursor
DeleteMenu
DefWindowProcW
DefMDIChildProcW
DefFrameProcW
CreatePopupMenu
CreateMenu
CreateIcon
CreateAcceleratorTableW
CopyImage
CopyIcon
CloseClipboard
ClientToScreen
CheckMenuItem
CharUpperBuffW
CharUpperW
CharNextW
CharLowerBuffW
CharLowerW
CallWindowProcW
CallNextHookEx
BeginPaint
AdjustWindowRectEx
ActivateKeyboardLayout
EnumDisplayMonitors
GetMonitorInfoW
MonitorFromPoint
MonitorFromRect
MonitorFromWindow

kernel32

Sleep
VirtualFree
VirtualAlloc
lstrlenW
VirtualQuery
QueryPerformanceCounter
GetTickCount
GetSystemInfo
GetVersion
CompareStringW
IsValidLocale
SetThreadLocale
GetSystemDefaultUILanguage
GetUserDefaultUILanguage
GetLocaleInfoW
WideCharToMultiByte
MultiByteToWideChar
GetACP
LoadLibraryExW
GetStartupInfoW
GetProcAddress
GetModuleHandleW
GetModuleFileNameW
GetCommandLineW
FreeLibrary
GetLastError
UnhandledExceptionFilter
RtlUnwind
RaiseException
ExitProcess
ExitThread
SwitchToThread
GetCurrentThreadId
CreateThread
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
FindFirstFileW
FindClose
WriteFile
GetStdHandle
CloseHandle
GetProcAddress
RaiseException
LoadLibraryA
GetLastError
TlsSetValue
TlsGetValue
LocalFree
LocalAlloc
GetModuleHandleW
FreeLibrary
WriteFile
WideCharToMultiByte
WaitForSingleObject
WaitForMultipleObjectsEx
VirtualQueryEx
VirtualQuery
VirtualProtect
VirtualFree
VirtualAlloc
VerSetConditionMask
VerifyVersionInfoW
TryEnterCriticalSection
SwitchToThread
SuspendThread
Sleep
SizeofResource
SetThreadPriority
SetThreadLocale
SetLastError
SetFilePointer
SetEvent
SetErrorMode
SetEndOfFile
ResumeThread
ResetEvent
ReadFile
RaiseException
QueryPerformanceFrequency
QueryPerformanceCounter
IsDebuggerPresent
MulDiv
LockResource
LocalFree
LoadResource
LoadLibraryW
LeaveCriticalSection
IsValidLocale
InitializeCriticalSection
HeapSize
HeapFree
HeapDestroy
HeapCreate
HeapAlloc
GlobalUnlock
GlobalLock
GlobalFree
GlobalFindAtomW
GlobalDeleteAtom
GlobalAlloc
GlobalAddAtomW
GetVersionExW
GetVersion
GetTickCount
GetThreadPriority
GetThreadLocale
GetStdHandle
GetProcAddress
GetModuleHandleW
GetModuleFileNameW
GetLocaleInfoW
GetLocalTime
GetLastError
GetFullPathNameW
GetFileAttributesW
GetExitCodeThread
GetDiskFreeSpaceW
GetDateFormatW
GetCurrentThreadId
GetCurrentThread
GetCurrentProcessId
GetCurrentProcess
GetCPInfoExW
GetCPInfo
GetACP
FreeResource
InterlockedExchange
InterlockedCompareExchange
FreeLibrary
FormatMessageW
FindResourceW
EnumSystemLocalesW
EnumResourceNamesW
EnumCalendarInfoW
EnterCriticalSection
DeleteCriticalSection
CreateThread
CreateFileW
CreateEventW
CompareStringW
CloseHandle
Sleep

gdi32

UnrealizeObject
StretchDIBits
StretchBlt
StartPage
StartDocW
SetWindowOrgEx
SetWinMetaFileBits
SetViewportOrgEx
SetTextColor
SetStretchBltMode
SetRectRgn
SetROP2
SetPixel
SetEnhMetaFileBits
SetDIBits
SetDIBColorTable
SetBrushOrgEx
SetBkMode
SetBkColor
SetAbortProc
SelectPalette
SelectObject
SaveDC
RoundRect
RestoreDC
Rectangle
RectVisible
RealizePalette
Polyline
Polygon
PolyBezierTo
PolyBezier
PlayEnhMetaFile
Pie
PatBlt
MoveToEx
MaskBlt
LineTo
IntersectClipRect
GetWindowOrgEx
GetWinMetaFileBits
GetTextMetricsW
GetTextExtentPointW
GetTextExtentPoint32W
GetSystemPaletteEntries
GetStockObject
GetRgnBox
GetPixel
GetPaletteEntries
GetObjectW
GetEnhMetaFilePaletteEntries
GetEnhMetaFileHeader
GetEnhMetaFileDescriptionW
GetEnhMetaFileBits
GetDeviceCaps
GetDIBits
GetDIBColorTable
GetCurrentPositionEx
GetClipBox
GetBrushOrgEx
GetBitmapBits
GdiFlush
FrameRgn
ExtTextOutW
ExtFloodFill
ExcludeClipRect
EnumFontsW
EnumFontFamiliesExW
EndPage
EndDoc
Ellipse
DeleteObject
DeleteEnhMetaFile
DeleteDC
CreateSolidBrush
CreateRectRgn
CreatePenIndirect
CreatePalette
CreateICW
CreateHalftonePalette
CreateFontIndirectW
CreateDIBitmap
CreateDIBSection
CreateDCW
CreateCompatibleDC
CreateCompatibleBitmap
CreateBrushIndirect
CreateBitmap
CopyEnhMetaFileW
Chord
BitBlt
ArcTo
Arc
AngleArc
AbortDoc

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

netapi32

NetWkstaGetInfo

ole32

OleUninitialize
OleInitialize
CoTaskMemFree
CoTaskMemAlloc
CoCreateInstance
CoUninitialize
CoInitialize
IsEqualGUID

comctl32

InitializeFlatSB
FlatSB_SetScrollProp
FlatSB_SetScrollPos
FlatSB_SetScrollInfo
FlatSB_GetScrollPos
FlatSB_GetScrollInfo
_TrackMouseEvent
ImageList_GetImageInfo
ImageList_SetIconSize
ImageList_GetIconSize
ImageList_Write
ImageList_Read
ImageList_GetDragImage
ImageList_DragShowNolock
ImageList_DragMove
ImageList_DragLeave
ImageList_DragEnter
ImageList_EndDrag
ImageList_BeginDrag
ImageList_Copy
ImageList_LoadImageW
ImageList_GetIcon
ImageList_Remove
ImageList_DrawEx
ImageList_Replace
ImageList_Draw
ImageList_SetOverlayImage
ImageList_GetBkColor
ImageList_SetBkColor
ImageList_ReplaceIcon
ImageList_Add
ImageList_SetImageCount
ImageList_GetImageCount
ImageList_Destroy
ImageList_Create

msvcrt

memset
memcpy

shell32

Shell_NotifyIconW

winspool.drv

OpenPrinterW
EnumPrintersW
DocumentPropertiesW
ClosePrinter
GetDefaultPrinterW

Exports

Exports

TMethodImplementationIntercept
__dbk_fcall_wrapper
dbkFCallWrapperAddr

Sections

.text
Size: 1.9MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 21KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.didata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 154B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: - Virtual size: 64B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 93B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 171KB - Virtual size: 170KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 6.6MB - Virtual size: 6.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.09.18_Checkpoint-Rampant_Kitten/e4e210aedf8120a4c765bd340bd78b4a84f7ee486314132a8364fd417f4fa128
.exe windows:5 windows x86 arch:x86

a42dc50e3192a1164db2bc45bf0a51e3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\Users\MRH\Desktop\Source 920208\SelfExtract_Unicode_921028\Debug\Example.pdb

Imports

shlwapi

PathFileExistsW

shell32

ShellExecuteW

kernel32

GetStdHandle
CompareStringW
CompareStringA
SetEndOfFile
CopyFileW
GetTempPathW
GetShortPathNameW
GetModuleFileNameW
InterlockedIncrement
InterlockedDecrement
WideCharToMultiByte
MultiByteToWideChar
InterlockedCompareExchange
InterlockedExchange
Sleep
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
RaiseException
RtlUnwind
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCPInfo
GetCommandLineA
GetStartupInfoA
HeapValidate
IsBadReadPtr
GetLastError
LCMapStringA
LCMapStringW
GetStringTypeW
DebugBreak
lstrlenA
GetProcAddress
LoadLibraryA
FatalAppExitA
TlsGetValue
GetModuleHandleW
TlsAlloc
TlsSetValue
GetCurrentThreadId
TlsFree
SetLastError
GetCurrentThread
WriteFile
GetConsoleCP
GetConsoleMode
SetHandleCount
SetEnvironmentVariableA
GetFileType
ReadFile
SetFilePointer
FlushFileBuffers
CloseHandle
OutputDebugStringA
WriteConsoleW
OutputDebugStringW
ExitProcess
SetConsoleCtrlHandler
LoadLibraryW
GetStringTypeA
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapDestroy
HeapCreate
HeapFree
VirtualFree
HeapAlloc
HeapSize
HeapReAlloc
VirtualAlloc
GetACP
GetOEMCP
IsValidCodePage
GetTimeFormatA
GetDateFormatA
GetLocaleInfoA
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
GetProcessHeap
VirtualQuery
FreeLibrary
InitializeCriticalSectionAndSpinCount
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
GetLocaleInfoW
CreateFileW
GetTimeZoneInformation
CreateFileA

Sections

.textbss
Size: - Virtual size: 225KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 479KB - Virtual size: 479KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 87KB - Virtual size: 87KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 282KB - Virtual size: 281KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.09.18_Checkpoint-Rampant_Kitten/e7782cedc67fe36d2fb9005c5bb165c75db9587f3de57b408acb20f6757c7f56
.exe windows:5 windows x86 arch:x86

1e0d7c1473c861f94e2b9dc7de5ba0f4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Users\To-ph\Desktop\93.03.05\downloader-uncompltednl-32-930307\Debug\pa2.pdb

Imports

kernel32

GetProcAddress
GetCurrentProcess
GetModuleHandleA
FreeLibrary
LoadLibraryA
GetTempPathW
GetCurrentDirectoryW
Sleep
CopyFileW
CreateDirectoryW
GetModuleFileNameW
GetShortPathNameW
GetVersionExA
CompareStringW
CompareStringA
SetEndOfFile
CreateFileA
GetTimeZoneInformation
CreateFileW
GetLocaleInfoW
GetConsoleOutputCP
InterlockedIncrement
InterlockedDecrement
WideCharToMultiByte
MultiByteToWideChar
InterlockedCompareExchange
InterlockedExchange
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetLastError
MoveFileW
RtlUnwind
RaiseException
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCPInfo
GetCommandLineA
GetStartupInfoA
HeapValidate
IsBadReadPtr
LCMapStringA
LCMapStringW
GetStringTypeW
FatalAppExitA
DebugBreak
lstrlenA
GetACP
GetOEMCP
IsValidCodePage
TlsGetValue
GetModuleHandleW
TlsAlloc
TlsSetValue
GetCurrentThreadId
TlsFree
SetLastError
GetCurrentThread
WriteFile
GetConsoleCP
GetConsoleMode
SetHandleCount
GetStdHandle
GetFileType
ReadFile
SetFilePointer
FlushFileBuffers
CloseHandle
OutputDebugStringA
WriteConsoleW
OutputDebugStringW
ExitProcess
SetConsoleCtrlHandler
LoadLibraryW
GetStringTypeA
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapDestroy
HeapCreate
HeapFree
VirtualFree
HeapAlloc
HeapSize
HeapReAlloc
VirtualAlloc
GetTimeFormatA
GetDateFormatA
GetLocaleInfoA
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
InitializeCriticalSectionAndSpinCount
GetProcessHeap
VirtualQuery
SetStdHandle
WriteConsoleA
SetEnvironmentVariableA

user32

FindWindowExA
FindWindowA

shell32

ShellExecuteW
SHGetSpecialFolderPathW

shlwapi

PathFileExistsW

Sections

.textbss
Size: - Virtual size: 236KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 503KB - Virtual size: 502KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 91KB - Virtual size: 90KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.09.18_Checkpoint-Rampant_Kitten/e7eeb7781f521ddc5481626a2410ed8cc871809c36d8d8f74af9dd3f8c42505d
.exe windows:5 windows x86 arch:x86

6ec957e7f35c8e85ad488102104adae2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

PathFileExistsW

kernel32

CompareStringW
GetEnvironmentVariableW
GetShortPathNameW
GetModuleFileNameW
Sleep
DeleteFileW
CopyFileW
CompareStringA
GetProcessHeap
SetEndOfFile
WideCharToMultiByte
InterlockedIncrement
InterlockedDecrement
InterlockedExchange
MultiByteToWideChar
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetSystemTimeAsFileTime
RtlUnwind
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RaiseException
GetLastError
HeapFree
GetTimeFormatA
GetDateFormatA
GetCommandLineA
GetStartupInfoA
LCMapStringA
LCMapStringW
GetCPInfo
HeapAlloc
GetTimeZoneInformation
GetModuleHandleW
GetProcAddress
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetCurrentThreadId
HeapCreate
SetEnvironmentVariableA
VirtualFree
VirtualAlloc
HeapReAlloc
SetHandleCount
GetStdHandle
GetFileType
WriteFile
GetConsoleCP
GetConsoleMode
FlushFileBuffers
ReadFile
SetFilePointer
CloseHandle
GetModuleHandleA
GetACP
GetOEMCP
IsValidCodePage
ExitProcess
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetLocaleInfoA
GetStringTypeA
GetStringTypeW
HeapSize
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
InitializeCriticalSectionAndSpinCount
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetStdHandle
LoadLibraryA
GetLocaleInfoW
CreateFileW
CreateFileA

shell32

ShellExecuteW
SHGetSpecialFolderPathW

Sections

.text
Size: 137KB - Virtual size: 136KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.09.18_Checkpoint-Rampant_Kitten/e8f785efb62fbdf31a12012d38798301329e5262090991152e94342ef6dfa276
.exe windows:5 windows x86 arch:x86

a0215a0edf14a4c47cb4b0b5e42244d5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

PathFileExistsW

kernel32

SetLastError
GetModuleFileNameW
ExitProcess
CopyFileW
GetCurrentDirectoryW
GetShortPathNameW
GetVersionExA
GetStringTypeW
GetStringTypeA
GetCommandLineA
GetStartupInfoA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetModuleHandleW
Sleep
GetProcAddress
WriteFile
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetLastError
GetEnvironmentStringsW
SetHandleCount
GetFileType
DeleteCriticalSection
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
GetCurrentThreadId
InterlockedDecrement
HeapCreate
VirtualFree
HeapFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
LeaveCriticalSection
EnterCriticalSection
LoadLibraryA
InitializeCriticalSectionAndSpinCount
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
HeapAlloc
VirtualAlloc
HeapReAlloc
RtlUnwind
HeapSize
GetLocaleInfoA
LCMapStringA
MultiByteToWideChar
LCMapStringW

user32

FindWindowA
FindWindowExA

shell32

SHGetSpecialFolderPathW

dhtmlh

?wcscpy_s2@@YAHPAGHPBG@Z
?wcscat_s2@@YAHPAGHPBG@Z
?InjectDll@@YAHPAUHWND__@@QAGHH@Z

Sections

.text
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.09.18_Checkpoint-Rampant_Kitten/e9bf479de992e8a7cfff4d5d528ec85614e9ad0892feb5f588047dd78decf069
.exe windows:5 windows x86 arch:x86

b564df18f8ac7bb960cee1f1ff018a79

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

shlwapi

PathCanonicalizeW
PathIsRelativeW
PathIsUNCW

winspool.drv

DocumentPropertiesW
ClosePrinter
OpenPrinterW
GetDefaultPrinterW
EnumPrintersW

comctl32

ImageList_GetImageInfo
FlatSB_SetScrollInfo
ImageList_DragMove
ImageList_Destroy
_TrackMouseEvent
ImageList_DragShowNolock
ImageList_Add
FlatSB_SetScrollProp
ImageList_GetDragImage
ImageList_Create
ImageList_EndDrag
ImageList_DrawEx
ImageList_SetImageCount
FlatSB_GetScrollPos
FlatSB_SetScrollPos
InitializeFlatSB
ImageList_Copy
FlatSB_GetScrollInfo
ImageList_Write
ImageList_SetBkColor
ImageList_GetBkColor
ImageList_BeginDrag
ImageList_GetIcon
ImageList_Replace
ImageList_GetImageCount
ImageList_DragEnter
ImageList_GetIconSize
ImageList_SetIconSize
ImageList_Read
ImageList_DragLeave
ImageList_LoadImageW
ImageList_Draw
ImageList_Remove
ImageList_ReplaceIcon
ImageList_SetOverlayImage

shell32

DragFinish
DragQueryFileW
Shell_NotifyIconW

user32

CopyImage
CreateWindowExW
GetMenuItemInfoW
SetMenuItemInfoW
DefFrameProcW
GetDCEx
PeekMessageW
MonitorFromWindow
GetDlgCtrlID
SetTimer
WindowFromPoint
BeginPaint
RegisterClipboardFormatW
FrameRect
MapVirtualKeyW
IsWindowUnicode
RegisterWindowMessageW
FillRect
GetMenuStringW
DispatchMessageW
CreateAcceleratorTableW
SendMessageA
DefMDIChildProcW
EnumWindows
GetClassInfoW
ShowOwnedPopups
GetSystemMenu
GetScrollRange
SetScrollPos
GetScrollPos
GetActiveWindow
SetActiveWindow
DrawEdge
GetKeyboardLayoutList
LoadBitmapW
DrawFocusRect
EnumChildWindows
GetScrollBarInfo
ReleaseCapture
UnhookWindowsHookEx
LoadCursorW
GetCapture
SetCapture
CreatePopupMenu
ScrollWindow
ShowCaret
GetMenuItemID
GetLastActivePopup
CharLowerBuffW
GetSystemMetrics
SetWindowLongW
PostMessageW
DrawMenuBar
SetParent
IsZoomed
CharUpperBuffW
GetClientRect
IsChild
ClientToScreen
GetClipboardData
SetClipboardData
SetWindowPlacement
IsIconic
CallNextHookEx
GetMonitorInfoW
ShowWindow
CheckMenuItem
CharUpperW
DefWindowProcW
GetForegroundWindow
SetForegroundWindow
GetWindowTextW
EnableWindow
DestroyWindow
IsDialogMessageW
EndMenu
RegisterClassW
CharNextW
GetWindowThreadProcessId
RedrawWindow
GetDC
GetFocus
SetFocus
EndPaint
ReleaseDC
MsgWaitForMultipleObjectsEx
LoadKeyboardLayoutW
GetClassLongW
ActivateKeyboardLayout
GetParent
DrawTextW
SetScrollRange
MonitorFromRect
InsertMenuItemW
PeekMessageA
GetPropW
SetClassLongW
MessageBoxW
MessageBeep
SetPropW
RemovePropW
UpdateWindow
GetSubMenu
MsgWaitForMultipleObjects
DestroyMenu
DestroyIcon
SetWindowsHookExW
EmptyClipboard
IsWindowVisible
DispatchMessageA
UnregisterClassW
GetTopWindow
SendMessageW
AdjustWindowRectEx
DrawIcon
IsWindow
EnumThreadWindows
GetMessageTime
InvalidateRect
GetKeyboardState
DrawFrameControl
ScreenToClient
SetCursor
CreateIcon
CreateMenu
LoadStringW
CharLowerW
SetWindowRgn
SetWindowPos
GetMenuItemCount
RemoveMenu
GetSysColorBrush
GetKeyboardLayoutNameW
GetWindowDC
TranslateMessage
OpenClipboard
DrawTextExW
MapWindowPoints
EnumDisplayMonitors
CallWindowProcW
CloseClipboard
DestroyCursor
GetScrollInfo
SetWindowTextW
GetMessageExtraInfo
EnableScrollBar
GetSysColor
TrackPopupMenu
CharUpperBuffA
CopyIcon
DrawIconEx
PostQuitMessage
GetClassNameW
ShowScrollBar
EnableMenuItem
GetIconInfo
GetMessagePos
SetScrollInfo
GetKeyNameTextW
GetDesktopWindow
GetCursorPos
SetCursorPos
HideCaret
GetMenu
GetMenuState
SetMenu
SetRect
GetKeyState
FindWindowExW
MonitorFromPoint
SystemParametersInfoW
LoadIconW
GetCursor
GetWindow
GetWindowLongW
GetWindowRect
InsertMenuW
KillTimer
WaitMessage
IsWindowEnabled
IsDialogMessageA
TranslateMDISysAccel
GetWindowPlacement
FindWindowW
DeleteMenu
GetKeyboardLayout

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

oleaut32

SafeArrayPutElement
GetErrorInfo
VariantInit
VariantClear
SysFreeString
SafeArrayAccessData
SysReAllocStringLen
SafeArrayCreate
SafeArrayGetElement
GetActiveObject
SysAllocStringLen
SafeArrayUnaccessData
SafeArrayPtrOfIndex
VariantCopy
SafeArrayGetUBound
SafeArrayGetLBound
VariantCopyInd
VariantChangeType

advapi32

RegSetValueExW
RegConnectRegistryW
RegEnumKeyExW
RegLoadKeyW
GetUserNameW
RegDeleteKeyW
RegOpenKeyExW
RegQueryInfoKeyW
RegUnLoadKeyW
RegSaveKeyW
RegDeleteValueW
RegReplaceKeyW
RegFlushKey
RegQueryValueExW
RegEnumValueW
RegCloseKey
RegCreateKeyExW
RegRestoreKeyW

netapi32

NetWkstaGetInfo
NetApiBufferFree

kernel32

SetFileAttributesW
QueryDosDeviceW
GetACP
CloseHandle
LocalFree
GetCurrentProcessId
SizeofResource
VirtualProtect
QueryPerformanceFrequency
IsDebuggerPresent
FindNextFileW
GetFullPathNameW
VirtualFree
ExitProcess
HeapAlloc
GetCPInfoExW
GlobalSize
RtlUnwind
GetCPInfo
EnumSystemLocalesW
CreateWaitableTimerW
GetStdHandle
GetTimeZoneInformation
FileTimeToLocalFileTime
SystemTimeToTzSpecificLocalTime
GetModuleHandleW
FreeLibrary
TryEnterCriticalSection
HeapDestroy
FileTimeToDosDateTime
ReadFile
GetUserDefaultLCID
HeapSize
GetLastError
GetModuleFileNameW
SetLastError
GlobalAlloc
GlobalUnlock
FindResourceW
CreateThread
CompareStringW
MapViewOfFile
CreateMutexW
LoadLibraryA
GetVolumeInformationW
ResetEvent
MulDiv
FreeResource
GetDriveTypeW
GetVersion
RaiseException
MoveFileW
GlobalAddAtomW
FormatMessageW
OpenProcess
SwitchToThread
GetExitCodeThread
OutputDebugStringW
GetCurrentThread
GlobalMemoryStatusEx
LoadLibraryExW
LockResource
GetCurrentThreadId
UnhandledExceptionFilter
VirtualQuery
GlobalFindAtomW
VirtualQueryEx
GlobalFree
Sleep
EnterCriticalSection
SetFilePointer
LoadResource
SuspendThread
GetTickCount
WaitForMultipleObjects
GetFileSize
GetStartupInfoW
GlobalDeleteAtom
GetFileAttributesW
GetCurrentDirectoryW
SetCurrentDirectoryW
InitializeCriticalSection
GetThreadPriority
GetCurrentProcess
SetThreadPriority
GlobalLock
VirtualAlloc
GetSystemInfo
GetCommandLineW
LeaveCriticalSection
GetProcAddress
ResumeThread
SetWaitableTimer
GetLogicalDriveStringsW
CancelWaitableTimer
GetVersionExW
VerifyVersionInfoW
HeapCreate
GetDiskFreeSpaceW
VerSetConditionMask
FindFirstFileW
GetUserDefaultUILanguage
UnmapViewOfFile
lstrlenW
CompareStringA
QueryPerformanceCounter
SetEndOfFile
HeapFree
WideCharToMultiByte
FindClose
MultiByteToWideChar
LoadLibraryW
SetEvent
CreateFileW
GetLocaleInfoW
EnumResourceNamesW
DeleteFileW
GetLocalTime
WaitForSingleObject
WriteFile
CreateFileMappingW
ExitThread
DeleteCriticalSection
GetDateFormatW
TlsGetValue
SetErrorMode
TzSpecificLocalTimeToSystemTime
GetComputerNameW
IsValidLocale
TlsSetValue
CreateDirectoryW
GetSystemDefaultUILanguage
IsWow64Process
EnumCalendarInfoW
LocalAlloc
RemoveDirectoryW
CreateEventW
WaitForMultipleObjectsEx
GetThreadLocale
SetThreadLocale

ole32

RevokeDragDrop
OleRegEnumVerbs
IsAccelerator
CoCreateInstance
CoUninitialize
ReleaseStgMedium
RegisterDragDrop
IsEqualGUID
ProgIDFromCLSID
CreateStreamOnHGlobal
OleInitialize
CoGetMalloc
OleUninitialize
CoGetClassObject
CoInitialize
CoTaskMemFree
OleDraw
CoTaskMemAlloc
StringFromCLSID
OleSetMenuDescriptor
DoDragDrop

gdi32

Pie
SetBkMode
CreateCompatibleBitmap
GetEnhMetaFileHeader
CloseEnhMetaFile
RectVisible
AngleArc
SetAbortProc
SetTextColor
StretchBlt
RoundRect
RestoreDC
SetRectRgn
GetTextMetricsW
GetWindowOrgEx
CreatePalette
PolyBezierTo
CreateICW
CreateDCW
GetStockObject
CreateSolidBrush
Polygon
MoveToEx
PlayEnhMetaFile
Ellipse
StartPage
GetBitmapBits
StartDocW
AbortDoc
GetSystemPaletteEntries
GetEnhMetaFileBits
GetEnhMetaFilePaletteEntries
CreatePenIndirect
SetMapMode
CreateFontIndirectW
PolyBezier
LPtoDP
EndDoc
GetObjectW
GetWinMetaFileBits
SetROP2
GetEnhMetaFileDescriptionW
ArcTo
CreateEnhMetaFileW
Arc
SelectPalette
ExcludeClipRect
MaskBlt
SetWindowOrgEx
EndPage
DeleteEnhMetaFile
Chord
SetDIBits
SetViewportOrgEx
CreateRectRgn
RealizePalette
SetDIBColorTable
GetDIBColorTable
CreateBrushIndirect
PatBlt
SetEnhMetaFileBits
Rectangle
SaveDC
DeleteDC
FrameRgn
BitBlt
GetDeviceCaps
GetTextExtentPoint32W
GetClipBox
IntersectClipRect
Polyline
CreateBitmap
SetWinMetaFileBits
GetStretchBltMode
CreateDIBitmap
SetStretchBltMode
GetDIBits
CreateDIBSection
LineTo
GetRgnBox
EnumFontsW
CreateHalftonePalette
SelectObject
DeleteObject
ExtFloodFill
UnrealizeObject
CopyEnhMetaFileW
SetBkColor
CreateCompatibleDC
GetBrushOrgEx
GetCurrentPositionEx
GetTextExtentPointW
ExtTextOutW
SetBrushOrgEx
GetPixel
GdiFlush
SetPixel
EnumFontFamiliesExW
StretchDIBits
GetPaletteEntries

Exports

Exports

TMethodImplementationIntercept
__dbk_fcall_wrapper
dbkFCallWrapperAddr

Sections

.text
Size: 2.6MB - Virtual size: 2.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 25KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.didata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 162B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: - Virtual size: 72B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 93B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 234KB - Virtual size: 233KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 142.3MB - Virtual size: 142.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.debug
Size: 15.2MB - Virtual size: 15.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.09.18_Checkpoint-Rampant_Kitten/ee295bd3669ddaebcd9be020debd1853c6eb7029c8017734e44c8cdce5e15241
.exe windows:5 windows x86 arch:x86

1f7a75400d26e7635dde213868c4c71b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

winmm

timeGetTime

wininet

InternetGetConnectedState

winspool.drv

DocumentPropertiesW
ClosePrinter
OpenPrinterW
GetDefaultPrinterW
EnumPrintersW

comctl32

ImageList_GetImageInfo
FlatSB_SetScrollInfo
ImageList_DragMove
ImageList_Destroy
_TrackMouseEvent
ImageList_DragShowNolock
ImageList_Add
FlatSB_SetScrollProp
ImageList_GetDragImage
ImageList_Create
ImageList_EndDrag
ImageList_DrawEx
ImageList_SetImageCount
FlatSB_GetScrollPos
FlatSB_SetScrollPos
InitializeFlatSB
ImageList_Copy
FlatSB_GetScrollInfo
ImageList_Write
ImageList_SetBkColor
ImageList_GetBkColor
ImageList_BeginDrag
ImageList_GetIcon
ImageList_Replace
ImageList_GetImageCount
ImageList_DragEnter
ImageList_GetIconSize
ImageList_SetIconSize
ImageList_Read
ImageList_DragLeave
ImageList_LoadImageW
ImageList_Draw
ImageList_Remove
ImageList_ReplaceIcon
ImageList_SetOverlayImage

shell32

Shell_NotifyIconW

user32

CopyImage
CreateWindowExW
GetMenuItemInfoW
SetMenuItemInfoW
DefFrameProcW
GetDCEx
PeekMessageW
MonitorFromWindow
GetDlgCtrlID
SetTimer
WindowFromPoint
BeginPaint
RegisterClipboardFormatW
FrameRect
MapVirtualKeyW
IsWindowUnicode
RegisterWindowMessageW
FillRect
GetMenuStringW
DispatchMessageW
CreateAcceleratorTableW
SendMessageA
IsClipboardFormatAvailable
DefMDIChildProcW
EnumWindows
GetClassInfoW
GetClassInfoExW
ShowOwnedPopups
GetSystemMenu
GetScrollRange
SetScrollPos
GetScrollPos
GetActiveWindow
SetActiveWindow
DrawEdge
GetKeyboardLayoutList
LoadBitmapW
DrawFocusRect
EnumChildWindows
ReleaseCapture
UnhookWindowsHookEx
LoadCursorW
GetCapture
SetCapture
CreatePopupMenu
ScrollWindow
ShowCaret
GetMenuItemID
GetLastActivePopup
CharLowerBuffW
GetSystemMetrics
SetWindowLongW
PostMessageW
DrawMenuBar
SetParent
IsZoomed
CharUpperBuffW
GetClientRect
IsChild
ClientToScreen
GetClipboardData
SetClipboardData
SetWindowPlacement
IsIconic
CallNextHookEx
GetMonitorInfoW
ShowWindow
CheckMenuItem
CharUpperW
DefWindowProcW
GetForegroundWindow
SetForegroundWindow
GetWindowTextW
EnableWindow
DestroyWindow
IsDialogMessageW
EndMenu
RegisterClassW
CharNextW
GetWindowThreadProcessId
RedrawWindow
GetDC
GetFocus
SetFocus
EndPaint
ReleaseDC
MsgWaitForMultipleObjectsEx
LoadKeyboardLayoutW
GetClassLongW
ActivateKeyboardLayout
GetParent
DrawTextW
SetScrollRange
MonitorFromRect
InsertMenuItemW
PeekMessageA
GetPropW
SetClassLongW
MessageBoxW
MessageBeep
SetPropW
RemovePropW
UpdateWindow
GetSubMenu
MsgWaitForMultipleObjects
DestroyMenu
DestroyIcon
SetWindowsHookExW
EmptyClipboard
IsWindowVisible
DispatchMessageA
UnregisterClassW
GetTopWindow
SendMessageW
AdjustWindowRectEx
DrawIcon
IsWindow
EnumThreadWindows
InvalidateRect
GetKeyboardState
DrawFrameControl
ScreenToClient
SetCursor
CreateIcon
CreateMenu
LoadStringW
CharLowerW
SetWindowRgn
SetWindowPos
GetMenuItemCount
RemoveMenu
GetSysColorBrush
GetKeyboardLayoutNameW
GetWindowDC
TranslateMessage
OpenClipboard
DrawTextExW
MapWindowPoints
EnumDisplayMonitors
CallWindowProcW
CloseClipboard
DestroyCursor
EnumClipboardFormats
GetScrollInfo
SetWindowTextW
EnumDisplayDevicesW
GetMessageExtraInfo
EnableScrollBar
GetSysColor
TrackPopupMenu
CopyIcon
DrawIconEx
PostQuitMessage
GetClassNameW
ShowScrollBar
EnableMenuItem
GetIconInfo
GetMessagePos
SetScrollInfo
GetKeyNameTextW
GetDesktopWindow
GetCursorPos
SetCursorPos
HideCaret
GetMenu
GetMenuState
SetMenu
SetRect
GetKeyState
FindWindowExW
MonitorFromPoint
SystemParametersInfoW
LoadIconW
GetCursor
GetWindow
GetWindowLongW
GetWindowRect
InsertMenuW
KillTimer
WaitMessage
IsWindowEnabled
IsDialogMessageA
TranslateMDISysAccel
GetWindowPlacement
FindWindowW
DeleteMenu
GetKeyboardLayout

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

oleaut32

SysFreeString
VariantClear
VariantInit
GetErrorInfo
SysReAllocStringLen
SafeArrayCreate
SysAllocStringLen
SafeArrayPtrOfIndex
SafeArrayGetUBound
SafeArrayGetLBound
VariantCopy
VariantChangeType

advapi32

RegSetValueExW
RegConnectRegistryW
RegEnumKeyExW
RegLoadKeyW
RegDeleteKeyW
RegOpenKeyExW
RegQueryInfoKeyW
RegUnLoadKeyW
RegSaveKeyW
RegDeleteValueW
RegReplaceKeyW
RegFlushKey
RegQueryValueExW
RegEnumValueW
RegCloseKey
RegCreateKeyExW
RegRestoreKeyW

netapi32

NetWkstaGetInfo
NetApiBufferFree

kernel32

GetACP
LocalFree
CloseHandle
GetCurrentProcessId
SizeofResource
VirtualProtect
QueryPerformanceFrequency
IsDebuggerPresent
VirtualFree
GetFullPathNameW
ExitProcess
HeapAlloc
GetCPInfoExW
GlobalSize
RtlUnwind
GetCPInfo
EnumSystemLocalesW
GetStdHandle
GetModuleHandleW
FreeLibrary
TryEnterCriticalSection
HeapDestroy
ReadFile
HeapSize
GetLastError
GetModuleFileNameW
SetLastError
GlobalAlloc
GlobalUnlock
FindResourceW
CreateThread
CompareStringW
LoadLibraryA
ResetEvent
MulDiv
FreeResource
GetVersion
RaiseException
GlobalAddAtomW
FormatMessageW
SwitchToThread
GetExitCodeThread
GetCurrentThread
LoadLibraryExW
LockResource
GetCurrentThreadId
UnhandledExceptionFilter
VirtualQuery
GlobalFindAtomW
VirtualQueryEx
GlobalFree
Sleep
EnterCriticalSection
SetFilePointer
LoadResource
SuspendThread
GetTickCount
GetStartupInfoW
GlobalDeleteAtom
GetFileAttributesW
InitializeCriticalSection
GetThreadPriority
GetCurrentProcess
SetThreadPriority
GlobalLock
VirtualAlloc
GetSystemInfo
GetCommandLineW
LeaveCriticalSection
GetProcAddress
ResumeThread
GetVersionExW
VerifyVersionInfoW
HeapCreate
VerSetConditionMask
GetDiskFreeSpaceW
FindFirstFileW
GetUserDefaultUILanguage
GlobalHandle
lstrlenW
QueryPerformanceCounter
SetEndOfFile
HeapFree
WideCharToMultiByte
FindClose
MultiByteToWideChar
LoadLibraryW
SetEvent
CreateFileW
GetLocaleInfoW
EnumResourceNamesW
GetLocalTime
WaitForSingleObject
WriteFile
ExitThread
DeleteCriticalSection
TlsGetValue
GetDateFormatW
SetErrorMode
IsValidLocale
TlsSetValue
GetSystemDefaultUILanguage
EnumCalendarInfoW
LocalAlloc
CreateEventW
WaitForMultipleObjectsEx
SetThreadLocale
GetThreadLocale

ole32

IsEqualGUID
OleInitialize
OleUninitialize
CoInitialize
CoCreateInstance
CoUninitialize
CoTaskMemFree
CoTaskMemAlloc

gdi32

Pie
SetBkMode
CreateCompatibleBitmap
GetEnhMetaFileHeader
RectVisible
AngleArc
SetAbortProc
SetTextColor
StretchBlt
RoundRect
RestoreDC
SetRectRgn
GetTextMetricsW
GetWindowOrgEx
CreatePalette
PolyBezierTo
CreateICW
CreateDCW
GetStockObject
CreateSolidBrush
Polygon
MoveToEx
PlayEnhMetaFile
Ellipse
StartPage
GetBitmapBits
StartDocW
AbortDoc
GetSystemPaletteEntries
GetEnhMetaFileBits
GetEnhMetaFilePaletteEntries
CreatePenIndirect
CreateFontIndirectW
PolyBezier
EndDoc
GetObjectW
GetWinMetaFileBits
SetROP2
GetEnhMetaFileDescriptionW
ArcTo
Arc
SelectPalette
ExcludeClipRect
MaskBlt
SetWindowOrgEx
EndPage
DeleteEnhMetaFile
Chord
SetDIBits
SetViewportOrgEx
CreateRectRgn
RealizePalette
SetDIBColorTable
GetDIBColorTable
CreateBrushIndirect
PatBlt
SetEnhMetaFileBits
Rectangle
SaveDC
DeleteDC
FrameRgn
BitBlt
GetDeviceCaps
GetTextExtentPoint32W
GetClipBox
IntersectClipRect
Polyline
CreateBitmap
SetWinMetaFileBits
GetStretchBltMode
CreateDIBitmap
SetStretchBltMode
GetDIBits
CreateDIBSection
LineTo
GetRgnBox
EnumFontsW
CreateHalftonePalette
SelectObject
DeleteObject
ExtFloodFill
UnrealizeObject
CopyEnhMetaFileW
SetBkColor
CreateCompatibleDC
GetBrushOrgEx
GetCurrentPositionEx
GetNearestPaletteIndex
GetTextExtentPointW
ExtTextOutW
SetBrushOrgEx
GetPixel
GdiFlush
SetPixel
EnumFontFamiliesExW
StretchDIBits
GetPaletteEntries

Exports

Exports

TMethodImplementationIntercept
__dbk_fcall_wrapper
dbkFCallWrapperAddr

Sections

.text
Size: 1.9MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 21KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 24KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.didata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 159B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: - Virtual size: 72B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 93B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 180KB - Virtual size: 180KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 227KB - Virtual size: 227KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.debug
Size: 9.0MB - Virtual size: 9.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.09.18_Checkpoint-Rampant_Kitten/f211a92c2e215c2691006407bc919a892dd998120d83d333f2295059cd3c1c60
.exe windows:5 windows x86 arch:x86

4dcb6ccf5c9c4fae7a0fb756a40c24b2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\Users\TOPH\Desktop\node 32\32-whois-931011-tagged-DesDoc\HookInjEx\Debug\HookInjEx.pdb

Imports

shlwapi

PathFileExistsW

kernel32

TlsSetValue
CompareStringW
GetModuleFileNameW
ExitProcess
CopyFileW
GetCurrentDirectoryW
GetVersionExA
GetShortPathNameW
CompareStringA
FlushFileBuffers
CloseHandle
CreateFileA
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetConsoleMode
GetConsoleCP
GetCommandLineA
GetStartupInfoA
IsDebuggerPresent
RaiseException
DebugBreak
WideCharToMultiByte
MultiByteToWideChar
lstrlenA
GetProcAddress
LoadLibraryA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
GetModuleHandleW
Sleep
InterlockedIncrement
InterlockedDecrement
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetLastError
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
DeleteCriticalSection
HeapValidate
IsBadReadPtr
TlsGetValue
TlsAlloc
SetEnvironmentVariableA
TlsFree
SetLastError
GetCurrentThread
HeapDestroy
HeapCreate
HeapFree
VirtualFree
WriteFile
HeapAlloc
GetProcessHeap
VirtualQuery
FreeLibrary
GetACP
GetOEMCP
GetCPInfo
IsValidCodePage
EnterCriticalSection
LeaveCriticalSection
FatalAppExitA
SetConsoleCtrlHandler
InterlockedExchange
InitializeCriticalSectionAndSpinCount
HeapSize
HeapReAlloc
VirtualAlloc
RtlUnwind
OutputDebugStringA
WriteConsoleW
OutputDebugStringW
LoadLibraryW
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoW
GetLocaleInfoA
GetTimeFormatA
GetDateFormatA
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
GetTimeZoneInformation
SetFilePointer

user32

FindWindowA
FindWindowExA

shell32

SHGetSpecialFolderPathW

dhtmlh

?wcscpy_s2@@YAHPAGHPBG@Z
?wcscat_s2@@YAHPAGHPBG@Z
?InjectDll@@YAHPAUHWND__@@QAGHH@Z

Sections

.textbss
Size: - Virtual size: 166KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 349KB - Virtual size: 348KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 68KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.09.18_Checkpoint-Rampant_Kitten/f9f4aaba897b15f8c77c46f2efb0672b044b7cb79dfd84eac4a41e2f1cee1344
.dll windows:5 windows x64 arch:x64

32310b083b2abc1fbfad3e196bbc30a9

Code Sign

bd:12:ac:19:af:9e:c0:fa:52:83:a8:24:59:7c:0a:57
Certificate

Issuer

CN=COMODO RSA Extended Validation Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

23-09-2019 00:00

Not After

22-09-2020 23:59

Subject

SERIALNUMBER=94349,CN=Telegram FZ-LLC,O=Telegram FZ-LLC,STREET=Business Central Towers\, Tower A\, Office 2301 2303,L=Dubai,ST=Dubai,C=AE,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.3=#13024145

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

6d:d4:72:eb:02:ae:04:06:e3:dd:84:3f:5f:e1:45:e1
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

03-12-2014 00:00

Not After

02-12-2029 23:59

Subject

CN=COMODO RSA Extended Validation Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

3d:1a:35:72:30:15:82:63:30:d0:13:71:7e:82:41:08
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

02-05-2019 00:00

Not After

01-08-2030 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #1,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02-05-2019 00:00

Not After

18-01-2038 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

82:27:ab:b1:e9:f2:00:0d:32:37:6f:49:19:c9:f1:1d:e5:c7:ce:ed
Signer

Actual PE Digest

82:27:ab:b1:e9:f2:00:0d:32:37:6f:49:19:c9:f1:1d:e5:c7:ce:ed

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

EnterCriticalSection
RtlUnwindEx
GetACP
CloseHandle
LocalFree
TlsAlloc
GetTickCount
TerminateThread
FindNextFileW
VirtualFree
GetStartupInfoW
ExitProcess
GetFileAttributesW
InitializeCriticalSection
VirtualAlloc
WriteProcessMemory
RtlUnwind
GetCPInfo
GetCommandLineW
GetSystemInfo
GetProcAddress
LeaveCriticalSection
EnumSystemLocalesW
VirtualAllocEx
GetStdHandle
FileTimeToLocalFileTime
GetVersionExW
VerifyVersionInfoW
GetModuleHandleW
FreeLibrary
FileTimeToDosDateTime
GetDiskFreeSpaceW
VerSetConditionMask
GetUserDefaultUILanguage
FindFirstFileW
TlsFree
CreateRemoteThread
SetLastError
GetModuleFileNameW
GetLastError
lstrlenW
CreateThread
CompareStringW
WideCharToMultiByte
MultiByteToWideChar
FindClose
LoadLibraryW
LoadLibraryA
ResetEvent
SetEvent
CreateFileW
GetLocaleInfoW
GetVersion
DeleteFileW
MoveFileW
RaiseException
OpenProcess
SwitchToThread
GetLocalTime
WaitForSingleObject
WriteFile
DeleteCriticalSection
TlsGetValue
IsValidLocale
TlsSetValue
VirtualFreeEx
LoadLibraryExW
GetSystemDefaultUILanguage
EnumCalendarInfoW
LocalAlloc
GetCurrentThreadId
UnhandledExceptionFilter
VirtualQuery
CreateEventW
GetThreadLocale
Sleep
SetThreadLocale

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

user32

GetMessageW
CharUpperBuffW
CharNextW
TranslateMessage
CharLowerBuffW
LoadStringW
CharUpperW
GetSystemMetrics
DispatchMessageW
MessageBoxW

oleaut32

SysAllocStringLen
SysFreeString
SysReAllocStringLen

netapi32

NetWkstaGetInfo
NetApiBufferFree

advapi32

RegQueryValueExW
RegCloseKey
RegOpenKeyExW

Exports

Exports

StartWork2
__dbk_fcall_wrapper
dbkFCallWrapperAddr

Sections

.text
Size: 178KB - Virtual size: 177KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 21KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 42KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.didata
Size: 1024B - Virtual size: 608B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 143B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 69B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.pdata
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.09.18_Checkpoint-Rampant_Kitten/fdfcf1790faf4dc97ea7c5d84c76b7abbdb080ab931777a6259b09ae0166fcae
.dll windows:5 windows x64 arch:x64

5b939fd5d98e82f59abf200ee8adfded

Code Sign

bd:12:ac:19:af:9e:c0:fa:52:83:a8:24:59:7c:0a:57
Certificate

Issuer

CN=COMODO RSA Extended Validation Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

23-09-2019 00:00

Not After

22-09-2020 23:59

Subject

SERIALNUMBER=94349,CN=Telegram FZ-LLC,O=Telegram FZ-LLC,STREET=Business Central Towers\, Tower A\, Office 2301 2303,L=Dubai,ST=Dubai,C=AE,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.3=#13024145

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

6d:d4:72:eb:02:ae:04:06:e3:dd:84:3f:5f:e1:45:e1
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

03-12-2014 00:00

Not After

02-12-2029 23:59

Subject

CN=COMODO RSA Extended Validation Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

3d:1a:35:72:30:15:82:63:30:d0:13:71:7e:82:41:08
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

02-05-2019 00:00

Not After

01-08-2030 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #1,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02-05-2019 00:00

Not After

18-01-2038 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

da:c6:4d:62:33:48:4f:7a:6c:d0:72:55:cb:57:26:8b:c8:88:b8:f1
Signer

Actual PE Digest

da:c6:4d:62:33:48:4f:7a:6c:d0:72:55:cb:57:26:8b:c8:88:b8:f1

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

winspool.drv

DocumentPropertiesW
ClosePrinter
OpenPrinterW
GetDefaultPrinterW
EnumPrintersW

comctl32

ImageList_GetImageInfo
FlatSB_SetScrollInfo
InitCommonControls
ImageList_DragMove
ImageList_Destroy
_TrackMouseEvent
ImageList_DragShowNolock
ImageList_Add
FlatSB_SetScrollProp
ImageList_GetDragImage
ImageList_Create
ImageList_EndDrag
ImageList_DrawEx
ImageList_SetImageCount
FlatSB_GetScrollPos
FlatSB_SetScrollPos
InitializeFlatSB
ImageList_Copy
FlatSB_GetScrollInfo
ImageList_Write
ImageList_SetBkColor
ImageList_GetBkColor
ImageList_BeginDrag
ImageList_GetIcon
ImageList_Replace
ImageList_GetImageCount
ImageList_DragEnter
ImageList_GetIconSize
ImageList_SetIconSize
ImageList_Read
ImageList_DragLeave
ImageList_LoadImageW
ImageList_Draw
ImageList_Remove
ImageList_ReplaceIcon
ImageList_SetOverlayImage

shell32

Shell_NotifyIconW

user32

CopyImage
CreateWindowExW
GetMenuItemInfoW
SetMenuItemInfoW
DefFrameProcW
GetDCEx
PeekMessageW
MonitorFromWindow
GetDlgCtrlID
SetTimer
WindowFromPoint
BeginPaint
RegisterClipboardFormatW
FrameRect
MapVirtualKeyW
IsWindowUnicode
RegisterWindowMessageW
FillRect
GetMenuStringW
DispatchMessageW
CreateAcceleratorTableW
SendMessageA
IsClipboardFormatAvailable
DefMDIChildProcW
EnumWindows
GetClassInfoW
ShowOwnedPopups
GetSystemMenu
GetScrollRange
GetScrollPos
SetScrollPos
GetActiveWindow
SetActiveWindow
DrawEdge
GetKeyboardLayoutList
LoadBitmapW
DrawFocusRect
EnumChildWindows
GetScrollBarInfo
ReleaseCapture
UnhookWindowsHookEx
LoadCursorW
GetCapture
SetCapture
CreatePopupMenu
ScrollWindow
ShowCaret
GetMenuItemID
GetLastActivePopup
CharLowerBuffW
GetSystemMetrics
PostMessageW
DrawMenuBar
SetParent
IsZoomed
CharUpperBuffW
GetClientRect
IsChild
GetClassLongPtrW
SetClassLongPtrW
ClientToScreen
GetClipboardData
SetClipboardData
SetWindowPlacement
IsIconic
CallNextHookEx
GetMonitorInfoW
ShowWindow
CheckMenuItem
CharUpperW
DefWindowProcW
GetForegroundWindow
SetForegroundWindow
GetWindowTextW
GetWindowTextLengthW
EnableWindow
DestroyWindow
IsDialogMessageW
EndMenu
RegisterClassW
CharNextW
GetWindowThreadProcessId
RedrawWindow
GetDC
GetFocus
SetFocus
EndPaint
ReleaseDC
MsgWaitForMultipleObjectsEx
LoadKeyboardLayoutW
ActivateKeyboardLayout
GetParent
DrawTextW
SetScrollRange
MonitorFromRect
InsertMenuItemW
PeekMessageA
GetPropW
MessageBoxW
MessageBeep
SetPropW
RemovePropW
UpdateWindow
GetSubMenu
MsgWaitForMultipleObjects
DestroyMenu
DestroyIcon
SetWindowsHookExW
EmptyClipboard
IsWindowVisible
DispatchMessageA
UnregisterClassW
GetTopWindow
SendMessageW
AdjustWindowRectEx
DrawIcon
IsWindow
EnumThreadWindows
InvalidateRect
GetKeyboardState
DrawFrameControl
ScreenToClient
GetWindowLongPtrW
SetWindowLongPtrW
SetCursor
CreateIcon
CreateMenu
LoadStringW
CharLowerW
SetWindowRgn
SetWindowPos
GetMenuItemCount
RemoveMenu
GetSysColorBrush
GetKeyboardLayoutNameW
GetWindowDC
TranslateMessage
OpenClipboard
DrawTextExW
MapWindowPoints
EnumDisplayMonitors
CallWindowProcW
CountClipboardFormats
CloseClipboard
DestroyCursor
EnumClipboardFormats
GetScrollInfo
SetWindowTextW
GetMessageExtraInfo
EnableScrollBar
GetSysColor
TrackPopupMenu
CopyIcon
DrawIconEx
PostQuitMessage
GetClassNameW
ShowScrollBar
EnableMenuItem
GetIconInfo
GetMessagePos
SetScrollInfo
GetKeyNameTextW
GetDesktopWindow
GetCursorPos
SetCursorPos
HideCaret
GetMenu
GetMenuState
SetMenu
SetRect
GetKeyState
FindWindowExW
MonitorFromPoint
SystemParametersInfoW
LoadIconW
GetCursor
GetWindow
GetWindowRect
InsertMenuW
KillTimer
PostThreadMessageW
WaitMessage
IsWindowEnabled
IsDialogMessageA
TranslateMDISysAccel
GetWindowPlacement
FindWindowW
DeleteMenu
GetKeyboardLayout

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

oleaut32

SafeArrayPutElement
SetErrorInfo
GetErrorInfo
VariantInit
VariantClear
SysFreeString
SafeArrayAccessData
SysReAllocStringLen
SafeArrayCreate
CreateErrorInfo
SafeArrayGetElement
SysAllocStringLen
SafeArrayUnaccessData
SafeArrayPtrOfIndex
VariantCopy
SafeArrayGetUBound
SafeArrayGetLBound
VariantCopyInd
VariantChangeType

advapi32

RegSetValueExW
RegConnectRegistryW
RegEnumKeyExW
RegLoadKeyW
GetUserNameW
RegDeleteKeyW
RegOpenKeyExW
RegQueryInfoKeyW
RegUnLoadKeyW
RegSaveKeyW
RegDeleteValueW
RegReplaceKeyW
RegFlushKey
RegQueryValueExW
RegEnumValueW
RegCloseKey
RegCreateKeyExW
RegRestoreKeyW

netapi32

NetWkstaGetInfo
NetApiBufferFree

msvcrt

memcpy
memset

winhttp

WinHttpGetIEProxyConfigForCurrentUser
WinHttpSetTimeouts
WinHttpSetStatusCallback
WinHttpConnect
WinHttpReceiveResponse
WinHttpQueryAuthSchemes
WinHttpGetProxyForUrl
WinHttpReadData
WinHttpCloseHandle
WinHttpQueryHeaders
WinHttpOpenRequest
WinHttpAddRequestHeaders
WinHttpOpen
WinHttpWriteData
WinHttpSetCredentials
WinHttpQueryDataAvailable
WinHttpSetOption
WinHttpSendRequest
WinHttpQueryOption

kernel32

SetFileAttributesW
RtlUnwindEx
QueryDosDeviceW
GetACP
GetExitCodeProcess
CloseHandle
LocalFree
GetCurrentProcessId
SizeofResource
VirtualProtect
TlsAlloc
TerminateThread
QueryPerformanceFrequency
IsDebuggerPresent
FindNextFileW
GetFullPathNameW
VirtualFree
ExitProcess
HeapAlloc
GetCPInfoExW
GlobalSize
GetLongPathNameW
RtlUnwind
GetCPInfo
EnumSystemLocalesW
CreateWaitableTimerW
GetStdHandle
GetTimeZoneInformation
FileTimeToLocalFileTime
SystemTimeToTzSpecificLocalTime
GetModuleHandleW
FreeLibrary
TryEnterCriticalSection
HeapDestroy
FileTimeToDosDateTime
ReadFile
CreateProcessW
HeapSize
GetLastError
GetModuleFileNameW
SetLastError
GlobalAlloc
GlobalUnlock
FindResourceW
CreateThread
CompareStringW
CopyFileW
MapViewOfFile
CreateMutexW
LoadLibraryA
GetVolumeInformationW
ResetEvent
MulDiv
FreeResource
GetDriveTypeW
GetVersion
RaiseException
MoveFileW
GlobalAddAtomW
FormatMessageW
OpenProcess
SwitchToThread
GetExitCodeThread
OutputDebugStringW
GetCurrentThread
GetFileAttributesExW
LoadLibraryExW
LockResource
FileTimeToSystemTime
GetCurrentThreadId
UnhandledExceptionFilter
GlobalFindAtomW
VirtualQuery
VirtualQueryEx
GlobalFree
Sleep
EnterCriticalSection
SetFilePointer
LoadResource
SuspendThread
GetTickCount
GetFileSize
GlobalDeleteAtom
GetStartupInfoW
GetFileAttributesW
InitializeCriticalSection
GetThreadPriority
GetCurrentProcess
SetThreadPriority
GlobalLock
VirtualAlloc
GetTempPathW
GetSystemInfo
GetCommandLineW
LeaveCriticalSection
GetProcAddress
ResumeThread
SetWaitableTimer
GetLogicalDriveStringsW
CancelWaitableTimer
GetVersionExW
VerifyVersionInfoW
HeapCreate
LCMapStringW
GetDiskFreeSpaceW
VerSetConditionMask
FindFirstFileW
GetUserDefaultUILanguage
TlsFree
UnmapViewOfFile
lstrlenW
QueryPerformanceCounter
SetEndOfFile
HeapFree
WideCharToMultiByte
FindClose
MultiByteToWideChar
LoadLibraryW
SetEvent
CreateFileW
GetLocaleInfoW
EnumResourceNamesW
DeleteFileW
GetEnvironmentVariableW
GetLocalTime
WaitForSingleObject
WriteFile
CreateFileMappingW
ExitThread
DeleteCriticalSection
GetDateFormatW
TlsGetValue
SetErrorMode
GetComputerNameW
IsValidLocale
TlsSetValue
CreateDirectoryW
GetSystemDefaultUILanguage
EnumCalendarInfoW
LocalAlloc
RemoveDirectoryW
CreateEventW
WaitForMultipleObjectsEx
GetThreadLocale
SetThreadLocale

shfolder

SHGetFolderPathW

ole32

IsEqualGUID
OleInitialize
OleUninitialize
CoInitialize
CoCreateInstance
CoUninitialize
CoTaskMemFree
CoTaskMemAlloc

iphlpapi

GetAdaptersInfo
GetNumberOfInterfaces

gdi32

Pie
SetBkMode
CreateCompatibleBitmap
GetEnhMetaFileHeader
RectVisible
AngleArc
SetAbortProc
SetTextColor
StretchBlt
RoundRect
RestoreDC
SetRectRgn
GetTextMetricsW
GetWindowOrgEx
CreatePalette
PolyBezierTo
CreateICW
CreateDCW
GetStockObject
CreateSolidBrush
Polygon
MoveToEx
PlayEnhMetaFile
Ellipse
StartPage
GetBitmapBits
StartDocW
GetSystemPaletteEntries
GetEnhMetaFileBits
AbortDoc
GetEnhMetaFilePaletteEntries
CreatePenIndirect
CreateFontIndirectW
PolyBezier
EndDoc
GetObjectW
GetWinMetaFileBits
SetROP2
GetEnhMetaFileDescriptionW
ArcTo
Arc
SelectPalette
ExcludeClipRect
MaskBlt
SetWindowOrgEx
EndPage
DeleteEnhMetaFile
Chord
SetDIBits
SetViewportOrgEx
CreateRectRgn
RealizePalette
SetDIBColorTable
GetDIBColorTable
CreateBrushIndirect
PatBlt
SetEnhMetaFileBits
Rectangle
SaveDC
DeleteDC
FrameRgn
BitBlt
GetDeviceCaps
GetTextExtentPoint32W
GetClipBox
IntersectClipRect
Polyline
CreateBitmap
SetWinMetaFileBits
GetStretchBltMode
CreateDIBitmap
SetStretchBltMode
GetDIBits
CreateDIBSection
LineTo
GetRgnBox
EnumFontsW
CreateHalftonePalette
SelectObject
DeleteObject
ExtFloodFill
UnrealizeObject
CopyEnhMetaFileW
SetBkColor
CreateCompatibleDC
GetBrushOrgEx
GetCurrentPositionEx
GetTextExtentPointW
ExtTextOutW
SetBrushOrgEx
GetPixel
GdiFlush
SetPixel
EnumFontFamiliesExW
StretchDIBits
GetPaletteEntries

Exports

Exports

StartBase
TMethodImplementationIntercept
__dbk_fcall_wrapper
dbkFCallWrapperAddr

Sections

.text
Size: 5.3MB - Virtual size: 5.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 495KB - Virtual size: 494KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 60KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.didata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 183B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 69B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 264KB - Virtual size: 264KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.pdata
Size: 305KB - Virtual size: 304KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 47KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.09.18_Checkpoint-Rampant_Kitten/fe15c79508885b5288c5cf93708d5b40eab05877cb9b1d954ab7e814a20c7978
.exe windows:5 windows x86 arch:x86

3eaa732d4dae53340f9646bdd85dac41

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

52:9e:3f:9f:cf:7d:58:d5:20:d6:07:ab:74:39:50:02
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

02-06-2017 00:00

Not After

01-06-2020 23:59

Subject

CN=win.rar GmbH,O=win.rar GmbH,POSTALCODE=10117,STREET=Marienstrasse 12,L=Berlin,ST=Berlin,C=DE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09-05-2013 00:00

Not After

08-05-2028 23:59

Subject

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

52:9e:3f:9f:cf:7d:58:d5:20:d6:07:ab:74:39:50:02
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

02-06-2017 00:00

Not After

01-06-2020 23:59

Subject

CN=win.rar GmbH,O=win.rar GmbH,POSTALCODE=10117,STREET=Marienstrasse 12,L=Berlin,ST=Berlin,C=DE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09-05-2013 00:00

Not After

08-05-2028 23:59

Subject

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12-01-2016 00:00

Not After

11-01-2031 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23-12-2017 00:00

Not After

22-03-2029 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

a3:db:42:71:bb:63:7a:a4:35:79:7c:62:e2:55:08:6c:a9:15:44:ad:bd:c0:2d:de:6d:d5:50:c7:79:a4:23:cf
Signer

Actual PE Digest

a3:db:42:71:bb:63:7a:a4:35:79:7c:62:e2:55:08:6c:a9:15:44:ad:bd:c0:2d:de:6d:d5:50:c7:79:a4:23:cf

Digest Algorithm

sha256

PE Digest Matches

false

8e:3a:e2:9e:10:78:af:4a:ca:73:7c:a2:ec:76:20:ba:5e:da:27:07
Signer

Actual PE Digest

8e:3a:e2:9e:10:78:af:4a:ca:73:7c:a2:ec:76:20:ba:5e:da:27:07

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\Projects\WinRAR\SFX\build\sfxrar32\Release\sfxrar.pdb

Imports

comctl32

InitCommonControlsEx

shlwapi

SHAutoComplete

kernel32

ReadFile
GetFileAttributesW
SetFileAttributesW
FindNextFileW
GetFullPathNameW
GetModuleFileNameW
FindResourceW
GetModuleHandleW
FreeLibrary
GetProcAddress
LoadLibraryW
GetCurrentProcessId
GetLocaleInfoW
GetNumberFormatW
ExpandEnvironmentStringsW
WaitForSingleObject
DosDateTimeToFileTime
GetDateFormatW
GetTimeFormatW
FileTimeToSystemTime
FileTimeToLocalFileTime
GetExitCodeProcess
GetTempPathW
MoveFileExW
Sleep
UnmapViewOfFile
MapViewOfFile
GetCommandLineW
CreateFileMappingW
GetTickCount
SetEnvironmentVariableW
OpenFileMappingW
CreateThread
EnterCriticalSection
LeaveCriticalSection
GetProcessAffinityMask
ReleaseSemaphore
ResetEvent
DeleteCriticalSection
SetEvent
SetThreadPriority
InitializeCriticalSection
CreateEventW
CreateSemaphoreW
SystemTimeToFileTime
GetSystemTime
LocalFileTimeToFileTime
WideCharToMultiByte
MultiByteToWideChar
CompareStringW
IsDBCSLeadByte
FindFirstFileW
GetFileType
SetCurrentDirectoryW
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
LoadLibraryA
GetConsoleMode
GetConsoleCP
InitializeCriticalSectionAndSpinCount
QueryPerformanceCounter
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
LCMapStringW
LCMapStringA
IsValidCodePage
GetOEMCP
GetACP
GetModuleFileNameA
ExitProcess
HeapSize
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
VirtualAlloc
VirtualFree
HeapCreate
InterlockedDecrement
GetCurrentThreadId
InterlockedIncrement
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetStartupInfoA
GetCommandLineA
RaiseException
GetSystemTimeAsFileTime
SetEndOfFile
SetFilePointer
GetStdHandle
WriteFile
FlushFileBuffers
GetLongPathNameW
MoveFileW
GetShortPathNameW
CreateDirectoryW
RemoveDirectoryW
GlobalAlloc
DeleteFileW
FindClose
CreateFileW
DeviceIoControl
SetFileTime
GetCurrentProcess
CloseHandle
CreateHardLinkW
SetLastError
GetLastError
GetCurrentDirectoryW
CreateFileA
GetCPInfo
HeapAlloc
HeapReAlloc
HeapFree
RtlUnwind

user32

EnableWindow
ShowWindow
GetDlgItem
MessageBoxW
FindWindowExW
GetParent
MapWindowPoints
CreateWindowExW
UpdateWindow
LoadCursorW
RegisterClassExW
DefWindowProcW
DestroyWindow
CopyRect
IsWindow
CharUpperW
OemToCharBuffA
LoadIconW
PostMessageW
GetSysColor
SetForegroundWindow
WaitForInputIdle
IsWindowVisible
DialogBoxParamW
DestroyIcon
SetFocus
GetClassNameW
SendDlgItemMessageW
EndDialog
GetDlgItemTextW
SetDlgItemTextW
wvsprintfW
SendMessageW
GetDC
ReleaseDC
PeekMessageW
GetMessageW
TranslateMessage
DispatchMessageW
LoadStringW
GetWindowRect
GetClientRect
SetWindowPos
GetWindowTextW
SetWindowTextW
GetSystemMetrics
GetWindow
GetWindowLongW
SetWindowLongW
LoadBitmapW

gdi32

GetDeviceCaps
CreateCompatibleDC
GetObjectW
CreateCompatibleBitmap
SelectObject
StretchBlt
DeleteDC
DeleteObject

comdlg32

GetSaveFileNameW
CommDlgExtendedError
GetOpenFileNameW

advapi32

RegOpenKeyExW
RegQueryValueExW
RegCreateKeyExW
RegSetValueExW
RegCloseKey
SetFileSecurityW
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges

shell32

SHChangeNotify
SHGetFileInfoW
SHGetMalloc
SHGetSpecialFolderLocation
SHGetPathFromIDListW
SHBrowseForFolderW
ShellExecuteExW
SHFileOperationW

ole32

CLSIDFromString
CoCreateInstance
OleInitialize
OleUninitialize
CreateStreamOnHGlobal

oleaut32

VariantInit

Sections

.text
Size: 148KB - Virtual size: 148KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 133KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 78KB - Virtual size: 78KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.09.29_Symantec-Palmerworm_Espionage_Gang/28ca0c218e14041b9f32a0b9a17d6ee5804e4ff52e9ef228a1f0f8b00ba24c11
.exe windows:4 windows x86 arch:x86

e2326aa3c6ad9077abad282ad201e364

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetACP
HeapSize
HeapReAlloc
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
IsBadReadPtr
IsBadCodePtr
SetStdHandle
CompareStringA
CompareStringW
SetEnvironmentVariableA
GetProfileStringA
GetTimeZoneInformation
RaiseException
GetCommandLineA
GetStartupInfoA
TerminateProcess
ExitProcess
RtlUnwind
HeapAlloc
HeapFree
GetTickCount
WritePrivateProfileStringA
GetOEMCP
GetCPInfo
GlobalFlags
GetProcessVersion
TlsGetValue
LocalReAlloc
TlsSetValue
EnterCriticalSection
GlobalReAlloc
LeaveCriticalSection
TlsFree
GlobalHandle
DeleteCriticalSection
TlsAlloc
InitializeCriticalSection
LocalAlloc
SetErrorMode
FileTimeToLocalFileTime
FileTimeToSystemTime
GlobalFree
GlobalAlloc
lstrcmpA
GetCurrentThread
FormatMessageA
LocalFree
GlobalLock
GlobalUnlock
MulDiv
FreeLibrary
GetVersion
lstrcatA
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
GetModuleHandleA
GetCurrentThreadId
SetLastError
GetFileTime
GetFileAttributesA
GetModuleFileNameA
lstrcmpiA
GetThreadLocale
GetFullPathNameA
GetVolumeInformationA
FindFirstFileA
FindClose
lstrcpyA
LoadLibraryA
GetProcAddress
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
DuplicateHandle
lstrcpynA
MultiByteToWideChar
lstrlenA
WideCharToMultiByte
lstrlenW
InterlockedDecrement
InterlockedIncrement
OutputDebugStringA
GetLastError
GetCurrentProcess
VirtualAllocEx
VirtualFreeEx
FindResourceA
LoadResource
LockResource
SizeofResource
CreateFileA
GetFileSize
ReadFile
SetUnhandledExceptionFilter
CloseHandle

user32

RegisterClipboardFormatA
PostThreadMessageA
MapWindowPoints
GetSysColor
GetFocus
SetActiveWindow
IsWindow
AdjustWindowRectEx
ScreenToClient
CopyRect
GetTopWindow
MessageBoxA
IsChild
GetCapture
WinHelpA
GetClassInfoA
RegisterClassA
GetMenu
GetMenuItemCount
GetSubMenu
GetMenuItemID
DestroyWindow
CreateWindowExA
GetClassLongA
SetPropA
UnhookWindowsHookEx
GetPropA
CallWindowProcA
RemovePropA
DefWindowProcA
GetMessageTime
GetMessagePos
GetLastActivePopup
GetForegroundWindow
SetForegroundWindow
InflateRect
RegisterWindowMessageA
OffsetRect
IntersectRect
SystemParametersInfoA
GetParent
SetFocus
IsWindowEnabled
ShowWindow
SetWindowPos
MoveWindow
SetWindowLongA
GetDlgCtrlID
GetWindowTextLengthA
GetWindowTextA
SetWindowTextA
GetWindowLongA
IsDialogMessageA
SendDlgItemMessageA
GetDlgItem
GetMessageA
TranslateMessage
DispatchMessageA
GetActiveWindow
GetKeyState
CallNextHookEx
ValidateRect
IsWindowVisible
PeekMessageA
GetCursorPos
SendMessageA
UnregisterClassA
HideCaret
ShowCaret
ExcludeUpdateRgn
DrawFocusRect
DefDlgProcA
IsWindowUnicode
SetWindowsHookExA
CharUpperA
wsprintfA
ClientToScreen
PtInRect
IsIconic
GetSystemMetrics
DrawIcon
GetSystemMenu
AppendMenuA
GetWindowRect
MessageBeep
GetNextDlgGroupItem
SetRect
CopyAcceleratorTableA
GetWindow
CharNextA
LoadIconA
EnableWindow
GetClientRect
KillTimer
SetTimer
FillRect
DrawEdge
InvalidateRect
LoadBitmapA
LoadCursorA
SetClassLongA
GetDesktopWindow
GetClassNameA
GetSysColorBrush
DestroyMenu
LoadStringA
EndDialog
CreateDialogIndirectParamA
MapDialogRect
SetWindowContextHelpId
SetCursor
PostQuitMessage
GrayStringA
DrawTextA
TabbedTextOutA
EndPaint
BeginPaint
GetWindowDC
ReleaseDC
GetDC
GetMenuCheckMarkDimensions
GetMenuState
ModifyMenuA
SetMenuItemBitmaps
UpdateWindow
EnableMenuItem
GetNextDlgTabItem
GetWindowPlacement
PostMessageA
CheckMenuItem

gdi32

RestoreDC
GetStockObject
SetBkMode
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
IntersectClipRect
SaveDC
GetDeviceCaps
GetViewportExtEx
GetWindowExtEx
PtVisible
RectVisible
ExtTextOutA
Escape
PatBlt
GetTextColor
GetBkColor
LPtoDP
CreateBitmap
SetBkColor
SetTextColor
GetClipBox
CreateSolidBrush
Rectangle
SelectObject
GetMapMode
SetMapMode
DPtoLP
DeleteDC
CreateCompatibleDC
CreateCompatibleBitmap
CreatePatternBrush
GetTextExtentPoint32A
TextOutA
BitBlt
GetObjectA
DeleteObject
CreateDIBitmap
GetTextExtentPointA
CreateFontA

comdlg32

GetFileTitleA

winspool.drv

OpenPrinterA
DocumentPropertiesA
ClosePrinter

advapi32

RegCloseKey
RegCreateKeyExA
RegOpenKeyExA
RegSetValueExA

shell32

ShellExecuteA

comctl32

ord17

oledlg

ord8

ole32

OleInitialize
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CoGetClassObject
OleUninitialize
CoTaskMemAlloc
CLSIDFromString
CLSIDFromProgID
CoTaskMemFree
CreateBindCtx
CoFreeUnusedLibraries
CoRegisterMessageFilter
CoRevokeClassObject
OleFlushClipboard
OleIsCurrentClipboard

olepro32

ord253

oleaut32

SysAllocStringLen
VariantClear
VariantTimeToSystemTime
SysStringLen
SysAllocStringByteLen
VariantCopy
VariantChangeType
SysAllocString
SysFreeString

urlmon

CreateURLMoniker
IsAsyncMoniker
CreateAsyncBindCtx
RegisterBindStatusCallback

Sections

.text
Size: 156KB - Virtual size: 153KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 44KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 364KB - Virtual size: 360KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.09.29_Symantec-Palmerworm_Espionage_Gang/35bd3c96abbf9e4da9f7a4433d72f90bfe230e3e897a7aaf6f3d54e9ff66a05a
.exe windows:5 windows x86 arch:x86

b8d12c04de39a167757fe4a34efa01e6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetVersionExA
GetProcAddress
LoadLibraryA
GetModuleFileNameA
GetModuleFileNameW
GetExitCodeProcess
WaitForSingleObject
CreateProcessW
GetCommandLineW
GetStartupInfoW
GetTempPathA
GetLastError
LoadLibraryExA
Sleep
RemoveDirectoryA
CreateDirectoryA
SetStdHandle
EnterCriticalSection
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
GetFileType
DecodePointer
EncodePointer
SetConsoleCtrlHandler
HeapFree
FindClose
FileTimeToSystemTime
FileTimeToLocalFileTime
GetDriveTypeA
FindFirstFileExA
HeapAlloc
DeleteFileA
FindNextFileA
GetCommandLineA
HeapSetInformation
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
IsProcessorFeaturePresent
RtlUnwind
SetHandleCount
GetStdHandle
DeleteCriticalSection
GetModuleHandleW
ExitProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
HeapCreate
WideCharToMultiByte
GetFullPathNameA
CloseHandle
GetFileInformationByHandle
PeekNamedPipe
CreateFileA
GetCurrentDirectoryW
GetFileAttributesA
MultiByteToWideChar
ReadFile
SetFilePointer
WriteFile
GetConsoleCP
GetConsoleMode
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
HeapReAlloc
LoadLibraryW
FlushFileBuffers
CompareStringW
SetEnvironmentVariableA
GetDriveTypeW
SetEndOfFile
GetProcessHeap
GetTimeZoneInformation
LCMapStringW
WriteConsoleW
GetStringTypeW
HeapSize
CreateFileW
SetEnvironmentVariableW

ws2_32

ntohl

Sections

.text
Size: 75KB - Virtual size: 75KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 59KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.09.29_Symantec-Palmerworm_Espionage_Gang/6d40c289a154142cdd5298e345bcea30b13f26b9eddfe2d9634e71e1fb935fbe
.dll windows:4 windows x86 arch:x86

4b133c15543dd315987474dbb68ad88a

Code Sign

13:03:03:e4:57:0c:27:29:09:e2:65:dd:b8:59:de:ef
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

30-09-2016 00:00

Not After

30-09-2019 23:59

Subject

CN=D-Link Corporation,OU=MIS,O=D-Link Corporation,L=Taipei,ST=Taiwan,C=TW

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10-12-2013 00:00

Not After

09-12-2023 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

e9:a8:67:63:36:c6:9f:a3:3c:f3:be:1d:cd:2e:e8:70:03:cc:92:4a
Signer

Actual PE Digest

e9:a8:67:63:36:c6:9f:a3:3c:f3:be:1d:cd:2e:e8:70:03:cc:92:4a

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LockResource
LoadResource
FindResourceA
GlobalFree
Sleep
VirtualAlloc
SizeofResource
WaitForSingleObject
CreateThread
FreeConsole
GetTickCount
VirtualFree
GetLastError
GlobalAlloc
CloseHandle
FreeResource
InterlockedDecrement
InterlockedIncrement
WideCharToMultiByte
GetCommandLineA
GetVersion
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
ExitProcess
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
TerminateProcess
GetCurrentProcess
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
HeapDestroy
HeapCreate
HeapFree
WriteFile
HeapAlloc
GetCPInfo
GetACP
GetOEMCP
HeapReAlloc
GetProcAddress
LoadLibraryA
GetStringTypeA
GetStringTypeW
MultiByteToWideChar
LCMapStringA
LCMapStringW
RtlUnwind

advapi32

SetServiceStatus
RegisterServiceCtrlHandlerA

Exports

Exports

ServiceMain

Sections

.text
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.09.29_Symantec-Palmerworm_Espionage_Gang/9e3ecda0f8e23116e1e8f2853cf07837dd5bc0e2e4a70d927b37cfe4f6e69431
.exe windows:5 windows x64 arch:x64

99d4703dfd346cdd41def0f3755554cc

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

D:\windows2000测试 x86 x64 v1.3\svchost-全功能-加密1205\x64\Release\svchost.pdb

Imports

ws2_32

setsockopt
getsockname
ntohs
htons
WSAStartup
WSAIoctl
inet_addr
inet_ntoa
getpeername
accept
WSACleanup
socket
send
closesocket
__WSAFDIsSet
recv
listen
bind
WSAGetLastError
gethostbyname
select
connect

kernel32

CreateThread
VirtualFree
InitializeCriticalSection
LeaveCriticalSection
VirtualAlloc
EnterCriticalSection
DeleteCriticalSection
Sleep
ResetEvent
GetLocalTime
CancelIo
lstrcpyA
lstrlenA
WideCharToMultiByte
lstrcatA
MultiByteToWideChar
GetProcAddress
LoadLibraryA
GetVersionExA
CreateFileA
GetFileSize
SetFilePointer
WriteFile
GetDriveTypeA
GetVolumeInformationA
GetFileAttributesA
LocalReAlloc
CreateProcessA
ReadFile
CreateDirectoryA
FindFirstFileA
GetLogicalDriveStringsA
GetLastError
RemoveDirectoryA
FindClose
LocalAlloc
MoveFileA
FindNextFileA
GetDiskFreeSpaceExA
LocalFree
WaitForSingleObject
SetLastError
GetModuleFileNameA
GetCurrentProcess
OpenProcess
GetSystemDirectoryA
HeapAlloc
HeapFree
GetTickCount
GlobalAlloc
GlobalFree
PeekNamedPipe
TerminateProcess
DisconnectNamedPipe
GetStartupInfoA
WaitForMultipleObjects
CreatePipe
CloseHandle
GetCurrentThreadId
GetComputerNameA
SetErrorMode
GlobalMemoryStatusEx
OpenEventA
GetModuleHandleA
GetCurrentProcessId
ExitThread
GetSystemTimeAsFileTime
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
HeapReAlloc
GetCommandLineA
RaiseException
RtlPcToFileHeader
EncodePointer
DecodePointer
FlsGetValue
FlsSetValue
FlsFree
FlsAlloc
RtlUnwindEx
GetModuleHandleW
ExitProcess
GetStdHandle
HeapSetInformation
HeapCreate
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
QueryPerformanceCounter
HeapSize
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
InitializeCriticalSectionAndSpinCount
GetConsoleCP
GetConsoleMode
GetLocaleInfoA
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
FlushFileBuffers
CreateEventA
TerminateThread
SetEvent
DeleteFileA

user32

CloseDesktop
OpenInputDesktop
GetThreadDesktop
GetUserObjectInformationA
OpenWindowStationA
GetProcessWindowStation
SetProcessWindowStation
CharNextA
wsprintfA
SetThreadDesktop

advapi32

RegOpenKeyExA
RegQueryValueA
RegCloseKey
RegQueryValueExA
GetUserNameA
EqualSid
LookupAccountSidA
GetTokenInformation
FreeSid
AllocateAndInitializeSid
OpenProcessToken
RegOpenKeyA

shell32

SHGetFileInfoA

psapi

GetModuleBaseNameA

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

Sections

.text
Size: 151KB - Virtual size: 151KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 69KB - Virtual size: 69KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.09.29_Symantec-Palmerworm_Espionage_Gang/README.md
Malware-Feed-master/2020.09.29_Symantec-Palmerworm_Espionage_Gang/a7f3b8afb963528b4821b6151d259cf05ae970bc4400b805f7713bd8a0902a42
.exe windows:4 windows x86 arch:x86

ef9b1d463a64a35b4e5ee233d5fddf7d

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LeaveCriticalSection
EnterCriticalSection
Sleep
CreateThread
DeleteCriticalSection
CloseHandle
WaitForSingleObject
InitializeCriticalSection
LCMapStringA
SetStdHandle
FlushFileBuffers
LoadLibraryA
GetProcAddress
GetOEMCP
GetACP
GetCPInfo
HeapReAlloc
VirtualAlloc
SetFilePointer
GetStringTypeW
GetStringTypeA
MultiByteToWideChar
ExitProcess
TerminateProcess
GetCurrentProcess
GetCommandLineA
GetVersion
GetLastError
WriteFile
HeapFree
HeapAlloc
UnhandledExceptionFilter
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleHandleA
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
RtlUnwind
LCMapStringW

ws2_32

WSAStartup
WSASocketA
setsockopt
sendto
recvfrom
getservbyport
socket
ioctlsocket
htons
connect
select
closesocket
inet_addr
gethostbyname

Sections

.text
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Malware-Feed-master/2020.09.29_Symantec-Palmerworm_Espionage_Gang/eed2ab9f2c09e47c7689204ad7f91e5aef3cb25a41ea524004a48bb7dc59f969
.exe windows:4 windows x86 arch:x86

b8f04782d0eb25f3d940ce958779ad61

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

Sleep
GetLastError

ws2_32

WSAStartup
recvfrom
sendto
select
__WSAFDIsSet
socket
htonl
htons
bind
WSAGetLastError
WSACleanup
gethostbyaddr
gethostbyname
inet_ntoa
ntohs
ntohl

msvcrt

_controlfp
_except_handler3
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
__p___initenv
_XcptFilter
_exit
malloc
calloc
_pctype
__mb_cur_max
_isctype
exit
putc
vfprintf
_iob
fflush
fprintf
fputs
strchr
sprintf
strerror
strrchr
strncpy
printf
fopen
atoi
puts
_errno
strncmp
strtok
strpbrk
_strdup

Sections

.text
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Malware-Feed-master/2020.09.30_ESET-APT?C?23_Android/29ac6e5719aeb0cba63b837ca2cbdb6483044ed5a885c457f6858ae61e2dd4da
.apk android

com.update.bbm

com.update.bbm.staropp.act.MainActivity

Activities

com.update.bbm.staropp.act.MainActivity

android.intent.action.MAIN

Permissions

android.permission.CHANGE_WIFI_STATE
android.permission.INTERNET
android.permission.ACCESS_NETWORK_STATE
android.permission.READ_EXTERNAL_STORAGE
android.permission.READ_CONTACTS
android.permission.RECEIVE_SMS
android.permission.RECEIVE_BOOT_COMPLETED
android.permission.ACCESS_WIFI_STATE
android.permission.REORDER_TASKS
android.permission.WRITE_CONTACTS
android.permission.READ_SMS
android.permission.WRITE_EXTERNAL_STORAGE
android.permission.PROCESS_OUTGOING_CALLS
android.permission.RECORD_AUDIO
android.permission.READ_PHONE_STATE
android.permission.SEND_SMS
android.permission.CALL_PHONE
android.permission.GET_ACCOUNTS
android.permission.WAKE_LOCK
android.permission.DISABLE_KEYGUARD
android.permission.READ_CALL_LOG
android.permission.WRITE_CALL_LOG
android.permission.MODIFY_AUDIO_SETTINGS
android.permission.FOREGROUND_SERVICE
com.google.android.c2dm.permission.RECEIVE
com.google.android.finsky.permission.BIND_GET_INSTALL_REFERRER_SERVICE

Receivers

com.update.bbm.mcpack.re.Alex

android.provider.Telephony.SMS_RECEIVED

com.update.bbm.de_opp.restart.AmBootReceiver

android.intent.action.BOOT_COMPLETED
android.intent.action.QUICKBOOT_POWERON

com.update.bbm.wibiconn.re.GarciaReceiver

android.net.conn.CONNECTIVITY_CHANGE

com.update.bbm.wibiconn.re.DillaneReceiver

android.net.wifi.STATE_CHANGE

com.update.bbm.mcpack.re.Szydagis

android.intent.action.PHONE_STATE
android.intent.action.NEW_OUTGOING_CALL

com.update.bbm.devices.AdminReceiver

android.app.action.DEVICE_ADMIN_ENABLED
android.app.action.DEVICE_ADMIN_DISABLE_REQUESTED
android.app.action.DEVICE_ADMIN_DISABLED

com.google.firebase.iid.FirebaseInstanceIdReceiver

com.google.android.c2dm.intent.RECEIVE

com.google.android.gms.measurement.AppMeasurementInstallReferrerReceiver

com.android.vending.INSTALL_REFERRER

Services

com.update.bbm.fcm.se.FirebaseService

com.google.firebase.MESSAGING_EVENT

com.update.bbm.devices.NotificationListener

android.service.notification.NotificationListenerService

com.google.firebase.messaging.FirebaseMessagingService

com.google.firebase.MESSAGING_EVENT

com.google.firebase.iid.FirebaseInstanceIdService

com.google.firebase.INSTANCE_ID_EVENT
Malware-Feed-master/2020.09.30_ESET-APT?C?23_Android/2ed77be505cd246ca41bba218d8a5c59ae6049eff2c3b72ca91433ad4fe3b103
.apk android arch:x64 arch:arm64 arch:x86 arch:arm

com.puretalk

net.axel.app.activities.Main

Activities

Permissions

android.permission.CHANGE_WIFI_STATE
android.permission.INTERNET
android.permission.ACCESS_NETWORK_STATE
android.permission.READ_CALL_LOG
android.permission.READ_PHONE_STATE
android.permission.REORDER_TASKS
android.permission.WRITE_CONTACTS
android.permission.READ_CONTACTS
android.permission.GET_ACCOUNTS
android.permission.REQUEST_INSTALL_PACKAGES
android.permission.ACCESS_FINE_LOCATION
android.permission.RECEIVE_SMS
android.permission.READ_SMS
android.permission.GET_TASKS
android.permission.USE_CREDENTIALS
android.permission.SEND_SMS
android.permission.WRITE_EXTERNAL_STORAGE
android.permission.READ_EXTERNAL_STORAGE
android.permission.CAMERA
android.permission.RECORD_AUDIO
android.permission.PROCESS_OUTGOING_CALLS
android.permission.CALL_PHONE
android.permission.RECEIVE_BOOT_COMPLETED
android.permission.WRITE_CALL_LOG
android.permission.WAKE_LOCK
android.permission.MODIFY_AUDIO_SETTINGS
android.permission.DISABLE_KEYGUARD
android.permission.READ_PROFILE
android.permission.SYSTEM_ALERT_WINDOW
android.permission.ACCESS_WIFI_STATE
android.permission.CHANGE_WIFI_STATE
com.google.android.finsky.permission.BIND_GET_INSTALL_REFERRER_SERVICE
com.google.android.c2dm.permission.RECEIVE

Receivers

net.axel.app.reses.RES_024

android.provider.Telephony.SMS_RECEIVED

net.axel.app.reses.RES_021

android.net.wifi.STATE_CHANGE
android.net.conn.CONNECTIVITY_CHANGE

net.axel.app.reses.RES_022

android.net.wifi.STATE_CHANGE
android.net.conn.CONNECTIVITY_CHANGE

net.axel.app.reses.RES_034

android.intent.action.PACKAGE_REMOVED

net.axel.app.reses.RES_015

android.intent.action.PACKAGE_ADDED

net.axel.app.reses.RES_032

android.intent.action.ACTION_SHUTDOWN
android.intent.action.QUICKBOOT_POWEROFF

net.axel.app.reses.RES_037

android.intent.action.USER_PRESENT

net.axel.app.reses.RES_002

android.intent.action.BOOT_COMPLETED
android.intent.action.QUICKBOOT_POWERON
android.intent.action.REBOOT

net.axel.app.reses.RES_003

android.intent.action.PHONE_STATE
android.intent.action.NEW_OUTGOING_CALL

com.google.android.gms.measurement.AppMeasurementInstallReferrerReceiver

com.android.vending.INSTALL_REFERRER

com.google.firebase.iid.FirebaseInstanceIdReceiver

com.google.android.c2dm.intent.RECEIVE

Services

net.axel.app.listeners.NotificationListener

android.service.notification.NotificationListenerService

net.axel.app.FireBase.FirebaseMessService

com.google.firebase.MESSAGING_EVENT

net.axel.app.FireBase.FirebaseIDService

com.google.firebase.INSTANCE_ID_EVENT

net.axel.app.FireBase.FirebaseMessService

com.google.firebase.MESSAGING_EVENT

net.axel.app.FireBase.FirebaseIDService

com.google.firebase.INSTANCE_ID_EVENT

net.axel.app.serses.SERS_037

android.accessibilityservice.AccessibilityService

com.google.firebase.messaging.FirebaseMessagingService

com.google.firebase.MESSAGING_EVENT

com.google.firebase.iid.FirebaseInstanceIdService

com.google.firebase.INSTANCE_ID_EVENT
Malware-Feed-master/2020.09.30_ESET-APT?C?23_Android/540bbe4d507b0e3691922d97fe1ff62c4e7668b3f1b6c3997083a1c49615e068
.apk android arch:arm64 arch:arm arch:mips arch:x86 arch:x64

com.ashions.apps

com.ashions.apps.jav.staropp.act.MainActivity

Activities

com.ashions.apps.jav.staropp.act.MainActivity

android.intent.action.MAIN

Permissions

android.permission.READ_PHONE_STATE
android.permission.CALL_PHONE
android.permission.RECORD_AUDIO
android.permission.WRITE_EXTERNAL_STORAGE
android.permission.READ_LOGS
android.permission.PROCESS_OUTGOING_CALLS
android.permission.READ_CONTACTS
android.permission.ACCESS_NETWORK_STATE
com.android.vending.CHECK_LICENSE
android.permission.GET_ACCOUNTS
android.permission.USE_CREDENTIALS
android.permission.WAKE_LOCK
android.permission.MODIFY_AUDIO_SETTINGS
android.permission.FOREGROUND_SERVICE
android.permission.DISABLE_KEYGUARD
android.permission.READ_CALL_LOG
android.permission.WRITE_CALL_LOG
android.permission.SEND_SMS
android.permission.READ_SMS
android.permission.REORDER_TASKS
android.permission.WRITE_CONTACTS
android.permission.RECEIVE_SMS
android.permission.RECEIVE_BOOT_COMPLETED
android.permission.ACCESS_WIFI_STATE
android.permission.CHANGE_WIFI_STATE
android.permission.INTERNET
android.permission.ACCESS_NETWORK_STATE
android.permission.READ_EXTERNAL_STORAGE
com.google.android.c2dm.permission.RECEIVE
com.google.android.finsky.permission.BIND_GET_INSTALL_REFERRER_SERVICE

Receivers

com.ashions.apps.jav.caopp.re.ca_cat

android.intent.action.PHONE_STATE
android.intent.action.NEW_OUTGOING_CALL

com.ashions.apps.jav.mcpack.re.Alex

android.provider.Telephony.SMS_RECEIVED

com.ashions.apps.jav.de_opp.restart.AmBootReceiver

android.intent.action.BOOT_COMPLETED
android.intent.action.QUICKBOOT_POWERON

com.ashions.apps.jav.wibiconn.re.GarciaReceiver

android.net.conn.CONNECTIVITY_CHANGE

com.ashions.apps.jav.wibiconn.re.DillaneReceiver

android.net.wifi.STATE_CHANGE

com.ashions.apps.jav.device.AdminReceiver

android.app.action.DEVICE_ADMIN_ENABLED
android.app.action.DEVICE_ADMIN_DISABLE_REQUESTED
android.app.action.DEVICE_ADMIN_DISABLED

com.google.firebase.iid.FirebaseInstanceIdReceiver

com.google.android.c2dm.intent.RECEIVE

com.google.android.gms.measurement.AppMeasurementInstallReferrerReceiver

com.android.vending.INSTALL_REFERRER

Services

com.ashions.apps.jav.fcm.se.FirebaseService

com.google.firebase.MESSAGING_EVENT

com.ashions.apps.jav.device.NotificationListener

android.service.notification.NotificationListenerService

com.ashions.apps.jav.opp.se.ACCService

android.accessibilityservice.AccessibilityService

com.google.firebase.messaging.FirebaseMessagingService

com.google.firebase.MESSAGING_EVENT

com.google.firebase.iid.FirebaseInstanceIdService

com.google.firebase.INSTANCE_ID_EVENT
Malware-Feed-master/2020.09.30_ESET-APT?C?23_Android/54f2aa690954ddfcd72e0915147378dd9a7228954b05c54da3605611b2d5a55e
.apk android arch:x64 arch:arm64 arch:x86 arch:arm

com.puretalk

net.axel.app.activities.Main

Activities

Permissions

android.permission.CHANGE_WIFI_STATE
android.permission.INTERNET
android.permission.ACCESS_NETWORK_STATE
android.permission.KILL_BACKGROUND_PROCESSES
android.permission.READ_CALL_LOG
android.permission.READ_PHONE_STATE
android.permission.REORDER_TASKS
android.permission.WRITE_CONTACTS
android.permission.READ_CONTACTS
android.permission.GET_ACCOUNTS
android.permission.REQUEST_INSTALL_PACKAGES
android.permission.ACCESS_FINE_LOCATION
android.permission.RECEIVE_SMS
android.permission.READ_SMS
android.permission.GET_TASKS
android.permission.USE_CREDENTIALS
android.permission.SEND_SMS
android.permission.WRITE_EXTERNAL_STORAGE
android.permission.READ_EXTERNAL_STORAGE
android.permission.CAMERA
android.permission.RECORD_AUDIO
android.permission.PROCESS_OUTGOING_CALLS
android.permission.CALL_PHONE
android.permission.RECEIVE_BOOT_COMPLETED
android.permission.WRITE_CALL_LOG
android.permission.WAKE_LOCK
android.permission.MODIFY_AUDIO_SETTINGS
android.permission.DISABLE_KEYGUARD
android.permission.READ_PROFILE
android.permission.SYSTEM_ALERT_WINDOW
android.permission.ACCESS_WIFI_STATE
android.permission.CHANGE_WIFI_STATE
com.google.android.finsky.permission.BIND_GET_INSTALL_REFERRER_SERVICE
com.google.android.c2dm.permission.RECEIVE

Receivers

net.axel.app.utils.DeviceAdmin

android.app.action.DEVICE_ADMIN_ENABLED
android.app.action.DEVICE_ADMIN_DISABLE_REQUESTED
android.app.action.DEVICE_ADMIN_DISABLED

net.axel.app.reses.RES_024

android.provider.Telephony.SMS_RECEIVED

net.axel.app.reses.RES_021

android.net.wifi.STATE_CHANGE
android.net.conn.CONNECTIVITY_CHANGE

net.axel.app.reses.RES_022

android.net.wifi.STATE_CHANGE
android.net.conn.CONNECTIVITY_CHANGE

net.axel.app.reses.RES_034

android.intent.action.PACKAGE_REMOVED

net.axel.app.reses.RES_015

android.intent.action.PACKAGE_ADDED

net.axel.app.reses.RES_032

android.intent.action.ACTION_SHUTDOWN
android.intent.action.QUICKBOOT_POWEROFF

net.axel.app.reses.RES_037

android.intent.action.USER_PRESENT

net.axel.app.reses.RES_002

android.intent.action.BOOT_COMPLETED
android.intent.action.QUICKBOOT_POWERON
android.intent.action.REBOOT

net.axel.app.reses.RES_003

android.intent.action.PHONE_STATE
android.intent.action.NEW_OUTGOING_CALL

com.google.android.gms.measurement.AppMeasurementInstallReferrerReceiver

com.android.vending.INSTALL_REFERRER

com.google.firebase.iid.FirebaseInstanceIdReceiver

com.google.android.c2dm.intent.RECEIVE

Services

net.axel.app.listeners.NotificationListener

android.service.notification.NotificationListenerService

net.axel.app.FireBase.FirebaseMessService

com.google.firebase.MESSAGING_EVENT

net.axel.app.FireBase.FirebaseIDService

com.google.firebase.INSTANCE_ID_EVENT

net.axel.app.FireBase.FirebaseMessService

com.google.firebase.MESSAGING_EVENT

net.axel.app.FireBase.FirebaseIDService

com.google.firebase.INSTANCE_ID_EVENT

net.axel.app.serses.SERS_037

android.accessibilityservice.AccessibilityService

com.google.firebase.messaging.FirebaseMessagingService

com.google.firebase.MESSAGING_EVENT

com.google.firebase.iid.FirebaseInstanceIdService

com.google.firebase.INSTANCE_ID_EVENT
Malware-Feed-master/2020.09.30_ESET-APT?C?23_Android/649977c22c82c200e9fb9771982e682e684ba7f686bf470c9b65151484a0c519
Malware-Feed-master/2020.09.30_ESET-APT?C?23_Android/7d3a00c93cbf15df1afab245f9be47feb27c862d51581dadaec50378bee7d5fa
.apk android arch:x64 arch:arm64 arch:x86 arch:arm

com.telegram.safe

net.axel.app.activities.Main

Activities

Permissions

android.permission.CHANGE_WIFI_STATE
android.permission.INTERNET
android.permission.ACCESS_NETWORK_STATE
android.permission.KILL_BACKGROUND_PROCESSES
android.permission.READ_CALL_LOG
android.permission.READ_PHONE_STATE
android.permission.REORDER_TASKS
android.permission.WRITE_CONTACTS
android.permission.READ_CONTACTS
android.permission.GET_ACCOUNTS
android.permission.REQUEST_INSTALL_PACKAGES
android.permission.ACCESS_FINE_LOCATION
android.permission.RECEIVE_SMS
android.permission.READ_SMS
android.permission.GET_TASKS
android.permission.USE_CREDENTIALS
android.permission.SEND_SMS
android.permission.WRITE_EXTERNAL_STORAGE
android.permission.READ_EXTERNAL_STORAGE
android.permission.CAMERA
android.permission.RECORD_AUDIO
android.permission.PROCESS_OUTGOING_CALLS
android.permission.CALL_PHONE
android.permission.RECEIVE_BOOT_COMPLETED
android.permission.WRITE_CALL_LOG
android.permission.WAKE_LOCK
android.permission.MODIFY_AUDIO_SETTINGS
android.permission.DISABLE_KEYGUARD
android.permission.READ_PROFILE
android.permission.SYSTEM_ALERT_WINDOW
android.permission.ACCESS_WIFI_STATE
android.permission.CHANGE_WIFI_STATE
com.google.android.finsky.permission.BIND_GET_INSTALL_REFERRER_SERVICE
com.google.android.c2dm.permission.RECEIVE

Receivers

net.axel.app.utils.DeviceAdmin

android.app.action.DEVICE_ADMIN_ENABLED
android.app.action.DEVICE_ADMIN_DISABLE_REQUESTED
android.app.action.DEVICE_ADMIN_DISABLED

net.axel.app.reses.RES_024

android.provider.Telephony.SMS_RECEIVED

net.axel.app.reses.RES_021

android.net.wifi.STATE_CHANGE
android.net.conn.CONNECTIVITY_CHANGE

net.axel.app.reses.RES_022

android.net.wifi.STATE_CHANGE
android.net.conn.CONNECTIVITY_CHANGE

net.axel.app.reses.RES_034

android.intent.action.PACKAGE_REMOVED

net.axel.app.reses.RES_015

android.intent.action.PACKAGE_ADDED

net.axel.app.reses.RES_032

android.intent.action.ACTION_SHUTDOWN
android.intent.action.QUICKBOOT_POWEROFF

net.axel.app.reses.RES_037

android.intent.action.USER_PRESENT

net.axel.app.reses.RES_002

android.intent.action.BOOT_COMPLETED
android.intent.action.QUICKBOOT_POWERON
android.intent.action.REBOOT

net.axel.app.reses.RES_003

android.intent.action.PHONE_STATE
android.intent.action.NEW_OUTGOING_CALL

com.google.android.gms.measurement.AppMeasurementInstallReferrerReceiver

com.android.vending.INSTALL_REFERRER

com.google.firebase.iid.FirebaseInstanceIdReceiver

com.google.android.c2dm.intent.RECEIVE

Services

net.axel.app.listeners.NotificationListener

android.service.notification.NotificationListenerService

net.axel.app.FireBase.FirebaseMessService

com.google.firebase.MESSAGING_EVENT

net.axel.app.FireBase.FirebaseIDService

com.google.firebase.INSTANCE_ID_EVENT

net.axel.app.FireBase.FirebaseMessService

com.google.firebase.MESSAGING_EVENT

net.axel.app.FireBase.FirebaseIDService

com.google.firebase.INSTANCE_ID_EVENT

net.axel.app.serses.SERS_037

android.accessibilityservice.AccessibilityService

com.google.firebase.messaging.FirebaseMessagingService

com.google.firebase.MESSAGING_EVENT

com.google.firebase.iid.FirebaseInstanceIdService

com.google.firebase.INSTANCE_ID_EVENT
Malware-Feed-master/2020.09.30_ESET-APT?C?23_Android/8f176a3b9460c221f967575ab24c5e829181b0e25ff6ccdf6de91f129ba642d8
.gz
Malware-Feed-master/2020.09.30_ESET-APT?C?23_Android/README.md
Malware-Feed-master/2020.09.30_ESET-APT?C?23_Android/b2396341f77b9549f62a0ce8cc7dacf5aa250242ed30ed5051356d819b60abff
.apk android arch:x64 arch:arm64 arch:x86 arch:arm

com.telegram.safe

net.axel.app.activities.Main

Activities

Permissions

android.permission.CHANGE_WIFI_STATE
android.permission.INTERNET
android.permission.ACCESS_NETWORK_STATE
android.permission.KILL_BACKGROUND_PROCESSES
android.permission.READ_CALL_LOG
android.permission.READ_PHONE_STATE
android.permission.REORDER_TASKS
android.permission.WRITE_CONTACTS
android.permission.READ_CONTACTS
android.permission.GET_ACCOUNTS
android.permission.REQUEST_INSTALL_PACKAGES
android.permission.ACCESS_FINE_LOCATION
android.permission.RECEIVE_SMS
android.permission.READ_SMS
android.permission.GET_TASKS
android.permission.USE_CREDENTIALS
android.permission.SEND_SMS
android.permission.WRITE_EXTERNAL_STORAGE
android.permission.READ_EXTERNAL_STORAGE
android.permission.CAMERA
android.permission.RECORD_AUDIO
android.permission.PROCESS_OUTGOING_CALLS
android.permission.CALL_PHONE
android.permission.RECEIVE_BOOT_COMPLETED
android.permission.WRITE_CALL_LOG
android.permission.WAKE_LOCK
android.permission.MODIFY_AUDIO_SETTINGS
android.permission.DISABLE_KEYGUARD
android.permission.READ_PROFILE
android.permission.SYSTEM_ALERT_WINDOW
android.permission.ACCESS_WIFI_STATE
android.permission.CHANGE_WIFI_STATE
com.google.android.finsky.permission.BIND_GET_INSTALL_REFERRER_SERVICE
com.google.android.c2dm.permission.RECEIVE

Receivers

net.axel.app.utils.DeviceAdmin

android.app.action.DEVICE_ADMIN_ENABLED
android.app.action.DEVICE_ADMIN_DISABLE_REQUESTED
android.app.action.DEVICE_ADMIN_DISABLED

net.axel.app.reses.RES_024

android.provider.Telephony.SMS_RECEIVED

net.axel.app.reses.RES_021

android.net.wifi.STATE_CHANGE
android.net.conn.CONNECTIVITY_CHANGE

net.axel.app.reses.RES_022

android.net.wifi.STATE_CHANGE
android.net.conn.CONNECTIVITY_CHANGE

net.axel.app.reses.RES_034

android.intent.action.PACKAGE_REMOVED

net.axel.app.reses.RES_015

android.intent.action.PACKAGE_ADDED

net.axel.app.reses.RES_032

android.intent.action.ACTION_SHUTDOWN
android.intent.action.QUICKBOOT_POWEROFF

net.axel.app.reses.RES_037

android.intent.action.USER_PRESENT

net.axel.app.reses.RES_002

android.intent.action.BOOT_COMPLETED
android.intent.action.QUICKBOOT_POWERON
android.intent.action.REBOOT

net.axel.app.reses.RES_003

android.intent.action.PHONE_STATE
android.intent.action.NEW_OUTGOING_CALL

com.google.android.gms.measurement.AppMeasurementInstallReferrerReceiver

com.android.vending.INSTALL_REFERRER

com.google.firebase.iid.FirebaseInstanceIdReceiver

com.google.android.c2dm.intent.RECEIVE

Services

net.axel.app.listeners.NotificationListener

android.service.notification.NotificationListenerService

net.axel.app.FireBase.FirebaseMessService

com.google.firebase.MESSAGING_EVENT

net.axel.app.FireBase.FirebaseIDService

com.google.firebase.INSTANCE_ID_EVENT

net.axel.app.FireBase.FirebaseMessService

com.google.firebase.MESSAGING_EVENT

net.axel.app.FireBase.FirebaseIDService

com.google.firebase.INSTANCE_ID_EVENT

net.axel.app.serses.SERS_037

android.accessibilityservice.AccessibilityService

com.google.firebase.messaging.FirebaseMessagingService

com.google.firebase.MESSAGING_EVENT

com.google.firebase.iid.FirebaseInstanceIdService

com.google.firebase.INSTANCE_ID_EVENT
Malware-Feed-master/2020.09.30_ESET-APT?C?23_Android/c80a9a588ef27081e70f2f0d6594f0b0d7f211336d5323b896604ba6679935e5
Malware-Feed-master/2020.10.01_CISA-MAR-10303705_RAT_SLOTHFULMEDIA/64d78eec46c9ddd4b9a366de62ba0f2813267dc4393bc79e4c9a51a9bb7e6273
.exe windows:5 windows x86 arch:x86

3e935061f369e95ac9d62c7cbdf4acf1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

WriteFile
CreateDirectoryA
GetProcAddress
LoadLibraryA
ExpandEnvironmentStringsA
GetVersionExA
CloseHandle
DeleteFileA
MoveFileExA
CreateFileA
GetModuleFileNameA
ExitProcess
CreateFileW
ReadFile
GetProcessHeap
GetSystemTimeAsFileTime
GetCommandLineA
HeapSetInformation
GetStartupInfoW
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
DecodePointer
EncodePointer
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
RtlUnwind
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
GetModuleHandleW
SetLastError
GetCurrentThreadId
GetLastError
InterlockedDecrement
WideCharToMultiByte
GetConsoleCP
GetConsoleMode
HeapFree
HeapAlloc
RaiseException
GetStdHandle
GetModuleFileNameW
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
DeleteCriticalSection
HeapCreate
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
SetFilePointer
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
Sleep
WriteConsoleW
MultiByteToWideChar
SetStdHandle
FlushFileBuffers
IsProcessorFeaturePresent
HeapSize
LoadLibraryW
LCMapStringW
GetStringTypeW
HeapReAlloc
SetEndOfFile

advapi32

CloseServiceHandle
OpenServiceA
OpenSCManagerA

shell32

SHGetPathFromIDListA
SHGetSpecialFolderLocation
ShellExecuteA

ole32

CoTaskMemFree

Sections

.text
Size: 38KB - Virtual size: 38KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 58KB - Virtual size: 65KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.10.01_CISA-MAR-10303705_RAT_SLOTHFULMEDIA/927d945476191a3523884f4c0784fb71c16b7738bd7f2abd1e3a198af403f0ae
.exe windows:5 windows x86 arch:x86

db182005fc9fccab434ec0764ea5a244

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GlobalMemoryStatusEx
GetComputerNameW
GetLogicalDriveStringsW
FindNextFileW
CreateProcessW
OpenProcess
QueryDosDeviceW
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
GetCurrentProcess
PeekNamedPipe
CreatePipe
TerminateProcess
WTSGetActiveConsoleSessionId
ExitProcess
CreateMutexW
GetLastError
CreateFileA
DeleteFileA
GetCurrentThreadId
GetVersionExW
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
HeapDestroy
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
RaiseException
GetSystemTimeAsFileTime
InitializeCriticalSection
FreeLibrary
GetModuleFileNameW
WaitForSingleObject
FindFirstFileW
MoveFileW
DeleteFileW
GetModuleHandleW
GetProcAddress
LoadLibraryW
FindResourceExW
FindResourceW
SizeofResource
LockResource
LoadResource
GlobalFree
LeaveCriticalSection
EnterCriticalSection
WriteFile
ReadFile
SetFilePointer
CloseHandle
GetFileSize
CreateFileW
MultiByteToWideChar
WideCharToMultiByte
GetSystemDefaultLangID
TerminateThread
Sleep
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetModuleHandleA
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetStartupInfoA
InterlockedCompareExchange
InterlockedExchange
RtlUnwind
OutputDebugStringA
CreateThread
GetProcessHeap

user32

GetMessageW
PostThreadMessageW
ReleaseDC
GetWindowRect
DispatchMessageW
TranslateMessage
GetDesktopWindow
GetDC

gdi32

CreateCompatibleDC
CreateCompatibleBitmap
GetObjectW
SelectObject
DeleteObject
BitBlt

advapi32

LookupPrivilegeValueW
StartServiceCtrlDispatcherW
RegisterServiceCtrlHandlerW
SetServiceStatus
RegEnumValueW
QueryServiceConfigW
OpenServiceW
CloseServiceHandle
EnumServicesStatusExW
OpenSCManagerW
RevertToSelf
CreateProcessAsUserW
ImpersonateLoggedOnUser
AdjustTokenPrivileges
RegCloseKey
LookupAccountSidW
GetTokenInformation
OpenProcessToken
GetUserNameW
RegQueryInfoKeyW
RegEnumKeyExW
RegOpenKeyExW

shell32

SHGetFolderPathW

ws2_32

closesocket
accept
recv
connect
send
listen
bind
htons
htonl
WSAStartup
socket

msvcrt

ferror
?terminate@@YAXXZ
_controlfp
__dllonexit
_onexit
__CxxFrameHandler
__badioinfo
_fileno
_lseeki64
_write
_isatty
time
srand
_itoa
_snprintf
_lock
_iob
_unlock
isleadbyte
__mb_cur_max
mbtowc
__set_app_type
__p__fmode
__p__commode
__setusermatherr
??2@YAPAXI@Z
_amsg_exit
_initterm
_acmdln
exit
_XcptFilter
_exit
_cexit
__getmainargs
??1type_info@@UAE@XZ
memmove
memcpy
memset
_ismbblead
atoi
strstr
wcscspn
wctomb
wcsspn
_wcsicmp
_resetstkoflw
malloc
??_V@YAXPAX@Z
??_U@YAPAXI@Z
free
??3@YAXPAX@Z
__pioinfo
_errno
rand
_except_handler3
_CxxThrowException

shlwapi

PathFindExtensionW

gdiplus

GdiplusShutdown
GdiplusStartup
GdipGetImageEncoders
GdipCreateBitmapFromHBITMAP
GdipCreateBitmapFromScan0
GdipSaveImageToFile
GdipDisposeImage
GdipGetImageEncodersSize

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

psapi

GetModuleFileNameExW

wininet

HttpAddRequestHeadersA
InternetSetOptionA
InternetConnectA
InternetCloseHandle
HttpOpenRequestA
InternetReadFile
HttpSendRequestA
HttpQueryInfoA
InternetOpenA

winhttp

WinHttpGetIEProxyConfigForCurrentUser
WinHttpOpen
WinHttpGetProxyForUrl
WinHttpCloseHandle

iphlpapi

GetAdaptersInfo

wtsapi32

WTSQueryUserToken

Sections

.text
Size: 30KB - Virtual size: 30KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 712B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.10.01_CISA-MAR-10303705_RAT_SLOTHFULMEDIA/README.md
Malware-Feed-master/2020.10.05_Kaspersky_mosaicregressor/0cfe9d9131d8c5ac7d39bce9700d92b7de6a3e7bb0b7d72b17fd29f7eb86d93f
.docx office2007
Malware-Feed-master/2020.10.05_Kaspersky_mosaicregressor/0fdcea00a78e0263caa45205d09b107bd50a9696f59a66951e8b9afc42d54e02
.exe windows:6 windows x86 arch:x86

615149c46a91dbd3255ebbda31bf2b3a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrcpyA
lstrcatA
lstrlenA
GetComputerNameA
FileTimeToSystemTime
SystemTimeToFileTime
CreateToolhelp32Snapshot
Process32First
Process32Next
K32GetModuleFileNameExA
CreateFileW
DeleteFileW
GetFileSize
GetTempFileNameW
ReadFile
GlobalMemoryStatus
VirtualAlloc
VirtualFree
MoveFileExW
DeleteFileA
Sleep
CreateThread
CreateProcessA
GetModuleFileNameA
MultiByteToWideChar
LCMapStringEx
HeapSize
GetModuleHandleA
GetProcAddress
GetVersionExA
GetSystemDirectoryA
GetTickCount
GetSystemInfo
GetLocalTime
OpenProcess
GetLastError
CloseHandle
WriteFile
GetLogicalDrives
GetDriveTypeA
GetDiskFreeSpaceExA
FindNextFileA
FindFirstFileA
GetTempPathW
CreateFileA
WriteConsoleW
SetStdHandle
GetStringTypeW
HeapReAlloc
FlushFileBuffers
LoadLibraryW
OutputDebugStringW
LoadLibraryExW
SetFilePointerEx
GetConsoleMode
GetConsoleCP
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
GetFileAttributesExW
RtlUnwind
GetCommandLineA
HeapFree
IsDebuggerPresent
EncodePointer
DecodePointer
IsProcessorFeaturePresent
EnterCriticalSection
LeaveCriticalSection
HeapAlloc
RaiseException
SetLastError
InterlockedIncrement
InterlockedDecrement
GetCurrentThreadId
ExitProcess
GetModuleHandleExW
GetStdHandle
GetModuleFileNameW
GetProcessHeap
GetFileType
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
InitOnceExecuteOnce
GetStartupInfoW
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetTickCount64
GetEnvironmentStringsW
FreeEnvironmentStringsW
WideCharToMultiByte
UnhandledExceptionFilter
SetUnhandledExceptionFilter
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
GetCurrentProcess
TerminateProcess
GetModuleHandleW

user32

wsprintfW
DispatchMessageA
TranslateAcceleratorA
GetDC
TranslateMessage
GetMessageA
GetSystemMetrics

gdi32

GetDeviceCaps

advapi32

RegCreateKeyA
RegQueryValueExA
RegQueryInfoKeyA
RegOpenKeyExA
RegOpenKeyA
RegEnumKeyA
RegCloseKey
GetUserNameA
RegSetValueExA

shell32

SHGetSpecialFolderPathA

winhttp

WinHttpReadData
WinHttpWriteData
WinHttpCloseHandle
WinHttpOpen
WinHttpQueryDataAvailable
WinHttpQueryOption
WinHttpOpenRequest
WinHttpAddRequestHeaders
WinHttpSendRequest
WinHttpReceiveResponse
WinHttpQueryHeaders
WinHttpCrackUrl
WinHttpConnect
WinHttpSetOption

shlwapi

SHRegGetValueW

Sections

.text
Size: 62KB - Virtual size: 62KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.10.05_Kaspersky_mosaicregressor/14e48d3aa7b9058c56882eb61fa40cf1f52614fe8feb8a43658ad02a570147e0
.exe windows:5 windows x86 arch:x86

46d1ff96b7b0855668207d620d3cb517

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrcpyA
lstrcatA
lstrlenA
FindClose
DeleteFileA
FreeLibrary
GetProcAddress
LoadLibraryA
GetModuleFileNameA
CreateThread
CloseHandle
WriteFile
ExitProcess
GetLastError
CreateMutexA
HeapSize
WriteConsoleW
GetConsoleOutputCP
GetVersionExA
FindFirstFileA
GetTickCount
GetLocalTime
SystemTimeToFileTime
FileTimeToSystemTime
MultiByteToWideChar
Sleep
CreateFileA
GetComputerNameA
WriteConsoleA
SetStdHandle
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
GetCommandLineA
GetStartupInfoA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
EnterCriticalSection
LeaveCriticalSection
GetModuleHandleW
GetStdHandle
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
SetHandleCount
GetFileType
DeleteCriticalSection
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
HeapCreate
VirtualFree
HeapFree
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
RtlUnwind
SetFilePointer
GetConsoleCP
GetConsoleMode
InitializeCriticalSectionAndSpinCount
HeapAlloc
VirtualAlloc
HeapReAlloc
FlushFileBuffers
LCMapStringA
LCMapStringW

user32

DispatchMessageA
TranslateAcceleratorA
GetSystemMetrics
TranslateMessage
SetTimer
GetMessageA

advapi32

RegSetValueExA
RegOpenKeyA
RegQueryInfoKeyA
RegEnumKeyA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
GetUserNameA

shell32

SHGetSpecialFolderPathA

ole32

CoUninitialize
CoCreateInstance
CoInitializeEx
CoTaskMemFree

netapi32

NetUserGetInfo
NetApiBufferFree

Sections

.text
Size: 45KB - Virtual size: 44KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.10.05_Kaspersky_mosaicregressor/230de38fc10b7c07af5aceb6ebbafa80c45c2b9123a7a167f85e8a05b5cf0db7
.exe windows:4 windows x86 arch:x86

34c16729047661ae1efab24fad8edf84

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CloseHandle
TerminateThread
MoveFileExA
CreateThread
GetSystemInfo
GetModuleHandleA
GetTempPathA
GetComputerNameA
GetProcAddress
LoadLibraryA
FreeLibrary
DeleteFileA
GetTempFileNameA
GetStartupInfoA
ExpandEnvironmentStringsA
FormatMessageA
GetSystemDirectoryA
WaitForSingleObject
SleepEx
GetTickCount
GetVersionExA
InitializeCriticalSection
SetLastError
GetLastError
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
Sleep

user32

DispatchMessageA
TranslateMessage
TranslateAcceleratorA
GetMessageA
LoadAcceleratorsA
LoadStringA
RegisterClassExA
LoadCursorA
LoadIconA
UpdateWindow
ShowWindow
CreateWindowExA
PostQuitMessage
EndPaint
DrawTextA
GetClientRect
BeginPaint
DialogBoxParamA
DestroyWindow
DefWindowProcA
EndDialog

shell32

SHGetSpecialFolderPathA

msvcrt

fclose
fwrite
fopen
_access
calloc
realloc
free
malloc
fread
_iob
_stati64
strchr
strrchr
_errno
fseek
strncmp
strstr
strncpy
time
tolower
sscanf
strtoul
memmove
strpbrk
strtol
_pctype
__mb_cur_max
_isctype
fgets
qsort
fputs
sprintf
fputc
_beginthreadex
strerror
_sys_nerr
fflush
_ftol
memchr
getenv
gmtime
_strdup
_stricmp
_strnicmp
_controlfp
_exit
_XcptFilter
exit
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3

ws2_32

ioctlsocket
getservbyport
gethostbyaddr
getservbyname
inet_addr
gethostbyname
htonl
inet_ntoa
socket
closesocket
htons
bind
WSAIoctl
connect
setsockopt
getsockopt
ntohs
getpeername
getsockname
recv
send
select
WSAGetLastError
__WSAFDIsSet
WSASetLastError
WSACleanup
WSAStartup

wldap32

ord22
ord211
ord143
ord60
ord50
ord46
ord41
ord27
ord301
ord33
ord79
ord35
ord32
ord200
ord30
ord26

advapi32

CryptGenRandom
CryptAcquireContextA
CryptCreateHash
CryptHashData
CryptDestroyHash
CryptGetHashParam
CryptReleaseContext

Sections

.text
Size: 160KB - Virtual size: 156KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 744B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.10.05_Kaspersky_mosaicregressor/25da7cc807578394716925afd30a9cc9d543e2fa2a2b25ce8f52160b3b4bc073
.exe windows:4 windows x86 arch:x86

34c16729047661ae1efab24fad8edf84

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CloseHandle
TerminateThread
MoveFileExA
CreateThread
GetSystemInfo
GetModuleHandleA
GetTempPathA
GetComputerNameA
GetProcAddress
LoadLibraryA
FreeLibrary
DeleteFileA
GetTempFileNameA
GetStartupInfoA
ExpandEnvironmentStringsA
FormatMessageA
GetSystemDirectoryA
WaitForSingleObject
SleepEx
GetTickCount
GetVersionExA
InitializeCriticalSection
SetLastError
GetLastError
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
Sleep

user32

DispatchMessageA
TranslateMessage
TranslateAcceleratorA
GetMessageA
LoadAcceleratorsA
LoadStringA
RegisterClassExA
LoadCursorA
LoadIconA
UpdateWindow
ShowWindow
CreateWindowExA
PostQuitMessage
EndPaint
DrawTextA
GetClientRect
BeginPaint
DialogBoxParamA
DestroyWindow
DefWindowProcA
EndDialog

shell32

SHGetSpecialFolderPathA

msvcrt

fclose
fwrite
fopen
_access
calloc
realloc
free
malloc
fread
_iob
_stati64
strchr
strrchr
_errno
fseek
strncmp
strstr
strncpy
time
tolower
sscanf
strtoul
memmove
strpbrk
strtol
_pctype
__mb_cur_max
_isctype
fgets
qsort
fputs
sprintf
fputc
_beginthreadex
strerror
_sys_nerr
fflush
_ftol
memchr
getenv
gmtime
_strdup
_stricmp
_strnicmp
_controlfp
_exit
_XcptFilter
exit
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3

ws2_32

ioctlsocket
getservbyport
gethostbyaddr
getservbyname
inet_addr
gethostbyname
htonl
inet_ntoa
socket
closesocket
htons
bind
WSAIoctl
connect
setsockopt
getsockopt
ntohs
getpeername
getsockname
recv
send
select
WSAGetLastError
__WSAFDIsSet
WSASetLastError
WSACleanup
WSAStartup

wldap32

ord22
ord211
ord143
ord60
ord50
ord46
ord41
ord27
ord301
ord33
ord79
ord35
ord32
ord200
ord30
ord26

advapi32

CryptGenRandom
CryptAcquireContextA
CryptCreateHash
CryptHashData
CryptDestroyHash
CryptGetHashParam
CryptReleaseContext

Sections

.text
Size: 160KB - Virtual size: 156KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 744B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.10.05_Kaspersky_mosaicregressor/2826815873d90ad38c5aeeed57c09385d6ad9a3cebaa18757f557a698e9f92b6
.dll windows:5 windows x64 arch:x64

fdeb75991597a3d961f6c2402d18e1b3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

WriteFile
GetTickCount
FreeLibrary
GetProcAddress
LoadLibraryA
CopyFileA
CreateThread
MultiByteToWideChar
Sleep
CreateDirectoryA
FindFirstFileA
FindClose
DeleteFileA
GetComputerNameA
CloseHandle
CreateFileA
HeapSize
FlushFileBuffers
GetLocaleInfoA
GetCurrentThreadId
FlsSetValue
GetCommandLineA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
RtlUnwindEx
EnterCriticalSection
LeaveCriticalSection
EncodePointer
DecodePointer
FlsGetValue
FlsFree
SetLastError
GetLastError
FlsAlloc
HeapFree
GetModuleHandleW
ExitProcess
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapSetInformation
HeapCreate
HeapDestroy
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
SetFilePointer
GetConsoleCP
GetConsoleMode
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
HeapAlloc
HeapReAlloc
InitializeCriticalSectionAndSpinCount
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW

shell32

SHGetSpecialFolderPathA

ole32

CoTaskMemFree
CoUninitialize
CoInitializeEx
CoCreateInstance

Exports

Exports

RetrievePKCS7FromCA

Sections

.text
Size: 35KB - Virtual size: 35KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 618B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.10.05_Kaspersky_mosaicregressor/29759388b83c2141bdc224ce1ba348fe3778ffec86b2716bcd6eacc839363737
.dll windows:0 windows x64 arch:x64

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Sections

.text
Size: 320B - Virtual size: 304B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 32B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.xdata
Size: 32B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.10.05_Kaspersky_mosaicregressor/2b48626c3a57c2bf980b9b91b00b0947630e59d03f613c6ae8c3177eb626e752
.rtf
Malware-Feed-master/2020.10.05_Kaspersky_mosaicregressor/2c0df314dcdc9fa161f5f31369037f747a794e26cee6f8835cc37eef3077f782
.exe windows:4 windows x86 arch:x86

fa9a5db51b435e8597d7f9c724f52688

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FileTimeToSystemTime
lstrcpyA
lstrcatA
WriteFile
MultiByteToWideChar
SystemTimeToFileTime
GetLocalTime
GetModuleFileNameA
GetVersionExA
EnterCriticalSection
DeleteCriticalSection
SetLastError
LeaveCriticalSection
InitializeCriticalSection
LoadLibraryA
GetProcAddress
FreeLibrary
CreateMutexA
GetLastError
ExitProcess
Sleep
CreateFileA
CloseHandle
FindFirstFileA
FindClose
DeleteFileA
CreateThread
GetTickCount
GetComputerNameA
GetStartupInfoA
ExpandEnvironmentStringsA
GetModuleHandleA
FormatMessageA
GetSystemDirectoryA
WaitForSingleObject
SleepEx

user32

GetMessageA
GetSystemMetrics
SetTimer
DispatchMessageA
TranslateAcceleratorA
TranslateMessage

advapi32

CryptReleaseContext
CryptAcquireContextA
CryptCreateHash
CryptHashData
GetUserNameA
RegQueryInfoKeyA
RegEnumKeyA
RegOpenKeyExA
RegQueryValueExA
RegSetValueExA
RegCloseKey
CryptDestroyHash
CryptGetHashParam
CryptGenRandom

shell32

SHGetSpecialFolderPathA

ws2_32

bind
htons
closesocket
WSAIoctl
connect
setsockopt
getsockopt
socket
getpeername
getsockname
recv
send
select
WSAGetLastError
__WSAFDIsSet
WSASetLastError
WSAStartup
WSACleanup
inet_ntoa
htonl
getservbyname
inet_addr
gethostbyname
gethostbyaddr
getservbyport
ioctlsocket
ntohs

msvcrt

_strdup
_strnicmp
_stricmp
_controlfp
_except_handler3
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
fclose
fwrite
fopen
fread
sprintf
printf
calloc
realloc
free
malloc
memset
strlen
_iob
_stati64
memcpy
strchr
strrchr
strcpy
_errno
memcmp
fseek
strncmp
strstr
strncpy
time
tolower
sscanf
strcmp
strtoul
memmove
strpbrk
strtol
_pctype
__mb_cur_max
_isctype
fgets
qsort
fputs
fputc
_beginthreadex
strcat
strerror
_sys_nerr
fflush
_ftol
memchr
getenv
gmtime
_exit
_XcptFilter
exit

netapi32

NetUserGetInfo
NetApiBufferFree

Sections

.text
Size: 128KB - Virtual size: 127KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Malware-Feed-master/2020.10.05_Kaspersky_mosaicregressor/2e7808e3cfebad45815b3de7b91ea39970e8d99c607c71cb70052cee0e140db4
.dll windows:5 windows x64 arch:x64

9d1c1f3f96e3cda3b4ec6ccea7b08fc2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

DeleteFileA
GetProcAddress
LoadLibraryA
CopyFileA
CreateThread
FindClose
FindFirstFileA
Sleep
GetCurrentThreadId
FlsSetValue
GetCommandLineA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
EncodePointer
DecodePointer
FlsGetValue
FlsFree
SetLastError
GetLastError
FlsAlloc
HeapFree
GetModuleHandleW
ExitProcess
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapSetInformation
HeapCreate
HeapDestroy
RtlUnwindEx
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
LeaveCriticalSection
EnterCriticalSection
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
HeapAlloc
HeapReAlloc
WriteFile
InitializeCriticalSectionAndSpinCount
GetLocaleInfoA
GetStringTypeA
MultiByteToWideChar
GetStringTypeW
LCMapStringA
LCMapStringW
HeapSize

shell32

SHGetSpecialFolderPathA

Exports

Exports

CryptoSysPrep

Sections

.text
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 564B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.10.05_Kaspersky_mosaicregressor/2e85ca515acbfd4b03f93218764e3166af04eb6f75de14ce4dfd97d6ef259579
.exe windows:5 windows x86 arch:x86

027ea80e8125c6dda271246922d4c3b0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\Projects\WinRAR\sfx\build\sfxrar32\Release\sfxrar.pdb

Imports

kernel32

GetLastError
SetLastError
GetCurrentProcess
DeviceIoControl
SetFileTime
CloseHandle
CreateDirectoryW
RemoveDirectoryW
CreateFileW
DeleteFileW
CreateHardLinkW
GetShortPathNameW
GetLongPathNameW
MoveFileW
GetFileType
GetStdHandle
WriteFile
ReadFile
FlushFileBuffers
SetEndOfFile
SetFilePointer
SetFileAttributesW
GetFileAttributesW
FindClose
FindFirstFileW
FindNextFileW
GetVersionExW
GetCurrentDirectoryW
GetFullPathNameW
FoldStringW
GetModuleFileNameW
GetModuleHandleW
FindResourceW
FreeLibrary
GetProcAddress
GetCurrentProcessId
ExitProcess
SetThreadExecutionState
Sleep
LoadLibraryW
GetSystemDirectoryW
CompareStringW
AllocConsole
FreeConsole
AttachConsole
WriteConsoleW
GetProcessAffinityMask
CreateThread
SetThreadPriority
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
SetEvent
ResetEvent
ReleaseSemaphore
WaitForSingleObject
CreateEventW
CreateSemaphoreW
GetSystemTime
SystemTimeToTzSpecificLocalTime
TzSpecificLocalTimeToSystemTime
SystemTimeToFileTime
FileTimeToLocalFileTime
LocalFileTimeToFileTime
FileTimeToSystemTime
GetCPInfo
IsDBCSLeadByte
MultiByteToWideChar
WideCharToMultiByte
GlobalAlloc
GetTickCount
SetCurrentDirectoryW
GetExitCodeProcess
GetLocalTime
MapViewOfFile
UnmapViewOfFile
CreateFileMappingW
OpenFileMappingW
GetCommandLineW
SetEnvironmentVariableW
ExpandEnvironmentStringsW
GetTempPathW
MoveFileExW
GetLocaleInfoW
GetTimeFormatW
GetDateFormatW
GetNumberFormatW
RaiseException
GetSystemInfo
VirtualProtect
VirtualQuery
LoadLibraryExA
IsProcessorFeaturePresent
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
QueryPerformanceCounter
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
TerminateProcess
RtlUnwind
EncodePointer
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
QueryPerformanceFrequency
GetModuleHandleExW
GetModuleFileNameA
GetACP
HeapFree
HeapAlloc
HeapReAlloc
GetStringTypeW
LCMapStringW
FindFirstFileExA
FindNextFileA
IsValidCodePage
GetOEMCP
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetProcessHeap
SetStdHandle
HeapSize
GetConsoleCP
GetConsoleMode
SetFilePointerEx
DecodePointer

Sections

.text
Size: 184KB - Virtual size: 184KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 38KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 124KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 232B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 35KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.10.05_Kaspersky_mosaicregressor/33b480094df24e4c991ba9db84160ec84de2a2b597ae691bc95f74ba36b3e63f
.doc windows office2003
Malware-Feed-master/2020.10.05_Kaspersky_mosaicregressor/4b03409184b3206f7e3a43ff9f7713722c9acd871dd961d918f66e65d92f43f9
.dll windows:5 windows x86 arch:x86

51e04b849a1478ed98b9a7454ff92d53

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetTickCount
GetVersionExA
CreateThread
CloseHandle
CreateFileA
ExitProcess
GetLocalTime
GetLastError
CreateMutexA
LeaveCriticalSection
EnterCriticalSection
SystemTimeToFileTime
MultiByteToWideChar
WriteFile
lstrcatA
lstrcpyA
FileTimeToSystemTime
GetModuleFileNameA
LoadLibraryA
GetProcAddress
DeleteCriticalSection
SetLastError
Sleep
FreeLibrary
DeleteFileA
FindFirstFileA
FindClose
DisableThreadLibraryCalls
GetComputerNameA
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
QueryPerformanceCounter
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
InterlockedCompareExchange
InterlockedExchange
ExpandEnvironmentStringsA
GetModuleHandleA
FormatMessageA
GetSystemDirectoryA
WaitForSingleObject
SleepEx
InitializeCriticalSection

user32

GetSystemMetrics

advapi32

CryptReleaseContext
CryptAcquireContextA
CryptCreateHash
CryptHashData
CryptDestroyHash
CryptGetHashParam
GetUserNameA
RegQueryInfoKeyA
RegEnumKeyA
RegDeleteValueA
RegOpenKeyExA
RegQueryValueExA
RegSetValueExA
RegCloseKey
CryptGenRandom

shell32

SHGetSpecialFolderPathA

ws2_32

inet_addr
getservbyname
htonl
inet_ntoa
socket
closesocket
htons
bind
WSAIoctl
connect
gethostbyname
ntohs
getpeername
getsockname
recv
send
select
WSAGetLastError
__WSAFDIsSet
WSASetLastError
WSAStartup
WSACleanup
gethostbyaddr
getservbyport
getsockopt
ioctlsocket
setsockopt

msvcr90

_stricmp
_strdup
_strnicmp
fopen
fclose
sprintf
memset
printf
calloc
realloc
free
malloc
strlen
fread
_iob
memcpy
strchr
strrchr
strcpy
_errno
memcmp
fseek
strncmp
strstr
strncpy
tolower
sscanf
strcmp
strtoul
memmove
strpbrk
strtol
_pctype
__mb_cur_max
_isctype
fgets
qsort
fputs
fputc
_beginthreadex
strcat
strerror
_sys_nerr
fflush
_ftol
memchr
getenv
_encode_pointer
_malloc_crt
_encoded_null
_decode_pointer
_initterm
_initterm_e
_amsg_exit
_adjust_fdiv
__CppXcptFilter
_stat32i64
_time32
_gmtime32
_crt_debugger_hook
__clean_type_info_names_internal
_unlock
__dllonexit
_lock
_onexit
_except_handler4_common
fwrite

netapi32

NetApiBufferFree
NetUserGetInfo

Exports

Exports

DeleteOfficeData
GetOfficeData
GetTemplate

Sections

.text
Size: 130KB - Virtual size: 129KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 25KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 688B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.10.05_Kaspersky_mosaicregressor/4d7f654cf507af2cc4ecfa6e49ea61d3e8b474a2c454ac0cfc06c124ccd90be2
.docx office2007
Malware-Feed-master/2020.10.05_Kaspersky_mosaicregressor/64eabfc0612ac82eb80b8e955549b6a01899b712a99243d116e087828ca9e070
.exe windows:6 windows x86 arch:x86

615149c46a91dbd3255ebbda31bf2b3a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrcpyA
lstrcatA
lstrlenA
GetComputerNameA
FileTimeToSystemTime
SystemTimeToFileTime
CreateToolhelp32Snapshot
Process32First
Process32Next
K32GetModuleFileNameExA
CreateFileW
DeleteFileW
GetFileSize
GetTempFileNameW
ReadFile
GlobalMemoryStatus
VirtualAlloc
VirtualFree
MoveFileExW
DeleteFileA
Sleep
CreateThread
CreateProcessA
GetModuleFileNameA
MultiByteToWideChar
LCMapStringEx
HeapSize
GetModuleHandleA
GetProcAddress
GetVersionExA
GetSystemDirectoryA
GetTickCount
GetSystemInfo
GetLocalTime
OpenProcess
GetLastError
CloseHandle
WriteFile
GetLogicalDrives
GetDriveTypeA
GetDiskFreeSpaceExA
FindNextFileA
FindFirstFileA
GetTempPathW
CreateFileA
WriteConsoleW
SetStdHandle
GetStringTypeW
HeapReAlloc
FlushFileBuffers
LoadLibraryW
OutputDebugStringW
LoadLibraryExW
SetFilePointerEx
GetConsoleMode
GetConsoleCP
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
GetFileAttributesExW
RtlUnwind
GetCommandLineA
HeapFree
IsDebuggerPresent
EncodePointer
DecodePointer
IsProcessorFeaturePresent
EnterCriticalSection
LeaveCriticalSection
HeapAlloc
RaiseException
SetLastError
InterlockedIncrement
InterlockedDecrement
GetCurrentThreadId
ExitProcess
GetModuleHandleExW
GetStdHandle
GetModuleFileNameW
GetProcessHeap
GetFileType
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
InitOnceExecuteOnce
GetStartupInfoW
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetTickCount64
GetEnvironmentStringsW
FreeEnvironmentStringsW
WideCharToMultiByte
UnhandledExceptionFilter
SetUnhandledExceptionFilter
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
GetCurrentProcess
TerminateProcess
GetModuleHandleW

user32

wsprintfW
DispatchMessageA
TranslateAcceleratorA
GetDC
TranslateMessage
GetMessageA
GetSystemMetrics

gdi32

GetDeviceCaps

advapi32

RegCreateKeyA
RegQueryValueExA
RegQueryInfoKeyA
RegOpenKeyExA
RegOpenKeyA
RegEnumKeyA
RegCloseKey
GetUserNameA
RegSetValueExA

shell32

SHGetSpecialFolderPathA

winhttp

WinHttpReadData
WinHttpWriteData
WinHttpCloseHandle
WinHttpOpen
WinHttpQueryDataAvailable
WinHttpQueryOption
WinHttpOpenRequest
WinHttpAddRequestHeaders
WinHttpSendRequest
WinHttpReceiveResponse
WinHttpQueryHeaders
WinHttpCrackUrl
WinHttpConnect
WinHttpSetOption

shlwapi

SHRegGetValueW

Sections

.text
Size: 62KB - Virtual size: 62KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.10.05_Kaspersky_mosaicregressor/7e2b1bbffa7f05e7bf57ee60d162ef1e6f83b2e3fb5aa0da985add67af517901
.dll windows:5 windows x64 arch:x64

fdeb75991597a3d961f6c2402d18e1b3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

WriteFile
GetTickCount
FreeLibrary
GetProcAddress
LoadLibraryA
CopyFileA
CreateThread
MultiByteToWideChar
Sleep
CreateDirectoryA
FindFirstFileA
FindClose
DeleteFileA
GetComputerNameA
CloseHandle
CreateFileA
HeapSize
FlushFileBuffers
GetLocaleInfoA
GetCurrentThreadId
FlsSetValue
GetCommandLineA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
RtlUnwindEx
EnterCriticalSection
LeaveCriticalSection
EncodePointer
DecodePointer
FlsGetValue
FlsFree
SetLastError
GetLastError
FlsAlloc
HeapFree
GetModuleHandleW
ExitProcess
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapSetInformation
HeapCreate
HeapDestroy
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
SetFilePointer
GetConsoleCP
GetConsoleMode
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
HeapAlloc
HeapReAlloc
InitializeCriticalSectionAndSpinCount
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW

shell32

SHGetSpecialFolderPathA

ole32

CoTaskMemFree
CoUninitialize
CoInitializeEx
CoCreateInstance

Exports

Exports

RetrievePKCS7FromCA

Sections

.text
Size: 35KB - Virtual size: 35KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 618B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.10.05_Kaspersky_mosaicregressor/7eba9f6f9774c87fafc4aba403821fae73a50d387624d039d1b296cf0befca73
.exe windows:5 windows x86 arch:x86

370fecafa55e08524148f5d4618fc4e6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrcpyA
lstrcatA
lstrlenA
FindClose
DeleteFileA
FreeLibrary
GetProcAddress
LoadLibraryA
GetModuleFileNameA
CreateThread
CloseHandle
WriteFile
ExitProcess
GetLastError
CreateMutexA
CreateFileW
HeapSize
WriteConsoleW
SetStdHandle
GetVersionExA
FindFirstFileA
GetTickCount
GetLocalTime
SystemTimeToFileTime
FileTimeToSystemTime
MultiByteToWideChar
Sleep
CreateFileA
GetComputerNameA
GetStringTypeW
LCMapStringW
FlushFileBuffers
HeapReAlloc
HeapAlloc
LoadLibraryW
GetConsoleMode
GetCommandLineA
HeapSetInformation
GetStartupInfoW
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
EnterCriticalSection
LeaveCriticalSection
DecodePointer
EncodePointer
IsProcessorFeaturePresent
GetModuleHandleW
GetStdHandle
GetModuleFileNameW
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
SetHandleCount
InitializeCriticalSectionAndSpinCount
GetFileType
DeleteCriticalSection
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
HeapCreate
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
HeapFree
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
RtlUnwind
SetFilePointer
GetConsoleCP

user32

TranslateAcceleratorA
DispatchMessageA
GetSystemMetrics
TranslateMessage
SetTimer
GetMessageA

advapi32

RegSetValueExA
RegOpenKeyA
RegQueryInfoKeyA
RegEnumKeyA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
GetUserNameA
RegCreateKeyA

shell32

SHGetSpecialFolderPathA

ole32

CoUninitialize
CoCreateInstance
CoInitializeEx
CoTaskMemFree

netapi32

NetUserGetInfo
NetApiBufferFree

Sections

.text
Size: 35KB - Virtual size: 35KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.10.05_Kaspersky_mosaicregressor/8f939e65e9ffedd16ae86687e154adbe607d56950d082778300039283f2f8330
.exe windows:5 windows x86 arch:x86

027ea80e8125c6dda271246922d4c3b0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\Projects\WinRAR\sfx\build\sfxrar32\Release\sfxrar.pdb

Imports

kernel32

GetLastError
SetLastError
GetCurrentProcess
DeviceIoControl
SetFileTime
CloseHandle
CreateDirectoryW
RemoveDirectoryW
CreateFileW
DeleteFileW
CreateHardLinkW
GetShortPathNameW
GetLongPathNameW
MoveFileW
GetFileType
GetStdHandle
WriteFile
ReadFile
FlushFileBuffers
SetEndOfFile
SetFilePointer
SetFileAttributesW
GetFileAttributesW
FindClose
FindFirstFileW
FindNextFileW
GetVersionExW
GetCurrentDirectoryW
GetFullPathNameW
FoldStringW
GetModuleFileNameW
GetModuleHandleW
FindResourceW
FreeLibrary
GetProcAddress
GetCurrentProcessId
ExitProcess
SetThreadExecutionState
Sleep
LoadLibraryW
GetSystemDirectoryW
CompareStringW
AllocConsole
FreeConsole
AttachConsole
WriteConsoleW
GetProcessAffinityMask
CreateThread
SetThreadPriority
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
SetEvent
ResetEvent
ReleaseSemaphore
WaitForSingleObject
CreateEventW
CreateSemaphoreW
GetSystemTime
SystemTimeToTzSpecificLocalTime
TzSpecificLocalTimeToSystemTime
SystemTimeToFileTime
FileTimeToLocalFileTime
LocalFileTimeToFileTime
FileTimeToSystemTime
GetCPInfo
IsDBCSLeadByte
MultiByteToWideChar
WideCharToMultiByte
GlobalAlloc
GetTickCount
SetCurrentDirectoryW
GetExitCodeProcess
GetLocalTime
MapViewOfFile
UnmapViewOfFile
CreateFileMappingW
OpenFileMappingW
GetCommandLineW
SetEnvironmentVariableW
ExpandEnvironmentStringsW
GetTempPathW
MoveFileExW
GetLocaleInfoW
GetTimeFormatW
GetDateFormatW
GetNumberFormatW
RaiseException
GetSystemInfo
VirtualProtect
VirtualQuery
LoadLibraryExA
IsProcessorFeaturePresent
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
QueryPerformanceCounter
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
TerminateProcess
RtlUnwind
EncodePointer
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
QueryPerformanceFrequency
GetModuleHandleExW
GetModuleFileNameA
GetACP
HeapFree
HeapAlloc
HeapReAlloc
GetStringTypeW
LCMapStringW
FindFirstFileExA
FindNextFileA
IsValidCodePage
GetOEMCP
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetProcessHeap
SetStdHandle
HeapSize
GetConsoleCP
GetConsoleMode
SetFilePointerEx
DecodePointer

Sections

.text
Size: 184KB - Virtual size: 183KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 38KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 126KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 240B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 35KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.10.05_Kaspersky_mosaicregressor/980d2f2d658324bb85ae044de91feb23a276e4ad04850588531e2f916a1696a2
.exe windows:5 windows x86 arch:x86

027ea80e8125c6dda271246922d4c3b0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\Projects\WinRAR\sfx\build\sfxrar32\Release\sfxrar.pdb

Imports

kernel32

GetLastError
SetLastError
GetCurrentProcess
DeviceIoControl
SetFileTime
CloseHandle
CreateDirectoryW
RemoveDirectoryW
CreateFileW
DeleteFileW
CreateHardLinkW
GetShortPathNameW
GetLongPathNameW
MoveFileW
GetFileType
GetStdHandle
WriteFile
ReadFile
FlushFileBuffers
SetEndOfFile
SetFilePointer
SetFileAttributesW
GetFileAttributesW
FindClose
FindFirstFileW
FindNextFileW
GetVersionExW
GetCurrentDirectoryW
GetFullPathNameW
FoldStringW
GetModuleFileNameW
GetModuleHandleW
FindResourceW
FreeLibrary
GetProcAddress
GetCurrentProcessId
ExitProcess
SetThreadExecutionState
Sleep
LoadLibraryW
GetSystemDirectoryW
CompareStringW
AllocConsole
FreeConsole
AttachConsole
WriteConsoleW
GetProcessAffinityMask
CreateThread
SetThreadPriority
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
SetEvent
ResetEvent
ReleaseSemaphore
WaitForSingleObject
CreateEventW
CreateSemaphoreW
GetSystemTime
SystemTimeToTzSpecificLocalTime
TzSpecificLocalTimeToSystemTime
SystemTimeToFileTime
FileTimeToLocalFileTime
LocalFileTimeToFileTime
FileTimeToSystemTime
GetCPInfo
IsDBCSLeadByte
MultiByteToWideChar
WideCharToMultiByte
GlobalAlloc
GetTickCount
SetCurrentDirectoryW
GetExitCodeProcess
GetLocalTime
MapViewOfFile
UnmapViewOfFile
CreateFileMappingW
OpenFileMappingW
GetCommandLineW
SetEnvironmentVariableW
ExpandEnvironmentStringsW
GetTempPathW
MoveFileExW
GetLocaleInfoW
GetTimeFormatW
GetDateFormatW
GetNumberFormatW
RaiseException
GetSystemInfo
VirtualProtect
VirtualQuery
LoadLibraryExA
IsProcessorFeaturePresent
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
QueryPerformanceCounter
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
TerminateProcess
RtlUnwind
EncodePointer
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
QueryPerformanceFrequency
GetModuleHandleExW
GetModuleFileNameA
GetACP
HeapFree
HeapAlloc
HeapReAlloc
GetStringTypeW
LCMapStringW
FindFirstFileExA
FindNextFileA
IsValidCodePage
GetOEMCP
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetProcessHeap
SetStdHandle
HeapSize
GetConsoleCP
GetConsoleMode
SetFilePointerEx
DecodePointer

Sections

.text
Size: 184KB - Virtual size: 183KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 38KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 126KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 240B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 35KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.10.05_Kaspersky_mosaicregressor/README.md
Malware-Feed-master/2020.10.05_Kaspersky_mosaicregressor/a37ed89053e6a686ea227c25db5b472654e49def03b1eb69b613e5b831822996
.doc windows office2003
Malware-Feed-master/2020.10.05_Kaspersky_mosaicregressor/aa9627a62eb193cc40f2a5ffd259035a43540b2abd634c80f0d988f7588fa23d
.exe windows:5 windows x86 arch:x86

46d1ff96b7b0855668207d620d3cb517

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrcpyA
lstrcatA
lstrlenA
FindClose
DeleteFileA
FreeLibrary
GetProcAddress
LoadLibraryA
GetModuleFileNameA
CreateThread
CloseHandle
WriteFile
ExitProcess
GetLastError
CreateMutexA
HeapSize
WriteConsoleW
GetConsoleOutputCP
GetVersionExA
FindFirstFileA
GetTickCount
GetLocalTime
SystemTimeToFileTime
FileTimeToSystemTime
MultiByteToWideChar
Sleep
CreateFileA
GetComputerNameA
WriteConsoleA
SetStdHandle
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
GetCommandLineA
GetStartupInfoA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
EnterCriticalSection
LeaveCriticalSection
GetModuleHandleW
GetStdHandle
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
SetHandleCount
GetFileType
DeleteCriticalSection
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
HeapCreate
VirtualFree
HeapFree
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
RtlUnwind
SetFilePointer
GetConsoleCP
GetConsoleMode
InitializeCriticalSectionAndSpinCount
HeapAlloc
VirtualAlloc
HeapReAlloc
FlushFileBuffers
LCMapStringA
LCMapStringW

user32

DispatchMessageA
TranslateAcceleratorA
GetSystemMetrics
TranslateMessage
SetTimer
GetMessageA

advapi32

RegSetValueExA
RegOpenKeyA
RegQueryInfoKeyA
RegEnumKeyA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
GetUserNameA

shell32

SHGetSpecialFolderPathA

ole32

CoUninitialize
CoCreateInstance
CoInitializeEx
CoTaskMemFree

netapi32

NetUserGetInfo
NetApiBufferFree

Sections

.text
Size: 45KB - Virtual size: 44KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.10.05_Kaspersky_mosaicregressor/adb8bfa6e227847c2ffa6e1c97d08280081426480ed9b2ce6af26a23fbd1334c
.exe windows:6 windows x86 arch:x86

615149c46a91dbd3255ebbda31bf2b3a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrcpyA
lstrcatA
lstrlenA
GetComputerNameA
FileTimeToSystemTime
SystemTimeToFileTime
CreateToolhelp32Snapshot
Process32First
Process32Next
K32GetModuleFileNameExA
CreateFileW
DeleteFileW
GetFileSize
GetTempFileNameW
ReadFile
GlobalMemoryStatus
VirtualAlloc
VirtualFree
MoveFileExW
DeleteFileA
Sleep
CreateThread
CreateProcessA
GetModuleFileNameA
MultiByteToWideChar
LCMapStringEx
HeapSize
GetModuleHandleA
GetProcAddress
GetVersionExA
GetSystemDirectoryA
GetTickCount
GetSystemInfo
GetLocalTime
OpenProcess
GetLastError
CloseHandle
WriteFile
GetLogicalDrives
GetDriveTypeA
GetDiskFreeSpaceExA
FindNextFileA
FindFirstFileA
GetTempPathW
CreateFileA
WriteConsoleW
SetStdHandle
GetStringTypeW
HeapReAlloc
FlushFileBuffers
LoadLibraryW
OutputDebugStringW
LoadLibraryExW
SetFilePointerEx
GetConsoleMode
GetConsoleCP
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
GetFileAttributesExW
RtlUnwind
GetCommandLineA
HeapFree
IsDebuggerPresent
EncodePointer
DecodePointer
IsProcessorFeaturePresent
EnterCriticalSection
LeaveCriticalSection
HeapAlloc
RaiseException
SetLastError
InterlockedIncrement
InterlockedDecrement
GetCurrentThreadId
ExitProcess
GetModuleHandleExW
GetStdHandle
GetModuleFileNameW
GetProcessHeap
GetFileType
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
InitOnceExecuteOnce
GetStartupInfoW
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetTickCount64
GetEnvironmentStringsW
FreeEnvironmentStringsW
WideCharToMultiByte
UnhandledExceptionFilter
SetUnhandledExceptionFilter
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
GetCurrentProcess
TerminateProcess
GetModuleHandleW

user32

wsprintfW
DispatchMessageA
TranslateAcceleratorA
GetDC
TranslateMessage
GetMessageA
GetSystemMetrics

gdi32

GetDeviceCaps

advapi32

RegCreateKeyA
RegQueryValueExA
RegQueryInfoKeyA
RegOpenKeyExA
RegOpenKeyA
RegEnumKeyA
RegCloseKey
GetUserNameA
RegSetValueExA

shell32

SHGetSpecialFolderPathA

winhttp

WinHttpReadData
WinHttpWriteData
WinHttpCloseHandle
WinHttpOpen
WinHttpQueryDataAvailable
WinHttpQueryOption
WinHttpOpenRequest
WinHttpAddRequestHeaders
WinHttpSendRequest
WinHttpReceiveResponse
WinHttpQueryHeaders
WinHttpCrackUrl
WinHttpConnect
WinHttpSetOption

shlwapi

SHRegGetValueW

Sections

.text
Size: 62KB - Virtual size: 62KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.10.05_Kaspersky_mosaicregressor/b47f8eda04def2df3d2c58199af5fdded338d08bee8fb3636f441a46bb3ff119
.dll windows:5 windows x86 arch:x86

7e3fb3f41ed09865024dab3dd5751791

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

FindClose
FindFirstFileA
WaitForSingleObject
CreateProcessA
Sleep
GetCurrentThreadId
GetCommandLineA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetModuleHandleW
GetProcAddress
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetLastError
InterlockedDecrement
HeapFree
ExitProcess
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapCreate
HeapDestroy
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
LeaveCriticalSection
EnterCriticalSection
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
HeapAlloc
VirtualAlloc
HeapReAlloc
WriteFile
LoadLibraryA
InitializeCriticalSectionAndSpinCount
RtlUnwind
GetLocaleInfoA
GetStringTypeA
MultiByteToWideChar
GetStringTypeW
LCMapStringA
LCMapStringW
HeapSize

shell32

SHGetSpecialFolderPathA

Exports

Exports

Load

Sections

.text
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.10.05_Kaspersky_mosaicregressor/b73df2299f1b61629d40e1896efdf170a6c6b44e3fd3f833fad081fcf08a3cbd
.dll windows:0 windows x64 arch:x64

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Sections

.text
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 64B - Virtual size: 60B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.xdata
Size: 64B - Virtual size: 60B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.10.05_Kaspersky_mosaicregressor/b8425a5c05c01c1294ce75719049e1b4eab32c34cabe456c281f110976cf2ade
.exe windows:4 windows x86 arch:x86

34c16729047661ae1efab24fad8edf84

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CloseHandle
TerminateThread
MoveFileExA
CreateThread
GetSystemInfo
GetModuleHandleA
GetTempPathA
GetComputerNameA
GetProcAddress
LoadLibraryA
FreeLibrary
DeleteFileA
GetTempFileNameA
GetStartupInfoA
ExpandEnvironmentStringsA
FormatMessageA
GetSystemDirectoryA
WaitForSingleObject
SleepEx
GetTickCount
GetVersionExA
InitializeCriticalSection
SetLastError
GetLastError
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
Sleep

user32

DispatchMessageA
TranslateMessage
TranslateAcceleratorA
GetMessageA
LoadAcceleratorsA
LoadStringA
RegisterClassExA
LoadCursorA
LoadIconA
UpdateWindow
ShowWindow
CreateWindowExA
PostQuitMessage
EndPaint
DrawTextA
GetClientRect
BeginPaint
DialogBoxParamA
DestroyWindow
DefWindowProcA
EndDialog

shell32

SHGetSpecialFolderPathA

msvcrt

fclose
fwrite
fopen
_access
calloc
realloc
free
malloc
fread
_iob
_stati64
strchr
strrchr
_errno
fseek
strncmp
strstr
strncpy
time
tolower
sscanf
strtoul
memmove
strpbrk
strtol
_pctype
__mb_cur_max
_isctype
fgets
qsort
fputs
sprintf
fputc
_beginthreadex
strerror
_sys_nerr
fflush
_ftol
memchr
getenv
gmtime
_strdup
_stricmp
_strnicmp
_controlfp
_exit
_XcptFilter
exit
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3

ws2_32

ioctlsocket
getservbyport
gethostbyaddr
getservbyname
inet_addr
gethostbyname
htonl
inet_ntoa
socket
closesocket
htons
bind
WSAIoctl
connect
setsockopt
getsockopt
ntohs
getpeername
getsockname
recv
send
select
WSAGetLastError
__WSAFDIsSet
WSASetLastError
WSACleanup
WSAStartup

wldap32

ord22
ord211
ord143
ord60
ord50
ord46
ord41
ord27
ord301
ord33
ord79
ord35
ord32
ord200
ord30
ord26

advapi32

CryptGenRandom
CryptAcquireContextA
CryptCreateHash
CryptHashData
CryptDestroyHash
CryptGetHashParam
CryptReleaseContext

Sections

.text
Size: 160KB - Virtual size: 156KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 744B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.10.05_Kaspersky_mosaicregressor/c093c3e366ef0d4bd759a467842868cb1dd974c17e5230499707ec5bee5af304
.dll .vbs windows:5 windows x86 arch:x86 polyglot

4d6485fd4f71e1fc33ff375eaf34dff9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

DeleteFileA
CloseHandle
GetTempPathA
CreateFileA
MoveFileExA
CreateDirectoryA
FindFirstFileA
WriteFile
FindClose
GetCurrentThreadId
GetCommandLineA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetModuleHandleW
GetProcAddress
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetLastError
InterlockedDecrement
HeapFree
Sleep
ExitProcess
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapCreate
HeapDestroy
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
LeaveCriticalSection
EnterCriticalSection
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
HeapAlloc
VirtualAlloc
HeapReAlloc
LoadLibraryA
InitializeCriticalSectionAndSpinCount
RtlUnwind
GetLocaleInfoA
GetStringTypeA
MultiByteToWideChar
GetStringTypeW
LCMapStringA
LCMapStringW
HeapSize

advapi32

RegQueryValueExA
RegSetValueExA
RegCloseKey
RegCreateKeyA

shell32

SHGetSpecialFolderPathA

Exports

Exports

CallA
CallB
CallC

Sections

.text
Size: 29KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.10.05_Kaspersky_mosaicregressor/c2695ef5f3a400219caa2347f5b914c15d74a133efa24d96d121acfa7f95a67e
.exe windows:6 windows x86 arch:x86

615149c46a91dbd3255ebbda31bf2b3a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrcpyA
lstrcatA
lstrlenA
GetComputerNameA
FileTimeToSystemTime
SystemTimeToFileTime
CreateToolhelp32Snapshot
Process32First
Process32Next
K32GetModuleFileNameExA
CreateFileW
DeleteFileW
GetFileSize
GetTempFileNameW
ReadFile
GlobalMemoryStatus
VirtualAlloc
VirtualFree
MoveFileExW
DeleteFileA
Sleep
CreateThread
CreateProcessA
GetModuleFileNameA
MultiByteToWideChar
LCMapStringEx
HeapSize
GetModuleHandleA
GetProcAddress
GetVersionExA
GetSystemDirectoryA
GetTickCount
GetSystemInfo
GetLocalTime
OpenProcess
GetLastError
CloseHandle
WriteFile
GetLogicalDrives
GetDriveTypeA
GetDiskFreeSpaceExA
FindNextFileA
FindFirstFileA
GetTempPathW
CreateFileA
WriteConsoleW
SetStdHandle
GetStringTypeW
HeapReAlloc
FlushFileBuffers
LoadLibraryW
OutputDebugStringW
LoadLibraryExW
SetFilePointerEx
GetConsoleMode
GetConsoleCP
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
GetFileAttributesExW
RtlUnwind
GetCommandLineA
HeapFree
IsDebuggerPresent
EncodePointer
DecodePointer
IsProcessorFeaturePresent
EnterCriticalSection
LeaveCriticalSection
HeapAlloc
RaiseException
SetLastError
InterlockedIncrement
InterlockedDecrement
GetCurrentThreadId
ExitProcess
GetModuleHandleExW
GetStdHandle
GetModuleFileNameW
GetProcessHeap
GetFileType
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
InitOnceExecuteOnce
GetStartupInfoW
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetTickCount64
GetEnvironmentStringsW
FreeEnvironmentStringsW
WideCharToMultiByte
UnhandledExceptionFilter
SetUnhandledExceptionFilter
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
GetCurrentProcess
TerminateProcess
GetModuleHandleW

user32

wsprintfW
DispatchMessageA
TranslateAcceleratorA
GetDC
TranslateMessage
GetMessageA
GetSystemMetrics

gdi32

GetDeviceCaps

advapi32

RegCreateKeyA
RegQueryValueExA
RegQueryInfoKeyA
RegOpenKeyExA
RegOpenKeyA
RegEnumKeyA
RegCloseKey
GetUserNameA
RegSetValueExA

shell32

SHGetSpecialFolderPathA

winhttp

WinHttpReadData
WinHttpWriteData
WinHttpCloseHandle
WinHttpOpen
WinHttpQueryDataAvailable
WinHttpQueryOption
WinHttpOpenRequest
WinHttpAddRequestHeaders
WinHttpSendRequest
WinHttpReceiveResponse
WinHttpQueryHeaders
WinHttpCrackUrl
WinHttpConnect
WinHttpSetOption

shlwapi

SHRegGetValueW

Sections

.text
Size: 62KB - Virtual size: 62KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.10.05_Kaspersky_mosaicregressor/c7c3e039700bc6072f84ff99ecb22557e460dcd2214539938a6a0ef73b9caa88
.dll windows:0 windows x64 arch:x64

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 32B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.xdata
Size: 32B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.10.05_Kaspersky_mosaicregressor/cdd2cb01c8afda2b2ce77cfa257dd6e0bdd4aecc9e7be5f4c55c34d424376ed9
.exe windows:5 windows x86 arch:x86

3c98c11017e670673be70ad841ea9c37

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\Projects\WinRAR\SFX\build\sfxrar32\Release\sfxrar.pdb

Imports

comctl32

InitCommonControlsEx

shlwapi

SHAutoComplete

kernel32

DeleteFileW
DeleteFileA
CreateDirectoryA
CreateDirectoryW
FindClose
FindNextFileA
FindFirstFileA
FindNextFileW
FindFirstFileW
GetVersionExW
GetFullPathNameA
GetFullPathNameW
MultiByteToWideChar
GetModuleFileNameW
FindResourceW
GetModuleHandleW
HeapAlloc
GetProcessHeap
HeapFree
HeapReAlloc
CompareStringA
ExitProcess
GetTickCount
FreeLibrary
GetProcAddress
LoadLibraryW
GetCurrentProcessId
SetFileAttributesW
GetNumberFormatW
DosDateTimeToFileTime
GetDateFormatW
GetTimeFormatW
FileTimeToSystemTime
FileTimeToLocalFileTime
ExpandEnvironmentStringsW
WaitForSingleObject
Sleep
GetExitCodeProcess
GetTempPathW
MoveFileExW
UnmapViewOfFile
MapViewOfFile
GetCommandLineW
CreateFileMappingW
SetEnvironmentVariableW
OpenFileMappingW
LocalFileTimeToFileTime
SystemTimeToFileTime
GetSystemTime
WideCharToMultiByte
CompareStringW
IsDBCSLeadByte
GetCPInfo
GlobalAlloc
SetCurrentDirectoryW
SetFileAttributesA
GetFileAttributesW
GetFileAttributesA
WriteFile
GetStdHandle
ReadFile
GetCurrentDirectoryW
CreateFileW
CreateFileA
GetFileType
SetEndOfFile
SetFilePointer
FlushFileBuffers
MoveFileW
SetFileTime
GetCurrentProcess
CloseHandle
SetLastError
GetLastError
GetLocaleInfoW

user32

GetClassNameW
DialogBoxParamW
IsWindowVisible
WaitForInputIdle
SetForegroundWindow
GetSysColor
PostMessageW
LoadBitmapW
LoadIconW
CharToOemA
OemToCharA
IsWindow
CopyRect
DestroyWindow
DefWindowProcW
RegisterClassExW
LoadCursorW
UpdateWindow
CreateWindowExW
MapWindowPoints
GetParent
GetDlgItemTextW
TranslateMessage
DispatchMessageW
wvsprintfW
wvsprintfA
CharUpperA
CharToOemBuffA
LoadStringW
GetWindowRect
GetClientRect
SetWindowPos
GetWindowTextW
SetWindowTextW
GetSystemMetrics
GetWindow
GetWindowLongW
CharUpperW
CharToOemBuffW
MessageBoxW
ShowWindow
GetDlgItem
EnableWindow
OemToCharBuffA
SendDlgItemMessageW
DestroyIcon
EndDialog
SetFocus
SetDlgItemTextW
SendMessageW
GetDC
ReleaseDC
PeekMessageW
FindWindowExW
GetMessageW
SetWindowLongW

gdi32

GetDeviceCaps
GetObjectW
CreateCompatibleBitmap
SelectObject
StretchBlt
CreateCompatibleDC
DeleteObject
DeleteDC

comdlg32

GetOpenFileNameW
CommDlgExtendedError
GetSaveFileNameW

advapi32

RegOpenKeyExW
LookupPrivilegeValueW
RegQueryValueExW
RegCreateKeyExW
RegSetValueExW
RegCloseKey
SetFileSecurityW
SetFileSecurityA
OpenProcessToken
AdjustTokenPrivileges

shell32

SHChangeNotify
ShellExecuteExW
SHFileOperationW
SHGetFileInfoW
SHGetSpecialFolderLocation
SHGetMalloc
SHBrowseForFolderW
SHGetPathFromIDListW

ole32

CLSIDFromString
CreateStreamOnHGlobal
OleUninitialize
CoCreateInstance
OleInitialize

oleaut32

VariantInit

Sections

.text
Size: 73KB - Virtual size: 72KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 93KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 34KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.10.05_Kaspersky_mosaicregressor/dfcdcabd576d8717dcc570a2820947e385f0e10bdb2d9a332e7a5823ea51b3ac
.dll windows:0 windows x64 arch:x64

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Sections

.text
Size: 253KB - Virtual size: 253KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.xdata
Size: 928B - Virtual size: 908B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 384B - Virtual size: 380B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.10.05_Kaspersky_mosaicregressor/e1d1d5e1c91d0f4142247b45fb18c0c7dcc94719f4340cf6443100364802aeae
.exe windows:5 windows x86 arch:x86

1e0e3613d15569f75407a7d599e716b2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FindFirstFileA
GetWindowsDirectoryA
GetComputerNameA
Sleep
MultiByteToWideChar
GetTempPathA
FindClose
DeleteFileA
FreeLibrary
GetProcAddress
LoadLibraryA
CreateThread
GetLastError
CreateMutexA
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetStartupInfoA
InterlockedCompareExchange
InterlockedExchange
GetSystemTimeAsFileTime

user32

TranslateMessage
DispatchMessageA
TranslateAcceleratorA
GetMessageA

ole32

CoCreateInstance
CoInitializeEx
CoTaskMemFree
CoUninitialize

msvcr90

_encode_pointer
_controlfp_s
_invoke_watson
_except_handler4_common
_decode_pointer
_onexit
_lock
__dllonexit
_unlock
wcsstr
_amsg_exit
?terminate@@YAXXZ
_cexit
_exit
_XcptFilter
_ismbblead
exit
_acmdln
_initterm
_initterm_e
_configthreadlocale
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__getmainargs
__set_app_type
_crt_debugger_hook

Sections

.text
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 688B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.10.05_Kaspersky_mosaicregressor/e3d63dc50b6a477e0361e71f80e133337bab1d11e809387e8e3a058614780b21
.dll windows:4 windows x64 arch:x64

673684f215c7aa8d3fd15048b7646ad2

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

DeleteFileA
FreeLibrary
GetTempFileNameA
GetTempPathA
GetProcAddress
FindFirstFileA
CopyFileA
CreateThread
Sleep
MoveFileExA
FindClose
SetFilePointer
CreateFileA
GetFileSize
ReadFile
WriteFile
CreateMutexA
GetLastError
CloseHandle
LoadLibraryA
SetEndOfFile
SetEnvironmentVariableA
CompareStringW
CompareStringA
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetCurrentDirectoryA
GetFullPathNameA
SetStdHandle
FlushFileBuffers
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
HeapSize
LCMapStringW
LCMapStringA
GetOEMCP
GetACP
GetCPInfo
GetTimeZoneInformation
FlsAlloc
TlsSetValue
FlsFree
TlsFree
FlsGetValue
GetVersionExA
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
SetLastError
GetTickCount
SleepEx
GetSystemDirectoryA
WaitForSingleObject
FormatMessageA
PeekNamedPipe
WaitForMultipleObjects
GetFileType
GetStdHandle
ExpandEnvironmentStringsA
HeapFree
HeapAlloc
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlCaptureContext
RaiseException
RtlPcToFileHeader
RtlLookupFunctionEntry
RtlUnwindEx
GetSystemTimeAsFileTime
GetCurrentThreadId
FlsSetValue
GetCommandLineA
GetProcessHeap
HeapReAlloc
ExitThread
GetCurrentProcessId
FileTimeToSystemTime
FileTimeToLocalFileTime
GetFileInformationByHandle
GetDriveTypeA
RtlVirtualUnwind
HeapSetInformation
HeapCreate
HeapDestroy
GetModuleHandleA
ExitProcess
GetModuleFileNameA
WideCharToMultiByte
GetConsoleCP
GetConsoleMode
MultiByteToWideChar
SetHandleCount
GetStartupInfoA
DisableThreadLibraryCalls

shell32

SHGetSpecialFolderPathA

ws2_32

ioctlsocket
listen
accept
recvfrom
sendto
getservbyport
gethostbyaddr
gethostname
htonl
inet_ntoa
gethostbyname
inet_addr
connect
socket
closesocket
getpeername
getsockopt
htons
bind
ntohs
getsockname
setsockopt
WSAIoctl
send
recv
select
WSAGetLastError
__WSAFDIsSet
WSASetLastError
WSAStartup
WSACleanup
ntohl
getservbyname

wldap32

ord143
ord60
ord50
ord26
ord30
ord200
ord211
ord35
ord79
ord33
ord301
ord27
ord41
ord46
ord22
ord32

advapi32

CryptGenRandom
CryptAcquireContextA
CryptCreateHash
CryptHashData
CryptDestroyHash
CryptGetHashParam
CryptDestroyKey
CryptEncrypt
CryptImportKey
CryptReleaseContext

Exports

Exports

Config
Process

Sections

.text
Size: 400KB - Virtual size: 400KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 103KB - Virtual size: 103KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.10.05_Kaspersky_mosaicregressor/fc189b913bfd5995a7ed5c4e8a811ad237f7b973e120a25baccffbf4ea1d3838
.exe windows:5 windows x86 arch:x86

46d1ff96b7b0855668207d620d3cb517

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrcpyA
lstrcatA
lstrlenA
FindClose
DeleteFileA
FreeLibrary
GetProcAddress
LoadLibraryA
GetModuleFileNameA
CreateThread
CloseHandle
WriteFile
ExitProcess
GetLastError
CreateMutexA
HeapSize
WriteConsoleW
GetConsoleOutputCP
GetVersionExA
FindFirstFileA
GetTickCount
GetLocalTime
SystemTimeToFileTime
FileTimeToSystemTime
MultiByteToWideChar
Sleep
CreateFileA
GetComputerNameA
WriteConsoleA
SetStdHandle
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
GetCommandLineA
GetStartupInfoA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
EnterCriticalSection
LeaveCriticalSection
GetModuleHandleW
GetStdHandle
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
SetHandleCount
GetFileType
DeleteCriticalSection
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
HeapCreate
VirtualFree
HeapFree
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
RtlUnwind
SetFilePointer
GetConsoleCP
GetConsoleMode
InitializeCriticalSectionAndSpinCount
HeapAlloc
VirtualAlloc
HeapReAlloc
FlushFileBuffers
LCMapStringA
LCMapStringW

user32

DispatchMessageA
TranslateAcceleratorA
GetSystemMetrics
TranslateMessage
SetTimer
GetMessageA

advapi32

RegSetValueExA
RegOpenKeyA
RegQueryInfoKeyA
RegEnumKeyA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
GetUserNameA

shell32

SHGetSpecialFolderPathA

ole32

CoUninitialize
CoCreateInstance
CoInitializeEx
CoTaskMemFree

netapi32

NetUserGetInfo
NetApiBufferFree

Sections

.text
Size: 45KB - Virtual size: 44KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.10.15_Clearsky-Operation_Quicksand_MuddyWater?s_Offensive_Attack_Against_Israeli/01515b6567e226ac1e9727ee5c25db0ed78652dd50abb0cfda33abc82134f97c
.gz
Malware-Feed-master/2020.10.15_Clearsky-Operation_Quicksand_MuddyWater?s_Offensive_Attack_Against_Israeli/19ec3f16a42ae58ab6feddc66d7eeecf91d7c61a0ac9cdc231da479088486169
.exe windows:5 windows x64 arch:x64

9d7285465b02ea32e9b68a7ea325aea3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

secur32

AcquireCredentialsHandleA
FreeContextBuffer
DeleteSecurityContext
CompleteAuthToken
InitializeSecurityContextA
FreeCredentialsHandle
QuerySecurityPackageInfoA

kernel32

GetLastError
PostQueuedCompletionStatus
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
ReleaseMutex
WaitForSingleObject
CloseHandle
TlsAlloc
TlsGetValue
TlsFree
CreateMutexW
VerSetConditionMask
GetCurrentProcess
TerminateProcess
TerminateThread
SetLastError
CreateIoCompletionPort
GetQueuedCompletionStatus
QueueUserAPC
SetEvent
WaitForMultipleObjects
Sleep
WriteFile
ReadFile
DuplicateHandle
TlsSetValue
SleepEx
CreateEventW
CreateWaitableTimerA
SetWaitableTimer
CreateProcessA
CreateFileA
CreateNamedPipeA
GetCurrentThreadId
PeekNamedPipe
GetStdHandle
GetTimeZoneInformation
OutputDebugStringA
GetConsoleScreenBufferInfo
SetConsoleTextAttribute
WriteConsoleA
MultiByteToWideChar
FormatMessageA
LocalFree
AreFileApisANSI
WideCharToMultiByte
GetSystemTime
SystemTimeToFileTime
GetFileType
GetModuleHandleW
GetProcAddress
FindClose
RtlVirtualUnwind
QueryPerformanceCounter
GetTickCount
FreeLibrary
LoadLibraryW
GlobalMemoryStatus
LoadLibraryA
FlushConsoleInputBuffer
GetModuleHandleExW
HeapSize
WriteConsoleW
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCurrentProcessId
SetEndOfFile
ExitProcess
CreateFileW
VerifyVersionInfoA
GetDriveTypeW
ExitThread
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
GetSystemTimeAsFileTime
GetOEMCP
IsValidCodePage
FindNextFileA
FindFirstFileExA
GetProcessHeap
GetFullPathNameW
GetCurrentDirectoryW
SetStdHandle
ReadConsoleW
SetFilePointerEx
FlushFileBuffers
GetConsoleCP
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetTimeFormatW
GetDateFormatW
GetACP
GetCommandLineW
GetCommandLineA
GetModuleFileNameA
HeapReAlloc
SetConsoleCtrlHandler
HeapFree
HeapAlloc
SetConsoleMode
ReadConsoleInputA
RtlUnwindEx
RaiseException
RtlPcToFileHeader
QueryPerformanceFrequency
TryEnterCriticalSection
WaitForSingleObjectEx
GetCurrentThread
GetExitCodeThread
GetNativeSystemInfo
EncodePointer
DecodePointer
GetCPInfo
CompareStringW
LCMapStringW
GetLocaleInfoW
GetStringTypeW
ResetEvent
InitializeSListHead
RtlCaptureContext
RtlLookupFunctionEntry
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
CreateTimerQueue
SignalObjectAndWait
SwitchToThread
CreateThread
SetThreadPriority
GetThreadPriority
GetLogicalProcessorInformation
CreateTimerQueueTimer
ChangeTimerQueueTimer
DeleteTimerQueueTimer
GetNumaHighestNodeNumber
GetProcessAffinityMask
SetThreadAffinityMask
RegisterWaitForSingleObject
UnregisterWait
GetThreadTimes
FreeLibraryAndExitThread
GetModuleFileNameW
GetModuleHandleA
LoadLibraryExW
GetVersionExW
VirtualAlloc
VirtualProtect
VirtualFree
ReleaseSemaphore
InterlockedPopEntrySList
InterlockedPushEntrySList
InterlockedFlushSList
QueryDepthSList
UnregisterWaitEx
GetConsoleMode

user32

GetUserObjectInformationW
MessageBoxW
GetProcessWindowStation

shell32

SHGetFolderPathA

advapi32

RegisterEventSourceW
DeregisterEventSource
ReportEventW

ws2_32

WSASend
WSARecvFrom
WSARecv
WSAIoctl
WSAGetLastError
WSASetLastError
shutdown
setsockopt
select
ntohs
ntohl
getaddrinfo
WSASocketW
htonl
getsockopt
getsockname
ioctlsocket
connect
closesocket
bind
accept
__WSAFDIsSet
WSACleanup
WSAStartup
WSASendTo
freeaddrinfo
WSAStringToAddressW
recv
send
listen
htons

mswsock

AcceptEx
GetAcceptExSockaddrs

Sections

.text
Size: 3.0MB - Virtual size: 3.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 335KB - Virtual size: 356KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 152KB - Virtual size: 151KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.10.15_Clearsky-Operation_Quicksand_MuddyWater?s_Offensive_Attack_Against_Israeli/46ecf53e18000f4ea1115b5bb661faa5ec5d61517f7ef073c346b4867606014b
.exe windows:6 windows x86 arch:x86

ea5930d320dcba3bcc8177d28420a4b8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

user32

LoadCursorA
EndPaint
RegisterClassExA
CreateWindowExA
DefWindowProcA
LoadIconA
PostQuitMessage
ShowWindow
DispatchMessageA
TranslateMessage
GetMessageA
BeginPaint

shell32

ShellExecuteA

ole32

CoCreateInstance
CoUninitialize
PropVariantClear
CoTaskMemAlloc
CoCreateGuid
CoInitializeEx

kernel32

MultiByteToWideChar
WriteConsoleW
CreateFileW
HeapSize
HeapReAlloc
GetProcessHeap
SetStdHandle
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
FindClose
Sleep
GetModuleHandleA
GetModuleFileNameA
GetTempPathA
GetTempFileNameA
MoveFileA
VirtualAlloc
CreateThread
GetEnvironmentVariableW
GetFileAttributesW
RaiseException
GetCurrentProcess
GetSystemTimeAsFileTime
GetModuleHandleW
GetProcAddress
LoadLibraryW
K32GetModuleFileNameExW
CloseHandle
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
SetEvent
ResetEvent
WaitForSingleObjectEx
CreateEventW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
InitializeSListHead
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
TerminateProcess
EncodePointer
DecodePointer
SetEndOfFile
WideCharToMultiByte
SetLastError
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LCMapStringW
GetLocaleInfoW
GetStringTypeW
GetCPInfo
FlushFileBuffers
RtlUnwind
GetLastError
FreeLibrary
LoadLibraryExW
GetStdHandle
WriteFile
GetModuleFileNameW
ExitProcess
GetModuleHandleExW
HeapFree
HeapAlloc
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetFileType
GetConsoleCP
GetConsoleMode
GetFileSizeEx
SetFilePointerEx
ReadFile
ReadConsoleW

Sections

.text
Size: 6.7MB - Virtual size: 6.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 70KB - Virtual size: 69KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 174KB - Virtual size: 173KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.10.15_Clearsky-Operation_Quicksand_MuddyWater?s_Offensive_Attack_Against_Israeli/56cf06c3230aefea1d85b42a59fb42d514681f35350aa907e84603b2f426ae88
.exe windows:4 windows x86 arch:x86

22523d899cd53474a3c0b50a8a4feb3a

Code Sign

70:01:28:ae:60:2e:53:de:8d:77:d8:df:85:31:b4:55
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

04-01-2018 00:00

Not After

04-01-2019 23:59

Subject

CN=Christian Hohnstaedt,O=Christian Hohnstaedt,POSTALCODE=12099,STREET=Ringbahnstrasse 43,ST=Berlin,C=DE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09-05-2013 00:00

Not After

08-05-2028 23:59

Subject

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

4c:aa:f9:ca:db:63:6f:e0:1f:f7:4e:d8:5b:03:86:9d
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

19-01-2010 00:00

Not After

18-01-2038 23:59

Subject

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0b
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31-12-2015 00:00

Not After

09-07-2019 18:40

Subject

CN=COMODO SHA-1 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

1e:3a:ee:81:80:80:cd:4c:97:51:1f:ce:c2:67:8e:e5:95:07:cd:71:4f:5e:d9:28:fe:c6:51:4b:fd:f5:22:0f
Signer

Actual PE Digest

1e:3a:ee:81:80:80:cd:4c:97:51:1f:ce:c2:67:8e:e5:95:07:cd:71:4f:5e:d9:28:fe:c6:51:4b:fd:f5:22:0f

Digest Algorithm

sha256

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

qt5core

_Z11qt_assert_xPKcS0_S0_i
_Z9qt_assertPKcS0_i
_ZN10QArrayData10deallocateEPS_jj
_ZN10QArrayData11shared_nullE
_ZN10QByteArray6appendEc
_ZN10QByteArray8truncateEi
_ZN10QByteArrayC1EPKci
_ZN11QFileDevice4seekEx
_ZN11QFileDevice5closeEv
_ZN5QFile11setFileNameERK7QString
_ZN5QFile14setPermissionsE6QFlagsIN11QFileDevice10PermissionEE
_ZN5QFile4openE6QFlagsIN9QIODevice12OpenModeFlagEE
_ZN5QFile6existsERK7QString
_ZN5QFile6removeERK7QString
_ZN5QFile6renameERK7QString
_ZN5QFile6renameERK7QStringS2_
_ZN5QFile6resizeEx
_ZN5QFileC1Ev
_ZN5QFileD1Ev
_ZN7QObject16staticMetaObjectE
_ZN7QString13toUtf8_helperERKS_
_ZN7QString15fromUtf8_helperEPKci
_ZN7QString15toLatin1_helperERKS_
_ZN7QString16fromAscii_helperEPKci
_ZN7QString18toLocal8Bit_helperEPK5QChari
_ZN7QString20fromLocal8Bit_helperEPKci
_ZN7QString6appendERKS_
_ZN7QString6numberEji
_ZN7QString6numberExi
_ZN7QStringaSERKS_
_ZN9QDateTime15currentDateTimeEv
_ZN9QDateTimeD1Ev
_ZN9QIODevice4readEPcx
_ZN9QIODevice5resetEv
_ZN9QIODevice5writeEPKcx
_ZN9QListData11detach_growEPii
_ZN9QListData11shared_nullE
_ZN9QListData5eraseEPPv
_ZN9QListData6appendEv
_ZN9QListData6detachEi
_ZN9QListData7disposeEPNS_4DataE
_ZN9QtPrivate16QStringList_joinEPK11QStringListPK5QChari
_ZNK10QByteArray3midEii
_ZNK10QByteArray7indexOfEci
_ZNK11QFileDevice3posEv
_ZNK11QFileDevice5errorEv
_ZNK11QMetaObject2trEPKcS1_i
_ZNK14QMessageLogger7warningEPKcz
_ZNK5QFile4sizeEv
_ZNK5QFile6existsEv
_ZNK5QFile8fileNameEv
_ZNK7QString3argERKS_i5QChar
_ZNK7QString3argExii5QChar
_ZNK7QString3argEyii5QChar
_ZNK7QString4leftEi
_ZNK7QString5splitERKS_NS_13SplitBehaviorEN2Qt15CaseSensitivityE
_ZNK7QString6toUIntEPbi
_ZNK9QDateTime8toStringERK7QString
_ZeqRK7QStringS1_

kernel32

CloseHandle
CreateSemaphoreW
DeleteCriticalSection
EnterCriticalSection
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetLastError
GetModuleHandleA
GetModuleHandleW
GetProcAddress
GetStartupInfoA
GetSystemTimeAsFileTime
GetTickCount
InitializeCriticalSection
IsDBCSLeadByteEx
LeaveCriticalSection
MultiByteToWideChar
QueryPerformanceCounter
ReleaseSemaphore
SetLastError
SetUnhandledExceptionFilter
Sleep
TerminateProcess
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
UnhandledExceptionFilter
VirtualProtect
VirtualQuery
WaitForSingleObject
WideCharToMultiByte

msvcrt

__dllonexit
__getmainargs
__initenv
__lconv_init
__mb_cur_max
__set_app_type
__setusermatherr
_acmdln
_amsg_exit
_cexit
_errno
_fmode
_initterm
_iob
_lock
_onexit
calloc
exit
fprintf
fputc
fputs
free
fwrite
getenv
localeconv
malloc
memcmp
memcpy
puts
realloc
setlocale
signal
sprintf
strchr
strcmp
strerror
strlen
strncmp
strncpy
_unlock
abort
atoi
vfprintf
wcslen
_write

Sections

.text
Size: 116KB - Virtual size: 115KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 3KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 52B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

/4
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/19
Size: 588KB - Virtual size: 587KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/31
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/45
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/57
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/70
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/81
Size: 89KB - Virtual size: 89KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/92
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.10.15_Clearsky-Operation_Quicksand_MuddyWater?s_Offensive_Attack_Against_Israeli/61072ae06a5e25194e7bf6297026b54ae52fcfc14787ead8866866d8098a1fa3
.dll regsvr32 windows:6 windows x86 arch:x86

45532c7b6883d551ef18d94d5258f6c3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

G:\Project\Covic\Modules\CLI.pdb

Imports

kernel32

QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
GetModuleHandleW
GetCurrentProcess
TerminateProcess
SetCurrentDirectoryW
Sleep
GetModuleFileNameW
WriteFile
CreateFileW
GetFileSize
VirtualAlloc
ReadFile
CloseHandle

vcruntime140

__std_exception_copy
__FrameUnwindFilter
__std_exception_destroy
memset
__current_exception_context
__current_exception
__std_type_info_destroy_list
_CxxThrowException
memmove
_except_handler4_common

api-ms-win-crt-runtime-l1-1-0

terminate
_cexit
_crt_at_quick_exit
_crt_atexit
_execute_onexit_table
_register_onexit_function
_initialize_narrow_environment
_configure_narrow_argv
_seh_filter_dll
_initterm_e
_initterm
_invalid_parameter_noinfo_noreturn
abort
_initialize_onexit_table

api-ms-win-crt-heap-l1-1-0

_callnewh
free
malloc

msvcp140

?__ExceptionPtrCopy@@YAXPAXPBX@Z
?_Xlength_error@std@@YAXPBD@Z
?__ExceptionPtrDestroy@@YAXPAX@Z
?_Xout_of_range@std@@YAXPBD@Z

mscoree

_CorDllMain

Exports

Exports

BIO_f_ssl
BIO_new_buffer_ssl_connect
BIO_new_ssl
BIO_new_ssl_connect
BIO_ssl_copy_session_id
BIO_ssl_shutdown
DTLS_client_method
DTLS_method
DTLS_server_method
DTLSv1_2_client_method
DTLSv1_2_method
DTLSv1_2_server_method
DTLSv1_client_method
DTLSv1_method
DTLSv1_server_method
DllRegisterServer
ERR_load_SSL_strings
PEM_read_SSL_SESSION
PEM_read_bio_SSL_SESSION
PEM_write_SSL_SESSION
PEM_write_bio_SSL_SESSION
SRP_Calc_A_param
SRP_generate_client_master_secret
SRP_generate_server_master_secret
SSL_CIPHER_description
SSL_CIPHER_find
SSL_CIPHER_get_bits
SSL_CIPHER_get_id
SSL_CIPHER_get_name
SSL_CIPHER_get_version
SSL_COMP_add_compression_method
SSL_COMP_free_compression_methods
SSL_COMP_get_compression_methods
SSL_COMP_get_name
SSL_COMP_set0_compression_methods
SSL_CONF_CTX_clear_flags
SSL_CONF_CTX_finish
SSL_CONF_CTX_free
SSL_CONF_CTX_new
SSL_CONF_CTX_set1_prefix
SSL_CONF_CTX_set_flags
SSL_CONF_CTX_set_ssl
SSL_CONF_CTX_set_ssl_ctx
SSL_CONF_cmd
SSL_CONF_cmd_argv
SSL_CONF_cmd_value_type
SSL_CTX_SRP_CTX_free
SSL_CTX_SRP_CTX_init
SSL_CTX_add_client_CA
SSL_CTX_add_client_custom_ext
SSL_CTX_add_server_custom_ext
SSL_CTX_add_session
SSL_CTX_callback_ctrl
SSL_CTX_check_private_key
SSL_CTX_ctrl
SSL_CTX_flush_sessions
SSL_CTX_free
SSL_CTX_get0_certificate
SSL_CTX_get0_param
SSL_CTX_get0_privatekey
SSL_CTX_get_cert_store
SSL_CTX_get_client_CA_list
SSL_CTX_get_client_cert_cb
SSL_CTX_get_ex_data
SSL_CTX_get_ex_new_index
SSL_CTX_get_info_callback
SSL_CTX_get_quiet_shutdown
SSL_CTX_get_ssl_method
SSL_CTX_get_timeout
SSL_CTX_get_verify_callback
SSL_CTX_get_verify_depth
SSL_CTX_get_verify_mode
SSL_CTX_load_verify_locations
SSL_CTX_new
SSL_CTX_remove_session
SSL_CTX_sess_get_get_cb
SSL_CTX_sess_get_new_cb
SSL_CTX_sess_get_remove_cb
SSL_CTX_sess_set_get_cb
SSL_CTX_sess_set_new_cb
SSL_CTX_sess_set_remove_cb
SSL_CTX_sessions
SSL_CTX_set1_param
SSL_CTX_set_alpn_protos
SSL_CTX_set_alpn_select_cb
SSL_CTX_set_cert_cb
SSL_CTX_set_cert_store
SSL_CTX_set_cert_verify_callback
SSL_CTX_set_cipher_list
SSL_CTX_set_client_CA_list
SSL_CTX_set_client_cert_cb
SSL_CTX_set_client_cert_engine
SSL_CTX_set_cookie_generate_cb
SSL_CTX_set_cookie_verify_cb
SSL_CTX_set_default_passwd_cb
SSL_CTX_set_default_passwd_cb_userdata
SSL_CTX_set_default_verify_paths
SSL_CTX_set_ex_data
SSL_CTX_set_generate_session_id
SSL_CTX_set_info_callback
SSL_CTX_set_msg_callback
SSL_CTX_set_next_proto_select_cb
SSL_CTX_set_next_protos_advertised_cb
SSL_CTX_set_psk_client_callback
SSL_CTX_set_psk_server_callback
SSL_CTX_set_purpose
SSL_CTX_set_quiet_shutdown
SSL_CTX_set_session_id_context
SSL_CTX_set_srp_cb_arg
SSL_CTX_set_srp_client_pwd_callback
SSL_CTX_set_srp_password
SSL_CTX_set_srp_strength
SSL_CTX_set_srp_username
SSL_CTX_set_srp_username_callback
SSL_CTX_set_srp_verify_param_callback
SSL_CTX_set_ssl_version
SSL_CTX_set_timeout
SSL_CTX_set_tlsext_use_srtp
SSL_CTX_set_tmp_dh_callback
SSL_CTX_set_tmp_ecdh_callback
SSL_CTX_set_tmp_rsa_callback
SSL_CTX_set_trust
SSL_CTX_set_verify
SSL_CTX_set_verify_depth
SSL_CTX_use_PrivateKey
SSL_CTX_use_PrivateKey_ASN1
SSL_CTX_use_PrivateKey_file
SSL_CTX_use_RSAPrivateKey
SSL_CTX_use_RSAPrivateKey_ASN1
SSL_CTX_use_RSAPrivateKey_file
SSL_CTX_use_certificate
SSL_CTX_use_certificate_ASN1
SSL_CTX_use_certificate_chain_file
SSL_CTX_use_certificate_file
SSL_CTX_use_psk_identity_hint
SSL_CTX_use_serverinfo
SSL_CTX_use_serverinfo_file
SSL_SESSION_free
SSL_SESSION_get0_peer
SSL_SESSION_get_compress_id
SSL_SESSION_get_ex_data
SSL_SESSION_get_ex_new_index
SSL_SESSION_get_id
SSL_SESSION_get_time
SSL_SESSION_get_timeout
SSL_SESSION_new
SSL_SESSION_print
SSL_SESSION_print_fp
SSL_SESSION_set1_id_context
SSL_SESSION_set_ex_data
SSL_SESSION_set_time
SSL_SESSION_set_timeout
SSL_SRP_CTX_free
SSL_SRP_CTX_init
SSL_accept
SSL_add_client_CA
SSL_add_dir_cert_subjects_to_stack
SSL_add_file_cert_subjects_to_stack
SSL_alert_desc_string
SSL_alert_desc_string_long
SSL_alert_type_string
SSL_alert_type_string_long
SSL_cache_hit
SSL_callback_ctrl
SSL_certs_clear
SSL_check_chain
SSL_check_private_key
SSL_clear
SSL_connect
SSL_copy_session_id
SSL_ctrl
SSL_do_handshake
SSL_dup
SSL_dup_CA_list
SSL_export_keying_material
SSL_extension_supported
SSL_free
SSL_get0_alpn_selected
SSL_get0_next_proto_negotiated
SSL_get0_param
SSL_get1_session
SSL_get_SSL_CTX
SSL_get_certificate
SSL_get_cipher_list
SSL_get_ciphers
SSL_get_client_CA_list
SSL_get_current_cipher
SSL_get_current_compression
SSL_get_current_expansion
SSL_get_default_timeout
SSL_get_error
SSL_get_ex_data
SSL_get_ex_data_X509_STORE_CTX_idx
SSL_get_ex_new_index
SSL_get_fd
SSL_get_finished
SSL_get_info_callback
SSL_get_peer_cert_chain
SSL_get_peer_certificate
SSL_get_peer_finished
SSL_get_privatekey
SSL_get_psk_identity
SSL_get_psk_identity_hint
SSL_get_quiet_shutdown
SSL_get_rbio
SSL_get_read_ahead
SSL_get_rfd
SSL_get_selected_srtp_profile
SSL_get_servername
SSL_get_servername_type
SSL_get_session
SSL_get_shared_ciphers
SSL_get_shared_sigalgs
SSL_get_shutdown
SSL_get_sigalgs
SSL_get_srp_N
SSL_get_srp_g
SSL_get_srp_userinfo
SSL_get_srp_username
SSL_get_srtp_profiles
SSL_get_ssl_method
SSL_get_verify_callback
SSL_get_verify_depth
SSL_get_verify_mode
SSL_get_verify_result
SSL_get_version
SSL_get_wbio
SSL_get_wfd
SSL_has_matching_session_id
SSL_is_server
SSL_library_init
SSL_load_client_CA_file
SSL_load_error_strings
SSL_new
SSL_peek
SSL_pending
SSL_read
SSL_renegotiate
SSL_renegotiate_abbreviated
SSL_renegotiate_pending
SSL_rstate_string
SSL_rstate_string_long
SSL_select_next_proto
SSL_set1_param
SSL_set_SSL_CTX
SSL_set_accept_state
SSL_set_alpn_protos
SSL_set_bio
SSL_set_cert_cb
SSL_set_cipher_list
SSL_set_client_CA_list
SSL_set_connect_state
SSL_set_debug
SSL_set_ex_data
SSL_set_fd
SSL_set_generate_session_id
SSL_set_info_callback
SSL_set_msg_callback
SSL_set_psk_client_callback
SSL_set_psk_server_callback
SSL_set_purpose
SSL_set_quiet_shutdown
SSL_set_read_ahead
SSL_set_rfd
SSL_set_session
SSL_set_session_id_context
SSL_set_session_secret_cb
SSL_set_session_ticket_ext
SSL_set_session_ticket_ext_cb
SSL_set_shutdown
SSL_set_srp_server_param
SSL_set_srp_server_param_pw
SSL_set_ssl_method
SSL_set_state
SSL_set_tlsext_use_srtp
SSL_set_tmp_dh_callback
SSL_set_tmp_ecdh_callback
SSL_set_tmp_rsa_callback
SSL_set_trust
SSL_set_verify
SSL_set_verify_depth
SSL_set_verify_result
SSL_set_wfd
SSL_shutdown
SSL_srp_server_param_with_username
SSL_state
SSL_state_string
SSL_state_string_long
SSL_use_PrivateKey
SSL_use_PrivateKey_ASN1
SSL_use_PrivateKey_file
SSL_use_RSAPrivateKey
SSL_use_RSAPrivateKey_ASN1
SSL_use_RSAPrivateKey_file
SSL_use_certificate
SSL_use_certificate_ASN1
SSL_use_certificate_file
SSL_use_psk_identity_hint
SSL_version
SSL_want
SSL_write
SSLv23_client_method
SSLv23_method
SSLv23_server_method
SSLv2_client_method
SSLv2_method
SSLv2_server_method
SSLv3_client_method
SSLv3_method
SSLv3_server_method
TLSv1_1_client_method
TLSv1_1_method
TLSv1_1_server_method
TLSv1_2_client_method
TLSv1_2_method
TLSv1_2_server_method
TLSv1_client_method
TLSv1_method
TLSv1_server_method
d2i_SSL_SESSION
i2d_SSL_SESSION
ssl3_ciphers

Sections

.text
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 85KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.10.15_Clearsky-Operation_Quicksand_MuddyWater?s_Offensive_Attack_Against_Israeli/6d065532daab06c0b15c73d808c03b8497bb80fdd19c012bfc8771905f1f4066
.ps1
Malware-Feed-master/2020.10.15_Clearsky-Operation_Quicksand_MuddyWater?s_Offensive_Attack_Against_Israeli/8bbed7013e339cca41cf85a0788ef0fc250b54515a038eff6d4838a16be047d7
.ps1
Malware-Feed-master/2020.10.15_Clearsky-Operation_Quicksand_MuddyWater?s_Offensive_Attack_Against_Israeli/92bbd427ad2daf5644c5671b6dc369e02c00d03e4a13eadc2bb3025c0cdf3ec2
.asp .js polyglot
Malware-Feed-master/2020.10.15_Clearsky-Operation_Quicksand_MuddyWater?s_Offensive_Attack_Against_Israeli/93373b2c8607a6bf9e267972271bd713caea2d43c6dc22ff29462a75299fa0ef
.vbs
Malware-Feed-master/2020.10.15_Clearsky-Operation_Quicksand_MuddyWater?s_Offensive_Attack_Against_Israeli/9b8d513298fdc349c381ed11d0c5cfce1eab36b9a81f6a80371ba499a49d0607
.exe windows:6 windows x86 arch:x86

ea5930d320dcba3bcc8177d28420a4b8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

user32

LoadCursorA
EndPaint
RegisterClassExA
CreateWindowExA
DefWindowProcA
LoadIconA
PostQuitMessage
ShowWindow
DispatchMessageA
TranslateMessage
GetMessageA
BeginPaint

shell32

ShellExecuteA

ole32

CoCreateInstance
CoUninitialize
PropVariantClear
CoTaskMemAlloc
CoCreateGuid
CoInitializeEx

kernel32

MultiByteToWideChar
WriteConsoleW
CreateFileW
HeapSize
HeapReAlloc
GetProcessHeap
SetStdHandle
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
FindClose
Sleep
GetModuleHandleA
GetModuleFileNameA
GetTempPathA
GetTempFileNameA
MoveFileA
VirtualAlloc
CreateThread
GetEnvironmentVariableW
GetFileAttributesW
RaiseException
GetCurrentProcess
GetSystemTimeAsFileTime
GetModuleHandleW
GetProcAddress
LoadLibraryW
K32GetModuleFileNameExW
CloseHandle
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
SetEvent
ResetEvent
WaitForSingleObjectEx
CreateEventW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
InitializeSListHead
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
TerminateProcess
EncodePointer
DecodePointer
SetEndOfFile
WideCharToMultiByte
SetLastError
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LCMapStringW
GetLocaleInfoW
GetStringTypeW
GetCPInfo
FlushFileBuffers
RtlUnwind
GetLastError
FreeLibrary
LoadLibraryExW
GetStdHandle
WriteFile
GetModuleFileNameW
ExitProcess
GetModuleHandleExW
HeapFree
HeapAlloc
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetFileType
GetConsoleCP
GetConsoleMode
GetFileSizeEx
SetFilePointerEx
ReadFile
ReadConsoleW

Sections

.text
Size: 6.7MB - Virtual size: 6.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 70KB - Virtual size: 69KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 174KB - Virtual size: 173KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.10.15_Clearsky-Operation_Quicksand_MuddyWater?s_Offensive_Attack_Against_Israeli/9e65ccf31a2413bf43695ba04c5402ed235ce456563758d6e3a3ad2126e3734a
.zip
Malware-Feed-master/2020.10.15_Clearsky-Operation_Quicksand_MuddyWater?s_Offensive_Attack_Against_Israeli/README.md
Malware-Feed-master/2020.10.15_Clearsky-Operation_Quicksand_MuddyWater?s_Offensive_Attack_Against_Israeli/a1282dde503e911d5653e1d9d1214e4780e61c96d1530c3a1be22d88a81dcf5f
.xls windows office2003

ThisWorkbook

Sheet1

Module1

Module2
Malware-Feed-master/2020.10.15_Clearsky-Operation_Quicksand_MuddyWater?s_Offensive_Attack_Against_Israeli/b154d3fd88767776b1e36113c479ef3487ceda0f6e4fc80cef85ba539a589555
.dll regsvr32 windows:6 windows x86 arch:x86

be15787a80e64fb212362462c2377ee5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

G:\Project\Covic\Modules\goopdate.pdb

Imports

kernel32

ReadFile
VirtualAlloc
GetModuleFileNameW
CreateFileW
Sleep
CloseHandle
SetCurrentDirectoryW
GetFileSize
CreateProcessW
GetModuleHandleW
WriteConsoleW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
RtlUnwind
RaiseException
InterlockedFlushSList
GetLastError
SetLastError
EncodePointer
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
ExitProcess
GetModuleHandleExW
HeapAlloc
HeapFree
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
MultiByteToWideChar
WideCharToMultiByte
GetEnvironmentStringsW
FreeEnvironmentStringsW
LCMapStringW
GetProcessHeap
GetStdHandle
GetFileType
GetStringTypeW
HeapSize
HeapReAlloc
SetStdHandle
FlushFileBuffers
WriteFile
GetConsoleCP
GetConsoleMode
SetFilePointerEx
DecodePointer

Exports

Exports

DllEntry
DllRegisterServer
zip_close
zip_discard
zip_error_code_system
zip_error_code_zip
zip_error_fini
zip_error_init
zip_error_init_with_code
zip_error_set
zip_error_system_type
zip_error_to_data
zip_fclose
zip_fopen_index
zip_fopen_index_encrypted
zip_fread
zip_get_name
zip_get_num_entries
zip_open
zip_open_from_source
zip_register_progress_callback
zip_register_progress_callback_with_state
zip_source_begin_write
zip_source_buffer
zip_source_buffer_create
zip_source_close
zip_source_commit_write
zip_source_error
zip_source_file
zip_source_file_create
zip_source_free
zip_source_function
zip_source_function_create
zip_source_keep
zip_source_make_command_bitmap
zip_source_open
zip_source_read
zip_source_rollback_write
zip_source_seek
zip_source_seek_compute_offset
zip_source_seek_write
zip_source_stat
zip_source_tell
zip_source_tell_write
zip_source_win32handle
zip_source_win32handle_create
zip_source_win32w
zip_source_win32w_create
zip_source_write
zip_stat_index
zip_stat_init

Sections

.text
Size: 54KB - Virtual size: 53KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.10.15_Clearsky-Operation_Quicksand_MuddyWater?s_Offensive_Attack_Against_Israeli/ba0c5d1f76906689009dd751cb605e76da1b31f7b4ab3d61f187add10f8189d3
.vbs
Malware-Feed-master/2020.10.19_TrendMicro-Operation_Earth_Kitsune_SLUB/59e4510b7b15011d67eb2f80484589f7211e67756906a87ce466a7bb68f2095b
.exe windows:5 windows x64 arch:x64

166809e362806ee54da9946c3b115b09

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

CreateFileW
Sleep
WaitForSingleObjectEx
MultiByteToWideChar
CreateMutexA
GetFileSizeEx
FindNextFileW
GetStdHandle
SetFilePointer
SetEndOfFile
UnmapViewOfFile
GetTimeZoneInformation
SystemTimeToFileTime
GetModuleHandleA
GetCurrentDirectoryW
SetFilePointerEx
CreateFileMappingA
GetModuleHandleW
SystemTimeToTzSpecificLocalTime
GetFileType
MapViewOfFile
GetFileInformationByHandle
GetLocalTime
GetFileSize
GetProcessHeap
GetComputerNameW
RemoveDirectoryA
LocalFree
GetProcAddress
WriteFile
OutputDebugStringA
GetTickCount
CreateEventA
GetSystemTime
CreateDirectoryA
CreateProcessA
WideCharToMultiByte
FileTimeToSystemTime
CreateProcessW
HeapAlloc
CreateThread
LoadLibraryW
CloseHandle
DeleteFileW
DeleteFileA
GetDiskFreeSpaceExW
SetEvent
CreateFileA
GetFileAttributesExW
GetFileAttributesA
GetLastError
CopyFileA
GetLogicalDriveStringsW
OpenProcess
GetCurrentThreadId
LocalAlloc
WaitForSingleObject
FindClose
HeapSize
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetTempPathW
PeekNamedPipe
CreatePipe
FindNextFileA
GetModuleFileNameW
SetFileTime
TerminateProcess
GetCurrentProcess
SetLastError
HeapFree
FindFirstFileA
GetVolumeInformationW
GetCommandLineW
GetCommandLineA
GetOEMCP
IsValidCodePage
FindFirstFileExA
FlushFileBuffers
SetStdHandle
GetFullPathNameW
OutputDebugStringW
ReadFile
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetTimeFormatW
GetDateFormatW
GetConsoleCP
ReadConsoleW
GetConsoleMode
GetCurrentDirectoryA
SetCurrentDirectoryA
SetEnvironmentVariableA
GetACP
HeapReAlloc
GetDriveTypeW
FreeLibraryAndExitThread
ExitThread
WriteConsoleW
GetModuleFileNameA
FindFirstFileExW
GetModuleHandleExW
ExitProcess
LoadLibraryExW
RtlUnwindEx
RaiseException
RtlPcToFileHeader
InitializeSListHead
GetStartupInfoW
IsDebuggerPresent
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
QueryPerformanceCounter
ResetEvent
OpenEventA
GetCurrentProcessId
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FormatMessageA
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
FreeLibrary
SleepEx
GetTickCount64
VerSetConditionMask
GetSystemDirectoryA
LoadLibraryA
VerifyVersionInfoA
ExpandEnvironmentStringsA
RtlVirtualUnwind
GetStringTypeW
EncodePointer
DecodePointer
InitializeCriticalSectionAndSpinCount
CreateEventW
GetSystemTimeAsFileTime
CompareStringW
LCMapStringW
GetLocaleInfoW
GetCPInfo
RtlCaptureContext
RtlLookupFunctionEntry
UnhandledExceptionFilter

user32

GetWindowDC
GetDesktopWindow
GetCursorPos
GetWindowRect
GetProcessWindowStation
MessageBoxW
GetUserObjectInformationW

gdi32

SaveDC
SelectObject
CreateDIBSection
CreateCompatibleDC
GetDeviceCaps
DeleteDC
RestoreDC
DeleteObject
BitBlt

advapi32

ReportEventW
DeregisterEventSource
CryptDestroyHash
CryptHashData
CryptCreateHash
GetTokenInformation
GetUserNameW
OpenProcessToken
GetSidSubAuthority
RegQueryValueExW
RegEnumValueW
RegOpenKeyExW
CryptAcquireContextA
CryptReleaseContext
CryptGetHashParam
CryptGenRandom
RegCloseKey
RegQueryInfoKeyW
RegEnumKeyExW
RegSetValueExW
RegisterEventSourceW

shell32

SHGetFolderPathW
ShellExecuteW

crypt32

CertCloseStore
CertFindCertificateInStore
CertFreeCertificateContext
CryptStringToBinaryA
CertAddCertificateContextToStore
CertGetNameStringA
CryptQueryObject
CertCreateCertificateChainEngine
CertFreeCertificateChainEngine
CertGetCertificateChain
CertFreeCertificateChain
CertOpenStore

ws2_32

WSAIoctl
getaddrinfo
getsockopt
getsockname
getpeername
bind
send
recv
WSASetLastError
select
freeaddrinfo
WSAGetLastError
WSACleanup
closesocket
gethostbyname
WSAStartup
inet_addr
socket
connect
inet_ntoa
htons
setsockopt
ioctlsocket
__WSAFDIsSet
ntohs
inet_pton

gdiplus

GdipGetImageEncodersSize
GdipFree
GdipDisposeImage
GdipCreateBitmapFromHBITMAP
GdipAlloc
GdipCloneImage
GdipGetImageEncoders
GdiplusShutdown
GdiplusStartup
GdipSaveImageToFile

shlwapi

PathRemoveFileSpecA
PathRemoveFileSpecW

psapi

GetProcessImageFileNameW
EnumProcesses
GetModuleBaseNameW
EnumProcessModules

Sections

.text
Size: 785KB - Virtual size: 784KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 313KB - Virtual size: 313KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 67KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 1024B - Virtual size: 588B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.10.19_TrendMicro-Operation_Earth_Kitsune_SLUB/833070159999aa255420441ba2f2f188ab949b170d766b840a5be0885f745457
.exe windows:5 windows x64 arch:x64

91bb273829cc95fbc9060348a7c7bb16

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

CreateFileW
Sleep
WaitForSingleObjectEx
MultiByteToWideChar
CreateMutexA
GetFileSizeEx
FindNextFileW
GetStdHandle
SetFilePointer
SetEndOfFile
UnmapViewOfFile
GetTimeZoneInformation
SystemTimeToFileTime
GetModuleHandleA
GetCurrentDirectoryW
SetFilePointerEx
CreateFileMappingA
GetModuleHandleW
SystemTimeToTzSpecificLocalTime
GetFileType
MapViewOfFile
GetFileInformationByHandle
GetLocalTime
GetFileSize
GetProcessHeap
GetComputerNameW
RemoveDirectoryA
LocalFree
WriteFile
OutputDebugStringA
GetTickCount
CreateEventA
GetSystemTime
CreateDirectoryA
CreateProcessA
WideCharToMultiByte
FileTimeToSystemTime
CreateProcessW
GetProcAddress
HeapAlloc
CreateThread
LoadLibraryW
CloseHandle
DeleteFileW
DeleteFileA
GetDiskFreeSpaceExW
SetEvent
CreateFileA
GetFileAttributesExW
GetFileAttributesA
GetLastError
CopyFileA
GetLogicalDriveStringsW
OpenProcess
GetCurrentThreadId
LocalAlloc
WaitForSingleObject
FindClose
HeapSize
GetTempPathW
PeekNamedPipe
CreatePipe
FindNextFileA
GetModuleFileNameW
SetFileTime
TerminateProcess
GetCurrentProcess
SetLastError
HeapFree
FindFirstFileA
GetVolumeInformationW
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
IsValidCodePage
FindFirstFileExA
FlushFileBuffers
ReadFile
SetStdHandle
GetFullPathNameW
OutputDebugStringW
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetTimeFormatW
GetDateFormatW
GetConsoleCP
ReadConsoleW
GetConsoleMode
GetACP
HeapReAlloc
GetDriveTypeW
FreeLibraryAndExitThread
ExitThread
WriteConsoleW
GetModuleFileNameA
FindFirstFileExW
GetModuleHandleExW
ExitProcess
LoadLibraryExW
RtlUnwindEx
RaiseException
RtlPcToFileHeader
InitializeSListHead
GetStartupInfoW
IsDebuggerPresent
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
QueryPerformanceCounter
ResetEvent
OpenEventA
GetCurrentProcessId
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FormatMessageA
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
FreeLibrary
SleepEx
GetTickCount64
VerSetConditionMask
GetSystemDirectoryA
LoadLibraryA
VerifyVersionInfoA
ExpandEnvironmentStringsA
RtlVirtualUnwind
GetStringTypeW
EncodePointer
DecodePointer
InitializeCriticalSectionAndSpinCount
CreateEventW
GetSystemTimeAsFileTime
CompareStringW
LCMapStringW
GetLocaleInfoW
GetCPInfo
RtlCaptureContext
RtlLookupFunctionEntry

user32

GetWindowRect
GetWindowDC
GetDesktopWindow
GetProcessWindowStation
GetUserObjectInformationW
MessageBoxW

gdi32

SaveDC
SelectObject
CreateDIBSection
CreateCompatibleDC
GetDeviceCaps
DeleteDC
RestoreDC
DeleteObject
BitBlt

advapi32

ReportEventW
DeregisterEventSource
CryptDestroyHash
CryptHashData
GetTokenInformation
GetUserNameW
OpenProcessToken
GetSidSubAuthority
RegQueryValueExW
RegEnumValueW
RegOpenKeyExW
RegSetValueExW
CryptAcquireContextA
CryptReleaseContext
CryptGetHashParam
CryptGenRandom
CryptCreateHash
RegCloseKey
RegQueryInfoKeyW
RegEnumKeyExW
RegisterEventSourceW

shell32

SHGetFolderPathW
ShellExecuteW

crypt32

CertCloseStore
CertFindCertificateInStore
CertFreeCertificateContext
CryptStringToBinaryA
CertAddCertificateContextToStore
CertGetNameStringA
CryptQueryObject
CertCreateCertificateChainEngine
CertFreeCertificateChainEngine
CertGetCertificateChain
CertFreeCertificateChain
CertOpenStore

ws2_32

getaddrinfo
freeaddrinfo
ntohs
getsockopt
getsockname
getpeername
bind
send
recv
WSASetLastError
ioctlsocket
__WSAFDIsSet
WSAGetLastError
inet_pton
closesocket
gethostbyname
WSAStartup
inet_addr
socket
connect
inet_ntoa
htons
setsockopt
select
WSAIoctl
WSACleanup

gdiplus

GdipGetImageEncodersSize
GdipFree
GdipDisposeImage
GdipCreateBitmapFromHBITMAP
GdipAlloc
GdipCloneImage
GdipGetImageEncoders
GdiplusShutdown
GdiplusStartup
GdipSaveImageToFile

shlwapi

PathRemoveFileSpecW
PathRemoveFileSpecA

psapi

GetProcessImageFileNameW
EnumProcesses
GetModuleBaseNameW
EnumProcessModules

Sections

.text
Size: 785KB - Virtual size: 784KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 313KB - Virtual size: 313KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 67KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 1024B - Virtual size: 588B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.10.19_TrendMicro-Operation_Earth_Kitsune_SLUB/93bb93d87cedb0a99976c18a37d65f816dc904942a0fb39cc177d49372ed54e5
.exe windows:5 windows x64 arch:x64

166809e362806ee54da9946c3b115b09

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

CreateFileW
Sleep
WaitForSingleObjectEx
MultiByteToWideChar
CreateMutexA
GetFileSizeEx
FindNextFileW
GetStdHandle
SetFilePointer
SetEndOfFile
UnmapViewOfFile
GetTimeZoneInformation
SystemTimeToFileTime
GetModuleHandleA
GetCurrentDirectoryW
SetFilePointerEx
CreateFileMappingA
GetModuleHandleW
SystemTimeToTzSpecificLocalTime
GetFileType
MapViewOfFile
GetFileInformationByHandle
GetLocalTime
GetFileSize
GetProcessHeap
GetComputerNameW
RemoveDirectoryA
LocalFree
GetProcAddress
WriteFile
OutputDebugStringA
GetTickCount
CreateEventA
GetSystemTime
CreateDirectoryA
CreateProcessA
WideCharToMultiByte
FileTimeToSystemTime
CreateProcessW
HeapAlloc
CreateThread
LoadLibraryW
CloseHandle
DeleteFileW
DeleteFileA
GetDiskFreeSpaceExW
SetEvent
CreateFileA
GetFileAttributesExW
GetFileAttributesA
GetLastError
CopyFileA
GetLogicalDriveStringsW
OpenProcess
GetCurrentThreadId
LocalAlloc
WaitForSingleObject
FindClose
HeapSize
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetTempPathW
PeekNamedPipe
CreatePipe
FindNextFileA
GetModuleFileNameW
SetFileTime
TerminateProcess
GetCurrentProcess
SetLastError
HeapFree
FindFirstFileA
GetVolumeInformationW
GetCommandLineW
GetCommandLineA
GetOEMCP
IsValidCodePage
FindFirstFileExA
FlushFileBuffers
SetStdHandle
GetFullPathNameW
OutputDebugStringW
ReadFile
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetTimeFormatW
GetDateFormatW
GetConsoleCP
ReadConsoleW
GetConsoleMode
GetCurrentDirectoryA
SetCurrentDirectoryA
SetEnvironmentVariableA
GetACP
HeapReAlloc
GetDriveTypeW
FreeLibraryAndExitThread
ExitThread
WriteConsoleW
GetModuleFileNameA
FindFirstFileExW
GetModuleHandleExW
ExitProcess
LoadLibraryExW
RtlUnwindEx
RaiseException
RtlPcToFileHeader
InitializeSListHead
GetStartupInfoW
IsDebuggerPresent
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
QueryPerformanceCounter
ResetEvent
OpenEventA
GetCurrentProcessId
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FormatMessageA
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
FreeLibrary
SleepEx
GetTickCount64
VerSetConditionMask
GetSystemDirectoryA
LoadLibraryA
VerifyVersionInfoA
ExpandEnvironmentStringsA
RtlVirtualUnwind
GetStringTypeW
EncodePointer
DecodePointer
InitializeCriticalSectionAndSpinCount
CreateEventW
GetSystemTimeAsFileTime
CompareStringW
LCMapStringW
GetLocaleInfoW
GetCPInfo
RtlCaptureContext
RtlLookupFunctionEntry
UnhandledExceptionFilter

user32

GetWindowDC
GetDesktopWindow
GetCursorPos
GetWindowRect
GetProcessWindowStation
MessageBoxW
GetUserObjectInformationW

gdi32

SaveDC
SelectObject
CreateDIBSection
CreateCompatibleDC
GetDeviceCaps
DeleteDC
RestoreDC
DeleteObject
BitBlt

advapi32

ReportEventW
DeregisterEventSource
CryptDestroyHash
CryptHashData
CryptCreateHash
GetTokenInformation
GetUserNameW
OpenProcessToken
GetSidSubAuthority
RegQueryValueExW
RegEnumValueW
RegOpenKeyExW
CryptAcquireContextA
CryptReleaseContext
CryptGetHashParam
CryptGenRandom
RegCloseKey
RegQueryInfoKeyW
RegEnumKeyExW
RegSetValueExW
RegisterEventSourceW

shell32

SHGetFolderPathW
ShellExecuteW

crypt32

CertCloseStore
CertFindCertificateInStore
CertFreeCertificateContext
CryptStringToBinaryA
CertAddCertificateContextToStore
CertGetNameStringA
CryptQueryObject
CertCreateCertificateChainEngine
CertFreeCertificateChainEngine
CertGetCertificateChain
CertFreeCertificateChain
CertOpenStore

ws2_32

WSAIoctl
getaddrinfo
getsockopt
getsockname
getpeername
bind
send
recv
WSASetLastError
select
freeaddrinfo
WSAGetLastError
WSACleanup
closesocket
gethostbyname
WSAStartup
inet_addr
socket
connect
inet_ntoa
htons
setsockopt
ioctlsocket
__WSAFDIsSet
ntohs
inet_pton

gdiplus

GdipGetImageEncodersSize
GdipFree
GdipDisposeImage
GdipCreateBitmapFromHBITMAP
GdipAlloc
GdipCloneImage
GdipGetImageEncoders
GdiplusShutdown
GdiplusStartup
GdipSaveImageToFile

shlwapi

PathRemoveFileSpecA
PathRemoveFileSpecW

psapi

GetProcessImageFileNameW
EnumProcesses
GetModuleBaseNameW
EnumProcessModules

Sections

.text
Size: 793KB - Virtual size: 792KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 313KB - Virtual size: 313KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 67KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 1024B - Virtual size: 588B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.10.19_TrendMicro-Operation_Earth_Kitsune_SLUB/README.md
Malware-Feed-master/2020.10.22_Weixin-Bitter_CHM_APT/59d212b7a8455a10162064b153fa9b0968ef6e29ab6bda4b5d6c5fc1f99cd8f7
.exe windows:5 windows x86 arch:x86

45dea15cefd110f8b7e6c0288f63e9c6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Users\Asterix\Desktop\VS Proj Bak\DllReferenceApp\Release\DllReferenceApp.pdb

Imports

kernel32

WinExec
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
InterlockedCompareExchange
Sleep
InterlockedExchange
GetSystemTimeAsFileTime

msvcr90

__p__commode
__p__fmode
_encode_pointer
__set_app_type
_crt_debugger_hook
?terminate@@YAXXZ
_adjust_fdiv
_unlock
__dllonexit
_lock
_onexit
_decode_pointer
_except_handler4_common
_invoke_watson
_controlfp_s
__setusermatherr
_configthreadlocale
_initterm_e
_initterm
__initenv
exit
_XcptFilter
_exit
_cexit
__getmainargs
_amsg_exit
??3@YAXPAX@Z

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 912B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 688B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 482B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.10.22_Weixin-Bitter_CHM_APT/78b16177d8c5b2e06622688a9196ce7452ca1b25a350daae8c4f12c2e415065c
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

G:\VisualStudioProjects_CN\RemoteTool\RemoteTool\obj\Release\MicrosoftServices.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 33KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 60KB - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.10.22_Weixin-Bitter_CHM_APT/README.md
Malware-Feed-master/2020.10.22_Weixin-Bitter_CHM_APT/c42865e79497dbba80cfd806e0d3dc58769212fca2f9e82620029503b6ef7d8a
.exe windows:6 windows x86 arch:x86

70d309bfa4bcf782ec6ecb79ee38fcf1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetSystemInfo
DecodePointer
DeleteCriticalSection
RaiseException
GetComputerNameA
WriteConsoleW
CreateFileW
SetStdHandle
GetLastError
GetModuleHandleA
InitializeCriticalSectionEx
CreateSemaphoreA
GetModuleFileNameA
GetProcessHeap
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
FindClose
HeapSize
WideCharToMultiByte
EnterCriticalSection
LeaveCriticalSection
SetLastError
InitializeCriticalSectionAndSpinCount
SwitchToThread
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
GetModuleHandleW
GetProcAddress
EncodePointer
MultiByteToWideChar
LCMapStringW
GetLocaleInfoW
GetStringTypeW
GetCPInfo
IsDebuggerPresent
OutputDebugStringW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
GetStartupInfoW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
InitializeSListHead
RtlUnwind
FreeLibrary
LoadLibraryExW
ExitProcess
GetModuleHandleExW
GetModuleFileNameW
GetStdHandle
WriteFile
GetFileSizeEx
SetFilePointerEx
GetFileType
FlushFileBuffers
GetConsoleCP
GetConsoleMode
HeapFree
CloseHandle
HeapReAlloc
HeapAlloc
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
MoveFileExW
ReadFile
ReadConsoleW
SetEndOfFile

advapi32

RegQueryValueExA
GetUserNameA
RegOpenKeyExA
RegCloseKey

shell32

ShellExecuteA

ws2_32

gethostbyaddr
send
socket
inet_addr
gethostname
recv
htons
WSAStartup
gethostbyname
WSACleanup
closesocket
connect

Sections

.text
Size: 138KB - Virtual size: 138KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 57KB - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.10.22_Weixin-Bitter_CHM_APT/d957239ba4d314e47de9748e77a229f4f969f55b3fcf54a096e7971c7f1bab7d
.exe windows:5 windows x86 arch:x86

1735203f3ae9c8a8bf317585aa734c05

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LoadResource
LockResource
SizeofResource
FindResourceW
FindResourceExW
lstrlenA
CloseHandle
GetModuleFileNameW
lstrcmpiW
CreateFileW
GetFileSize
ReadFile
Sleep
GetLogicalDriveStringsW
GetDriveTypeW
lstrcpyW
lstrcpynW
lstrcatW
GetComputerNameW
FindFirstFileW
GetFileTime
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
GetLocalTime
GetLastError
FindClose
WriteFile
lstrcmpW
InterlockedCompareExchange
GetStartupInfoW
TerminateProcess
GetProcessHeap
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
HeapDestroy
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
RaiseException
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
IsDebuggerPresent
lstrlenW
WideCharToMultiByte
FindNextFileW
MultiByteToWideChar
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
InterlockedExchange

user32

LoadCursorW
RegisterClassExW
CreateWindowExW
LoadStringW
LoadIconW
EndDialog
PostQuitMessage
EndPaint
BeginPaint
DefWindowProcW
DestroyWindow
DialogBoxParamW
UpdateWindow
ShowWindow

advapi32

RegQueryValueExW
RegCloseKey
RegOpenKeyExA

shell32

SHGetDriveMedia
SHGetFolderPathW

msvcr90

wcsrchr
rand
fopen
fclose
remove
mbstowcs
_stricmp
strstr
_wremove
sprintf
fprintf
_recalloc
calloc
_unlock
__dllonexit
_encode_pointer
_lock
_onexit
_decode_pointer
_vsnwprintf
__wgetmainargs
_cexit
_exit
_XcptFilter
exit
_wcmdln
_initterm
_initterm_e
_configthreadlocale
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_crt_debugger_hook
?terminate@@YAXXZ
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_except_handler4_common
_invoke_watson
_controlfp_s
strcpy_s
malloc
_invalid_parameter_noinfo
??2@YAPAXI@Z
??0exception@std@@QAE@ABV01@@Z
free
??3@YAXPAX@Z
memmove_s
memcpy_s
??1exception@std@@UAE@XZ
_amsg_exit
memset
memcpy
__CxxFrameHandler3
??0exception@std@@QAE@XZ
_CxxThrowException

msvcp90

??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_W@Z
??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@ABV01@@Z
??$?M_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@0@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z

ws2_32

WSAStartup
gethostname
getaddrinfo
WSACleanup
recv
shutdown
send
closesocket
connect
socket

Sections

.text
Size: 34KB - Virtual size: 33KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 49KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.10.22_Weixin-Bitter_CHM_APT/e48aac5148b261371c714b9e00268809832e4f82d23748e44f5cfbbf20ca3d3f
.exe windows:6 windows x86 arch:x86

8ac12c005ccbdb38aaa8071e1f1add70

Code Sign

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cb
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

10-12-2013 00:00

Not After

09-12-2023 23:59

Subject

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

79:7d:59:66:04:91:55:be:bf:38:3f:fb:0b:e3:29:10
Certificate

Issuer

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Not Before

06-03-2020 00:00

Not After

05-03-2023 23:59

Subject

CN=Caphyon SRL,OU=SECURE APPLICATION DEVELOPMENT,O=Caphyon SRL,L=Craiova,ST=Dolj,C=RO

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12-01-2016 00:00

Not After

11-01-2031 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23-12-2017 00:00

Not After

22-03-2029 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

ec:29:48:14:5d:03:87:93:5f:f2:bc:3f:97:2e:e6:d4:62:e9:92:89:32:c7:35:4e:81:bb:65:a5:d5:6d:18:8d
Signer

Actual PE Digest

ec:29:48:14:5d:03:87:93:5f:f2:bc:3f:97:2e:e6:d4:62:e9:92:89:32:c7:35:4e:81:bb:65:a5:d5:6d:18:8d

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\JobRelease\win\Release\custact\x86\viewer.pdb

Imports

kernel32

WriteFile
SetFilePointer
FindClose
HeapDestroy
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
GetProcessHeap
GetTempPathW
GetTempFileNameW
MoveFileW
GetSystemDirectoryW
LoadLibraryExW
CreateToolhelp32Snapshot
Process32FirstW
OpenProcess
Process32NextW
GetProcessTimes
GetCurrentProcess
GetCurrentProcessId
GetExitCodeProcess
WaitForSingleObject
ReadProcessMemory
SizeofResource
LockResource
LoadResource
FindResourceW
GetWindowsDirectoryW
GetModuleHandleW
Sleep
ExitProcess
WideCharToMultiByte
MultiByteToWideChar
GetModuleFileNameW
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
OutputDebugStringW
GetCurrentThreadId
FlushFileBuffers
GetStringTypeW
InitializeCriticalSectionAndSpinCount
DecodePointer
GetCommandLineW
RtlUnwind
InitializeSListHead
QueryPerformanceCounter
WriteConsoleW
GetConsoleMode
GetConsoleOutputCP
SetFilePointerEx
CreateFileW
CloseHandle
FindNextFileW
GetStartupInfoW
DeleteFileW
RaiseException
FreeLibrary
GetProcAddress
LocalAlloc
GetLastError
LocalFree
FindResourceExW
SetStdHandle
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetOEMCP
GetACP
IsValidCodePage
FindFirstFileExW
GetTimeZoneInformation
EnumSystemLocalesW
WaitForSingleObjectEx
ResetEvent
SetEvent
IsProcessorFeaturePresent
GetUserDefaultLCID
IsValidLocale
GetTimeFormatW
GetDateFormatW
GetFileType
GetStdHandle
GetModuleHandleExW
IsDebuggerPresent
EncodePointer
SetLastError
CreateEventW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
CompareStringW
LCMapStringW
GetLocaleInfoW
GetCPInfo
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess

user32

GetForegroundWindow
EnumWindows
GetWindowThreadProcessId
GetWindowLongW
BringWindowToTop

advapi32

GetTokenInformation
RegQueryValueExW
RegOpenKeyExW
ConvertSidToStringSidW
OpenProcessToken

shell32

ShellExecuteExW
ShellExecuteW

ole32

CoCreateInstance
CoInitialize
CoUninitialize

oleaut32

VariantInit
VariantClear
SysAllocString
SysFreeString

shlwapi

ord176
PathIsUNCW

Sections

.text
Size: 286KB - Virtual size: 286KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 85KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.10.23_360-APT-C-44_NAFox/01ab2c0cfb1e59c2664dceaed4dd0eb1549490c5670779b41a44a0f98e70a97a
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Users\devil\Desktop\WindowsApplication1\WindowsApplication1\obj\Debug\system.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 75KB - Virtual size: 75KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.sdata
Size: 512B - Virtual size: 312B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.10.23_360-APT-C-44_NAFox/0411c097c4782cc546edefc9d61b8f1c5b2eb9dfd52b218d71b0379c069b073e
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Documents and Settings\Administrateur\Bureau\yo2.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 176KB - Virtual size: 175KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.10.23_360-APT-C-44_NAFox/070439ab8730f575894667f729b149c4e93d0c2cc8a39383c4f72cf11bbf78a8
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 101KB - Virtual size: 100KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.10.23_360-APT-C-44_NAFox/0b530db730a8d149cfc1cb09adfdd44bca606ba2ccf8bff978834e5355e75c7a
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Documents and Settings\Administrateur\Bureau\yo2.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 171KB - Virtual size: 170KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 571B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.10.23_360-APT-C-44_NAFox/1ade7bd06099af280d58303c74ecf505282e5682c39f9eb0cd1d56e96228c59b
.apk android

sys.power.sys

sys.power.sys.MainActivity

Activities

sys.power.sys.MainActivity

android.intent.action.MAIN

Permissions

android.permission.CAMERA
android.permission.READ_EXTERNAL_STORAGE
android.permission.WRITE_CALL_LOG
com.android.browser.permission.READ_HISTORY_BOOKMARKS
android.permission.WRITE_SETTINGS
android.permission.SYSTEM_ALERT_WINDOW
android.permission.WRITE_EXTERNAL_STORAGE
android.permission.SET_WALLPAPER
android.permission.SET_WALLPAPER_HINTS
android.permission.SEND_SMS
android.permission.RECEIVE_BOOT_COMPLETED
android.permission.KILL_BACKGROUND_PROCESSES
android.permission.VIBRATE
android.permission.CAMERA
android.permission.GET_ACCOUNTS
android.permission.WAKE_LOCK
android.permission.ACCESS_NETWORK_STATE
android.permission.WRITE_CONTACTS
android.permission.READ_CONTACTS
android.permission.WRITE_EXTERNAL_STORAGE
android.permission.RECORD_AUDIO
android.permission.READ_SMS
android.permission.ACCESS_WIFI_STATE
android.permission.CHANGE_WIFI_STATE
android.permission.READ_CALL_LOG
android.permission.INTERNET
android.permission.READ_PHONE_STATE
android.permission.CALL_PHONE
android.permission.ACCESS_COARSE_LOCATION
android.permission.ACCESS_FINE_LOCATION
android.permission.RECEIVE_SMS
android.permission.RECEIVE_BOOT_COMPLETED
android.permission.PROCESS_OUTGOING_CALLS

Receivers

sys.power.sys.BootComplete

android.intent.action.BOOT_COMPLETED

sys.power.sys.PhonecallReceiver

android.intent.action.PHONE_STATE
android.intent.action.NEW_OUTGOING_CALL

sys.power.sys.IncomingSms

android.provider.Telephony.SMS_RECEIVED

Services

sys.power.sys.NotificationService

android.service.notification.NotificationListenerService
Malware-Feed-master/2020.10.23_360-APT-C-44_NAFox/242d341e9e85dead14a2825e09c7e593f8726b1fb4d329222d1b5f9fe492d052
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Documents and Settings\Administrateur\Bureau\rexx.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 316KB - Virtual size: 315KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.10.23_360-APT-C-44_NAFox/3997892824075a9970230cb6e475c7e36d27686d8c6f37f83a3433e7ca72f851
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\Users\Administrator\Desktop\syystme - Copy\syystme\obj\Debug\syystme.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 412KB - Virtual size: 411KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.10.23_360-APT-C-44_NAFox/41848104d1fbb1512fb0ed9b64cb0f22f1a5973b1b3609b64f22f34cec57048f
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Documents and Settings\Administrateur\Bureau\yo2.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 3.5MB - Virtual size: 3.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.10.23_360-APT-C-44_NAFox/4d4daf6915e77ca514e8834ea904b6e86ff6b293d9b469f71174405b386e21b9
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Users\devil\Desktop\WindowsApplication1\WindowsApplication1\obj\Debug\system.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 75KB - Virtual size: 75KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.sdata
Size: 512B - Virtual size: 312B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.10.23_360-APT-C-44_NAFox/4f20ffedfa30f2d91f98d4e17a10869305be4e5d87fc744c4cfc9593ded954ac
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Users\deviL\Desktop\test\test\obj\Debug\test.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 33KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.sdata
Size: 512B - Virtual size: 312B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.10.23_360-APT-C-44_NAFox/4f5e43c27f8e38d37983771e3b9dc61a9bb253cea8412238bc4feef17f7568ef
.apk android

cmf0.c3b5bm90zq.patch

cmf0.c3b5bm90zq.patch.C7

Activities

cmf0.c3b5bm90zq.patch.C7

android.intent.action.MAIN

Permissions

android.permission.FLASHLIGHT
android.permission.CAMERA
android.permission.BLUETOOTH
android.permission.READ_EXTERNAL_STORAGE
android.permission.WRITE_CALL_LOG
com.android.browser.permission.READ_HISTORY_BOOKMARKS
android.permission.SYSTEM_ALERT_WINDOW
android.permission.WRITE_EXTERNAL_STORAGE
android.permission.SET_WALLPAPER
android.permission.SET_WALLPAPER_HINTS
android.permission.RECEIVE_BOOT_COMPLETED
android.permission.KILL_BACKGROUND_PROCESSES
android.permission.VIBRATE
android.permission.CAMERA
android.permission.GET_ACCOUNTS
android.permission.WAKE_LOCK
android.permission.ACCESS_NETWORK_STATE
android.permission.WRITE_CONTACTS
android.permission.READ_CONTACTS
android.permission.RECORD_AUDIO
android.permission.READ_SMS
android.permission.ACCESS_WIFI_STATE
android.permission.CHANGE_WIFI_STATE
android.permission.READ_CALL_LOG
android.permission.INTERNET
android.permission.READ_PHONE_STATE
android.permission.CALL_PHONE
android.permission.ACCESS_COARSE_LOCATION
android.permission.ACCESS_FINE_LOCATION
android.permission.RECEIVE_SMS
android.permission.GET_TASKS
android.permission.PROCESS_OUTGOING_CALLS
android.permission.BROADCAST_PACKAGE_ADDED
android.permission.BROADCAST_PACKAGE_CHANGED
android.permission.BROADCAST_PACKAGE_INSTALL
android.permission.BROADCAST_PACKAGE_REPLACED
com.sec.android.provider.badge.permission.READ
com.sec.android.provider.badge.permission.WRITE
com.htc.launcher.permission.READ_SETTINGS
com.htc.launcher.permission.UPDATE_SHORTCUT
com.sonyericsson.home.permission.BROADCAST_BADGE
com.sonymobile.home.permission.PROVIDER_INSERT_BADGE
com.anddoes.launcher.permission.UPDATE_COUNT
com.majeur.launcher.permission.UPDATE_BADGE
com.huawei.android.launcher.permission.CHANGE_BADGE
com.huawei.android.launcher.permission.READ_SETTINGS
com.huawei.android.launcher.permission.WRITE_SETTINGS
android.permission.READ_APP_BADGE
com.oppo.launcher.permission.READ_SETTINGS
com.oppo.launcher.permission.WRITE_SETTINGS
me.everything.badger.permission.BADGE_COUNT_READ
me.everything.badger.permission.BADGE_COUNT_WRITE

Receivers

cmf0.c3b5bm90zq.patch.C10

android.provider.Telephony.SMS_RECEIVED

cmf0.c3b5bm90zq.patch.C9

android.intent.action.PHONE_STATE
android.intent.action.NEW_OUTGOING_CALL

cmf0.c3b5bm90zq.patch.C13

android.intent.action.BOOT_COMPLETED

cmf0.c3b5bm90zq.patch.C4

android.intent.action.BOOT_COMPLETED

cmf0.c3b5bm90zq.patch.C2

android.app.action.DEVICE_ADMIN_ENABLED
android.app.action.DEVICE_ADMIN_DISABLE_REQUESTED
android.app.action.DEVICE_ADMIN_DISABLED

cmf0.c3b5bm90zq.patch.C3

android.intent.action.PACKAGE_ADDED
android.intent.action.PACKAGE_CHANGED
android.intent.action.PACKAGE_REMOVED
android.intent.action.PACKAGE_INSTALL

cmf0.c3b5bm90zq.patch.C8

android.intent.action.ACTION_POWER_CONNECTED
android.intent.action.ACTION_POWER_DISCONNECTED

Services

cmf0.c3b5bm90zq.patch.C1

android.accessibilityservice.AccessibilityService
Malware-Feed-master/2020.10.23_360-APT-C-44_NAFox/50eda2e7c5db3a81f2dd83dbf4c7076d19ef9dbdcecf7338960f19c876ea013a
.apk android

yps.eton.application

yps.eton.application.M

Activities

yps.eton.application.M

android.intent.action.MAIN

Permissions

android.permission.CAMERA
android.permission.BLUETOOTH
android.permission.READ_EXTERNAL_STORAGE
android.permission.WRITE_CALL_LOG
com.android.browser.permission.READ_HISTORY_BOOKMARKS
android.permission.WRITE_SETTINGS
android.permission.SYSTEM_ALERT_WINDOW
android.permission.WRITE_EXTERNAL_STORAGE
android.permission.SET_WALLPAPER
android.permission.SET_WALLPAPER_HINTS
android.permission.SEND_SMS
android.permission.RECEIVE_BOOT_COMPLETED
android.permission.KILL_BACKGROUND_PROCESSES
android.permission.VIBRATE
android.permission.CAMERA
android.permission.GET_ACCOUNTS
android.permission.WAKE_LOCK
android.permission.ACCESS_NETWORK_STATE
android.permission.WRITE_CONTACTS
android.permission.READ_CONTACTS
android.permission.RECORD_AUDIO
android.permission.READ_SMS
android.permission.ACCESS_WIFI_STATE
android.permission.CHANGE_WIFI_STATE
android.permission.READ_CALL_LOG
android.permission.INTERNET
android.permission.READ_PHONE_STATE
android.permission.CALL_PHONE
android.permission.ACCESS_COARSE_LOCATION
android.permission.ACCESS_FINE_LOCATION
android.permission.RECEIVE_SMS
android.permission.RECEIVE_BOOT_COMPLETED
android.permission.INSTALL_PACKAGES
android.permission.PROCESS_OUTGOING_CALLS

Receivers

yps.eton.application.B

android.intent.action.BOOT_COMPLETED

yps.eton.application.C

android.intent.action.PHONE_STATE
android.intent.action.NEW_OUTGOING_CALL

yps.eton.application.S

android.provider.Telephony.SMS_RECEIVED

yps.eton.application.D

android.app.action.DEVICE_ADMIN_ENABLED
android.app.action.DEVICE_ADMIN_DISABLE_REQUESTED
android.app.action.DEVICE_ADMIN_DISABLED

Services

yps.eton.application.k

android.accessibilityservice.AccessibilityService
Malware-Feed-master/2020.10.23_360-APT-C-44_NAFox/5127c48b8bf8414bde0e4f4801022e71b15066ec0175b476ea071c595ecf4b92
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 200KB - Virtual size: 199KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.10.23_360-APT-C-44_NAFox/5215fa7103a812e71ac0542bc990060d5d4ea9d1e3ced1b195b422b6585f974f
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Documents and Settings\Administrateur\Bureau\yo2.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 246KB - Virtual size: 245KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.10.23_360-APT-C-44_NAFox/56c2f9dab29619513c5d1b0cf43c78021c4ab7e5161f3ed524493977b60b2e8a
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Users\devil\Desktop\WindowsApplication1\WindowsApplication1\obj\Debug\system.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 62KB - Virtual size: 62KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.sdata
Size: 512B - Virtual size: 312B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.10.23_360-APT-C-44_NAFox/6a05848f403d2f60ab798488f5176a79be7ca51e56dd551aa0fac8bbc8a5a46e
.apk android

sys.power.sys

sys.power.sys.MainActivity

Activities

sys.power.sys.MainActivity

android.intent.action.MAIN

Permissions

android.permission.CAMERA
android.permission.READ_EXTERNAL_STORAGE
android.permission.WRITE_CALL_LOG
com.android.browser.permission.READ_HISTORY_BOOKMARKS
android.permission.WRITE_SETTINGS
android.permission.SYSTEM_ALERT_WINDOW
android.permission.WRITE_EXTERNAL_STORAGE
android.permission.SET_WALLPAPER
android.permission.SET_WALLPAPER_HINTS
android.permission.SEND_SMS
android.permission.RECEIVE_BOOT_COMPLETED
android.permission.KILL_BACKGROUND_PROCESSES
android.permission.VIBRATE
android.permission.CAMERA
android.permission.GET_ACCOUNTS
android.permission.WAKE_LOCK
android.permission.ACCESS_NETWORK_STATE
android.permission.WRITE_CONTACTS
android.permission.READ_CONTACTS
android.permission.WRITE_EXTERNAL_STORAGE
android.permission.RECORD_AUDIO
android.permission.READ_SMS
android.permission.ACCESS_WIFI_STATE
android.permission.CHANGE_WIFI_STATE
android.permission.READ_CALL_LOG
android.permission.INTERNET
android.permission.READ_PHONE_STATE
android.permission.CALL_PHONE
android.permission.ACCESS_COARSE_LOCATION
android.permission.ACCESS_FINE_LOCATION
android.permission.RECEIVE_SMS
android.permission.RECEIVE_BOOT_COMPLETED
android.permission.PROCESS_OUTGOING_CALLS

Receivers

sys.power.sys.BootComplete

android.intent.action.BOOT_COMPLETED

sys.power.sys.PhonecallReceiver

android.intent.action.PHONE_STATE
android.intent.action.NEW_OUTGOING_CALL

sys.power.sys.IncomingSms

android.provider.Telephony.SMS_RECEIVED

Services

sys.power.sys.NotificationService

android.service.notification.NotificationListenerService
Malware-Feed-master/2020.10.23_360-APT-C-44_NAFox/7265329c7d297c83cd51f0aeef53fc6936edfad2fdf18389d2f52b23ea2bac74
.exe windows:5 windows x86 arch:x86

3af3eabc24a8aeabb57fd851189b390e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

mscoree

CorBindToRuntimeEx

user32

MessageBoxA

oleaut32

SafeArrayUnlock

Sections

.text
Size: 3KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 13KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Malware-Feed-master/2020.10.23_360-APT-C-44_NAFox/81b2dd1209938c7abbd7108bc064addd8ac5e5725743403215d76f0ed0cac0e9
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Documents and Settings\Administrateur\Bureau\yo2.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 259KB - Virtual size: 259KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.10.23_360-APT-C-44_NAFox/8456be962d01eac8e2f40d0a310d767cd5ec44b28d359030b1a04ecea974979a
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Documents and Settings\Administrateur\Bureau\1830.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 204KB - Virtual size: 204KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.10.23_360-APT-C-44_NAFox/93be83a309bdf97cf8674d5f38353ef5204b28318ae59b35c3e2c8058c82b8d1
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 234KB - Virtual size: 233KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.10.23_360-APT-C-44_NAFox/95bd0a9bacbba4c538c4dcb13de6c9054897b151fd9fe18e11047e3893c83819
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Documents and Settings\Administrateur\Bureau\s.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 402KB - Virtual size: 401KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.relo
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.10.23_360-APT-C-44_NAFox/98d7b9679073126fea9b73f9303c207ef14806da6b5f866a9ca1b6bd64fa5577
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Users\devil\Desktop\WindowsApplication1\WindowsApplication1\obj\Debug\system.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 62KB - Virtual size: 62KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.sdata
Size: 512B - Virtual size: 312B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.10.23_360-APT-C-44_NAFox/9f5323456a646a80ed6d6e750d4fdcac978a124b2175c1f9882ec3eec8debe42
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 145KB - Virtual size: 145KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 8B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 41KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.10.23_360-APT-C-44_NAFox/README.md
Malware-Feed-master/2020.10.23_360-APT-C-44_NAFox/a4b02bd5709d2ecf0d97b55b5fa5ec6bb61ba7325e21a5fd662527e0c97e1b01
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 282KB - Virtual size: 281KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.10.23_360-APT-C-44_NAFox/b05570ed941da5ceeb87bcef18240090540b2c50f461f5792249f90ba99c4085
.apk android

net.droidjack.server

net.droidjack.server.MainActivity

Activities

net.droidjack.server.MainActivity

android.intent.action.MAIN

net.droidjack.server.CamSnapDJ

android.intent.action.CAMSNAPDJ

net.droidjack.server.VideoCapDJ

android.intent.action.VIDEOCAPDJ

net.droidjack.server.CamSnapDJ

android.intent.action.CAMSNAPDJ

net.droidjack.server.VideoCapDJ

android.intent.action.VIDEOCAPDJ

Permissions

android.permission.READ_SMS
android.permission.RECEIVE_SMS
android.permission.RECORD_AUDIO
android.permission.READ_EXTERNAL_STORAGE
android.permission.WRITE_EXTERNAL_STORAGE
android.permission.ACCESS_WIFI_STATE
android.permission.READ_PHONE_STATE
android.permission.WRITE_SMS
android.permission.ACCESS_FINE_LOCATION
android.permission.ACCESS_NETWORK_STATE
android.permission.CAMERA
android.permission.WRITE_CONTACTS
android.permission.READ_CONTACTS
android.permission.SEND_SMS
android.permission.READ_CALL_LOG
android.permission.WRITE_CALL_LOG
com.android.browser.permission.READ_HISTORY_BOOKMARKS
android.permission.RECEIVE_BOOT_COMPLETED
android.permission.WAKE_LOCK
android.permission.CALL_PHONE
android.permission.GET_TASKS
android.permission.CHANGE_NETWORK_STATE
android.permission.CHANGE_WIFI_STATE
android.permission.INTERNET

Receivers

net.droidjack.server.Connector

android.net.conn.CONNECTIVITY_CHANGE
android.intent.action.BOOT_COMPLETED

net.droidjack.server.CallListener

android.intent.action.PHONE_STATE

net.droidjack.server.Connector

android.net.conn.CONNECTIVITY_CHANGE
android.intent.action.BOOT_COMPLETED

net.droidjack.server.CallListener

android.intent.action.PHONE_STATE

Services
Malware-Feed-master/2020.10.23_360-APT-C-44_NAFox/b85c4824afa17d5b2d2f075be00fd90b3a1b79a1a197c44a34486a68678ff5a9
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 5.4MB - Virtual size: 5.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.10.23_360-APT-C-44_NAFox/b9ec260db4481181e2d75ee45be3e4fc97557024a3de639325c2e90f35a77142
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Documents and Settings\Administrateur\Bureau\5552.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 269KB - Virtual size: 268KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.10.23_360-APT-C-44_NAFox/c77a066c9774e12d6a49589196463c1c96244225dde6b3a6f5af1b7dac34f46c
.apk android

cmf0.c3b5bm90zq.patch

cmf0.c3b5bm90zq.patch.C7

Activities

cmf0.c3b5bm90zq.patch.C7

android.intent.action.MAIN

Permissions

android.permission.FLASHLIGHT
android.permission.CAMERA
android.permission.BLUETOOTH
android.permission.READ_EXTERNAL_STORAGE
android.permission.WRITE_CALL_LOG
com.android.browser.permission.READ_HISTORY_BOOKMARKS
android.permission.SYSTEM_ALERT_WINDOW
android.permission.WRITE_EXTERNAL_STORAGE
android.permission.SET_WALLPAPER
android.permission.SET_WALLPAPER_HINTS
android.permission.RECEIVE_BOOT_COMPLETED
android.permission.KILL_BACKGROUND_PROCESSES
android.permission.VIBRATE
android.permission.CAMERA
android.permission.GET_ACCOUNTS
android.permission.WAKE_LOCK
android.permission.ACCESS_NETWORK_STATE
android.permission.WRITE_CONTACTS
android.permission.READ_CONTACTS
android.permission.RECORD_AUDIO
android.permission.READ_SMS
android.permission.ACCESS_WIFI_STATE
android.permission.CHANGE_WIFI_STATE
android.permission.READ_CALL_LOG
android.permission.INTERNET
android.permission.READ_PHONE_STATE
android.permission.CALL_PHONE
android.permission.ACCESS_COARSE_LOCATION
android.permission.ACCESS_FINE_LOCATION
android.permission.RECEIVE_SMS
android.permission.GET_TASKS
android.permission.PROCESS_OUTGOING_CALLS
android.permission.BROADCAST_PACKAGE_ADDED
android.permission.BROADCAST_PACKAGE_CHANGED
android.permission.BROADCAST_PACKAGE_INSTALL
android.permission.BROADCAST_PACKAGE_REPLACED
com.sec.android.provider.badge.permission.READ
com.sec.android.provider.badge.permission.WRITE
com.htc.launcher.permission.READ_SETTINGS
com.htc.launcher.permission.UPDATE_SHORTCUT
com.sonyericsson.home.permission.BROADCAST_BADGE
com.sonymobile.home.permission.PROVIDER_INSERT_BADGE
com.anddoes.launcher.permission.UPDATE_COUNT
com.majeur.launcher.permission.UPDATE_BADGE
com.huawei.android.launcher.permission.CHANGE_BADGE
com.huawei.android.launcher.permission.READ_SETTINGS
com.huawei.android.launcher.permission.WRITE_SETTINGS
android.permission.READ_APP_BADGE
com.oppo.launcher.permission.READ_SETTINGS
com.oppo.launcher.permission.WRITE_SETTINGS
me.everything.badger.permission.BADGE_COUNT_READ
me.everything.badger.permission.BADGE_COUNT_WRITE

Receivers

cmf0.c3b5bm90zq.patch.C10

android.provider.Telephony.SMS_RECEIVED

cmf0.c3b5bm90zq.patch.C9

android.intent.action.PHONE_STATE
android.intent.action.NEW_OUTGOING_CALL

cmf0.c3b5bm90zq.patch.C13

android.intent.action.BOOT_COMPLETED

cmf0.c3b5bm90zq.patch.C4

android.intent.action.BOOT_COMPLETED

cmf0.c3b5bm90zq.patch.C2

android.app.action.DEVICE_ADMIN_ENABLED
android.app.action.DEVICE_ADMIN_DISABLE_REQUESTED
android.app.action.DEVICE_ADMIN_DISABLED

cmf0.c3b5bm90zq.patch.C3

android.intent.action.PACKAGE_ADDED
android.intent.action.PACKAGE_CHANGED
android.intent.action.PACKAGE_REMOVED
android.intent.action.PACKAGE_INSTALL

cmf0.c3b5bm90zq.patch.C8

android.intent.action.ACTION_POWER_CONNECTED
android.intent.action.ACTION_POWER_DISCONNECTED

Services

cmf0.c3b5bm90zq.patch.C1

android.accessibilityservice.AccessibilityService
Malware-Feed-master/2020.10.23_360-APT-C-44_NAFox/c88b3b1eb6d7d4b7b386ac6fead82c5b1ffb6e8ec7f40fd4961721b58a19ea6a
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Documents and Settings\Administrateur\Bureau\yo2.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 3.5MB - Virtual size: 3.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.10.23_360-APT-C-44_NAFox/db7c6c6ff312a474f8c23ebb08529cdb9863405ba2f8e9da397b31235f2a0d2a
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\Users\Administrator\Desktop\syystme\syystme\obj\Debug\syystme.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 412KB - Virtual size: 411KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.10.23_360-APT-C-44_NAFox/ded908c0f4dd81d08f81c7ce6f0287d124ec9a7c6590f4aa883616f63edfebc7
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 274KB - Virtual size: 274KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.10.23_360-APT-C-44_NAFox/e1c54f2073066798dbf4d5528ddb48867935ed7ee3180f13a479ff57254fa1f2
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\Users\devil\Desktop\ART\ART\obj\Debug\ART.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.10.23_360-APT-C-44_NAFox/e847d2d5f1f6b6ca6b574affd71ee7f92dd5ac88198714258b79f63c2a9cdbc4
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Documents and Settings\Administrateur\Bureau\z.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 262KB - Virtual size: 262KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.10.23_360-APT-C-44_NAFox/ea04e170198c09cd049ad24a1f16de2fd0be4f3037665125241456ecdda36e59
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Documents and Settings\Administrateur\Bureau\rexx.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 316KB - Virtual size: 315KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.10.23_360-APT-C-44_NAFox/efcad311b4ef1112d06734c21273276e043036cd846f48c1e71db6e6576879c3
.exe windows:4 windows x86 arch:x86

4d17be67c8d0394c5c1b8e725359ed89

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetFileTime
CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetFileSize
GetModuleFileNameA
GetTickCount
GetCurrentProcess
CopyFileA
CloseHandle
GetWindowsDirectoryA
GetTempPathA
GetCommandLineA
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
CreateFileA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
SetErrorMode
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
MulDiv
ReadFile
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
ExitProcess

user32

EndDialog
ScreenToClient
GetWindowRect
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
RegisterClassA
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxA
CharPrevA
DispatchMessageA
PeekMessageA
CreateDialogParamA
DestroyWindow
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
ShowWindow
SendMessageTimeoutA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
TrackPopupMenu
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
wsprintfA

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 152KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 32KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.10.23_360-APT-C-44_NAFox/fe0b99ab0c9407633a96ee5ac25e2ac5505b4dabc597741b12aeea0653feacc5
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 576B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.10.23_360-APT-C-44_NAFox/febaf8ae20e133e5b4fd503d7f5097bbabe0f8d4664a951a8630f2e929b916e5
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 3.5MB - Virtual size: 3.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.10.26.Drweb-ShadowPad_APT_backdoor_PlugX/2c4bab3df593ba1d36894e3d911de51d76972b6504d94be22d659cff1325822e
.dll windows:4 windows x86 arch:x86

6ab037e27bd75fb53ea9a80c7fbec1aa

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

user32

GetWindowTextA
GetForegroundWindow
DefWindowProcA
CloseDesktop
SetThreadDesktop
OpenInputDesktop
GetUserObjectInformationA
wsprintfA
DispatchMessageA
TranslateMessage
GetMessageA
CreateWindowExA
RegisterClassA
LoadCursorA
LoadIconA
OpenDesktopA
MessageBoxA
GetThreadDesktop
PostQuitMessage

gdi32

GetStockObject

advapi32

SetSecurityDescriptorDacl
RegCreateKeyA
RegSetValueExA
RegCloseKey
ConvertStringSecurityDescriptorToSecurityDescriptorA
OpenProcessToken
GetTokenInformation
LookupAccountSidA
GetUserNameA
LookupAccountNameA
GetFileSecurityA
GetSecurityDescriptorDacl
GetAclInformation
GetAce
EqualSid
AddAce
GetSecurityDescriptorControl
SetFileSecurityA
InitializeSecurityDescriptor
AllocateAndInitializeSid
GetLengthSid
InitializeAcl
FreeSid
AddAccessAllowedAce

shell32

SHGetSpecialFolderPathA

ole32

CoCreateGuid

ws2_32

inet_addr
WSAStartup
send
recv
closesocket
setsockopt
connect
socket
htons
inet_ntoa
gethostbyname
listen
bind
getpeername
getsockname
ntohs
select
sendto
recvfrom
accept

kernel32

LoadLibraryA
lstrcmpiA
GetCurrentThreadId
SetEvent
WaitForSingleObject
CreateEventA
FreeLibrary
GetProcAddress
GetModuleHandleA
WideCharToMultiByte
MultiByteToWideChar
GetCurrentProcess
SetFileAttributesA
CreateDirectoryA
ExitProcess
OpenEventA
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
WriteFile
DeleteFileA
GetStartupInfoA
GetTempPathA
CreateFileA
GetLastError
GetFileSize
GetSystemDefaultLangID
SetFilePointer
LocalFree
RaiseException
InterlockedExchange
LocalAlloc
VirtualQueryEx
ReadProcessMemory
CreateProcessA
VirtualProtectEx
VirtualAllocEx
WriteProcessMemory
ResumeThread
ReadFile
GetWindowsDirectoryA
GetVersionExA
GetModuleFileNameA
GetTickCount
Sleep
HeapFree
HeapAlloc
GetProcessHeap
CloseHandle
lstrlenA

msvcrt

_strlwr
??3@YAXPAX@Z
__CxxFrameHandler
_except_handler3
strcmp
memset
memcpy
_beginthreadex
strcat
strlen
memcmp
strchr
strcpy
strrchr
sprintf
strstr
exit
_mbsstr
_mbslwr
__dllonexit
_onexit
free
_initterm
malloc
_adjust_fdiv
_stricmp
??2@YAPAXI@Z

netapi32

NetUserGetLocalGroups
NetApiBufferFree

Exports

Exports

mystart

Sections

.text
Size: 125KB - Virtual size: 124KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.didat
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.10.26.Drweb-ShadowPad_APT_backdoor_PlugX/32e95d80f96dae768a82305be974202f1ac8fcbcb985e3543f29797396454bd1
.dll windows:4 windows x86 arch:x86

bfcfee6374e8349498264cac2593eb98

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

ExitProcess
Sleep
GetCommandLineA
GetVersion
TerminateProcess
GetCurrentProcess
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
GetLastError
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
GetModuleHandleA
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
HeapFree
WriteFile
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
HeapAlloc
GetCPInfo
GetACP
GetOEMCP
VirtualAlloc
HeapReAlloc
GetProcAddress
LoadLibraryA
RtlUnwind
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
InterlockedDecrement
InterlockedIncrement

Sections

.text
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.10.26.Drweb-ShadowPad_APT_backdoor_PlugX/3ff98ed63e3612e56be10e0c22b26fc1069f85852ea1c0b306e4c6a8447c546a
.dll windows:4 windows x86 arch:x86

52a33cf5f31e901442db34aff1ee11f6

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

ExitProcess
GetSystemTime
Sleep
GetStringTypeW
GetStringTypeA
GetCommandLineA
GetVersion
TerminateProcess
GetCurrentProcess
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
TlsGetValue
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
HeapFree
WriteFile
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
HeapAlloc
GetCPInfo
GetACP
GetOEMCP
VirtualAlloc
HeapReAlloc
GetProcAddress
LoadLibraryA
MultiByteToWideChar
LCMapStringA
LCMapStringW
RtlUnwind

user32

GetDesktopWindow

Sections

.text
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.10.26.Drweb-ShadowPad_APT_backdoor_PlugX/4f51eb7829b97d4a5ba5cdc9d909f484a0e412340fc68d3cad0e1f2e8972640d
.dll windows:6 windows x86 arch:x86

39867afa6c9d90c691e5c1a9fdda5592

Code Sign

04:44:c0
Certificate

Issuer

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

22-10-2008 12:07

Not After

31-12-2029 12:07

Subject

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

6e:a1:d4:94:5f:0e:69:e9:d6:f1:48:2c:58:6a:71:af
Certificate

Issuer

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

17-04-2018 08:20

Not After

18-05-2027 08:20

Subject

CN=WoTrus Code Signing CA,O=WoTrus CA Limited,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

4e:20:0b:90:a5:d6:c3:26:0d:6e:65:3e:05:2e:93:fb
Certificate

Issuer

CN=WoTrus Code Signing CA,O=WoTrus CA Limited,C=CN

Not Before

08-05-2019 10:12

Not After

07-05-2020 10:12

Subject

CN=四川奇雨网络科技有限公司,O=四川奇雨网络科技有限公司,L=成都市,ST=四川省,C=CN,1.2.840.113549.1.9.1=#0c103437313935363437364071712e636f6d

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

09:c0:fc:46:c8:04:42:13:b5:59:8b:af:28:4f:4e:41
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

04-01-2017 00:00

Not After

18-01-2028 00:00

Subject

CN=DigiCert SHA2 Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07-01-2016 12:00

Not After

07-01-2031 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

3f:d4:79:05:9c:d7:34:2a:7f:53:d0:15:f2:59:6c:2b:51:8c:c1:9d:ad:3a:2a:39:c0:e5:9c:f4:68:75:55:21
Signer

Actual PE Digest

3f:d4:79:05:9c:d7:34:2a:7f:53:d0:15:f2:59:6c:2b:51:8c:c1:9d:ad:3a:2a:39:c0:e5:9c:f4:68:75:55:21

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\Users\Administrator\Desktop\Fun\bin\Win32\Release\winsafe.pdb

Imports

kernel32

GetVolumeInformationA
lstrcatA
Sleep
CreateFileA
LoadLibraryA
GetVersionExA
lstrcpyA
CloseHandle
GetSystemInfo
GetLogicalDriveStringsA
GetProcAddress
GlobalLock
GetStartupInfoA
GlobalMemoryStatusEx
CreateProcessA
GetDiskFreeSpaceExA
FormatMessageA
GlobalUnlock
GetComputerNameA
SetConsoleCtrlHandler
GetStdHandle
FindClose
CreateFileW
GetCurrentProcessId
SystemTimeToFileTime
FreeLibrary
GetSystemTime
AreFileApisANSI
TryEnterCriticalSection
HeapCreate
EnterCriticalSection
GetFullPathNameW
GetDiskFreeSpaceW
OutputDebugStringA
LockFile
LeaveCriticalSection
InitializeCriticalSection
SetFilePointer
GetFullPathNameA
SetEndOfFile
UnlockFileEx
GetTempPathW
CreateMutexW
WaitForSingleObject
GetFileAttributesW
GetCurrentThreadId
UnmapViewOfFile
HeapValidate
GetTempPathA
FormatMessageW
GetDiskFreeSpaceA
GetFileAttributesA
GetFileAttributesExW
OutputDebugStringW
FlushViewOfFile
WaitForSingleObjectEx
DeleteFileW
LoadLibraryW
HeapCompact
UnlockFile
LocalFree
LockFileEx
GetFileSize
GetSystemTimeAsFileTime
CreateFileMappingW
MapViewOfFile
QueryPerformanceCounter
GetTickCount
CreateMutexA
GetFileInformationByHandle
GetLocalTime
GetFileType
GetModuleHandleA
GlobalMemoryStatus
FindResourceExW
SetLastError
HeapAlloc
WriteConsoleW
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
GetACP
IsValidCodePage
ReadConsoleInputW
SetConsoleMode
SetStdHandle
GetCurrentDirectoryW
ExpandEnvironmentStringsA
CreatePipe
GetDriveTypeA
WriteFile
GetCurrentProcess
GetModuleFileNameA
ReadFile
SystemTimeToTzSpecificLocalTime
WideCharToMultiByte
GetProcessHeap
DeleteCriticalSection
CreateThread
RaiseException
HeapReAlloc
Process32Next
DeleteFileA
LockResource
FileTimeToSystemTime
GetLastError
CopyFileA
MultiByteToWideChar
CreateToolhelp32Snapshot
HeapSize
OpenProcess
MoveFileExW
ReadConsoleW
GetTimeZoneInformation
GetConsoleMode
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetTimeFormatW
GetDateFormatW
SetFilePointerEx
GetFileSizeEx
GetConsoleCP
PeekNamedPipe
GetDriveTypeW
ExitProcess
GetModuleHandleExW
ExitThread
FindNextFileW
FindFirstFileExW
RtlUnwind
UnregisterWaitEx
QueryDepthSList
InterlockedFlushSList
InterlockedPushEntrySList
InterlockedPopEntrySList
ReleaseSemaphore
DuplicateHandle
VirtualFree
VirtualProtect
HeapDestroy
FlushFileBuffers
DecodePointer
VirtualAlloc
GetVersionExW
LoadLibraryExW
GetModuleFileNameW
FreeLibraryAndExitThread
GetThreadTimes
GetCurrentThread
UnregisterWait
RegisterWaitForSingleObject
SetThreadAffinityMask
GetProcessAffinityMask
GetNumaHighestNodeNumber
DeleteTimerQueueTimer
ChangeTimerQueueTimer
CreateTimerQueueTimer
GetLogicalProcessorInformation
GetThreadPriority
SetThreadPriority
FindResourceW
LoadResource
SignalObjectAndWait
CreateTimerQueue
InitializeSListHead
GetStartupInfoW
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
ResetEvent
SetEvent
InitializeCriticalSectionEx
HeapFree
Process32First
FlushConsoleInputBuffer
SizeofResource
QueryPerformanceFrequency
SwitchToThread
InitializeCriticalSectionAndSpinCount
CreateEventW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleW
EncodePointer
CompareStringW
LCMapStringW
GetLocaleInfoW
GetStringTypeW
GetCPInfo
IsDebuggerPresent

user32

GetForegroundWindow
GetUserObjectInformationW
MessageBoxA
GetDesktopWindow
GetWindowThreadProcessId
GetKeyState
GetWindowTextW
ReleaseDC
GetClipboardData
GetSystemMetrics
GetAsyncKeyState
OpenClipboard
CloseClipboard
GetWindowTextA
GetProcessWindowStation

gdi32

SelectObject
DeleteObject
DeleteDC
BitBlt
CreateCompatibleBitmap
CreateDCA
CreateCompatibleDC
GetDIBits
GetDeviceCaps

advapi32

RegCloseKey
GetUserNameA
LookupPrivilegeValueA
AdjustTokenPrivileges
RegEnumKeyExA
ReportEventA
RegisterEventSourceA
DeregisterEventSource
OpenProcessToken
RegQueryValueExA
RegQueryInfoKeyA
RegOpenKeyExA

shell32

ShellExecuteA
SHGetSpecialFolderPathA

ole32

CoUninitialize
CoInitialize
CoCreateInstance

oleaut32

SysFreeString

ws2_32

inet_pton
getaddrinfo
recv
inet_addr
socket
connect
inet_ntoa
recvfrom
htons
select
sendto
WSAStartup
getnameinfo
setsockopt
getprotobyname
gethostbyname
ntohs
send
getsockname
closesocket
__WSAFDIsSet
WSACleanup
freeaddrinfo
WSAGetLastError
shutdown
WSASetLastError
ioctlsocket

iphlpapi

if_nametoindex
GetAdaptersInfo

shlwapi

PathFileExistsA

wininet

FindNextUrlCacheEntryA
FindFirstUrlCacheEntryA
FindCloseUrlCache

gdiplus

GdipGetImageEncoders
GdipGetImageEncodersSize
GdipSaveImageToFile
GdipFree
GdipCloneImage
GdipAlloc
GdiplusStartup
GdipDisposeImage
GdipCreateBitmapFromFileICM

dnsapi

DnsQuery_UTF8
DnsFree

secur32

AcquireCredentialsHandleW
FreeCredentialsHandle
InitializeSecurityContextW
FreeContextBuffer
EncryptMessage
QueryContextAttributesW
InitializeSecurityContextA
DecryptMessage
DeleteSecurityContext

crypt32

CertNameToStrA
CertFreeCertificateChain
CertVerifyCertificateChainPolicy
CertGetCertificateChain

Sections

.text
Size: 2.0MB - Virtual size: 2.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 441KB - Virtual size: 440KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 62KB - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 89KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.10.26.Drweb-ShadowPad_APT_backdoor_PlugX/8510fc293227ea7b7d4b20073302e015b616aa8af90d30549b5b118034036111
.exe windows:5 windows x86 arch:x86

027ea80e8125c6dda271246922d4c3b0

Code Sign

4e:20:0b:90:a5:d6:c3:26:0d:6e:65:3e:05:2e:93:fb
Certificate

Issuer

CN=WoTrus Code Signing CA,O=WoTrus CA Limited,C=CN

Not Before

08-05-2019 10:12

Not After

07-05-2020 10:12

Subject

CN=四川奇雨网络科技有限公司,O=四川奇雨网络科技有限公司,L=成都市,ST=四川省,C=CN,1.2.840.113549.1.9.1=#0c103437313935363437364071712e636f6d

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

a5:ce:d9:f4:e0:1f:8b:a9:a8:c1:98:43:fa:3f:f4:dc:7a:d8:ab:40:b1:5b:58:a4:66:68:24:3e:3d:f3:c7:59
Signer

Actual PE Digest

a5:ce:d9:f4:e0:1f:8b:a9:a8:c1:98:43:fa:3f:f4:dc:7a:d8:ab:40:b1:5b:58:a4:66:68:24:3e:3d:f3:c7:59

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\Projects\WinRAR\sfx\build\sfxrar32\Release\sfxrar.pdb

Imports

kernel32

GetLastError
SetLastError
GetCurrentProcess
DeviceIoControl
SetFileTime
CloseHandle
CreateDirectoryW
RemoveDirectoryW
CreateFileW
DeleteFileW
CreateHardLinkW
GetShortPathNameW
GetLongPathNameW
MoveFileW
GetFileType
GetStdHandle
WriteFile
ReadFile
FlushFileBuffers
SetEndOfFile
SetFilePointer
SetFileAttributesW
GetFileAttributesW
FindClose
FindFirstFileW
FindNextFileW
GetVersionExW
GetCurrentDirectoryW
GetFullPathNameW
FoldStringW
GetModuleFileNameW
GetModuleHandleW
FindResourceW
FreeLibrary
GetProcAddress
GetCurrentProcessId
ExitProcess
SetThreadExecutionState
Sleep
LoadLibraryW
GetSystemDirectoryW
CompareStringW
AllocConsole
FreeConsole
AttachConsole
WriteConsoleW
GetProcessAffinityMask
CreateThread
SetThreadPriority
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
SetEvent
ResetEvent
ReleaseSemaphore
WaitForSingleObject
CreateEventW
CreateSemaphoreW
GetSystemTime
SystemTimeToTzSpecificLocalTime
TzSpecificLocalTimeToSystemTime
SystemTimeToFileTime
FileTimeToLocalFileTime
LocalFileTimeToFileTime
FileTimeToSystemTime
GetCPInfo
IsDBCSLeadByte
MultiByteToWideChar
WideCharToMultiByte
GlobalAlloc
GetTickCount
SetCurrentDirectoryW
GetExitCodeProcess
GetLocalTime
MapViewOfFile
UnmapViewOfFile
CreateFileMappingW
OpenFileMappingW
GetCommandLineW
SetEnvironmentVariableW
ExpandEnvironmentStringsW
GetTempPathW
MoveFileExW
GetLocaleInfoW
GetTimeFormatW
GetDateFormatW
GetNumberFormatW
RaiseException
GetSystemInfo
VirtualProtect
VirtualQuery
LoadLibraryExA
IsProcessorFeaturePresent
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
QueryPerformanceCounter
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
TerminateProcess
RtlUnwind
EncodePointer
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
QueryPerformanceFrequency
GetModuleHandleExW
GetModuleFileNameA
GetACP
HeapFree
HeapAlloc
HeapReAlloc
GetStringTypeW
LCMapStringW
FindFirstFileExA
FindNextFileA
IsValidCodePage
GetOEMCP
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetProcessHeap
SetStdHandle
HeapSize
GetConsoleCP
GetConsoleMode
SetFilePointerEx
DecodePointer

Sections

.text
Size: 184KB - Virtual size: 184KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 38KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 124KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 232B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.10.26.Drweb-ShadowPad_APT_backdoor_PlugX/9135cdfd09a08435d344cf4470335e6d5577e250c2f00017aa3ab7a9be3756b3
.dll windows:4 windows x86 arch:x86

89137f682b411579934939bf1946193a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CloseHandle
ReadFile
VirtualAlloc
GetFileSize
CreateFileA
GetModuleFileNameA
GetStringTypeW
GetStringTypeA
GetCommandLineA
GetVersion
ExitProcess
TerminateProcess
GetCurrentProcess
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
TlsGetValue
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
HeapFree
WriteFile
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
HeapAlloc
GetCPInfo
GetACP
GetOEMCP
HeapReAlloc
GetProcAddress
LoadLibraryA
MultiByteToWideChar
LCMapStringA
LCMapStringW
RtlUnwind

user32

MessageBoxA

Sections

.text
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.10.26.Drweb-ShadowPad_APT_backdoor_PlugX/README.md
Malware-Feed-master/2020.10.26.Drweb-ShadowPad_APT_backdoor_PlugX/ac6938e03f2a076152ee4ce23a39a0bfcd676e4f0b031574d442b6e2df532646
.dll windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

SetTosBtKbdHook
UnHookTosBtKbd

Sections

.nsp0
Size: - Virtual size: 140KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.nsp1
Size: 105KB - Virtual size: 108KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.nsp2
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Malware-Feed-master/2020.10.26.Drweb-ShadowPad_APT_backdoor_PlugX/b8a13c2a4e09e04487309ef10e4a8825d08e2cd4112846b3ebda17e013c97339
.dll windows:5 windows x86 arch:x86

7224eb0a83e41d535175f455404ed7f5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrcpyW
UnmapViewOfFile
SetErrorMode
GetExitCodeThread
VirtualFreeEx
VirtualProtectEx
ResumeThread
VirtualQueryEx
QueryDosDeviceW
GetDriveTypeW
GetVolumeInformationW
GetDiskFreeSpaceExW
FindFirstFileW
FindClose
FindNextFileW
SetFilePointer
SetEndOfFile
FlushFileBuffers
SetFileTime
GetFileTime
CreateDirectoryW
ExpandEnvironmentStringsW
GetModuleHandleA
lstrcpynW
GetLocalTime
GetProcessHeap
HeapFree
lstrcpynA
GetCurrentThreadId
SystemTimeToFileTime
CreateNamedPipeW
ConnectNamedPipe
GetOverlappedResult
DeleteFileW
FreeConsole
GetConsoleOutputCP
GetConsoleWindow
AllocConsole
SetConsoleCtrlHandler
SetConsoleScreenBufferSize
GetStdHandle
WriteConsoleInputW
GenerateConsoleCtrlEvent
GetConsoleMode
GetConsoleDisplayMode
GetConsoleCursorInfo
GetConsoleScreenBufferInfo
ReadConsoleOutputW
GlobalFree
GetSystemDirectoryW
GetWindowsDirectoryW
GetModuleFileNameW
GetModuleHandleW
MapViewOfFile
ProcessIdToSessionId
QueryPerformanceFrequency
ResetEvent
DisconnectNamedPipe
ExitThread
QueueUserAPC
OpenThread
LocalAlloc
WriteProcessMemory
ReadProcessMemory
GetVersionExW
SetUnhandledExceptionFilter
DeleteCriticalSection
InitializeCriticalSection
WideCharToMultiByte
lstrlenW
WriteFile
SetFileAttributesW
ReadFile
GetFileSize
CreateFileW
GetPrivateProfileStringW
GetFileAttributesW
lstrcmpiA
QueryPerformanceCounter
LeaveCriticalSection
EnterCriticalSection
CreateProcessW
ExitProcess
TerminateProcess
Sleep
GetCurrentProcessId
lstrcmpiW
LocalFree
GetCommandLineW
LoadLibraryA
GetCurrentProcess
DuplicateHandle
OpenProcess
CreateMutexW
CloseHandle
WaitForSingleObject
SetEvent
CreateThread
CreateEventW
VirtualProtect
GetLastError
GetProcAddress
lstrlenA
OpenFileMappingW
GetSystemDefaultLCID
GetSystemInfo
GetSystemTime
GlobalMemoryStatus
lstrcmpW
WaitForMultipleObjects
GetTickCount
CreateRemoteThread
VirtualAllocEx
GetComputerNameW
RemoveDirectoryW
lstrcpyA
MultiByteToWideChar
VirtualFree
GetConsoleCP
VirtualAlloc
IsProcessorFeaturePresent

user32

wsprintfA
ShowWindow
PostMessageA
CloseWindowStation
SetThreadDesktop
GetThreadDesktop
OpenInputDesktop
SetProcessWindowStation
GetProcessWindowStation
OpenWindowStationW
keybd_event
mouse_event
SetCursorPos
SetCapture
WindowFromPoint
DestroyCursor
LoadCursorW
DestroyIcon
GetIconInfo
MessageBoxW
ExitWindowsEx
GetKeyState
GetAsyncKeyState
GetClassNameW
GetWindowTextW
GetCursorPos
GetForegroundWindow
PostQuitMessage
CallNextHookEx
UnhookWindowsHookEx
KillTimer
DispatchMessageW
TranslateMessage
GetMessageW
SetWindowsHookExW
SetTimer
CreateWindowExW
CloseDesktop
CreateDesktopW
GetSystemMetrics
wsprintfW
GetWindowThreadProcessId
FindWindowW

gdi32

CreateDIBSection
CreateCompatibleDC
CreateCompatibleBitmap
GdiFlush
BitBlt
GetDeviceCaps
DeleteDC
DeleteObject
GetDIBits
CreateDCW
SelectObject

advapi32

RevertToSelf
RegOverridePredefKey
RegOpenCurrentUser
ImpersonateLoggedOnUser
OpenSCManagerW
OpenServiceW
CreateServiceW
ChangeServiceConfig2W
StartServiceW
CloseServiceHandle
QueryServiceStatusEx
DeleteService
AllocateAndInitializeSid
GetLengthSid
InitializeAcl
AddAccessAllowedAce
GetAce
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
FreeSid
InitiateSystemShutdownA
RegOpenKeyExW
RegCreateKeyExW
RegSetValueExW
RegEnumKeyExW
RegQueryValueExW
EnumServicesStatusExW
QueryServiceConfigW
QueryServiceConfig2W
ControlService
ChangeServiceConfigW
OpenProcessToken
GetTokenInformation
EqualSid
RegDeleteValueW
LookupPrivilegeValueW
AdjustTokenPrivileges
GetUserNameW
LookupAccountSidW
StartServiceCtrlDispatcherW
RegisterServiceCtrlHandlerW
SetServiceStatus
DuplicateTokenEx
SetTokenInformation
CreateProcessAsUserW
RegEnumValueW
RegCloseKey

Sections

Size: 121KB - Virtual size: 120KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 512B - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.10.26.Drweb-ShadowPad_APT_backdoor_PlugX/c59509018bbbe5482452a205513a2eb5d86004369309818ece7eba7a462ef854
.dll windows:5 windows x86 arch:x86

e495e93b7afed3623cf97136a990a392

Code Sign

4e:20:0b:90:a5:d6:c3:26:0d:6e:65:3e:05:2e:93:fb
Certificate

Issuer

CN=WoTrus Code Signing CA,O=WoTrus CA Limited,C=CN

Not Before

08-05-2019 10:12

Not After

07-05-2020 10:12

Subject

CN=四川奇雨网络科技有限公司,O=四川奇雨网络科技有限公司,L=成都市,ST=四川省,C=CN,1.2.840.113549.1.9.1=#0c103437313935363437364071712e636f6d

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

94:1d:d2:23:06:a0:b6:81:33:33:56:e8:37:47:3d:9d:3d:90:2a:4e:e8:3b:14:2e:5f:2d:fd:b7:37:ed:c3:7f
Signer

Actual PE Digest

94:1d:d2:23:06:a0:b6:81:33:33:56:e8:37:47:3d:9d:3d:90:2a:4e:e8:3b:14:2e:5f:2d:fd:b7:37:ed:c3:7f

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

Sleep
lstrlenW
GetProcAddress
VirtualAlloc
lstrcmpiW
GetModuleHandleA
CloseHandle
GetCurrentThreadId
DecodePointer
GetCommandLineA
EncodePointer
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
GetModuleHandleW
SetLastError
GetLastError
InterlockedDecrement
HeapFree
ExitProcess
SetHandleCount
GetStdHandle
InitializeCriticalSectionAndSpinCount
GetFileType
GetStartupInfoW
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapCreate
HeapDestroy
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
LeaveCriticalSection
EnterCriticalSection
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
HeapAlloc
HeapReAlloc
LoadLibraryW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
TerminateProcess
GetCurrentProcess
WriteFile
GetModuleFileNameW
RtlUnwind
LCMapStringW
MultiByteToWideChar
GetStringTypeW
HeapSize
IsProcessorFeaturePresent

Exports

Exports

SetTosBt
SetTosBtKbd
SetTosBtKbdHook
UnHook
UnHookTosBt
UnHookTosBtKbd

Sections

.text
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 30KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.10.26.Drweb-ShadowPad_APT_backdoor_PlugX/fc117650688065deeb54e686f873359c2a56d23165567ab3f2a3b62498199fa9
.dll windows:5 windows x86 arch:x86

51977c635ef46bddc36607fe831b7be2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

VirtualAlloc
GetModuleHandleA
VirtualProtect
HeapSize
GetStringTypeW
GetCurrentThreadId
DecodePointer
GetCommandLineA
EncodePointer
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
GetModuleHandleW
SetLastError
GetLastError
InterlockedDecrement
GetProcAddress
HeapFree
Sleep
ExitProcess
SetHandleCount
GetStdHandle
InitializeCriticalSectionAndSpinCount
GetFileType
GetStartupInfoW
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapCreate
HeapDestroy
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
LeaveCriticalSection
EnterCriticalSection
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
HeapAlloc
HeapReAlloc
LoadLibraryW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
TerminateProcess
GetCurrentProcess
WriteFile
GetModuleFileNameW
RtlUnwind
LCMapStringW
MultiByteToWideChar
IsProcessorFeaturePresent

user32

GetForegroundWindow

Sections

.text
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 151KB - Virtual size: 150KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.10.29_CISA-MAR-10310246_Powershell_Backdoor/00352afc7e7863530e4d68be35ae8b60261fc57560167645697b7bfc0ac0e93d
.dll windows:5 windows x86 arch:x86

87ab41c57e95562a3e81f0609398b278

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetProcAddress
GetModuleHandleW

Exports

Exports

_test@4

Sections

.text
Size: 48KB - Virtual size: 48KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.10.29_CISA-MAR-10310246_Powershell_Backdoor/134919151466c9292bdcb7c24c32c841a5183d880072b0ad5e8b3a3a830afef8
.ps1
Malware-Feed-master/2020.10.29_CISA-MAR-10310246_Powershell_Backdoor/166b1fb3d34b32f1807c710aaa435d181aedbded1e7b4539ffa931c2b2cdd405
.dll windows:5 windows x64 arch:x64

87ab41c57e95562a3e81f0609398b278

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

GetProcAddress
GetModuleHandleW

Exports

Exports

test

Sections

.text
Size: 59KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.10.29_CISA-MAR-10310246_Powershell_Backdoor/44d6d67b5328a4d73f72d8a0f9d39fe4bb6539609f90f169483936a8b3b88316
.dll windows:5 windows x64 arch:x64

d9d661a606c9d1c23b47672d1067de68

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\Projects\chinch_4_0\projects\chinch4\Build\x64\Release\x64_Release.pdb

Imports

kernel32

CreateFileW
ExpandEnvironmentStringsW
IsBadStringPtrA
MapViewOfFile
UnmapViewOfFile
SetEvent
FlushViewOfFile
GetCurrentProcess
OpenProcess
GetLocalTime
SetHandleInformation
ReadFile
MultiByteToWideChar
SetFileTime
GetOEMCP
GetProcAddress
LoadLibraryA
OpenEventW
GetFileSize
SetFilePointer
WriteFile
GetModuleHandleW
LoadLibraryW
GetVersionExW
VirtualProtectEx
GetExitCodeThread
lstrcmpiW
VirtualFreeEx
ReadProcessMemory
VirtualAllocEx
GetModuleHandleA
WriteProcessMemory
CreateThread
WideCharToMultiByte
CreateDirectoryW
DeleteFileW
CloseHandle
CreateEventW
TerminateProcess
Sleep
CreateProcessW
GetLastError
GetTickCount
WaitForSingleObject
GetNativeSystemInfo
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
CreatePipe
InitializeCriticalSection
SetStdHandle
OutputDebugStringW
GetCurrentProcessId
QueryPerformanceCounter
GetModuleFileNameA
GetSystemTimeAsFileTime
GetFileAttributesExW
GetStringTypeW
EncodePointer
DecodePointer
HeapFree
HeapAlloc
IsDebuggerPresent
IsProcessorFeaturePresent
ExitProcess
GetModuleHandleExW
HeapReAlloc
GetCPInfo
GetCommandLineA
GetCurrentThreadId
GetStdHandle
GetFileType
GetModuleFileNameW
WriteConsoleW
RtlPcToFileHeader
RaiseException
RtlLookupFunctionEntry
RtlUnwindEx
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
SetEnvironmentVariableW
SetEnvironmentVariableA
RtlCaptureContext
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
SetLastError
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStartupInfoW
FreeLibrary
LoadLibraryExW
HeapSize
GetProcessHeap
GetTimeZoneInformation
SetFilePointerEx
FlushFileBuffers
GetConsoleCP
GetConsoleMode
IsValidCodePage
GetACP
GetEnvironmentStringsW
FreeEnvironmentStringsW
ReadConsoleW
SetEndOfFile

advapi32

CryptDestroyHash
CryptCreateHash
CryptGenRandom
CryptGetHashParam
CryptDecrypt
CryptDestroyKey
CryptImportKey
CryptReleaseContext
CryptSetKeyParam
CryptAcquireContextW
RegSetValueExW
RegCloseKey
RegQueryValueExW
RegCreateKeyExW
CryptHashData

psapi

GetModuleBaseNameA
EnumProcessModulesEx
EnumProcessModules

Exports

Exports

UMEP
VFEP

Sections

.text
Size: 1003KB - Virtual size: 1003KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 470KB - Virtual size: 469KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 258KB - Virtual size: 305KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 46KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.10.29_CISA-MAR-10310246_Powershell_Backdoor/README.md
Malware-Feed-master/2020.10.29_CISA-MAR-10310246_Powershell_Backdoor/a3170c32c09fc85cdda778a5c20a3dab144b6d1dd9996ba8340866e0081c7642
.ps1
Malware-Feed-master/2020.10.29_CISA-MAR-10310246_ZEBROCY_Backdoor/0be114fe30ef5042890c17033b63d7c9e0363972fcc15a61433c598dd33f49d1
.exe windows:4 windows x86 arch:x86

20acdf581665d0a5acf497c2fe5e0662

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

AddVectoredExceptionHandler
CloseHandle
CreateEventA
CreateIoCompletionPort
CreateThread
DeleteCriticalSection
DuplicateHandle
EnterCriticalSection
ExitProcess
FreeEnvironmentStringsW
GetConsoleMode
GetEnvironmentStringsW
GetLastError
GetModuleHandleA
GetProcAddress
GetProcessAffinityMask
GetQueuedCompletionStatus
GetStdHandle
GetSystemInfo
InitializeCriticalSection
InterlockedDecrement
InterlockedExchangeAdd
InterlockedIncrement
LeaveCriticalSection
LoadLibraryA
LoadLibraryW
SetConsoleCtrlHandler
SetErrorMode
SetEvent
SetProcessPriorityBoost
SetUnhandledExceptionFilter
SetWaitableTimer
Sleep
SwitchToThread
TlsGetValue
VirtualAlloc
VirtualFree
VirtualProtect
VirtualQuery
WaitForSingleObject
WriteConsoleW
WriteFile

msvcrt

__getmainargs
__p__environ
__p__fmode
__set_app_type
_beginthread
_cexit
_errno
_iob
_onexit
_setmode
abort
atexit
calloc
fprintf
free
fwrite
malloc
memcpy
signal
vfprintf

winmm

timeBeginPeriod
timeEndPeriod

ws2_32

WSAGetOverlappedResult

Sections

.text
Size: 1.9MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 191KB - Virtual size: 191KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 2.1MB - Virtual size: 2.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.eh_fram
Size: 1024B - Virtual size: 928B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 86KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Malware-Feed-master/2020.10.29_CISA-MAR-10310246_ZEBROCY_Backdoor/2631f95e9a46c821a701269a76b15bb065764cc15a0b268a4d1eac045975c9b8
.exe windows:4 windows x86 arch:x86

20acdf581665d0a5acf497c2fe5e0662

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

AddVectoredExceptionHandler
CloseHandle
CreateEventA
CreateIoCompletionPort
CreateThread
DeleteCriticalSection
DuplicateHandle
EnterCriticalSection
ExitProcess
FreeEnvironmentStringsW
GetConsoleMode
GetEnvironmentStringsW
GetLastError
GetModuleHandleA
GetProcAddress
GetProcessAffinityMask
GetQueuedCompletionStatus
GetStdHandle
GetSystemInfo
InitializeCriticalSection
InterlockedDecrement
InterlockedExchangeAdd
InterlockedIncrement
LeaveCriticalSection
LoadLibraryA
LoadLibraryW
SetConsoleCtrlHandler
SetErrorMode
SetEvent
SetProcessPriorityBoost
SetUnhandledExceptionFilter
SetWaitableTimer
Sleep
SwitchToThread
TlsGetValue
VirtualAlloc
VirtualFree
VirtualProtect
VirtualQuery
WaitForSingleObject
WriteConsoleW
WriteFile

msvcrt

__getmainargs
__p__environ
__p__fmode
__set_app_type
_beginthread
_cexit
_errno
_iob
_onexit
_setmode
abort
atexit
calloc
fprintf
free
fwrite
malloc
memcpy
signal
vfprintf

winmm

timeBeginPeriod
timeEndPeriod

ws2_32

WSAGetOverlappedResult

Sections

.text
Size: 1.9MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 191KB - Virtual size: 191KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 2.1MB - Virtual size: 2.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.eh_fram
Size: 1024B - Virtual size: 928B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 86KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Malware-Feed-master/2020.10.29_CISA-MAR-10310246_ZEBROCY_Backdoor/README.md
Malware-Feed-master/2020.10.29_CISA-Ransomware_Healthcare/0816d66320d221de576c8a9e6af1b05c7656832939876dd99bb8b40029fe694a
.exe windows:6 windows x64 arch:x64

cf7312449a72e7397662883abbadeb55

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

oleaut32

SysFreeString
VariantInit
SysAllocString
VariantClear

ws2_32

WSAGetLastError
htonl

iphlpapi

IcmpCloseHandle
IcmpCreateFile
IcmpSendEcho

kernel32

SetStdHandle
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
WriteConsoleW
ReadConsoleW
FreeEnvironmentStringsW
TerminateProcess
GetLocalTime
FreeLibrary
GetProcAddress
LoadLibraryA
FileTimeToSystemTime
SystemTimeToFileTime
HeapAlloc
HeapReAlloc
HeapFree
HeapSize
GetProcessHeap
VirtualAlloc
VirtualFree
CreateFileW
GetFileSize
CloseHandle
GetTickCount
LocalFree
CreateFileA
SetEndOfFile
SetFilePointer
WriteFile
GetLastError
Sleep
GetTickCount64
GetModuleFileNameA
WideCharToMultiByte
QueryPerformanceCounter
EnterCriticalSection
LeaveCriticalSection
TryEnterCriticalSection
DeleteCriticalSection
GetCurrentThreadId
MultiByteToWideChar
EncodePointer
DecodePointer
SetLastError
InitializeCriticalSectionAndSpinCount
CreateEventW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
GetModuleHandleW
GetCPInfo
CompareStringW
LCMapStringW
GetLocaleInfoW
GetStringTypeW
SetEvent
ResetEvent
WaitForSingleObjectEx
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
GetCurrentProcessId
InitializeSListHead
SignalObjectAndWait
SwitchToThread
CreateThread
SetThreadPriority
GetThreadPriority
GetLogicalProcessorInformation
CreateTimerQueueTimer
ChangeTimerQueueTimer
DeleteTimerQueueTimer
GetNumaHighestNodeNumber
GetProcessAffinityMask
SetThreadAffinityMask
RegisterWaitForSingleObject
UnregisterWait
GetCurrentThread
GetThreadTimes
FreeLibraryAndExitThread
GetModuleFileNameW
GetModuleHandleA
LoadLibraryExW
GetVersionExW
VirtualProtect
DuplicateHandle
ReleaseSemaphore
InterlockedPopEntrySList
InterlockedPushEntrySList
InterlockedFlushSList
QueryDepthSList
UnregisterWaitEx
CreateTimerQueue
LoadLibraryW
RtlPcToFileHeader
RaiseException
RtlUnwindEx
ExitThread
GetModuleHandleExW
ExitProcess
GetStdHandle
GetACP
GetFileType
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
FlushFileBuffers
GetConsoleCP
GetConsoleMode
ReadFile
SetFilePointerEx
FindClose
FindFirstFileExA
FindNextFileA
IsValidCodePage

Sections

.table
Size: 512B - Virtual size: 256B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text
Size: 465KB - Virtual size: 464KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rand
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.defs
Size: 512B - Virtual size: 82B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.a1
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.addr
Size: 512B - Virtual size: 132B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 151KB - Virtual size: 151KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 648B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.10.29_CISA-Ransomware_Healthcare/18d347001057c68c4f2ad1d2f5af73e2dfa69aa46466fa43b40d7da360b79c01
.dll windows:5 windows x86 arch:x86

5124c91048a0870d4962b68459a9e1c1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\MyProjects\secondWork\Anchor\Win32\Release\Anchor_x86.pdb

Imports

ws2_32

__WSAFDIsSet
select
ntohs
inet_ntoa
recvfrom
sendto
WSACleanup
closesocket
shutdown
WSAStartup
inet_addr
socket
htons

winhttp

WinHttpReceiveResponse
WinHttpOpen
WinHttpQueryHeaders
WinHttpReadData
WinHttpOpenRequest
WinHttpSetOption
WinHttpCloseHandle
WinHttpSendRequest
WinHttpConnect
WinHttpQueryDataAvailable

advapi32

RegSetValueExW
RegOpenKeyExW
RegQueryValueExW
SetServiceStatus
RegisterServiceCtrlHandlerW
RegCloseKey

kernel32

GetConsoleCP
HeapReAlloc
HeapSize
SetStdHandle
GetProcessHeap
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetCPInfo
GetConsoleMode
IsValidCodePage
FindNextFileA
FindFirstFileExA
FindClose
GetStringTypeW
LCMapStringW
SetFilePointerEx
FlushFileBuffers
DecodePointer
WriteConsoleW
GetOEMCP
ResetEvent
GetCurrentProcess
GetComputerNameExW
GetModuleHandleA
GetLastError
LoadLibraryA
GetProcAddress
FreeLibrary
WideCharToMultiByte
GetTickCount
WaitForSingleObject
CreateEventW
SetEvent
CloseHandle
EnterCriticalSection
LeaveCriticalSection
lstrlenW
DeleteCriticalSection
GetShortPathNameA
ReadFile
WriteFile
CreateFileW
GetSystemWindowsDirectoryA
MultiByteToWideChar
GetTempPathA
CreateFileA
TerminateThread
DeleteFileA
DeleteFileW
CreateProcessA
GetTempFileNameA
GetSystemWindowsDirectoryW
SetFilePointer
WaitForSingleObjectEx
GetModuleHandleW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
EncodePointer
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
RaiseException
InterlockedFlushSList
SetLastError
RtlUnwind
CreateThread
ExitThread
FreeLibraryAndExitThread
GetModuleHandleExW
ExitProcess
GetModuleFileNameA
HeapFree
HeapAlloc
GetACP
GetStdHandle
GetFileType

Exports

Exports

ServiceMain
SvchostPushServiceGlobals

Sections

.text
Size: 97KB - Virtual size: 97KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 31KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 284B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 648B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.10.29_CISA-Ransomware_Healthcare/2c446cad1e15d82521022281b81f905867e33e9ae33c3e7e4959972d40230775
.exe windows:5 windows x64 arch:x64

4ed5dfc8ec9520fe86d07e7f7705a8a3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

advapi32

RegQueryValueExW
QueryServiceStatusEx
OpenServiceW
RegCreateKeyW
RegOpenKeyExW
StartServiceW
RegSetValueExW
ControlService
OpenSCManagerW
CloseServiceHandle
RegCloseKey
CreateServiceW

kernel32

WriteFile
CreateFileW
GetLastError
CloseHandle
GetCurrentProcess
GetComputerNameExW
LoadLibraryA
GetProcAddress
FreeLibrary
WideCharToMultiByte
GetTickCount
ReadFile
lstrlenW
GetModuleFileNameW
WaitForMultipleObjects
WaitForSingleObject
Sleep
DeleteFileW
GetWindowsDirectoryW
CreateProcessW
GetSystemWindowsDirectoryW
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
SetEvent
ResetEvent
WaitForSingleObjectEx
CreateEventW
GetModuleHandleW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
RtlPcToFileHeader
EncodePointer
RaiseException
RtlUnwindEx
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
SetLastError
CreateThread
ExitThread
FreeLibraryAndExitThread
GetModuleHandleExW
GetStdHandle
MultiByteToWideChar
ExitProcess
GetACP
HeapFree
HeapAlloc
GetFileType
LCMapStringW
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetStdHandle
GetStringTypeW
GetProcessHeap
HeapSize
HeapReAlloc
GetConsoleCP
GetConsoleMode
SetFilePointerEx
FlushFileBuffers
WriteConsoleW

Sections

.text
Size: 90KB - Virtual size: 89KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 377KB - Virtual size: 376KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 512B - Virtual size: 240B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 648B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.10.29_CISA-Ransomware_Healthcare/47a16afd03cc206a96000d3d5c6d34b3167abda5ffb8458a601e6b079a948dc5
.dll windows:5 windows x86 arch:x86

3c93940751e685cd5c2ca1df975e8c65

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\Users\ProFi\Desktop\data\Win32\anchorInstaller_x86Code\Anchor_x86.pdb

Imports

ws2_32

__WSAFDIsSet
select
ntohs
inet_ntoa
recvfrom
sendto
WSACleanup
closesocket
shutdown
WSAStartup
inet_addr
socket
htons

winhttp

WinHttpReceiveResponse
WinHttpOpen
WinHttpQueryHeaders
WinHttpReadData
WinHttpOpenRequest
WinHttpSetOption
WinHttpCloseHandle
WinHttpSendRequest
WinHttpConnect
WinHttpQueryDataAvailable

advapi32

RegSetValueExW
RegOpenKeyExW
RegQueryValueExW
SetServiceStatus
RegisterServiceCtrlHandlerW
RegCloseKey

kernel32

GetConsoleCP
HeapReAlloc
HeapSize
SetStdHandle
GetProcessHeap
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetCPInfo
GetConsoleMode
IsValidCodePage
FindNextFileA
FindFirstFileExA
FindClose
GetStringTypeW
LCMapStringW
SetFilePointerEx
FlushFileBuffers
DecodePointer
WriteConsoleW
GetOEMCP
ResetEvent
GetCurrentProcess
GetComputerNameExW
GetModuleHandleA
GetLastError
LoadLibraryA
GetProcAddress
FreeLibrary
WideCharToMultiByte
GetTickCount
WaitForSingleObject
CreateEventW
SetEvent
CloseHandle
EnterCriticalSection
LeaveCriticalSection
lstrlenW
DeleteCriticalSection
GetShortPathNameA
ReadFile
WriteFile
CreateFileW
GetSystemWindowsDirectoryA
MultiByteToWideChar
GetTempPathA
CreateFileA
TerminateThread
DeleteFileA
DeleteFileW
CreateProcessW
GetTempFileNameA
GetSystemWindowsDirectoryW
WaitForSingleObjectEx
GetModuleHandleW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
EncodePointer
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
RaiseException
InterlockedFlushSList
SetLastError
RtlUnwind
CreateThread
ExitThread
FreeLibraryAndExitThread
GetModuleHandleExW
ExitProcess
GetModuleFileNameA
HeapFree
HeapAlloc
GetACP
GetStdHandle
GetFileType

Exports

Exports

ServiceMain
SvchostPushServiceGlobals

Sections

.text
Size: 96KB - Virtual size: 95KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 31KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 284B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 648B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.10.29_CISA-Ransomware_Healthcare/5de47f786534c1fbe8173ac71ab48602fe3462baed77eea70f2b59231ffa69c0
.exe windows:5 windows x86 arch:x86

9e136c65a8ad6fe24b32fb40d427b719

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ole32

CoTaskMemFree
CoCreateInstance
CoInitializeSecurity
CoInitializeEx
CoUninitialize

oleaut32

VariantClear
VariantInit
SysFreeString
SysAllocString

shell32

SHGetKnownFolderPath

advapi32

GetNamedSecurityInfoA
SetEntriesInAclA
SetSecurityDescriptorGroup
SetSecurityDescriptorSacl
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
FreeSid
AllocateAndInitializeSid
SetNamedSecurityInfoA

ws2_32

WSAGetLastError
getaddrinfo
htonl

rpcrt4

UuidCreate

winhttp

WinHttpReadData
WinHttpQueryDataAvailable
WinHttpSetOption
WinHttpConnect
WinHttpCloseHandle
WinHttpOpenRequest
WinHttpSendRequest
WinHttpReceiveResponse
WinHttpQueryHeaders
WinHttpOpen

kernel32

GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
SetStdHandle
GetConsoleCP
GetConsoleMode
SetFilePointerEx
FlushFileBuffers
DecodePointer
WriteConsoleW
FreeEnvironmentStringsW
SetUnhandledExceptionFilter
GetCPInfo
GetOEMCP
IsValidCodePage
FindNextFileA
FindFirstFileExA
FindClose
LCMapStringW
GetStringTypeW
FreeLibrary
GetProcAddress
GetLastError
GetTickCount
LoadLibraryA
GetComputerNameExW
WideCharToMultiByte
HeapAlloc
HeapReAlloc
HeapFree
HeapSize
GetProcessHeap
InterlockedDecrement
LocalFree
WriteFile
ReadFile
GetLocalTime
GetModuleFileNameA
GetSystemWindowsDirectoryW
Sleep
CloseHandle
GetTickCount64
CreateProcessW
GetSystemWindowsDirectoryA
CreateFileA
MultiByteToWideChar
UnhandledExceptionFilter
CreateFileW
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
SetEvent
ResetEvent
WaitForSingleObjectEx
CreateEventW
GetModuleHandleW
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
RaiseException
RtlUnwind
EncodePointer
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
SetLastError
CreateThread
ExitThread
FreeLibraryAndExitThread
GetModuleHandleExW
ExitProcess
GetStdHandle
GetACP
GetFileType

Sections

.text
Size: 115KB - Virtual size: 115KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 35KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 320B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 648B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.10.29_CISA-Ransomware_Healthcare/73d1283221b18ac00cdd1929d75aefe1275757cac85115a1b2b4bedd9b6d633f
.exe windows:5 windows x64 arch:x64

ff0faef0f8d024c17528877028e5c53d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ole32

CoTaskMemFree
CoCreateInstance
CoInitializeSecurity
CoInitializeEx
CoUninitialize

oleaut32

VariantClear
VariantInit
SysFreeString
SysAllocString

shell32

SHGetKnownFolderPath

advapi32

GetNamedSecurityInfoA
SetEntriesInAclA
SetSecurityDescriptorGroup
SetSecurityDescriptorSacl
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
FreeSid
AllocateAndInitializeSid
SetNamedSecurityInfoA

ws2_32

WSAGetLastError
getaddrinfo
htonl

rpcrt4

UuidCreate

winhttp

WinHttpReadData
WinHttpQueryDataAvailable
WinHttpSetOption
WinHttpConnect
WinHttpCloseHandle
WinHttpOpenRequest
WinHttpSendRequest
WinHttpReceiveResponse
WinHttpQueryHeaders
WinHttpOpen

kernel32

FreeEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetCPInfo
SetStdHandle
GetConsoleCP
GetConsoleMode
SetFilePointerEx
FlushFileBuffers
WriteConsoleW
GetEnvironmentStringsW
UnhandledExceptionFilter
GetOEMCP
IsValidCodePage
FindNextFileA
FindFirstFileExA
FindClose
LCMapStringW
GetStringTypeW
GetFileType
FreeLibrary
GetProcAddress
GetLastError
GetTickCount
LoadLibraryA
GetComputerNameExW
WideCharToMultiByte
HeapAlloc
HeapReAlloc
HeapFree
HeapSize
GetProcessHeap
LocalFree
WriteFile
ReadFile
GetLocalTime
GetModuleFileNameA
GetSystemWindowsDirectoryW
Sleep
CloseHandle
GetTickCount64
CreateProcessW
GetSystemWindowsDirectoryA
CreateFileA
MultiByteToWideChar
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
CreateFileW
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
SetEvent
ResetEvent
WaitForSingleObjectEx
CreateEventW
GetModuleHandleW
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
RtlPcToFileHeader
RaiseException
RtlUnwindEx
EncodePointer
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
SetLastError
CreateThread
ExitThread
FreeLibraryAndExitThread
GetModuleHandleExW
ExitProcess
GetStdHandle
GetACP

Sections

.text
Size: 121KB - Virtual size: 121KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 54KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 256B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 648B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.10.29_CISA-Ransomware_Healthcare/7e00743d43b550b6b0d3927a551eba2f0c87d458fb1b546249a092c8ebc6c7b2
.dll windows:6 windows x64 arch:x64

ee92966356156d9c5f5da080ba2535d7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

ws2_32

socket
__WSAFDIsSet

advapi32

RegisterServiceCtrlHandlerW

kernel32

WriteConsoleW
FreeLibrary
WideCharToMultiByte
HeapAlloc
HeapReAlloc
HeapFree
HeapSize
GetProcessHeap
lstrlenW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
CloseHandle
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
SetEvent
ResetEvent
WaitForSingleObjectEx
CreateEventW
GetModuleHandleW
GetProcAddress
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
RtlPcToFileHeader
RaiseException
RtlUnwindEx
EncodePointer
GetLastError
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
CreateFileW
LoadLibraryExW
InterlockedFlushSList
SetLastError
CreateThread
ExitThread
FreeLibraryAndExitThread
GetModuleHandleExW
ExitProcess
GetModuleFileNameA
MultiByteToWideChar
GetACP
GetStdHandle
GetFileType
GetStringTypeW
LCMapStringW
FindClose
FindFirstFileExA
FindNextFileA
IsValidCodePage
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetStdHandle
WriteFile
GetConsoleCP
GetConsoleMode
SetFilePointerEx
FlushFileBuffers

Exports

Exports

ServiceMain
SvchostPushServiceGlobals

Sections

.text
Size: 106KB - Virtual size: 105KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 47KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 228B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 648B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.10.29_CISA-Ransomware_Healthcare/9067fa96c3f7249241d50425f1198a36c6c23578f14bf501a1664a501f088d69
.dll windows:5 windows x86 arch:x86

9abc3e4bbba59b4fcdcf0c50ebfc8828

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ws2_32

__WSAFDIsSet
closesocket
shutdown
WSAStartup
socket
ntohs
recvfrom
sendto

winhttp

WinHttpReceiveResponse
WinHttpOpen
WinHttpQueryHeaders
WinHttpReadData
WinHttpOpenRequest
WinHttpSetOption
WinHttpCloseHandle
WinHttpSendRequest
WinHttpConnect
WinHttpQueryDataAvailable

advapi32

RegSetValueExW
RegOpenKeyExW
RegQueryValueExW
SetServiceStatus
RegisterServiceCtrlHandlerW
RegCloseKey

kernel32

GetConsoleCP
WriteFile
HeapReAlloc
HeapSize
SetStdHandle
GetProcessHeap
GetConsoleMode
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetCPInfo
GetOEMCP
IsValidCodePage
FindNextFileA
FindFirstFileExA
SetFilePointerEx
FlushFileBuffers
DecodePointer
WriteConsoleW
FreeEnvironmentStringsW
GetSystemTimeAsFileTime
GetComputerNameExW
GetLastError
LoadLibraryA
GetTickCount
WaitForSingleObject
CloseHandle
EnterCriticalSection
LeaveCriticalSection
lstrlenW
DeleteCriticalSection
GetShortPathNameA
CreateFileW
GetSystemWindowsDirectoryA
CreateProcessW
GetSystemWindowsDirectoryW
SetEvent
ResetEvent
WaitForSingleObjectEx
CreateEventW
GetModuleHandleW
GetProcAddress
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
InitializeSListHead
EncodePointer
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
RaiseException
InterlockedFlushSList
SetLastError
RtlUnwind
CreateThread
ExitThread
FreeLibraryAndExitThread
GetModuleHandleExW
ExitProcess
GetModuleFileNameA
MultiByteToWideChar
WideCharToMultiByte
HeapFree
HeapAlloc
GetACP
GetStdHandle
GetFileType
LCMapStringW
GetStringTypeW
FindClose

Exports

Exports

ServiceMain
SvchostPushServiceGlobals

Sections

.text
Size: 98KB - Virtual size: 98KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 30KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 284B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 648B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.10.29_CISA-Ransomware_Healthcare/92796e61f7a47521210edfc5e7e2004975ede13b836787b07dde85f80750b0ff
.dll windows:6 windows x86 arch:x86

c8f9c880fd1a2b819edd0e5bca929f29

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\Anchor\Anchor\Win32\Release\Anchor_x86.pdb

Imports

ws2_32

__WSAFDIsSet
select
ntohs
inet_ntoa
recvfrom
sendto
WSACleanup
closesocket
shutdown
WSAStartup
inet_addr
socket
htons

advapi32

RegOpenKeyExW
RegQueryValueExW
SetServiceStatus
RegisterServiceCtrlHandlerW
RegCloseKey

kernel32

GetConsoleMode
GetConsoleCP
HeapReAlloc
HeapSize
SetStdHandle
GetProcessHeap
SetFilePointerEx
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetCPInfo
GetOEMCP
IsValidCodePage
FindNextFileA
FindFirstFileExA
FlushFileBuffers
DecodePointer
WriteConsoleW
FreeEnvironmentStringsW
IsProcessorFeaturePresent
GetComputerNameExW
GetProcAddress
FreeLibrary
WideCharToMultiByte
GetTickCount
WaitForSingleObject
CreateEventW
SetEvent
CloseHandle
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
GetShortPathNameA
ReadFile
lstrlenW
WriteFile
CreateFileW
GetSystemWindowsDirectoryA
MultiByteToWideChar
GetTempPathA
GetLastError
CreateFileA
TerminateThread
DeleteFileA
DeleteFileW
CreateProcessW
GetTempFileNameA
GetSystemWindowsDirectoryW
LoadLibraryW
ResetEvent
WaitForSingleObjectEx
GetModuleHandleW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
EncodePointer
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
RaiseException
InterlockedFlushSList
SetLastError
RtlUnwind
CreateThread
ExitThread
FreeLibraryAndExitThread
GetModuleHandleExW
ExitProcess
GetModuleFileNameA
HeapFree
HeapAlloc
GetACP
GetStdHandle
GetFileType
GetStringTypeW
LCMapStringW
FindClose

Exports

Exports

ServiceMain
SvchostPushServiceGlobals

Sections

.text
Size: 94KB - Virtual size: 94KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 31KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 284B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 648B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.10.29_CISA-Ransomware_Healthcare/9469f92e61d75e88ccc854ac6febd2df4a2a5ee7ec4ecea152b82e05df905325
.dll windows:5 windows x64 arch:x64

83b6b560538dc9993d7f60ab7cd39e44

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\[JOB]\Anchor\x64\Release\Anchor_x64.pdb

Imports

ws2_32

__WSAFDIsSet
select
ntohs
inet_ntoa
recvfrom
sendto
WSACleanup
closesocket
shutdown
WSAStartup
inet_addr
socket
htons

winhttp

WinHttpReceiveResponse
WinHttpOpen
WinHttpQueryHeaders
WinHttpReadData
WinHttpOpenRequest
WinHttpSetOption
WinHttpCloseHandle
WinHttpSendRequest
WinHttpConnect
WinHttpQueryDataAvailable

advapi32

RegSetValueExW
RegOpenKeyExW
RegQueryValueExW
SetServiceStatus
RegisterServiceCtrlHandlerW
RegCloseKey

kernel32

HeapReAlloc
HeapSize
SetStdHandle
GetProcessHeap
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetCPInfo
GetOEMCP
GetConsoleCP
FindNextFileA
FindFirstFileExA
FindClose
GetStringTypeW
LCMapStringW
GetConsoleMode
SetFilePointerEx
FlushFileBuffers
WriteConsoleW
IsValidCodePage
WaitForSingleObjectEx
GetCurrentProcess
GetComputerNameExW
GetModuleHandleA
GetLastError
LoadLibraryA
GetProcAddress
FreeLibrary
WideCharToMultiByte
GetTickCount
WaitForSingleObject
CreateEventW
SetEvent
CloseHandle
EnterCriticalSection
LeaveCriticalSection
lstrlenW
DeleteCriticalSection
GetShortPathNameA
ReadFile
WriteFile
CreateFileW
GetSystemWindowsDirectoryA
MultiByteToWideChar
GetTempPathA
CreateFileA
TerminateThread
DeleteFileA
DeleteFileW
CreateProcessW
GetTempFileNameA
GetSystemWindowsDirectoryW
ResetEvent
GetModuleHandleW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
RtlPcToFileHeader
EncodePointer
RaiseException
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
RtlUnwindEx
InterlockedFlushSList
SetLastError
CreateThread
ExitThread
FreeLibraryAndExitThread
GetModuleHandleExW
ExitProcess
GetModuleFileNameA
HeapFree
HeapAlloc
GetACP
GetStdHandle
GetFileType

Exports

Exports

ServiceMain
SvchostPushServiceGlobals

Sections

.text
Size: 97KB - Virtual size: 97KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 47KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 228B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 648B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.10.29_CISA-Ransomware_Healthcare/946b706080ad6bafeee90149255755e013eedb22a58711a70bb9ffec934228c2
.exe windows:6 windows x86 arch:x86

c6e25929700405a7824f09abc2c82bf0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

oleaut32

SysFreeString
VariantInit
SysAllocString
VariantClear

ws2_32

WSAGetLastError
htonl

iphlpapi

IcmpCloseHandle
IcmpCreateFile
IcmpSendEcho2

kernel32

GetConsoleMode
GetConsoleCP
FlushFileBuffers
SetFilePointerEx
FreeEnvironmentStringsW
WriteConsoleW
CreateFileW
SetStdHandle
SignalObjectAndWait
GetLocalTime
FreeLibrary
GetProcAddress
LoadLibraryA
FileTimeToSystemTime
SystemTimeToFileTime
HeapAlloc
HeapReAlloc
HeapFree
HeapSize
GetProcessHeap
VirtualAlloc
VirtualFree
GetTickCount
LocalFree
GetLastError
Sleep
GetTickCount64
WideCharToMultiByte
QueryPerformanceCounter
EnterCriticalSection
LeaveCriticalSection
TryEnterCriticalSection
DeleteCriticalSection
GetCurrentThreadId
MultiByteToWideChar
GetCPInfo
EncodePointer
DecodePointer
SetLastError
InitializeCriticalSectionAndSpinCount
CreateEventW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
GetModuleHandleW
CompareStringW
LCMapStringW
GetLocaleInfoW
GetStringTypeW
CloseHandle
SetEvent
ResetEvent
WaitForSingleObjectEx
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
GetCurrentProcessId
InitializeSListHead
SwitchToThread
CreateThread
SetThreadPriority
GetThreadPriority
GetLogicalProcessorInformation
CreateTimerQueueTimer
ChangeTimerQueueTimer
DeleteTimerQueueTimer
GetNumaHighestNodeNumber
GetProcessAffinityMask
SetThreadAffinityMask
RegisterWaitForSingleObject
UnregisterWait
GetCurrentThread
GetThreadTimes
FreeLibraryAndExitThread
GetModuleFileNameW
GetModuleHandleA
LoadLibraryExW
GetVersionExW
VirtualProtect
DuplicateHandle
ReleaseSemaphore
InterlockedPopEntrySList
InterlockedPushEntrySList
InterlockedFlushSList
QueryDepthSList
UnregisterWaitEx
CreateTimerQueue
LoadLibraryW
RaiseException
RtlUnwind
ExitThread
GetModuleHandleExW
ExitProcess
GetModuleFileNameA
GetStdHandle
WriteFile
GetACP
GetFileType
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
FindClose
FindFirstFileExA
FindNextFileA
IsValidCodePage
GetOEMCP
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW

Sections

.table
Size: 512B - Virtual size: 440B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text
Size: 352KB - Virtual size: 351KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rand
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.defs
Size: 512B - Virtual size: 74B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.a1
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.addr
Size: 512B - Virtual size: 66B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 87KB - Virtual size: 87KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 648B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.10.29_CISA-Ransomware_Healthcare/9f2a5f2ca86b24191370315c30a78f8adda1a04e3acac4edb3ac8f1cdc58c20c
.exe windows:6 windows x64 arch:x64

c5f974dfbfe98f33ee27e594afca7d82

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

oleaut32

SysFreeString
VariantInit
SysAllocString
VariantClear

ws2_32

WSAGetLastError
htonl

iphlpapi

IcmpCloseHandle
IcmpCreateFile
IcmpSendEcho

kernel32

SetStdHandle
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
WriteConsoleW
ReadConsoleW
FreeEnvironmentStringsW
GetCurrentProcess
GetLocalTime
FreeLibrary
GetProcAddress
LoadLibraryA
FileTimeToSystemTime
SystemTimeToFileTime
HeapAlloc
HeapReAlloc
HeapFree
HeapSize
GetProcessHeap
VirtualAlloc
VirtualFree
CreateFileW
GetFileSize
CloseHandle
GetTickCount
LocalFree
CreateFileA
SetEndOfFile
SetFilePointer
WriteFile
GetLastError
Sleep
GetTickCount64
VirtualProtect
GetModuleFileNameA
WideCharToMultiByte
QueryPerformanceCounter
EnterCriticalSection
LeaveCriticalSection
TryEnterCriticalSection
DeleteCriticalSection
GetCurrentThreadId
MultiByteToWideChar
EncodePointer
DecodePointer
SetLastError
InitializeCriticalSectionAndSpinCount
CreateEventW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
GetModuleHandleW
GetCPInfo
CompareStringW
LCMapStringW
GetLocaleInfoW
GetStringTypeW
SetEvent
ResetEvent
WaitForSingleObjectEx
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
GetCurrentProcessId
InitializeSListHead
SignalObjectAndWait
SwitchToThread
CreateThread
SetThreadPriority
GetThreadPriority
GetLogicalProcessorInformation
CreateTimerQueueTimer
ChangeTimerQueueTimer
DeleteTimerQueueTimer
GetNumaHighestNodeNumber
GetProcessAffinityMask
SetThreadAffinityMask
RegisterWaitForSingleObject
UnregisterWait
GetCurrentThread
GetThreadTimes
FreeLibraryAndExitThread
GetModuleFileNameW
GetModuleHandleA
LoadLibraryExW
GetVersionExW
DuplicateHandle
ReleaseSemaphore
InterlockedPopEntrySList
InterlockedPushEntrySList
InterlockedFlushSList
QueryDepthSList
UnregisterWaitEx
CreateTimerQueue
LoadLibraryW
RtlPcToFileHeader
RaiseException
RtlUnwindEx
ExitThread
GetModuleHandleExW
ExitProcess
GetStdHandle
GetACP
GetFileType
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
FlushFileBuffers
GetConsoleCP
GetConsoleMode
ReadFile
SetFilePointerEx
FindClose
FindFirstFileExA
FindNextFileA
IsValidCodePage

Sections

.table
Size: 512B - Virtual size: 256B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text
Size: 462KB - Virtual size: 461KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rand
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.defs
Size: 512B - Virtual size: 82B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.a1
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.addr
Size: 512B - Virtual size: 132B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 151KB - Virtual size: 151KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 648B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.10.29_CISA-Ransomware_Healthcare/README.md
Malware-Feed-master/2020.10.29_CISA-Ransomware_Healthcare/b1e703bd4df1d3e85ff97b638357b8c96360c9a658930473d37b733dbed51e02
.dll windows:5 windows x86 arch:x86

3c93940751e685cd5c2ca1df975e8c65

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\Users\ProFi\Desktop\data\Win32\anchorInstaller_x86Code\Anchor_x86.pdb

Imports

ws2_32

__WSAFDIsSet
select
ntohs
inet_ntoa
recvfrom
sendto
WSACleanup
closesocket
shutdown
WSAStartup
inet_addr
socket
htons

winhttp

WinHttpReceiveResponse
WinHttpOpen
WinHttpQueryHeaders
WinHttpReadData
WinHttpOpenRequest
WinHttpSetOption
WinHttpCloseHandle
WinHttpSendRequest
WinHttpConnect
WinHttpQueryDataAvailable

advapi32

RegSetValueExW
RegOpenKeyExW
RegQueryValueExW
SetServiceStatus
RegisterServiceCtrlHandlerW
RegCloseKey

kernel32

GetConsoleCP
HeapReAlloc
HeapSize
SetStdHandle
GetProcessHeap
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetCPInfo
GetConsoleMode
IsValidCodePage
FindNextFileA
FindFirstFileExA
FindClose
GetStringTypeW
LCMapStringW
SetFilePointerEx
FlushFileBuffers
DecodePointer
WriteConsoleW
GetOEMCP
ResetEvent
GetCurrentProcess
GetComputerNameExW
GetModuleHandleA
GetLastError
LoadLibraryA
GetProcAddress
FreeLibrary
WideCharToMultiByte
GetTickCount
WaitForSingleObject
CreateEventW
SetEvent
CloseHandle
EnterCriticalSection
LeaveCriticalSection
lstrlenW
DeleteCriticalSection
GetShortPathNameA
ReadFile
WriteFile
CreateFileW
GetSystemWindowsDirectoryA
MultiByteToWideChar
GetTempPathA
CreateFileA
TerminateThread
DeleteFileA
DeleteFileW
CreateProcessW
GetTempFileNameA
GetSystemWindowsDirectoryW
WaitForSingleObjectEx
GetModuleHandleW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
EncodePointer
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
RaiseException
InterlockedFlushSList
SetLastError
RtlUnwind
CreateThread
ExitThread
FreeLibraryAndExitThread
GetModuleHandleExW
ExitProcess
GetModuleFileNameA
HeapFree
HeapAlloc
GetACP
GetStdHandle
GetFileType

Exports

Exports

ServiceMain
SvchostPushServiceGlobals

Sections

.text
Size: 96KB - Virtual size: 95KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 31KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 284B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 648B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.10.29_CISA-Ransomware_Healthcare/d5440b90f2392f378b84be359201cb2870681d9483ec692bd16a8b00ec22122b
.exe windows:6 windows x64 arch:x64

cbae1f0105d7460e4e58f22f9f4d9c4c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\simsim\anchorDNS.v5\Bin\x64\Release\anchorDNS_x64.pdb

Imports

oleaut32

SysFreeString
VariantInit
VariantClear
SysAllocString

ws2_32

WSAGetLastError
htonl

iphlpapi

IcmpCloseHandle
IcmpCreateFile
IcmpSendEcho2

kernel32

CreateTimerQueue
UnregisterWaitEx
LoadLibraryW
InterlockedPopEntrySList
ReleaseSemaphore
DuplicateHandle
QueryDepthSList
GetLocaleInfoW
GetLocalTime
FreeLibrary
GetProcAddress
LoadLibraryA
FileTimeToSystemTime
SystemTimeToFileTime
HeapAlloc
HeapReAlloc
HeapFree
HeapSize
GetProcessHeap
VirtualAlloc
VirtualFree
LocalFree
GetLastError
Sleep
GetTickCount64
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
CloseHandle
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
SetEvent
ResetEvent
WaitForSingleObjectEx
CreateEventW
GetModuleHandleW
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
WideCharToMultiByte
TryEnterCriticalSection
MultiByteToWideChar
GetCPInfo
EncodePointer
DecodePointer
SetLastError
SwitchToThread
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetTickCount
CompareStringW
LCMapStringW
GetStringTypeW
VirtualProtect
RtlUnwindEx
RtlPcToFileHeader
RaiseException
InterlockedPushEntrySList
InterlockedFlushSList
LoadLibraryExW
CreateThread
ExitThread
FreeLibraryAndExitThread
GetModuleHandleExW
ExitProcess
GetModuleFileNameW
GetStdHandle
WriteFile
GetCurrentThread
GetFileType
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetStdHandle
GetFileSizeEx
SetFilePointerEx
FlushFileBuffers
GetConsoleCP
GetConsoleMode
CreateFileW
WriteConsoleW
SignalObjectAndWait
SetThreadPriority
GetThreadPriority
GetLogicalProcessorInformation
CreateTimerQueueTimer
ChangeTimerQueueTimer
DeleteTimerQueueTimer
GetNumaHighestNodeNumber
GetProcessAffinityMask
SetThreadAffinityMask
RegisterWaitForSingleObject
UnregisterWait
GetThreadTimes
GetModuleHandleA
GetVersionExW

Sections

.text
Size: 415KB - Virtual size: 414KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rand
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 147KB - Virtual size: 146KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 648B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.10.29_CISA-Ransomware_Healthcare/fb75261336c28d5c4798fe92463a249fc92bc10cb7f1ad4f14041bdf639a7315
.exe windows:5 windows x86 arch:x86

db7d1dc289bf0c37d0bc56f0bb56bc2b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\MyProjects\secondWork\Anchor\Win32\Release\anchorInstaller_x86.pdb

Imports

advapi32

RegQueryValueExW
QueryServiceStatusEx
OpenServiceW
RegCreateKeyW
RegOpenKeyExW
StartServiceW
RegSetValueExW
ControlService
OpenSCManagerW
CloseServiceHandle
RegCloseKey
CreateServiceW

kernel32

WriteFile
CreateFileW
GetLastError
CloseHandle
GetCurrentProcess
GetComputerNameExW
GetModuleHandleA
LoadLibraryA
GetProcAddress
FreeLibrary
WideCharToMultiByte
CreateDirectoryA
GetTickCount
ReadFile
lstrlenW
GetModuleFileNameW
WaitForMultipleObjects
SetFilePointer
WaitForSingleObject
Sleep
CreateFileA
DeleteFileW
GetWindowsDirectoryW
CreateProcessW
GetSystemWindowsDirectoryW
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
SetEvent
ResetEvent
WaitForSingleObjectEx
CreateEventW
GetModuleHandleW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
EncodePointer
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
RaiseException
SetLastError
RtlUnwind
CreateThread
ExitThread
FreeLibraryAndExitThread
GetModuleHandleExW
GetStdHandle
MultiByteToWideChar
ExitProcess
GetACP
HeapFree
HeapAlloc
GetFileType
LCMapStringW
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetStdHandle
GetStringTypeW
GetProcessHeap
HeapSize
HeapReAlloc
GetConsoleCP
GetConsoleMode
SetFilePointerEx
FlushFileBuffers
DecodePointer
WriteConsoleW

Sections

.text
Size: 90KB - Virtual size: 89KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 302KB - Virtual size: 301KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 296B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.10.29_CISA-Ransomware_Healthcare/fdfa3d13a6fc905eebe1e8370e43510f40379360d497dd48d2f64f983bb481b1
.dll windows:6 windows x86 arch:x86

7c82596cc69dab0a80f4480cc76392cb

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\Anchor\Win32\Release\Anchor_x86.pdb

Imports

ws2_32

sendto
WSACleanup
__WSAFDIsSet
closesocket
select
shutdown
WSAStartup
inet_addr
ntohs
inet_ntoa
recvfrom
htons
socket

advapi32

RegOpenKeyExW
RegQueryValueExW
SetServiceStatus
RegisterServiceCtrlHandlerW
RegCloseKey

kernel32

FlushFileBuffers
HeapReAlloc
HeapSize
GetConsoleCP
SetFilePointerEx
GetStringTypeW
GetConsoleMode
DecodePointer
SetStdHandle
InitializeSListHead
GetTickCount
WaitForSingleObject
CreateEventW
SetEvent
CloseHandle
EnterCriticalSection
GetShortPathNameA
ReadFile
lstrlenW
WriteFile
CreateFileW
GetSystemWindowsDirectoryA
MultiByteToWideChar
GetTempPathA
GetLastError
CreateFileA
TerminateThread
DeleteFileA
DeleteFileW
CreateProcessW
GetTempFileNameA
GetSystemWindowsDirectoryW
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
ResetEvent
WaitForSingleObjectEx
GetModuleHandleW
GetProcAddress
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
WriteConsoleW
GetProcessHeap
RtlUnwind
RaiseException
InterlockedFlushSList
SetLastError
EncodePointer
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
CreateThread
ExitThread
FreeLibraryAndExitThread
GetModuleHandleExW
ExitProcess
GetModuleFileNameW
HeapAlloc
HeapFree
LCMapStringW
GetStdHandle
GetFileType
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
WideCharToMultiByte
GetEnvironmentStringsW
FreeEnvironmentStringsW

Exports

Exports

ServiceMain
SvchostPushServiceGlobals

Sections

.text
Size: 86KB - Virtual size: 86KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 29KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 648B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.11.02_FireEye-Live_Off_The_Land_UNC_1945/14296b21c6e2ba9d56759e2da4b09f58148852ddeefa8fb76a838a30871679a7
.elf linux x64
Malware-Feed-master/2020.11.02_FireEye-Live_Off_The_Land_UNC_1945/3c2fe308c0a563e06263bbacf793bbe9b2259d795fcc36b953793a7e499e7f71
.exe windows:5 windows x86 arch:x86

4749670ac3d28d6761142b0dcb4f5076

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

WriteFile
DisconnectNamedPipe
InterlockedIncrement
InterlockedDecrement
CreateProcessA
WaitForSingleObject
GetExitCodeProcess
CreateNamedPipeA
ConnectNamedPipe
CreateEventA
GetCurrentProcessId
OpenProcess
LocalAlloc
LocalFree
CloseHandle
SetEvent
ReadFile
GetLastError
ExitThread
ResumeThread
CreateThread
GetCommandLineA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetModuleHandleW
GetProcAddress
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetCurrentThreadId
Sleep
ExitProcess
HeapFree
EnterCriticalSection
LeaveCriticalSection
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
SetHandleCount
GetFileType
GetStartupInfoA
DeleteCriticalSection
HeapCreate
VirtualFree
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LoadLibraryA
InitializeCriticalSectionAndSpinCount
RtlUnwind
HeapAlloc
VirtualAlloc
HeapReAlloc
SetFilePointer
GetConsoleCP
GetConsoleMode
GetLocaleInfoA
GetStringTypeA
MultiByteToWideChar
GetStringTypeW
LCMapStringA
LCMapStringW
HeapSize
FlushFileBuffers
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA

advapi32

SetSecurityDescriptorDacl
StartServiceCtrlDispatcherA
RegisterServiceCtrlHandlerA
OpenProcessToken
GetTokenInformation
AllocateAndInitializeSid
EqualSid
FreeSid
OpenSCManagerA
OpenServiceA
CloseServiceHandle
DeleteService
SetServiceStatus
InitializeSecurityDescriptor

Sections

.text
Size: 37KB - Virtual size: 36KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.11.02_FireEye-Live_Off_The_Land_UNC_1945/632be2363c7a13be6d5ce0dca11e387bd0a072cc962b004f0dcf3c1f78982a5a
.exe windows:5 windows x64 arch:x64

3556ec79cb537e2dacecdd9d2209ae8d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

advapi32

ConvertStringSidToSidW

cabinet

ord10

crypt32

CryptBinaryToStringW

cryptdll

MD5Final

fltlib

FilterFindNext

netapi32

NetSessionEnum

ole32

CoCreateInstance

oleaut32

SysFreeString

rpcrt4

NdrMesTypeDecode2

shlwapi

PathIsRelativeW

samlib

SamiChangePasswordUser

secur32

FreeContextBuffer

shell32

CommandLineToArgvW

user32

IsCharAlphaNumericW

userenv

CreateEnvironmentBlock

version

GetFileVersionInfoW

hid

HidD_GetPreparsedData

setupapi

SetupDiEnumDeviceInterfaces

winscard

SCardGetCardTypeProviderNameW

winsta

WinStationOpenServerW

wldap32

ord140

msasn1

ASN1_CloseEncoder

ntdll

RtlIpv6AddressToStringW

kernel32

GetVersionExW
GetVersionExA
SetStdHandle
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

Sections

.text
Size: - Virtual size: 574KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 304KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: - Virtual size: 2.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 2.4MB - Virtual size: 2.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 144B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.11.02_FireEye-Live_Off_The_Land_UNC_1945/7d587a5f6f36a74dcfbcbaecb2b0547fdf1ecdb034341f4cc7ae489f5b57a11d
.elf linux x64
Malware-Feed-master/2020.11.02_FireEye-Live_Off_The_Land_UNC_1945/README.md
Malware-Feed-master/2020.11.02_FireEye-Live_Off_The_Land_UNC_1945/c94fdfedd40e0b194165294f484977947df9da2000cb8fe02243961384b249ff
.elf linux x64
Malware-Feed-master/2020.11.02_FireEye-Live_Off_The_Land_UNC_1945/f568bb92f128ec3bb5e0f34b237aef8537b0e0e5a61fb58317ac091e8fde0da2
.elf linux sparc
Malware-Feed-master/2020.11.06_Volexity-OceanLotus_Fake_Websites/230ac0808fde525306d6e55d389849f67fc328968c433a5053d676d688032e6f
.rar
Malware-Feed-master/2020.11.06_Volexity-OceanLotus_Fake_Websites/7fd58fa4c9f24114c08b3265d30be5aa8f6519ebd2310cc6956eda6c6e6f56f0
.dll windows:6 windows x86 arch:x86

cd1bf595dab04ac969f2c408911f25e1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CloseHandle
CreateFileW
DecodePointer
DeleteCriticalSection
EncodePointer
EnterCriticalSection
ExitProcess
FlushFileBuffers
FreeEnvironmentStringsW
GetACP
GetCommandLineA
GetConsoleCP
GetConsoleMode
GetCPInfo
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetEnvironmentStringsW
GetFileType
GetLastError
GetModuleFileNameA
GetModuleFileNameW
GetModuleHandleExW
GetModuleHandleW
GetOEMCP
GetProcAddress
GetProcessHeap
GetStartupInfoW
GetStdHandle
GetStringTypeW
GetSystemTimeAsFileTime
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
InitializeCriticalSectionAndSpinCount
IsDebuggerPresent
IsProcessorFeaturePresent
IsValidCodePage
LCMapStringW
LeaveCriticalSection
LoadLibraryExW
MultiByteToWideChar
OutputDebugStringW
QueryPerformanceCounter
RaiseException
RtlUnwind
SetFilePointerEx
SetLastError
SetStdHandle
SetUnhandledExceptionFilter
Sleep
TerminateProcess
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
UnhandledExceptionFilter
VirtualProtect
WideCharToMultiByte
WriteConsoleW
WriteFile

Sections

.text
Size: 119KB - Virtual size: 118KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2.0MB - Virtual size: 2.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.11.06_Volexity-OceanLotus_Fake_Websites/README.md
Malware-Feed-master/2020.11.06_Volexity-OceanLotus_Fake_Websites/cbca9a92a6aa067ff4cab8f1d34ec49ffc9a06c90881f48da369c973182ce06d
.dll windows:5 windows x86 arch:x86

44d309e36559224e3a1493ec79ab73cc

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

FindClose
MoveFileA
FindNextFileA
VirtualProtect
DeleteProcThreadAttributeList
HeapAlloc
UpdateProcThreadAttribute
HeapFree
GetProcessHeap
CreateRemoteThread
VirtualAlloc
VirtualAllocEx
LoadLibraryA
ProcessIdToSessionId
DuplicateHandle
InitializeProcThreadAttributeList
GetCurrentProcessId
CreateThread

FreeLibrary
VirtualFree
Thread32First
Thread32Next
SetLastError
OpenThread
CreateToolhelp32Snapshot
GetVersionExA
SuspendThread
PeekNamedPipe
WaitNamedPipeA
SetNamedPipeHandleState
LocalAlloc
LocalFree
GetComputerNameA
GetACP
CopyFileA
Process32First
Process32Next
ExitProcess
FindFirstFileA
FileTimeToSystemTime
GetFileAttributesA
ExpandEnvironmentStringsA
GetLogicalDrives
SystemTimeToTzSpecificLocalTime
GetFullPathNameA
ResumeThread
WriteProcessMemory
VirtualProtectEx
TerminateProcess
CreateProcessA
ReadProcessMemory
GetThreadContext
GetModuleHandleA
CreateNamedPipeA
GetProcAddress
ReadFile
GetCurrentThread
ConnectNamedPipe
GetCurrentProcess
CloseHandle
GetFileTime
GetCurrentDirectoryA
CreatePipe
GetLocalTime
GetCurrentDirectoryW
GetLastError
GetStartupInfoA
SetCurrentDirectoryA
FlushFileBuffers
DisconnectNamedPipe
MultiByteToWideChar
VirtualQuery
GetModuleFileNameW
DebugBreak
RaiseException
SetEnvironmentVariableW
OpenProcess
WriteFile
SetFileTime
SetEnvironmentVariableA
CompareStringW
CompareStringA
SetEndOfFile
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
SetStdHandle
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetLocaleInfoA
HeapSize
IsValidCodePage
GetCPInfo
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetTickCount
WaitForSingleObject
CreateFileA
Sleep
GetOEMCP
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetModuleHandleW
DeleteFileA
CreateDirectoryA
RemoveDirectoryA
GetCurrentThreadId
GetCommandLineA
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapCreate
HeapDestroy
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
HeapReAlloc
GetStdHandle
GetModuleFileNameA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
InterlockedDecrement
InitializeCriticalSectionAndSpinCount
RtlUnwind
WideCharToMultiByte
GetConsoleCP
GetConsoleMode
SetHandleCount
GetFileType
SetFilePointer

advapi32

RegOpenCurrentUser
OpenProcessToken
CreateProcessWithLogonW
DeleteService
CreateServiceA
CryptReleaseContext
CryptAcquireContextA
CryptGenRandom
LogonUserA
CheckTokenMembership
FreeSid
RevertToSelf
AllocateAndInitializeSid
DuplicateTokenEx
LookupAccountSidA
GetTokenInformation
RegCloseKey
RegEnumKeyA
RegEnumValueA
CloseServiceHandle
RegOpenKeyExA
GetUserNameA
CreateProcessWithTokenW
CreateProcessAsUserA
AdjustTokenPrivileges
ControlService
QueryServiceStatusEx
ImpersonateNamedPipeClient
ImpersonateLoggedOnUser
LookupPrivilegeValueA
OpenThreadToken
OpenServiceA
OpenSCManagerA
QueryServiceStatus
StartServiceA

wininet

InternetConnectA
InternetQueryDataAvailable
InternetReadFile
InternetSetOptionA
HttpOpenRequestA
HttpSendRequestA
InternetOpenA
InternetCloseHandle
InternetQueryOptionA
HttpQueryInfoA

ws2_32

connect
htons
socket
closesocket
ntohs
gethostname
inet_ntoa
WSAStartup
WSACleanup
gethostbyname
htonl
ntohl
recv
shutdown
WSAGetLastError
ioctlsocket
accept
listen
__WSAFDIsSet
bind
select
send

dnsapi

DnsFree
DnsQuery_A

iphlpapi

GetIfEntry
GetIpAddrTable

secur32

LsaCallAuthenticationPackage
LsaConnectUntrusted
LsaLookupAuthenticationPackage

Exports

Exports

_ReflectiveLoader@4

Sections

.text
Size: 149KB - Virtual size: 148KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 40KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.11.08_FireEye-Solarwinds-Hack/019085a76ba7126fff22770d71bd901c325fc68ac55aa743327984e89f4b0134
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Code Sign

0f:e9:73:75:20:22:a6:06:ad:f2:a3:6e:34:5d:c0:ed
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

21-01-2020 00:00

Not After

20-01-2023 23:59

Subject

CN=Solarwinds Worldwide\, LLC,O=Solarwinds Worldwide\, LLC,L=Austin,ST=Texas,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10-12-2013 00:00

Not After

09-12-2023 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:cd:3f:85:68:ae:76:c6:1b:b0:fe:71:60:cc:a7:6d
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-10-2019 00:00

Not After

17-10-2030 00:00

Subject

CN=TIMESTAMP-SHA256-2019-10-15,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07-01-2016 12:00

Not After

07-01-2031 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0f:14:86:89:a0:57:30:5c:a7:70:8a:79:a0:92:f6:57:66:d6:d2:11:cb:b8:be:28:46:f6:17:00:96:4a:c0:d4
Signer

Actual PE Digest

0f:14:86:89:a0:57:30:5c:a7:70:8a:79:a0:92:f6:57:66:d6:d2:11:cb:b8:be:28:46:f6:17:00:96:4a:c0:d4

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\buildAgent\temp\buildTmp\Obj\SolarWinds.Orion.Core.BusinessLayer\Release\SolarWinds.Orion.Core.BusinessLayer.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 994KB - Virtual size: 994KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.11.08_FireEye-Solarwinds-Hack/0340043481091d92dcfb2c498aad3c0afca2fd208ef896f65af790cc147f8891
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 206KB - Virtual size: 206KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.11.08_FireEye-Solarwinds-Hack/078403b4e89ff06d2fe2ed7e75428a381f83ffb708dbd01b0220767498947f0c
.dll regsvr32 windows:4 windows x86 arch:x86

03fc9fe3d2cf480c5dd9003437ae9b2b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

kernel32

CreateProcessA
CreateThread
DeleteCriticalSection
EnterCriticalSection
FreeLibrary
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetEnvironmentVariableA
GetLastError
GetModuleHandleA
GetProcAddress
GetSystemTimeAsFileTime
GetThreadContext
GetTickCount
GetVersionExA
InitializeCriticalSection
LeaveCriticalSection
LoadLibraryA
LoadLibraryW
QueryPerformanceCounter
ResumeThread
SetThreadContext
SetUnhandledExceptionFilter
Sleep
TerminateProcess
TlsGetValue
UnhandledExceptionFilter
VirtualAllocEx
VirtualProtect
VirtualProtectEx
VirtualQuery
WriteProcessMemory

msvcrt

__dllonexit
_amsg_exit
_initterm
_iob
_lock
_onexit
_snprintf
_unlock
_winmajor
abort
calloc
exit
free
fwrite
malloc
memcpy
strlen
strncmp
vfprintf

Exports

Exports

DllGetClassObject
DllMain
DllRegisterServer
DllUnregisterServer
StartW

Sections

.text
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 416B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 984B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 44B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.11.08_FireEye-Solarwinds-Hack/1cf5710e500a423b84b51fa3afdd923fe0a8255c5817d3238175623e2ebbfad9
.dll windows:4 windows x64 arch:x64

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\Users\koolsniper\Desktop\DueDLLigence-master2\DueDLLigence-master2\DuDLLignce-master\DueDLLigence\bin\Debug\DuDLLignce.pdb

Imports

mscoree

_CorDllMain

Exports

Exports

CPlApplet
DllUnregisterServer

Sections

.text
Size: 685KB - Virtual size: 684KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.sdata
Size: 512B - Virtual size: 122B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 896B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.11.08_FireEye-Solarwinds-Hack/25e755c8957163376b3437ce808843c1c2598e0fb3c5f31dc958576cd5cde63e
.dll regsvr32 windows:4 windows x86 arch:x86

b2607893c818a51f872e2e80df1c0f98

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

kernel32

CreateThread
DeleteCriticalSection
EnterCriticalSection
FreeLibrary
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetLastError
GetModuleHandleA
GetProcAddress
GetSystemTimeAsFileTime
GetTickCount
InitializeCriticalSection
LeaveCriticalSection
LoadLibraryA
LoadLibraryW
QueryPerformanceCounter
SetUnhandledExceptionFilter
Sleep
TerminateProcess
TlsGetValue
UnhandledExceptionFilter
VirtualAlloc
VirtualProtect
VirtualQuery

msvcrt

__dllonexit
_amsg_exit
_initterm
_iob
_lock
_onexit
_unlock
_winmajor
abort
calloc
free
fwrite
malloc
memcpy
strlen
strncmp
vfprintf

Exports

Exports

DllGetClassObject
DllMain
DllRegisterServer
DllUnregisterServer
StartW

Sections

.text
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 380B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 984B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 44B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.11.08_FireEye-Solarwinds-Hack/32519b85c0b422e4656de6e6c41878e95fd95026267daab4215ee59c107d6c77
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Code Sign

0f:e9:73:75:20:22:a6:06:ad:f2:a3:6e:34:5d:c0:ed
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

21-01-2020 00:00

Not After

20-01-2023 23:59

Subject

CN=Solarwinds Worldwide\, LLC,O=Solarwinds Worldwide\, LLC,L=Austin,ST=Texas,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10-12-2013 00:00

Not After

09-12-2023 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12-01-2016 00:00

Not After

11-01-2031 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23-12-2017 00:00

Not After

22-03-2029 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

81:43:fa:cd:39:be:94:39:0f:aa:10:5f:58:1d:0a:c6:c8:d7:fe:54:f3:5d:e2:10:58:1c:79:b5:e6:8f:ac:46
Signer

Actual PE Digest

81:43:fa:cd:39:be:94:39:0f:aa:10:5f:58:1d:0a:c6:c8:d7:fe:54:f3:5d:e2:10:58:1c:79:b5:e6:8f:ac:46

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\buildAgent\temp\buildTmp\Obj\SolarWinds.Orion.Core.BusinessLayer\Release\SolarWinds.Orion.Core.BusinessLayer.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 978KB - Virtual size: 977KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.11.08_FireEye-Solarwinds-Hack/69f998bd67a5dbfd79bcc44f0cf2284ed61fac9bfaba3d3b4dfb19a57baa29c5
.doc windows office2003

ThisDocument

kashForm

Module1

UserShiForm
Malware-Feed-master/2020.11.08_FireEye-Solarwinds-Hack/82cce26c60a5105e6caf5ac92eabb3dedcd883cd075f2056f27b0ec58aefaaa6
.exe windows:4 windows x64 arch:x64

5dd67b107089ec6c24d1bd76a1cf9592

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

CreateThread
DeleteCriticalSection
EnterCriticalSection
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetLastError
GetModuleFileNameA
GetModuleHandleA
GetProcAddress
GetStartupInfoA
GetSystemTimeAsFileTime
GetTickCount
InitializeCriticalSection
LeaveCriticalSection
LoadLibraryW
QueryPerformanceCounter
RtlAddFunctionTable
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
SetUnhandledExceptionFilter
Sleep
TerminateProcess
TlsGetValue
UnhandledExceptionFilter
VirtualAlloc
VirtualProtect
VirtualQuery

msvcrt

__C_specific_handler
__dllonexit
__getmainargs
__initenv
__iob_func
__lconv_init
__set_app_type
__setusermatherr
_acmdln
_amsg_exit
_cexit
_fmode
_initterm
_lock
_onexit
_unlock
abort
calloc
exit
fclose
fopen
fprintf
fread
free
fsetpos
fwrite
malloc
memcpy
signal
strlen
strncmp
vfprintf

Sections

.text
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 1024B - Virtual size: 688B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 1024B - Virtual size: 576B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 1024B - Virtual size: 516B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 104B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 72B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Malware-Feed-master/2020.11.08_FireEye-Solarwinds-Hack/README.md
Malware-Feed-master/2020.11.08_FireEye-Solarwinds-Hack/a022820a62198fa3e3b89749b38db1cc3a09136524682fb99a3ce36652725065
.exe windows:1 windows x86 arch:x86

ce5fc3ebc628d69d07f4f65a677d3a16

Code Sign

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22-10-2013 12:00

Not After

22-10-2028 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

04:e7:49:06:78:3a:e6:5f:54:37:fd:55:45:66:5f:e5
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07-08-2018 00:00

Not After

11-08-2021 12:00

Subject

CN=D Language Foundation,O=D Language Foundation,L=Kirkland,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:cd:3f:85:68:ae:76:c6:1b:b0:fe:71:60:cc:a7:6d
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-10-2019 00:00

Not After

17-10-2030 00:00

Subject

CN=TIMESTAMP-SHA256-2019-10-15,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07-01-2016 12:00

Not After

07-01-2031 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:19:c5:09:2a:18:bf:58:a1:df:85:d3:d0:5e:15:ce:62:73:ec:f0:42:70:fd:d5:4e:dc:47:1b:b2:b1:de:4f
Signer

Actual PE Digest

07:19:c5:09:2a:18:bf:58:a1:df:85:d3:d0:5e:15:ce:62:73:ec:f0:42:70:fd:d5:4e:dc:47:1b:b2:b1:de:4f

Digest Algorithm

sha256

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

WriteConsoleA
GetACP
GetOEMCP
GetCPInfo
FindFirstFileA
FileTimeToDosDateTime
FindNextFileA
ReadFile
GetFileType
GetStringTypeA
CreateFileA
GlobalAlloc
GlobalFree
GetTickCount
GetProcessHeap
UnhandledExceptionFilter
ExitProcess
GetModuleFileNameA
SetConsoleCtrlHandler
LCMapStringA
FreeEnvironmentStringsA
GetVersion
GetEnvironmentStrings
CreateThread
ExitThread
SetHandleCount
DeleteFileA
HeapReAlloc
HeapAlloc
HeapFree
GetCommandLineA
VerifyVersionInfoW
VerSetConditionMask
FreeLibraryAndExitThread
GetThreadContext
SuspendThread
GetModuleHandleExW
TerminateThread
OpenThread
CreateEventW
VirtualAlloc
GlobalMemoryStatus
VirtualFree
SetEvent
GetEnvironmentVariableA
RtlCaptureContext
Sleep
LoadLibraryA
ExpandEnvironmentStringsW
lstrlenW
GetModuleHandleA
DuplicateHandle
GetCurrentProcess
GetCurrentThread
GetCurrentThreadId
SwitchToThread
RemoveDirectoryW
GetConsoleOutputCP
FreeLibrary
GetProcAddress
LoadLibraryW
GetConsoleScreenBufferInfo
MultiByteToWideChar
FormatMessageW
GetExitCodeThread
GetSystemInfo
IsDebuggerPresent
QueryPerformanceFrequency
QueryPerformanceCounter
FindFirstFileW
FindNextFileW
FindClose
CreateSemaphoreA
ReleaseSemaphore
ResumeThread
InitializeCriticalSection
CreateProcessW
GetStdHandle
GetHandleInformation
SetHandleInformation
GetExitCodeProcess
WaitForSingleObject
SystemTimeToTzSpecificLocalTime
TzSpecificLocalTimeToSystemTime
CreateDirectoryW
RaiseException
UnlockFileEx
LockFileEx
RtlUnwind
CloseHandle
WriteFile
SetFilePointer
CreateFileW
MoveFileExW
DeleteFileW
GetModuleFileNameW
LocalFree
WideCharToMultiByte
GetCommandLineW
GetCurrentDirectoryW
SetLastError
GetEnvironmentVariableW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
TryEnterCriticalSection
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
GetTimeZoneInformation
GetCurrentProcessId
GetTempPathW
GetFileAttributesW
GetFileAttributesExW
GetLastError
GetSystemTimeAsFileTime

advapi32

RegEnumValueW
RegEnumKeyExW
RegDeleteValueW
RegFlushKey
RegQueryInfoKeyW
RegDeleteKeyW
RegQueryValueExW
RegSetValueExW
RegOpenKeyW
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey

shell32

ShellExecuteW
CommandLineToArgvW

user32

MessageBoxA

Sections

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

TPB
Size: 627KB - Virtual size: 627KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.tls
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT$XIA
Size: 298KB - Virtual size: 312KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.debug
Size: 28B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Malware-Feed-master/2020.11.08_FireEye-Solarwinds-Hack/a25cadd48d70f6ea0c4a241d99c5241269e6faccb4054e62d16784640f8e53bc
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Code Sign

75:85:49:70:c4:61:7a:00:2a:cc:ca:dc:b3:9b:34:7c
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

06-02-2019 00:00

Not After

06-02-2020 23:59

Subject

CN=Solarwinds Worldwide\, LLC,O=Solarwinds Worldwide\, LLC,L=Austin,ST=Texas,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10-12-2013 00:00

Not After

09-12-2023 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12-01-2016 00:00

Not After

11-01-2031 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23-12-2017 00:00

Not After

22-03-2029 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

75:7d:b7:24:de:57:56:7b:ff:91:04:d5:2e:23:ae:67:21:0c:9c:19:85:5a:4e:f1:2c:ff:45:14:51:b6:e3:42
Signer

Actual PE Digest

75:7d:b7:24:de:57:56:7b:ff:91:04:d5:2e:23:ae:67:21:0c:9c:19:85:5a:4e:f1:2c:ff:45:14:51:b6:e3:42

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\buildAgent\temp\buildTmp\Obj\SolarWinds.Orion.Core.BusinessLayer\Release\SolarWinds.Orion.Core.BusinessLayer.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 903KB - Virtual size: 902KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.11.08_FireEye-Solarwinds-Hack/b6ef03aec5d10e371f0b06c661036d838ef55fa7dc75cf91fca3622bdefa8140
.exe windows:4 windows x86 arch:x86

c0bb820e02ba77159960501085261c26

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

advapi32

RegisterServiceCtrlHandlerA
SetServiceStatus
StartServiceCtrlDispatcherA

kernel32

CreateProcessA
DeleteCriticalSection
EnterCriticalSection
ExitProcess
FreeLibrary
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetEnvironmentVariableA
GetLastError
GetModuleFileNameA
GetModuleHandleA
GetProcAddress
GetStartupInfoA
GetSystemTimeAsFileTime
GetThreadContext
GetTickCount
InitializeCriticalSection
LeaveCriticalSection
LoadLibraryA
LoadLibraryW
QueryPerformanceCounter
ResumeThread
SetThreadContext
SetUnhandledExceptionFilter
Sleep
TerminateProcess
TlsGetValue
UnhandledExceptionFilter
VirtualAllocEx
VirtualProtect
VirtualProtectEx
VirtualQuery
WriteProcessMemory

msvcrt

__dllonexit
__getmainargs
__initenv
__lconv_init
__set_app_type
__setusermatherr
_acmdln
_amsg_exit
_cexit
_fmode
_initterm
_iob
_lock
_onexit
_snprintf
_unlock
_winmajor
abort
calloc
exit
fclose
fopen
fprintf
fread
free
fsetpos
fwrite
malloc
memcpy
signal
strlen
strncmp
vfprintf

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 1024B - Virtual size: 772B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 52B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Malware-Feed-master/2020.11.08_FireEye-Solarwinds-Hack/c0621954bd329b5cabe45e92b31053627c27fa40853beb2cce2734fa677ffd93
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\SharpView\SharpView\obj\Release\SharpView.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 716KB - Virtual size: 716KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.11.08_FireEye-Solarwinds-Hack/c15abaf51e78ca56c0376522d699c978217bf041a3bd3c71d09193efa5717c71
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

mscoree

_CorDllMain

Sections

.text
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 796B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.11.08_FireEye-Solarwinds-Hack/ce77d116a074dab7a22a0fd4f2c1ab475f16eec42e1ded3c0b0aa8211fe858d6
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Code Sign

0f:e9:73:75:20:22:a6:06:ad:f2:a3:6e:34:5d:c0:ed
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

21-01-2020 00:00

Not After

20-01-2023 23:59

Subject

CN=Solarwinds Worldwide\, LLC,O=Solarwinds Worldwide\, LLC,L=Austin,ST=Texas,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10-12-2013 00:00

Not After

09-12-2023 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:cd:3f:85:68:ae:76:c6:1b:b0:fe:71:60:cc:a7:6d
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-10-2019 00:00

Not After

17-10-2030 00:00

Subject

CN=TIMESTAMP-SHA256-2019-10-15,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07-01-2016 12:00

Not After

07-01-2031 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

29:3c:e1:8d:0d:fe:26:f1:d3:85:c0:93:a1:08:cd:81:b1:03:d5:1c:8e:2b:5c:1f:e3:42:48:1a:dd:55:01:e8
Signer

Actual PE Digest

29:3c:e1:8d:0d:fe:26:f1:d3:85:c0:93:a1:08:cd:81:b1:03:d5:1c:8e:2b:5c:1f:e3:42:48:1a:dd:55:01:e8

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\buildAgent\temp\buildTmp\Obj\SolarWinds.Orion.Core.BusinessLayer\Release\SolarWinds.Orion.Core.BusinessLayer.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 994KB - Virtual size: 994KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.11.08_FireEye-Solarwinds-Hack/d3c6785e18fba3749fb785bc313cf8346182f532c59172b69adfb31b96a5d0af
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

75:85:49:70:c4:61:7a:00:2a:cc:ca:dc:b3:9b:34:7c
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

06-02-2019 00:00

Not After

06-02-2020 23:59

Subject

CN=Solarwinds Worldwide\, LLC,O=Solarwinds Worldwide\, LLC,L=Austin,ST=Texas,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10-12-2013 00:00

Not After

09-12-2023 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

75:85:49:70:c4:61:7a:00:2a:cc:ca:dc:b3:9b:34:7c
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

06-02-2019 00:00

Not After

06-02-2020 23:59

Subject

CN=Solarwinds Worldwide\, LLC,O=Solarwinds Worldwide\, LLC,L=Austin,ST=Texas,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10-12-2013 00:00

Not After

09-12-2023 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12-01-2016 00:00

Not After

11-01-2031 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23-12-2017 00:00

Not After

22-03-2029 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

75:7d:b7:24:de:57:56:7b:ff:91:04:d5:2e:23:ae:67:21:0c:9c:19:85:5a:4e:f1:2c:ff:45:14:51:b6:e3:42
Signer

Actual PE Digest

75:7d:b7:24:de:57:56:7b:ff:91:04:d5:2e:23:ae:67:21:0c:9c:19:85:5a:4e:f1:2c:ff:45:14:51:b6:e3:42

Digest Algorithm

sha256

PE Digest Matches

true

ff:89:ac:9f:e2:ca:40:23:4c:f9:ec:ff:3f:c8:88:44:d5:ec:b3:f7
Signer

Actual PE Digest

ff:89:ac:9f:e2:ca:40:23:4c:f9:ec:ff:3f:c8:88:44:d5:ec:b3:f7

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\buildAgent\temp\buildTmp\Obj\SolarWinds.Orion.Core.BusinessLayer\Release\SolarWinds.Orion.Core.BusinessLayer.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 903KB - Virtual size: 902KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.11.08_FireEye-Solarwinds-Hack/d9882283ee2dc487c2a5fb97f8067051c259c4721cd4aea8c435302fe6b274c4
.dll regsvr32 windows:4 windows x64 arch:x64

b5c8d1595b2c394dd1fbf13e5449635c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

kernel32

CreateProcessA
CreateRemoteThread
CreateThread
DeleteCriticalSection
EnterCriticalSection
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetEnvironmentVariableA
GetLastError
GetModuleHandleA
GetSystemTimeAsFileTime
GetTickCount
GetVersionExA
InitializeCriticalSection
LeaveCriticalSection
LoadLibraryW
QueryPerformanceCounter
RtlAddFunctionTable
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
SetUnhandledExceptionFilter
Sleep
TerminateProcess
TlsGetValue
UnhandledExceptionFilter
VirtualAllocEx
VirtualProtect
VirtualProtectEx
VirtualQuery
WriteProcessMemory

msvcrt

__dllonexit
__iob_func
_amsg_exit
_initterm
_lock
_onexit
_snprintf
_unlock
abort
calloc
exit
free
fwrite
malloc
memcpy
signal
strlen
strncmp
vfprintf

user32

PeekMessageA
PostThreadMessageA

Exports

Exports

DllGetClassObject
DllMain
DllRegisterServer
DllUnregisterServer
StartW

Sections

.text
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 368B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 1024B - Virtual size: 600B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 512B - Virtual size: 492B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 88B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 72B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 708B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.11.08_FireEye-Solarwinds-Hack/efb533249f71ea6ebfb6418bb67c94e8fbd5f2a26cbd82ef8ec1d30c0c90c6c1
.dll windows:6 windows x64 arch:x64

a4f8184a33fb394de6df39ab5d91182e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

D:\development\Excavator\x64\Release\Excavator-Reflector.pdb

Imports

kernel32

GetLastError
PssFreeSnapshot
CloseHandle
K32GetModuleFileNameExA
ExitProcess
PssCaptureSnapshot
WriteConsoleW
GetModuleHandleA
CreateFileW
GetProcessId
GetProcAddress
GetCurrentProcess
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
RtlUnwindEx
InterlockedFlushSList
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
RaiseException
GetModuleHandleExW
GetModuleFileNameW
HeapAlloc
HeapFree
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
MultiByteToWideChar
WideCharToMultiByte
GetEnvironmentStringsW
FreeEnvironmentStringsW
LCMapStringW
GetProcessHeap
GetStdHandle
GetFileType
GetStringTypeW
HeapSize
HeapReAlloc
SetStdHandle
FlushFileBuffers
WriteFile
GetConsoleCP
GetConsoleMode
SetFilePointerEx

advapi32

AdjustTokenPrivileges
OpenProcessToken
GetTokenInformation
LookupPrivilegeValueW

dbghelp

MiniDumpWriteDump

Exports

Exports

HcB3

Sections

.text
Size: 46KB - Virtual size: 46KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 148B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.11.12_BlackBerry-CostaRicto/130fa726df5a58e9334cc28dc62e3ebaa0b7c0d637fce1a66daff66ee05a9437
.exe windows:5 windows x86 arch:x86

a90231d788705a5d692b2ed7d9981323

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCurrentProcess
VirtualAlloc
VirtualFree
LoadLibraryA
GetProcAddress
ExitProcess
ReadFile
GetStdHandle
WriteFile
CreatePipe
DuplicateHandle
OpenProcess
CreateToolhelp32Snapshot
GetLastError
Process32NextW
Process32FirstW
CloseHandle
IsWow64Process
CreateFileW
GetModuleHandleW
GetCurrentThreadId
GetCurrentProcessId
HeapSize
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
GetSystemTimeAsFileTime
InitializeSListHead
WideCharToMultiByte
FindClose
SetLastError
MultiByteToWideChar
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
SwitchToThread
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
EncodePointer
DecodePointer
LCMapStringW
GetLocaleInfoW
GetStringTypeW
GetCPInfo
RaiseException
RtlUnwind
FreeLibrary
LoadLibraryExW
GetModuleHandleExW
GetModuleFileNameA
GetACP
HeapAlloc
HeapFree
GetFileType
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
FlushFileBuffers
GetConsoleCP
GetConsoleMode
ReadConsoleW
SetFilePointerEx
FindFirstFileExA
FindNextFileA
IsValidCodePage
GetOEMCP
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetProcessHeap
SetStdHandle
HeapReAlloc
WriteConsoleW

Sections

.text
Size: 380KB - Virtual size: 380KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 78KB - Virtual size: 78KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.11.12_BlackBerry-CostaRicto/561bf3f3db67996ce81d98f1df91bfa28fb5fc8472ed64606ef8427a97fd8cdd
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 176KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

UPX1
Size: 125KB - Virtual size: 128KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Malware-Feed-master/2020.11.12_BlackBerry-CostaRicto/6df8271ae0380737734b2dd6d46d0db3a30ba35d7379710a9fb05d1510495b49
.exe windows:5 windows x86 arch:x86

17b41841c6cdd72150edaddea0a7329f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrlenA
CreateFileW
WriteConsoleW
SetFilePointerEx
HeapReAlloc
HeapSize
GetConsoleMode
GetConsoleCP
FlushFileBuffers
SetStdHandle
CloseHandle
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
RtlUnwind
RaiseException
GetLastError
SetLastError
EncodePointer
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
ExitProcess
GetModuleHandleExW
GetModuleFileNameA
MultiByteToWideChar
WideCharToMultiByte
GetStdHandle
WriteFile
GetCommandLineA
GetCommandLineW
GetACP
HeapAlloc
HeapFree
CompareStringW
LCMapStringW
GetFileType
GetStringTypeW
FindClose
FindFirstFileExA
FindNextFileA
IsValidCodePage
GetOEMCP
GetCPInfo
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
GetProcessHeap
DecodePointer

ws2_32

closesocket
WSAGetLastError
recv
connect
inet_ntoa
WSACleanup
setsockopt
socket
WSAStartup
send
gethostbyname
htons

Sections

.text
Size: 76KB - Virtual size: 75KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 10.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.11.12_BlackBerry-CostaRicto/70d63029c65c21c4681779e1968b88dc6923f92408fe5c7e9ca6cb86d7ba713a
Malware-Feed-master/2020.11.12_BlackBerry-CostaRicto/7424d6daab8407e85285709dd27b8cce7c633d3d4a39050883ad9d82b85198bf
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 180KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 50KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 108KB - Virtual size: 112KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Malware-Feed-master/2020.11.12_BlackBerry-CostaRicto/79009ee869cec789a3d2735e0a81a546b33e320ee6ae950ba236a9f417ebf763
.exe windows:5 windows x64 arch:x64

d869a26fb0a1dde3f655463da3f0c59f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Projects\Sombra\_Bin\x64\Release\Sombra.pdb

Imports

kernel32

GetLastError
LoadLibraryA
LoadLibraryW
GetLocalTime
GetProcAddress
DeleteCriticalSection
ExitProcess
GetComputerNameW
GetCurrentProcessId
FreeLibrary
GetEnvironmentStringsW
GetProcessHandleCount
CreateTimerQueueTimer
GetQueuedCompletionStatus
PostQueuedCompletionStatus
SleepEx
DeleteTimerQueueTimer
CreateIoCompletionPort
TerminateProcess
SetErrorMode
GetModuleHandleExA
GetTempPathW
OpenProcess
CreateToolhelp32Snapshot
Process32NextW
DeleteFileW
Process32FirstW
SetFilePointerEx
GetFileSize
GetModuleHandleW
WideCharToMultiByte
lstrcmpiW
SetUnhandledExceptionFilter
FlushFileBuffers
FindClose
MultiByteToWideChar
QueryPerformanceCounter
HeapSize
WriteConsoleW
SetStdHandle
Sleep
GetModuleHandleA
FreeEnvironmentStringsW
GetVersionExW
InitializeCriticalSection
LeaveCriticalSection
GetModuleFileNameW
lstrlenW
EnterCriticalSection
VirtualProtect
ReadFile
GetTickCount
SystemTimeToFileTime
CloseHandle
CreateFileW
WriteFile
GetCurrentProcess
GetFileSizeEx
SetEndOfFile
GetProcessHeap
GetCommandLineW
GetCommandLineA
GetCPInfo
GetOEMCP
IsValidCodePage
FindNextFileA
FindFirstFileExA
GetConsoleCP
GetConsoleMode
LCMapStringW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
RtlUnwindEx
RtlPcToFileHeader
RaiseException
SetLastError
EncodePointer
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
GetModuleHandleExW
GetModuleFileNameA
GetStdHandle
GetACP
HeapFree
HeapAlloc
GetFileType
GetStringTypeW
HeapReAlloc

advapi32

CryptGenRandom
CryptImportKey
SetServiceStatus
CreateWellKnownSid
RegisterServiceCtrlHandlerW
OpenProcessToken
CheckTokenMembership
StartServiceCtrlDispatcherW
GetTokenInformation
CryptDestroyKey
RegCloseKey
CryptGetKeyParam
CryptAcquireContextW
CryptEncrypt
CryptDuplicateKey
CryptDecrypt
CryptExportKey
CryptDestroyHash
CryptSetKeyParam
GetUserNameW
CryptGenKey
CryptReleaseContext

shlwapi

PathFindFileNameW
PathFileExistsW

ws2_32

WSASocketW
closesocket
WSARecv
setsockopt
gethostbyname
inet_addr
htonl
htons
WSAIoctl
bind
WSACleanup
WSAGetLastError
WSASend
WSAStartup

secur32

FreeContextBuffer
DeleteSecurityContext
FreeCredentialsHandle

Sections

.text
Size: 458KB - Virtual size: 457KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 162KB - Virtual size: 161KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 38KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.11.12_BlackBerry-CostaRicto/8062e1582525534b9c52c5d9a38d6b012746484a2714a14febe2d07af02c32d5
.exe windows:5 windows x86 arch:x86

a90231d788705a5d692b2ed7d9981323

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCurrentProcess
VirtualAlloc
VirtualFree
LoadLibraryA
GetProcAddress
ExitProcess
ReadFile
GetStdHandle
WriteFile
CreatePipe
DuplicateHandle
OpenProcess
CreateToolhelp32Snapshot
GetLastError
Process32NextW
Process32FirstW
CloseHandle
IsWow64Process
CreateFileW
GetModuleHandleW
GetCurrentThreadId
GetCurrentProcessId
HeapSize
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
GetSystemTimeAsFileTime
InitializeSListHead
WideCharToMultiByte
FindClose
SetLastError
MultiByteToWideChar
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
SwitchToThread
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
EncodePointer
DecodePointer
LCMapStringW
GetLocaleInfoW
GetStringTypeW
GetCPInfo
RaiseException
RtlUnwind
FreeLibrary
LoadLibraryExW
GetModuleHandleExW
GetModuleFileNameA
GetACP
HeapAlloc
HeapFree
GetFileType
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
FlushFileBuffers
GetConsoleCP
GetConsoleMode
ReadConsoleW
SetFilePointerEx
FindFirstFileExA
FindNextFileA
IsValidCodePage
GetOEMCP
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetProcessHeap
SetStdHandle
HeapReAlloc
WriteConsoleW

Sections

.text
Size: 380KB - Virtual size: 380KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 78KB - Virtual size: 78KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.11.12_BlackBerry-CostaRicto/8323094c43fcd2da44f60b46f043f7ca4ad6a2106b6561598e94008ece46168b
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 174KB - Virtual size: 174KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 60KB - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 34KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.11.12_BlackBerry-CostaRicto/README.md
Malware-Feed-master/2020.11.12_BlackBerry-CostaRicto/c0db3dadf2e270240bb5cad8a652e5e11e3afe41b8ee106d67d47b06f5163261
.exe windows:5 windows x86 arch:x86

17b41841c6cdd72150edaddea0a7329f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrlenA
CreateFileW
WriteConsoleW
SetFilePointerEx
HeapReAlloc
HeapSize
GetConsoleMode
GetConsoleCP
FlushFileBuffers
SetStdHandle
CloseHandle
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
RtlUnwind
RaiseException
GetLastError
SetLastError
EncodePointer
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
ExitProcess
GetModuleHandleExW
GetModuleFileNameA
MultiByteToWideChar
WideCharToMultiByte
GetStdHandle
WriteFile
GetCommandLineA
GetCommandLineW
GetACP
HeapAlloc
HeapFree
CompareStringW
LCMapStringW
GetFileType
GetStringTypeW
FindClose
FindFirstFileExA
FindNextFileA
IsValidCodePage
GetOEMCP
GetCPInfo
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
GetProcessHeap
DecodePointer

ws2_32

closesocket
WSAGetLastError
recv
connect
inet_ntoa
WSACleanup
setsockopt
socket
WSAStartup
send
gethostbyname
htons

Sections

.text
Size: 76KB - Virtual size: 75KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 10.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.11.12_BlackBerry-CostaRicto/d69764b22d1b68aa9462f1f5f0bf18caebbcff4d592083f80dbce39c64890295
.exe windows:5 windows x86 arch:x86

a90231d788705a5d692b2ed7d9981323

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCurrentProcess
VirtualAlloc
VirtualFree
LoadLibraryA
GetProcAddress
ExitProcess
ReadFile
GetStdHandle
WriteFile
CreatePipe
DuplicateHandle
OpenProcess
CreateToolhelp32Snapshot
GetLastError
Process32NextW
Process32FirstW
CloseHandle
IsWow64Process
CreateFileW
GetModuleHandleW
GetCurrentThreadId
GetCurrentProcessId
HeapSize
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
GetSystemTimeAsFileTime
InitializeSListHead
WideCharToMultiByte
FindClose
SetLastError
MultiByteToWideChar
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
SwitchToThread
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
EncodePointer
DecodePointer
LCMapStringW
GetLocaleInfoW
GetStringTypeW
GetCPInfo
RaiseException
RtlUnwind
FreeLibrary
LoadLibraryExW
GetModuleHandleExW
GetModuleFileNameA
GetACP
HeapAlloc
HeapFree
GetFileType
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
FlushFileBuffers
GetConsoleCP
GetConsoleMode
ReadConsoleW
SetFilePointerEx
FindFirstFileExA
FindNextFileA
IsValidCodePage
GetOEMCP
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetProcessHeap
SetStdHandle
HeapReAlloc
WriteConsoleW

Sections

.text
Size: 382KB - Virtual size: 382KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 78KB - Virtual size: 78KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.11.12_BlackBerry-CostaRicto/d8189ebdec637fc83276654635343fb422672fc5e3e2818df211fb7c878a3155
.exe windows:4 windows x86 arch:x86

829da329ce140d873b4a8bde2cbfaa7e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

CreateThread
DeleteCriticalSection
EnterCriticalSection
FreeLibrary
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetLastError
GetModuleHandleA
GetProcAddress
GetStartupInfoA
GetSystemTimeAsFileTime
GetTickCount
InitializeCriticalSection
LeaveCriticalSection
LoadLibraryA
LoadLibraryW
QueryPerformanceCounter
SetUnhandledExceptionFilter
Sleep
TerminateProcess
TlsGetValue
UnhandledExceptionFilter
VirtualAlloc
VirtualProtect
VirtualQuery

msvcrt

__dllonexit
__getmainargs
__initenv
__lconv_init
__set_app_type
__setusermatherr
_acmdln
_amsg_exit
_cexit
_fmode
_initterm
_iob
_lock
_onexit
_unlock
_winmajor
abort
calloc
exit
fprintf
free
fwrite
malloc
memcpy
signal
strlen
strncmp
vfprintf

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 1024B - Virtual size: 720B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 52B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Malware-Feed-master/2020.11.12_BlackBerry-CostaRicto/ee0f4afee2940bbe895c1f1f60b8967291a2662ac9dca9f07d9edf400d34b58a
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 176KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 125KB - Virtual size: 128KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Malware-Feed-master/2020.11.12_BlackBerry-CostaRicto/f6ecdae3ae4769aaafc8a0faab30cb66dab8c9d3fff27764ff208be7a455125c
.exe windows:5 windows x86 arch:x86

7b11c80b98fe908a246519b33e94d5da

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Wokrflow\CostaRicto\Release\CostaBricks.pdb

Imports

kernel32

GetCurrentProcess
VirtualFree
VirtualAlloc
LoadLibraryA
GetProcAddress
ExitProcess
ReadFile
GetStdHandle
WriteFile
CreatePipe
DuplicateHandle
OpenProcess
CreateToolhelp32Snapshot
GetLastError
Process32NextW
Process32FirstW
CloseHandle
IsWow64Process
CreateFileW
GetModuleHandleW
GetCurrentThreadId
GetCurrentProcessId
HeapSize
WideCharToMultiByte
FindClose
SetLastError
MultiByteToWideChar
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
SwitchToThread
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
EncodePointer
DecodePointer
LCMapStringW
GetLocaleInfoW
GetStringTypeW
GetCPInfo
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
InitializeSListHead
RtlUnwind
RaiseException
FreeLibrary
LoadLibraryExW
GetModuleHandleExW
GetModuleFileNameA
GetACP
HeapFree
HeapAlloc
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetFileType
FlushFileBuffers
GetConsoleCP
GetConsoleMode
ReadConsoleW
SetFilePointerEx
HeapReAlloc
FindFirstFileExA
FindNextFileA
IsValidCodePage
GetOEMCP
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetProcessHeap
SetStdHandle
WriteConsoleW

Sections

.text
Size: 383KB - Virtual size: 382KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 78KB - Virtual size: 78KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.11.12_BlackBerry-CostaRicto/fa74f70baa15561c28c793b189102149d3fb4f24147adc5efbd8656221c0960b
.exe windows:4 windows x64 arch:x64

96c44fa1eee2c4e9b9e77d7bf42d59e6

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Imports

winmm

timeEndPeriod
timeBeginPeriod

ws2_32

WSAGetOverlappedResult

kernel32

WriteFile
WriteConsoleW
WaitForSingleObject
VirtualFree
VirtualAlloc
SwitchToThread
SetWaitableTimer
SetUnhandledExceptionFilter
SetProcessPriorityBoost
SetEvent
SetErrorMode
SetConsoleCtrlHandler
LoadLibraryA
LoadLibraryW
GetSystemInfo
GetStdHandle
GetQueuedCompletionStatus
GetProcessAffinityMask
GetProcAddress
GetEnvironmentStringsW
GetConsoleMode
FreeEnvironmentStringsW
ExitProcess
DuplicateHandle
CreateThread
CreateIoCompletionPort
CreateEventA
CloseHandle
AddVectoredExceptionHandler

Sections

.text
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 82KB - Virtual size: 200KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

/4
Size: 512B - Virtual size: 437B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/18
Size: 91KB - Virtual size: 90KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/30
Size: 103KB - Virtual size: 103KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/43
Size: 46KB - Virtual size: 46KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/59
Size: 59KB - Virtual size: 59KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/75
Size: 512B - Virtual size: 45B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/94
Size: 510KB - Virtual size: 510KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/106
Size: 35KB - Virtual size: 35KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.idata
Size: 1024B - Virtual size: 1022B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.symtab
Size: 175KB - Virtual size: 174KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.11.12_Cisco-CRAT_Lazarus/02c4ba967900b49828985f7b67ebd21daa11b8bc9e4e0b6e5e9fef2de8fdc6d4
.dll windows:6 windows x64 arch:x64

ccb87335a0c972884296455ec2c5fcfe

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

HeapReAlloc
HeapAlloc
HeapFree
GetProcessHeap
WideCharToMultiByte
HeapDestroy
InitializeCriticalSectionEx
RaiseException
GetLastError
HeapSize
DecodePointer
DeleteCriticalSection
FindResourceExW
FindResourceW
LoadResource
SizeofResource
LockResource
MultiByteToWideChar
LoadLibraryW
GetProcAddress
GetEnvironmentVariableW
SetPriorityClass
Sleep
SetThreadPriority
GetShortPathNameW
WaitForSingleObject
GetExitCodeThread
FlushInstructionCache
OutputDebugStringW
CloseHandle
CreateFileW
IsDebuggerPresent
EnterCriticalSection
LeaveCriticalSection
EncodePointer
IsProcessorFeaturePresent
GetSystemTimeAsFileTime
CreateThread
GetCurrentThreadId
ExitThread
LoadLibraryExW
GetCommandLineA
RtlPcToFileHeader
RtlLookupFunctionEntry
RtlUnwindEx
ExitProcess
GetModuleHandleExW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
SetLastError
RtlCaptureContext
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStartupInfoW
GetModuleHandleW
LCMapStringW
GetStdHandle
GetFileType
GetModuleFileNameA
QueryPerformanceCounter
GetCurrentProcessId
GetEnvironmentStringsW
FreeEnvironmentStringsW
WriteFile
GetModuleFileNameW
GetConsoleCP
GetConsoleMode
SetFilePointerEx
GetStringTypeW
SetStdHandle
WriteConsoleW
FlushFileBuffers

Exports

Exports

ExtractMicrosoftWord
GetFileInformationByHandle
GetFileVersionInfoA
GetFileVersionInfoExA
GetFileVersionInfoExW
GetFileVersionInfoSizeA
GetFileVersionInfoSizeExA
GetFileVersionInfoSizeExW
GetFileVersionInfoSizeW
GetFileVersionInfoW
PackImageStore
VerFindFileA
VerFindFileW
VerInstallFileA
VerInstallFileW
VerLanguageNameA
VerLanguageNameW
VerQueryValueA
VerQueryValueW

Sections

.text
Size: 137KB - Virtual size: 136KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 94KB - Virtual size: 94KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.11.12_Cisco-CRAT_Lazarus/0313641c0ed1defa6cb52e787f81eab3de8c0c546b4e157d803aab721fec3dc8
.dll windows:6 windows x64 arch:x64

7fa7013cd1bab174f019ad6e4c4ca167

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

HeapReAlloc
FindResourceExW
FindResourceW
LoadResource
HeapAlloc
HeapFree
GetProcessHeap
WideCharToMultiByte
SizeofResource
HeapDestroy
InitializeCriticalSectionEx
RaiseException
GetLastError
HeapSize
LockResource
DecodePointer
DeleteCriticalSection
MultiByteToWideChar
LoadLibraryW
GetProcAddress
GetEnvironmentVariableW
SetPriorityClass
Sleep
SetThreadPriority
GetShortPathNameW
GetExitCodeThread
FlushInstructionCache
OutputDebugStringW
CloseHandle
CreateFileW
IsDebuggerPresent
EnterCriticalSection
LeaveCriticalSection
EncodePointer
IsProcessorFeaturePresent
GetSystemTimeAsFileTime
CreateThread
GetCurrentThreadId
ExitThread
LoadLibraryExW
GetCommandLineA
RtlPcToFileHeader
RtlLookupFunctionEntry
RtlUnwindEx
ExitProcess
GetModuleHandleExW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
SetLastError
RtlCaptureContext
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStartupInfoW
GetModuleHandleW
LCMapStringW
GetStdHandle
GetFileType
GetModuleFileNameA
QueryPerformanceCounter
GetCurrentProcessId
GetEnvironmentStringsW
FreeEnvironmentStringsW
WriteFile
GetModuleFileNameW
GetConsoleCP
GetConsoleMode
SetFilePointerEx
GetStringTypeW
SetStdHandle
WriteConsoleW
FlushFileBuffers

Exports

Exports

ExtractMicrosoftWord
GetFileInformationByHandle
GetFileVersionInfoA
GetFileVersionInfoExA
GetFileVersionInfoExW
GetFileVersionInfoSizeA
GetFileVersionInfoSizeExA
GetFileVersionInfoSizeExW
GetFileVersionInfoSizeW
GetFileVersionInfoW
PackImageStore
VerFindFileA
VerFindFileW
VerInstallFileA
VerInstallFileW
VerLanguageNameA
VerLanguageNameW
VerQueryValueA
VerQueryValueW

Sections

.text
Size: 122KB - Virtual size: 122KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 94KB - Virtual size: 94KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.11.12_Cisco-CRAT_Lazarus/04c46c55336ac40d567ef0aac98ff8424872b584ea169c1a098ced833dd9bab4
.dll regsvr32 windows:6 windows x64 arch:x64

1a04a5645e25735ab6a06a56bb4d9338

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

HeapReAlloc
FindResourceExW
FindResourceW
LoadResource
HeapAlloc
HeapFree
GetProcessHeap
WideCharToMultiByte
SizeofResource
HeapDestroy
MultiByteToWideChar
InitializeCriticalSectionEx
RaiseException
GetLastError
HeapSize
LockResource
DecodePointer
DeleteCriticalSection
Sleep
LoadLibraryW
GetEnvironmentVariableW
SetPriorityClass
SetThreadPriority
GetShortPathNameW
WaitForSingleObject
GetExitCodeThread
FlushInstructionCache
OutputDebugStringW
IsBadReadPtr
SetLastError
GenerateConsoleCtrlEvent
FreeConsole
AttachConsole
SetConsoleCtrlHandler
GlobalFree
ReadConsoleW
ReadFile
SetEndOfFile
FlushFileBuffers
WriteConsoleW
IsDebuggerPresent
EnterCriticalSection
LeaveCriticalSection
EncodePointer
IsProcessorFeaturePresent
GetSystemTimeAsFileTime
CreateThread
GetCurrentThreadId
ExitThread
GetProcAddress
LoadLibraryExW
GetCommandLineA
ExitProcess
GetModuleHandleExW
GetStdHandle
WriteFile
GetModuleFileNameW
RtlUnwindEx
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
RtlPcToFileHeader
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStartupInfoW
GetModuleHandleW
GetTimeZoneInformation
GetStringTypeW
CompareStringW
LCMapStringW
GetConsoleCP
GetConsoleMode
CloseHandle
GetFileType
GetModuleFileNameA
QueryPerformanceCounter
GetCurrentProcessId
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetFilePointerEx
CreateFileW
SetStdHandle
SetEnvironmentVariableA

shlwapi

StrStrIW
PathFindFileNameW

Exports

Exports

DllRegisterServer
ExtractMicrosoftEdge
PackImageStore
SaveMicrosoftEdge

Sections

.text
Size: 439KB - Virtual size: 438KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 185KB - Virtual size: 185KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.11.12_Cisco-CRAT_Lazarus/057cffe539a414ec4cef730e4fbf7861b61a7331bbd6d7feb55c76221a8cc6d3
.dll windows:6 windows x64 arch:x64

f70ab19f57e4abf2d082f80fae8fe3d9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

HeapReAlloc
FindResourceExW
FindResourceW
LoadResource
HeapAlloc
HeapFree
GetProcessHeap
WideCharToMultiByte
SizeofResource
HeapDestroy
InitializeCriticalSectionEx
RaiseException
GetLastError
HeapSize
LockResource
DecodePointer
DeleteCriticalSection
MultiByteToWideChar
LoadLibraryW
GetProcAddress
GetEnvironmentVariableW
SetPriorityClass
Sleep
SetThreadPriority
GetShortPathNameW
WaitForSingleObject
GetExitCodeThread
FlushInstructionCache
OutputDebugStringW
CloseHandle
CreateFileW
IsDebuggerPresent
EnterCriticalSection
LeaveCriticalSection
EncodePointer
IsProcessorFeaturePresent
GetSystemTimeAsFileTime
CreateThread
GetCurrentThreadId
ExitThread
LoadLibraryExW
GetCommandLineA
RtlPcToFileHeader
RtlLookupFunctionEntry
RtlUnwindEx
ExitProcess
GetModuleHandleExW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
SetLastError
RtlCaptureContext
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStartupInfoW
GetModuleHandleW
LCMapStringW
GetStdHandle
GetFileType
GetModuleFileNameA
QueryPerformanceCounter
GetCurrentProcessId
GetEnvironmentStringsW
FreeEnvironmentStringsW
WriteFile
GetModuleFileNameW
GetConsoleCP
GetConsoleMode
SetFilePointerEx
GetStringTypeW
SetStdHandle
WriteConsoleW
FlushFileBuffers

Exports

Exports

ExtractMicrosoftWord
GetFileVersionInfoSizeW
GetFileVersionInfoW
PackImageStore
VerQueryValueW

Sections

.text
Size: 136KB - Virtual size: 136KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 96KB - Virtual size: 95KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.11.12_Cisco-CRAT_Lazarus/05d4da2cb9f6d5d44c399f42a81bb393b2ff6669d64ea773b58d2daf4df10d00
.dll regsvr32 windows:6 windows x64 arch:x64

1a04a5645e25735ab6a06a56bb4d9338

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

HeapReAlloc
FindResourceExW
FindResourceW
LoadResource
HeapAlloc
HeapFree
GetProcessHeap
WideCharToMultiByte
SizeofResource
HeapDestroy
MultiByteToWideChar
InitializeCriticalSectionEx
RaiseException
GetLastError
HeapSize
LockResource
DecodePointer
DeleteCriticalSection
Sleep
LoadLibraryW
GetEnvironmentVariableW
SetPriorityClass
SetThreadPriority
GetShortPathNameW
WaitForSingleObject
GetExitCodeThread
FlushInstructionCache
OutputDebugStringW
IsBadReadPtr
SetLastError
GenerateConsoleCtrlEvent
FreeConsole
AttachConsole
SetConsoleCtrlHandler
GlobalFree
ReadConsoleW
ReadFile
SetEndOfFile
FlushFileBuffers
WriteConsoleW
IsDebuggerPresent
EnterCriticalSection
LeaveCriticalSection
EncodePointer
IsProcessorFeaturePresent
GetSystemTimeAsFileTime
CreateThread
GetCurrentThreadId
ExitThread
GetProcAddress
LoadLibraryExW
GetCommandLineA
ExitProcess
GetModuleHandleExW
GetStdHandle
WriteFile
GetModuleFileNameW
RtlUnwindEx
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
RtlPcToFileHeader
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStartupInfoW
GetModuleHandleW
GetTimeZoneInformation
GetStringTypeW
CompareStringW
LCMapStringW
GetConsoleCP
GetConsoleMode
CloseHandle
GetFileType
GetModuleFileNameA
QueryPerformanceCounter
GetCurrentProcessId
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetFilePointerEx
CreateFileW
SetStdHandle
SetEnvironmentVariableA

shlwapi

StrStrIW
PathFindFileNameW

Exports

Exports

DllRegisterServer
ExtractMicrosoftEdge
PackImageStore
SaveMicrosoftEdge

Sections

.text
Size: 439KB - Virtual size: 438KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 185KB - Virtual size: 185KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.11.12_Cisco-CRAT_Lazarus/0eca58ef6f2aba6b3e686f76039945b3a8a8110d357a4f8d857757c218ca0c1e
.exe windows:6 windows x64 arch:x64

e456608853383d09bb4c95ae84a2a74f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

HeapReAlloc
HeapAlloc
HeapFree
GetProcessHeap
HeapDestroy
InitializeCriticalSectionEx
RaiseException
GetLastError
HeapSize
DecodePointer
DeleteCriticalSection
FindResourceExW
FindResourceW
LoadResource
SizeofResource
LockResource
MultiByteToWideChar
WideCharToMultiByte
LoadLibraryW
GetProcAddress
GetEnvironmentVariableW
SetPriorityClass
Sleep
SetThreadPriority
GetShortPathNameW
WaitForSingleObject
GetExitCodeThread
FlushInstructionCache
OutputDebugStringW
CloseHandle
CreateFileW
IsDebuggerPresent
EnterCriticalSection
LeaveCriticalSection
EncodePointer
IsProcessorFeaturePresent
GetSystemTimeAsFileTime
GetCommandLineA
RtlPcToFileHeader
RtlLookupFunctionEntry
RtlUnwindEx
ExitProcess
GetModuleHandleExW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
SetLastError
GetCurrentThreadId
RtlCaptureContext
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStartupInfoW
GetModuleHandleW
LCMapStringW
GetStdHandle
GetFileType
GetModuleFileNameA
WriteFile
GetModuleFileNameW
QueryPerformanceCounter
GetCurrentProcessId
GetEnvironmentStringsW
FreeEnvironmentStringsW
LoadLibraryExW
GetConsoleCP
GetConsoleMode
SetFilePointerEx
GetStringTypeW
SetStdHandle
WriteConsoleW
FlushFileBuffers

Sections

.text
Size: 114KB - Virtual size: 114KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 84KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.11.12_Cisco-CRAT_Lazarus/1101d00223a62e77718da28053758208897d1dc627a06a01f0e620a6ccad3812
.dll windows:6 windows x64 arch:x64

ccb87335a0c972884296455ec2c5fcfe

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

HeapReAlloc
HeapAlloc
HeapFree
GetProcessHeap
WideCharToMultiByte
HeapDestroy
InitializeCriticalSectionEx
RaiseException
GetLastError
HeapSize
DecodePointer
DeleteCriticalSection
FindResourceExW
FindResourceW
LoadResource
SizeofResource
LockResource
MultiByteToWideChar
LoadLibraryW
GetProcAddress
GetEnvironmentVariableW
SetPriorityClass
Sleep
SetThreadPriority
GetShortPathNameW
WaitForSingleObject
GetExitCodeThread
FlushInstructionCache
OutputDebugStringW
CloseHandle
CreateFileW
IsDebuggerPresent
EnterCriticalSection
LeaveCriticalSection
EncodePointer
IsProcessorFeaturePresent
GetSystemTimeAsFileTime
CreateThread
GetCurrentThreadId
ExitThread
LoadLibraryExW
GetCommandLineA
RtlPcToFileHeader
RtlLookupFunctionEntry
RtlUnwindEx
ExitProcess
GetModuleHandleExW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
SetLastError
RtlCaptureContext
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStartupInfoW
GetModuleHandleW
LCMapStringW
GetStdHandle
GetFileType
GetModuleFileNameA
QueryPerformanceCounter
GetCurrentProcessId
GetEnvironmentStringsW
FreeEnvironmentStringsW
WriteFile
GetModuleFileNameW
GetConsoleCP
GetConsoleMode
SetFilePointerEx
GetStringTypeW
SetStdHandle
WriteConsoleW
FlushFileBuffers

Exports

Exports

ExtractMicrosoftWord
GetFileInformationByHandle
GetFileVersionInfoA
GetFileVersionInfoExA
GetFileVersionInfoExW
GetFileVersionInfoSizeA
GetFileVersionInfoSizeExA
GetFileVersionInfoSizeExW
GetFileVersionInfoSizeW
GetFileVersionInfoW
PackImageStore
VerFindFileA
VerFindFileW
VerInstallFileA
VerInstallFileW
VerLanguageNameA
VerLanguageNameW
VerQueryValueA
VerQueryValueW

Sections

.text
Size: 136KB - Virtual size: 136KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 94KB - Virtual size: 93KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.11.12_Cisco-CRAT_Lazarus/11c266c1b0f0428585d40fc95d1a7d3eedb3d0f304cf7ebc692c4487e18c9afb
.dll regsvr32 windows:6 windows x64 arch:x64

1a04a5645e25735ab6a06a56bb4d9338

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

HeapReAlloc
FindResourceExW
FindResourceW
LoadResource
HeapAlloc
HeapFree
GetProcessHeap
WideCharToMultiByte
SizeofResource
HeapDestroy
MultiByteToWideChar
InitializeCriticalSectionEx
RaiseException
GetLastError
HeapSize
LockResource
DecodePointer
DeleteCriticalSection
Sleep
LoadLibraryW
GetEnvironmentVariableW
SetPriorityClass
SetThreadPriority
GetShortPathNameW
WaitForSingleObject
GetExitCodeThread
FlushInstructionCache
OutputDebugStringW
IsBadReadPtr
SetLastError
GenerateConsoleCtrlEvent
FreeConsole
AttachConsole
SetConsoleCtrlHandler
GlobalFree
ReadConsoleW
ReadFile
SetEndOfFile
FlushFileBuffers
WriteConsoleW
IsDebuggerPresent
EnterCriticalSection
LeaveCriticalSection
EncodePointer
IsProcessorFeaturePresent
GetSystemTimeAsFileTime
CreateThread
GetCurrentThreadId
ExitThread
GetProcAddress
LoadLibraryExW
GetCommandLineA
ExitProcess
GetModuleHandleExW
GetStdHandle
WriteFile
GetModuleFileNameW
RtlUnwindEx
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
RtlPcToFileHeader
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStartupInfoW
GetModuleHandleW
GetTimeZoneInformation
GetStringTypeW
CompareStringW
LCMapStringW
GetConsoleCP
GetConsoleMode
CloseHandle
GetFileType
GetModuleFileNameA
QueryPerformanceCounter
GetCurrentProcessId
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetFilePointerEx
CreateFileW
SetStdHandle
SetEnvironmentVariableA

shlwapi

StrStrIW
PathFindFileNameW

Exports

Exports

DllRegisterServer
ExtractMicrosoftEdge
PackImageStore
SaveMicrosoftEdge

Sections

.text
Size: 439KB - Virtual size: 438KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 185KB - Virtual size: 185KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.11.12_Cisco-CRAT_Lazarus/12a7cec5631141f61ef159fbb43103a3cdd79ddd3a0270df62d4c4fa4635b03e
.dll windows:6 windows x64 arch:x64

f70ab19f57e4abf2d082f80fae8fe3d9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

HeapReAlloc
FindResourceExW
FindResourceW
LoadResource
HeapAlloc
HeapFree
GetProcessHeap
WideCharToMultiByte
SizeofResource
HeapDestroy
InitializeCriticalSectionEx
RaiseException
GetLastError
HeapSize
LockResource
DecodePointer
DeleteCriticalSection
MultiByteToWideChar
LoadLibraryW
GetProcAddress
GetEnvironmentVariableW
SetPriorityClass
Sleep
SetThreadPriority
GetShortPathNameW
WaitForSingleObject
GetExitCodeThread
FlushInstructionCache
OutputDebugStringW
CloseHandle
CreateFileW
IsDebuggerPresent
EnterCriticalSection
LeaveCriticalSection
EncodePointer
IsProcessorFeaturePresent
GetSystemTimeAsFileTime
CreateThread
GetCurrentThreadId
ExitThread
LoadLibraryExW
GetCommandLineA
RtlPcToFileHeader
RtlLookupFunctionEntry
RtlUnwindEx
ExitProcess
GetModuleHandleExW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
SetLastError
RtlCaptureContext
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStartupInfoW
GetModuleHandleW
LCMapStringW
GetStdHandle
GetFileType
GetModuleFileNameA
QueryPerformanceCounter
GetCurrentProcessId
GetEnvironmentStringsW
FreeEnvironmentStringsW
WriteFile
GetModuleFileNameW
GetConsoleCP
GetConsoleMode
SetFilePointerEx
GetStringTypeW
SetStdHandle
WriteConsoleW
FlushFileBuffers

Exports

Exports

ExtractMicrosoftWord
GetFileVersionInfoSizeW
GetFileVersionInfoW
PackImageStore
VerQueryValueW

Sections

.text
Size: 136KB - Virtual size: 136KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 96KB - Virtual size: 95KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.11.12_Cisco-CRAT_Lazarus/147f1de257ccbe54b0fca9e61e0f2061172459bef4eeb12014d27e48d99f27ab
.dll windows:6 windows x64 arch:x64

f70ab19f57e4abf2d082f80fae8fe3d9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

HeapReAlloc
FindResourceExW
FindResourceW
LoadResource
HeapAlloc
HeapFree
GetProcessHeap
WideCharToMultiByte
SizeofResource
HeapDestroy
InitializeCriticalSectionEx
RaiseException
GetLastError
HeapSize
LockResource
DecodePointer
DeleteCriticalSection
MultiByteToWideChar
LoadLibraryW
GetProcAddress
GetEnvironmentVariableW
SetPriorityClass
Sleep
SetThreadPriority
GetShortPathNameW
WaitForSingleObject
GetExitCodeThread
FlushInstructionCache
OutputDebugStringW
CloseHandle
CreateFileW
IsDebuggerPresent
EnterCriticalSection
LeaveCriticalSection
EncodePointer
IsProcessorFeaturePresent
GetSystemTimeAsFileTime
CreateThread
GetCurrentThreadId
ExitThread
LoadLibraryExW
GetCommandLineA
RtlPcToFileHeader
RtlLookupFunctionEntry
RtlUnwindEx
ExitProcess
GetModuleHandleExW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
SetLastError
RtlCaptureContext
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStartupInfoW
GetModuleHandleW
LCMapStringW
GetStdHandle
GetFileType
GetModuleFileNameA
QueryPerformanceCounter
GetCurrentProcessId
GetEnvironmentStringsW
FreeEnvironmentStringsW
WriteFile
GetModuleFileNameW
GetConsoleCP
GetConsoleMode
SetFilePointerEx
GetStringTypeW
SetStdHandle
WriteConsoleW
FlushFileBuffers

Exports

Exports

ExtractMicrosoftWord
GetFileInformationByHandle
GetFileVersionInfoA
GetFileVersionInfoExA
GetFileVersionInfoExW
GetFileVersionInfoSizeA
GetFileVersionInfoSizeExA
GetFileVersionInfoSizeExW
GetFileVersionInfoSizeW
GetFileVersionInfoW
PackImageStore
VerFindFileA
VerFindFileW
VerInstallFileA
VerInstallFileW
VerLanguageNameA
VerLanguageNameW
VerQueryValueA
VerQueryValueW

Sections

.text
Size: 104KB - Virtual size: 104KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 90KB - Virtual size: 90KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.11.12_Cisco-CRAT_Lazarus/1764ceca4425c6f577ecdb5c9435cf01807663508c3e1bbe1de2800d6c725a01
.dll windows:6 windows x64 arch:x64

bdea7f9f2facf10ad01bb3f7803985d9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

E:\workspace\VS\crat_2\client\Build\x64\DllRelease\ScreenCapture_x64_DllRelease.pdb

Imports

kernel32

GetProcessHeap
SizeofResource
HeapDestroy
InitializeCriticalSectionEx
RaiseException
GetLastError
HeapSize
LockResource
DecodePointer
DeleteCriticalSection
WideCharToMultiByte
MultiByteToWideChar
LoadLibraryW
GetProcAddress
HeapFree
Sleep
OutputDebugStringW
MapViewOfFile
UnmapViewOfFile
FlushViewOfFile
CreateFileMappingW
CloseHandle
CreateFileW
FlushFileBuffers
WriteConsoleW
SetStdHandle
SetFilePointerEx
HeapAlloc
LoadResource
FindResourceW
FindResourceExW
HeapReAlloc
GetConsoleMode
GetConsoleCP
LoadLibraryExW
GetStringTypeW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCurrentProcessId
QueryPerformanceCounter
GetModuleFileNameA
GetFileType
LCMapStringW
GetModuleHandleW
IsDebuggerPresent
EnterCriticalSection
LeaveCriticalSection
EncodePointer
IsProcessorFeaturePresent
GetSystemTimeAsFileTime
GetCommandLineA
GetCurrentThreadId
RtlPcToFileHeader
RtlLookupFunctionEntry
RtlUnwindEx
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
SetLastError
ExitProcess
GetModuleHandleExW
GetStdHandle
WriteFile
GetModuleFileNameW
RtlCaptureContext
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStartupInfoW

user32

EnumDisplayMonitors
GetDC
ReleaseDC
GetCursorPos

gdi32

DeleteObject
SelectObject
CreateCompatibleDC
CreateCompatibleBitmap
BitBlt

gdiplus

GdipGetImageEncodersSize
GdipAlloc
GdipDisposeImageAttributes
GdipGetEncoderParameterList
GdipGetImageGraphicsContext
GdipDeleteGraphics
GdipDisposeImage
GdipGetImagePixelFormat
GdipGetEncoderParameterListSize
GdipGetImageHeight
GdipSetImageAttributesColorMatrix
GdipFree
GdipDrawImageRectRect
GdiplusShutdown
GdipCreateBitmapFromHBITMAP
GdipCreateImageAttributes
GdipGetImageEncoders
GdipSaveImageToFile
GdipCloneImage
GdipGetImageWidth
GdiplusStartup
GdipCreateBitmapFromScan0

Exports

Exports

ConfigChrome
DownloadChrome
GetChromeVersion
InstallChrome
UninstallChrome
UpdateChrome

Sections

.text
Size: 104KB - Virtual size: 104KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 88KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.11.12_Cisco-CRAT_Lazarus/1c17b631988d0b8b722adf9c973c6577c7983a9b0cb069dd1d442d04f4dd73df
.dll windows:6 windows x64 arch:x64

f70ab19f57e4abf2d082f80fae8fe3d9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

HeapReAlloc
FindResourceExW
FindResourceW
LoadResource
HeapAlloc
HeapFree
GetProcessHeap
WideCharToMultiByte
SizeofResource
HeapDestroy
InitializeCriticalSectionEx
RaiseException
GetLastError
HeapSize
LockResource
DecodePointer
DeleteCriticalSection
MultiByteToWideChar
LoadLibraryW
GetProcAddress
GetEnvironmentVariableW
SetPriorityClass
Sleep
SetThreadPriority
GetShortPathNameW
WaitForSingleObject
GetExitCodeThread
FlushInstructionCache
OutputDebugStringW
CloseHandle
CreateFileW
IsDebuggerPresent
EnterCriticalSection
LeaveCriticalSection
EncodePointer
IsProcessorFeaturePresent
GetSystemTimeAsFileTime
CreateThread
GetCurrentThreadId
ExitThread
LoadLibraryExW
GetCommandLineA
RtlPcToFileHeader
RtlLookupFunctionEntry
RtlUnwindEx
ExitProcess
GetModuleHandleExW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
SetLastError
RtlCaptureContext
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStartupInfoW
GetModuleHandleW
LCMapStringW
GetStdHandle
GetFileType
GetModuleFileNameA
QueryPerformanceCounter
GetCurrentProcessId
GetEnvironmentStringsW
FreeEnvironmentStringsW
WriteFile
GetModuleFileNameW
GetConsoleCP
GetConsoleMode
SetFilePointerEx
GetStringTypeW
SetStdHandle
WriteConsoleW
FlushFileBuffers

Exports

Exports

ExtractMicrosoftWord
GetFileInformationByHandle
GetFileVersionInfoA
GetFileVersionInfoExA
GetFileVersionInfoExW
GetFileVersionInfoSizeA
GetFileVersionInfoSizeExA
GetFileVersionInfoSizeExW
GetFileVersionInfoSizeW
GetFileVersionInfoW
PackImageStore
VerFindFileA
VerFindFileW
VerInstallFileA
VerInstallFileW
VerLanguageNameA
VerLanguageNameW
VerQueryValueA
VerQueryValueW

Sections

.text
Size: 104KB - Virtual size: 104KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 90KB - Virtual size: 90KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.11.12_Cisco-CRAT_Lazarus/1e34709734b401413cc38818c1d7e34126fdc01a9bc47a1607e1371dd8d1385b
.dll regsvr32 windows:6 windows x64 arch:x64

095a4e777a268986400008f7c2a4602d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

E:\workspace\VS\crat_2\client\Build\x64\DllRelease\second_x64_DllRelease.pdb

Imports

kernel32

LoadResource
HeapAlloc
HeapFree
GetProcessHeap
WideCharToMultiByte
SizeofResource
HeapDestroy
MultiByteToWideChar
InitializeCriticalSectionEx
RaiseException
GetLastError
HeapSize
LockResource
DecodePointer
DeleteCriticalSection
Sleep
FindResourceW
GetEnvironmentVariableW
SetPriorityClass
SetThreadPriority
GetShortPathNameW
WaitForSingleObject
GetExitCodeThread
FlushInstructionCache
VirtualAllocEx
OutputDebugStringW
GenerateConsoleCtrlEvent
FreeConsole
AttachConsole
SetConsoleCtrlHandler
GlobalFree
ReadConsoleW
ReadFile
FindResourceExW
LoadLibraryW
HeapReAlloc
SetEndOfFile
FlushFileBuffers
WriteConsoleW
IsDebuggerPresent
EnterCriticalSection
LeaveCriticalSection
EncodePointer
IsProcessorFeaturePresent
GetSystemTimeAsFileTime
CreateThread
GetCurrentThreadId
ExitThread
GetProcAddress
LoadLibraryExW
GetCommandLineA
ExitProcess
GetModuleHandleExW
GetStdHandle
WriteFile
GetModuleFileNameW
RtlUnwindEx
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
SetLastError
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStartupInfoW
GetModuleHandleW
RtlPcToFileHeader
GetTimeZoneInformation
GetStringTypeW
CompareStringW
LCMapStringW
GetConsoleCP
GetConsoleMode
CloseHandle
GetFileType
GetModuleFileNameA
QueryPerformanceCounter
GetCurrentProcessId
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetFilePointerEx
CreateFileW
SetStdHandle
SetEnvironmentVariableA

advapi32

LookupPrivilegeValueW
AdjustTokenPrivileges

shlwapi

StrStrIW
PathFindFileNameW

Exports

Exports

DllRegisterServer
DownloadChrome
HelloWorld

Sections

.text
Size: 394KB - Virtual size: 394KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 186KB - Virtual size: 185KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.11.12_Cisco-CRAT_Lazarus/1ea8b9f307f2c4202380f1fe14044ff4b9140337b53fdf627e5411e979b4b5ea
.dll windows:6 windows x64 arch:x64

ccb87335a0c972884296455ec2c5fcfe

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

HeapReAlloc
HeapAlloc
HeapFree
GetProcessHeap
WideCharToMultiByte
HeapDestroy
InitializeCriticalSectionEx
RaiseException
GetLastError
HeapSize
DecodePointer
DeleteCriticalSection
FindResourceExW
FindResourceW
LoadResource
SizeofResource
LockResource
MultiByteToWideChar
LoadLibraryW
GetProcAddress
GetEnvironmentVariableW
SetPriorityClass
Sleep
SetThreadPriority
GetShortPathNameW
WaitForSingleObject
GetExitCodeThread
FlushInstructionCache
OutputDebugStringW
CloseHandle
CreateFileW
IsDebuggerPresent
EnterCriticalSection
LeaveCriticalSection
EncodePointer
IsProcessorFeaturePresent
GetSystemTimeAsFileTime
CreateThread
GetCurrentThreadId
ExitThread
LoadLibraryExW
GetCommandLineA
RtlPcToFileHeader
RtlLookupFunctionEntry
RtlUnwindEx
ExitProcess
GetModuleHandleExW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
SetLastError
RtlCaptureContext
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStartupInfoW
GetModuleHandleW
LCMapStringW
GetStdHandle
GetFileType
GetModuleFileNameA
QueryPerformanceCounter
GetCurrentProcessId
GetEnvironmentStringsW
FreeEnvironmentStringsW
WriteFile
GetModuleFileNameW
GetConsoleCP
GetConsoleMode
SetFilePointerEx
GetStringTypeW
SetStdHandle
WriteConsoleW
FlushFileBuffers

Exports

Exports

ExtractMicrosoftWord
GetFileVersionInfoSizeW
GetFileVersionInfoW
PackImageStore
VerQueryValueW

Sections

.text
Size: 132KB - Virtual size: 131KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 91KB - Virtual size: 90KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.11.12_Cisco-CRAT_Lazarus/1fc8fb396a22f98c1230d0d8877f3806d52c1a2723add033223753f83628c826
.dll windows:6 windows x64 arch:x64

ed37e4e30d0c9e066e02b75b270939ed

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

HeapReAlloc
HeapAlloc
HeapFree
GetProcessHeap
HeapDestroy
InitializeCriticalSectionEx
RaiseException
GetLastError
HeapSize
DecodePointer
DeleteCriticalSection
FindResourceExW
FindResourceW
LoadResource
SizeofResource
LockResource
WideCharToMultiByte
MultiByteToWideChar
LoadLibraryW
GetProcAddress
GetEnvironmentVariableW
SetPriorityClass
Sleep
SetThreadPriority
GetShortPathNameW
WaitForSingleObject
GetExitCodeThread
FlushInstructionCache
VirtualAllocEx
OutputDebugStringW
CloseHandle
CreateFileW
IsDebuggerPresent
EnterCriticalSection
LeaveCriticalSection
EncodePointer
IsProcessorFeaturePresent
GetSystemTimeAsFileTime
GetCommandLineA
GetCurrentThreadId
RtlPcToFileHeader
RtlLookupFunctionEntry
RtlUnwindEx
ExitProcess
GetModuleHandleExW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
SetLastError
RtlCaptureContext
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStartupInfoW
GetModuleHandleW
LCMapStringW
GetStdHandle
GetFileType
GetModuleFileNameA
QueryPerformanceCounter
GetCurrentProcessId
GetEnvironmentStringsW
FreeEnvironmentStringsW
WriteFile
GetModuleFileNameW
LoadLibraryExW
GetConsoleCP
GetConsoleMode
SetFilePointerEx
GetStringTypeW
SetStdHandle
WriteConsoleW
FlushFileBuffers

Exports

Exports

InstallFirefox

Sections

.text
Size: 113KB - Virtual size: 112KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 93KB - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.11.12_Cisco-CRAT_Lazarus/2263031c15809b49e7d8161e147a4844722f6f576d276b2be38a0c794417dd2a
.dll regsvr32 windows:6 windows x64 arch:x64

1a04a5645e25735ab6a06a56bb4d9338

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

HeapReAlloc
FindResourceExW
FindResourceW
LoadResource
HeapAlloc
HeapFree
GetProcessHeap
WideCharToMultiByte
SizeofResource
HeapDestroy
MultiByteToWideChar
InitializeCriticalSectionEx
RaiseException
GetLastError
HeapSize
LockResource
DecodePointer
DeleteCriticalSection
Sleep
LoadLibraryW
GetEnvironmentVariableW
SetPriorityClass
SetThreadPriority
GetShortPathNameW
WaitForSingleObject
GetExitCodeThread
FlushInstructionCache
OutputDebugStringW
IsBadReadPtr
SetLastError
GenerateConsoleCtrlEvent
FreeConsole
AttachConsole
SetConsoleCtrlHandler
GlobalFree
ReadConsoleW
ReadFile
SetEndOfFile
FlushFileBuffers
WriteConsoleW
IsDebuggerPresent
EnterCriticalSection
LeaveCriticalSection
EncodePointer
IsProcessorFeaturePresent
GetSystemTimeAsFileTime
CreateThread
GetCurrentThreadId
ExitThread
GetProcAddress
LoadLibraryExW
GetCommandLineA
ExitProcess
GetModuleHandleExW
GetStdHandle
WriteFile
GetModuleFileNameW
RtlUnwindEx
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
RtlPcToFileHeader
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStartupInfoW
GetModuleHandleW
GetTimeZoneInformation
GetStringTypeW
CompareStringW
LCMapStringW
GetConsoleCP
GetConsoleMode
CloseHandle
GetFileType
GetModuleFileNameA
QueryPerformanceCounter
GetCurrentProcessId
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetFilePointerEx
CreateFileW
SetStdHandle
SetEnvironmentVariableA

shlwapi

StrStrIW
PathFindFileNameW

Exports

Exports

DllRegisterServer
ExtractMicrosoftEdge
PackImageStore
SaveMicrosoftEdge

Sections

.text
Size: 439KB - Virtual size: 438KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 185KB - Virtual size: 185KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.11.12_Cisco-CRAT_Lazarus/26c70fa62e1d092ad1855900cd0db4e224b11e84fdf14105ade5e2b2a3dc1b62
.dll regsvr32 windows:6 windows x64 arch:x64

1a04a5645e25735ab6a06a56bb4d9338

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

HeapReAlloc
FindResourceExW
FindResourceW
LoadResource
HeapAlloc
HeapFree
GetProcessHeap
WideCharToMultiByte
SizeofResource
HeapDestroy
MultiByteToWideChar
InitializeCriticalSectionEx
RaiseException
GetLastError
HeapSize
LockResource
DecodePointer
DeleteCriticalSection
Sleep
LoadLibraryW
GetEnvironmentVariableW
SetPriorityClass
SetThreadPriority
GetShortPathNameW
WaitForSingleObject
GetExitCodeThread
FlushInstructionCache
OutputDebugStringW
IsBadReadPtr
SetLastError
GenerateConsoleCtrlEvent
FreeConsole
AttachConsole
SetConsoleCtrlHandler
GlobalFree
ReadConsoleW
ReadFile
SetEndOfFile
FlushFileBuffers
WriteConsoleW
IsDebuggerPresent
EnterCriticalSection
LeaveCriticalSection
EncodePointer
IsProcessorFeaturePresent
GetSystemTimeAsFileTime
CreateThread
GetCurrentThreadId
ExitThread
GetProcAddress
LoadLibraryExW
GetCommandLineA
ExitProcess
GetModuleHandleExW
GetStdHandle
WriteFile
GetModuleFileNameW
RtlUnwindEx
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
RtlPcToFileHeader
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStartupInfoW
GetModuleHandleW
GetTimeZoneInformation
GetStringTypeW
CompareStringW
LCMapStringW
GetConsoleCP
GetConsoleMode
CloseHandle
GetFileType
GetModuleFileNameA
QueryPerformanceCounter
GetCurrentProcessId
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetFilePointerEx
CreateFileW
SetStdHandle
SetEnvironmentVariableA

shlwapi

StrStrIW
PathFindFileNameW

Exports

Exports

DllRegisterServer
ExtractMicrosoftEdge
PackImageStore
SaveMicrosoftEdge

Sections

.text
Size: 439KB - Virtual size: 438KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 185KB - Virtual size: 185KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.11.12_Cisco-CRAT_Lazarus/277931bf51f195fceb9befad6f4cc9e613d203ed90d3e4a05a16bc603809dec6
.dll windows:6 windows x64 arch:x64

ccb87335a0c972884296455ec2c5fcfe

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

HeapReAlloc
HeapAlloc
HeapFree
GetProcessHeap
WideCharToMultiByte
HeapDestroy
InitializeCriticalSectionEx
RaiseException
GetLastError
HeapSize
DecodePointer
DeleteCriticalSection
FindResourceExW
FindResourceW
LoadResource
SizeofResource
LockResource
MultiByteToWideChar
LoadLibraryW
GetProcAddress
GetEnvironmentVariableW
SetPriorityClass
Sleep
SetThreadPriority
GetShortPathNameW
WaitForSingleObject
GetExitCodeThread
FlushInstructionCache
OutputDebugStringW
CloseHandle
CreateFileW
IsDebuggerPresent
EnterCriticalSection
LeaveCriticalSection
EncodePointer
IsProcessorFeaturePresent
GetSystemTimeAsFileTime
CreateThread
GetCurrentThreadId
ExitThread
LoadLibraryExW
GetCommandLineA
RtlPcToFileHeader
RtlLookupFunctionEntry
RtlUnwindEx
ExitProcess
GetModuleHandleExW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
SetLastError
RtlCaptureContext
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStartupInfoW
GetModuleHandleW
LCMapStringW
GetStdHandle
GetFileType
GetModuleFileNameA
QueryPerformanceCounter
GetCurrentProcessId
GetEnvironmentStringsW
FreeEnvironmentStringsW
WriteFile
GetModuleFileNameW
GetConsoleCP
GetConsoleMode
SetFilePointerEx
GetStringTypeW
SetStdHandle
WriteConsoleW
FlushFileBuffers

Exports

Exports

ExtractMicrosoftWord
GetFileInformationByHandle
GetFileVersionInfoA
GetFileVersionInfoExA
GetFileVersionInfoExW
GetFileVersionInfoSizeA
GetFileVersionInfoSizeExA
GetFileVersionInfoSizeExW
GetFileVersionInfoSizeW
GetFileVersionInfoW
PackImageStore
VerFindFileA
VerFindFileW
VerInstallFileA
VerInstallFileW
VerLanguageNameA
VerLanguageNameW
VerQueryValueA
VerQueryValueW

Sections

.text
Size: 136KB - Virtual size: 136KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 94KB - Virtual size: 93KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.11.12_Cisco-CRAT_Lazarus/2916801be5b6d26d735aaa11eb5631fc6dbe234ed2e0980b8d7366c89ad7ba39
.exe windows:6 windows x64 arch:x64

7bc13ebab50e23693dce9e811a4f6e0a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

HeapSize
EnterCriticalSection
DecodePointer
DeleteCriticalSection
FindResourceExW
FindResourceW
LoadResource
SizeofResource
LockResource
MultiByteToWideChar
LoadLibraryW
GetProcAddress
GetEnvironmentVariableW
Sleep
GetShortPathNameW
GetLastError
OutputDebugStringW
IsBadReadPtr
SetLastError
GetConsoleWindow
WaitForSingleObject
SetEvent
CreateEventW
CreateThread
lstrcmpW
LocalAlloc
LocalFree
GetTickCount
CloseHandle
CreateFileW
FlushFileBuffers
RaiseException
InitializeCriticalSectionEx
LeaveCriticalSection
HeapDestroy
WideCharToMultiByte
InitializeCriticalSection
GetProcessHeap
HeapFree
HeapAlloc
HeapReAlloc
IsDebuggerPresent
EncodePointer
IsProcessorFeaturePresent
GetSystemTimeAsFileTime
GetCommandLineW
RtlPcToFileHeader
RtlLookupFunctionEntry
RtlUnwindEx
ExitProcess
GetModuleHandleExW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCurrentThreadId
RtlCaptureContext
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStartupInfoW
GetModuleHandleW
LCMapStringW
GetStdHandle
WriteFile
GetModuleFileNameW
GetStringTypeW
GetFileType
QueryPerformanceCounter
GetCurrentProcessId
GetEnvironmentStringsW
FreeEnvironmentStringsW
LoadLibraryExW
GetConsoleCP
GetConsoleMode
SetFilePointerEx
SetStdHandle
WriteConsoleW

user32

ShowWindow

Sections

.text
Size: 136KB - Virtual size: 136KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 105KB - Virtual size: 105KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 23KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.11.12_Cisco-CRAT_Lazarus/2cff5e7d4405bf09f423db1d7a8e535a6be2f68cc4ce4a5817ae01bee09f088a
.dll regsvr32 windows:6 windows x64 arch:x64

1a04a5645e25735ab6a06a56bb4d9338

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

HeapReAlloc
FindResourceExW
FindResourceW
LoadResource
HeapAlloc
HeapFree
GetProcessHeap
WideCharToMultiByte
SizeofResource
HeapDestroy
MultiByteToWideChar
InitializeCriticalSectionEx
RaiseException
GetLastError
HeapSize
LockResource
DecodePointer
DeleteCriticalSection
Sleep
LoadLibraryW
GetEnvironmentVariableW
SetPriorityClass
SetThreadPriority
GetShortPathNameW
WaitForSingleObject
GetExitCodeThread
FlushInstructionCache
OutputDebugStringW
IsBadReadPtr
SetLastError
GenerateConsoleCtrlEvent
FreeConsole
AttachConsole
SetConsoleCtrlHandler
GlobalFree
ReadConsoleW
ReadFile
SetEndOfFile
FlushFileBuffers
WriteConsoleW
IsDebuggerPresent
EnterCriticalSection
LeaveCriticalSection
EncodePointer
IsProcessorFeaturePresent
GetSystemTimeAsFileTime
CreateThread
GetCurrentThreadId
ExitThread
GetProcAddress
LoadLibraryExW
GetCommandLineA
ExitProcess
GetModuleHandleExW
GetStdHandle
WriteFile
GetModuleFileNameW
RtlUnwindEx
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
RtlPcToFileHeader
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStartupInfoW
GetModuleHandleW
GetTimeZoneInformation
GetStringTypeW
CompareStringW
LCMapStringW
GetConsoleCP
GetConsoleMode
CloseHandle
GetFileType
GetModuleFileNameA
QueryPerformanceCounter
GetCurrentProcessId
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetFilePointerEx
CreateFileW
SetStdHandle
SetEnvironmentVariableA

shlwapi

StrStrIW
PathFindFileNameW

Exports

Exports

DllRegisterServer
ExtractMicrosoftEdge
PackImageStore
SaveMicrosoftEdge

Sections

.text
Size: 439KB - Virtual size: 438KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 185KB - Virtual size: 185KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.11.12_Cisco-CRAT_Lazarus/2ef70a256dde1a9700527c995be417447dee1857759e8279aa7a287f85c9de96
.dll windows:6 windows x64 arch:x64

f70ab19f57e4abf2d082f80fae8fe3d9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

HeapReAlloc
FindResourceExW
FindResourceW
LoadResource
HeapAlloc
HeapFree
GetProcessHeap
WideCharToMultiByte
SizeofResource
HeapDestroy
InitializeCriticalSectionEx
RaiseException
GetLastError
HeapSize
LockResource
DecodePointer
DeleteCriticalSection
MultiByteToWideChar
LoadLibraryW
GetProcAddress
GetEnvironmentVariableW
SetPriorityClass
Sleep
SetThreadPriority
GetShortPathNameW
WaitForSingleObject
GetExitCodeThread
FlushInstructionCache
OutputDebugStringW
CloseHandle
CreateFileW
IsDebuggerPresent
EnterCriticalSection
LeaveCriticalSection
EncodePointer
IsProcessorFeaturePresent
GetSystemTimeAsFileTime
CreateThread
GetCurrentThreadId
ExitThread
LoadLibraryExW
GetCommandLineA
RtlPcToFileHeader
RtlLookupFunctionEntry
RtlUnwindEx
ExitProcess
GetModuleHandleExW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
SetLastError
RtlCaptureContext
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStartupInfoW
GetModuleHandleW
LCMapStringW
GetStdHandle
GetFileType
GetModuleFileNameA
QueryPerformanceCounter
GetCurrentProcessId
GetEnvironmentStringsW
FreeEnvironmentStringsW
WriteFile
GetModuleFileNameW
GetConsoleCP
GetConsoleMode
SetFilePointerEx
GetStringTypeW
SetStdHandle
WriteConsoleW
FlushFileBuffers

Exports

Exports

ExtractMicrosoftWord
GetFileVersionInfoSizeW
GetFileVersionInfoW
PackImageStore
VerQueryValueW

Sections

.text
Size: 138KB - Virtual size: 137KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 96KB - Virtual size: 95KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.11.12_Cisco-CRAT_Lazarus/359bfd21ed9a5deedc19700355776ede266e5c8532584289db45ebe2fd8d8afe
.dll windows:6 windows x64 arch:x64

f70ab19f57e4abf2d082f80fae8fe3d9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

HeapReAlloc
FindResourceExW
FindResourceW
LoadResource
HeapAlloc
HeapFree
GetProcessHeap
WideCharToMultiByte
SizeofResource
HeapDestroy
InitializeCriticalSectionEx
RaiseException
GetLastError
HeapSize
LockResource
DecodePointer
DeleteCriticalSection
MultiByteToWideChar
LoadLibraryW
GetProcAddress
GetEnvironmentVariableW
SetPriorityClass
Sleep
SetThreadPriority
GetShortPathNameW
WaitForSingleObject
GetExitCodeThread
FlushInstructionCache
OutputDebugStringW
CloseHandle
CreateFileW
IsDebuggerPresent
EnterCriticalSection
LeaveCriticalSection
EncodePointer
IsProcessorFeaturePresent
GetSystemTimeAsFileTime
CreateThread
GetCurrentThreadId
ExitThread
LoadLibraryExW
GetCommandLineA
RtlPcToFileHeader
RtlLookupFunctionEntry
RtlUnwindEx
ExitProcess
GetModuleHandleExW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
SetLastError
RtlCaptureContext
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStartupInfoW
GetModuleHandleW
LCMapStringW
GetStdHandle
GetFileType
GetModuleFileNameA
QueryPerformanceCounter
GetCurrentProcessId
GetEnvironmentStringsW
FreeEnvironmentStringsW
WriteFile
GetModuleFileNameW
GetConsoleCP
GetConsoleMode
SetFilePointerEx
GetStringTypeW
SetStdHandle
WriteConsoleW
FlushFileBuffers

Exports

Exports

ExtractMicrosoftWord
GetFileVersionInfoSizeW
GetFileVersionInfoW
PackImageStore
VerQueryValueW

Sections

.text
Size: 138KB - Virtual size: 137KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 96KB - Virtual size: 95KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.11.12_Cisco-CRAT_Lazarus/3689c56b854a99133818618dc97465d9303b3a4009a3c890f7afdfacadd0e1af
Malware-Feed-master/2020.11.12_Cisco-CRAT_Lazarus/37f3f6cdb0a35b4cea75b7cf2dae613c71370e00acdb2cebfc7d95fe33eb97a9
.dll regsvr32 windows:6 windows x64 arch:x64

1a04a5645e25735ab6a06a56bb4d9338

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

HeapReAlloc
FindResourceExW
FindResourceW
LoadResource
HeapAlloc
HeapFree
GetProcessHeap
WideCharToMultiByte
SizeofResource
HeapDestroy
MultiByteToWideChar
InitializeCriticalSectionEx
RaiseException
GetLastError
HeapSize
LockResource
DecodePointer
DeleteCriticalSection
Sleep
LoadLibraryW
GetEnvironmentVariableW
SetPriorityClass
SetThreadPriority
GetShortPathNameW
WaitForSingleObject
GetExitCodeThread
FlushInstructionCache
OutputDebugStringW
IsBadReadPtr
SetLastError
GenerateConsoleCtrlEvent
FreeConsole
AttachConsole
SetConsoleCtrlHandler
GlobalFree
ReadConsoleW
ReadFile
SetEndOfFile
FlushFileBuffers
WriteConsoleW
IsDebuggerPresent
EnterCriticalSection
LeaveCriticalSection
EncodePointer
IsProcessorFeaturePresent
GetSystemTimeAsFileTime
CreateThread
GetCurrentThreadId
ExitThread
GetProcAddress
LoadLibraryExW
GetCommandLineA
ExitProcess
GetModuleHandleExW
GetStdHandle
WriteFile
GetModuleFileNameW
RtlUnwindEx
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
RtlPcToFileHeader
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStartupInfoW
GetModuleHandleW
GetTimeZoneInformation
GetStringTypeW
CompareStringW
LCMapStringW
GetConsoleCP
GetConsoleMode
CloseHandle
GetFileType
GetModuleFileNameA
QueryPerformanceCounter
GetCurrentProcessId
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetFilePointerEx
CreateFileW
SetStdHandle
SetEnvironmentVariableA

shlwapi

StrStrIW
PathFindFileNameW

Exports

Exports

DllRegisterServer
ExtractMicrosoftEdge
PackImageStore
SaveMicrosoftEdge

Sections

.text
Size: 439KB - Virtual size: 438KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 185KB - Virtual size: 185KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.11.12_Cisco-CRAT_Lazarus/389518ac65595ad9138b5dd0185aae851d979d4705d74f191492f002e63438c5
.dll regsvr32 windows:6 windows x64 arch:x64

0fa425869ebc2006b3c9df9817ff2cbc

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

G:\crat2\client\Build\x64\DllRelease\second_x64_DllRelease.pdb

Imports

kernel32

HeapReAlloc
FindResourceExW
FindResourceW
LoadResource
HeapAlloc
HeapFree
GetProcessHeap
WideCharToMultiByte
SizeofResource
HeapDestroy
MultiByteToWideChar
InitializeCriticalSectionEx
RaiseException
GetLastError
HeapSize
LockResource
DecodePointer
DeleteCriticalSection
Sleep
LoadLibraryW
GetEnvironmentVariableW
SetPriorityClass
SetThreadPriority
GetShortPathNameW
WaitForSingleObject
GetExitCodeThread
FlushInstructionCache
VirtualAllocEx
OutputDebugStringW
GenerateConsoleCtrlEvent
FreeConsole
AttachConsole
SetConsoleCtrlHandler
GlobalFree
ReadConsoleW
ReadFile
SetEndOfFile
FlushFileBuffers
WriteConsoleW
IsDebuggerPresent
EnterCriticalSection
LeaveCriticalSection
EncodePointer
IsProcessorFeaturePresent
GetSystemTimeAsFileTime
CreateThread
GetCurrentThreadId
ExitThread
GetProcAddress
LoadLibraryExW
GetCommandLineA
ExitProcess
GetModuleHandleExW
GetStdHandle
WriteFile
GetModuleFileNameW
RtlUnwindEx
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
SetLastError
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStartupInfoW
GetModuleHandleW
RtlPcToFileHeader
GetTimeZoneInformation
GetStringTypeW
CompareStringW
LCMapStringW
GetConsoleCP
GetConsoleMode
CloseHandle
GetFileType
GetModuleFileNameA
QueryPerformanceCounter
GetCurrentProcessId
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetFilePointerEx
CreateFileW
SetStdHandle
SetEnvironmentVariableA

shlwapi

StrStrIW
PathFindFileNameW

Exports

Exports

DllRegisterServer
DownloadChrome
HelloWorld

Sections

.text
Size: 397KB - Virtual size: 397KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 188KB - Virtual size: 187KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.11.12_Cisco-CRAT_Lazarus/396ffa925165de08d0b5bf6cc6974a02a18b44ce60c3d3e657ba6c6153760138
.dll windows:6 windows x64 arch:x64

f70ab19f57e4abf2d082f80fae8fe3d9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

HeapReAlloc
FindResourceExW
FindResourceW
LoadResource
HeapAlloc
HeapFree
GetProcessHeap
WideCharToMultiByte
SizeofResource
HeapDestroy
InitializeCriticalSectionEx
RaiseException
GetLastError
HeapSize
LockResource
DecodePointer
DeleteCriticalSection
MultiByteToWideChar
LoadLibraryW
GetProcAddress
GetEnvironmentVariableW
SetPriorityClass
Sleep
SetThreadPriority
GetShortPathNameW
WaitForSingleObject
GetExitCodeThread
FlushInstructionCache
OutputDebugStringW
CloseHandle
CreateFileW
IsDebuggerPresent
EnterCriticalSection
LeaveCriticalSection
EncodePointer
IsProcessorFeaturePresent
GetSystemTimeAsFileTime
CreateThread
GetCurrentThreadId
ExitThread
LoadLibraryExW
GetCommandLineA
RtlPcToFileHeader
RtlLookupFunctionEntry
RtlUnwindEx
ExitProcess
GetModuleHandleExW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
SetLastError
RtlCaptureContext
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStartupInfoW
GetModuleHandleW
LCMapStringW
GetStdHandle
GetFileType
GetModuleFileNameA
QueryPerformanceCounter
GetCurrentProcessId
GetEnvironmentStringsW
FreeEnvironmentStringsW
WriteFile
GetModuleFileNameW
GetConsoleCP
GetConsoleMode
SetFilePointerEx
GetStringTypeW
SetStdHandle
WriteConsoleW
FlushFileBuffers

Exports

Exports

ExtractMicrosoftWord
GetFileInformationByHandle
GetFileVersionInfoA
GetFileVersionInfoExA
GetFileVersionInfoExW
GetFileVersionInfoSizeA
GetFileVersionInfoSizeExA
GetFileVersionInfoSizeExW
GetFileVersionInfoSizeW
GetFileVersionInfoW
PackImageStore
VerFindFileA
VerFindFileW
VerInstallFileA
VerInstallFileW
VerLanguageNameA
VerLanguageNameW
VerQueryValueA
VerQueryValueW

Sections

.text
Size: 138KB - Virtual size: 138KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 97KB - Virtual size: 96KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.11.12_Cisco-CRAT_Lazarus/3b55f8467b2d3bc34c7fe4e0c4502bc1045c50d7c7fedda4a14eaf9094dfc8bf
.dll windows:6 windows x64 arch:x64

ccb87335a0c972884296455ec2c5fcfe

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

HeapReAlloc
HeapAlloc
HeapFree
GetProcessHeap
WideCharToMultiByte
HeapDestroy
InitializeCriticalSectionEx
RaiseException
GetLastError
HeapSize
DecodePointer
DeleteCriticalSection
FindResourceExW
FindResourceW
LoadResource
SizeofResource
LockResource
MultiByteToWideChar
LoadLibraryW
GetProcAddress
GetEnvironmentVariableW
SetPriorityClass
Sleep
SetThreadPriority
GetShortPathNameW
WaitForSingleObject
GetExitCodeThread
FlushInstructionCache
OutputDebugStringW
CloseHandle
CreateFileW
IsDebuggerPresent
EnterCriticalSection
LeaveCriticalSection
EncodePointer
IsProcessorFeaturePresent
GetSystemTimeAsFileTime
CreateThread
GetCurrentThreadId
ExitThread
LoadLibraryExW
GetCommandLineA
RtlPcToFileHeader
RtlLookupFunctionEntry
RtlUnwindEx
ExitProcess
GetModuleHandleExW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
SetLastError
RtlCaptureContext
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStartupInfoW
GetModuleHandleW
LCMapStringW
GetStdHandle
GetFileType
GetModuleFileNameA
QueryPerformanceCounter
GetCurrentProcessId
GetEnvironmentStringsW
FreeEnvironmentStringsW
WriteFile
GetModuleFileNameW
GetConsoleCP
GetConsoleMode
SetFilePointerEx
GetStringTypeW
SetStdHandle
WriteConsoleW
FlushFileBuffers

Exports

Exports

ExtractMicrosoftWord
GetFileVersionInfoSizeW
GetFileVersionInfoW
PackImageStore
VerQueryValueW

Sections

.text
Size: 132KB - Virtual size: 131KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 91KB - Virtual size: 90KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.11.12_Cisco-CRAT_Lazarus/3c2e708989193b3497c2c97c3957d4abd2d5989c82832ce5c4a3b5a4c9ecd3f8
.dll windows:6 windows x64 arch:x64

f70ab19f57e4abf2d082f80fae8fe3d9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

HeapReAlloc
FindResourceExW
FindResourceW
LoadResource
HeapAlloc
HeapFree
GetProcessHeap
WideCharToMultiByte
SizeofResource
HeapDestroy
InitializeCriticalSectionEx
RaiseException
GetLastError
HeapSize
LockResource
DecodePointer
DeleteCriticalSection
MultiByteToWideChar
LoadLibraryW
GetProcAddress
GetEnvironmentVariableW
SetPriorityClass
Sleep
SetThreadPriority
GetShortPathNameW
WaitForSingleObject
GetExitCodeThread
FlushInstructionCache
OutputDebugStringW
CloseHandle
CreateFileW
IsDebuggerPresent
EnterCriticalSection
LeaveCriticalSection
EncodePointer
IsProcessorFeaturePresent
GetSystemTimeAsFileTime
CreateThread
GetCurrentThreadId
ExitThread
LoadLibraryExW
GetCommandLineA
RtlPcToFileHeader
RtlLookupFunctionEntry
RtlUnwindEx
ExitProcess
GetModuleHandleExW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
SetLastError
RtlCaptureContext
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStartupInfoW
GetModuleHandleW
LCMapStringW
GetStdHandle
GetFileType
GetModuleFileNameA
QueryPerformanceCounter
GetCurrentProcessId
GetEnvironmentStringsW
FreeEnvironmentStringsW
WriteFile
GetModuleFileNameW
GetConsoleCP
GetConsoleMode
SetFilePointerEx
GetStringTypeW
SetStdHandle
WriteConsoleW
FlushFileBuffers

Exports

Exports

ExtractMicrosoftWord
GetFileVersionInfoSizeW
GetFileVersionInfoW
PackImageStore
VerQueryValueW

Sections

.text
Size: 138KB - Virtual size: 137KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 96KB - Virtual size: 95KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.11.12_Cisco-CRAT_Lazarus/3c6b9fb9d680704a1a6c17ef5b3e10b043d15c137dc04688f5802cddbddf90fe
.dll windows:6 windows x64 arch:x64

ccb87335a0c972884296455ec2c5fcfe

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

HeapReAlloc
HeapAlloc
HeapFree
GetProcessHeap
WideCharToMultiByte
HeapDestroy
InitializeCriticalSectionEx
RaiseException
GetLastError
HeapSize
DecodePointer
DeleteCriticalSection
FindResourceExW
FindResourceW
LoadResource
SizeofResource
LockResource
MultiByteToWideChar
LoadLibraryW
GetProcAddress
GetEnvironmentVariableW
SetPriorityClass
Sleep
SetThreadPriority
GetShortPathNameW
WaitForSingleObject
GetExitCodeThread
FlushInstructionCache
OutputDebugStringW
CloseHandle
CreateFileW
IsDebuggerPresent
EnterCriticalSection
LeaveCriticalSection
EncodePointer
IsProcessorFeaturePresent
GetSystemTimeAsFileTime
CreateThread
GetCurrentThreadId
ExitThread
LoadLibraryExW
GetCommandLineA
RtlPcToFileHeader
RtlLookupFunctionEntry
RtlUnwindEx
ExitProcess
GetModuleHandleExW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
SetLastError
RtlCaptureContext
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStartupInfoW
GetModuleHandleW
LCMapStringW
GetStdHandle
GetFileType
GetModuleFileNameA
QueryPerformanceCounter
GetCurrentProcessId
GetEnvironmentStringsW
FreeEnvironmentStringsW
WriteFile
GetModuleFileNameW
GetConsoleCP
GetConsoleMode
SetFilePointerEx
GetStringTypeW
SetStdHandle
WriteConsoleW
FlushFileBuffers

Exports

Exports

ExtractMicrosoftWord
GetFileVersionInfoSizeW
GetFileVersionInfoW
PackImageStore
VerQueryValueW

Sections

.text
Size: 132KB - Virtual size: 131KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 91KB - Virtual size: 90KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.11.12_Cisco-CRAT_Lazarus/3d47ca0810b2d296aaa2541ef621f5d834dfbbd89cb671a2a95b7f2bddbd3e4e
.dll windows:6 windows x64 arch:x64

ccb87335a0c972884296455ec2c5fcfe

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

HeapReAlloc
HeapAlloc
HeapFree
GetProcessHeap
WideCharToMultiByte
HeapDestroy
InitializeCriticalSectionEx
RaiseException
GetLastError
HeapSize
DecodePointer
DeleteCriticalSection
FindResourceExW
FindResourceW
LoadResource
SizeofResource
LockResource
MultiByteToWideChar
LoadLibraryW
GetProcAddress
GetEnvironmentVariableW
SetPriorityClass
Sleep
SetThreadPriority
GetShortPathNameW
WaitForSingleObject
GetExitCodeThread
FlushInstructionCache
OutputDebugStringW
CloseHandle
CreateFileW
IsDebuggerPresent
EnterCriticalSection
LeaveCriticalSection
EncodePointer
IsProcessorFeaturePresent
GetSystemTimeAsFileTime
CreateThread
GetCurrentThreadId
ExitThread
LoadLibraryExW
GetCommandLineA
RtlPcToFileHeader
RtlLookupFunctionEntry
RtlUnwindEx
ExitProcess
GetModuleHandleExW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
SetLastError
RtlCaptureContext
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStartupInfoW
GetModuleHandleW
LCMapStringW
GetStdHandle
GetFileType
GetModuleFileNameA
QueryPerformanceCounter
GetCurrentProcessId
GetEnvironmentStringsW
FreeEnvironmentStringsW
WriteFile
GetModuleFileNameW
GetConsoleCP
GetConsoleMode
SetFilePointerEx
GetStringTypeW
SetStdHandle
WriteConsoleW
FlushFileBuffers

Exports

Exports

ExtractMicrosoftWord
GetFileInformationByHandle
GetFileVersionInfoA
GetFileVersionInfoExA
GetFileVersionInfoExW
GetFileVersionInfoSizeA
GetFileVersionInfoSizeExA
GetFileVersionInfoSizeExW
GetFileVersionInfoSizeW
GetFileVersionInfoW
PackImageStore
VerFindFileA
VerFindFileW
VerInstallFileA
VerInstallFileW
VerLanguageNameA
VerLanguageNameW
VerQueryValueA
VerQueryValueW

Sections

.text
Size: 137KB - Virtual size: 136KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 94KB - Virtual size: 94KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.11.12_Cisco-CRAT_Lazarus/3f47d73a9d6597da1bdbf36f804b0b69a9958225ace088747098d3a24f5a5957
.dll windows:6 windows x64 arch:x64

ccb87335a0c972884296455ec2c5fcfe

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

HeapReAlloc
HeapAlloc
HeapFree
GetProcessHeap
WideCharToMultiByte
HeapDestroy
InitializeCriticalSectionEx
RaiseException
GetLastError
HeapSize
DecodePointer
DeleteCriticalSection
FindResourceExW
FindResourceW
LoadResource
SizeofResource
LockResource
MultiByteToWideChar
LoadLibraryW
GetProcAddress
GetEnvironmentVariableW
SetPriorityClass
Sleep
SetThreadPriority
GetShortPathNameW
WaitForSingleObject
GetExitCodeThread
FlushInstructionCache
OutputDebugStringW
CloseHandle
CreateFileW
IsDebuggerPresent
EnterCriticalSection
LeaveCriticalSection
EncodePointer
IsProcessorFeaturePresent
GetSystemTimeAsFileTime
CreateThread
GetCurrentThreadId
ExitThread
LoadLibraryExW
GetCommandLineA
RtlPcToFileHeader
RtlLookupFunctionEntry
RtlUnwindEx
ExitProcess
GetModuleHandleExW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
SetLastError
RtlCaptureContext
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStartupInfoW
GetModuleHandleW
LCMapStringW
GetStdHandle
GetFileType
GetModuleFileNameA
QueryPerformanceCounter
GetCurrentProcessId
GetEnvironmentStringsW
FreeEnvironmentStringsW
WriteFile
GetModuleFileNameW
GetConsoleCP
GetConsoleMode
SetFilePointerEx
GetStringTypeW
SetStdHandle
WriteConsoleW
FlushFileBuffers

Exports

Exports

ExtractMicrosoftWord
GetFileVersionInfoSizeW
GetFileVersionInfoW
PackImageStore
VerQueryValueW

Sections

.text
Size: 132KB - Virtual size: 131KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 91KB - Virtual size: 90KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.11.12_Cisco-CRAT_Lazarus/40273d18abc0d623a1798766e0d388f2f46bfa7ad535cad46098a5262382fa13
.dll regsvr32 windows:6 windows x64 arch:x64

1a04a5645e25735ab6a06a56bb4d9338

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

HeapReAlloc
FindResourceExW
FindResourceW
LoadResource
HeapAlloc
HeapFree
GetProcessHeap
WideCharToMultiByte
SizeofResource
HeapDestroy
MultiByteToWideChar
InitializeCriticalSectionEx
RaiseException
GetLastError
HeapSize
LockResource
DecodePointer
DeleteCriticalSection
Sleep
LoadLibraryW
GetEnvironmentVariableW
SetPriorityClass
SetThreadPriority
GetShortPathNameW
WaitForSingleObject
GetExitCodeThread
FlushInstructionCache
OutputDebugStringW
IsBadReadPtr
SetLastError
GenerateConsoleCtrlEvent
FreeConsole
AttachConsole
SetConsoleCtrlHandler
GlobalFree
ReadConsoleW
ReadFile
SetEndOfFile
FlushFileBuffers
WriteConsoleW
IsDebuggerPresent
EnterCriticalSection
LeaveCriticalSection
EncodePointer
IsProcessorFeaturePresent
GetSystemTimeAsFileTime
CreateThread
GetCurrentThreadId
ExitThread
GetProcAddress
LoadLibraryExW
GetCommandLineA
ExitProcess
GetModuleHandleExW
GetStdHandle
WriteFile
GetModuleFileNameW
RtlUnwindEx
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
RtlPcToFileHeader
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStartupInfoW
GetModuleHandleW
GetTimeZoneInformation
GetStringTypeW
CompareStringW
LCMapStringW
GetConsoleCP
GetConsoleMode
CloseHandle
GetFileType
GetModuleFileNameA
QueryPerformanceCounter
GetCurrentProcessId
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetFilePointerEx
CreateFileW
SetStdHandle
SetEnvironmentVariableA

shlwapi

StrStrIW
PathFindFileNameW

Exports

Exports

DllRegisterServer
ExtractMicrosoftEdge
PackImageStore
SaveMicrosoftEdge

Sections

.text
Size: 439KB - Virtual size: 438KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 185KB - Virtual size: 185KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.11.12_Cisco-CRAT_Lazarus/46fd13169cf8e3dcefbd552918a0914261fd22dc22bd9cba167042288432f2b2
.dll windows:6 windows x64 arch:x64

4fcf04eefb4162f5c4b77cabedab04c1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

HeapReAlloc
FindResourceExW
FindResourceW
LoadResource
HeapAlloc
HeapFree
GetProcessHeap
WideCharToMultiByte
SizeofResource
HeapDestroy
InitializeCriticalSectionEx
RaiseException
GetLastError
HeapSize
LockResource
DecodePointer
DeleteCriticalSection
MultiByteToWideChar
LoadLibraryW
GetProcAddress
Sleep
GetExitCodeThread
FlushInstructionCache
OutputDebugStringW
CloseHandle
CreateFileW
FlushFileBuffers
IsDebuggerPresent
EnterCriticalSection
LeaveCriticalSection
EncodePointer
IsProcessorFeaturePresent
GetSystemTimeAsFileTime
GetCommandLineA
GetCurrentThreadId
RtlPcToFileHeader
RtlLookupFunctionEntry
RtlUnwindEx
ExitProcess
GetModuleHandleExW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
SetLastError
RtlCaptureContext
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStartupInfoW
GetModuleHandleW
LCMapStringW
GetStdHandle
GetFileType
GetModuleFileNameA
QueryPerformanceCounter
GetCurrentProcessId
GetEnvironmentStringsW
FreeEnvironmentStringsW
WriteFile
GetModuleFileNameW
LoadLibraryExW
GetConsoleCP
GetConsoleMode
SetFilePointerEx
GetStringTypeW
SetStdHandle
WriteConsoleW

user32

MessageBoxW

Exports

Exports

ExtractMicrosoftWord
GetFileInformationByHandle
GetFileVersionInfoA
GetFileVersionInfoExA
GetFileVersionInfoExW
GetFileVersionInfoSizeA
GetFileVersionInfoSizeExA
GetFileVersionInfoSizeExW
GetFileVersionInfoSizeW
GetFileVersionInfoW
PackImageStore
VerFindFileA
VerFindFileW
VerInstallFileA
VerInstallFileW
VerLanguageNameA
VerLanguageNameW
VerQueryValueA
VerQueryValueW

Sections

.text
Size: 109KB - Virtual size: 109KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 90KB - Virtual size: 89KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.11.12_Cisco-CRAT_Lazarus/49aa98e2100752c09d01a7638ea9ead3dd2fc72d826c4b77d188990b3599b08c
.dll windows:6 windows x64 arch:x64

4fcf04eefb4162f5c4b77cabedab04c1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

HeapReAlloc
FindResourceExW
FindResourceW
LoadResource
HeapAlloc
HeapFree
GetProcessHeap
WideCharToMultiByte
SizeofResource
HeapDestroy
InitializeCriticalSectionEx
RaiseException
GetLastError
HeapSize
LockResource
DecodePointer
DeleteCriticalSection
MultiByteToWideChar
LoadLibraryW
GetProcAddress
Sleep
GetExitCodeThread
FlushInstructionCache
OutputDebugStringW
CloseHandle
CreateFileW
FlushFileBuffers
IsDebuggerPresent
EnterCriticalSection
LeaveCriticalSection
EncodePointer
IsProcessorFeaturePresent
GetSystemTimeAsFileTime
GetCommandLineA
GetCurrentThreadId
RtlPcToFileHeader
RtlLookupFunctionEntry
RtlUnwindEx
ExitProcess
GetModuleHandleExW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
SetLastError
RtlCaptureContext
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStartupInfoW
GetModuleHandleW
LCMapStringW
GetStdHandle
GetFileType
GetModuleFileNameA
QueryPerformanceCounter
GetCurrentProcessId
GetEnvironmentStringsW
FreeEnvironmentStringsW
WriteFile
GetModuleFileNameW
LoadLibraryExW
GetConsoleCP
GetConsoleMode
SetFilePointerEx
GetStringTypeW
SetStdHandle
WriteConsoleW

user32

MessageBoxW

Exports

Exports

ExtractMicrosoftWord
GetFileInformationByHandle
GetFileVersionInfoA
GetFileVersionInfoExA
GetFileVersionInfoExW
GetFileVersionInfoSizeA
GetFileVersionInfoSizeExA
GetFileVersionInfoSizeExW
GetFileVersionInfoSizeW
GetFileVersionInfoW
PackImageStore
VerFindFileA
VerFindFileW
VerInstallFileA
VerInstallFileW
VerLanguageNameA
VerLanguageNameW
VerQueryValueA
VerQueryValueW

Sections

.text
Size: 109KB - Virtual size: 109KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 90KB - Virtual size: 89KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.11.12_Cisco-CRAT_Lazarus/4aa2dc282c56e397b501d84cfd6c582cc256c42e8b6722b45a592cf2008a6495
.dll regsvr32 windows:6 windows x64 arch:x64

1a04a5645e25735ab6a06a56bb4d9338

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

HeapReAlloc
FindResourceExW
FindResourceW
LoadResource
HeapAlloc
HeapFree
GetProcessHeap
WideCharToMultiByte
SizeofResource
HeapDestroy
MultiByteToWideChar
InitializeCriticalSectionEx
RaiseException
GetLastError
HeapSize
LockResource
DecodePointer
DeleteCriticalSection
Sleep
LoadLibraryW
GetEnvironmentVariableW
SetPriorityClass
SetThreadPriority
GetShortPathNameW
WaitForSingleObject
GetExitCodeThread
FlushInstructionCache
OutputDebugStringW
IsBadReadPtr
SetLastError
GenerateConsoleCtrlEvent
FreeConsole
AttachConsole
SetConsoleCtrlHandler
GlobalFree
ReadConsoleW
ReadFile
SetEndOfFile
FlushFileBuffers
WriteConsoleW
IsDebuggerPresent
EnterCriticalSection
LeaveCriticalSection
EncodePointer
IsProcessorFeaturePresent
GetSystemTimeAsFileTime
CreateThread
GetCurrentThreadId
ExitThread
GetProcAddress
LoadLibraryExW
GetCommandLineA
ExitProcess
GetModuleHandleExW
GetStdHandle
WriteFile
GetModuleFileNameW
RtlUnwindEx
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
RtlPcToFileHeader
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStartupInfoW
GetModuleHandleW
GetTimeZoneInformation
GetStringTypeW
CompareStringW
LCMapStringW
GetConsoleCP
GetConsoleMode
CloseHandle
GetFileType
GetModuleFileNameA
QueryPerformanceCounter
GetCurrentProcessId
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetFilePointerEx
CreateFileW
SetStdHandle
SetEnvironmentVariableA

shlwapi

StrStrIW
PathFindFileNameW

Exports

Exports

DllRegisterServer
ExtractMicrosoftEdge
PackImageStore
SaveMicrosoftEdge

Sections

.text
Size: 439KB - Virtual size: 438KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 185KB - Virtual size: 185KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.11.12_Cisco-CRAT_Lazarus/4dc302e1f7cf8bdc4983fdf02cf5b13bcd9314bb87953b9c6797187700192665
.dll windows:6 windows x86 arch:x86

9cd944566b6ca36a58b18f19d1c26a2c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

HeapReAlloc
HeapAlloc
HeapFree
GetProcessHeap
HeapDestroy
InitializeCriticalSectionEx
RaiseException
GetLastError
HeapSize
DecodePointer
DeleteCriticalSection
FindResourceExW
FindResourceW
LoadResource
SizeofResource
LockResource
WideCharToMultiByte
MultiByteToWideChar
LoadLibraryW
GetProcAddress
GetEnvironmentVariableW
SetPriorityClass
Sleep
SetThreadPriority
GetShortPathNameW
WaitForSingleObject
GetExitCodeThread
FlushInstructionCache
VirtualAllocEx
OutputDebugStringW
CloseHandle
CreateFileW
IsDebuggerPresent
EnterCriticalSection
LeaveCriticalSection
EncodePointer
IsProcessorFeaturePresent
GetSystemTimeAsFileTime
GetCommandLineA
GetCurrentThreadId
RtlUnwind
ExitProcess
GetModuleHandleExW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
SetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStartupInfoW
GetModuleHandleW
LCMapStringW
GetStdHandle
GetFileType
GetModuleFileNameA
QueryPerformanceCounter
GetCurrentProcessId
GetEnvironmentStringsW
FreeEnvironmentStringsW
WriteFile
GetModuleFileNameW
LoadLibraryExW
GetConsoleCP
GetConsoleMode
SetFilePointerEx
GetStringTypeW
SetStdHandle
WriteConsoleW
FlushFileBuffers

Exports

Exports

InstallFirefox

Sections

.text
Size: 105KB - Virtual size: 105KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 72KB - Virtual size: 71KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.11.12_Cisco-CRAT_Lazarus/4dccd9861da3b47bef43c72546044c1d136a5cb020aaa65a1ea494aec35e4910
.dll windows:6 windows x64 arch:x64

ccb87335a0c972884296455ec2c5fcfe

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

HeapReAlloc
HeapAlloc
HeapFree
GetProcessHeap
WideCharToMultiByte
HeapDestroy
InitializeCriticalSectionEx
RaiseException
GetLastError
HeapSize
DecodePointer
DeleteCriticalSection
FindResourceExW
FindResourceW
LoadResource
SizeofResource
LockResource
MultiByteToWideChar
LoadLibraryW
GetProcAddress
GetEnvironmentVariableW
SetPriorityClass
Sleep
SetThreadPriority
GetShortPathNameW
WaitForSingleObject
GetExitCodeThread
FlushInstructionCache
OutputDebugStringW
CloseHandle
CreateFileW
IsDebuggerPresent
EnterCriticalSection
LeaveCriticalSection
EncodePointer
IsProcessorFeaturePresent
GetSystemTimeAsFileTime
CreateThread
GetCurrentThreadId
ExitThread
LoadLibraryExW
GetCommandLineA
RtlPcToFileHeader
RtlLookupFunctionEntry
RtlUnwindEx
ExitProcess
GetModuleHandleExW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
SetLastError
RtlCaptureContext
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStartupInfoW
GetModuleHandleW
LCMapStringW
GetStdHandle
GetFileType
GetModuleFileNameA
QueryPerformanceCounter
GetCurrentProcessId
GetEnvironmentStringsW
FreeEnvironmentStringsW
WriteFile
GetModuleFileNameW
GetConsoleCP
GetConsoleMode
SetFilePointerEx
GetStringTypeW
SetStdHandle
WriteConsoleW
FlushFileBuffers

Exports

Exports

ExtractMicrosoftWord
GetFileInformationByHandle
GetFileVersionInfoA
GetFileVersionInfoExA
GetFileVersionInfoExW
GetFileVersionInfoSizeA
GetFileVersionInfoSizeExA
GetFileVersionInfoSizeExW
GetFileVersionInfoSizeW
GetFileVersionInfoW
PackImageStore
VerFindFileA
VerFindFileW
VerInstallFileA
VerInstallFileW
VerLanguageNameA
VerLanguageNameW
VerQueryValueA
VerQueryValueW

Sections

.text
Size: 136KB - Virtual size: 136KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 94KB - Virtual size: 93KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.11.12_Cisco-CRAT_Lazarus/5464728537836d4aa3d03e4d29ef21e59a324252c4b2a15ec21e9f5280f7c280
.dll windows:6 windows x64 arch:x64

ccb87335a0c972884296455ec2c5fcfe

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

HeapReAlloc
HeapAlloc
HeapFree
GetProcessHeap
WideCharToMultiByte
HeapDestroy
InitializeCriticalSectionEx
RaiseException
GetLastError
HeapSize
DecodePointer
DeleteCriticalSection
FindResourceExW
FindResourceW
LoadResource
SizeofResource
LockResource
MultiByteToWideChar
LoadLibraryW
GetProcAddress
GetEnvironmentVariableW
SetPriorityClass
Sleep
SetThreadPriority
GetShortPathNameW
WaitForSingleObject
GetExitCodeThread
FlushInstructionCache
OutputDebugStringW
CloseHandle
CreateFileW
IsDebuggerPresent
EnterCriticalSection
LeaveCriticalSection
EncodePointer
IsProcessorFeaturePresent
GetSystemTimeAsFileTime
CreateThread
GetCurrentThreadId
ExitThread
LoadLibraryExW
GetCommandLineA
RtlPcToFileHeader
RtlLookupFunctionEntry
RtlUnwindEx
ExitProcess
GetModuleHandleExW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
SetLastError
RtlCaptureContext
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStartupInfoW
GetModuleHandleW
LCMapStringW
GetStdHandle
GetFileType
GetModuleFileNameA
QueryPerformanceCounter
GetCurrentProcessId
GetEnvironmentStringsW
FreeEnvironmentStringsW
WriteFile
GetModuleFileNameW
GetConsoleCP
GetConsoleMode
SetFilePointerEx
GetStringTypeW
SetStdHandle
WriteConsoleW
FlushFileBuffers

Exports

Exports

ExtractMicrosoftWord
GetFileVersionInfoSizeW
GetFileVersionInfoW
PackImageStore
VerQueryValueW

Sections

.text
Size: 132KB - Virtual size: 131KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 91KB - Virtual size: 90KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.11.12_Cisco-CRAT_Lazarus/562c4102d48414ab32c6742f270948a5d92e3b2af6d30d04ba1f7411302cbea8
.dll windows:6 windows x64 arch:x64

e9fee7906601a5d381fed465bd744705

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

HeapReAlloc
FindResourceExW
FindResourceW
LoadResource
HeapAlloc
HeapFree
GetProcessHeap
SizeofResource
HeapDestroy
InitializeCriticalSectionEx
RaiseException
GetLastError
HeapSize
LockResource
DecodePointer
DeleteCriticalSection
WideCharToMultiByte
MultiByteToWideChar
LoadLibraryW
GetProcAddress
Sleep
OutputDebugStringW
CloseHandle
CreateFileW
FlushFileBuffers
WriteConsoleW
IsDebuggerPresent
EnterCriticalSection
LeaveCriticalSection
EncodePointer
IsProcessorFeaturePresent
GetSystemTimeAsFileTime
GetCommandLineA
GetCurrentThreadId
RtlPcToFileHeader
RtlLookupFunctionEntry
RtlUnwindEx
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
SetLastError
ExitProcess
GetModuleHandleExW
GetStdHandle
WriteFile
GetModuleFileNameW
RtlCaptureContext
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStartupInfoW
GetModuleHandleW
GetTimeZoneInformation
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetFileType
GetModuleFileNameA
QueryPerformanceCounter
GetCurrentProcessId
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetStringTypeW
LoadLibraryExW
GetConsoleCP
GetConsoleMode
SetFilePointerEx
SetStdHandle
SetEnvironmentVariableA

Exports

Exports

DownloadChrome
GetChromeVersion
InstallChrome
UninstallChrome
UpdateChrome

Sections

.text
Size: 114KB - Virtual size: 114KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 84KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.11.12_Cisco-CRAT_Lazarus/59628b36ba65a57600c48eaa57c8dcfffc955e447cb3e41b7351e875b359f714
.exe windows:6 windows x64 arch:x64

e456608853383d09bb4c95ae84a2a74f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

HeapReAlloc
HeapAlloc
HeapFree
GetProcessHeap
HeapDestroy
InitializeCriticalSectionEx
RaiseException
GetLastError
HeapSize
DecodePointer
DeleteCriticalSection
FindResourceExW
FindResourceW
LoadResource
SizeofResource
LockResource
MultiByteToWideChar
WideCharToMultiByte
LoadLibraryW
GetProcAddress
GetEnvironmentVariableW
SetPriorityClass
Sleep
SetThreadPriority
GetShortPathNameW
WaitForSingleObject
GetExitCodeThread
FlushInstructionCache
OutputDebugStringW
CloseHandle
CreateFileW
IsDebuggerPresent
EnterCriticalSection
LeaveCriticalSection
EncodePointer
IsProcessorFeaturePresent
GetSystemTimeAsFileTime
GetCommandLineA
RtlPcToFileHeader
RtlLookupFunctionEntry
RtlUnwindEx
ExitProcess
GetModuleHandleExW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
SetLastError
GetCurrentThreadId
RtlCaptureContext
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStartupInfoW
GetModuleHandleW
LCMapStringW
GetStdHandle
GetFileType
GetModuleFileNameA
WriteFile
GetModuleFileNameW
QueryPerformanceCounter
GetCurrentProcessId
GetEnvironmentStringsW
FreeEnvironmentStringsW
LoadLibraryExW
GetConsoleCP
GetConsoleMode
SetFilePointerEx
GetStringTypeW
SetStdHandle
WriteConsoleW
FlushFileBuffers

Sections

.text
Size: 114KB - Virtual size: 114KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 88KB - Virtual size: 87KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.11.12_Cisco-CRAT_Lazarus/5b627647df675d746f63280cf10a221abfe0a93bab88a96e45b4734beb05c021
.dll regsvr32 windows:6 windows x64 arch:x64

1a04a5645e25735ab6a06a56bb4d9338

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

HeapReAlloc
FindResourceExW
FindResourceW
LoadResource
HeapAlloc
HeapFree
GetProcessHeap
WideCharToMultiByte
SizeofResource
HeapDestroy
MultiByteToWideChar
InitializeCriticalSectionEx
RaiseException
GetLastError
HeapSize
LockResource
DecodePointer
DeleteCriticalSection
Sleep
LoadLibraryW
GetEnvironmentVariableW
SetPriorityClass
SetThreadPriority
GetShortPathNameW
WaitForSingleObject
GetExitCodeThread
FlushInstructionCache
OutputDebugStringW
IsBadReadPtr
SetLastError
GenerateConsoleCtrlEvent
FreeConsole
AttachConsole
SetConsoleCtrlHandler
GlobalFree
ReadConsoleW
ReadFile
SetEndOfFile
FlushFileBuffers
WriteConsoleW
IsDebuggerPresent
EnterCriticalSection
LeaveCriticalSection
EncodePointer
IsProcessorFeaturePresent
GetSystemTimeAsFileTime
CreateThread
GetCurrentThreadId
ExitThread
GetProcAddress
LoadLibraryExW
GetCommandLineA
ExitProcess
GetModuleHandleExW
GetStdHandle
WriteFile
GetModuleFileNameW
RtlUnwindEx
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
RtlPcToFileHeader
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStartupInfoW
GetModuleHandleW
GetTimeZoneInformation
GetStringTypeW
CompareStringW
LCMapStringW
GetConsoleCP
GetConsoleMode
CloseHandle
GetFileType
GetModuleFileNameA
QueryPerformanceCounter
GetCurrentProcessId
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetFilePointerEx
CreateFileW
SetStdHandle
SetEnvironmentVariableA

shlwapi

StrStrIW
PathFindFileNameW

Exports

Exports

DllRegisterServer
ExtractMicrosoftEdge
PackImageStore
SaveMicrosoftEdge

Sections

.text
Size: 439KB - Virtual size: 438KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 185KB - Virtual size: 185KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.11.12_Cisco-CRAT_Lazarus/5e10cda5415e28b3efc9b909da6518d1cbcb56957e9850b99a4eee3893400012
.dll windows:6 windows x64 arch:x64

ccb87335a0c972884296455ec2c5fcfe

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

HeapReAlloc
HeapAlloc
HeapFree
GetProcessHeap
WideCharToMultiByte
HeapDestroy
InitializeCriticalSectionEx
RaiseException
GetLastError
HeapSize
DecodePointer
DeleteCriticalSection
FindResourceExW
FindResourceW
LoadResource
SizeofResource
LockResource
MultiByteToWideChar
LoadLibraryW
GetProcAddress
GetEnvironmentVariableW
SetPriorityClass
Sleep
SetThreadPriority
GetShortPathNameW
WaitForSingleObject
GetExitCodeThread
FlushInstructionCache
OutputDebugStringW
CloseHandle
CreateFileW
IsDebuggerPresent
EnterCriticalSection
LeaveCriticalSection
EncodePointer
IsProcessorFeaturePresent
GetSystemTimeAsFileTime
CreateThread
GetCurrentThreadId
ExitThread
LoadLibraryExW
GetCommandLineA
RtlPcToFileHeader
RtlLookupFunctionEntry
RtlUnwindEx
ExitProcess
GetModuleHandleExW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
SetLastError
RtlCaptureContext
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStartupInfoW
GetModuleHandleW
LCMapStringW
GetStdHandle
GetFileType
GetModuleFileNameA
QueryPerformanceCounter
GetCurrentProcessId
GetEnvironmentStringsW
FreeEnvironmentStringsW
WriteFile
GetModuleFileNameW
GetConsoleCP
GetConsoleMode
SetFilePointerEx
GetStringTypeW
SetStdHandle
WriteConsoleW
FlushFileBuffers

Exports

Exports

ExtractMicrosoftWord
GetFileInformationByHandle
GetFileVersionInfoA
GetFileVersionInfoExA
GetFileVersionInfoExW
GetFileVersionInfoSizeA
GetFileVersionInfoSizeExA
GetFileVersionInfoSizeExW
GetFileVersionInfoSizeW
GetFileVersionInfoW
PackImageStore
VerFindFileA
VerFindFileW
VerInstallFileA
VerInstallFileW
VerLanguageNameA
VerLanguageNameW
VerQueryValueA
VerQueryValueW

Sections

.text
Size: 136KB - Virtual size: 136KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 94KB - Virtual size: 93KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.11.12_Cisco-CRAT_Lazarus/5fd89dbd129877d5141f9731a61af867b74fc7a33213233307b725ec97532a7b
.dll windows:6 windows x64 arch:x64

ccb87335a0c972884296455ec2c5fcfe

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

HeapReAlloc
HeapAlloc
HeapFree
GetProcessHeap
WideCharToMultiByte
HeapDestroy
InitializeCriticalSectionEx
RaiseException
GetLastError
HeapSize
DecodePointer
DeleteCriticalSection
FindResourceExW
FindResourceW
LoadResource
SizeofResource
LockResource
MultiByteToWideChar
LoadLibraryW
GetProcAddress
GetEnvironmentVariableW
SetPriorityClass
Sleep
SetThreadPriority
GetShortPathNameW
WaitForSingleObject
GetExitCodeThread
FlushInstructionCache
OutputDebugStringW
CloseHandle
CreateFileW
IsDebuggerPresent
EnterCriticalSection
LeaveCriticalSection
EncodePointer
IsProcessorFeaturePresent
GetSystemTimeAsFileTime
CreateThread
GetCurrentThreadId
ExitThread
LoadLibraryExW
GetCommandLineA
RtlPcToFileHeader
RtlLookupFunctionEntry
RtlUnwindEx
ExitProcess
GetModuleHandleExW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
SetLastError
RtlCaptureContext
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStartupInfoW
GetModuleHandleW
LCMapStringW
GetStdHandle
GetFileType
GetModuleFileNameA
QueryPerformanceCounter
GetCurrentProcessId
GetEnvironmentStringsW
FreeEnvironmentStringsW
WriteFile
GetModuleFileNameW
GetConsoleCP
GetConsoleMode
SetFilePointerEx
GetStringTypeW
SetStdHandle
WriteConsoleW
FlushFileBuffers

Exports

Exports

ExtractMicrosoftWord
GetFileInformationByHandle
GetFileVersionInfoA
GetFileVersionInfoExA
GetFileVersionInfoExW
GetFileVersionInfoSizeA
GetFileVersionInfoSizeExA
GetFileVersionInfoSizeExW
GetFileVersionInfoSizeW
GetFileVersionInfoW
PackImageStore
VerFindFileA
VerFindFileW
VerInstallFileA
VerInstallFileW
VerLanguageNameA
VerLanguageNameW
VerQueryValueA
VerQueryValueW

Sections

.text
Size: 136KB - Virtual size: 136KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 94KB - Virtual size: 93KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.11.12_Cisco-CRAT_Lazarus/683b4472a0df8af6c93ff10179e981a7908173bfb81bac2e12a3b9a022cf08d7
.dll windows:6 windows x64 arch:x64

00bd49a59c1bc7ad67f6525ae12a30a6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

HeapReAlloc
FindResourceExW
FindResourceW
LoadResource
HeapAlloc
HeapFree
GetProcessHeap
WideCharToMultiByte
SizeofResource
HeapDestroy
InitializeCriticalSectionEx
RaiseException
GetLastError
HeapSize
LockResource
DecodePointer
DeleteCriticalSection
MultiByteToWideChar
LoadLibraryW
GetProcAddress
Sleep
WaitForSingleObject
GetExitCodeThread
FlushInstructionCache
OutputDebugStringW
CloseHandle
CreateFileW
FlushFileBuffers
IsDebuggerPresent
EnterCriticalSection
LeaveCriticalSection
EncodePointer
IsProcessorFeaturePresent
GetSystemTimeAsFileTime
GetCommandLineA
GetCurrentThreadId
RtlPcToFileHeader
RtlLookupFunctionEntry
RtlUnwindEx
ExitProcess
GetModuleHandleExW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
SetLastError
RtlCaptureContext
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStartupInfoW
GetModuleHandleW
LCMapStringW
GetStdHandle
GetFileType
GetModuleFileNameA
QueryPerformanceCounter
GetCurrentProcessId
GetEnvironmentStringsW
FreeEnvironmentStringsW
WriteFile
GetModuleFileNameW
LoadLibraryExW
GetConsoleCP
GetConsoleMode
SetFilePointerEx
GetStringTypeW
SetStdHandle
WriteConsoleW

user32

MessageBoxW

Exports

Exports

ExtractMicrosoftWord
GetFileInformationByHandle
GetFileVersionInfoA
GetFileVersionInfoExA
GetFileVersionInfoExW
GetFileVersionInfoSizeA
GetFileVersionInfoSizeExA
GetFileVersionInfoSizeExW
GetFileVersionInfoSizeW
GetFileVersionInfoW
PackImageStore
VerFindFileA
VerFindFileW
VerInstallFileA
VerInstallFileW
VerLanguageNameA
VerLanguageNameW
VerQueryValueA
VerQueryValueW

Sections

.text
Size: 109KB - Virtual size: 108KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 90KB - Virtual size: 89KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.11.12_Cisco-CRAT_Lazarus/6caa98870efd1097ee13ae9c21c6f6c9202a19ad049a9e65c60fce5c889dc4c8
.dll windows:6 windows x86 arch:x86

141af9bb7916cf9a0067d05b9442691f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

E:\workspace\VS\crat_2\client\Build\Win32\DllRelease\ScreenCapture_Win32_DllRelease.pdb

Imports

kernel32

GetProcessHeap
SizeofResource
HeapDestroy
InitializeCriticalSectionEx
RaiseException
GetLastError
HeapSize
LockResource
DecodePointer
DeleteCriticalSection
WideCharToMultiByte
MultiByteToWideChar
LoadLibraryW
GetProcAddress
HeapFree
Sleep
OutputDebugStringW
MapViewOfFile
UnmapViewOfFile
FlushViewOfFile
CreateFileMappingW
CloseHandle
CreateFileW
FlushFileBuffers
WriteConsoleW
SetStdHandle
SetFilePointerEx
HeapAlloc
LoadResource
FindResourceW
FindResourceExW
HeapReAlloc
GetConsoleMode
GetConsoleCP
LoadLibraryExW
GetStringTypeW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCurrentProcessId
QueryPerformanceCounter
GetModuleFileNameA
GetFileType
LCMapStringW
GetModuleHandleW
IsDebuggerPresent
EnterCriticalSection
LeaveCriticalSection
EncodePointer
IsProcessorFeaturePresent
GetSystemTimeAsFileTime
GetCommandLineA
GetCurrentThreadId
RtlUnwind
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
SetLastError
ExitProcess
GetModuleHandleExW
GetStdHandle
WriteFile
GetModuleFileNameW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStartupInfoW

user32

EnumDisplayMonitors
GetDC
ReleaseDC
GetCursorPos

gdi32

DeleteObject
SelectObject
CreateCompatibleDC
CreateCompatibleBitmap
BitBlt

gdiplus

GdipGetImageEncodersSize
GdipAlloc
GdipDisposeImageAttributes
GdipGetEncoderParameterList
GdipGetImageGraphicsContext
GdipDeleteGraphics
GdipDisposeImage
GdipGetImagePixelFormat
GdipGetEncoderParameterListSize
GdipGetImageHeight
GdipSetImageAttributesColorMatrix
GdipFree
GdipDrawImageRectRect
GdiplusShutdown
GdipCreateBitmapFromHBITMAP
GdipCreateImageAttributes
GdipGetImageEncoders
GdipSaveImageToFile
GdipCloneImage
GdipGetImageWidth
GdipCreateBitmapFromScan0
GdiplusStartup

Exports

Exports

ConfigChrome
DownloadChrome
GetChromeVersion
InstallChrome
UninstallChrome
UpdateChrome

Sections

.text
Size: 98KB - Virtual size: 97KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 69KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.11.12_Cisco-CRAT_Lazarus/6d461bf3e3ca68b2d6d850322b79d5e3e647b0d515cb10449935bf6d77d7d5f2
.dll windows:6 windows x86 arch:x86

71ef9f8f16d376e87b7dfbf6f3e87934

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

E:\workspace\VS\crat_2\client\Build\Win32\DllRelease\KeyLog_Win32_DllRelease.pdb

Imports

kernel32

HeapReAlloc
FindResourceExW
FindResourceW
LoadResource
HeapAlloc
HeapFree
GetProcessHeap
SizeofResource
HeapDestroy
InitializeCriticalSectionEx
RaiseException
GetLastError
HeapSize
LockResource
DecodePointer
DeleteCriticalSection
WideCharToMultiByte
MultiByteToWideChar
LoadLibraryW
GetProcAddress
Sleep
OutputDebugStringW
CloseHandle
CreateFileW
FlushFileBuffers
WriteConsoleW
IsDebuggerPresent
EnterCriticalSection
LeaveCriticalSection
EncodePointer
IsProcessorFeaturePresent
GetSystemTimeAsFileTime
GetCommandLineA
GetCurrentThreadId
RtlUnwind
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
SetLastError
ExitProcess
GetModuleHandleExW
GetStdHandle
WriteFile
GetModuleFileNameW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStartupInfoW
GetModuleHandleW
GetTimeZoneInformation
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetFileType
GetModuleFileNameA
QueryPerformanceCounter
GetCurrentProcessId
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetStringTypeW
LoadLibraryExW
GetConsoleCP
GetConsoleMode
SetFilePointerEx
SetStdHandle
SetEnvironmentVariableA

Exports

Exports

DownloadChrome
GetChromeVersion
InstallChrome
UninstallChrome
UpdateChrome

Sections

.text
Size: 105KB - Virtual size: 105KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 66KB - Virtual size: 65KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.11.12_Cisco-CRAT_Lazarus/6d57df368c3e58be61bc36ee35123dcc5ce6d7a04cd6acfe7e10588038589ad4
.dll windows:6 windows x64 arch:x64

f70ab19f57e4abf2d082f80fae8fe3d9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

HeapReAlloc
FindResourceExW
FindResourceW
LoadResource
HeapAlloc
HeapFree
GetProcessHeap
WideCharToMultiByte
SizeofResource
HeapDestroy
InitializeCriticalSectionEx
RaiseException
GetLastError
HeapSize
LockResource
DecodePointer
DeleteCriticalSection
MultiByteToWideChar
LoadLibraryW
GetProcAddress
GetEnvironmentVariableW
SetPriorityClass
Sleep
SetThreadPriority
GetShortPathNameW
WaitForSingleObject
GetExitCodeThread
FlushInstructionCache
OutputDebugStringW
CloseHandle
CreateFileW
IsDebuggerPresent
EnterCriticalSection
LeaveCriticalSection
EncodePointer
IsProcessorFeaturePresent
GetSystemTimeAsFileTime
CreateThread
GetCurrentThreadId
ExitThread
LoadLibraryExW
GetCommandLineA
RtlPcToFileHeader
RtlLookupFunctionEntry
RtlUnwindEx
ExitProcess
GetModuleHandleExW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
SetLastError
RtlCaptureContext
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStartupInfoW
GetModuleHandleW
LCMapStringW
GetStdHandle
GetFileType
GetModuleFileNameA
QueryPerformanceCounter
GetCurrentProcessId
GetEnvironmentStringsW
FreeEnvironmentStringsW
WriteFile
GetModuleFileNameW
GetConsoleCP
GetConsoleMode
SetFilePointerEx
GetStringTypeW
SetStdHandle
WriteConsoleW
FlushFileBuffers

Exports

Exports

ExtractMicrosoftWord
GetFileVersionInfoSizeW
GetFileVersionInfoW
PackImageStore
VerQueryValueW

Sections

.text
Size: 136KB - Virtual size: 136KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 96KB - Virtual size: 95KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.11.12_Cisco-CRAT_Lazarus/6f79db3e7fa1f3c9e1ea2e0fe098994f109949f82b97c6612386693164d3c7e2
.exe windows:6 windows x64 arch:x64

88720e3f29bfdd60999ea1b61c881f8b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

E:\workspace\VS\crat_2\client\Build\x64\ExeRelease\maintenanceservice_x64_ExeRelease.pdb

Imports

kernel32

LoadResource
HeapAlloc
HeapFree
GetProcessHeap
SizeofResource
HeapDestroy
InitializeCriticalSectionEx
RaiseException
GetLastError
HeapSize
LockResource
DecodePointer
DeleteCriticalSection
WideCharToMultiByte
FindResourceW
LoadLibraryW
GetProcAddress
GetEnvironmentVariableW
SetPriorityClass
Sleep
SetThreadPriority
GetShortPathNameW
WaitForSingleObject
GetExitCodeThread
FlushInstructionCache
VirtualAllocEx
OutputDebugStringW
CloseHandle
CreateFileW
FindResourceExW
MultiByteToWideChar
HeapReAlloc
FlushFileBuffers
WriteConsoleW
IsDebuggerPresent
EnterCriticalSection
LeaveCriticalSection
EncodePointer
IsProcessorFeaturePresent
GetSystemTimeAsFileTime
GetCommandLineW
RtlPcToFileHeader
RtlLookupFunctionEntry
RtlUnwindEx
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
SetLastError
GetCurrentThreadId
ExitProcess
GetModuleHandleExW
GetStdHandle
WriteFile
GetModuleFileNameW
RtlCaptureContext
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStartupInfoW
GetModuleHandleW
LCMapStringW
GetFileType
QueryPerformanceCounter
GetCurrentProcessId
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetStringTypeW
LoadLibraryExW
GetConsoleCP
GetConsoleMode
SetFilePointerEx
SetStdHandle

advapi32

LookupPrivilegeValueW
AdjustTokenPrivileges

shlwapi

StrStrIW

Sections

.text
Size: 120KB - Virtual size: 120KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 92KB - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.11.12_Cisco-CRAT_Lazarus/7050af905f1696b2b8cdb4c6e6805a618addf5acfbd4edc3fc807a663016ab26
Malware-Feed-master/2020.11.12_Cisco-CRAT_Lazarus/70d92da003eb044d9c5aa057400256a51836466d2f20066deedf64e294466c20
.dll windows:6 windows x64 arch:x64

4fcf04eefb4162f5c4b77cabedab04c1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

HeapReAlloc
FindResourceExW
FindResourceW
LoadResource
HeapAlloc
HeapFree
GetProcessHeap
WideCharToMultiByte
SizeofResource
HeapDestroy
InitializeCriticalSectionEx
RaiseException
GetLastError
HeapSize
LockResource
DecodePointer
DeleteCriticalSection
MultiByteToWideChar
LoadLibraryW
GetProcAddress
Sleep
GetExitCodeThread
FlushInstructionCache
OutputDebugStringW
CloseHandle
CreateFileW
FlushFileBuffers
IsDebuggerPresent
EnterCriticalSection
LeaveCriticalSection
EncodePointer
IsProcessorFeaturePresent
GetSystemTimeAsFileTime
GetCommandLineA
GetCurrentThreadId
RtlPcToFileHeader
RtlLookupFunctionEntry
RtlUnwindEx
ExitProcess
GetModuleHandleExW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
SetLastError
RtlCaptureContext
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStartupInfoW
GetModuleHandleW
LCMapStringW
GetStdHandle
GetFileType
GetModuleFileNameA
QueryPerformanceCounter
GetCurrentProcessId
GetEnvironmentStringsW
FreeEnvironmentStringsW
WriteFile
GetModuleFileNameW
LoadLibraryExW
GetConsoleCP
GetConsoleMode
SetFilePointerEx
GetStringTypeW
SetStdHandle
WriteConsoleW

user32

MessageBoxW

Exports

Exports

ExtractMicrosoftWord
GetFileInformationByHandle
GetFileVersionInfoA
GetFileVersionInfoExA
GetFileVersionInfoExW
GetFileVersionInfoSizeA
GetFileVersionInfoSizeExA
GetFileVersionInfoSizeExW
GetFileVersionInfoSizeW
GetFileVersionInfoW
PackImageStore
VerFindFileA
VerFindFileW
VerInstallFileA
VerInstallFileW
VerLanguageNameA
VerLanguageNameW
VerQueryValueA
VerQueryValueW

Sections

.text
Size: 109KB - Virtual size: 109KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 90KB - Virtual size: 89KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.11.12_Cisco-CRAT_Lazarus/72d7b55e82080ff84693e1ecdfa7128ef9c513b3b8cc5e411715a40ef4ee0557
.dll windows:6 windows x64 arch:x64

ccb87335a0c972884296455ec2c5fcfe

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

HeapReAlloc
HeapAlloc
HeapFree
GetProcessHeap
WideCharToMultiByte
HeapDestroy
InitializeCriticalSectionEx
RaiseException
GetLastError
HeapSize
DecodePointer
DeleteCriticalSection
FindResourceExW
FindResourceW
LoadResource
SizeofResource
LockResource
MultiByteToWideChar
LoadLibraryW
GetProcAddress
GetEnvironmentVariableW
SetPriorityClass
Sleep
SetThreadPriority
GetShortPathNameW
WaitForSingleObject
GetExitCodeThread
FlushInstructionCache
OutputDebugStringW
CloseHandle
CreateFileW
IsDebuggerPresent
EnterCriticalSection
LeaveCriticalSection
EncodePointer
IsProcessorFeaturePresent
GetSystemTimeAsFileTime
CreateThread
GetCurrentThreadId
ExitThread
LoadLibraryExW
GetCommandLineA
RtlPcToFileHeader
RtlLookupFunctionEntry
RtlUnwindEx
ExitProcess
GetModuleHandleExW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
SetLastError
RtlCaptureContext
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStartupInfoW
GetModuleHandleW
LCMapStringW
GetStdHandle
GetFileType
GetModuleFileNameA
QueryPerformanceCounter
GetCurrentProcessId
GetEnvironmentStringsW
FreeEnvironmentStringsW
WriteFile
GetModuleFileNameW
GetConsoleCP
GetConsoleMode
SetFilePointerEx
GetStringTypeW
SetStdHandle
WriteConsoleW
FlushFileBuffers

Exports

Exports

ExtractMicrosoftWord
GetFileInformationByHandle
GetFileVersionInfoA
GetFileVersionInfoExA
GetFileVersionInfoExW
GetFileVersionInfoSizeA
GetFileVersionInfoSizeExA
GetFileVersionInfoSizeExW
GetFileVersionInfoSizeW
GetFileVersionInfoW
PackImageStore
VerFindFileA
VerFindFileW
VerInstallFileA
VerInstallFileW
VerLanguageNameA
VerLanguageNameW
VerQueryValueA
VerQueryValueW

Sections

.text
Size: 136KB - Virtual size: 136KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 94KB - Virtual size: 93KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.11.12_Cisco-CRAT_Lazarus/7a3915a7d919fb266496616a06311c456c8e45b98cfd24c92ac4bf0af75fa3ef
.dll windows:6 windows x64 arch:x64

e17f19373b6b94ff71ac263ff368cef3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

HeapReAlloc
FindResourceExW
FindResourceW
LoadResource
HeapAlloc
HeapFree
GetProcessHeap
WideCharToMultiByte
SizeofResource
HeapDestroy
InitializeCriticalSectionEx
RaiseException
GetLastError
HeapSize
LockResource
DecodePointer
DeleteCriticalSection
MultiByteToWideChar
LoadLibraryW
GetProcAddress
Sleep
GetExitCodeThread
FlushInstructionCache
OutputDebugStringW
CloseHandle
CreateFileW
IsDebuggerPresent
EnterCriticalSection
LeaveCriticalSection
EncodePointer
IsProcessorFeaturePresent
GetSystemTimeAsFileTime
CreateThread
GetCurrentThreadId
ExitThread
LoadLibraryExW
GetCommandLineA
RtlPcToFileHeader
RtlLookupFunctionEntry
RtlUnwindEx
ExitProcess
GetModuleHandleExW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
SetLastError
RtlCaptureContext
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStartupInfoW
GetModuleHandleW
LCMapStringW
GetStdHandle
GetFileType
GetModuleFileNameA
QueryPerformanceCounter
GetCurrentProcessId
GetEnvironmentStringsW
FreeEnvironmentStringsW
WriteFile
GetModuleFileNameW
GetConsoleCP
GetConsoleMode
SetFilePointerEx
GetStringTypeW
SetStdHandle
WriteConsoleW
FlushFileBuffers

Exports

Exports

ExtractMicrosoftWord
GetFileInformationByHandle
GetFileVersionInfoA
GetFileVersionInfoExA
GetFileVersionInfoExW
GetFileVersionInfoSizeA
GetFileVersionInfoSizeExA
GetFileVersionInfoSizeExW
GetFileVersionInfoSizeW
GetFileVersionInfoW
PackImageStore
VerFindFileA
VerFindFileW
VerInstallFileA
VerInstallFileW
VerLanguageNameA
VerLanguageNameW
VerQueryValueA
VerQueryValueW

Sections

.text
Size: 104KB - Virtual size: 103KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 92KB - Virtual size: 91KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.11.12_Cisco-CRAT_Lazarus/7a78dacbb7ff88b536d4a8db4e647df9efed8cea2d26cef0e21f7791e61bfbad
.dll windows:6 windows x64 arch:x64

ccb87335a0c972884296455ec2c5fcfe

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

HeapReAlloc
HeapAlloc
HeapFree
GetProcessHeap
WideCharToMultiByte
HeapDestroy
InitializeCriticalSectionEx
RaiseException
GetLastError
HeapSize
DecodePointer
DeleteCriticalSection
FindResourceExW
FindResourceW
LoadResource
SizeofResource
LockResource
MultiByteToWideChar
LoadLibraryW
GetProcAddress
GetEnvironmentVariableW
SetPriorityClass
Sleep
SetThreadPriority
GetShortPathNameW
WaitForSingleObject
GetExitCodeThread
FlushInstructionCache
OutputDebugStringW
CloseHandle
CreateFileW
IsDebuggerPresent
EnterCriticalSection
LeaveCriticalSection
EncodePointer
IsProcessorFeaturePresent
GetSystemTimeAsFileTime
CreateThread
GetCurrentThreadId
ExitThread
LoadLibraryExW
GetCommandLineA
RtlPcToFileHeader
RtlLookupFunctionEntry
RtlUnwindEx
ExitProcess
GetModuleHandleExW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
SetLastError
RtlCaptureContext
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStartupInfoW
GetModuleHandleW
LCMapStringW
GetStdHandle
GetFileType
GetModuleFileNameA
QueryPerformanceCounter
GetCurrentProcessId
GetEnvironmentStringsW
FreeEnvironmentStringsW
WriteFile
GetModuleFileNameW
GetConsoleCP
GetConsoleMode
SetFilePointerEx
GetStringTypeW
SetStdHandle
WriteConsoleW
FlushFileBuffers

Exports

Exports

ExtractMicrosoftWord
GetFileInformationByHandle
GetFileVersionInfoA
GetFileVersionInfoExA
GetFileVersionInfoExW
GetFileVersionInfoSizeA
GetFileVersionInfoSizeExA
GetFileVersionInfoSizeExW
GetFileVersionInfoSizeW
GetFileVersionInfoW
PackImageStore
VerFindFileA
VerFindFileW
VerInstallFileA
VerInstallFileW
VerLanguageNameA
VerLanguageNameW
VerQueryValueA
VerQueryValueW

Sections

.text
Size: 133KB - Virtual size: 133KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 91KB - Virtual size: 91KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.11.12_Cisco-CRAT_Lazarus/833a896b9236164472fa3ba30e63446b474f9f204fee06ac297877246b674871
.dll regsvr32 windows:5 windows x86 arch:x86

f951038a4fea0f06b3d387812606ba96

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

HeapAlloc
GetCurrentProcess
HeapFree
GetProcessHeap
InitializeCriticalSectionAndSpinCount
SizeofResource
HeapDestroy
RaiseException
GetLastError
HeapSize
LockResource
DecodePointer
DeleteCriticalSection
CheckRemoteDebuggerPresent
WideCharToMultiByte
MultiByteToWideChar
GetTickCount64
Sleep
LoadLibraryW
GetCurrentProcessId
GetTempFileNameW
LoadResource
GetDriveTypeW
GetLogicalDriveStringsW
GetFileAttributesW
GetTempPathW
FindClose
FindNextFileW
SetFileAttributesW
WaitForSingleObject
OpenProcess
GetExitCodeThread
FlushInstructionCache
VirtualAllocEx
OutputDebugStringW
LocalAlloc
LocalFree
GlobalFree
ReadConsoleW
ReadFile
SetEndOfFile
FindResourceW
FindResourceExW
FindFirstFileW
HeapReAlloc
FlushFileBuffers
WriteConsoleW
SetStdHandle
CreateFileW
SetFilePointerEx
IsDebuggerPresent
EnterCriticalSection
LeaveCriticalSection
EncodePointer
IsProcessorFeaturePresent
GetSystemTimeAsFileTime
CreateThread
GetCurrentThreadId
ExitThread
GetProcAddress
LoadLibraryExW
GetCommandLineA
RtlUnwind
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
SetLastError
ExitProcess
GetModuleHandleExW
GetStdHandle
WriteFile
GetModuleFileNameW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStartupInfoW
GetModuleHandleW
GetTimeZoneInformation
CompareStringW
LCMapStringW
GetStringTypeW
GetConsoleCP
GetConsoleMode
CloseHandle
GetFileType
GetModuleFileNameA
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA

user32

GetForegroundWindow

advapi32

LookupPrivilegeValueW
OpenProcessToken
AdjustTokenPrivileges

oleaut32

SysAllocString
VariantClear
SysFreeString

shlwapi

PathFindFileNameW
StrStrIW

Exports

Exports

DllRegisterServer
UninstallChrome
_HelloWorld@20

Sections

.text
Size: 225KB - Virtual size: 225KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 92KB - Virtual size: 91KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.11.12_Cisco-CRAT_Lazarus/8377a53f7890f3cf01f8919207c981fb63b1b0e63860d5731622a0cad94fdd09
.exe windows:6 windows x64 arch:x64

7bc13ebab50e23693dce9e811a4f6e0a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

HeapSize
EnterCriticalSection
DecodePointer
DeleteCriticalSection
FindResourceExW
FindResourceW
LoadResource
SizeofResource
LockResource
MultiByteToWideChar
LoadLibraryW
GetProcAddress
GetEnvironmentVariableW
Sleep
GetShortPathNameW
GetLastError
OutputDebugStringW
IsBadReadPtr
SetLastError
GetConsoleWindow
WaitForSingleObject
SetEvent
CreateEventW
CreateThread
lstrcmpW
LocalAlloc
LocalFree
GetTickCount
CloseHandle
CreateFileW
FlushFileBuffers
RaiseException
InitializeCriticalSectionEx
LeaveCriticalSection
HeapDestroy
WideCharToMultiByte
InitializeCriticalSection
GetProcessHeap
HeapFree
HeapAlloc
HeapReAlloc
IsDebuggerPresent
EncodePointer
IsProcessorFeaturePresent
GetSystemTimeAsFileTime
GetCommandLineW
RtlPcToFileHeader
RtlLookupFunctionEntry
RtlUnwindEx
ExitProcess
GetModuleHandleExW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCurrentThreadId
RtlCaptureContext
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStartupInfoW
GetModuleHandleW
LCMapStringW
GetStdHandle
WriteFile
GetModuleFileNameW
GetStringTypeW
GetFileType
QueryPerformanceCounter
GetCurrentProcessId
GetEnvironmentStringsW
FreeEnvironmentStringsW
LoadLibraryExW
GetConsoleCP
GetConsoleMode
SetFilePointerEx
SetStdHandle
WriteConsoleW

user32

ShowWindow

Sections

.text
Size: 136KB - Virtual size: 136KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 105KB - Virtual size: 105KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 23KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.11.12_Cisco-CRAT_Lazarus/844d60691d843de53d42b73d635314d50c4ba4d3b2aa2b93465ac0336e4c0588
.dll regsvr32 windows:6 windows x64 arch:x64

1a04a5645e25735ab6a06a56bb4d9338

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

HeapReAlloc
FindResourceExW
FindResourceW
LoadResource
HeapAlloc
HeapFree
GetProcessHeap
WideCharToMultiByte
SizeofResource
HeapDestroy
MultiByteToWideChar
InitializeCriticalSectionEx
RaiseException
GetLastError
HeapSize
LockResource
DecodePointer
DeleteCriticalSection
Sleep
LoadLibraryW
GetEnvironmentVariableW
SetPriorityClass
SetThreadPriority
GetShortPathNameW
WaitForSingleObject
GetExitCodeThread
FlushInstructionCache
OutputDebugStringW
IsBadReadPtr
SetLastError
GenerateConsoleCtrlEvent
FreeConsole
AttachConsole
SetConsoleCtrlHandler
GlobalFree
ReadConsoleW
ReadFile
SetEndOfFile
FlushFileBuffers
WriteConsoleW
IsDebuggerPresent
EnterCriticalSection
LeaveCriticalSection
EncodePointer
IsProcessorFeaturePresent
GetSystemTimeAsFileTime
CreateThread
GetCurrentThreadId
ExitThread
GetProcAddress
LoadLibraryExW
GetCommandLineA
ExitProcess
GetModuleHandleExW
GetStdHandle
WriteFile
GetModuleFileNameW
RtlUnwindEx
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
RtlPcToFileHeader
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStartupInfoW
GetModuleHandleW
GetTimeZoneInformation
GetStringTypeW
CompareStringW
LCMapStringW
GetConsoleCP
GetConsoleMode
CloseHandle
GetFileType
GetModuleFileNameA
QueryPerformanceCounter
GetCurrentProcessId
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetFilePointerEx
CreateFileW
SetStdHandle
SetEnvironmentVariableA

shlwapi

StrStrIW
PathFindFileNameW

Exports

Exports

DllRegisterServer
ExtractMicrosoftEdge
PackImageStore
SaveMicrosoftEdge

Sections

.text
Size: 439KB - Virtual size: 438KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 185KB - Virtual size: 185KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.11.12_Cisco-CRAT_Lazarus/87ce3a13a58ae8007b002ac81f43dc364c1b93b0d3c2a19d46a4480caca9ae29
.dll regsvr32 windows:6 windows x64 arch:x64

1a04a5645e25735ab6a06a56bb4d9338

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

HeapReAlloc
FindResourceExW
FindResourceW
LoadResource
HeapAlloc
HeapFree
GetProcessHeap
WideCharToMultiByte
SizeofResource
HeapDestroy
MultiByteToWideChar
InitializeCriticalSectionEx
RaiseException
GetLastError
HeapSize
LockResource
DecodePointer
DeleteCriticalSection
Sleep
LoadLibraryW
GetEnvironmentVariableW
SetPriorityClass
SetThreadPriority
GetShortPathNameW
WaitForSingleObject
GetExitCodeThread
FlushInstructionCache
OutputDebugStringW
IsBadReadPtr
SetLastError
GenerateConsoleCtrlEvent
FreeConsole
AttachConsole
SetConsoleCtrlHandler
GlobalFree
ReadConsoleW
ReadFile
SetEndOfFile
FlushFileBuffers
WriteConsoleW
IsDebuggerPresent
EnterCriticalSection
LeaveCriticalSection
EncodePointer
IsProcessorFeaturePresent
GetSystemTimeAsFileTime
CreateThread
GetCurrentThreadId
ExitThread
GetProcAddress
LoadLibraryExW
GetCommandLineA
ExitProcess
GetModuleHandleExW
GetStdHandle
WriteFile
GetModuleFileNameW
RtlUnwindEx
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
RtlPcToFileHeader
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStartupInfoW
GetModuleHandleW
GetTimeZoneInformation
GetStringTypeW
CompareStringW
LCMapStringW
GetConsoleCP
GetConsoleMode
CloseHandle
GetFileType
GetModuleFileNameA
QueryPerformanceCounter
GetCurrentProcessId
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetFilePointerEx
CreateFileW
SetStdHandle
SetEnvironmentVariableA

shlwapi

StrStrIW
PathFindFileNameW

Exports

Exports

DllRegisterServer
ExtractMicrosoftEdge
PackImageStore
SaveMicrosoftEdge

Sections

.text
Size: 439KB - Virtual size: 438KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 185KB - Virtual size: 185KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.11.12_Cisco-CRAT_Lazarus/88c168cd261dabea1b7223e8c05042be7e0505dedf6fd5effea90ae42e127968
.exe windows:5 windows x86 arch:x86

283262b4b3363ace7b4ac02aa1de21db

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

Sleep
CreateDirectoryW
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
CreateFileW
GetFileSize
ReadFile
CloseHandle
WriteFile
CreateThread
CreateEventW
WaitForSingleObject
SetEvent
SizeofResource
LockResource
LoadResource
FindResourceW
FindResourceExW
DeleteCriticalSection
GetCurrentThreadId
ReleaseMutex
CreateMutexW
GetLastError
InterlockedDecrement
LoadLibraryW
GetProcAddress
GetNativeSystemInfo
GetComputerNameW
GetLocaleInfoW
WideCharToMultiByte
OpenProcess
TerminateProcess
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
GetSystemDirectoryW
CreatePipe
GetStartupInfoW
CreateProcessW
TerminateThread
DisconnectNamedPipe
PeekNamedPipe
WaitForMultipleObjects
GetModuleFileNameW
DeleteFileW
GetFileSizeEx
GetDriveTypeW
GetProcessHeap
FindNextFileW
FindClose
SetFilePointer
RemoveDirectoryW
SetFilePointerEx
SetEndOfFile
SetFileTime
SetFileAttributesW
GetFileAttributesW
GetTickCount
Module32FirstW
GetCommandLineW
lstrcatW
InitializeCriticalSectionAndSpinCount
RaiseException
DecodePointer
GetShortPathNameW
GetEnvironmentVariableW
lstrcpyW
SetPriorityClass
GetCurrentProcess
SetThreadPriority
GetCurrentThread
SetProcessPriorityBoost
ExitProcess
GlobalSize
GlobalLock
GlobalUnlock
SetUnhandledExceptionFilter
GetProcessShutdownParameters
SetProcessShutdownParameters
IsDebuggerPresent
OutputDebugStringW
EncodePointer
GetSystemTimeAsFileTime
IsProcessorFeaturePresent
LocalFree
lstrlenA
FlushFileBuffers
WriteConsoleW
SetStdHandle
GetStringTypeW
LCMapStringW
GetFileAttributesExW
LoadLibraryExW
GetConsoleMode
GetConsoleCP
MultiByteToWideChar
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
FindFirstFileW
HeapDestroy
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCurrentProcessId
QueryPerformanceCounter
GetFileType
GetStdHandle
GetModuleHandleW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
RtlUnwind
GetModuleHandleExW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
UnhandledExceptionFilter
SetLastError

user32

ChangeClipboardChain
GetAsyncKeyState
GetForegroundWindow
PostQuitMessage
LoadIconW
EndPaint
RegisterClassExW
CreateWindowExW
GetMessageW
TranslateMessage
DispatchMessageW
BeginPaint
SetClipboardViewer
DefWindowProcW
CloseClipboard
GetClipboardData
LoadCursorW
GetWindowTextW
GetKeyState
RegisterWindowMessageW
BroadcastSystemMessageW
SendMessageW
OpenClipboard

advapi32

RegDeleteValueW
RegCloseKey
RegSetValueExW
RegOpenKeyW
GetUserNameW
RegCreateKeyW

shell32

SHGetFolderPathW
SHChangeNotify
ShellExecuteExW
ShellExecuteW

ole32

CoInitializeSecurity
CoUninitialize
CoCreateInstance
CoSetProxyBlanket
CoInitialize
CoInitializeEx

oleaut32

SafeArrayGetLBound
VariantClear
SysFreeString
SysAllocStringLen
SafeArrayGetUBound
SysAllocString
SafeArrayGetElement

shlwapi

PathQuoteSpacesW

wininet

InternetOpenW
InternetCloseHandle
InternetOpenUrlW
InternetCrackUrlW
InternetConnectW
HttpOpenRequestW
HttpSendRequestW
InternetReadFile

ws2_32

WSACleanup
inet_ntoa
gethostbyname
gethostname
WSAStartup

netapi32

NetUserGetInfo
NetApiBufferFree

urlmon

URLDownloadToFileW

Exports

Exports

?ReflectiveLoader@@YGXPAX0K0K@Z
getVersion

Sections

.text
Size: 133KB - Virtual size: 133KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 110KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text0
Size: 198KB - Virtual size: 197KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 469B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.11.12_Cisco-CRAT_Lazarus/88f5c94ad66e75a66795875bacafb3cbbe87d1533ae3ddb41575b9711965c75b
.dll regsvr32 windows:6 windows x64 arch:x64

1a04a5645e25735ab6a06a56bb4d9338

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

HeapReAlloc
FindResourceExW
FindResourceW
LoadResource
HeapAlloc
HeapFree
GetProcessHeap
WideCharToMultiByte
SizeofResource
HeapDestroy
MultiByteToWideChar
InitializeCriticalSectionEx
RaiseException
GetLastError
HeapSize
LockResource
DecodePointer
DeleteCriticalSection
Sleep
LoadLibraryW
GetEnvironmentVariableW
SetPriorityClass
SetThreadPriority
GetShortPathNameW
WaitForSingleObject
GetExitCodeThread
FlushInstructionCache
OutputDebugStringW
IsBadReadPtr
SetLastError
GenerateConsoleCtrlEvent
FreeConsole
AttachConsole
SetConsoleCtrlHandler
GlobalFree
ReadConsoleW
ReadFile
SetEndOfFile
FlushFileBuffers
WriteConsoleW
IsDebuggerPresent
EnterCriticalSection
LeaveCriticalSection
EncodePointer
IsProcessorFeaturePresent
GetSystemTimeAsFileTime
CreateThread
GetCurrentThreadId
ExitThread
GetProcAddress
LoadLibraryExW
GetCommandLineA
ExitProcess
GetModuleHandleExW
GetStdHandle
WriteFile
GetModuleFileNameW
RtlUnwindEx
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
RtlPcToFileHeader
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStartupInfoW
GetModuleHandleW
GetTimeZoneInformation
GetStringTypeW
CompareStringW
LCMapStringW
GetConsoleCP
GetConsoleMode
CloseHandle
GetFileType
GetModuleFileNameA
QueryPerformanceCounter
GetCurrentProcessId
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetFilePointerEx
CreateFileW
SetStdHandle
SetEnvironmentVariableA

shlwapi

StrStrIW
PathFindFileNameW

Exports

Exports

DllRegisterServer
ExtractMicrosoftEdge
PackImageStore
SaveMicrosoftEdge

Sections

.text
Size: 439KB - Virtual size: 438KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 185KB - Virtual size: 185KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.11.12_Cisco-CRAT_Lazarus/8ae6f663bf40036379857d65521ce1c78c11cd9b5b4848cec0e7f1ad56e65743
.exe windows:6 windows x64 arch:x64

7bc13ebab50e23693dce9e811a4f6e0a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

HeapSize
EnterCriticalSection
DecodePointer
DeleteCriticalSection
FindResourceExW
FindResourceW
LoadResource
SizeofResource
LockResource
MultiByteToWideChar
LoadLibraryW
GetProcAddress
GetEnvironmentVariableW
Sleep
GetShortPathNameW
GetLastError
OutputDebugStringW
IsBadReadPtr
SetLastError
GetConsoleWindow
WaitForSingleObject
SetEvent
CreateEventW
CreateThread
lstrcmpW
LocalAlloc
LocalFree
GetTickCount
CloseHandle
CreateFileW
FlushFileBuffers
RaiseException
InitializeCriticalSectionEx
LeaveCriticalSection
HeapDestroy
WideCharToMultiByte
InitializeCriticalSection
GetProcessHeap
HeapFree
HeapAlloc
HeapReAlloc
IsDebuggerPresent
EncodePointer
IsProcessorFeaturePresent
GetSystemTimeAsFileTime
GetCommandLineW
RtlPcToFileHeader
RtlLookupFunctionEntry
RtlUnwindEx
ExitProcess
GetModuleHandleExW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCurrentThreadId
RtlCaptureContext
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStartupInfoW
GetModuleHandleW
LCMapStringW
GetStdHandle
WriteFile
GetModuleFileNameW
GetStringTypeW
GetFileType
QueryPerformanceCounter
GetCurrentProcessId
GetEnvironmentStringsW
FreeEnvironmentStringsW
LoadLibraryExW
GetConsoleCP
GetConsoleMode
SetFilePointerEx
SetStdHandle
WriteConsoleW

user32

ShowWindow

Sections

.text
Size: 136KB - Virtual size: 136KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 105KB - Virtual size: 105KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 23KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.11.12_Cisco-CRAT_Lazarus/8edfc15862e3a9b7824fcb4b55c4fefdb4b28b66e3689a6f854e05aef5206dbb
.dll regsvr32 windows:5 windows x64 arch:x64

84e1b90bbde77da7465598aaf2847150

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

HeapAlloc
GetCurrentProcess
HeapFree
GetProcessHeap
InitializeCriticalSectionAndSpinCount
SizeofResource
HeapDestroy
RaiseException
GetLastError
HeapSize
LockResource
DecodePointer
DeleteCriticalSection
CheckRemoteDebuggerPresent
WideCharToMultiByte
MultiByteToWideChar
GetTickCount64
Sleep
LoadLibraryW
GetCurrentProcessId
GetTempFileNameW
LoadResource
GetDriveTypeW
GetLogicalDriveStringsW
GetFileAttributesW
GetTempPathW
FindClose
FindNextFileW
SetFileAttributesW
WaitForSingleObject
OpenProcess
GetExitCodeThread
FlushInstructionCache
VirtualAllocEx
OutputDebugStringW
LocalAlloc
LocalFree
GlobalFree
ReadConsoleW
ReadFile
SetEndOfFile
FindResourceW
FindResourceExW
FindFirstFileW
HeapReAlloc
FlushFileBuffers
WriteConsoleW
SetStdHandle
CreateFileW
SetFilePointerEx
IsDebuggerPresent
EnterCriticalSection
LeaveCriticalSection
EncodePointer
IsProcessorFeaturePresent
GetSystemTimeAsFileTime
CreateThread
GetCurrentThreadId
ExitThread
GetProcAddress
LoadLibraryExW
GetCommandLineA
RtlPcToFileHeader
RtlLookupFunctionEntry
RtlUnwindEx
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
SetLastError
ExitProcess
GetModuleHandleExW
GetStdHandle
WriteFile
GetModuleFileNameW
RtlCaptureContext
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStartupInfoW
GetModuleHandleW
GetTimeZoneInformation
CompareStringW
LCMapStringW
GetStringTypeW
GetConsoleCP
GetConsoleMode
CloseHandle
GetFileType
GetModuleFileNameA
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA

user32

GetForegroundWindow

advapi32

LookupPrivilegeValueW
OpenProcessToken
AdjustTokenPrivileges

oleaut32

SysAllocString
VariantClear
SysFreeString

shlwapi

PathFindFileNameW
StrStrIW

Exports

Exports

DllRegisterServer
HelloWorld
UninstallChrome

Sections

.text
Size: 261KB - Virtual size: 260KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 129KB - Virtual size: 129KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.11.12_Cisco-CRAT_Lazarus/8f0bfbde00e5e86223e586874df892e6fb2b97b133a909b7fdeacf7614df478f
.dll windows:6 windows x64 arch:x64

ccb87335a0c972884296455ec2c5fcfe

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

HeapReAlloc
HeapAlloc
HeapFree
GetProcessHeap
WideCharToMultiByte
HeapDestroy
InitializeCriticalSectionEx
RaiseException
GetLastError
HeapSize
DecodePointer
DeleteCriticalSection
FindResourceExW
FindResourceW
LoadResource
SizeofResource
LockResource
MultiByteToWideChar
LoadLibraryW
GetProcAddress
GetEnvironmentVariableW
SetPriorityClass
Sleep
SetThreadPriority
GetShortPathNameW
WaitForSingleObject
GetExitCodeThread
FlushInstructionCache
OutputDebugStringW
CloseHandle
CreateFileW
IsDebuggerPresent
EnterCriticalSection
LeaveCriticalSection
EncodePointer
IsProcessorFeaturePresent
GetSystemTimeAsFileTime
CreateThread
GetCurrentThreadId
ExitThread
LoadLibraryExW
GetCommandLineA
RtlPcToFileHeader
RtlLookupFunctionEntry
RtlUnwindEx
ExitProcess
GetModuleHandleExW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
SetLastError
RtlCaptureContext
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStartupInfoW
GetModuleHandleW
LCMapStringW
GetStdHandle
GetFileType
GetModuleFileNameA
QueryPerformanceCounter
GetCurrentProcessId
GetEnvironmentStringsW
FreeEnvironmentStringsW
WriteFile
GetModuleFileNameW
GetConsoleCP
GetConsoleMode
SetFilePointerEx
GetStringTypeW
SetStdHandle
WriteConsoleW
FlushFileBuffers

Exports

Exports

ExtractMicrosoftWord
GetFileInformationByHandle
GetFileVersionInfoA
GetFileVersionInfoExA
GetFileVersionInfoExW
GetFileVersionInfoSizeA
GetFileVersionInfoSizeExA
GetFileVersionInfoSizeExW
GetFileVersionInfoSizeW
GetFileVersionInfoW
PackImageStore
VerFindFileA
VerFindFileW
VerInstallFileA
VerInstallFileW
VerLanguageNameA
VerLanguageNameW
VerQueryValueA
VerQueryValueW

Sections

.text
Size: 136KB - Virtual size: 136KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 94KB - Virtual size: 93KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.11.12_Cisco-CRAT_Lazarus/916654e2ee43d2ee43f0d5e9d41f8527aaf239684f91f9b92ac5c1937cd45c91
.dll regsvr32 windows:6 windows x64 arch:x64

0fa425869ebc2006b3c9df9817ff2cbc

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

HeapReAlloc
FindResourceExW
FindResourceW
LoadResource
HeapAlloc
HeapFree
GetProcessHeap
WideCharToMultiByte
SizeofResource
HeapDestroy
MultiByteToWideChar
InitializeCriticalSectionEx
RaiseException
GetLastError
HeapSize
LockResource
DecodePointer
DeleteCriticalSection
Sleep
LoadLibraryW
GetEnvironmentVariableW
SetPriorityClass
SetThreadPriority
GetShortPathNameW
WaitForSingleObject
GetExitCodeThread
FlushInstructionCache
VirtualAllocEx
OutputDebugStringW
GenerateConsoleCtrlEvent
FreeConsole
AttachConsole
SetConsoleCtrlHandler
GlobalFree
ReadConsoleW
ReadFile
SetEndOfFile
FlushFileBuffers
WriteConsoleW
IsDebuggerPresent
EnterCriticalSection
LeaveCriticalSection
EncodePointer
IsProcessorFeaturePresent
GetSystemTimeAsFileTime
CreateThread
GetCurrentThreadId
ExitThread
GetProcAddress
LoadLibraryExW
GetCommandLineA
ExitProcess
GetModuleHandleExW
GetStdHandle
WriteFile
GetModuleFileNameW
RtlUnwindEx
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
SetLastError
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStartupInfoW
GetModuleHandleW
RtlPcToFileHeader
GetTimeZoneInformation
GetStringTypeW
CompareStringW
LCMapStringW
GetConsoleCP
GetConsoleMode
CloseHandle
GetFileType
GetModuleFileNameA
QueryPerformanceCounter
GetCurrentProcessId
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetFilePointerEx
CreateFileW
SetStdHandle
SetEnvironmentVariableA

shlwapi

StrStrIW
PathFindFileNameW

Exports

Exports

DllRegisterServer
ExtractImageStore
HelloWorld
PackImageStore
SaveImageStore

Sections

.text
Size: 413KB - Virtual size: 413KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 191KB - Virtual size: 191KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.11.12_Cisco-CRAT_Lazarus/931f57262214890f3eff9add25fb5dc2521185e4567c722637f173343b02b9fb
.dll regsvr32 windows:6 windows x64 arch:x64

1a04a5645e25735ab6a06a56bb4d9338

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

HeapReAlloc
FindResourceExW
FindResourceW
LoadResource
HeapAlloc
HeapFree
GetProcessHeap
WideCharToMultiByte
SizeofResource
HeapDestroy
MultiByteToWideChar
InitializeCriticalSectionEx
RaiseException
GetLastError
HeapSize
LockResource
DecodePointer
DeleteCriticalSection
Sleep
LoadLibraryW
GetEnvironmentVariableW
SetPriorityClass
SetThreadPriority
GetShortPathNameW
WaitForSingleObject
GetExitCodeThread
FlushInstructionCache
OutputDebugStringW
IsBadReadPtr
SetLastError
GenerateConsoleCtrlEvent
FreeConsole
AttachConsole
SetConsoleCtrlHandler
GlobalFree
ReadConsoleW
ReadFile
SetEndOfFile
FlushFileBuffers
WriteConsoleW
IsDebuggerPresent
EnterCriticalSection
LeaveCriticalSection
EncodePointer
IsProcessorFeaturePresent
GetSystemTimeAsFileTime
CreateThread
GetCurrentThreadId
ExitThread
GetProcAddress
LoadLibraryExW
GetCommandLineA
ExitProcess
GetModuleHandleExW
GetStdHandle
WriteFile
GetModuleFileNameW
RtlUnwindEx
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
RtlPcToFileHeader
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStartupInfoW
GetModuleHandleW
GetTimeZoneInformation
GetStringTypeW
CompareStringW
LCMapStringW
GetConsoleCP
GetConsoleMode
CloseHandle
GetFileType
GetModuleFileNameA
QueryPerformanceCounter
GetCurrentProcessId
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetFilePointerEx
CreateFileW
SetStdHandle
SetEnvironmentVariableA

shlwapi

StrStrIW
PathFindFileNameW

Exports

Exports

DllRegisterServer
ExtractMicrosoftEdge
PackImageStore
SaveMicrosoftEdge

Sections

.text
Size: 439KB - Virtual size: 438KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 185KB - Virtual size: 185KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.11.12_Cisco-CRAT_Lazarus/9461599bc85cf2ef11cb79a827fd365a086726b7c022fb2bfe5fb9f83e71cf9a
.dll windows:6 windows x64 arch:x64

ccb87335a0c972884296455ec2c5fcfe

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

HeapReAlloc
HeapAlloc
HeapFree
GetProcessHeap
WideCharToMultiByte
HeapDestroy
InitializeCriticalSectionEx
RaiseException
GetLastError
HeapSize
DecodePointer
DeleteCriticalSection
FindResourceExW
FindResourceW
LoadResource
SizeofResource
LockResource
MultiByteToWideChar
LoadLibraryW
GetProcAddress
GetEnvironmentVariableW
SetPriorityClass
Sleep
SetThreadPriority
GetShortPathNameW
WaitForSingleObject
GetExitCodeThread
FlushInstructionCache
OutputDebugStringW
CloseHandle
CreateFileW
IsDebuggerPresent
EnterCriticalSection
LeaveCriticalSection
EncodePointer
IsProcessorFeaturePresent
GetSystemTimeAsFileTime
CreateThread
GetCurrentThreadId
ExitThread
LoadLibraryExW
GetCommandLineA
RtlPcToFileHeader
RtlLookupFunctionEntry
RtlUnwindEx
ExitProcess
GetModuleHandleExW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
SetLastError
RtlCaptureContext
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStartupInfoW
GetModuleHandleW
LCMapStringW
GetStdHandle
GetFileType
GetModuleFileNameA
QueryPerformanceCounter
GetCurrentProcessId
GetEnvironmentStringsW
FreeEnvironmentStringsW
WriteFile
GetModuleFileNameW
GetConsoleCP
GetConsoleMode
SetFilePointerEx
GetStringTypeW
SetStdHandle
WriteConsoleW
FlushFileBuffers

Exports

Exports

ExtractMicrosoftWord
GetFileInformationByHandle
GetFileVersionInfoA
GetFileVersionInfoExA
GetFileVersionInfoExW
GetFileVersionInfoSizeA
GetFileVersionInfoSizeExA
GetFileVersionInfoSizeExW
GetFileVersionInfoSizeW
GetFileVersionInfoW
PackImageStore
VerFindFileA
VerFindFileW
VerInstallFileA
VerInstallFileW
VerLanguageNameA
VerLanguageNameW
VerQueryValueA
VerQueryValueW

Sections

.text
Size: 136KB - Virtual size: 136KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 94KB - Virtual size: 93KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.11.12_Cisco-CRAT_Lazarus/955abf30fd464dd572938eaf324d3447ecd8cb6df183bbddee2a58f54da83f4c
.exe windows:6 windows x64 arch:x64

0ab216983068f6b9e797c38bbc38f8e5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

HeapReAlloc
FindResourceExW
FindResourceW
LoadResource
HeapAlloc
HeapFree
GetProcessHeap
SizeofResource
HeapDestroy
InitializeCriticalSectionEx
RaiseException
GetLastError
HeapSize
LockResource
DecodePointer
DeleteCriticalSection
MultiByteToWideChar
WideCharToMultiByte
LoadLibraryW
GetProcAddress
GetEnvironmentVariableW
SetPriorityClass
Sleep
SetThreadPriority
GetShortPathNameW
WaitForSingleObject
GetExitCodeThread
FlushInstructionCache
OutputDebugStringW
CloseHandle
CreateFileW
IsDebuggerPresent
EnterCriticalSection
LeaveCriticalSection
EncodePointer
IsProcessorFeaturePresent
GetSystemTimeAsFileTime
GetCommandLineA
RtlPcToFileHeader
RtlLookupFunctionEntry
RtlUnwindEx
ExitProcess
GetModuleHandleExW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
SetLastError
GetCurrentThreadId
RtlCaptureContext
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStartupInfoW
GetModuleHandleW
LCMapStringW
GetStdHandle
GetFileType
GetModuleFileNameA
WriteFile
GetModuleFileNameW
QueryPerformanceCounter
GetCurrentProcessId
GetEnvironmentStringsW
FreeEnvironmentStringsW
LoadLibraryExW
GetConsoleCP
GetConsoleMode
SetFilePointerEx
GetStringTypeW
SetStdHandle
WriteConsoleW
FlushFileBuffers

Sections

.text
Size: 110KB - Virtual size: 109KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 91KB - Virtual size: 90KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.11.12_Cisco-CRAT_Lazarus/9a6d3d07e784247fac1292c0f17a46247e8bdeb1f468c9b8b48c4459063c3ed5
.dll windows:6 windows x64 arch:x64

4fcf04eefb4162f5c4b77cabedab04c1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

HeapReAlloc
FindResourceExW
FindResourceW
LoadResource
HeapAlloc
HeapFree
GetProcessHeap
WideCharToMultiByte
SizeofResource
HeapDestroy
InitializeCriticalSectionEx
RaiseException
GetLastError
HeapSize
LockResource
DecodePointer
DeleteCriticalSection
MultiByteToWideChar
LoadLibraryW
GetProcAddress
Sleep
GetExitCodeThread
FlushInstructionCache
OutputDebugStringW
CloseHandle
CreateFileW
FlushFileBuffers
IsDebuggerPresent
EnterCriticalSection
LeaveCriticalSection
EncodePointer
IsProcessorFeaturePresent
GetSystemTimeAsFileTime
GetCommandLineA
GetCurrentThreadId
RtlPcToFileHeader
RtlLookupFunctionEntry
RtlUnwindEx
ExitProcess
GetModuleHandleExW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
SetLastError
RtlCaptureContext
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStartupInfoW
GetModuleHandleW
LCMapStringW
GetStdHandle
GetFileType
GetModuleFileNameA
QueryPerformanceCounter
GetCurrentProcessId
GetEnvironmentStringsW
FreeEnvironmentStringsW
WriteFile
GetModuleFileNameW
LoadLibraryExW
GetConsoleCP
GetConsoleMode
SetFilePointerEx
GetStringTypeW
SetStdHandle
WriteConsoleW

user32

MessageBoxW

Exports

Exports

ExtractMicrosoftWord
GetFileInformationByHandle
GetFileVersionInfoA
GetFileVersionInfoExA
GetFileVersionInfoExW
GetFileVersionInfoSizeA
GetFileVersionInfoSizeExA
GetFileVersionInfoSizeExW
GetFileVersionInfoSizeW
GetFileVersionInfoW
PackImageStore
VerFindFileA
VerFindFileW
VerInstallFileA
VerInstallFileW
VerLanguageNameA
VerLanguageNameW
VerQueryValueA
VerQueryValueW

Sections

.text
Size: 109KB - Virtual size: 109KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 90KB - Virtual size: 89KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.11.12_Cisco-CRAT_Lazarus/9f953f544afd265176ecb904cc8286cafc27270df0cec56265259c1588083202
.dll windows:6 windows x64 arch:x64

4fcf04eefb4162f5c4b77cabedab04c1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

HeapReAlloc
FindResourceExW
FindResourceW
LoadResource
HeapAlloc
HeapFree
GetProcessHeap
WideCharToMultiByte
SizeofResource
HeapDestroy
InitializeCriticalSectionEx
RaiseException
GetLastError
HeapSize
LockResource
DecodePointer
DeleteCriticalSection
MultiByteToWideChar
LoadLibraryW
GetProcAddress
Sleep
GetExitCodeThread
FlushInstructionCache
OutputDebugStringW
CloseHandle
CreateFileW
FlushFileBuffers
IsDebuggerPresent
EnterCriticalSection
LeaveCriticalSection
EncodePointer
IsProcessorFeaturePresent
GetSystemTimeAsFileTime
GetCommandLineA
GetCurrentThreadId
RtlPcToFileHeader
RtlLookupFunctionEntry
RtlUnwindEx
ExitProcess
GetModuleHandleExW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
SetLastError
RtlCaptureContext
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStartupInfoW
GetModuleHandleW
LCMapStringW
GetStdHandle
GetFileType
GetModuleFileNameA
QueryPerformanceCounter
GetCurrentProcessId
GetEnvironmentStringsW
FreeEnvironmentStringsW
WriteFile
GetModuleFileNameW
LoadLibraryExW
GetConsoleCP
GetConsoleMode
SetFilePointerEx
GetStringTypeW
SetStdHandle
WriteConsoleW

user32

MessageBoxW

Exports

Exports

ExtractMicrosoftWord
GetFileInformationByHandle
GetFileVersionInfoA
GetFileVersionInfoExA
GetFileVersionInfoExW
GetFileVersionInfoSizeA
GetFileVersionInfoSizeExA
GetFileVersionInfoSizeExW
GetFileVersionInfoSizeW
GetFileVersionInfoW
PackImageStore
VerFindFileA
VerFindFileW
VerInstallFileA
VerInstallFileW
VerLanguageNameA
VerLanguageNameW
VerQueryValueA
VerQueryValueW

Sections

.text
Size: 109KB - Virtual size: 109KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 90KB - Virtual size: 90KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.11.12_Cisco-CRAT_Lazarus/9fc572e3a6c30221e5eecdd488efabbaf1bab04dff34860263495620fa4706c1
.dll windows:6 windows x64 arch:x64

f70ab19f57e4abf2d082f80fae8fe3d9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

HeapReAlloc
FindResourceExW
FindResourceW
LoadResource
HeapAlloc
HeapFree
GetProcessHeap
WideCharToMultiByte
SizeofResource
HeapDestroy
InitializeCriticalSectionEx
RaiseException
GetLastError
HeapSize
LockResource
DecodePointer
DeleteCriticalSection
MultiByteToWideChar
LoadLibraryW
GetProcAddress
GetEnvironmentVariableW
SetPriorityClass
Sleep
SetThreadPriority
GetShortPathNameW
WaitForSingleObject
GetExitCodeThread
FlushInstructionCache
OutputDebugStringW
CloseHandle
CreateFileW
IsDebuggerPresent
EnterCriticalSection
LeaveCriticalSection
EncodePointer
IsProcessorFeaturePresent
GetSystemTimeAsFileTime
CreateThread
GetCurrentThreadId
ExitThread
LoadLibraryExW
GetCommandLineA
RtlPcToFileHeader
RtlLookupFunctionEntry
RtlUnwindEx
ExitProcess
GetModuleHandleExW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
SetLastError
RtlCaptureContext
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStartupInfoW
GetModuleHandleW
LCMapStringW
GetStdHandle
GetFileType
GetModuleFileNameA
QueryPerformanceCounter
GetCurrentProcessId
GetEnvironmentStringsW
FreeEnvironmentStringsW
WriteFile
GetModuleFileNameW
GetConsoleCP
GetConsoleMode
SetFilePointerEx
GetStringTypeW
SetStdHandle
WriteConsoleW
FlushFileBuffers

Exports

Exports

ExtractMicrosoftWord
GetFileInformationByHandle
GetFileVersionInfoA
GetFileVersionInfoExA
GetFileVersionInfoExW
GetFileVersionInfoSizeA
GetFileVersionInfoSizeExA
GetFileVersionInfoSizeExW
GetFileVersionInfoSizeW
GetFileVersionInfoW
PackImageStore
VerFindFileA
VerFindFileW
VerInstallFileA
VerInstallFileW
VerLanguageNameA
VerLanguageNameW
VerQueryValueA
VerQueryValueW

Sections

.text
Size: 132KB - Virtual size: 131KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 96KB - Virtual size: 96KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.11.12_Cisco-CRAT_Lazarus/README.md
Malware-Feed-master/2020.11.12_Cisco-CRAT_Lazarus/a052ee9f75231a60ad1210411b7296ff5adf7e9e268bf2f123f0560e0cb37b09
.dll windows:6 windows x64 arch:x64

4fcf04eefb4162f5c4b77cabedab04c1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

HeapReAlloc
FindResourceExW
FindResourceW
LoadResource
HeapAlloc
HeapFree
GetProcessHeap
WideCharToMultiByte
SizeofResource
HeapDestroy
InitializeCriticalSectionEx
RaiseException
GetLastError
HeapSize
LockResource
DecodePointer
DeleteCriticalSection
MultiByteToWideChar
LoadLibraryW
GetProcAddress
Sleep
GetExitCodeThread
FlushInstructionCache
OutputDebugStringW
CloseHandle
CreateFileW
FlushFileBuffers
IsDebuggerPresent
EnterCriticalSection
LeaveCriticalSection
EncodePointer
IsProcessorFeaturePresent
GetSystemTimeAsFileTime
GetCommandLineA
GetCurrentThreadId
RtlPcToFileHeader
RtlLookupFunctionEntry
RtlUnwindEx
ExitProcess
GetModuleHandleExW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
SetLastError
RtlCaptureContext
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStartupInfoW
GetModuleHandleW
LCMapStringW
GetStdHandle
GetFileType
GetModuleFileNameA
QueryPerformanceCounter
GetCurrentProcessId
GetEnvironmentStringsW
FreeEnvironmentStringsW
WriteFile
GetModuleFileNameW
LoadLibraryExW
GetConsoleCP
GetConsoleMode
SetFilePointerEx
GetStringTypeW
SetStdHandle
WriteConsoleW

user32

MessageBoxW

Exports

Exports

ExtractMicrosoftWord
GetFileInformationByHandle
GetFileVersionInfoA
GetFileVersionInfoExA
GetFileVersionInfoExW
GetFileVersionInfoSizeA
GetFileVersionInfoSizeExA
GetFileVersionInfoSizeExW
GetFileVersionInfoSizeW
GetFileVersionInfoW
PackImageStore
VerFindFileA
VerFindFileW
VerInstallFileA
VerInstallFileW
VerLanguageNameA
VerLanguageNameW
VerQueryValueA
VerQueryValueW

Sections

.text
Size: 109KB - Virtual size: 109KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 90KB - Virtual size: 89KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.11.12_Cisco-CRAT_Lazarus/a1c7709d147d8182892585bc965317816367ebabc273e8a99559ade24b19ed7f
.dll windows:6 windows x64 arch:x64

f70ab19f57e4abf2d082f80fae8fe3d9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

HeapReAlloc
FindResourceExW
FindResourceW
LoadResource
HeapAlloc
HeapFree
GetProcessHeap
WideCharToMultiByte
SizeofResource
HeapDestroy
InitializeCriticalSectionEx
RaiseException
GetLastError
HeapSize
LockResource
DecodePointer
DeleteCriticalSection
MultiByteToWideChar
LoadLibraryW
GetProcAddress
GetEnvironmentVariableW
SetPriorityClass
Sleep
SetThreadPriority
GetShortPathNameW
WaitForSingleObject
GetExitCodeThread
FlushInstructionCache
OutputDebugStringW
CloseHandle
CreateFileW
IsDebuggerPresent
EnterCriticalSection
LeaveCriticalSection
EncodePointer
IsProcessorFeaturePresent
GetSystemTimeAsFileTime
CreateThread
GetCurrentThreadId
ExitThread
LoadLibraryExW
GetCommandLineA
RtlPcToFileHeader
RtlLookupFunctionEntry
RtlUnwindEx
ExitProcess
GetModuleHandleExW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
SetLastError
RtlCaptureContext
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStartupInfoW
GetModuleHandleW
LCMapStringW
GetStdHandle
GetFileType
GetModuleFileNameA
QueryPerformanceCounter
GetCurrentProcessId
GetEnvironmentStringsW
FreeEnvironmentStringsW
WriteFile
GetModuleFileNameW
GetConsoleCP
GetConsoleMode
SetFilePointerEx
GetStringTypeW
SetStdHandle
WriteConsoleW
FlushFileBuffers

Exports

Exports

ExtractMicrosoftWord
GetFileVersionInfoSizeW
GetFileVersionInfoW
PackImageStore
VerQueryValueW

Sections

.text
Size: 138KB - Virtual size: 137KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 96KB - Virtual size: 95KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.11.12_Cisco-CRAT_Lazarus/a24d66f4356de33ba9227d4e496cc975995f1bd72d72e47f74f07648c45c5308
.dll windows:6 windows x64 arch:x64

ccb87335a0c972884296455ec2c5fcfe

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

HeapReAlloc
HeapAlloc
HeapFree
GetProcessHeap
WideCharToMultiByte
HeapDestroy
InitializeCriticalSectionEx
RaiseException
GetLastError
HeapSize
DecodePointer
DeleteCriticalSection
FindResourceExW
FindResourceW
LoadResource
SizeofResource
LockResource
MultiByteToWideChar
LoadLibraryW
GetProcAddress
GetEnvironmentVariableW
SetPriorityClass
Sleep
SetThreadPriority
GetShortPathNameW
WaitForSingleObject
GetExitCodeThread
FlushInstructionCache
OutputDebugStringW
CloseHandle
CreateFileW
IsDebuggerPresent
EnterCriticalSection
LeaveCriticalSection
EncodePointer
IsProcessorFeaturePresent
GetSystemTimeAsFileTime
CreateThread
GetCurrentThreadId
ExitThread
LoadLibraryExW
GetCommandLineA
RtlPcToFileHeader
RtlLookupFunctionEntry
RtlUnwindEx
ExitProcess
GetModuleHandleExW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
SetLastError
RtlCaptureContext
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStartupInfoW
GetModuleHandleW
LCMapStringW
GetStdHandle
GetFileType
GetModuleFileNameA
QueryPerformanceCounter
GetCurrentProcessId
GetEnvironmentStringsW
FreeEnvironmentStringsW
WriteFile
GetModuleFileNameW
GetConsoleCP
GetConsoleMode
SetFilePointerEx
GetStringTypeW
SetStdHandle
WriteConsoleW
FlushFileBuffers

Exports

Exports

ExtractMicrosoftWord
GetFileInformationByHandle
GetFileVersionInfoA
GetFileVersionInfoExA
GetFileVersionInfoExW
GetFileVersionInfoSizeA
GetFileVersionInfoSizeExA
GetFileVersionInfoSizeExW
GetFileVersionInfoSizeW
GetFileVersionInfoW
PackImageStore
VerFindFileA
VerFindFileW
VerInstallFileA
VerInstallFileW
VerLanguageNameA
VerLanguageNameW
VerQueryValueA
VerQueryValueW

Sections

.text
Size: 136KB - Virtual size: 136KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 94KB - Virtual size: 93KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.11.12_Cisco-CRAT_Lazarus/a36a7e247ea5920514b4d918a6dcdcc7c7f84f0c657b2297a1a0eba3558e24c2
.dll regsvr32 windows:6 windows x86 arch:x86

64bf8f4f2ae50e7313a98966f8277b77

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

G:\crat0\client\Build\Win32\DllRelease\zero_Win32.pdb

Imports

kernel32

HeapReAlloc
HeapAlloc
HeapFree
GetProcessHeap
HeapDestroy
MultiByteToWideChar
InitializeCriticalSectionEx
RaiseException
GetLastError
HeapSize
DecodePointer
DeleteCriticalSection
GetProcAddress
LoadLibraryA
GetEnvironmentVariableW
SetPriorityClass
Sleep
SetThreadPriority
GetShortPathNameW
ResumeThread
OutputDebugStringW
FindResourceExW
FindResourceW
LoadResource
WideCharToMultiByte
SizeofResource
LockResource
GlobalFree
CreateFileW
ReadConsoleW
EncodePointer
IsDebuggerPresent
IsProcessorFeaturePresent
GetSystemTimeAsFileTime
GetCommandLineA
GetCurrentThreadId
RtlUnwind
ExitProcess
GetModuleHandleExW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
SetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStartupInfoW
GetModuleHandleW
GetStdHandle
WriteFile
GetModuleFileNameW
EnterCriticalSection
LeaveCriticalSection
GetConsoleCP
GetConsoleMode
CloseHandle
GetFileType
GetModuleFileNameA
QueryPerformanceCounter
GetCurrentProcessId
GetEnvironmentStringsW
FreeEnvironmentStringsW
LoadLibraryExW
LCMapStringW
GetStringTypeW
SetFilePointerEx
SetStdHandle
WriteConsoleW
FlushFileBuffers
ReadFile

Exports

Exports

DllRegisterServer
InstallSafari

Sections

.text
Size: 159KB - Virtual size: 159KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 50KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.11.12_Cisco-CRAT_Lazarus/a52a8a9c99f58fb18ca3f969736f1deffd611c35851cff1bd5bd36ef27f2426d
.dll windows:6 windows x64 arch:x64

ccb87335a0c972884296455ec2c5fcfe

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

HeapReAlloc
HeapAlloc
HeapFree
GetProcessHeap
WideCharToMultiByte
HeapDestroy
InitializeCriticalSectionEx
RaiseException
GetLastError
HeapSize
DecodePointer
DeleteCriticalSection
FindResourceExW
FindResourceW
LoadResource
SizeofResource
LockResource
MultiByteToWideChar
LoadLibraryW
GetProcAddress
GetEnvironmentVariableW
SetPriorityClass
Sleep
SetThreadPriority
GetShortPathNameW
WaitForSingleObject
GetExitCodeThread
FlushInstructionCache
OutputDebugStringW
CloseHandle
CreateFileW
IsDebuggerPresent
EnterCriticalSection
LeaveCriticalSection
EncodePointer
IsProcessorFeaturePresent
GetSystemTimeAsFileTime
CreateThread
GetCurrentThreadId
ExitThread
LoadLibraryExW
GetCommandLineA
RtlPcToFileHeader
RtlLookupFunctionEntry
RtlUnwindEx
ExitProcess
GetModuleHandleExW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
SetLastError
RtlCaptureContext
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStartupInfoW
GetModuleHandleW
LCMapStringW
GetStdHandle
GetFileType
GetModuleFileNameA
QueryPerformanceCounter
GetCurrentProcessId
GetEnvironmentStringsW
FreeEnvironmentStringsW
WriteFile
GetModuleFileNameW
GetConsoleCP
GetConsoleMode
SetFilePointerEx
GetStringTypeW
SetStdHandle
WriteConsoleW
FlushFileBuffers

Exports

Exports

ExtractMicrosoftWord
GetFileVersionInfoSizeW
GetFileVersionInfoW
PackImageStore
VerQueryValueW

Sections

.text
Size: 132KB - Virtual size: 131KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 91KB - Virtual size: 90KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.11.12_Cisco-CRAT_Lazarus/a668af2c1b45bf83d509c88ad4b3e6fbadc7e9e3db4ea688888c7712866d1339
.exe windows:6 windows x64 arch:x64

0ab216983068f6b9e797c38bbc38f8e5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

HeapReAlloc
FindResourceExW
FindResourceW
LoadResource
HeapAlloc
HeapFree
GetProcessHeap
SizeofResource
HeapDestroy
InitializeCriticalSectionEx
RaiseException
GetLastError
HeapSize
LockResource
DecodePointer
DeleteCriticalSection
MultiByteToWideChar
WideCharToMultiByte
LoadLibraryW
GetProcAddress
GetEnvironmentVariableW
SetPriorityClass
Sleep
SetThreadPriority
GetShortPathNameW
WaitForSingleObject
GetExitCodeThread
FlushInstructionCache
OutputDebugStringW
CloseHandle
CreateFileW
IsDebuggerPresent
EnterCriticalSection
LeaveCriticalSection
EncodePointer
IsProcessorFeaturePresent
GetSystemTimeAsFileTime
GetCommandLineA
RtlPcToFileHeader
RtlLookupFunctionEntry
RtlUnwindEx
ExitProcess
GetModuleHandleExW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
SetLastError
GetCurrentThreadId
RtlCaptureContext
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStartupInfoW
GetModuleHandleW
LCMapStringW
GetStdHandle
GetFileType
GetModuleFileNameA
WriteFile
GetModuleFileNameW
QueryPerformanceCounter
GetCurrentProcessId
GetEnvironmentStringsW
FreeEnvironmentStringsW
LoadLibraryExW
GetConsoleCP
GetConsoleMode
SetFilePointerEx
GetStringTypeW
SetStdHandle
WriteConsoleW
FlushFileBuffers

Sections

.text
Size: 111KB - Virtual size: 111KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 91KB - Virtual size: 91KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.11.12_Cisco-CRAT_Lazarus/a7da1ec5745bb7ef5a4fd05d37d83b49b41ab70fae518e6a00b7caa30c417576
.dll windows:6 windows x64 arch:x64

f70ab19f57e4abf2d082f80fae8fe3d9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

HeapReAlloc
FindResourceExW
FindResourceW
LoadResource
HeapAlloc
HeapFree
GetProcessHeap
WideCharToMultiByte
SizeofResource
HeapDestroy
InitializeCriticalSectionEx
RaiseException
GetLastError
HeapSize
LockResource
DecodePointer
DeleteCriticalSection
MultiByteToWideChar
LoadLibraryW
GetProcAddress
GetEnvironmentVariableW
SetPriorityClass
Sleep
SetThreadPriority
GetShortPathNameW
WaitForSingleObject
GetExitCodeThread
FlushInstructionCache
OutputDebugStringW
CloseHandle
CreateFileW
IsDebuggerPresent
EnterCriticalSection
LeaveCriticalSection
EncodePointer
IsProcessorFeaturePresent
GetSystemTimeAsFileTime
CreateThread
GetCurrentThreadId
ExitThread
LoadLibraryExW
GetCommandLineA
RtlPcToFileHeader
RtlLookupFunctionEntry
RtlUnwindEx
ExitProcess
GetModuleHandleExW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
SetLastError
RtlCaptureContext
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStartupInfoW
GetModuleHandleW
LCMapStringW
GetStdHandle
GetFileType
GetModuleFileNameA
QueryPerformanceCounter
GetCurrentProcessId
GetEnvironmentStringsW
FreeEnvironmentStringsW
WriteFile
GetModuleFileNameW
GetConsoleCP
GetConsoleMode
SetFilePointerEx
GetStringTypeW
SetStdHandle
WriteConsoleW
FlushFileBuffers

Exports

Exports

ExtractMicrosoftWord
GetFileVersionInfoSizeW
GetFileVersionInfoW
PackImageStore
VerQueryValueW

Sections

.text
Size: 136KB - Virtual size: 136KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 96KB - Virtual size: 95KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.11.12_Cisco-CRAT_Lazarus/ab794769599c3f046d34d00051685b7235bce119f212ec8739b6e206dd73b0bf
.exe windows:6 windows x64 arch:x64

7bc13ebab50e23693dce9e811a4f6e0a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

HeapSize
EnterCriticalSection
DecodePointer
DeleteCriticalSection
FindResourceExW
FindResourceW
LoadResource
SizeofResource
LockResource
MultiByteToWideChar
LoadLibraryW
GetProcAddress
GetEnvironmentVariableW
Sleep
GetShortPathNameW
GetLastError
OutputDebugStringW
IsBadReadPtr
SetLastError
GetConsoleWindow
WaitForSingleObject
SetEvent
CreateEventW
CreateThread
lstrcmpW
LocalAlloc
LocalFree
GetTickCount
CloseHandle
CreateFileW
FlushFileBuffers
RaiseException
InitializeCriticalSectionEx
LeaveCriticalSection
HeapDestroy
WideCharToMultiByte
InitializeCriticalSection
GetProcessHeap
HeapFree
HeapAlloc
HeapReAlloc
IsDebuggerPresent
EncodePointer
IsProcessorFeaturePresent
GetSystemTimeAsFileTime
GetCommandLineW
RtlPcToFileHeader
RtlLookupFunctionEntry
RtlUnwindEx
ExitProcess
GetModuleHandleExW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCurrentThreadId
RtlCaptureContext
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStartupInfoW
GetModuleHandleW
LCMapStringW
GetStdHandle
WriteFile
GetModuleFileNameW
GetStringTypeW
GetFileType
QueryPerformanceCounter
GetCurrentProcessId
GetEnvironmentStringsW
FreeEnvironmentStringsW
LoadLibraryExW
GetConsoleCP
GetConsoleMode
SetFilePointerEx
SetStdHandle
WriteConsoleW

user32

ShowWindow

Sections

.text
Size: 136KB - Virtual size: 136KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 105KB - Virtual size: 105KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 23KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.11.12_Cisco-CRAT_Lazarus/b27c02b4a272453194d0f03c395c4e3dbdf0efc4b8a61cd33b1a70320acf5345
.dll windows:6 windows x64 arch:x64

ed37e4e30d0c9e066e02b75b270939ed

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

HeapReAlloc
HeapAlloc
HeapFree
GetProcessHeap
HeapDestroy
InitializeCriticalSectionEx
RaiseException
GetLastError
HeapSize
DecodePointer
DeleteCriticalSection
FindResourceExW
FindResourceW
LoadResource
SizeofResource
LockResource
WideCharToMultiByte
MultiByteToWideChar
LoadLibraryW
GetProcAddress
GetEnvironmentVariableW
SetPriorityClass
Sleep
SetThreadPriority
GetShortPathNameW
WaitForSingleObject
GetExitCodeThread
FlushInstructionCache
VirtualAllocEx
OutputDebugStringW
CloseHandle
CreateFileW
IsDebuggerPresent
EnterCriticalSection
LeaveCriticalSection
EncodePointer
IsProcessorFeaturePresent
GetSystemTimeAsFileTime
GetCommandLineA
GetCurrentThreadId
RtlPcToFileHeader
RtlLookupFunctionEntry
RtlUnwindEx
ExitProcess
GetModuleHandleExW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
SetLastError
RtlCaptureContext
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStartupInfoW
GetModuleHandleW
LCMapStringW
GetStdHandle
GetFileType
GetModuleFileNameA
QueryPerformanceCounter
GetCurrentProcessId
GetEnvironmentStringsW
FreeEnvironmentStringsW
WriteFile
GetModuleFileNameW
LoadLibraryExW
GetConsoleCP
GetConsoleMode
SetFilePointerEx
GetStringTypeW
SetStdHandle
WriteConsoleW
FlushFileBuffers

Exports

Exports

MozillaCloud

Sections

.text
Size: 112KB - Virtual size: 112KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 91KB - Virtual size: 91KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.11.12_Cisco-CRAT_Lazarus/b962e4580e05e004df9fe2c22b34556bc513370c9a775bfe185e05a9d0df494e
Malware-Feed-master/2020.11.12_Cisco-CRAT_Lazarus/bb1af121502e40a549135b72f34ad49d11cfbfa49b5cbcf549777549087fe751
.dll windows:6 windows x64 arch:x64

ccb87335a0c972884296455ec2c5fcfe

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

HeapReAlloc
HeapAlloc
HeapFree
GetProcessHeap
WideCharToMultiByte
HeapDestroy
InitializeCriticalSectionEx
RaiseException
GetLastError
HeapSize
DecodePointer
DeleteCriticalSection
FindResourceExW
FindResourceW
LoadResource
SizeofResource
LockResource
MultiByteToWideChar
LoadLibraryW
GetProcAddress
GetEnvironmentVariableW
SetPriorityClass
Sleep
SetThreadPriority
GetShortPathNameW
WaitForSingleObject
GetExitCodeThread
FlushInstructionCache
OutputDebugStringW
CloseHandle
CreateFileW
IsDebuggerPresent
EnterCriticalSection
LeaveCriticalSection
EncodePointer
IsProcessorFeaturePresent
GetSystemTimeAsFileTime
CreateThread
GetCurrentThreadId
ExitThread
LoadLibraryExW
GetCommandLineA
RtlPcToFileHeader
RtlLookupFunctionEntry
RtlUnwindEx
ExitProcess
GetModuleHandleExW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
SetLastError
RtlCaptureContext
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStartupInfoW
GetModuleHandleW
LCMapStringW
GetStdHandle
GetFileType
GetModuleFileNameA
QueryPerformanceCounter
GetCurrentProcessId
GetEnvironmentStringsW
FreeEnvironmentStringsW
WriteFile
GetModuleFileNameW
GetConsoleCP
GetConsoleMode
SetFilePointerEx
GetStringTypeW
SetStdHandle
WriteConsoleW
FlushFileBuffers

Exports

Exports

ExtractMicrosoftWord
GetFileInformationByHandle
GetFileVersionInfoA
GetFileVersionInfoExA
GetFileVersionInfoExW
GetFileVersionInfoSizeA
GetFileVersionInfoSizeExA
GetFileVersionInfoSizeExW
GetFileVersionInfoSizeW
GetFileVersionInfoW
PackImageStore
VerFindFileA
VerFindFileW
VerInstallFileA
VerInstallFileW
VerLanguageNameA
VerLanguageNameW
VerQueryValueA
VerQueryValueW

Sections

.text
Size: 137KB - Virtual size: 136KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 94KB - Virtual size: 94KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.11.12_Cisco-CRAT_Lazarus/bd1a0425ffaafa54a1c950fbb3d0defe9fa145131e4bd15d392597de408f5287
Malware-Feed-master/2020.11.12_Cisco-CRAT_Lazarus/c0bd35a36ea5227b9b981d7707dff0e2c5ca87453a5289dc4a5cd04c7e8b728c
Malware-Feed-master/2020.11.12_Cisco-CRAT_Lazarus/c4875cc728e7c4bc00646df57c8c38370fe11439e4c95e38040ba84fe27eb0b9
.dll windows:6 windows x86 arch:x86

71ef9f8f16d376e87b7dfbf6f3e87934

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

HeapReAlloc
FindResourceExW
FindResourceW
LoadResource
HeapAlloc
HeapFree
GetProcessHeap
SizeofResource
HeapDestroy
InitializeCriticalSectionEx
RaiseException
GetLastError
HeapSize
LockResource
DecodePointer
DeleteCriticalSection
WideCharToMultiByte
MultiByteToWideChar
LoadLibraryW
GetProcAddress
Sleep
OutputDebugStringW
CloseHandle
CreateFileW
FlushFileBuffers
WriteConsoleW
IsDebuggerPresent
EnterCriticalSection
LeaveCriticalSection
EncodePointer
IsProcessorFeaturePresent
GetSystemTimeAsFileTime
GetCommandLineA
GetCurrentThreadId
RtlUnwind
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
SetLastError
ExitProcess
GetModuleHandleExW
GetStdHandle
WriteFile
GetModuleFileNameW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStartupInfoW
GetModuleHandleW
GetTimeZoneInformation
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetFileType
GetModuleFileNameA
QueryPerformanceCounter
GetCurrentProcessId
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetStringTypeW
LoadLibraryExW
GetConsoleCP
GetConsoleMode
SetFilePointerEx
SetStdHandle
SetEnvironmentVariableA

Exports

Exports

DownloadChrome
GetChromeVersion
InstallChrome
UninstallChrome
UpdateChrome

Sections

.text
Size: 104KB - Virtual size: 104KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 65KB - Virtual size: 65KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.11.12_Cisco-CRAT_Lazarus/c77e5533285871b888257e32653b33acf7e6a7b06d200d02995ae365dfa0a26f
.dll regsvr32 windows:6 windows x86 arch:x86

64bf8f4f2ae50e7313a98966f8277b77

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

G:\crat0\client\Build\Win32\DllRelease\zero_Win32.pdb

Imports

kernel32

HeapReAlloc
HeapAlloc
HeapFree
GetProcessHeap
HeapDestroy
MultiByteToWideChar
InitializeCriticalSectionEx
RaiseException
GetLastError
HeapSize
DecodePointer
DeleteCriticalSection
GetProcAddress
LoadLibraryA
GetEnvironmentVariableW
SetPriorityClass
Sleep
SetThreadPriority
GetShortPathNameW
ResumeThread
OutputDebugStringW
FindResourceExW
FindResourceW
LoadResource
WideCharToMultiByte
SizeofResource
LockResource
GlobalFree
CreateFileW
ReadConsoleW
EncodePointer
IsDebuggerPresent
IsProcessorFeaturePresent
GetSystemTimeAsFileTime
GetCommandLineA
GetCurrentThreadId
RtlUnwind
ExitProcess
GetModuleHandleExW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
SetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStartupInfoW
GetModuleHandleW
GetStdHandle
WriteFile
GetModuleFileNameW
EnterCriticalSection
LeaveCriticalSection
GetConsoleCP
GetConsoleMode
CloseHandle
GetFileType
GetModuleFileNameA
QueryPerformanceCounter
GetCurrentProcessId
GetEnvironmentStringsW
FreeEnvironmentStringsW
LoadLibraryExW
LCMapStringW
GetStringTypeW
SetFilePointerEx
SetStdHandle
WriteConsoleW
FlushFileBuffers
ReadFile

Exports

Exports

DllRegisterServer
InstallSafari

Sections

.text
Size: 159KB - Virtual size: 159KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 50KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.11.12_Cisco-CRAT_Lazarus/c9ba7e700276e0fd3e7060f81d4487f81d06bc3cba1e0a0eacd1ca21faca4400
.dll windows:6 windows x64 arch:x64

e9fee7906601a5d381fed465bd744705

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

E:\workspace\VS\crat_2\client\Build\x64\DllRelease\KeyLog_x64_DllRelease.pdb

Imports

kernel32

HeapReAlloc
FindResourceExW
FindResourceW
LoadResource
HeapAlloc
HeapFree
GetProcessHeap
SizeofResource
HeapDestroy
InitializeCriticalSectionEx
RaiseException
GetLastError
HeapSize
LockResource
DecodePointer
DeleteCriticalSection
WideCharToMultiByte
MultiByteToWideChar
LoadLibraryW
GetProcAddress
Sleep
OutputDebugStringW
CloseHandle
CreateFileW
FlushFileBuffers
WriteConsoleW
IsDebuggerPresent
EnterCriticalSection
LeaveCriticalSection
EncodePointer
IsProcessorFeaturePresent
GetSystemTimeAsFileTime
GetCommandLineA
GetCurrentThreadId
RtlPcToFileHeader
RtlLookupFunctionEntry
RtlUnwindEx
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
SetLastError
ExitProcess
GetModuleHandleExW
GetStdHandle
WriteFile
GetModuleFileNameW
RtlCaptureContext
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStartupInfoW
GetModuleHandleW
GetTimeZoneInformation
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetFileType
GetModuleFileNameA
QueryPerformanceCounter
GetCurrentProcessId
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetStringTypeW
LoadLibraryExW
GetConsoleCP
GetConsoleMode
SetFilePointerEx
SetStdHandle
SetEnvironmentVariableA

Exports

Exports

DownloadChrome
GetChromeVersion
InstallChrome
UninstallChrome
UpdateChrome

Sections

.text
Size: 114KB - Virtual size: 114KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 85KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.11.12_Cisco-CRAT_Lazarus/ca3372bb37e7109896c28247faadd157759d5e68ac324a54ff0759590f956094
.exe windows:6 windows x64 arch:x64

88720e3f29bfdd60999ea1b61c881f8b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

E:\workspace\VS\crat_2\client\Build\x64\ExeRelease\maintenanceservice_x64_ExeRelease.pdb

Imports

kernel32

LoadResource
HeapAlloc
HeapFree
GetProcessHeap
SizeofResource
HeapDestroy
InitializeCriticalSectionEx
RaiseException
GetLastError
HeapSize
LockResource
DecodePointer
DeleteCriticalSection
WideCharToMultiByte
FindResourceW
LoadLibraryW
GetProcAddress
GetEnvironmentVariableW
SetPriorityClass
Sleep
SetThreadPriority
GetShortPathNameW
WaitForSingleObject
GetExitCodeThread
FlushInstructionCache
VirtualAllocEx
OutputDebugStringW
CloseHandle
CreateFileW
FindResourceExW
MultiByteToWideChar
HeapReAlloc
FlushFileBuffers
WriteConsoleW
IsDebuggerPresent
EnterCriticalSection
LeaveCriticalSection
EncodePointer
IsProcessorFeaturePresent
GetSystemTimeAsFileTime
GetCommandLineW
RtlPcToFileHeader
RtlLookupFunctionEntry
RtlUnwindEx
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
SetLastError
GetCurrentThreadId
ExitProcess
GetModuleHandleExW
GetStdHandle
WriteFile
GetModuleFileNameW
RtlCaptureContext
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStartupInfoW
GetModuleHandleW
LCMapStringW
GetFileType
QueryPerformanceCounter
GetCurrentProcessId
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetStringTypeW
LoadLibraryExW
GetConsoleCP
GetConsoleMode
SetFilePointerEx
SetStdHandle

advapi32

LookupPrivilegeValueW
AdjustTokenPrivileges

shlwapi

StrStrIW

Sections

.text
Size: 122KB - Virtual size: 122KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 93KB - Virtual size: 93KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.11.12_Cisco-CRAT_Lazarus/cb141c743ac41784501e2e84ccd9969aade82b296df077daff3c0734bb26c837
.dll regsvr32 windows:6 windows x64 arch:x64

8db7e118cc2b1ed977f03f7cc5a42a64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

InitializeCriticalSectionEx
RaiseException
GetLastError
HeapSize
LockResource
DecodePointer
DeleteCriticalSection
MultiByteToWideChar
LoadLibraryW
GetProcAddress
GetEnvironmentVariableW
Sleep
GetShortPathNameW
GetExitCodeThread
FlushInstructionCache
OutputDebugStringW
GlobalFree
HeapDestroy
SetLastError
LocalAlloc
CreateEventW
CloseHandle
LocalFree
DeleteProcThreadAttributeList
UpdateProcThreadAttribute
InitializeProcThreadAttributeList
CreateProcessW
TerminateProcess
GetStartupInfoW
ContinueDebugEvent
WaitForDebugEvent
GetWindowsDirectoryW
FlushFileBuffers
WriteConsoleW
SizeofResource
WideCharToMultiByte
GetProcessHeap
HeapFree
HeapAlloc
LoadResource
FindResourceW
FindResourceExW
WaitForSingleObject
HeapReAlloc
SetStdHandle
CreateFileW
SetFilePointerEx
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCurrentProcessId
IsDebuggerPresent
EnterCriticalSection
LeaveCriticalSection
EncodePointer
IsProcessorFeaturePresent
GetSystemTimeAsFileTime
CreateThread
GetCurrentThreadId
ExitThread
LoadLibraryExW
GetCommandLineA
RtlPcToFileHeader
RtlLookupFunctionEntry
RtlUnwindEx
ExitProcess
GetModuleHandleExW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
RtlCaptureContext
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
GetCurrentProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleW
LCMapStringW
GetStdHandle
WriteFile
GetModuleFileNameW
GetStringTypeW
GetConsoleCP
GetConsoleMode
GetFileType
GetModuleFileNameA
QueryPerformanceCounter

user32

MessageBoxW
SystemParametersInfoW

advapi32

CreateWellKnownSid

crypt32

CryptStringToBinaryW

rpcrt4

NdrAsyncClientCall
RpcAsyncInitializeHandle
RpcStringFreeW
RpcBindingFree
RpcBindingSetAuthInfoExW
RpcAsyncCompleteCall
RpcRaiseException
RpcStringBindingComposeW
RpcBindingFromStringBindingW

Exports

Exports

DllRegisterServer
ExtractHansom
HansomMain

Sections

.text
Size: 229KB - Virtual size: 229KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 144KB - Virtual size: 143KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 585KB - Virtual size: 597KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.11.12_Cisco-CRAT_Lazarus/cd20d7209db84b35cae88affe228f42258b497eee2b36f0e3364779e58e5e2ce
.dll windows:6 windows x64 arch:x64

a4c93160bc5d33952bf49f4fa4ddab15

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

HeapReAlloc
FindResourceExW
FindResourceW
LoadResource
HeapAlloc
HeapFree
GetProcessHeap
WideCharToMultiByte
SizeofResource
HeapDestroy
InitializeCriticalSectionEx
RaiseException
GetLastError
HeapSize
LockResource
DecodePointer
DeleteCriticalSection
MultiByteToWideChar
LoadLibraryW
GetProcAddress
GetEnvironmentVariableW
SetPriorityClass
Sleep
SetThreadPriority
GetShortPathNameW
GetExitCodeThread
FlushInstructionCache
OutputDebugStringW
CloseHandle
CreateFileW
FlushFileBuffers
IsDebuggerPresent
EnterCriticalSection
LeaveCriticalSection
EncodePointer
IsProcessorFeaturePresent
GetSystemTimeAsFileTime
CreateThread
GetCurrentThreadId
ExitThread
LoadLibraryExW
GetCommandLineA
RtlPcToFileHeader
RtlLookupFunctionEntry
RtlUnwindEx
ExitProcess
GetModuleHandleExW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
SetLastError
RtlCaptureContext
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStartupInfoW
GetModuleHandleW
LCMapStringW
GetStdHandle
GetFileType
GetModuleFileNameA
QueryPerformanceCounter
GetCurrentProcessId
GetEnvironmentStringsW
FreeEnvironmentStringsW
WriteFile
GetModuleFileNameW
GetConsoleCP
GetConsoleMode
SetFilePointerEx
GetStringTypeW
SetStdHandle
WriteConsoleW

user32

MessageBoxW

Exports

Exports

ExtractMicrosoftWord
GetFileInformationByHandle
GetFileVersionInfoA
GetFileVersionInfoExA
GetFileVersionInfoExW
GetFileVersionInfoSizeA
GetFileVersionInfoSizeExA
GetFileVersionInfoSizeExW
GetFileVersionInfoSizeW
GetFileVersionInfoW
PackImageStore
VerFindFileA
VerFindFileW
VerInstallFileA
VerInstallFileW
VerLanguageNameA
VerLanguageNameW
VerQueryValueA
VerQueryValueW

Sections

.text
Size: 112KB - Virtual size: 111KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 91KB - Virtual size: 90KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.11.12_Cisco-CRAT_Lazarus/e0fa30565977fb3b97102eef8d28f86cdcd6685aa0d20eee4baaa72216fa562b
.dll regsvr32 windows:6 windows x86 arch:x86

64bf8f4f2ae50e7313a98966f8277b77

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

G:\crat0\client\Build\Win32\DllRelease\zero_Win32.pdb

Imports

kernel32

HeapReAlloc
HeapAlloc
HeapFree
GetProcessHeap
HeapDestroy
MultiByteToWideChar
InitializeCriticalSectionEx
RaiseException
GetLastError
HeapSize
DecodePointer
DeleteCriticalSection
GetProcAddress
LoadLibraryA
GetEnvironmentVariableW
SetPriorityClass
Sleep
SetThreadPriority
GetShortPathNameW
ResumeThread
OutputDebugStringW
FindResourceExW
FindResourceW
LoadResource
WideCharToMultiByte
SizeofResource
LockResource
GlobalFree
CreateFileW
ReadConsoleW
EncodePointer
IsDebuggerPresent
IsProcessorFeaturePresent
GetSystemTimeAsFileTime
GetCommandLineA
GetCurrentThreadId
RtlUnwind
ExitProcess
GetModuleHandleExW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
SetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStartupInfoW
GetModuleHandleW
GetStdHandle
WriteFile
GetModuleFileNameW
EnterCriticalSection
LeaveCriticalSection
GetConsoleCP
GetConsoleMode
CloseHandle
GetFileType
GetModuleFileNameA
QueryPerformanceCounter
GetCurrentProcessId
GetEnvironmentStringsW
FreeEnvironmentStringsW
LoadLibraryExW
LCMapStringW
GetStringTypeW
SetFilePointerEx
SetStdHandle
WriteConsoleW
FlushFileBuffers
ReadFile

Exports

Exports

DllRegisterServer
InstallSafari

Sections

.text
Size: 159KB - Virtual size: 159KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 50KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.11.12_Cisco-CRAT_Lazarus/e4c1eaf014773cc25e2881fa2b2a67490a73c66683f5746276af7067777ed8b2
.dll windows:6 windows x64 arch:x64

a4c93160bc5d33952bf49f4fa4ddab15

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

HeapReAlloc
FindResourceExW
FindResourceW
LoadResource
HeapAlloc
HeapFree
GetProcessHeap
WideCharToMultiByte
SizeofResource
HeapDestroy
InitializeCriticalSectionEx
RaiseException
GetLastError
HeapSize
LockResource
DecodePointer
DeleteCriticalSection
MultiByteToWideChar
LoadLibraryW
GetProcAddress
GetEnvironmentVariableW
SetPriorityClass
Sleep
SetThreadPriority
GetShortPathNameW
GetExitCodeThread
FlushInstructionCache
OutputDebugStringW
CloseHandle
CreateFileW
FlushFileBuffers
IsDebuggerPresent
EnterCriticalSection
LeaveCriticalSection
EncodePointer
IsProcessorFeaturePresent
GetSystemTimeAsFileTime
CreateThread
GetCurrentThreadId
ExitThread
LoadLibraryExW
GetCommandLineA
RtlPcToFileHeader
RtlLookupFunctionEntry
RtlUnwindEx
ExitProcess
GetModuleHandleExW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
SetLastError
RtlCaptureContext
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStartupInfoW
GetModuleHandleW
LCMapStringW
GetStdHandle
GetFileType
GetModuleFileNameA
QueryPerformanceCounter
GetCurrentProcessId
GetEnvironmentStringsW
FreeEnvironmentStringsW
WriteFile
GetModuleFileNameW
GetConsoleCP
GetConsoleMode
SetFilePointerEx
GetStringTypeW
SetStdHandle
WriteConsoleW

user32

MessageBoxW

Exports

Exports

ExtractMicrosoftWord
GetFileInformationByHandle
GetFileVersionInfoA
GetFileVersionInfoExA
GetFileVersionInfoExW
GetFileVersionInfoSizeA
GetFileVersionInfoSizeExA
GetFileVersionInfoSizeExW
GetFileVersionInfoSizeW
GetFileVersionInfoW
PackImageStore
VerFindFileA
VerFindFileW
VerInstallFileA
VerInstallFileW
VerLanguageNameA
VerLanguageNameW
VerQueryValueA
VerQueryValueW

Sections

.text
Size: 112KB - Virtual size: 111KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 91KB - Virtual size: 90KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.11.12_Cisco-CRAT_Lazarus/e893b4f6b6f3ab977c96ab5e2c6115969cbe46a143531bfc9920d1b9972ebc12
.dll regsvr32 windows:6 windows x64 arch:x64

3e5df6de5eb3063336a693f72776ee32

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

HeapReAlloc
FindResourceExW
FindResourceW
LoadResource
HeapAlloc
HeapFree
GetProcessHeap
WideCharToMultiByte
SizeofResource
HeapDestroy
InitializeCriticalSectionEx
RaiseException
GetLastError
HeapSize
LockResource
DecodePointer
DeleteCriticalSection
Sleep
MultiByteToWideChar
LoadLibraryW
GetEnvironmentVariableW
SetPriorityClass
GetFileAttributesW
SetThreadPriority
GetShortPathNameW
SetFileAttributesW
WaitForSingleObject
GetExitCodeThread
FlushInstructionCache
VirtualAllocEx
OutputDebugStringW
GenerateConsoleCtrlEvent
FreeConsole
AttachConsole
SetConsoleCtrlHandler
GlobalFree
ReadConsoleW
ReadFile
SetEndOfFile
FlushFileBuffers
IsDebuggerPresent
EnterCriticalSection
LeaveCriticalSection
EncodePointer
IsProcessorFeaturePresent
GetSystemTimeAsFileTime
CreateThread
GetCurrentThreadId
ExitThread
GetProcAddress
LoadLibraryExW
GetCommandLineA
RtlPcToFileHeader
RtlLookupFunctionEntry
RtlUnwindEx
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
SetLastError
ExitProcess
GetModuleHandleExW
GetStdHandle
WriteFile
GetModuleFileNameW
RtlCaptureContext
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStartupInfoW
GetModuleHandleW
GetTimeZoneInformation
GetStringTypeW
CompareStringW
LCMapStringW
GetConsoleCP
GetConsoleMode
CloseHandle
GetFileType
GetModuleFileNameA
QueryPerformanceCounter
GetCurrentProcessId
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetFilePointerEx
CreateFileW
SetStdHandle
WriteConsoleW
SetEnvironmentVariableA

shlwapi

StrStrIW

Exports

Exports

DllRegisterServer
ExtractImageStore
PackImageStore

Sections

.text
Size: 289KB - Virtual size: 289KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 136KB - Virtual size: 136KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.11.12_Cisco-CRAT_Lazarus/e93423a1c8add21c5676680a090ddc913d359c29ea9e44ffc91fb10396e3e858
.dll windows:6 windows x64 arch:x64

ccb87335a0c972884296455ec2c5fcfe

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

HeapReAlloc
HeapAlloc
HeapFree
GetProcessHeap
WideCharToMultiByte
HeapDestroy
InitializeCriticalSectionEx
RaiseException
GetLastError
HeapSize
DecodePointer
DeleteCriticalSection
FindResourceExW
FindResourceW
LoadResource
SizeofResource
LockResource
MultiByteToWideChar
LoadLibraryW
GetProcAddress
GetEnvironmentVariableW
SetPriorityClass
Sleep
SetThreadPriority
GetShortPathNameW
WaitForSingleObject
GetExitCodeThread
FlushInstructionCache
OutputDebugStringW
CloseHandle
CreateFileW
IsDebuggerPresent
EnterCriticalSection
LeaveCriticalSection
EncodePointer
IsProcessorFeaturePresent
GetSystemTimeAsFileTime
CreateThread
GetCurrentThreadId
ExitThread
LoadLibraryExW
GetCommandLineA
RtlPcToFileHeader
RtlLookupFunctionEntry
RtlUnwindEx
ExitProcess
GetModuleHandleExW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
SetLastError
RtlCaptureContext
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStartupInfoW
GetModuleHandleW
LCMapStringW
GetStdHandle
GetFileType
GetModuleFileNameA
QueryPerformanceCounter
GetCurrentProcessId
GetEnvironmentStringsW
FreeEnvironmentStringsW
WriteFile
GetModuleFileNameW
GetConsoleCP
GetConsoleMode
SetFilePointerEx
GetStringTypeW
SetStdHandle
WriteConsoleW
FlushFileBuffers

Exports

Exports

ExtractMicrosoftWord
GetFileInformationByHandle
GetFileVersionInfoA
GetFileVersionInfoExA
GetFileVersionInfoExW
GetFileVersionInfoSizeA
GetFileVersionInfoSizeExA
GetFileVersionInfoSizeExW
GetFileVersionInfoSizeW
GetFileVersionInfoW
PackImageStore
VerFindFileA
VerFindFileW
VerInstallFileA
VerInstallFileW
VerLanguageNameA
VerLanguageNameW
VerQueryValueA
VerQueryValueW

Sections

.text
Size: 136KB - Virtual size: 136KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 94KB - Virtual size: 93KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.11.12_Cisco-CRAT_Lazarus/e99c9190cfdc6ad1e45efc6b993078f3122857607f1fede91757a04064f71ad7
.dll regsvr32 windows:6 windows x86 arch:x86

64bf8f4f2ae50e7313a98966f8277b77

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\Dev\crat0\client\Build\Win32\DllRelease\zero_Win32.pdb

Imports

kernel32

HeapReAlloc
HeapAlloc
HeapFree
GetProcessHeap
HeapDestroy
MultiByteToWideChar
InitializeCriticalSectionEx
RaiseException
GetLastError
HeapSize
DecodePointer
DeleteCriticalSection
GetProcAddress
LoadLibraryA
GetEnvironmentVariableW
SetPriorityClass
Sleep
SetThreadPriority
GetShortPathNameW
ResumeThread
OutputDebugStringW
FindResourceExW
FindResourceW
LoadResource
WideCharToMultiByte
SizeofResource
LockResource
GlobalFree
CreateFileW
ReadConsoleW
EncodePointer
IsDebuggerPresent
IsProcessorFeaturePresent
GetSystemTimeAsFileTime
GetCommandLineA
GetCurrentThreadId
RtlUnwind
ExitProcess
GetModuleHandleExW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
SetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStartupInfoW
GetModuleHandleW
GetStdHandle
WriteFile
GetModuleFileNameW
EnterCriticalSection
LeaveCriticalSection
GetConsoleCP
GetConsoleMode
CloseHandle
GetFileType
GetModuleFileNameA
QueryPerformanceCounter
GetCurrentProcessId
GetEnvironmentStringsW
FreeEnvironmentStringsW
LoadLibraryExW
LCMapStringW
GetStringTypeW
SetFilePointerEx
SetStdHandle
WriteConsoleW
FlushFileBuffers
ReadFile

Exports

Exports

DllRegisterServer
InstallSafari

Sections

.text
Size: 158KB - Virtual size: 158KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 49KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.11.12_Cisco-CRAT_Lazarus/eab9136da8cc5c1a8a9fc528d64ef1ce11e385def98957712887785178e202a3
.dll regsvr32 windows:6 windows x64 arch:x64

f817eeedaa84990124aedd22d3077075

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

HeapReAlloc
FindResourceExW
FindResourceW
LoadResource
HeapAlloc
HeapFree
GetProcessHeap
WideCharToMultiByte
SizeofResource
HeapDestroy
MultiByteToWideChar
InitializeCriticalSectionEx
RaiseException
GetLastError
HeapSize
LockResource
DecodePointer
DeleteCriticalSection
Sleep
LoadLibraryW
GetEnvironmentVariableW
SetPriorityClass
SetThreadPriority
GetShortPathNameW
WaitForSingleObject
GetExitCodeThread
FlushInstructionCache
OutputDebugStringW
IsBadReadPtr
SetLastError
GenerateConsoleCtrlEvent
FreeConsole
AttachConsole
SetConsoleCtrlHandler
GlobalFree
ReadConsoleW
ReadFile
SetEndOfFile
FlushFileBuffers
WriteConsoleW
IsDebuggerPresent
EnterCriticalSection
LeaveCriticalSection
EncodePointer
IsProcessorFeaturePresent
GetSystemTimeAsFileTime
CreateThread
GetCurrentThreadId
ExitThread
GetProcAddress
LoadLibraryExW
GetCommandLineA
ExitProcess
GetModuleHandleExW
GetStdHandle
WriteFile
GetModuleFileNameW
RtlUnwindEx
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStartupInfoW
GetModuleHandleW
RtlPcToFileHeader
GetTimeZoneInformation
GetStringTypeW
CompareStringW
LCMapStringW
GetConsoleCP
GetConsoleMode
CloseHandle
GetFileType
GetModuleFileNameA
QueryPerformanceCounter
GetCurrentProcessId
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetFilePointerEx
CreateFileW
SetStdHandle
SetEnvironmentVariableA

shlwapi

StrStrIW
PathFindFileNameW

Exports

Exports

DllRegisterServer
ExtractImageStore
HelloWorld
PackImageStore
SaveImageStore

Sections

.text
Size: 428KB - Virtual size: 427KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 196KB - Virtual size: 195KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.11.12_Cisco-CRAT_Lazarus/eae3dc403d36b115aa4f7db64cb1a64fa50dbff2b6ce3d118eeb1f745d1ecd14
Malware-Feed-master/2020.11.12_Cisco-CRAT_Lazarus/eb9382b77f7ed3429b0fcfb5d5d64c0702f0c4d91c45bb8d3442ff1f851b8035
.dll windows:6 windows x64 arch:x64

4fcf04eefb4162f5c4b77cabedab04c1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

HeapReAlloc
FindResourceExW
FindResourceW
LoadResource
HeapAlloc
HeapFree
GetProcessHeap
WideCharToMultiByte
SizeofResource
HeapDestroy
InitializeCriticalSectionEx
RaiseException
GetLastError
HeapSize
LockResource
DecodePointer
DeleteCriticalSection
MultiByteToWideChar
LoadLibraryW
GetProcAddress
Sleep
GetExitCodeThread
FlushInstructionCache
OutputDebugStringW
CloseHandle
CreateFileW
FlushFileBuffers
IsDebuggerPresent
EnterCriticalSection
LeaveCriticalSection
EncodePointer
IsProcessorFeaturePresent
GetSystemTimeAsFileTime
GetCommandLineA
GetCurrentThreadId
RtlPcToFileHeader
RtlLookupFunctionEntry
RtlUnwindEx
ExitProcess
GetModuleHandleExW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
SetLastError
RtlCaptureContext
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStartupInfoW
GetModuleHandleW
LCMapStringW
GetStdHandle
GetFileType
GetModuleFileNameA
QueryPerformanceCounter
GetCurrentProcessId
GetEnvironmentStringsW
FreeEnvironmentStringsW
WriteFile
GetModuleFileNameW
LoadLibraryExW
GetConsoleCP
GetConsoleMode
SetFilePointerEx
GetStringTypeW
SetStdHandle
WriteConsoleW

user32

MessageBoxW

Exports

Exports

ExtractMicrosoftWord
GetFileInformationByHandle
GetFileVersionInfoA
GetFileVersionInfoExA
GetFileVersionInfoExW
GetFileVersionInfoSizeA
GetFileVersionInfoSizeExA
GetFileVersionInfoSizeExW
GetFileVersionInfoSizeW
GetFileVersionInfoW
PackImageStore
VerFindFileA
VerFindFileW
VerInstallFileA
VerInstallFileW
VerLanguageNameA
VerLanguageNameW
VerQueryValueA
VerQueryValueW

Sections

.text
Size: 109KB - Virtual size: 109KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 90KB - Virtual size: 89KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.11.12_Cisco-CRAT_Lazarus/f051c2f99b2d94b0fc5ae7893ec0467f4175cfa926cfc573a6b65a40c566f94d
.dll windows:6 windows x64 arch:x64

ccb87335a0c972884296455ec2c5fcfe

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

HeapReAlloc
HeapAlloc
HeapFree
GetProcessHeap
WideCharToMultiByte
HeapDestroy
InitializeCriticalSectionEx
RaiseException
GetLastError
HeapSize
DecodePointer
DeleteCriticalSection
FindResourceExW
FindResourceW
LoadResource
SizeofResource
LockResource
MultiByteToWideChar
LoadLibraryW
GetProcAddress
GetEnvironmentVariableW
SetPriorityClass
Sleep
SetThreadPriority
GetShortPathNameW
WaitForSingleObject
GetExitCodeThread
FlushInstructionCache
OutputDebugStringW
CloseHandle
CreateFileW
IsDebuggerPresent
EnterCriticalSection
LeaveCriticalSection
EncodePointer
IsProcessorFeaturePresent
GetSystemTimeAsFileTime
CreateThread
GetCurrentThreadId
ExitThread
LoadLibraryExW
GetCommandLineA
RtlPcToFileHeader
RtlLookupFunctionEntry
RtlUnwindEx
ExitProcess
GetModuleHandleExW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
SetLastError
RtlCaptureContext
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStartupInfoW
GetModuleHandleW
LCMapStringW
GetStdHandle
GetFileType
GetModuleFileNameA
QueryPerformanceCounter
GetCurrentProcessId
GetEnvironmentStringsW
FreeEnvironmentStringsW
WriteFile
GetModuleFileNameW
GetConsoleCP
GetConsoleMode
SetFilePointerEx
GetStringTypeW
SetStdHandle
WriteConsoleW
FlushFileBuffers

Exports

Exports

ExtractMicrosoftWord
GetFileInformationByHandle
GetFileVersionInfoA
GetFileVersionInfoExA
GetFileVersionInfoExW
GetFileVersionInfoSizeA
GetFileVersionInfoSizeExA
GetFileVersionInfoSizeExW
GetFileVersionInfoSizeW
GetFileVersionInfoW
PackImageStore
VerFindFileA
VerFindFileW
VerInstallFileA
VerInstallFileW
VerLanguageNameA
VerLanguageNameW
VerQueryValueA
VerQueryValueW

Sections

.text
Size: 136KB - Virtual size: 136KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 94KB - Virtual size: 93KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.11.12_Cisco-CRAT_Lazarus/f070b78ca7269addb922f9ea9a31f76198edb2e1064d9b04ca8d80ecba175ca4
.dll windows:6 windows x64 arch:x64

00bd49a59c1bc7ad67f6525ae12a30a6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

HeapReAlloc
FindResourceExW
FindResourceW
LoadResource
HeapAlloc
HeapFree
GetProcessHeap
WideCharToMultiByte
SizeofResource
HeapDestroy
InitializeCriticalSectionEx
RaiseException
GetLastError
HeapSize
LockResource
DecodePointer
DeleteCriticalSection
MultiByteToWideChar
LoadLibraryW
GetProcAddress
Sleep
WaitForSingleObject
GetExitCodeThread
FlushInstructionCache
OutputDebugStringW
CloseHandle
CreateFileW
FlushFileBuffers
IsDebuggerPresent
EnterCriticalSection
LeaveCriticalSection
EncodePointer
IsProcessorFeaturePresent
GetSystemTimeAsFileTime
GetCommandLineA
GetCurrentThreadId
RtlPcToFileHeader
RtlLookupFunctionEntry
RtlUnwindEx
ExitProcess
GetModuleHandleExW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
SetLastError
RtlCaptureContext
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStartupInfoW
GetModuleHandleW
LCMapStringW
GetStdHandle
GetFileType
GetModuleFileNameA
QueryPerformanceCounter
GetCurrentProcessId
GetEnvironmentStringsW
FreeEnvironmentStringsW
WriteFile
GetModuleFileNameW
LoadLibraryExW
GetConsoleCP
GetConsoleMode
SetFilePointerEx
GetStringTypeW
SetStdHandle
WriteConsoleW

user32

MessageBoxW

Exports

Exports

ExtractMicrosoftWord
GetFileInformationByHandle
GetFileVersionInfoA
GetFileVersionInfoExA
GetFileVersionInfoExW
GetFileVersionInfoSizeA
GetFileVersionInfoSizeExA
GetFileVersionInfoSizeExW
GetFileVersionInfoSizeW
GetFileVersionInfoW
PackImageStore
VerFindFileA
VerFindFileW
VerInstallFileA
VerInstallFileW
VerLanguageNameA
VerLanguageNameW
VerQueryValueA
VerQueryValueW

Sections

.text
Size: 101KB - Virtual size: 101KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 90KB - Virtual size: 89KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.11.12_Cisco-CRAT_Lazarus/fb2ad747903f46d03b19b12c46a3e678e8a0c156092fb334aab47714a041265c
.dll windows:6 windows x64 arch:x64

ccb87335a0c972884296455ec2c5fcfe

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

HeapReAlloc
HeapAlloc
HeapFree
GetProcessHeap
WideCharToMultiByte
HeapDestroy
InitializeCriticalSectionEx
RaiseException
GetLastError
HeapSize
DecodePointer
DeleteCriticalSection
FindResourceExW
FindResourceW
LoadResource
SizeofResource
LockResource
MultiByteToWideChar
LoadLibraryW
GetProcAddress
GetEnvironmentVariableW
SetPriorityClass
Sleep
SetThreadPriority
GetShortPathNameW
WaitForSingleObject
GetExitCodeThread
FlushInstructionCache
OutputDebugStringW
CloseHandle
CreateFileW
IsDebuggerPresent
EnterCriticalSection
LeaveCriticalSection
EncodePointer
IsProcessorFeaturePresent
GetSystemTimeAsFileTime
CreateThread
GetCurrentThreadId
ExitThread
LoadLibraryExW
GetCommandLineA
RtlPcToFileHeader
RtlLookupFunctionEntry
RtlUnwindEx
ExitProcess
GetModuleHandleExW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
SetLastError
RtlCaptureContext
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStartupInfoW
GetModuleHandleW
LCMapStringW
GetStdHandle
GetFileType
GetModuleFileNameA
QueryPerformanceCounter
GetCurrentProcessId
GetEnvironmentStringsW
FreeEnvironmentStringsW
WriteFile
GetModuleFileNameW
GetConsoleCP
GetConsoleMode
SetFilePointerEx
GetStringTypeW
SetStdHandle
WriteConsoleW
FlushFileBuffers

Exports

Exports

ExtractMicrosoftWord
GetFileInformationByHandle
GetFileVersionInfoA
GetFileVersionInfoExA
GetFileVersionInfoExW
GetFileVersionInfoSizeA
GetFileVersionInfoSizeExA
GetFileVersionInfoSizeExW
GetFileVersionInfoSizeW
GetFileVersionInfoW
PackImageStore
VerFindFileA
VerFindFileW
VerInstallFileA
VerInstallFileW
VerLanguageNameA
VerLanguageNameW
VerQueryValueA
VerQueryValueW

Sections

.text
Size: 137KB - Virtual size: 136KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 94KB - Virtual size: 94KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.11.12_ESET-ModPipe_POS_Hospitality-Sector/843ee9fd681cb88c6da02c51005ffd9b60b05bd0a50da1b5d47d90b31a313ca1
.exe windows:6 windows x64 arch:x64

68db5c3ef4012ae9023ec3630692549e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

GetProcAddress
GetModuleHandleA
VirtualAlloc

advapi32

CryptDestroyKey
CryptAcquireContextW
CryptEncrypt
CryptReleaseContext
CryptImportKey

Sections

.text
Size: 1024B - Virtual size: 550B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 732B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 29KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 36B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.11.12_ESET-ModPipe_POS_Hospitality-Sector/85f9d294b74bcd94711a4e91af22ffee1410a20ac11872b9a8d89bac05e12e89
.exe windows:5 windows x64 arch:x64

de196b61101cad437a385b7aabea9e3f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

ExitProcess
Sleep
GetProcAddress
GetModuleHandleA
VirtualAlloc
ExitThread

Sections

.text
Size: 512B - Virtual size: 163B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 280B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.11.12_ESET-ModPipe_POS_Hospitality-Sector/README.md
Malware-Feed-master/2020.11.12_ESET-ModPipe_POS_Hospitality-Sector/aa4be907464d9f8a9d744491b11375fad20d300f459ea26fc8be10905af53660
.exe windows:5 windows x64 arch:x64

1e8531792606893b27c09b77c86a7ac4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

GetModuleHandleA
VirtualAlloc
GetProcAddress

Sections

.text
Size: 512B - Virtual size: 105B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 196B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.11.12_ESET-ModPipe_POS_Hospitality-Sector/daf1eccb75fc022d0cdfa644a1cb7ea53dac858da66cbcf8196cc1a147eb036c
.exe windows:5 windows x64 arch:x64

36e22c6ee7f02af9ebfc50599adb2a12

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

GetModuleHandleA
VirtualAlloc
lstrlenA
GetCommandLineA
GetProcAddress

shlwapi

StrToIntExA

Sections

.flat
Size: 512B - Virtual size: 46B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 512B - Virtual size: 234B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 340B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.11.12_ESET-ModPipe_POS_Hospitality-Sector/e8cd98f1abade45d4c608aadec25b529ede12b807bc5d446848991bd89f18cdc
.exe windows:5 windows x64 arch:x64

1e8531792606893b27c09b77c86a7ac4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

GetModuleHandleA
VirtualAlloc
GetProcAddress

Sections

.text
Size: 512B - Virtual size: 105B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 196B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.11.12_Morphisec-Jupiter_Infostealer/056c470dc745e56cbbe069d3c43a557f697e7f2afbd83c14471a1bdbf013e4af
.zip
Malware-Feed-master/2020.11.12_Morphisec-Jupiter_Infostealer/06cc1870c2d26b38b13a8dc2e59a302a5454c61e756aee37cbf794fb51af0ba3
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mscoree

_CorDllMain

Sections

.text
Size: 44KB - Virtual size: 41KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 792B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.11.12_Morphisec-Jupiter_Infostealer/30e527e45f50d2ba82865c5679a6fa998ee0a1755361ab01673950810d071c85
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mscoree

_CorDllMain

Sections

.text
Size: 56KB - Virtual size: 53KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 792B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.11.12_Morphisec-Jupiter_Infostealer/3147cd2ee6938d50d2cdc7e157ad1125de2229bb35454cbde502746d6a36154d
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mscoree

_CorDllMain

Sections

.text
Size: 136KB - Virtual size: 134KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 792B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.11.12_Morphisec-Jupiter_Infostealer/33d7f3bb788ea4bf9fffba9e528ec62ad38f02d03e63f78e427238f90a9ac75d
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mscoree

_CorDllMain

Sections

.text
Size: 104KB - Virtual size: 103KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 792B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.11.12_Morphisec-Jupiter_Infostealer/5597e6fe7256b243d62cc7d1fd0da4397f9840d8609ab767850c1a4e5d50a431
.7z
Malware-Feed-master/2020.11.12_Morphisec-Jupiter_Infostealer/5fafaa6539a7360f5a5ccf5c46b5c25e555fc7e11ada655ebd49588ca91b9fcc
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mscoree

_CorDllMain

Sections

.text
Size: 64KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 792B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.11.12_Morphisec-Jupiter_Infostealer/868cdb28bca314a991a5ae9e16afaa0b2b96daa42f4ae263230b2b8a7aed1d3c
.zip
Malware-Feed-master/2020.11.12_Morphisec-Jupiter_Infostealer/9d63af1cb88bb6b65e1d6c1f4467a728aeff1b8d07c2ef8c9b2e2f40b696a154
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mscoree

_CorDllMain

Sections

.text
Size: 40KB - Virtual size: 36KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 792B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.11.12_Morphisec-Jupiter_Infostealer/README.md
Malware-Feed-master/2020.11.12_Morphisec-Jupiter_Infostealer/a1a9137dea275aa805e5640f6450366dbf6e10be066e5c12c34904e45e469c4c
.exe windows:6 windows x86 arch:x86

5a594319a0d69dbc452e748bcf05892e

Code Sign

48:1b:6a:07:a9:42:4c:1e:aa:fe:f3:cd:f1:0f
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

15-06-2016 00:00

Not After

15-06-2024 00:00

Subject

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageOCSPSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

11:39:db:b0:27:76:fa:0f:0c:0d:f3:0b
Certificate

Issuer

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Not Before

04-09-2020 10:09

Not After

05-09-2021 10:09

Subject

SERIALNUMBER=1142311001744,CN=ITM LLC,O=ITM LLC,STREET=ul Solnechnaya\, 15/5,L=Krasnodar,ST=Krasnodar Krai,C=RU,1.3.6.1.4.1.311.60.2.1.2=#130e4b7261736e6f646172204b726169,1.3.6.1.4.1.311.60.2.1.3=#13025255,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

48:1b:6a:07:a9:42:4c:1e:aa:fe:f3:cd:f1:0f
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

15-06-2016 00:00

Not After

15-06-2024 00:00

Subject

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageOCSPSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

11:39:db:b0:27:76:fa:0f:0c:0d:f3:0b
Certificate

Issuer

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Not Before

04-09-2020 10:09

Not After

05-09-2021 10:09

Subject

SERIALNUMBER=1142311001744,CN=ITM LLC,O=ITM LLC,STREET=ul Solnechnaya\, 15/5,L=Krasnodar,ST=Krasnodar Krai,C=RU,1.3.6.1.4.1.311.60.2.1.2=#130e4b7261736e6f646172204b726169,1.3.6.1.4.1.311.60.2.1.3=#13025255,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

bc:b2:02:50:a0:9a:cd:76:75:1e:0b:b8:82:e0:9f:27:27:cf:8b:43:58:4c:de:a6:4b:d5:25:66:27:3d:7e:31
Signer

Actual PE Digest

bc:b2:02:50:a0:9a:cd:76:75:1e:0b:b8:82:e0:9f:27:27:cf:8b:43:58:4c:de:a6:4b:d5:25:66:27:3d:7e:31

Digest Algorithm

sha256

PE Digest Matches

true

66:cf:f3:dc:c8:37:d4:c7:b6:38:13:66:34:eb:b4:f2:7c:7a:43:71
Signer

Actual PE Digest

66:cf:f3:dc:c8:37:d4:c7:b6:38:13:66:34:eb:b4:f2:7c:7a:43:71

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

GetACP
GetExitCodeProcess
LocalFree
CloseHandle
SizeofResource
VirtualProtect
VirtualFree
GetFullPathNameW
ExitProcess
HeapAlloc
GetCPInfoExW
RtlUnwind
GetCPInfo
GetStdHandle
GetModuleHandleW
FreeLibrary
HeapDestroy
ReadFile
CreateProcessW
GetLastError
GetModuleFileNameW
SetLastError
FindResourceW
CreateThread
CompareStringW
LoadLibraryA
ResetEvent
GetVersion
RaiseException
FormatMessageW
SwitchToThread
GetExitCodeThread
GetCurrentThread
LoadLibraryExW
LockResource
GetCurrentThreadId
UnhandledExceptionFilter
VirtualQuery
VirtualQueryEx
Sleep
EnterCriticalSection
SetFilePointer
LoadResource
SuspendThread
GetTickCount
GetFileSize
GetStartupInfoW
GetFileAttributesW
InitializeCriticalSection
GetThreadPriority
SetThreadPriority
GetCurrentProcess
VirtualAlloc
GetSystemInfo
GetCommandLineW
LeaveCriticalSection
GetProcAddress
ResumeThread
GetVersionExW
VerifyVersionInfoW
HeapCreate
GetWindowsDirectoryW
VerSetConditionMask
GetDiskFreeSpaceW
FindFirstFileW
GetUserDefaultUILanguage
lstrlenW
QueryPerformanceCounter
SetEndOfFile
HeapFree
WideCharToMultiByte
FindClose
MultiByteToWideChar
LoadLibraryW
SetEvent
CreateFileW
GetLocaleInfoW
GetSystemDirectoryW
DeleteFileW
GetLocalTime
GetEnvironmentVariableW
WaitForSingleObject
WriteFile
ExitThread
DeleteCriticalSection
TlsGetValue
GetDateFormatW
SetErrorMode
IsValidLocale
TlsSetValue
CreateDirectoryW
GetSystemDefaultUILanguage
EnumCalendarInfoW
LocalAlloc
GetUserDefaultLangID
RemoveDirectoryW
CreateEventW
SetThreadLocale
GetThreadLocale

comctl32

InitCommonControls

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

user32

CreateWindowExW
TranslateMessage
CharLowerBuffW
CallWindowProcW
CharUpperW
PeekMessageW
GetSystemMetrics
SetWindowLongW
MessageBoxW
DestroyWindow
CharUpperBuffW
CharNextW
MsgWaitForMultipleObjects
LoadStringW
ExitWindowsEx
DispatchMessageW

oleaut32

SysAllocStringLen
SafeArrayPtrOfIndex
VariantCopy
SafeArrayGetLBound
SafeArrayGetUBound
VariantInit
VariantClear
SysFreeString
SysReAllocStringLen
VariantChangeType
SafeArrayCreate

netapi32

NetWkstaGetInfo
NetApiBufferFree

advapi32

RegQueryValueExW
AdjustTokenPrivileges
LookupPrivilegeValueW
RegCloseKey
OpenProcessToken
RegOpenKeyExW

Exports

Exports

TMethodImplementationIntercept
__dbk_fcall_wrapper
dbkFCallWrapperAddr

Sections

.text
Size: 718KB - Virtual size: 717KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 27KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.didata
Size: 512B - Virtual size: 420B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 154B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: - Virtual size: 24B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 93B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.11.12_Morphisec-Jupiter_Infostealer/c23957924eb604f3844f9e9c6c569c0a3aa6f60edc4ba4ecd42a68eaee3b8e02
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

W:\__solar_system\jupyter\jupyter\obj\Release\jupyter.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 872B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.11.12_Morphisec-Jupiter_Infostealer/ce486097ad2491aba8b1c120f6d0aa23eaf59cf698b57d2113faab696d03c601
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mscoree

_CorDllMain

Sections

.text
Size: 120KB - Virtual size: 118KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 792B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.11.12_Morphisec-Jupiter_Infostealer/f16630378ba5cd07f2e131f3afa483c6f722406702d9201450c3be17f8b1081e
.exe windows:6 windows x86 arch:x86

5a594319a0d69dbc452e748bcf05892e

Code Sign

48:1b:6a:07:a9:42:4c:1e:aa:fe:f3:cd:f1:0f
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

15-06-2016 00:00

Not After

15-06-2024 00:00

Subject

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageOCSPSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

11:39:db:b0:27:76:fa:0f:0c:0d:f3:0b
Certificate

Issuer

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Not Before

04-09-2020 10:09

Not After

05-09-2021 10:09

Subject

SERIALNUMBER=1142311001744,CN=ITM LLC,O=ITM LLC,STREET=ul Solnechnaya\, 15/5,L=Krasnodar,ST=Krasnodar Krai,C=RU,1.3.6.1.4.1.311.60.2.1.2=#130e4b7261736e6f646172204b726169,1.3.6.1.4.1.311.60.2.1.3=#13025255,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

82:94:c6:de:a3:26:b8:c3:aa:83:0c:0c:82:71:07:52:39:18:0e:21
Signer

Actual PE Digest

82:94:c6:de:a3:26:b8:c3:aa:83:0c:0c:82:71:07:52:39:18:0e:21

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

GetACP
GetExitCodeProcess
LocalFree
CloseHandle
SizeofResource
VirtualProtect
VirtualFree
GetFullPathNameW
ExitProcess
HeapAlloc
GetCPInfoExW
RtlUnwind
GetCPInfo
GetStdHandle
GetModuleHandleW
FreeLibrary
HeapDestroy
ReadFile
CreateProcessW
GetLastError
GetModuleFileNameW
SetLastError
FindResourceW
CreateThread
CompareStringW
LoadLibraryA
ResetEvent
GetVersion
RaiseException
FormatMessageW
SwitchToThread
GetExitCodeThread
GetCurrentThread
LoadLibraryExW
LockResource
GetCurrentThreadId
UnhandledExceptionFilter
VirtualQuery
VirtualQueryEx
Sleep
EnterCriticalSection
SetFilePointer
LoadResource
SuspendThread
GetTickCount
GetFileSize
GetStartupInfoW
GetFileAttributesW
InitializeCriticalSection
GetThreadPriority
SetThreadPriority
GetCurrentProcess
VirtualAlloc
GetSystemInfo
GetCommandLineW
LeaveCriticalSection
GetProcAddress
ResumeThread
GetVersionExW
VerifyVersionInfoW
HeapCreate
GetWindowsDirectoryW
VerSetConditionMask
GetDiskFreeSpaceW
FindFirstFileW
GetUserDefaultUILanguage
lstrlenW
QueryPerformanceCounter
SetEndOfFile
HeapFree
WideCharToMultiByte
FindClose
MultiByteToWideChar
LoadLibraryW
SetEvent
CreateFileW
GetLocaleInfoW
GetSystemDirectoryW
DeleteFileW
GetLocalTime
GetEnvironmentVariableW
WaitForSingleObject
WriteFile
ExitThread
DeleteCriticalSection
TlsGetValue
GetDateFormatW
SetErrorMode
IsValidLocale
TlsSetValue
CreateDirectoryW
GetSystemDefaultUILanguage
EnumCalendarInfoW
LocalAlloc
GetUserDefaultLangID
RemoveDirectoryW
CreateEventW
SetThreadLocale
GetThreadLocale

comctl32

InitCommonControls

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

user32

CreateWindowExW
TranslateMessage
CharLowerBuffW
CallWindowProcW
CharUpperW
PeekMessageW
GetSystemMetrics
SetWindowLongW
MessageBoxW
DestroyWindow
CharUpperBuffW
CharNextW
MsgWaitForMultipleObjects
LoadStringW
ExitWindowsEx
DispatchMessageW

oleaut32

SysAllocStringLen
SafeArrayPtrOfIndex
VariantCopy
SafeArrayGetLBound
SafeArrayGetUBound
VariantInit
VariantClear
SysFreeString
SysReAllocStringLen
VariantChangeType
SafeArrayCreate

netapi32

NetWkstaGetInfo
NetApiBufferFree

advapi32

RegQueryValueExW
AdjustTokenPrivileges
LookupPrivilegeValueW
RegCloseKey
OpenProcessToken
RegOpenKeyExW

Exports

Exports

TMethodImplementationIntercept
__dbk_fcall_wrapper
dbkFCallWrapperAddr

Sections

.text
Size: 718KB - Virtual size: 717KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 27KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.didata
Size: 512B - Virtual size: 420B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 154B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: - Virtual size: 24B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 93B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.11.12_Morphisec-Jupiter_Infostealer/fe2d39309d8bf3d85cacc2308bd36d149bc27f59f95c02b77a1f9f897291a933
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mscoree

_CorDllMain

Sections

.text
Size: 60KB - Virtual size: 57KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 792B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.11.16_BitDefender-Chinese_APT/28570122e952f25c92dfb83707c502a5036b9f99770127435cbb8c7e6796cce4
.dll windows:5 windows x64 arch:x64

286d76db1dac459aa743b52d2b256954

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\works\prjs\MD\md_client\x64\Release\md_client.pdb

Imports

kernel32

CreatePipe
InitializeCriticalSection
CreateMutexW
WaitForSingleObject
GetCurrentThreadId
ReleaseMutex
CreateEventW
GetExitCodeThread
SetEvent
CloseHandle
CreateThread
ResetEvent
DeleteCriticalSection
Sleep
GetTickCount
FindFirstFileW
FindNextFileW
RemoveDirectoryW
FindClose
GetFileAttributesW
GetModuleHandleA
SetFileAttributesW
GetLogicalDriveStringsW
GetLastError
LoadLibraryA
DeleteFileW
GetProcAddress
CreateProcessW
GetModuleFileNameA
GetModuleFileNameW
InitializeCriticalSectionAndSpinCount
MultiByteToWideChar
LeaveCriticalSection
RaiseException
GetCurrentProcess
CreateFileW
GetCurrentProcessId
SetUnhandledExceptionFilter
TerminateProcess
GetEnvironmentVariableW
PeekNamedPipe
SetErrorMode
ExitProcess
TerminateThread
CreateEventA
LocalAlloc
LocalFree
GetSystemTime
QueryPerformanceCounter
GetVersionExW
GetSystemInfo
GetComputerNameW
GetModuleHandleW
SetEndOfFile
WriteConsoleW
SetStdHandle
HeapReAlloc
HeapSize
GetProcessHeap
FreeEnvironmentStringsW
GetEnvironmentStringsW
WriteFile
EnterCriticalSection
ReadFile
GetCommandLineW
GetCommandLineA
GetCPInfo
GetOEMCP
IsValidCodePage
FindNextFileA
FindFirstFileExA
GetStringTypeW
LCMapStringW
GetConsoleCP
FlushFileBuffers
GetACP
ReadConsoleW
GetConsoleMode
GetFileType
GetStdHandle
SetFilePointerEx
HeapAlloc
HeapFree
WideCharToMultiByte
GetModuleHandleExW
LoadLibraryExW
FreeLibrary
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
SetLastError
InterlockedFlushSList
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
GetSystemTimeAsFileTime
InitializeSListHead
OutputDebugStringW
RtlUnwindEx

user32

DispatchMessageW
GetSystemMetrics
GetMessageA
PostThreadMessageA
GetMessageW
CloseDesktop
TranslateMessage

advapi32

GetUserNameW

shell32

ShellExecuteW

ws2_32

ntohl
socket
recvfrom
htonl
sendto
WSAStartup
ioctlsocket
setsockopt
select
closesocket
__WSAFDIsSet
WSACleanup
htons
gethostname
inet_addr
gethostbyname
inet_ntoa
getsockname

shlwapi

StrStrIA

Exports

Exports

Start
StartR
StartT

Sections

.text
Size: 113KB - Virtual size: 113KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 58KB - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 512B - Virtual size: 156B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.11.16_BitDefender-Chinese_APT/2e6dfca6b2b8a11d6eb8933bd7ed7f17ca46499a3ee548bbb086406eb57b2204
.exe windows:5 windows x86 arch:x86

67f6fa0c62383b20926cdbdd9da581f7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\works\prjs\MD\md_client\rlsexe\md_client.pdb

Imports

kernel32

InitializeCriticalSection
CreateMutexW
WaitForSingleObject
GetCurrentThreadId
ReleaseMutex
CreateEventW
SetEvent
CloseHandle
CreateThread
ResetEvent
DeleteCriticalSection
Sleep
GetTickCount
FindFirstFileW
FindNextFileW
RemoveDirectoryW
FindClose
GetFileAttributesW
GetModuleHandleA
SetFileAttributesW
GetLogicalDriveStringsW
GetLastError
LoadLibraryA
DeleteFileW
GetProcAddress
CreateProcessW
GetModuleFileNameA
GetModuleFileNameW
InitializeCriticalSectionAndSpinCount
MultiByteToWideChar
CreatePipe
RaiseException
DecodePointer
GetCurrentProcess
CreateFileW
GetCurrentProcessId
SetUnhandledExceptionFilter
TerminateProcess
GetEnvironmentVariableW
PeekNamedPipe
SetErrorMode
DeleteFileA
ExitProcess
TerminateThread
CreateEventA
LocalAlloc
LocalFree
GetSystemTime
QueryPerformanceCounter
GetVersionExW
GetSystemInfo
GetComputerNameW
GetModuleHandleW
WriteConsoleW
HeapReAlloc
HeapSize
GetStringTypeW
SetStdHandle
GetProcessHeap
LeaveCriticalSection
WriteFile
EnterCriticalSection
ReadFile
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetCPInfo
GetOEMCP
IsValidCodePage
FindNextFileA
SetEndOfFile
FindFirstFileExA
GetConsoleCP
FlushFileBuffers
LCMapStringW
ReadConsoleW
GetConsoleMode
GetFileType
SetFilePointerEx
HeapAlloc
HeapFree
GetACP
GetStdHandle
WideCharToMultiByte
GetModuleHandleExW
LoadLibraryExW
FreeLibrary
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
UnhandledExceptionFilter
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
GetSystemTimeAsFileTime
InitializeSListHead
OutputDebugStringW
SetLastError
RtlUnwind

user32

DispatchMessageW
GetSystemMetrics
GetMessageA
PostThreadMessageA
GetMessageW
CloseDesktop
TranslateMessage

advapi32

GetUserNameW

shell32

ShellExecuteW

ws2_32

getsockname
ntohl
recvfrom
htonl
sendto
WSAStartup
ioctlsocket
setsockopt
select
closesocket
__WSAFDIsSet
WSACleanup
htons
gethostname
inet_addr
gethostbyname
inet_ntoa
socket

Exports

Exports

DllInstall
Start
StartD
StartR
StartT

Sections

.text
Size: 105KB - Virtual size: 105KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 41KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 180B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.11.16_BitDefender-Chinese_APT/32cabf2952f88283251c36751e04a45bfa78cdb0835460619d4812b882795c03
.exe windows:5 windows x86 arch:x86

3c7b221198c64019d4347f6b77307612

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\works\self\tcp_transfer\Release\tcp_transfer.pdb

Imports

kernel32

InitializeCriticalSection
DeleteCriticalSection
Sleep
DeleteFileA
CloseHandle
CreateThread
ExitProcess
EnterCriticalSection
LeaveCriticalSection
CreateFileW
WriteConsoleW
SetFilePointerEx
HeapReAlloc
HeapSize
GetConsoleMode
GetConsoleCP
FlushFileBuffers
GetProcessHeap
GetStringTypeW
SetStdHandle
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetCPInfo
GetOEMCP
IsValidCodePage
FindNextFileA
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
EncodePointer
RaiseException
GetLastError
SetLastError
RtlUnwind
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
GetStdHandle
WriteFile
GetModuleFileNameA
MultiByteToWideChar
WideCharToMultiByte
GetModuleHandleExW
GetACP
HeapFree
HeapAlloc
LCMapStringW
GetFileType
FindClose
FindFirstFileExA
DecodePointer

user32

TranslateMessage
DispatchMessageW
GetMessageW

ws2_32

WSAStringToAddressA
WSAStartup
listen
bind
accept
connect
socket
send
select
WSAGetLastError
recv
closesocket
shutdown
setsockopt
WSAIoctl
ioctlsocket
htons

Exports

Exports

Start

Sections

.text
Size: 69KB - Virtual size: 69KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 268B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.11.16_BitDefender-Chinese_APT/5e90afbdfb63110fa3c9cdd79ef474852996a895a6bad66a663e2ccc51dd339b
.dll windows:5 windows x86 arch:x86

3d1db596927906d1e010626f0185d0e0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\works\prjs\z3_clt\Release\clt.pdb

Imports

kernel32

SetEvent
CloseHandle
ResetEvent
CreateEventA
GetTickCount
ReadFile
FindFirstFileA
WriteFile
GetDriveTypeA
FindNextFileA
SetFilePointer
FindClose
LocalAlloc
GetModuleHandleA
LoadLibraryA
DeleteFileA
GetLogicalDriveStringsA
LocalFree
GetFileSize
FreeLibrary
LocalReAlloc
GetLocalTime
GetCurrentThreadId
GetCurrentProcessId
InterlockedDecrement
InterlockedExchangeAdd
WideCharToMultiByte
InterlockedIncrement
TerminateProcess
CreatePipe
PeekNamedPipe
CreateThread
DisconnectNamedPipe
GetSystemDirectoryA
Sleep
GetStartupInfoA
CreateProcessA
OpenEventA
SetErrorMode
GetVersionExA
ExitProcess
SetUnhandledExceptionFilter
GetModuleFileNameA
Process32First
WriteProcessMemory
GetCurrentProcess
GetProcessId
OpenProcess
CreateToolhelp32Snapshot
MultiByteToWideChar
GetLastError
OutputDebugStringW
Process32Next
VirtualAllocEx
WriteConsoleW
DecodePointer
FlushFileBuffers
GetConsoleCP
SetFilePointerEx
HeapReAlloc
HeapSize
SetStdHandle
GetProcessHeap
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
WaitForSingleObject
InterlockedExchange
CancelIo
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
VirtualAlloc
VirtualFree
EnterCriticalSection
GetProcAddress
TerminateThread
LoadLibraryW
GetCommandLineA
CreateFileW
GetCPInfo
GetOEMCP
IsValidCodePage
FindFirstFileExA
GetConsoleMode
GetStringTypeW
LCMapStringW
GetFileType
GetStdHandle
GetACP
HeapAlloc
HeapFree
GetModuleHandleExW
FreeLibraryAndExitThread
ExitThread
LoadLibraryExW
TlsFree
TlsSetValue
UnhandledExceptionFilter
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
QueryPerformanceCounter
GetSystemTimeAsFileTime
InitializeSListHead
EncodePointer
RaiseException
InterlockedFlushSList
SetLastError
RtlUnwind
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue

user32

CloseDesktop
PostQuitMessage
GetMessageA
GetWindowTextW
GetClassNameW
OpenInputDesktop
wsprintfA
GetThreadDesktop
SetThreadDesktop
EnumChildWindows
IsWindowVisible
GetUserObjectInformationA
GetWindowThreadProcessId
EnumWindows

advapi32

LookupPrivilegeValueA
OpenProcessToken
RegCloseKey
RegQueryValueExA
RegQueryInfoKeyA
RegOpenKeyExA
RegEnumKeyExA
AdjustTokenPrivileges

oleaut32

SysAllocStringLen

ws2_32

WSAIoctl
closesocket
gethostbyname
select
shutdown
WSACleanup
send
socket
connect
recv
htons
ioctlsocket
setsockopt
WSAGetLastError
ntohs
ntohl
htonl
gethostname
WSAStartup

Exports

Exports

DllInstall
Start

Sections

.text
Size: 117KB - Virtual size: 116KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 324B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.11.16_BitDefender-Chinese_APT/631c62e067667a02da63a97aeeb556bece8394deee59e62b48f63baecf4cf613
.dll windows:5 windows x86 arch:x86

2b0becfc1c386afc94fe2dd0447bdb1d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\works\prjs\MD\md_client\Release\md_client.pdb

Imports

kernel32

CreatePipe
InitializeCriticalSection
CreateMutexW
WaitForSingleObject
GetCurrentThreadId
ReleaseMutex
CreateEventW
GetExitCodeThread
SetEvent
CloseHandle
CreateThread
ResetEvent
DeleteCriticalSection
Sleep
GetTickCount
FindFirstFileW
FindNextFileW
RemoveDirectoryW
FindClose
GetFileAttributesW
GetModuleHandleA
SetFileAttributesW
GetLogicalDriveStringsW
GetLastError
LoadLibraryA
DeleteFileW
GetProcAddress
CreateProcessW
GetModuleFileNameA
GetModuleFileNameW
InitializeCriticalSectionAndSpinCount
MultiByteToWideChar
LeaveCriticalSection
RaiseException
DecodePointer
GetCurrentProcess
CreateFileW
GetCurrentProcessId
SetUnhandledExceptionFilter
TerminateProcess
GetEnvironmentVariableW
PeekNamedPipe
SetErrorMode
ExitProcess
TerminateThread
CreateEventA
LocalAlloc
LocalFree
GetSystemTime
QueryPerformanceCounter
GetVersionExW
GetSystemInfo
GetComputerNameW
GetModuleHandleW
SetEndOfFile
WriteConsoleW
SetStdHandle
HeapReAlloc
HeapSize
GetProcessHeap
FreeEnvironmentStringsW
GetEnvironmentStringsW
WriteFile
EnterCriticalSection
ReadFile
GetCommandLineW
GetCommandLineA
GetCPInfo
GetOEMCP
IsValidCodePage
FindNextFileA
FindFirstFileExA
GetStringTypeW
LCMapStringW
GetConsoleCP
FlushFileBuffers
GetACP
ReadConsoleW
GetConsoleMode
GetFileType
GetStdHandle
SetFilePointerEx
HeapAlloc
HeapFree
WideCharToMultiByte
GetModuleHandleExW
LoadLibraryExW
FreeLibrary
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
RtlUnwind
SetLastError
InterlockedFlushSList
UnhandledExceptionFilter
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
GetSystemTimeAsFileTime
InitializeSListHead
OutputDebugStringW

user32

DispatchMessageW
GetSystemMetrics
GetMessageA
PostThreadMessageA
GetMessageW
CloseDesktop
TranslateMessage

advapi32

GetUserNameW

shell32

ShellExecuteW

ws2_32

ntohl
socket
recvfrom
htonl
sendto
WSAStartup
ioctlsocket
setsockopt
select
closesocket
__WSAFDIsSet
WSACleanup
htons
gethostname
inet_addr
gethostbyname
inet_ntoa
getsockname

shlwapi

StrStrIA

Exports

Exports

Start
StartR
StartT

Sections

.text
Size: 107KB - Virtual size: 106KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 41KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 168B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.11.16_BitDefender-Chinese_APT/63e8488de30c9b615c76d4e568f0a1b738fcad665e58571c299d8e9d7752a637
.exe windows:5 windows x86 arch:x86

3c7b221198c64019d4347f6b77307612

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\works\self\tcp_transfer\Release\tcp_transfer.pdb

Imports

kernel32

InitializeCriticalSection
DeleteCriticalSection
Sleep
DeleteFileA
CloseHandle
CreateThread
ExitProcess
EnterCriticalSection
LeaveCriticalSection
CreateFileW
WriteConsoleW
SetFilePointerEx
HeapReAlloc
HeapSize
GetConsoleMode
GetConsoleCP
FlushFileBuffers
GetProcessHeap
GetStringTypeW
SetStdHandle
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetCPInfo
GetOEMCP
IsValidCodePage
FindNextFileA
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
EncodePointer
RaiseException
GetLastError
SetLastError
RtlUnwind
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
GetStdHandle
WriteFile
GetModuleFileNameA
MultiByteToWideChar
WideCharToMultiByte
GetModuleHandleExW
GetACP
HeapFree
HeapAlloc
LCMapStringW
GetFileType
FindClose
FindFirstFileExA
DecodePointer

user32

TranslateMessage
DispatchMessageW
GetMessageW

ws2_32

WSAStringToAddressA
WSAStartup
listen
bind
accept
connect
socket
send
select
WSAGetLastError
recv
closesocket
shutdown
setsockopt
WSAIoctl
ioctlsocket
htons

Exports

Exports

Start

Sections

.text
Size: 69KB - Virtual size: 69KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 268B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.11.16_BitDefender-Chinese_APT/6f7f142089b1d2e48880f59362c7c50e5d193166bdd5e4b27318133e8fe27b2c
.dll windows:4 windows x86 arch:x86

27ac115aefc51935d9b262465dda48e8

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

advapi32

RegQueryValueExW
RegOpenKeyW
RegEnumKeyExW
RegQueryInfoKeyW
RegOpenKeyExW
RegCloseKey

user32

PeekMessageW
wsprintfW
PostThreadMessageW

ws2_32

htonl
htons
inet_ntoa
ntohl
ntohs
WSAGetLastError
WSASetLastError
gethostbyname
closesocket
accept
select
setsockopt
connect
recv
send
ioctlsocket
WSAIoctl
socket
getsockname
WSACreateEvent
__WSAFDIsSet
WSAStartup
WSACleanup

kernel32

GetExitCodeThread
GetStartupInfoW
GetSystemDirectoryW
TerminateProcess
SetErrorMode
GetModuleFileNameW
DisableThreadLibraryCalls
GetPrivateProfileStringW
GetTempPathW
WritePrivateProfileStringW
WaitForMultipleObjects
CreateThread
TerminateThread
ResumeThread
WaitForSingleObject
ResetEvent
Sleep
InterlockedExchangeAdd
EnterCriticalSection
LeaveCriticalSection
CreateEventW
DeleteCriticalSection
InitializeCriticalSection
lstrcmpiW
WideCharToMultiByte
lstrcpynW
InterlockedExchange
InterlockedIncrement
InterlockedDecrement
SetEvent
GetCurrentProcessId
GetTickCount
DeleteFileW
CreateDirectoryW
GetFileAttributesW
lstrlenW
GetLastError
FindClose
FindNextFileW
FindFirstFileW
lstrcatW
FreeLibrary
WriteFile
ReadFile
SetFilePointer
GetDriveTypeW
GetLogicalDriveStringsW
MoveFileW
CloseHandle
CreateFileW
GetProcAddress
LoadLibraryW
MultiByteToWideChar
lstrcpyW
GetComputerNameW
GetCurrentProcess
GetModuleHandleW
GetCurrentThreadId
GetLocalTime

shell32

SHFileOperationW
ShellExecuteW

msvcrt

??3@YAXPAX@Z
??2@YAPAXI@Z
_adjust_fdiv
malloc
_initterm
free
?terminate@@YAXXZ
_onexit
__dllonexit
??1type_info@@UAE@XZ
_purecall
wcsncmp
wcstok
_wtoi
swprintf
__CxxFrameHandler
__RTDynamicCast
wcsstr
sprintf
atoi
strstr
_strnicmp
_except_handler3
wcslen

Exports

Exports

LGBT_GetDeviceConnectInfo
LGBT_IsBluetoothAvailable
LGBT_IsDeviceConnected
LGBT_Launch
LGBT_LaunchSystem
LGBT_RegisterNotifications
LGBT_SelectDevice
LGBT_Terminate
LGBT_UnRegisterNotifications

Sections

.text
Size: 84KB - Virtual size: 83KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 333KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.11.16_BitDefender-Chinese_APT/7b524c3bdd5d5474b6e050084e3f32d2bf7f5c4539b44221e4bc2987b2deb56d
.dll windows:5 windows x64 arch:x64

1d59c207ef6b6173ab0b34d298cbaada

Code Sign

33:00:00:00:36:9e:7b:00:55:b2:c3:5d:2c:00:00:00:00:00:36
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

27-03-2013 20:08

Not After

27-06-2014 20:08

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:BBEC-30CA-2DBE,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:00:22:e2:93:eb:d3:0e:bb:55:2c:00:00:00:00:00:22
Certificate

Issuer

CN=Microsoft Windows Verification PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16-05-2013 18:20

Not After

16-08-2014 18:20

Subject

CN=Microsoft Windows Component Publisher,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03-04-2007 12:53

Not After

03-04-2021 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:07:02:dc:00:00:00:00:00:0b
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

15-09-2005 21:55

Not After

15-03-2016 22:05

Subject

CN=Microsoft Windows Verification PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

58:19:2c:a5:fb:66:55:e7:56:07:e7:bd:fe:27:62:e1:83:58:62:c2
Signer

Actual PE Digest

58:19:2c:a5:fb:66:55:e7:56:07:e7:bd:fe:27:62:e1:83:58:62:c2

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

WaitForSingleObject
OpenProcess
Sleep
GetFileAttributesA
CreateProcessA
GetModuleFileNameW
GetSystemDirectoryA
VirtualAllocEx
CreateFileMappingW
OpenFileMappingW
CloseHandle
GetCurrentProcessId
WriteProcessMemory
DeleteFileA
CreateRemoteThread
GetLastError
HeapFree
HeapAlloc
HeapReAlloc
GetCurrentThreadId
FlsSetValue
GetCommandLineA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
HeapSetInformation
GetVersion
HeapCreate
HeapDestroy
GetProcAddress
GetModuleHandleW
ExitProcess
DecodePointer
WriteFile
GetStdHandle
EncodePointer
RtlUnwindEx
FlsGetValue
FlsFree
SetLastError
FlsAlloc
SetHandleCount
InitializeCriticalSectionAndSpinCount
GetFileType
GetStartupInfoW
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
LeaveCriticalSection
EnterCriticalSection
LoadLibraryW
SetFilePointer
GetConsoleCP
GetConsoleMode
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
HeapSize
SetStdHandle
WriteConsoleW
MultiByteToWideChar
LCMapStringW
GetStringTypeW
CreateFileW
FlushFileBuffers

Exports

Exports

Embedding
cmsot

Sections

.text
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 109KB - Virtual size: 121KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 39KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1010B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.11.16_BitDefender-Chinese_APT/README.md
Malware-Feed-master/2020.11.16_BitDefender-Chinese_APT/ba3d8ff9b3f6b6223dd33dee15321e267cc28627723e68cd632e59d85c529330
.exe windows:5 windows x86 arch:x86

1f3b1f57de23890a8ed1a512c5941526

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\works\prjs\z3_clt\Rlsexe\clt.pdb

Imports

kernel32

SetEvent
CloseHandle
ResetEvent
CreateEventA
GetTickCount
ReadFile
FindFirstFileA
WriteFile
GetDriveTypeA
FindNextFileA
SetFilePointer
FindClose
LocalAlloc
GetModuleHandleA
LoadLibraryA
DeleteFileA
GetLogicalDriveStringsA
LocalFree
GetFileSize
FreeLibrary
LocalReAlloc
GetLocalTime
GetCurrentThreadId
GetCurrentProcessId
InterlockedDecrement
InterlockedExchangeAdd
WideCharToMultiByte
InterlockedIncrement
TerminateProcess
CreatePipe
PeekNamedPipe
CreateThread
DisconnectNamedPipe
GetSystemDirectoryA
Sleep
GetStartupInfoA
CreateProcessA
OpenEventA
SetErrorMode
GetVersionExA
DeleteFileW
ExitProcess
SetUnhandledExceptionFilter
GetCurrentProcess
MultiByteToWideChar
GetLastError
WriteConsoleW
DecodePointer
FlushFileBuffers
GetConsoleCP
SetFilePointerEx
HeapReAlloc
HeapSize
SetStdHandle
GetProcessHeap
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
WaitForSingleObject
InterlockedExchange
CancelIo
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
VirtualAlloc
VirtualFree
EnterCriticalSection
GetProcAddress
TerminateThread
LoadLibraryW
GetCommandLineA
CreateFileW
GetCPInfo
GetOEMCP
IsValidCodePage
FindNextFileW
FindFirstFileExW
GetConsoleMode
GetStringTypeW
LCMapStringW
GetFileType
HeapAlloc
HeapFree
GetACP
GetStdHandle
GetModuleFileNameW
GetModuleHandleExW
FreeLibraryAndExitThread
ExitThread
LoadLibraryExW
TlsFree
TlsSetValue
UnhandledExceptionFilter
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
QueryPerformanceCounter
GetSystemTimeAsFileTime
InitializeSListHead
EncodePointer
RaiseException
SetLastError
RtlUnwind
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue

user32

CloseDesktop
PostQuitMessage
DispatchMessageA
GetMessageA
OpenInputDesktop
wsprintfA
GetThreadDesktop
SetThreadDesktop
GetUserObjectInformationA
TranslateMessage

advapi32

RegCloseKey
RegQueryValueExA
RegQueryInfoKeyA
RegOpenKeyExA
RegEnumKeyExA

ws2_32

WSAIoctl
closesocket
gethostbyname
select
shutdown
WSACleanup
send
socket
connect
recv
htons
ioctlsocket
setsockopt
WSAGetLastError
ntohs
ntohl
htonl
gethostname
WSAStartup

Exports

Exports

DllInstall
Start

Sections

.text
Size: 114KB - Virtual size: 113KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 35KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 336B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.11.16_BitDefender-Chinese_APT/e61649ac70198e223c123ad29c7d02ebe4fe6da7f35282d26bd93d466e85176d
.dll windows:5 windows x86 arch:x86

6356f094640fac598b57c02becfc0f3c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

WaitForSingleObject
OpenProcess
Sleep
GetFileAttributesA
CreateProcessA
GetModuleFileNameW
GetSystemDirectoryA
VirtualAllocEx
CreateFileMappingW
OpenFileMappingW
CloseHandle
GetCurrentProcessId
WriteProcessMemory
DeleteFileA
CreateRemoteThread
GetLastError
HeapFree
HeapAlloc
HeapReAlloc
GetCurrentThreadId
DecodePointer
GetCommandLineA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapCreate
HeapDestroy
GetProcAddress
GetModuleHandleW
ExitProcess
WriteFile
GetStdHandle
EncodePointer
IsProcessorFeaturePresent
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
InterlockedDecrement
SetHandleCount
InitializeCriticalSectionAndSpinCount
GetFileType
GetStartupInfoW
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
LeaveCriticalSection
EnterCriticalSection
LoadLibraryW
SetFilePointer
GetConsoleCP
GetConsoleMode
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
RtlUnwind
HeapSize
SetStdHandle
WriteConsoleW
MultiByteToWideChar
LCMapStringW
GetStringTypeW
CreateFileW
FlushFileBuffers

Exports

Exports

Embedding
cmsot

Sections

.text
Size: 33KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 98KB - Virtual size: 109KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 39KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.11.16_BitDefender-Chinese_APT/e97ac9089fa80dc38e8fe920008c117d93203e45a1516d24b59f17f7055b8ced
.dll windows:5 windows x86 arch:x86

acaccbf8be1c4e90001d5aa91b6179a2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\works\prjs\z3_build\build\DllBuilder\Release\Dll_deploy.pdb

Imports

kernel32

InitializeCriticalSectionAndSpinCount
Sleep
GetLastError
RaiseException
DecodePointer
DeleteCriticalSection
SizeofResource
WriteFile
OutputDebugStringA
FindResourceA
MultiByteToWideChar
CreateFileA
LockResource
CloseHandle
LoadResource
GetLocalTime
LocalFree
ExitProcess
CreateDirectoryA
GetTickCount
WriteConsoleW
FlushFileBuffers
SetFilePointerEx
GetConsoleMode
GetConsoleCP
SetStdHandle
GetStringTypeW
GetProcessHeap
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCPInfo
GetOEMCP
IsValidCodePage
IsDebuggerPresent
OutputDebugStringW
EnterCriticalSection
LeaveCriticalSection
IsProcessorFeaturePresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
GetModuleHandleW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
GetCurrentProcess
TerminateProcess
InterlockedFlushSList
SetLastError
RtlUnwind
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
GetCommandLineA
GetCommandLineW
GetModuleHandleExW
GetModuleFileNameA
WideCharToMultiByte
HeapFree
HeapAlloc
GetACP
GetStdHandle
GetFileType
HeapSize
HeapReAlloc
LCMapStringW
FindClose
FindFirstFileExA
FindNextFileA
CreateFileW

user32

wsprintfA
wsprintfW

shell32

SHGetSpecialFolderPathA
SHGetSpecialFolderPathW
ShellExecuteA

ole32

CoUninitialize
CoInitialize

Exports

Exports

Start

Sections

.text
Size: 61KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 212B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 170KB - Virtual size: 170KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.11.17_Symantec-Japan_Sophisticated/3f5b623222c755d59052fab9e096c9d2b9a47d06b3a5de62fb9a66750af4efc4
.dll windows:5 windows x64 arch:x64

9614f180a6bab54e625e832fa6757c15

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

Sleep
ExitProcess
lstrlenA
SetErrorMode
lstrcatA
VirtualAlloc
GetModuleFileNameA
OutputDebugStringA
SetEndOfFile
CreateFileW
EncodePointer
DecodePointer
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetSystemTimeAsFileTime
GetProcAddress
GetModuleHandleW
GetLastError
HeapFree
GetCurrentThreadId
FlsSetValue
GetCommandLineA
RaiseException
RtlPcToFileHeader
RtlLookupFunctionEntry
RtlUnwindEx
HeapAlloc
WideCharToMultiByte
LCMapStringW
MultiByteToWideChar
GetCPInfo
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlCaptureContext
FlsGetValue
FlsFree
SetLastError
FlsAlloc
InitializeCriticalSectionAndSpinCount
LoadLibraryW
GetLocaleInfoW
WriteFile
GetStdHandle
GetModuleFileNameW
SetHandleCount
GetFileType
GetStartupInfoW
HeapSetInformation
GetVersion
HeapCreate
HeapDestroy
ReadFile
SetFilePointer
GetConsoleCP
GetConsoleMode
FlushFileBuffers
CloseHandle
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
HeapSize
GetACP
GetOEMCP
IsValidCodePage
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
GetStringTypeW
HeapReAlloc
SetStdHandle
WriteConsoleW
CreateFileA
GetProcessHeap

user32

CallWindowProcA

Exports

Exports

JLI_CmdToArgs
JLI_GetStdArgc
JLI_GetStdArgs
JLI_Launch
JLI_ManifestIterate
JLI_MemAlloc
JLI_ReportErrorMessage
JLI_ReportErrorMessageSys
JLI_ReportExceptionDescription
JLI_ReportMessage
JLI_SetTraceLauncher

Sections

.text
Size: 115KB - Virtual size: 115KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.11.17_Symantec-Japan_Sophisticated/README.md
Malware-Feed-master/2020.11.26_Checkpoint-Bandook/034d8ec8d510033c387bb87cac35d240b7b8daa3b5167732118c755c5e6c1d48
.docx office2007
Malware-Feed-master/2020.11.26_Checkpoint-Bandook/06ed3daccfbb30c68a33583a761fc20cc3e21adb8dd64a42d922e6da2a01c0dd
.exe windows:4 windows x86 arch:x86

7496aab9560a29da60f213a50320db47

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

oleaut32

SysFreeString
SysReAllocStringLen
SysAllocStringLen
GetErrorInfo
SysFreeString
SafeArrayPtrOfIndex
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayCreate
VariantChangeType
VariantCopy
VariantClear
VariantInit

advapi32

RegQueryValueExA
RegOpenKeyExA
RegCloseKey
RegQueryValueExA
RegOpenKeyExA
RegFlushKey
RegCloseKey

user32

GetKeyboardType
DestroyWindow
LoadStringA
MessageBoxA
CharNextA
CreateWindowExA
WindowFromPoint
WaitMessage
UpdateWindow
UnregisterClassA
UnhookWindowsHookEx
TranslateMessage
TranslateMDISysAccel
TrackPopupMenu
SystemParametersInfoA
ShowWindow
ShowScrollBar
ShowOwnedPopups
SetWindowsHookExA
SetWindowPos
SetWindowPlacement
SetWindowLongW
SetWindowLongA
SetTimer
SetScrollRange
SetScrollPos
SetScrollInfo
SetRect
SetPropA
SetParent
SetMenuItemInfoA
SetMenu
SetForegroundWindow
SetFocus
SetCursor
SetClassLongA
SetCapture
SetActiveWindow
SendMessageW
SendMessageA
ScrollWindow
ScreenToClient
RemovePropA
RemoveMenu
ReleaseDC
ReleaseCapture
RegisterWindowMessageA
RegisterClipboardFormatA
RegisterClassA
RedrawWindow
PtInRect
PostQuitMessage
PostMessageA
PeekMessageW
PeekMessageA
OffsetRect
OemToCharA
MsgWaitForMultipleObjects
MessageBoxA
MapWindowPoints
MapVirtualKeyA
LoadStringA
LoadKeyboardLayoutA
LoadIconA
LoadCursorA
LoadBitmapA
KillTimer
IsZoomed
IsWindowVisible
IsWindowUnicode
IsWindowEnabled
IsWindow
IsRectEmpty
IsIconic
IsDialogMessageW
IsDialogMessageA
IsChild
InvalidateRect
IntersectRect
InsertMenuItemA
InsertMenuA
InflateRect
GetWindowThreadProcessId
GetWindowTextA
GetWindowRect
GetWindowPlacement
GetWindowLongW
GetWindowLongA
GetWindowDC
GetTopWindow
GetSystemMetrics
GetSystemMenu
GetSysColorBrush
GetSysColor
GetSubMenu
GetScrollRange
GetScrollPos
GetScrollInfo
GetPropA
GetParent
GetWindow
GetMessagePos
GetMenuStringA
GetMenuState
GetMenuItemInfoA
GetMenuItemID
GetMenuItemCount
GetMenu
GetLastActivePopup
GetKeyboardState
GetKeyboardLayoutNameA
GetKeyboardLayoutList
GetKeyboardLayout
GetKeyState
GetKeyNameTextA
GetIconInfo
GetForegroundWindow
GetFocus
GetDesktopWindow
GetDCEx
GetDC
GetCursorPos
GetCursor
GetClipboardFormatNameA
GetClipboardData
GetClientRect
GetClassLongA
GetClassInfoA
GetCapture
GetActiveWindow
FrameRect
FindWindowA
FillRect
EqualRect
EnumWindows
EnumThreadWindows
EnumChildWindows
EndPaint
EnableWindow
EnableScrollBar
EnableMenuItem
DrawTextA
DrawMenuBar
DrawIconEx
DrawIcon
DrawFrameControl
DrawEdge
DispatchMessageW
DispatchMessageA
DestroyWindow
DestroyMenu
DestroyIcon
DestroyCursor
DeleteMenu
DefWindowProcA
DefMDIChildProcA
DefFrameProcA
CreatePopupMenu
CreateMenu
CreateIcon
ClientToScreen
CheckMenuItem
CallWindowProcA
CallNextHookEx
BeginPaint
AttachThreadInput
CharNextA
CharLowerBuffA
CharLowerA
CharToOemA
AdjustWindowRectEx
ActivateKeyboardLayout

kernel32

GetACP
Sleep
VirtualFree
VirtualAlloc
GetCurrentThreadId
InterlockedDecrement
InterlockedIncrement
VirtualQuery
WideCharToMultiByte
MultiByteToWideChar
lstrlenA
lstrcpynA
LoadLibraryExA
GetThreadLocale
GetStartupInfoA
GetProcAddress
GetModuleHandleA
GetModuleFileNameA
GetLocaleInfoA
GetLastError
GetCommandLineA
FreeLibrary
FindFirstFileA
FindClose
ExitProcess
ExitThread
CreateThread
CompareStringA
WriteFile
UnhandledExceptionFilter
SetFilePointer
SetEndOfFile
RtlUnwind
ReadFile
RaiseException
GetStdHandle
GetFileSize
GetFileType
CreateFileA
CloseHandle
TlsSetValue
TlsGetValue
LocalAlloc
GetModuleHandleA
lstrcpyA
WriteFile
WaitForSingleObject
VirtualQuery
VirtualAlloc
SizeofResource
SetThreadLocale
SetFilePointer
SetEvent
SetErrorMode
SetEndOfFile
ResumeThread
ResetEvent
ReadFile
OutputDebugStringA
MultiByteToWideChar
MulDiv
LockResource
LoadResource
LoadLibraryA
LeaveCriticalSection
InitializeCriticalSection
GlobalUnlock
GlobalSize
GlobalLock
GlobalFree
GlobalFindAtomA
GlobalDeleteAtom
GlobalAlloc
GlobalAddAtomA
GetVersionExA
GetVersion
GetTickCount
GetThreadLocale
GetStdHandle
GetProcAddress
GetModuleHandleA
GetModuleFileNameA
GetLocaleInfoA
GetLocalTime
GetLastError
GetFullPathNameA
GetExitCodeThread
GetDiskFreeSpaceA
GetDateFormatA
GetCurrentThreadId
GetCurrentProcessId
GetCurrentProcess
GetCPInfo
FreeResource
InterlockedIncrement
InterlockedExchange
InterlockedDecrement
FreeLibrary
FormatMessageA
FindResourceA
EnumCalendarInfoA
EnterCriticalSection
DeleteCriticalSection
CreateThread
CreateFileA
CreateEventA
CompareStringA
CloseHandle
Sleep

gdi32

UnrealizeObject
StretchBlt
SetWindowOrgEx
SetWinMetaFileBits
SetViewportOrgEx
SetTextColor
SetStretchBltMode
SetROP2
SetPixel
SetMapMode
SetEnhMetaFileBits
SetDIBColorTable
SetBrushOrgEx
SetBkMode
SetBkColor
SelectPalette
SelectObject
SaveDC
RestoreDC
RectVisible
RealizePalette
PlayEnhMetaFile
PatBlt
MoveToEx
MaskBlt
LineTo
LPtoDP
IntersectClipRect
GetWindowOrgEx
GetWinMetaFileBits
GetTextMetricsA
GetTextExtentPoint32A
GetSystemPaletteEntries
GetStockObject
GetRgnBox
GetPixel
GetPaletteEntries
GetObjectA
GetEnhMetaFilePaletteEntries
GetEnhMetaFileHeader
GetEnhMetaFileBits
GetDeviceCaps
GetDIBits
GetDIBColorTable
GetDCOrgEx
GetCurrentPositionEx
GetClipBox
GetBrushOrgEx
GetBitmapBits
ExcludeClipRect
DeleteObject
DeleteEnhMetaFile
DeleteDC
CreateSolidBrush
CreatePenIndirect
CreatePalette
CreateHalftonePalette
CreateFontIndirectA
CreateDIBitmap
CreateDIBSection
CreateCompatibleDC
CreateCompatibleBitmap
CreateBrushIndirect
CreateBitmap
CopyEnhMetaFileA
BitBlt

version

VerQueryValueA
GetFileVersionInfoSizeA
GetFileVersionInfoA

shell32

ExtractIconA
SHGetPathFromIDListA
SHGetMalloc

ole32

CreateStreamOnHGlobal
CreateILockBytesOnHGlobal
ReleaseStgMedium
OleIsCurrentClipboard
OleFlushClipboard
OleSetClipboard
DoDragDrop
OleUninitialize
OleInitialize
StgCreateDocfileOnILockBytes
CoCreateInstance
CoGetInterfaceAndReleaseStream
CoMarshalInterThreadInterfaceInStream
CoUninitialize
CoInitialize
IsEqualGUID

comctl32

_TrackMouseEvent
ImageList_SetIconSize
ImageList_GetIconSize
ImageList_Write
ImageList_Read
ImageList_GetDragImage
ImageList_DragShowNolock
ImageList_DragMove
ImageList_DragLeave
ImageList_DragEnter
ImageList_EndDrag
ImageList_BeginDrag
ImageList_Remove
ImageList_DrawEx
ImageList_Draw
ImageList_GetBkColor
ImageList_SetBkColor
ImageList_Add
ImageList_SetImageCount
ImageList_GetImageCount
ImageList_Destroy
ImageList_Create

Sections

.text
Size: 438KB - Virtual size: 438KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 23KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 56B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 30KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 863KB - Virtual size: 863KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.11.26_Checkpoint-Bandook/072c103759968253b7b25837b43eec546c625ae9c04edd52321d848cf6078b87
.docx office2007
Malware-Feed-master/2020.11.26_Checkpoint-Bandook/0750c7cdc538d79d9ffed0d37f5d9a083902b49ec02d75ee88028db9f3668b59
.docx office2007
Malware-Feed-master/2020.11.26_Checkpoint-Bandook/1b0d2d096c5f7fff02a5a4ce623b71b862f63e306a0760722f710c425b4e16ec
.docx office2007
Malware-Feed-master/2020.11.26_Checkpoint-Bandook/27c6341554a04bdc792ffbc5cda26511cbcfcc66334fb6ebbc24a14969b4e498
.exe windows:4 windows x86 arch:x86

0f6a0ddb2172e9f0eb8f35480a81aded

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

oleaut32

SysFreeString
SysReAllocStringLen
SysAllocStringLen
GetErrorInfo
SysFreeString
SafeArrayPtrOfIndex
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayCreate
VariantChangeType
VariantCopy
VariantClear
VariantInit

advapi32

RegQueryValueExA
RegOpenKeyExA
RegCloseKey
RegQueryValueExA
RegOpenKeyExA
RegFlushKey
RegCloseKey

user32

GetKeyboardType
DestroyWindow
LoadStringA
MessageBoxA
CharNextA
CreateWindowExA
WindowFromPoint
WaitMessage
UpdateWindow
UnregisterClassA
UnhookWindowsHookEx
TranslateMessage
TranslateMDISysAccel
TrackPopupMenu
SystemParametersInfoA
ShowWindow
ShowScrollBar
ShowOwnedPopups
SetWindowsHookExA
SetWindowPos
SetWindowPlacement
SetWindowLongW
SetWindowLongA
SetTimer
SetScrollRange
SetScrollPos
SetScrollInfo
SetRect
SetPropA
SetParent
SetMenuItemInfoA
SetMenu
SetForegroundWindow
SetFocus
SetCursor
SetClipboardData
SetClassLongA
SetCapture
SetActiveWindow
SendMessageW
SendMessageA
ScrollWindow
ScreenToClient
RemovePropA
RemoveMenu
ReleaseDC
ReleaseCapture
RegisterWindowMessageA
RegisterClipboardFormatA
RegisterClassA
RedrawWindow
PtInRect
PostQuitMessage
PostMessageA
PeekMessageW
PeekMessageA
OpenClipboard
OffsetRect
OemToCharA
MsgWaitForMultipleObjects
MessageBoxA
MessageBeep
MapWindowPoints
MapVirtualKeyA
LoadStringA
LoadKeyboardLayoutA
LoadIconA
LoadCursorA
LoadBitmapA
KillTimer
IsZoomed
IsWindowVisible
IsWindowUnicode
IsWindowEnabled
IsWindow
IsRectEmpty
IsIconic
IsDialogMessageW
IsDialogMessageA
IsChild
InvalidateRect
IntersectRect
InsertMenuItemA
InsertMenuA
InflateRect
GetWindowThreadProcessId
GetWindowTextA
GetWindowRect
GetWindowPlacement
GetWindowLongW
GetWindowLongA
GetWindowDC
GetTopWindow
GetSystemMetrics
GetSystemMenu
GetSysColorBrush
GetSysColor
GetSubMenu
GetScrollRange
GetScrollPos
GetScrollInfo
GetPropA
GetParent
GetWindow
GetMessagePos
GetMenuStringA
GetMenuState
GetMenuItemInfoA
GetMenuItemID
GetMenuItemCount
GetMenu
GetLastActivePopup
GetKeyboardState
GetKeyboardLayoutNameA
GetKeyboardLayoutList
GetKeyboardLayout
GetKeyState
GetKeyNameTextA
GetIconInfo
GetForegroundWindow
GetFocus
GetDesktopWindow
GetDCEx
GetDC
GetCursorPos
GetCursor
GetClipboardFormatNameA
GetClipboardData
GetClientRect
GetClassLongA
GetClassInfoA
GetCapture
GetActiveWindow
FrameRect
FindWindowA
FillRect
EqualRect
EnumWindows
EnumThreadWindows
EnumChildWindows
EndPaint
EnableWindow
EnableScrollBar
EnableMenuItem
EmptyClipboard
DrawTextA
DrawMenuBar
DrawIconEx
DrawIcon
DrawFrameControl
DrawEdge
DispatchMessageW
DispatchMessageA
DestroyWindow
DestroyMenu
DestroyIcon
DestroyCursor
DeleteMenu
DefWindowProcA
DefMDIChildProcA
DefFrameProcA
CreatePopupMenu
CreateMenu
CreateIcon
CloseClipboard
ClientToScreen
CheckMenuItem
CallWindowProcA
CallNextHookEx
BeginPaint
CharNextA
CharLowerBuffA
CharLowerA
CharUpperBuffA
CharToOemBuffA
CharToOemA
AdjustWindowRectEx
ActivateKeyboardLayout

kernel32

GetACP
Sleep
VirtualFree
VirtualAlloc
GetCurrentThreadId
InterlockedDecrement
InterlockedIncrement
VirtualQuery
WideCharToMultiByte
MultiByteToWideChar
lstrlenA
lstrcpynA
LoadLibraryExA
GetThreadLocale
GetStartupInfoA
GetProcAddress
GetModuleHandleA
GetModuleFileNameA
GetLocaleInfoA
GetLastError
GetCommandLineA
FreeLibrary
FindFirstFileA
FindClose
ExitProcess
ExitThread
CreateThread
CompareStringA
WriteFile
UnhandledExceptionFilter
SetFilePointer
SetEndOfFile
RtlUnwind
ReadFile
RaiseException
GetStdHandle
GetFileSize
GetFileType
CreateFileA
CloseHandle
TlsSetValue
TlsGetValue
LocalAlloc
GetModuleHandleA
lstrcpyA
WriteFile
WideCharToMultiByte
WaitForSingleObject
VirtualQuery
VirtualAlloc
SizeofResource
SetThreadLocale
SetFilePointer
SetEvent
SetErrorMode
SetEndOfFile
ResumeThread
ResetEvent
ReadFile
OutputDebugStringA
MultiByteToWideChar
MulDiv
LockResource
LoadResource
LoadLibraryA
LeaveCriticalSection
InitializeCriticalSection
GlobalUnlock
GlobalSize
GlobalLock
GlobalFree
GlobalFindAtomA
GlobalDeleteAtom
GlobalAlloc
GlobalAddAtomA
GetVersionExA
GetVersion
GetTickCount
GetThreadLocale
GetStdHandle
GetProcAddress
GetModuleHandleA
GetModuleFileNameA
GetLocaleInfoA
GetLocalTime
GetLastError
GetFullPathNameA
GetExitCodeThread
GetDiskFreeSpaceA
GetDateFormatA
GetCurrentThreadId
GetCurrentProcessId
GetCurrentProcess
GetCPInfo
FreeResource
InterlockedIncrement
InterlockedExchange
InterlockedDecrement
FreeLibrary
FormatMessageA
FindResourceA
EnumCalendarInfoA
EnterCriticalSection
DeleteCriticalSection
CreateThread
CreateFileA
CreateEventA
CompareStringA
CloseHandle
Sleep

gdi32

UnrealizeObject
StretchBlt
SetWindowOrgEx
SetWinMetaFileBits
SetViewportOrgEx
SetTextColor
SetStretchBltMode
SetROP2
SetPixel
SetMapMode
SetEnhMetaFileBits
SetDIBColorTable
SetBrushOrgEx
SetBkMode
SetBkColor
SelectPalette
SelectObject
SaveDC
RestoreDC
Rectangle
RectVisible
RealizePalette
PlayEnhMetaFile
PatBlt
MoveToEx
MaskBlt
LineTo
LPtoDP
IntersectClipRect
GetWindowOrgEx
GetWinMetaFileBits
GetTextMetricsA
GetTextExtentPointA
GetTextExtentPoint32A
GetSystemPaletteEntries
GetStockObject
GetRgnBox
GetPixel
GetPaletteEntries
GetObjectA
GetMetaFileBitsEx
GetEnhMetaFilePaletteEntries
GetEnhMetaFileHeader
GetEnhMetaFileBits
GetDeviceCaps
GetDIBits
GetDIBColorTable
GetDCOrgEx
GetCurrentPositionEx
GetClipBox
GetBrushOrgEx
GetBitmapBits
ExcludeClipRect
DeleteObject
DeleteEnhMetaFile
DeleteDC
CreateSolidBrush
CreatePenIndirect
CreatePalette
CreateHalftonePalette
CreateFontIndirectA
CreateDIBitmap
CreateDIBSection
CreateCompatibleDC
CreateCompatibleBitmap
CreateBrushIndirect
CreateBitmap
CopyEnhMetaFileA
BitBlt

version

VerQueryValueA
GetFileVersionInfoSizeA
GetFileVersionInfoA

shell32

ExtractIconA
SHGetPathFromIDListW
SHGetPathFromIDListA
SHGetMalloc
SHGetDesktopFolder
ord18

ole32

CreateStreamOnHGlobal
CreateILockBytesOnHGlobal
ReleaseStgMedium
OleGetClipboard
RevokeDragDrop
RegisterDragDrop
OleUninitialize
OleInitialize
StgCreateDocfileOnILockBytes
CoTaskMemFree
CoTaskMemAlloc
CoCreateInstance
CoGetInterfaceAndReleaseStream
CoMarshalInterThreadInterfaceInStream
CoUninitialize
CoInitialize
IsEqualGUID

comctl32

_TrackMouseEvent
ImageList_SetIconSize
ImageList_GetIconSize
ImageList_Write
ImageList_Read
ImageList_GetDragImage
ImageList_DragShowNolock
ImageList_SetDragCursorImage
ImageList_DragMove
ImageList_DragLeave
ImageList_DragEnter
ImageList_EndDrag
ImageList_BeginDrag
ImageList_Remove
ImageList_DrawEx
ImageList_Draw
ImageList_GetBkColor
ImageList_SetBkColor
ImageList_Add
ImageList_SetImageCount
ImageList_GetImageCount
ImageList_Destroy
ImageList_Create

Sections

.text
Size: 503KB - Virtual size: 503KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 23KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 56B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.11.26_Checkpoint-Bandook/2ee74ae5b202c8aab288ca167c630e9ee3569240958e984474b960cd560bbe95
.docx office2007
Malware-Feed-master/2020.11.26_Checkpoint-Bandook/306238a63896fa8b79b4c9a6d25fd906bb9e4919bc698608ab970677d15b0694
.docx office2007
Malware-Feed-master/2020.11.26_Checkpoint-Bandook/3fda0a5da313886b0339eee65c69c779ed620b303ba079ee0864ca4a1496b0b4
.exe windows:4 windows x86 arch:x86

97b57689d0885a13da46c22b5a6df851

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

oleaut32

SysFreeString
SysReAllocStringLen
SysAllocStringLen
GetErrorInfo
SysFreeString
SafeArrayPtrOfIndex
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayCreate
VariantChangeType
VariantCopy
VariantClear
VariantInit

advapi32

RegQueryValueExA
RegOpenKeyExA
RegCloseKey
RegQueryValueExW
RegQueryValueExA
RegOpenKeyExW
RegOpenKeyExA
RegFlushKey
RegCloseKey

user32

GetKeyboardType
DestroyWindow
LoadStringA
MessageBoxA
CharNextA
CreateWindowExA
WindowFromPoint
WaitMessage
UpdateWindow
UnregisterClassA
UnhookWindowsHookEx
TranslateMessage
TranslateMDISysAccel
TrackPopupMenu
SystemParametersInfoA
ShowWindow
ShowScrollBar
ShowOwnedPopups
SetWindowsHookExA
SetWindowPos
SetWindowPlacement
SetWindowLongW
SetWindowLongA
SetTimer
SetScrollRange
SetScrollPos
SetScrollInfo
SetRect
SetPropA
SetParent
SetMenuItemInfoA
SetMenu
SetForegroundWindow
SetFocus
SetCursor
SetClassLongA
SetCapture
SetActiveWindow
SendMessageW
SendMessageA
ScrollWindow
ScreenToClient
RemovePropA
RemoveMenu
ReleaseDC
ReleaseCapture
RegisterWindowMessageA
RegisterClipboardFormatA
RegisterClassA
RedrawWindow
PtInRect
PostQuitMessage
PostMessageA
PeekMessageW
PeekMessageA
OffsetRect
OemToCharA
MessageBoxA
MapWindowPoints
MapVirtualKeyA
LoadStringA
LoadKeyboardLayoutA
LoadIconA
LoadCursorA
LoadBitmapA
KillTimer
IsZoomed
IsWindowVisible
IsWindowUnicode
IsWindowEnabled
IsWindow
IsRectEmpty
IsIconic
IsDialogMessageW
IsDialogMessageA
IsChild
InvalidateRgn
InvalidateRect
IntersectRect
InsertMenuItemA
InsertMenuA
InflateRect
GetWindowThreadProcessId
GetWindowTextA
GetWindowRect
GetWindowPlacement
GetWindowLongW
GetWindowLongA
GetWindowDC
GetTopWindow
GetSystemMetrics
GetSystemMenu
GetSysColorBrush
GetSysColor
GetSubMenu
GetScrollRange
GetScrollPos
GetScrollInfo
GetPropA
GetParent
GetWindow
GetMessagePos
GetMenuStringA
GetMenuState
GetMenuItemInfoA
GetMenuItemID
GetMenuItemCount
GetMenu
GetLastActivePopup
GetKeyboardState
GetKeyboardLayoutNameA
GetKeyboardLayoutList
GetKeyboardLayout
GetKeyState
GetKeyNameTextA
GetIconInfo
GetForegroundWindow
GetFocus
GetDesktopWindow
GetDCEx
GetDC
GetCursorPos
GetCursor
GetClipboardData
GetClientRect
GetClassLongA
GetClassInfoA
GetCapture
GetActiveWindow
FrameRect
FindWindowA
FillRect
EqualRect
EnumWindows
EnumThreadWindows
EnumChildWindows
EndPaint
EnableWindow
EnableScrollBar
EnableMenuItem
DrawTextA
DrawMenuBar
DrawIconEx
DrawIcon
DrawFrameControl
DrawFocusRect
DrawEdge
DispatchMessageW
DispatchMessageA
DestroyWindow
DestroyMenu
DestroyIcon
DestroyCursor
DeleteMenu
DefWindowProcA
DefMDIChildProcA
DefFrameProcA
CreatePopupMenu
CreateMenu
CreateIcon
ClientToScreen
CheckMenuItem
CharNextW
CallWindowProcA
CallNextHookEx
BeginPaint
CharNextA
CharLowerBuffA
CharLowerA
CharUpperBuffA
CharToOemA
AdjustWindowRectEx
ActivateKeyboardLayout

kernel32

GetACP
Sleep
VirtualFree
VirtualAlloc
GetCurrentThreadId
InterlockedDecrement
InterlockedIncrement
VirtualQuery
WideCharToMultiByte
MultiByteToWideChar
lstrlenA
lstrcpynA
LoadLibraryExA
GetThreadLocale
GetStartupInfoA
GetProcAddress
GetModuleHandleA
GetModuleFileNameA
GetLocaleInfoA
GetCommandLineA
FreeLibrary
FindFirstFileA
FindClose
ExitProcess
CompareStringA
WriteFile
UnhandledExceptionFilter
RtlUnwind
RaiseException
GetStdHandle
TlsSetValue
TlsGetValue
LocalAlloc
GetModuleHandleA
lstrcpyA
WriteFile
WideCharToMultiByte
WaitForSingleObject
VirtualQuery
VirtualAlloc
SizeofResource
SetThreadLocale
SetFilePointer
SetEvent
SetErrorMode
SetEndOfFile
ResetEvent
ReadFile
MultiByteToWideChar
MulDiv
LockResource
LoadResource
LoadLibraryA
LeaveCriticalSection
InitializeCriticalSection
GlobalFindAtomA
GlobalDeleteAtom
GlobalAddAtomA
GetVersionExA
GetVersion
GetTickCount
GetThreadLocale
GetSystemInfo
GetStringTypeExA
GetStdHandle
GetProcAddress
GetModuleHandleA
GetModuleFileNameA
GetLocaleInfoA
GetLocalTime
GetLastError
GetFullPathNameA
GetDiskFreeSpaceA
GetDateFormatA
GetCurrentThreadId
GetCurrentProcessId
GetCurrentProcess
GetCPInfo
GetACP
FreeResource
InterlockedExchange
FreeLibrary
FormatMessageA
FindResourceA
EnumCalendarInfoA
EnterCriticalSection
DeleteCriticalSection
CreateThread
CreateFileA
CreateEventA
CompareStringW
CompareStringA
CloseHandle
Sleep
GetVersionExA

gdi32

UnrealizeObject
StretchBlt
SetWindowOrgEx
SetWinMetaFileBits
SetViewportOrgEx
SetTextColor
SetStretchBltMode
SetROP2
SetPixel
SetEnhMetaFileBits
SetDIBColorTable
SetBrushOrgEx
SetBkMode
SetBkColor
SelectPalette
SelectObject
SaveDC
RoundRect
RestoreDC
RectVisible
RealizePalette
PlayEnhMetaFile
PatBlt
MoveToEx
MaskBlt
LineTo
IntersectClipRect
GetWindowOrgEx
GetWinMetaFileBits
GetTextMetricsA
GetTextExtentPoint32A
GetSystemPaletteEntries
GetStockObject
GetRgnBox
GetPixel
GetPaletteEntries
GetObjectA
GetEnhMetaFilePaletteEntries
GetEnhMetaFileHeader
GetEnhMetaFileBits
GetDeviceCaps
GetDIBits
GetDIBColorTable
GetDCOrgEx
GetCurrentPositionEx
GetClipBox
GetBrushOrgEx
GetBitmapBits
GdiFlush
ExcludeClipRect
DeleteObject
DeleteEnhMetaFile
DeleteDC
CreateSolidBrush
CreateRectRgn
CreatePenIndirect
CreatePalette
CreateHalftonePalette
CreateFontIndirectA
CreateDIBitmap
CreateDIBSection
CreateCompatibleDC
CreateCompatibleBitmap
CreateBrushIndirect
CreateBitmap
CopyEnhMetaFileA
CombineRgn
BitBlt

version

VerQueryValueA
GetFileVersionInfoSizeA
GetFileVersionInfoA

shell32

DragAcceptFiles

ole32

CoUninitialize
CoInitialize

comctl32

_TrackMouseEvent
ImageList_SetIconSize
ImageList_GetIconSize
ImageList_Write
ImageList_Read
ImageList_DragShowNolock
ImageList_DragMove
ImageList_DragLeave
ImageList_DragEnter
ImageList_EndDrag
ImageList_BeginDrag
ImageList_Remove
ImageList_DrawEx
ImageList_Draw
ImageList_GetBkColor
ImageList_SetBkColor
ImageList_Add
ImageList_SetImageCount
ImageList_GetImageCount
ImageList_Destroy
ImageList_Create

Sections

.text
Size: 514KB - Virtual size: 513KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 26KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 60B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 33KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.11.26_Checkpoint-Bandook/408c11caf548048732ac21e88a54e80d47a05b9619c1c16b65fa850e0172f428
.exe windows:4 windows x86 arch:x86

491b25a8d3dcb0663e497d6c4ab6a3dd

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

oleaut32

SysFreeString
SysReAllocStringLen
SysAllocStringLen
GetErrorInfo
SysFreeString
SafeArrayPtrOfIndex
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayCreate
VariantChangeType
VariantCopy
VariantClear
VariantInit

advapi32

RegQueryValueExA
RegOpenKeyExA
RegCloseKey
RegQueryValueExA
RegOpenKeyExA
RegFlushKey
RegCloseKey

user32

GetKeyboardType
DestroyWindow
LoadStringA
MessageBoxA
CharNextA
CreateWindowExA
WindowFromPoint
WaitMessage
UpdateWindow
UnregisterClassA
UnhookWindowsHookEx
TranslateMessage
TranslateMDISysAccel
TrackPopupMenu
SystemParametersInfoA
ShowWindow
ShowScrollBar
ShowOwnedPopups
SetWindowsHookExA
SetWindowPos
SetWindowPlacement
SetWindowLongW
SetWindowLongA
SetTimer
SetScrollRange
SetScrollPos
SetScrollInfo
SetRect
SetPropA
SetParent
SetMenuItemInfoA
SetMenu
SetForegroundWindow
SetFocus
SetCursor
SetClassLongA
SetCapture
SetActiveWindow
SendMessageW
SendMessageA
ScrollWindow
ScreenToClient
RemovePropA
RemoveMenu
ReleaseDC
ReleaseCapture
RegisterWindowMessageA
RegisterClipboardFormatA
RegisterClassA
RedrawWindow
PtInRect
PostQuitMessage
PostMessageA
PeekMessageW
PeekMessageA
OffsetRect
OemToCharA
MsgWaitForMultipleObjects
MessageBoxA
MapWindowPoints
MapVirtualKeyA
LoadStringA
LoadKeyboardLayoutA
LoadIconA
LoadCursorA
LoadBitmapA
KillTimer
IsZoomed
IsWindowVisible
IsWindowUnicode
IsWindowEnabled
IsWindow
IsRectEmpty
IsIconic
IsDialogMessageW
IsDialogMessageA
IsChild
InvalidateRect
IntersectRect
InsertMenuItemA
InsertMenuA
InflateRect
GetWindowThreadProcessId
GetWindowTextA
GetWindowRect
GetWindowPlacement
GetWindowLongW
GetWindowLongA
GetWindowDC
GetTopWindow
GetSystemMetrics
GetSystemMenu
GetSysColorBrush
GetSysColor
GetSubMenu
GetScrollRange
GetScrollPos
GetScrollInfo
GetPropA
GetParent
GetWindow
GetMessagePos
GetMenuStringA
GetMenuState
GetMenuItemInfoA
GetMenuItemID
GetMenuItemCount
GetMenu
GetLastActivePopup
GetKeyboardState
GetKeyboardLayoutNameA
GetKeyboardLayoutList
GetKeyboardLayout
GetKeyState
GetKeyNameTextA
GetIconInfo
GetForegroundWindow
GetFocus
GetDesktopWindow
GetDCEx
GetDC
GetCursorPos
GetCursor
GetClipboardFormatNameA
GetClipboardData
GetClientRect
GetClassLongA
GetClassInfoA
GetCapture
GetActiveWindow
FrameRect
FindWindowA
FillRect
EqualRect
EnumWindows
EnumThreadWindows
EnumChildWindows
EndPaint
EnableWindow
EnableScrollBar
EnableMenuItem
DrawTextA
DrawMenuBar
DrawIconEx
DrawIcon
DrawFrameControl
DrawEdge
DispatchMessageW
DispatchMessageA
DestroyWindow
DestroyMenu
DestroyIcon
DestroyCursor
DeleteMenu
DefWindowProcA
DefMDIChildProcA
DefFrameProcA
CreatePopupMenu
CreateMenu
CreateIcon
ClientToScreen
CheckMenuItem
CallWindowProcA
CallNextHookEx
BeginPaint
AttachThreadInput
CharNextA
CharLowerBuffA
CharLowerA
CharToOemA
AdjustWindowRectEx
ActivateKeyboardLayout

kernel32

GetACP
Sleep
VirtualFree
VirtualAlloc
GetCurrentThreadId
InterlockedDecrement
InterlockedIncrement
VirtualQuery
WideCharToMultiByte
MultiByteToWideChar
lstrlenA
lstrcpynA
LoadLibraryExA
GetThreadLocale
GetStartupInfoA
GetProcAddress
GetModuleHandleA
GetModuleFileNameA
GetLocaleInfoA
GetCommandLineA
FreeLibrary
FindFirstFileA
FindClose
ExitProcess
ExitThread
CreateThread
CompareStringA
WriteFile
UnhandledExceptionFilter
RtlUnwind
RaiseException
GetStdHandle
TlsSetValue
TlsGetValue
LocalAlloc
GetModuleHandleA
lstrcpyA
WriteFile
WaitForSingleObject
VirtualQuery
VirtualAlloc
SizeofResource
SetThreadLocale
SetFilePointer
SetEvent
SetErrorMode
SetEndOfFile
ResumeThread
ResetEvent
ReadFile
OutputDebugStringA
MultiByteToWideChar
MulDiv
LockResource
LoadResource
LoadLibraryA
LeaveCriticalSection
InitializeCriticalSection
GlobalUnlock
GlobalSize
GlobalLock
GlobalFree
GlobalFindAtomA
GlobalDeleteAtom
GlobalAlloc
GlobalAddAtomA
GetVersionExA
GetVersion
GetTickCount
GetThreadLocale
GetStdHandle
GetProcAddress
GetModuleHandleA
GetModuleFileNameA
GetLocaleInfoA
GetLocalTime
GetLastError
GetFullPathNameA
GetExitCodeThread
GetDiskFreeSpaceA
GetDateFormatA
GetCurrentThreadId
GetCurrentProcessId
GetCurrentProcess
GetCPInfo
FreeResource
InterlockedIncrement
InterlockedExchange
InterlockedDecrement
FreeLibrary
FormatMessageA
FindResourceA
EnumCalendarInfoA
EnterCriticalSection
DeleteCriticalSection
CreateThread
CreateFileA
CreateEventA
CompareStringA
CloseHandle
Sleep

gdi32

UnrealizeObject
StretchBlt
SetWindowOrgEx
SetWinMetaFileBits
SetViewportOrgEx
SetTextColor
SetStretchBltMode
SetROP2
SetPixel
SetMapMode
SetEnhMetaFileBits
SetDIBColorTable
SetBrushOrgEx
SetBkMode
SetBkColor
SelectPalette
SelectObject
SaveDC
RestoreDC
RectVisible
RealizePalette
PlayEnhMetaFile
PatBlt
MoveToEx
MaskBlt
LineTo
LPtoDP
IntersectClipRect
GetWindowOrgEx
GetWinMetaFileBits
GetTextMetricsA
GetTextExtentPoint32A
GetSystemPaletteEntries
GetStockObject
GetRgnBox
GetPixel
GetPaletteEntries
GetObjectA
GetEnhMetaFilePaletteEntries
GetEnhMetaFileHeader
GetEnhMetaFileBits
GetDeviceCaps
GetDIBits
GetDIBColorTable
GetDCOrgEx
GetCurrentPositionEx
GetClipBox
GetBrushOrgEx
GetBitmapBits
ExcludeClipRect
DeleteObject
DeleteEnhMetaFile
DeleteDC
CreateSolidBrush
CreatePenIndirect
CreatePalette
CreateHalftonePalette
CreateFontIndirectA
CreateDIBitmap
CreateDIBSection
CreateCompatibleDC
CreateCompatibleBitmap
CreateBrushIndirect
CreateBitmap
CopyEnhMetaFileA
BitBlt

version

VerQueryValueA
GetFileVersionInfoSizeA
GetFileVersionInfoA

shell32

DragAcceptFiles
SHGetMalloc

ole32

CreateStreamOnHGlobal
CreateILockBytesOnHGlobal
ReleaseStgMedium
OleIsCurrentClipboard
OleFlushClipboard
OleSetClipboard
DoDragDrop
OleUninitialize
OleInitialize
StgCreateDocfileOnILockBytes
CoCreateInstance
CoGetInterfaceAndReleaseStream
CoMarshalInterThreadInterfaceInStream
CoUninitialize
CoInitialize
IsEqualGUID

comctl32

_TrackMouseEvent
ImageList_SetIconSize
ImageList_GetIconSize
ImageList_Write
ImageList_Read
ImageList_GetDragImage
ImageList_DragShowNolock
ImageList_DragMove
ImageList_DragLeave
ImageList_DragEnter
ImageList_EndDrag
ImageList_BeginDrag
ImageList_Remove
ImageList_DrawEx
ImageList_Draw
ImageList_GetBkColor
ImageList_SetBkColor
ImageList_Add
ImageList_SetImageCount
ImageList_GetImageCount
ImageList_Destroy
ImageList_Create

Sections

.text
Size: 416KB - Virtual size: 416KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 19KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 56B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 29KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.11.26_Checkpoint-Bandook/40cc5933e608f7a2a5c13af1066257c9e41528bb85e434e2bc3d1f4802dec24d
.docx office2007
Malware-Feed-master/2020.11.26_Checkpoint-Bandook/41ccf6de0d51bd29d35be12ae24f04b2f88ec2b202b239424f90c666d25473e8
Malware-Feed-master/2020.11.26_Checkpoint-Bandook/5900abb869c61928f0ef931d6f9d8b62183b2bab9a69b0ef886551005d6c9622
.docx office2007
Malware-Feed-master/2020.11.26_Checkpoint-Bandook/6287fc617ff6881169990e6b877c16d8ca3c199f7e453241a0b18a7907c67ab0
.docx office2007
Malware-Feed-master/2020.11.26_Checkpoint-Bandook/66c86f29afb1152aad8e426ebb6569ad03ce7b69ea3c8a5cc40011c2a3ab973b
.exe windows:4 windows x86 arch:x86

85d7717fc39516781647114e7c5b0bc8

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

oleaut32

SysFreeString
SysReAllocStringLen
SysAllocStringLen
GetErrorInfo
SysFreeString
SafeArrayPtrOfIndex
SafeArrayGetElement
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayCreate
VariantChangeType
VariantCopy
VariantClear
VariantInit

advapi32

RegQueryValueExA
RegOpenKeyExA
RegCloseKey
RegSetValueExA
RegQueryValueExW
RegQueryValueExA
RegQueryInfoKeyA
RegOpenKeyExW
RegOpenKeyExA
RegFlushKey
RegEnumValueA
RegEnumKeyExA
RegDeleteValueA
RegDeleteKeyA
RegCreateKeyExA
RegCloseKey
RegNotifyChangeKeyValue

user32

GetKeyboardType
DestroyWindow
LoadStringA
MessageBoxA
CharNextA
CreateWindowExW
CreateWindowExA
mouse_event
WindowFromPoint
WaitMessage
ValidateRect
UpdateWindow
UnregisterClassA
UnionRect
UnhookWindowsHookEx
TranslateMessage
TranslateMDISysAccel
TrackPopupMenu
SystemParametersInfoA
ShowWindow
ShowScrollBar
ShowOwnedPopups
SetWindowRgn
SetWindowsHookExA
SetWindowTextW
SetWindowTextA
SetWindowPos
SetWindowPlacement
SetWindowLongW
SetWindowLongA
SetTimer
SetScrollRange
SetScrollPos
SetScrollInfo
SetRect
SetPropA
SetParent
SetMenuItemInfoA
SetMenu
SetKeyboardState
SetForegroundWindow
SetFocus
SetCursor
SetClipboardData
SetClassLongA
SetCaretPos
SetCapture
SetActiveWindow
SendMessageW
SendMessageA
ScrollWindowEx
ScrollWindow
ScreenToClient
RemovePropA
RemoveMenu
ReleaseDC
ReleaseCapture
RegisterWindowMessageA
RegisterClipboardFormatA
RegisterClassW
RegisterClassA
RedrawWindow
PtInRect
PostQuitMessage
PostMessageA
PeekMessageW
PeekMessageA
OpenClipboard
OffsetRect
OemToCharA
MsgWaitForMultipleObjects
MoveWindow
MessageBoxA
MessageBeep
MapWindowPoints
MapVirtualKeyA
LoadStringA
LoadKeyboardLayoutA
LoadIconA
LoadCursorA
LoadBitmapA
KillTimer
IsZoomed
IsWindowVisible
IsWindowUnicode
IsWindowEnabled
IsWindow
IsRectEmpty
IsIconic
IsDialogMessageW
IsDialogMessageA
IsClipboardFormatAvailable
IsChild
IsCharAlphaNumericA
IsCharAlphaA
InvalidateRgn
InvalidateRect
IntersectRect
InsertMenuItemA
InsertMenuA
InflateRect
HideCaret
GetWindowThreadProcessId
GetWindowTextLengthW
GetWindowTextW
GetWindowTextA
GetWindowRect
GetWindowPlacement
GetWindowLongW
GetWindowLongA
GetWindowDC
GetUpdateRect
GetTopWindow
GetSystemMetrics
GetSystemMenu
GetSysColorBrush
GetSysColor
GetSubMenu
GetScrollRange
GetScrollPos
GetScrollInfo
GetPropA
GetParent
GetWindow
GetMessageTime
GetMessagePos
GetMenuStringA
GetMenuState
GetMenuItemInfoA
GetMenuItemID
GetMenuItemCount
GetMenu
GetLastActivePopup
GetKeyboardState
GetKeyboardLayoutNameA
GetKeyboardLayoutList
GetKeyboardLayout
GetKeyState
GetKeyNameTextA
GetIconInfo
GetForegroundWindow
GetFocus
GetDoubleClickTime
GetDesktopWindow
GetDCEx
GetDC
GetCursorPos
GetCursor
GetComboBoxInfo
GetClipboardData
GetClientRect
GetClassLongA
GetClassInfoW
GetClassInfoA
GetCaretPos
GetCapture
GetAsyncKeyState
GetActiveWindow
FrameRect
FindWindowExA
FindWindowA
FillRect
EqualRect
EnumWindows
EnumThreadWindows
EnumClipboardFormats
EnumChildWindows
EndPaint
EnableWindow
EnableScrollBar
EnableMenuItem
EmptyClipboard
DrawTextExW
DrawTextExA
DrawTextW
DrawTextA
DrawMenuBar
DrawIconEx
DrawIcon
DrawFrameControl
DrawFocusRect
DrawEdge
DispatchMessageW
DispatchMessageA
DestroyWindow
DestroyMenu
DestroyIcon
DestroyCursor
DestroyCaret
DeleteMenu
DefWindowProcW
DefWindowProcA
DefMDIChildProcA
DefFrameProcA
CreatePopupMenu
CreateMenu
CreateIcon
CreateCaret
CloseClipboard
ClientToScreen
CheckMenuItem
CharUpperBuffW
CharNextW
CallWindowProcW
CallWindowProcA
CallNextHookEx
BringWindowToTop
BeginPaint
CharNextA
CharLowerBuffA
CharLowerA
CharUpperBuffA
CharToOemA
AdjustWindowRectEx
ActivateKeyboardLayout

kernel32

GetACP
Sleep
VirtualFree
VirtualAlloc
GetCurrentThreadId
InterlockedDecrement
InterlockedIncrement
VirtualQuery
WideCharToMultiByte
MultiByteToWideChar
lstrlenA
lstrcpynA
LoadLibraryExA
GetThreadLocale
GetStartupInfoA
GetProcAddress
GetModuleHandleA
GetModuleFileNameA
GetLocaleInfoA
GetCommandLineA
FreeLibrary
FindFirstFileA
FindClose
ExitProcess
ExitThread
CreateThread
CompareStringA
WriteFile
UnhandledExceptionFilter
RtlUnwind
RaiseException
GetStdHandle
TlsSetValue
TlsGetValue
LocalAlloc
GetModuleHandleA
lstrcpyA
WritePrivateProfileStringA
WriteFile
WideCharToMultiByte
WaitForSingleObject
VirtualQuery
VirtualAlloc
SizeofResource
SetThreadLocale
SetFilePointer
SetEvent
SetErrorMode
SetEndOfFile
ResumeThread
ResetEvent
ReadFile
OutputDebugStringA
MultiByteToWideChar
MulDiv
LockResource
LoadResource
LoadLibraryA
LeaveCriticalSection
IsValidLocale
InitializeCriticalSection
GlobalUnlock
GlobalSize
GlobalLock
GlobalFree
GlobalFindAtomA
GlobalDeleteAtom
GlobalAlloc
GlobalAddAtomA
GetVersionExA
GetVersion
GetUserDefaultLCID
GetTickCount
GetThreadLocale
GetSystemInfo
GetStringTypeExA
GetStdHandle
GetProfileStringA
GetProcAddress
GetPrivateProfileStringA
GetModuleHandleA
GetModuleFileNameA
GetLocaleInfoA
GetLocalTime
GetLastError
GetFullPathNameA
GetFileAttributesA
GetExitCodeThread
GetDiskFreeSpaceA
GetDateFormatA
GetCurrentThreadId
GetCurrentProcessId
GetCurrentProcess
GetCPInfo
GetACP
FreeResource
InterlockedIncrement
InterlockedExchange
InterlockedDecrement
FreeLibrary
FormatMessageA
FindResourceA
EnumCalendarInfoA
EnterCriticalSection
DeleteCriticalSection
CreateThread
CreateFileA
CreateEventA
CompareStringW
CompareStringA
CloseHandle
Sleep
GetVersionExA
MulDiv
MulDiv

gdi32

UnrealizeObject
StretchDIBits
StretchBlt
StartPage
StartDocA
SetWindowOrgEx
SetWindowExtEx
SetWinMetaFileBits
SetViewportOrgEx
SetViewportExtEx
SetTextColor
SetTextAlign
SetStretchBltMode
SetROP2
SetPixel
SetMapMode
SetEnhMetaFileBits
SetDIBColorTable
SetBrushOrgEx
SetBkMode
SetBkColor
SetAbortProc
SelectPalette
SelectObject
SelectClipRgn
SaveDC
RoundRect
RestoreDC
Rectangle
RectVisible
RealizePalette
PtInRegion
Polyline
Polygon
PolyPolyline
PlayEnhMetaFile
PatBlt
OffsetRgn
MoveToEx
MaskBlt
LineTo
LPtoDP
IntersectClipRect
GetWindowOrgEx
GetWinMetaFileBits
GetViewportOrgEx
GetTextMetricsA
GetTextExtentPoint32W
GetTextExtentPoint32A
GetTextExtentExPointA
GetSystemPaletteEntries
GetStockObject
GetRgnBox
GetPixel
GetPaletteEntries
GetObjectA
GetMapMode
GetEnhMetaFilePaletteEntries
GetEnhMetaFileHeader
GetEnhMetaFileBits
GetDeviceCaps
GetDIBits
GetDIBColorTable
GetDCOrgEx
GetCurrentPositionEx
GetClipBox
GetBrushOrgEx
GetBitmapBits
GdiFlush
ExtTextOutW
ExtTextOutA
ExtFloodFill
ExtCreatePen
ExcludeClipRect
EndPage
EndDoc
Ellipse
DeleteObject
DeleteEnhMetaFile
DeleteDC
DPtoLP
CreateSolidBrush
CreateRectRgn
CreatePolygonRgn
CreatePenIndirect
CreatePen
CreatePalette
CreateICA
CreateHalftonePalette
CreateFontIndirectA
CreateEllipticRgn
CreateDIBitmap
CreateDIBSection
CreateDCA
CreateCompatibleDC
CreateCompatibleBitmap
CreateBrushIndirect
CreateBitmap
CopyEnhMetaFileA
CombineRgn
BitBlt

version

VerQueryValueA
GetFileVersionInfoSizeA
GetFileVersionInfoA

ole32

IsEqualGUID
CreateStreamOnHGlobal
DoDragDrop
RevokeDragDrop
RegisterDragDrop
OleUninitialize
OleInitialize
CLSIDFromProgID
CoCreateInstance
CoUninitialize
CoInitialize

shell32

ShellExecuteA
SHGetFileInfoA
DragAcceptFiles

olepro32

OleLoadPicture

comctl32

_TrackMouseEvent
ImageList_SetIconSize
ImageList_GetIconSize
ImageList_Write
ImageList_Read
ImageList_GetDragImage
ImageList_DragShowNolock
ImageList_DragMove
ImageList_DragLeave
ImageList_DragEnter
ImageList_EndDrag
ImageList_BeginDrag
ImageList_Remove
ImageList_DrawEx
ImageList_Replace
ImageList_Draw
ImageList_GetBkColor
ImageList_SetBkColor
ImageList_Add
ImageList_SetImageCount
ImageList_GetImageCount
ImageList_Destroy
ImageList_Create
InitCommonControls

imm32

ImmGetCompositionStringW
ImmReleaseContext
ImmGetContext

winspool.drv

OpenPrinterA
EnumPrintersA
DocumentPropertiesA
ClosePrinter

gdiplus

GdipSetImageAttributesColorKeys
GdipDisposeImageAttributes
GdipCreateImageAttributes
GdipAddPathPolygon
GdipBitmapGetPixel
GdipCreateBitmapFromStream
GdipCreateBitmapFromStreamICM
GdipSetStringFormatHotkeyPrefix
GdipGetImageHeight
GdipGetImageWidth
GdipDisposeImage
GdipLoadImageFromStreamICM
GdipLoadImageFromStream
GdipFillPath
GdipDrawRectangle
GdipDrawImageRectRect
GdipDrawImageRect
GdipDrawImageI
GdipGetImageRawFormat
GdipSetStringFormatTrimming
GdipSetStringFormatLineAlign
GdipSetStringFormatAlign
GdipDeleteStringFormat
GdipCreateStringFormat
GdipMeasureString
GdipDrawString
GdipDeleteFont
GdipCreateFont
GdipDeleteFontFamily
GdipCreateFontFamilyFromName
GdipFillRectangle
GdipDrawPath
GdipSetTextRenderingHint
GdipSetSmoothingMode
GdipDeleteGraphics
GdipCreateFromHDC
GdipDeletePen
GdipDrawEllipse
GdipCreatePen1
GdipGetPathGradientPointCount
GdipSetPathGradientCenterPointI
GdipSetPathGradientSurroundColorsWithCount
GdipSetPathGradientCenterColor
GdipCreatePathGradientFromPath
GdipCreateLineBrushFromRect
GdipCreateSolidFill
GdipDeleteBrush
GdipAddPathEllipse
GdipAddPathArc
GdipAddPathLine
GdipClosePathFigure
GdipDeletePath
GdipCreatePath
GdipFillEllipse
GdiplusShutdown
GdiplusStartup
GdipFree
GdipAlloc

Sections

.text
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 26KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 60B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 98KB - Virtual size: 97KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 870KB - Virtual size: 870KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.11.26_Checkpoint-Bandook/766917fe9b543bf218bd824d55967d63f94b28456f1d4919bc990d8262dc608d
.exe windows:5 windows x86 arch:x86

2af895ee1d4a601652b5b3d579a7cc34

Code Sign

6b:32:6a:0f:03:28:d3:7a:1d:53:0b:fd:23:bd:48:e2
Certificate

Issuer

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

29-10-2015 11:30

Not After

09-06-2027 11:30

Subject

CN=Certum Code Signing CA SHA2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

2e:80:23:a5:a0:32:8f:66:65:6e:1f:c2:51:c8:26:80
Certificate

Issuer

CN=Certum Code Signing CA SHA2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

14-03-2020 16:58

Not After

14-03-2021 16:58

Subject

CN=Philippe Mantes,O=Philippe Mantes,L=La Possession,C=FR

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftKernelCodeSigning

Key Usages

KeyUsageDigitalSignature

e3:ff:a6:9f:a1:07:32:2a:38:b9:b1:c7:61:47:e0:dc:ef:57:5a:b5:0f:1e:91:68:2e:c5:5f:6b:5a:e5:f8:a8
Signer

Actual PE Digest

e3:ff:a6:9f:a1:07:32:2a:38:b9:b1:c7:61:47:e0:dc:ef:57:5a:b5:0f:1e:91:68:2e:c5:5f:6b:5a:e5:f8:a8

Digest Algorithm

sha256

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

winspool.drv

DocumentPropertiesW
ClosePrinter
OpenPrinterW
GetDefaultPrinterW
EnumPrintersW

comctl32

ImageList_GetImageInfo
FlatSB_SetScrollInfo
ImageList_DragMove
ImageList_Destroy
_TrackMouseEvent
ImageList_DragShowNolock
ImageList_Add
FlatSB_SetScrollProp
ImageList_GetDragImage
ImageList_Create
ImageList_EndDrag
ImageList_DrawEx
ImageList_SetImageCount
FlatSB_GetScrollPos
FlatSB_SetScrollPos
InitializeFlatSB
ImageList_Copy
FlatSB_GetScrollInfo
ImageList_Write
ImageList_SetBkColor
ImageList_GetBkColor
ImageList_BeginDrag
ImageList_GetIcon
ImageList_Replace
ImageList_GetImageCount
ImageList_DragEnter
ImageList_GetIconSize
ImageList_SetIconSize
ImageList_Read
ImageList_DragLeave
ImageList_LoadImageW
ImageList_Draw
ImageList_Remove
ImageList_ReplaceIcon
ImageList_SetOverlayImage

shell32

DragQueryPoint
Shell_NotifyIconW

user32

CopyImage
CreateWindowExW
GetMenuItemInfoW
SetMenuItemInfoW
DefFrameProcW
GetDCEx
PeekMessageW
MonitorFromWindow
GetDlgCtrlID
SetTimer
WindowFromPoint
BeginPaint
RegisterClipboardFormatW
FrameRect
MapVirtualKeyW
IsWindowUnicode
RegisterWindowMessageW
FillRect
GetMenuStringW
DispatchMessageW
CreateAcceleratorTableW
SendMessageA
DefMDIChildProcW
EnumWindows
GetClassInfoW
GetClassInfoExW
ShowOwnedPopups
GetSystemMenu
GetScrollRange
SetScrollPos
GetScrollPos
GetActiveWindow
SetActiveWindow
DrawEdge
GetKeyboardLayoutList
LoadBitmapW
DrawFocusRect
EnumChildWindows
ReleaseCapture
UnhookWindowsHookEx
LoadCursorW
GetCapture
SetCapture
CreatePopupMenu
ScrollWindow
ShowCaret
GetMenuItemID
GetLastActivePopup
CharLowerBuffW
GetSystemMetrics
SetWindowLongW
PostMessageW
DrawMenuBar
SetParent
IsZoomed
CharUpperBuffW
GetClientRect
IsChild
ClientToScreen
GetClipboardData
SetClipboardData
SetWindowPlacement
IsIconic
CallNextHookEx
GetMonitorInfoW
ShowWindow
CheckMenuItem
CharUpperW
DefWindowProcW
GetForegroundWindow
SetForegroundWindow
GetWindowTextW
EnableWindow
DestroyWindow
IsDialogMessageW
EndMenu
RegisterClassW
CharNextW
GetWindowThreadProcessId
RedrawWindow
GetDC
GetFocus
SetFocus
EndPaint
ReleaseDC
MsgWaitForMultipleObjectsEx
LoadKeyboardLayoutW
GetClassLongW
ActivateKeyboardLayout
GetParent
DrawTextW
SetScrollRange
MonitorFromRect
InsertMenuItemW
PeekMessageA
GetPropW
SetClassLongW
MessageBoxW
MessageBeep
SetPropW
RemovePropW
UpdateWindow
GetSubMenu
MsgWaitForMultipleObjects
DestroyMenu
DestroyIcon
SetWindowsHookExW
EmptyClipboard
IsWindowVisible
DispatchMessageA
UnregisterClassW
GetTopWindow
SendMessageW
AdjustWindowRectEx
DrawIcon
IsWindow
EnumThreadWindows
InvalidateRect
GetKeyboardState
DrawFrameControl
ScreenToClient
SetCursor
CreateIcon
CreateMenu
LoadStringW
CharLowerW
SetWindowRgn
SetWindowPos
GetMenuItemCount
RemoveMenu
GetSysColorBrush
GetKeyboardLayoutNameW
GetWindowDC
TranslateMessage
OpenClipboard
DrawTextExW
MapWindowPoints
EnumDisplayMonitors
CallWindowProcW
CloseClipboard
DestroyCursor
GetScrollInfo
SetWindowTextW
GetMessageExtraInfo
EnableScrollBar
GetSysColor
TrackPopupMenu
CopyIcon
DrawIconEx
PostQuitMessage
GetClassNameW
ShowScrollBar
EnableMenuItem
GetIconInfo
GetMessagePos
SetScrollInfo
GetKeyNameTextW
GetDesktopWindow
GetCursorPos
SetCursorPos
HideCaret
GetMenu
GetMenuState
SetMenu
SetRect
GetKeyState
FindWindowExW
MonitorFromPoint
SystemParametersInfoW
LoadIconW
GetCursor
GetWindow
GetWindowLongW
GetWindowRect
InsertMenuW
KillTimer
WaitMessage
IsWindowEnabled
IsDialogMessageA
TranslateMDISysAccel
GetWindowPlacement
FindWindowW
DeleteMenu
GetKeyboardLayout

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

oleaut32

SafeArrayPutElement
GetErrorInfo
VariantInit
VariantClear
SysFreeString
SafeArrayAccessData
SysReAllocStringLen
SafeArrayCreate
SafeArrayGetElement
SysAllocStringLen
SafeArrayUnaccessData
SafeArrayPtrOfIndex
VariantCopy
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayRedim
VariantCopyInd
VariantChangeType

advapi32

RegSetValueExW
RegConnectRegistryW
RegEnumKeyExW
RegLoadKeyW
RegDeleteKeyW
RegOpenKeyExW
RegQueryInfoKeyW
RegUnLoadKeyW
RegSaveKeyW
RegDeleteValueW
RegReplaceKeyW
RegFlushKey
RegQueryValueExW
RegEnumValueW
RegCloseKey
RegCreateKeyExW
RegRestoreKeyW

netapi32

NetWkstaGetInfo
NetApiBufferFree

msvcrt

memcpy
memset

kernel32

GetACP
LocalFree
CloseHandle
GetCurrentProcessId
SizeofResource
VirtualProtect
QueryPerformanceFrequency
IsDebuggerPresent
FindNextFileW
VirtualFree
GetFullPathNameW
ExitProcess
HeapAlloc
GetCPInfoExW
GetLongPathNameW
RtlUnwind
GetCPInfo
EnumSystemLocalesW
GetStdHandle
GetTimeZoneInformation
FileTimeToLocalFileTime
GetModuleHandleW
FreeLibrary
TryEnterCriticalSection
GetDllDirectoryW
SetDllDirectoryW
HeapDestroy
FileTimeToDosDateTime
ReadFile
HeapSize
GetLastError
GetModuleFileNameW
SetLastError
GlobalAlloc
GlobalUnlock
FindResourceW
CreateThread
CompareStringW
LoadLibraryA
ResetEvent
MulDiv
FreeResource
GetVersion
RaiseException
GlobalAddAtomW
FormatMessageW
SwitchToThread
GetExitCodeThread
GetCurrentThread
LoadLibraryExW
LockResource
GetCurrentThreadId
UnhandledExceptionFilter
VirtualQuery
GlobalFindAtomW
VirtualQueryEx
GlobalFree
Sleep
EnterCriticalSection
SetFilePointer
LoadResource
SuspendThread
GetTickCount
GetStartupInfoW
GlobalDeleteAtom
GetFileAttributesW
InitializeCriticalSection
GetThreadPriority
GetCurrentProcess
SetThreadPriority
GlobalLock
VirtualAlloc
GetSystemInfo
GetCommandLineW
GetTempPathW
LeaveCriticalSection
GetProcAddress
ResumeThread
GetVersionExW
VerifyVersionInfoW
HeapCreate
GetWindowsDirectoryW
GetDiskFreeSpaceW
VerSetConditionMask
FindFirstFileW
GetUserDefaultUILanguage
lstrlenW
CompareStringA
QueryPerformanceCounter
SetEndOfFile
HeapFree
WideCharToMultiByte
FindClose
MultiByteToWideChar
LoadLibraryW
SetEvent
CreateFileW
GetLocaleInfoW
EnumResourceNamesW
GetEnvironmentVariableW
GetLocalTime
WaitForSingleObject
WriteFile
ExitThread
DeleteCriticalSection
GetDateFormatW
TlsGetValue
SetErrorMode
IsValidLocale
TlsSetValue
GetSystemDefaultUILanguage
EnumCalendarInfoW
LocalAlloc
CreateEventW
WaitForMultipleObjectsEx
SetThreadLocale
GetThreadLocale

shfolder

SHGetFolderPathW

ole32

IsEqualGUID
OleInitialize
OleUninitialize
CoInitialize
CoCreateInstance
CoUninitialize
CoTaskMemFree
CoTaskMemAlloc

gdi32

Pie
SetBkMode
CreateCompatibleBitmap
GetEnhMetaFileHeader
RectVisible
AngleArc
ResizePalette
SetAbortProc
SetTextColor
StretchBlt
RoundRect
RestoreDC
SetRectRgn
GetTextMetricsW
GetWindowOrgEx
CreatePalette
PolyBezierTo
CreateICW
CreateDCW
GetStockObject
CreateSolidBrush
Polygon
MoveToEx
PlayEnhMetaFile
Ellipse
StartPage
GetBitmapBits
StartDocW
AbortDoc
GetSystemPaletteEntries
GetEnhMetaFileBits
GetEnhMetaFilePaletteEntries
CreatePenIndirect
CreateFontIndirectW
PolyBezier
EndDoc
GetObjectW
GetWinMetaFileBits
SetROP2
GetEnhMetaFileDescriptionW
ArcTo
Arc
SelectPalette
ExcludeClipRect
MaskBlt
SetWindowOrgEx
EndPage
DeleteEnhMetaFile
Chord
SetDIBits
GetViewportOrgEx
SetViewportOrgEx
CreateRectRgn
RealizePalette
SetDIBColorTable
GetDIBColorTable
CreateBrushIndirect
PatBlt
SetEnhMetaFileBits
Rectangle
SaveDC
DeleteDC
FrameRgn
BitBlt
GetDeviceCaps
GetTextExtentPoint32W
GetClipBox
IntersectClipRect
Polyline
CreateBitmap
SetWinMetaFileBits
GetStretchBltMode
CreateDIBitmap
SetStretchBltMode
GetDIBits
CreateDIBSection
LineTo
GetRgnBox
EnumFontsW
CreateHalftonePalette
SelectObject
DeleteObject
ExtFloodFill
UnrealizeObject
CopyEnhMetaFileW
SetBkColor
CreateCompatibleDC
GetBrushOrgEx
GetCurrentPositionEx
GetNearestPaletteIndex
GetTextExtentPointW
ExtTextOutW
SetBrushOrgEx
GetPixel
GdiFlush
SetPixel
EnumFontFamiliesExW
StretchDIBits
GetPaletteEntries

Exports

Exports

TMethodImplementationIntercept
__dbk_fcall_wrapper
dbkFCallWrapperAddr

Sections

.text
Size: 3.6MB - Virtual size: 3.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 46KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 26KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.didata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: - Virtual size: 276B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 93B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 326KB - Virtual size: 325KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 864KB - Virtual size: 864KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.11.26_Checkpoint-Bandook/8cb1f713761a6b31c9c25dd2c7ae11e575a634c9f052cfd598ada35a61783230
.docx office2007
Malware-Feed-master/2020.11.26_Checkpoint-Bandook/97ea91fb673f4994da491433751c4fca011993ba10191f09c70ca6c8d2b4f944
.exe windows:5 windows x86 arch:x86

bff627ff4be70a986ec7e8576e606195

Code Sign

6b:32:6a:0f:03:28:d3:7a:1d:53:0b:fd:23:bd:48:e2
Certificate

Issuer

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

29-10-2015 11:30

Not After

09-06-2027 11:30

Subject

CN=Certum Code Signing CA SHA2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

38:b0:ea:a7:c5:33:05:1a:45:6f:b9:6c:4e:cf:91:c4
Certificate

Issuer

CN=Certum Code Signing CA SHA2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

08-07-2020 09:50

Not After

08-07-2021 09:50

Subject

CN=Marianne Septier,O=Marianne Septier,ST=Provence-Alpes-Côte d'Azur,C=FR,1.2.840.113549.1.9.1=#0c106d617269616e6e65406e6574632e6575

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftKernelCodeSigning

Key Usages

KeyUsageDigitalSignature

fe:67:e4:f1:5a:24:e3:c6:0d:54:7c:a0:20:c2:76:70
Certificate

Issuer

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

08-03-2016 13:10

Not After

30-05-2027 13:10

Subject

CN=Certum EV TSA SHA2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

6e:e2:9d:f3:c2:a6:2f:83:04:44:cc:18:0d:ce:f5:72:ad:b4:b2:08:ee:59:fa:0b:39:0e:45:8a:02:e7:29:79
Signer

Actual PE Digest

6e:e2:9d:f3:c2:a6:2f:83:04:44:cc:18:0d:ce:f5:72:ad:b4:b2:08:ee:59:fa:0b:39:0e:45:8a:02:e7:29:79

Digest Algorithm

sha256

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

winspool.drv

DocumentPropertiesW
ClosePrinter
OpenPrinterW
GetDefaultPrinterW
EnumPrintersW

comctl32

ImageList_GetImageInfo
FlatSB_SetScrollInfo
ImageList_DragMove
ImageList_Destroy
_TrackMouseEvent
ImageList_DragShowNolock
ImageList_Add
FlatSB_SetScrollProp
ImageList_GetDragImage
ImageList_Create
ImageList_EndDrag
ImageList_DrawEx
ImageList_SetImageCount
FlatSB_GetScrollPos
FlatSB_SetScrollPos
InitializeFlatSB
ImageList_Copy
FlatSB_GetScrollInfo
ImageList_Write
ImageList_SetBkColor
ImageList_GetBkColor
ImageList_BeginDrag
ImageList_GetIcon
ImageList_Replace
ImageList_GetImageCount
ImageList_DragEnter
ImageList_GetIconSize
ImageList_SetIconSize
ImageList_Read
ImageList_DragLeave
ImageList_LoadImageW
ImageList_Draw
ImageList_Remove
ImageList_ReplaceIcon
ImageList_SetOverlayImage

shell32

DragQueryPoint
Shell_NotifyIconW

user32

CopyImage
CreateWindowExW
GetMenuItemInfoW
SetMenuItemInfoW
DefFrameProcW
GetDCEx
PeekMessageW
MonitorFromWindow
GetDlgCtrlID
SetTimer
WindowFromPoint
BeginPaint
RegisterClipboardFormatW
FrameRect
MapVirtualKeyW
IsWindowUnicode
RegisterWindowMessageW
FillRect
GetMenuStringW
DispatchMessageW
CreateAcceleratorTableW
SendMessageA
DefMDIChildProcW
EnumWindows
GetClassInfoW
GetClassInfoExW
ShowOwnedPopups
GetSystemMenu
GetScrollRange
SetScrollPos
GetScrollPos
GetActiveWindow
SetActiveWindow
DrawEdge
GetKeyboardLayoutList
LoadBitmapW
DrawFocusRect
EnumChildWindows
ReleaseCapture
UnhookWindowsHookEx
LoadCursorW
GetCapture
SetCapture
CreatePopupMenu
ScrollWindow
ShowCaret
GetMenuItemID
GetLastActivePopup
CharLowerBuffW
GetSystemMetrics
SetWindowLongW
PostMessageW
DrawMenuBar
SetParent
IsZoomed
CharUpperBuffW
GetClientRect
IsChild
ClientToScreen
GetClipboardData
SetClipboardData
SetWindowPlacement
IsIconic
CallNextHookEx
GetMonitorInfoW
ShowWindow
CheckMenuItem
CharUpperW
DefWindowProcW
GetForegroundWindow
SetForegroundWindow
GetWindowTextW
EnableWindow
DestroyWindow
IsDialogMessageW
EndMenu
RegisterClassW
CharNextW
GetWindowThreadProcessId
RedrawWindow
GetDC
GetFocus
SetFocus
EndPaint
ReleaseDC
MsgWaitForMultipleObjectsEx
LoadKeyboardLayoutW
GetClassLongW
ActivateKeyboardLayout
GetParent
DrawTextW
SetScrollRange
MonitorFromRect
InsertMenuItemW
PeekMessageA
GetPropW
SetClassLongW
MessageBoxW
MessageBeep
SetPropW
RemovePropW
UpdateWindow
GetSubMenu
MsgWaitForMultipleObjects
DestroyMenu
DestroyIcon
SetWindowsHookExW
EmptyClipboard
IsWindowVisible
DispatchMessageA
UnregisterClassW
GetTopWindow
SendMessageW
AdjustWindowRectEx
DrawIcon
IsWindow
EnumThreadWindows
InvalidateRect
GetKeyboardState
DrawFrameControl
ScreenToClient
SetCursor
CreateIcon
CreateMenu
LoadStringW
CharLowerW
SetWindowRgn
SetWindowPos
GetMenuItemCount
RemoveMenu
GetSysColorBrush
GetKeyboardLayoutNameW
GetWindowDC
TranslateMessage
OpenClipboard
DrawTextExW
MapWindowPoints
EnumDisplayMonitors
CallWindowProcW
CloseClipboard
DestroyCursor
GetScrollInfo
SetWindowTextW
GetMessageExtraInfo
EnableScrollBar
GetSysColor
TrackPopupMenu
CopyIcon
DrawIconEx
PostQuitMessage
GetClassNameW
ShowScrollBar
EnableMenuItem
GetIconInfo
GetMessagePos
SetScrollInfo
GetKeyNameTextW
GetDesktopWindow
GetCursorPos
SetCursorPos
HideCaret
GetMenu
GetMenuState
SetMenu
SetRect
GetKeyState
FindWindowExW
MonitorFromPoint
SystemParametersInfoW
LoadIconW
GetCursor
GetWindow
GetWindowLongW
GetWindowRect
InsertMenuW
KillTimer
WaitMessage
IsWindowEnabled
IsDialogMessageA
TranslateMDISysAccel
GetWindowPlacement
FindWindowW
DeleteMenu
GetKeyboardLayout

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

oleaut32

SafeArrayPutElement
GetErrorInfo
VariantInit
VariantClear
SysFreeString
SafeArrayAccessData
SysReAllocStringLen
SafeArrayCreate
SafeArrayGetElement
SysAllocStringLen
SafeArrayUnaccessData
SafeArrayPtrOfIndex
VariantCopy
SafeArrayGetUBound
SafeArrayGetLBound
VariantCopyInd
VariantChangeType

advapi32

RegSetValueExW
RegConnectRegistryW
RegEnumKeyExW
RegLoadKeyW
RegDeleteKeyW
RegOpenKeyExW
RegQueryInfoKeyW
RegUnLoadKeyW
RegSaveKeyW
RegDeleteValueW
RegReplaceKeyW
RegFlushKey
RegEnumValueW
RegQueryValueExW
InitializeSecurityDescriptor
RegCloseKey
RegCreateKeyExW
SetSecurityDescriptorDacl
RegRestoreKeyW

netapi32

NetWkstaGetInfo
NetApiBufferFree

msvcrt

memcpy
memset

kernel32

GetACP
LocalFree
CloseHandle
GetCurrentProcessId
SizeofResource
VirtualProtect
OpenFileMappingW
QueryPerformanceFrequency
IsDebuggerPresent
GetFullPathNameW
VirtualFree
ExitProcess
HeapAlloc
GetCPInfoExW
RtlUnwind
GetCPInfo
EnumSystemLocalesW
GetStdHandle
GetTimeZoneInformation
GetModuleHandleW
FreeLibrary
TryEnterCriticalSection
HeapDestroy
ReadFile
HeapSize
GetLastError
GetModuleFileNameW
SetLastError
GlobalAlloc
GlobalUnlock
FindResourceW
OpenMutexW
CreateThread
CompareStringW
MapViewOfFile
CreateMutexW
LoadLibraryA
ResetEvent
OpenEventW
MulDiv
FreeResource
GetVersion
RaiseException
GlobalAddAtomW
FormatMessageW
SwitchToThread
GetExitCodeThread
GetCurrentThread
LoadLibraryExW
LockResource
GetCurrentThreadId
UnhandledExceptionFilter
VirtualQuery
GlobalFindAtomW
VirtualQueryEx
GlobalFree
Sleep
EnterCriticalSection
SetFilePointer
ReleaseMutex
LoadResource
SuspendThread
GetTickCount
GetStartupInfoW
GlobalDeleteAtom
GetFileAttributesW
InitializeCriticalSection
GetThreadPriority
GetCurrentProcess
SetThreadPriority
GlobalLock
VirtualAlloc
GetSystemInfo
GetCommandLineW
LeaveCriticalSection
GetProcAddress
ResumeThread
GetVersionExW
VerifyVersionInfoW
HeapCreate
LCMapStringW
GetDiskFreeSpaceW
VerSetConditionMask
FindFirstFileW
GetUserDefaultUILanguage
UnmapViewOfFile
lstrlenW
QueryPerformanceCounter
SetEndOfFile
HeapFree
WideCharToMultiByte
FindClose
MultiByteToWideChar
LoadLibraryW
SetEvent
CreateFileW
GetLocaleInfoW
EnumResourceNamesW
GetLocalTime
WaitForSingleObject
WriteFile
CreateFileMappingW
ExitThread
DeleteCriticalSection
GetDateFormatW
TlsGetValue
SetErrorMode
IsValidLocale
TlsSetValue
GetSystemDefaultUILanguage
EnumCalendarInfoW
LocalAlloc
CreateEventW
WaitForMultipleObjectsEx
SetThreadLocale
GetThreadLocale

ole32

IsEqualGUID
OleInitialize
OleUninitialize
CoInitialize
CoCreateInstance
CoUninitialize
CoTaskMemFree
CoTaskMemAlloc

gdi32

Pie
SetBkMode
CreateCompatibleBitmap
GetEnhMetaFileHeader
RectVisible
AngleArc
ResizePalette
SetAbortProc
SetTextColor
StretchBlt
RoundRect
RestoreDC
SetRectRgn
GetTextMetricsW
GetWindowOrgEx
CreatePalette
PolyBezierTo
CreateICW
CreateDCW
GetStockObject
CreateSolidBrush
Polygon
MoveToEx
PlayEnhMetaFile
Ellipse
StartPage
GetBitmapBits
StartDocW
AbortDoc
GetSystemPaletteEntries
GetEnhMetaFileBits
GetEnhMetaFilePaletteEntries
CreatePenIndirect
CreateFontIndirectW
PolyBezier
EndDoc
GetObjectW
GetWinMetaFileBits
SetROP2
GetEnhMetaFileDescriptionW
ArcTo
Arc
SelectPalette
ExcludeClipRect
MaskBlt
SetWindowOrgEx
EndPage
DeleteEnhMetaFile
Chord
SetDIBits
GetViewportOrgEx
SetViewportOrgEx
CreateRectRgn
RealizePalette
SetDIBColorTable
GetDIBColorTable
CreateBrushIndirect
PatBlt
SetEnhMetaFileBits
Rectangle
SaveDC
DeleteDC
FrameRgn
BitBlt
GetDeviceCaps
GetTextExtentPoint32W
GetClipBox
IntersectClipRect
Polyline
CreateBitmap
SetWinMetaFileBits
GetStretchBltMode
CreateDIBitmap
SetStretchBltMode
GetDIBits
CreateDIBSection
LineTo
GetRgnBox
EnumFontsW
CreateHalftonePalette
SelectObject
DeleteObject
ExtFloodFill
UnrealizeObject
CopyEnhMetaFileW
SetBkColor
CreateCompatibleDC
GetBrushOrgEx
GetCurrentPositionEx
GetNearestPaletteIndex
GetTextExtentPointW
ExtTextOutW
SetBrushOrgEx
GetPixel
GdiFlush
SetPixel
EnumFontFamiliesExW
StretchDIBits
GetPaletteEntries

Exports

Exports

TMethodImplementationIntercept
__dbk_fcall_wrapper
dbkFCallWrapperAddr

Sections

.text
Size: 2.8MB - Virtual size: 2.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 42KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 26KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.didata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: - Virtual size: 152B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 93B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 258KB - Virtual size: 257KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.11.26_Checkpoint-Bandook/9a0ee2430f7c77942d544dad6787ca8a94470f6555f1cb08baa9d099c92f8447
.docx office2007
Malware-Feed-master/2020.11.26_Checkpoint-Bandook/9de287f9af63f02c51c69d9c8480fee2bd4d4bd3c818f2ba81324b1f8ce495c0
.docx office2007
Malware-Feed-master/2020.11.26_Checkpoint-Bandook/README.md
Malware-Feed-master/2020.11.26_Checkpoint-Bandook/a9a8b0aa5f137e7353db62dc1609da3c709ca30287a5605c73aafaf4968d1e8d
.docx office2007
Malware-Feed-master/2020.11.26_Checkpoint-Bandook/aa868d007c4dfd825104faafb3798b9ab745b29794a57365bef41ec3f6019eea
.exe windows:4 windows x86 arch:x86

183e8612cfd2ab3baa8f829a4130e84c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

oleaut32

SysFreeString
SysReAllocStringLen
SysAllocStringLen
GetErrorInfo
SysFreeString
SafeArrayPtrOfIndex
SafeArrayPutElement
SafeArrayGetElement
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayCreate
VariantChangeType
VariantCopyInd
VariantCopy
VariantClear
VariantInit

advapi32

RegQueryValueExA
RegOpenKeyExA
RegCloseKey
RegQueryValueExA
RegOpenKeyExA
RegFlushKey
RegCloseKey

user32

GetKeyboardType
DestroyWindow
LoadStringA
MessageBoxA
CharNextA
CreateWindowExA
WindowFromPoint
WaitMessage
UpdateWindow
UnregisterClassA
UnhookWindowsHookEx
TranslateMessage
TranslateMDISysAccel
TrackPopupMenu
SystemParametersInfoA
ShowWindow
ShowScrollBar
ShowOwnedPopups
ShowCaret
SetWindowRgn
SetWindowsHookExA
SetWindowTextA
SetWindowPos
SetWindowPlacement
SetWindowLongW
SetWindowLongA
SetTimer
SetScrollRange
SetScrollPos
SetScrollInfo
SetRect
SetPropA
SetParent
SetMenuItemInfoA
SetMenu
SetKeyboardState
SetForegroundWindow
SetFocus
SetCursor
SetClipboardData
SetClassLongA
SetCapture
SetActiveWindow
SendMessageW
SendMessageA
ScrollWindow
ScreenToClient
RemovePropA
RemoveMenu
ReleaseDC
ReleaseCapture
RegisterWindowMessageA
RegisterClipboardFormatA
RegisterClassA
RedrawWindow
PtInRect
PostQuitMessage
PostMessageA
PeekMessageW
PeekMessageA
OpenClipboard
OffsetRect
OemToCharA
MessageBoxA
MessageBeep
MapWindowPoints
MapVirtualKeyA
LoadStringA
LoadKeyboardLayoutA
LoadIconA
LoadCursorA
LoadBitmapA
KillTimer
IsZoomed
IsWindowVisible
IsWindowUnicode
IsWindowEnabled
IsWindow
IsRectEmpty
IsIconic
IsDialogMessageW
IsDialogMessageA
IsChild
IsCharAlphaNumericA
IsCharAlphaA
InvalidateRect
IntersectRect
InsertMenuItemA
InsertMenuA
InflateRect
HideCaret
GetWindowThreadProcessId
GetWindowTextA
GetWindowRect
GetWindowPlacement
GetWindowLongW
GetWindowLongA
GetWindowDC
GetTopWindow
GetSystemMetrics
GetSystemMenu
GetSysColorBrush
GetSysColor
GetSubMenu
GetScrollRange
GetScrollPos
GetScrollInfo
GetPropA
GetParent
GetWindow
GetMessagePos
GetMenuStringA
GetMenuState
GetMenuItemInfoA
GetMenuItemID
GetMenuItemCount
GetMenu
GetLastActivePopup
GetKeyboardState
GetKeyboardLayoutNameA
GetKeyboardLayoutList
GetKeyboardLayout
GetKeyState
GetKeyNameTextA
GetIconInfo
GetForegroundWindow
GetFocus
GetDoubleClickTime
GetDesktopWindow
GetDCEx
GetDC
GetCursorPos
GetCursor
GetClipboardData
GetClientRect
GetClassLongA
GetClassInfoA
GetCapture
GetAsyncKeyState
GetActiveWindow
FrameRect
FindWindowExA
FindWindowA
FillRect
EqualRect
EnumWindows
EnumThreadWindows
EnumClipboardFormats
EnumChildWindows
EndPaint
EnableWindow
EnableScrollBar
EnableMenuItem
EmptyClipboard
DrawTextW
DrawTextA
DrawMenuBar
DrawIconEx
DrawIcon
DrawFrameControl
DrawEdge
DispatchMessageW
DispatchMessageA
DestroyWindow
DestroyMenu
DestroyIcon
DestroyCursor
DeleteMenu
DefWindowProcA
DefMDIChildProcA
DefFrameProcA
CreatePopupMenu
CreateMenu
CreateIcon
CopyImage
CloseClipboard
ClientToScreen
CheckMenuItem
CharNextW
CallWindowProcA
CallNextHookEx
BeginPaint
CharNextA
CharLowerBuffA
CharLowerA
CharUpperBuffA
CharToOemA
AdjustWindowRectEx
ActivateKeyboardLayout

kernel32

GetACP
Sleep
VirtualFree
VirtualAlloc
GetCurrentThreadId
InterlockedDecrement
InterlockedIncrement
VirtualQuery
WideCharToMultiByte
MultiByteToWideChar
lstrlenA
lstrcpynA
LoadLibraryExA
GetThreadLocale
GetStartupInfoA
GetProcAddress
GetModuleHandleA
GetModuleFileNameA
GetLocaleInfoA
GetCommandLineA
FreeLibrary
FindFirstFileA
FindClose
ExitProcess
CompareStringA
WriteFile
UnhandledExceptionFilter
RtlUnwind
RaiseException
GetStdHandle
TlsSetValue
TlsGetValue
LocalAlloc
GetModuleHandleA
lstrcpyA
WriteFile
WaitForSingleObject
VirtualQuery
VirtualAlloc
SizeofResource
SetThreadLocale
SetLastError
SetFilePointer
SetEvent
SetErrorMode
SetEndOfFile
ResetEvent
ReadFile
MultiByteToWideChar
MulDiv
LockResource
LoadResource
LoadLibraryA
LeaveCriticalSection
InitializeCriticalSection
GlobalUnlock
GlobalLock
GlobalFindAtomA
GlobalDeleteAtom
GlobalAddAtomA
GetVersionExA
GetVersion
GetTickCount
GetThreadLocale
GetSystemDefaultLangID
GetStdHandle
GetProcAddress
GetModuleHandleA
GetModuleFileNameA
GetLocaleInfoA
GetLocalTime
GetLastError
GetFullPathNameA
GetFileAttributesA
GetDiskFreeSpaceA
GetDateFormatA
GetCurrentThreadId
GetCurrentProcessId
GetCurrentProcess
GetCPInfo
FreeResource
InterlockedExchange
FreeLibrary
FormatMessageA
FindResourceA
EnumCalendarInfoA
EnterCriticalSection
DeleteCriticalSection
CreateThread
CreateFileA
CreateEventA
CompareStringW
CompareStringA
CloseHandle
Sleep

gdi32

UnrealizeObject
StretchBlt
SetWindowOrgEx
SetWinMetaFileBits
SetViewportOrgEx
SetTextColor
SetStretchBltMode
SetROP2
SetPixel
SetPaletteEntries
SetEnhMetaFileBits
SetDIBitsToDevice
SetDIBColorTable
SetBrushOrgEx
SetBkMode
SetBkColor
SelectPalette
SelectObject
SelectClipRgn
SaveDC
RestoreDC
ResizePalette
Rectangle
RectVisible
RealizePalette
Polyline
PlayEnhMetaFile
PatBlt
OffsetRgn
MoveToEx
MaskBlt
LineTo
IntersectClipRect
GetWindowOrgEx
GetWinMetaFileBits
GetTextMetricsA
GetTextExtentPoint32A
GetSystemPaletteEntries
GetStockObject
GetRgnBox
GetPixel
GetPaletteEntries
GetObjectA
GetEnhMetaFilePaletteEntries
GetEnhMetaFileHeader
GetEnhMetaFileBits
GetDeviceCaps
GetDIBits
GetDIBColorTable
GetDCOrgEx
GetCurrentPositionEx
GetCurrentObject
GetClipBox
GetBrushOrgEx
GetBitmapBits
GdiFlush
ExtTextOutA
ExtCreateRegion
ExcludeClipRect
Ellipse
DeleteObject
DeleteEnhMetaFile
DeleteDC
CreateSolidBrush
CreateRectRgn
CreatePenIndirect
CreatePalette
CreateHalftonePalette
CreateFontIndirectA
CreateDIBitmap
CreateDIBSection
CreateDCA
CreateCompatibleDC
CreateCompatibleBitmap
CreateBrushIndirect
CreateBitmap
CopyEnhMetaFileA
CombineRgn
BitBlt

version

VerQueryValueA
GetFileVersionInfoSizeA
GetFileVersionInfoA

shell32

Shell_NotifyIconA
DragAcceptFiles

ole32

CoUninitialize
CoInitialize

comctl32

_TrackMouseEvent
ImageList_SetIconSize
ImageList_GetIconSize
ImageList_Write
ImageList_Read
ImageList_GetDragImage
ImageList_DragShowNolock
ImageList_DragMove
ImageList_DragLeave
ImageList_DragEnter
ImageList_EndDrag
ImageList_BeginDrag
ImageList_GetIcon
ImageList_Remove
ImageList_DrawEx
ImageList_Draw
ImageList_GetBkColor
ImageList_SetBkColor
ImageList_Add
ImageList_SetImageCount
ImageList_GetImageCount
ImageList_Destroy
ImageList_Create

Sections

.text
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 25KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 56B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 64KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 714KB - Virtual size: 714KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.11.26_Checkpoint-Bandook/add9f9dca97c3b6d52efe7d48ecd3d349a70411eaa3d4aeff6e6215b77f42b90
.exe windows:4 windows x86 arch:x86

0bc2460b7c6f86144c4486a0201bec46

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

oleaut32

SysFreeString
SysReAllocStringLen
SysAllocStringLen
SafeArrayPtrOfIndex
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayCreate
VariantChangeType
VariantCopy
VariantClear
VariantInit

advapi32

RegQueryValueExA
RegOpenKeyExA
RegCloseKey
RegQueryValueExA
RegOpenKeyExA
RegFlushKey
RegCloseKey

user32

GetKeyboardType
DestroyWindow
LoadStringA
MessageBoxA
CharNextA
CreateWindowExA
WindowFromPoint
WaitMessage
UpdateWindow
UnregisterClassA
UnhookWindowsHookEx
TranslateMessage
TranslateMDISysAccel
TrackPopupMenu
TabbedTextOutA
SystemParametersInfoA
ShowWindow
ShowScrollBar
ShowOwnedPopups
SetWindowRgn
SetWindowsHookExA
SetWindowPos
SetWindowPlacement
SetWindowLongW
SetWindowLongA
SetTimer
SetScrollRange
SetScrollPos
SetScrollInfo
SetRect
SetPropA
SetParent
SetMenuItemInfoA
SetMenu
SetForegroundWindow
SetFocus
SetCursor
SetClassLongA
SetCapture
SetActiveWindow
SendMessageW
SendMessageA
ScrollWindow
ScreenToClient
RemovePropA
RemoveMenu
ReleaseDC
ReleaseCapture
RegisterWindowMessageA
RegisterClipboardFormatA
RegisterClassA
RedrawWindow
PtInRect
PostQuitMessage
PostMessageA
PeekMessageW
PeekMessageA
OffsetRect
OemToCharA
MessageBoxA
MapWindowPoints
MapVirtualKeyA
LoadStringA
LoadKeyboardLayoutA
LoadIconA
LoadCursorA
LoadBitmapA
KillTimer
IsZoomed
IsWindowVisible
IsWindowUnicode
IsWindowEnabled
IsWindow
IsRectEmpty
IsIconic
IsDialogMessageW
IsDialogMessageA
IsChild
InvalidateRect
IntersectRect
InsertMenuItemA
InsertMenuA
InflateRect
GetWindowThreadProcessId
GetWindowTextA
GetWindowRect
GetWindowPlacement
GetWindowLongW
GetWindowLongA
GetWindowDC
GetTopWindow
GetSystemMetrics
GetSystemMenu
GetSysColorBrush
GetSysColor
GetSubMenu
GetScrollRange
GetScrollPos
GetScrollInfo
GetPropA
GetParent
GetWindow
GetMessagePos
GetMenuStringA
GetMenuState
GetMenuItemInfoA
GetMenuItemID
GetMenuItemCount
GetMenu
GetLastActivePopup
GetKeyboardState
GetKeyboardLayoutNameA
GetKeyboardLayoutList
GetKeyboardLayout
GetKeyState
GetKeyNameTextA
GetIconInfo
GetForegroundWindow
GetFocus
GetDesktopWindow
GetDCEx
GetDC
GetCursorPos
GetCursor
GetClientRect
GetClassLongA
GetClassInfoA
GetCapture
GetActiveWindow
FrameRect
FindWindowA
FillRect
EqualRect
EnumWindows
EnumThreadWindows
EnumChildWindows
EndPaint
EnableWindow
EnableScrollBar
EnableMenuItem
DrawTextA
DrawMenuBar
DrawIconEx
DrawIcon
DrawFrameControl
DrawFocusRect
DrawEdge
DispatchMessageW
DispatchMessageA
DestroyWindow
DestroyMenu
DestroyIcon
DestroyCursor
DeleteMenu
DefWindowProcA
DefMDIChildProcA
DefFrameProcA
CreatePopupMenu
CreateMenu
CreateIcon
ClientToScreen
CheckMenuItem
CallWindowProcA
CallNextHookEx
BeginPaint
CharNextA
CharLowerA
CharUpperBuffA
CharToOemA
AdjustWindowRectEx
ActivateKeyboardLayout

kernel32

GetACP
Sleep
VirtualFree
VirtualAlloc
GetCurrentThreadId
InterlockedDecrement
InterlockedIncrement
VirtualQuery
WideCharToMultiByte
MultiByteToWideChar
lstrlenA
lstrcpynA
LoadLibraryExA
GetThreadLocale
GetStartupInfoA
GetProcAddress
GetModuleHandleA
GetModuleFileNameA
GetLocaleInfoA
GetCommandLineA
FreeLibrary
FindFirstFileA
FindClose
ExitProcess
CompareStringA
WriteFile
UnhandledExceptionFilter
RtlUnwind
RaiseException
GetStdHandle
TlsSetValue
TlsGetValue
LocalAlloc
GetModuleHandleA
lstrcpyA
WriteFile
WaitForSingleObject
VirtualQuery
VirtualAlloc
SizeofResource
SetThreadLocale
SetFilePointer
SetEvent
SetErrorMode
SetEndOfFile
ResetEvent
ReadFile
MulDiv
LockResource
LoadResource
LoadLibraryA
LeaveCriticalSection
InitializeCriticalSection
GlobalFindAtomA
GlobalDeleteAtom
GlobalAddAtomA
GetVersionExA
GetVersion
GetTickCount
GetThreadLocale
GetStdHandle
GetProcAddress
GetModuleHandleA
GetModuleFileNameA
GetLocaleInfoA
GetLocalTime
GetLastError
GetFullPathNameA
GetFileAttributesA
GetDiskFreeSpaceA
GetDateFormatA
GetCurrentThreadId
GetCurrentProcessId
GetCurrentProcess
GetCPInfo
FreeResource
InterlockedExchange
FreeLibrary
FormatMessageA
FindResourceA
EnumCalendarInfoA
EnterCriticalSection
DeleteCriticalSection
CreateThread
CreateFileA
CreateEventA
CompareStringA
CloseHandle
Sleep

gdi32

UnrealizeObject
StretchBlt
SetWindowOrgEx
SetViewportOrgEx
SetTextColor
SetStretchBltMode
SetROP2
SetPixel
SetPaletteEntries
SetDIBitsToDevice
SetDIBColorTable
SetBrushOrgEx
SetBkMode
SetBkColor
SelectPalette
SelectObject
SaveDC
RestoreDC
ResizePalette
Rectangle
RectVisible
RealizePalette
Polyline
PatBlt
MoveToEx
MaskBlt
LineTo
IntersectClipRect
GetWindowOrgEx
GetTextMetricsA
GetTextExtentPoint32A
GetSystemPaletteEntries
GetStockObject
GetRgnBox
GetPixel
GetPaletteEntries
GetObjectA
GetDeviceCaps
GetDIBits
GetDIBColorTable
GetDCOrgEx
GetCurrentPositionEx
GetCurrentObject
GetClipBox
GetBrushOrgEx
GetBitmapBits
GdiFlush
ExtTextOutA
ExtCreateRegion
ExcludeClipRect
DeleteObject
DeleteDC
CreateSolidBrush
CreateRectRgn
CreatePenIndirect
CreatePalette
CreateHalftonePalette
CreateFontIndirectA
CreateDIBitmap
CreateDIBSection
CreateDCA
CreateCompatibleDC
CreateCompatibleBitmap
CreateBrushIndirect
CreateBitmap
CombineRgn
BitBlt

version

VerQueryValueA
GetFileVersionInfoSizeA
GetFileVersionInfoA

comctl32

_TrackMouseEvent
ImageList_SetIconSize
ImageList_GetIconSize
ImageList_Write
ImageList_Read
ImageList_DragShowNolock
ImageList_DragMove
ImageList_DragLeave
ImageList_DragEnter
ImageList_EndDrag
ImageList_BeginDrag
ImageList_Remove
ImageList_DrawEx
ImageList_Draw
ImageList_GetBkColor
ImageList_SetBkColor
ImageList_Add
ImageList_SetImageCount
ImageList_GetImageCount
ImageList_Destroy
ImageList_Create

shell32

DragAcceptFiles

Sections

.text
Size: 610KB - Virtual size: 609KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 25KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 56B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 960KB - Virtual size: 960KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.11.26_Checkpoint-Bandook/aed7ab5d0de01c3724c917c034e26a5e9eed3f7fbf4082b024576a41725d66cf
.exe windows:4 windows x86 arch:x86

dd6248aefa16aab72aef86cc4a3eea0c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

oleaut32

SysFreeString
SysReAllocStringLen
SysAllocStringLen
GetErrorInfo
SysFreeString
SafeArrayPtrOfIndex
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayCreate
VariantChangeType
VariantCopy
VariantClear
VariantInit

advapi32

RegQueryValueExA
RegOpenKeyExA
RegCloseKey
RegQueryValueExA
RegQueryInfoKeyA
RegOpenKeyExA
RegFlushKey
RegEnumKeyExA
RegCloseKey

user32

GetKeyboardType
DestroyWindow
LoadStringA
MessageBoxA
CharNextA
CreateWindowExA
WindowFromPoint
WaitMessage
UpdateWindow
UnregisterClassA
UnhookWindowsHookEx
TranslateMessage
TranslateMDISysAccel
TrackPopupMenu
SystemParametersInfoA
ShowWindow
ShowScrollBar
ShowOwnedPopups
SetWindowsHookExA
SetWindowPos
SetWindowPlacement
SetWindowLongW
SetWindowLongA
SetTimer
SetScrollRange
SetScrollPos
SetScrollInfo
SetRect
SetPropA
SetParent
SetMenuItemInfoA
SetMenu
SetForegroundWindow
SetFocus
SetCursor
SetClipboardData
SetClassLongA
SetCapture
SetActiveWindow
SendMessageW
SendMessageA
ScrollWindow
ScreenToClient
RemovePropA
RemoveMenu
ReleaseDC
ReleaseCapture
RegisterWindowMessageA
RegisterClipboardFormatA
RegisterClassA
RedrawWindow
PtInRect
PostQuitMessage
PostMessageA
PeekMessageW
PeekMessageA
OpenClipboard
OffsetRect
OemToCharA
MsgWaitForMultipleObjects
MessageBoxA
MessageBeep
MapWindowPoints
MapVirtualKeyA
LoadStringA
LoadKeyboardLayoutA
LoadIconA
LoadCursorA
LoadBitmapA
KillTimer
IsZoomed
IsWindowVisible
IsWindowUnicode
IsWindowEnabled
IsWindow
IsRectEmpty
IsIconic
IsDialogMessageW
IsDialogMessageA
IsChild
InvalidateRect
IntersectRect
InsertMenuItemA
InsertMenuA
InflateRect
GetWindowThreadProcessId
GetWindowTextA
GetWindowRect
GetWindowPlacement
GetWindowLongW
GetWindowLongA
GetWindowDC
GetTopWindow
GetSystemMetrics
GetSystemMenu
GetSysColorBrush
GetSysColor
GetSubMenu
GetScrollRange
GetScrollPos
GetScrollInfo
GetPropA
GetParent
GetWindow
GetMessagePos
GetMenuStringA
GetMenuState
GetMenuItemInfoA
GetMenuItemID
GetMenuItemCount
GetMenu
GetLastActivePopup
GetKeyboardState
GetKeyboardLayoutNameA
GetKeyboardLayoutList
GetKeyboardLayout
GetKeyState
GetKeyNameTextA
GetIconInfo
GetForegroundWindow
GetFocus
GetDesktopWindow
GetDCEx
GetDC
GetCursorPos
GetCursor
GetClipboardFormatNameA
GetClipboardData
GetClientRect
GetClassLongA
GetClassInfoA
GetCapture
GetActiveWindow
FrameRect
FindWindowA
FillRect
EqualRect
EnumWindows
EnumThreadWindows
EnumChildWindows
EndPaint
EnableWindow
EnableScrollBar
EnableMenuItem
EmptyClipboard
DrawTextA
DrawMenuBar
DrawIconEx
DrawIcon
DrawFrameControl
DrawEdge
DispatchMessageW
DispatchMessageA
DestroyWindow
DestroyMenu
DestroyIcon
DestroyCursor
DeleteMenu
DefWindowProcA
DefMDIChildProcA
DefFrameProcA
CreatePopupMenu
CreateMenu
CreateIcon
CloseClipboard
ClientToScreen
CheckMenuItem
CallWindowProcA
CallNextHookEx
BeginPaint
CharNextA
CharLowerBuffA
CharLowerA
CharUpperBuffA
CharToOemBuffA
CharToOemA
AdjustWindowRectEx
ActivateKeyboardLayout

kernel32

GetACP
Sleep
VirtualFree
VirtualAlloc
GetCurrentThreadId
InterlockedDecrement
InterlockedIncrement
VirtualQuery
WideCharToMultiByte
MultiByteToWideChar
lstrlenA
lstrcpynA
LoadLibraryExA
GetThreadLocale
GetStartupInfoA
GetProcAddress
GetModuleHandleA
GetModuleFileNameA
GetLocaleInfoA
GetCommandLineA
FreeLibrary
FindFirstFileA
FindClose
ExitProcess
ExitThread
CreateThread
CompareStringA
WriteFile
UnhandledExceptionFilter
RtlUnwind
RaiseException
GetStdHandle
TlsSetValue
TlsGetValue
LocalAlloc
GetModuleHandleA
lstrcpyA
WriteFile
WideCharToMultiByte
WaitForSingleObject
VirtualQuery
VirtualAlloc
SizeofResource
SetThreadLocale
SetFilePointer
SetEvent
SetErrorMode
SetEndOfFile
ResumeThread
ResetEvent
ReadFile
OutputDebugStringA
MultiByteToWideChar
MulDiv
LockResource
LoadResource
LoadLibraryA
LeaveCriticalSection
InitializeCriticalSection
GlobalUnlock
GlobalSize
GlobalLock
GlobalFree
GlobalFindAtomA
GlobalDeleteAtom
GlobalAlloc
GlobalAddAtomA
GetVersionExA
GetVersion
GetTickCount
GetThreadLocale
GetStdHandle
GetProcAddress
GetModuleHandleA
GetModuleFileNameA
GetLocaleInfoA
GetLocalTime
GetLastError
GetFullPathNameA
GetExitCodeThread
GetDiskFreeSpaceA
GetDateFormatA
GetCurrentThreadId
GetCurrentProcessId
GetCurrentProcess
GetCPInfo
GetACP
FreeResource
InterlockedIncrement
InterlockedExchange
InterlockedDecrement
FreeLibrary
FormatMessageA
FindResourceA
EnumCalendarInfoA
EnterCriticalSection
DeleteCriticalSection
CreateThread
CreateFileA
CreateEventA
CompareStringA
CloseHandle
Sleep

gdi32

UnrealizeObject
StretchBlt
SetWindowOrgEx
SetWinMetaFileBits
SetViewportOrgEx
SetTextColor
SetStretchBltMode
SetROP2
SetPixel
SetMapMode
SetEnhMetaFileBits
SetDIBColorTable
SetBrushOrgEx
SetBkMode
SetBkColor
SelectPalette
SelectObject
SaveDC
RestoreDC
Rectangle
RectVisible
RealizePalette
PlayEnhMetaFile
PatBlt
MoveToEx
MaskBlt
LineTo
LPtoDP
IntersectClipRect
GetWindowOrgEx
GetWinMetaFileBits
GetTextMetricsA
GetTextExtentPointA
GetTextExtentPoint32A
GetSystemPaletteEntries
GetStockObject
GetRgnBox
GetPixel
GetPaletteEntries
GetObjectA
GetMetaFileBitsEx
GetEnhMetaFilePaletteEntries
GetEnhMetaFileHeader
GetEnhMetaFileBits
GetDeviceCaps
GetDIBits
GetDIBColorTable
GetDCOrgEx
GetCurrentPositionEx
GetClipBox
GetBrushOrgEx
GetBitmapBits
ExcludeClipRect
DeleteObject
DeleteEnhMetaFile
DeleteDC
CreateSolidBrush
CreatePenIndirect
CreatePalette
CreateHalftonePalette
CreateFontIndirectA
CreateDIBitmap
CreateDIBSection
CreateCompatibleDC
CreateCompatibleBitmap
CreateBrushIndirect
CreateBitmap
CopyEnhMetaFileA
BitBlt

version

VerQueryValueA
GetFileVersionInfoSizeA
GetFileVersionInfoA

shell32

DragAcceptFiles
SHGetPathFromIDListW
SHGetMalloc
SHGetDesktopFolder
ord18

ole32

CreateStreamOnHGlobal
CreateILockBytesOnHGlobal
ReleaseStgMedium
OleGetClipboard
RevokeDragDrop
RegisterDragDrop
OleUninitialize
OleInitialize
StgCreateDocfileOnILockBytes
CoTaskMemFree
CoTaskMemAlloc
CoCreateInstance
CoGetInterfaceAndReleaseStream
CoMarshalInterThreadInterfaceInStream
CoUninitialize
CoInitialize
IsEqualGUID

comctl32

_TrackMouseEvent
ImageList_SetIconSize
ImageList_GetIconSize
ImageList_Write
ImageList_Read
ImageList_GetDragImage
ImageList_DragShowNolock
ImageList_SetDragCursorImage
ImageList_DragMove
ImageList_DragLeave
ImageList_DragEnter
ImageList_EndDrag
ImageList_BeginDrag
ImageList_Remove
ImageList_DrawEx
ImageList_Draw
ImageList_GetBkColor
ImageList_SetBkColor
ImageList_Add
ImageList_SetImageCount
ImageList_GetImageCount
ImageList_Destroy
ImageList_Create

Sections

.text
Size: 509KB - Virtual size: 508KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 20KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 56B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 38KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 637KB - Virtual size: 637KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.11.26_Checkpoint-Bandook/ba153e449ee926c019b548997c32d0579b9c6f350b1590a025d5d9a216ddbffd
.exe windows:4 windows x86 arch:x86

2d220f573bad50d22741b7eb788b23d3

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

oleaut32

SysFreeString
SysReAllocStringLen
SysAllocStringLen
GetErrorInfo
SysFreeString
SafeArrayPtrOfIndex
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayCreate
VariantChangeType
VariantCopy
VariantClear
VariantInit

advapi32

RegQueryValueExA
RegOpenKeyExA
RegCloseKey
RegQueryValueExW
RegQueryValueExA
RegOpenKeyExW
RegOpenKeyExA
RegFlushKey
RegCloseKey

user32

GetKeyboardType
DestroyWindow
LoadStringA
MessageBoxA
CharNextA
CreateWindowExA
WindowFromPoint
WaitMessage
ValidateRect
UpdateWindow
UnregisterClassA
UnionRect
UnhookWindowsHookEx
TranslateMessage
TranslateMDISysAccel
TrackPopupMenu
SystemParametersInfoA
ShowWindow
ShowScrollBar
ShowOwnedPopups
SetWindowsHookExA
SetWindowTextA
SetWindowPos
SetWindowPlacement
SetWindowLongW
SetWindowLongA
SetTimer
SetScrollRange
SetScrollPos
SetScrollInfo
SetRect
SetPropA
SetParent
SetMenuItemInfoA
SetMenu
SetKeyboardState
SetForegroundWindow
SetFocus
SetCursor
SetClipboardData
SetClassLongA
SetCaretPos
SetCapture
SetActiveWindow
SendMessageW
SendMessageA
ScrollWindowEx
ScrollWindow
ScreenToClient
RemovePropA
RemoveMenu
ReleaseDC
ReleaseCapture
RegisterWindowMessageA
RegisterClipboardFormatA
RegisterClassA
RedrawWindow
PtInRect
PostQuitMessage
PostMessageA
PeekMessageW
PeekMessageA
OpenClipboard
OffsetRect
OemToCharA
MsgWaitForMultipleObjects
MessageBoxA
MessageBeep
MapWindowPoints
MapVirtualKeyA
LoadStringA
LoadKeyboardLayoutA
LoadIconA
LoadCursorA
LoadBitmapA
KillTimer
IsZoomed
IsWindowVisible
IsWindowUnicode
IsWindowEnabled
IsWindow
IsRectEmpty
IsIconic
IsDialogMessageW
IsDialogMessageA
IsChild
IsCharAlphaNumericA
IsCharAlphaA
InvalidateRgn
InvalidateRect
IntersectRect
InsertMenuItemA
InsertMenuA
InflateRect
GetWindowThreadProcessId
GetWindowTextA
GetWindowRect
GetWindowPlacement
GetWindowLongW
GetWindowLongA
GetWindowDC
GetTopWindow
GetSystemMetrics
GetSystemMenu
GetSysColorBrush
GetSysColor
GetSubMenu
GetScrollRange
GetScrollPos
GetScrollInfo
GetPropA
GetParent
GetWindow
GetMessageTime
GetMessagePos
GetMenuStringA
GetMenuState
GetMenuItemInfoA
GetMenuItemID
GetMenuItemCount
GetMenu
GetLastActivePopup
GetKeyboardState
GetKeyboardLayoutNameA
GetKeyboardLayoutList
GetKeyboardLayout
GetKeyState
GetKeyNameTextA
GetIconInfo
GetForegroundWindow
GetFocus
GetDoubleClickTime
GetDesktopWindow
GetDCEx
GetDC
GetCursorPos
GetCursor
GetClipboardFormatNameA
GetClipboardData
GetClientRect
GetClassLongA
GetClassInfoA
GetCaretPos
GetCapture
GetActiveWindow
FrameRect
FindWindowA
FillRect
EqualRect
EnumWindows
EnumThreadWindows
EnumClipboardFormats
EnumChildWindows
EndPaint
EnableWindow
EnableScrollBar
EnableMenuItem
EmptyClipboard
DrawTextA
DrawMenuBar
DrawIconEx
DrawIcon
DrawFrameControl
DrawFocusRect
DrawEdge
DispatchMessageW
DispatchMessageA
DestroyWindow
DestroyMenu
DestroyIcon
DestroyCursor
DestroyCaret
DeleteMenu
DefWindowProcA
DefMDIChildProcA
DefFrameProcA
CreatePopupMenu
CreateMenu
CreateIcon
CreateCaret
CloseClipboard
ClientToScreen
CheckMenuItem
CharNextW
CallWindowProcA
CallNextHookEx
BeginPaint
CharNextA
CharLowerBuffA
CharLowerA
CharUpperBuffA
CharToOemBuffA
CharToOemA
AdjustWindowRectEx
ActivateKeyboardLayout

kernel32

GetACP
Sleep
VirtualFree
VirtualAlloc
GetCurrentThreadId
InterlockedDecrement
InterlockedIncrement
VirtualQuery
WideCharToMultiByte
MultiByteToWideChar
lstrlenA
lstrcpynA
LoadLibraryExA
GetThreadLocale
GetStartupInfoA
GetProcAddress
GetModuleHandleA
GetModuleFileNameA
GetLocaleInfoA
GetCommandLineA
FreeLibrary
FindFirstFileA
FindClose
ExitProcess
ExitThread
CreateThread
CompareStringA
WriteFile
UnhandledExceptionFilter
RtlUnwind
RaiseException
GetStdHandle
TlsSetValue
TlsGetValue
LocalAlloc
GetModuleHandleA
lstrcpyA
WriteFile
WideCharToMultiByte
WaitForSingleObject
VirtualQuery
VirtualAlloc
SizeofResource
SetThreadLocale
SetFilePointer
SetEvent
SetErrorMode
SetEndOfFile
ResumeThread
ResetEvent
ReadFile
OutputDebugStringA
MultiByteToWideChar
MulDiv
LockResource
LoadResource
LoadLibraryA
LeaveCriticalSection
IsValidLocale
InitializeCriticalSection
GlobalUnlock
GlobalSize
GlobalLock
GlobalFree
GlobalFindAtomA
GlobalDeleteAtom
GlobalAlloc
GlobalAddAtomA
GetVersionExA
GetVersion
GetTickCount
GetThreadLocale
GetSystemInfo
GetStringTypeExA
GetStdHandle
GetProcAddress
GetModuleHandleA
GetModuleFileNameA
GetLocaleInfoA
GetLocalTime
GetLastError
GetFullPathNameA
GetExitCodeThread
GetDiskFreeSpaceA
GetDateFormatA
GetCurrentThreadId
GetCurrentProcessId
GetCurrentProcess
GetCPInfo
GetACP
FreeResource
InterlockedIncrement
InterlockedExchange
InterlockedDecrement
FreeLibrary
FormatMessageA
FindResourceA
EnumCalendarInfoA
EnterCriticalSection
DeleteCriticalSection
CreateThread
CreateFileA
CreateEventA
CompareStringW
CompareStringA
CloseHandle
Sleep
GetVersionExA
MulDiv

gdi32

UnrealizeObject
StretchBlt
SetWindowOrgEx
SetWindowExtEx
SetWinMetaFileBits
SetViewportOrgEx
SetViewportExtEx
SetTextColor
SetStretchBltMode
SetROP2
SetPixel
SetMapMode
SetEnhMetaFileBits
SetDIBColorTable
SetBrushOrgEx
SetBkMode
SetBkColor
SelectPalette
SelectObject
SaveDC
RestoreDC
Rectangle
RectVisible
RealizePalette
PolyPolyline
PlayEnhMetaFile
PatBlt
MoveToEx
MaskBlt
LineTo
LPtoDP
IntersectClipRect
GetWindowOrgEx
GetWinMetaFileBits
GetTextMetricsA
GetTextExtentPointA
GetTextExtentPoint32A
GetSystemPaletteEntries
GetStockObject
GetRgnBox
GetPixel
GetPaletteEntries
GetObjectA
GetMetaFileBitsEx
GetEnhMetaFilePaletteEntries
GetEnhMetaFileHeader
GetEnhMetaFileBits
GetDeviceCaps
GetDIBits
GetDIBColorTable
GetDCOrgEx
GetCurrentPositionEx
GetClipBox
GetBrushOrgEx
GetBitmapBits
GdiFlush
ExtCreatePen
ExcludeClipRect
DeleteObject
DeleteEnhMetaFile
DeleteDC
CreateSolidBrush
CreateRectRgn
CreatePenIndirect
CreatePalette
CreateHalftonePalette
CreateFontIndirectA
CreateDIBitmap
CreateDIBSection
CreateCompatibleDC
CreateCompatibleBitmap
CreateBrushIndirect
CreateBitmap
CopyEnhMetaFileA
CombineRgn
BitBlt

version

VerQueryValueA
GetFileVersionInfoSizeA
GetFileVersionInfoA

shell32

DragAcceptFiles
SHGetPathFromIDListW
SHGetMalloc
SHGetDesktopFolder
ord18

ole32

CreateStreamOnHGlobal
CreateILockBytesOnHGlobal
ReleaseStgMedium
OleGetClipboard
RevokeDragDrop
RegisterDragDrop
OleUninitialize
OleInitialize
StgCreateDocfileOnILockBytes
CoTaskMemFree
CoTaskMemAlloc
CoCreateInstance
CoGetInterfaceAndReleaseStream
CoMarshalInterThreadInterfaceInStream
CoUninitialize
CoInitialize
IsEqualGUID

comctl32

_TrackMouseEvent
ImageList_SetIconSize
ImageList_GetIconSize
ImageList_Write
ImageList_Read
ImageList_GetDragImage
ImageList_DragShowNolock
ImageList_SetDragCursorImage
ImageList_DragMove
ImageList_DragLeave
ImageList_DragEnter
ImageList_EndDrag
ImageList_BeginDrag
ImageList_Remove
ImageList_DrawEx
ImageList_Draw
ImageList_GetBkColor
ImageList_SetBkColor
ImageList_Add
ImageList_SetImageCount
ImageList_GetImageCount
ImageList_Destroy
ImageList_Create

Sections

.text
Size: 747KB - Virtual size: 747KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 26KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 60B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 50KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 788KB - Virtual size: 788KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.11.26_Checkpoint-Bandook/ce8ad96819c814dd1735e621639a8845ae7132375879cc5b5d5f6877cb909a68
.exe windows:4 windows x86 arch:x86

454e04d77cf1c162663700c0a4ce3c1e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

oleaut32

SysFreeString
SysReAllocStringLen
SysAllocStringLen
GetErrorInfo
SysFreeString
SafeArrayPtrOfIndex
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayCreate
VariantChangeType
VariantCopy
VariantClear
VariantInit

advapi32

RegQueryValueExA
RegOpenKeyExA
RegCloseKey
RegQueryValueExA
RegOpenKeyExA
RegFlushKey
RegCloseKey

user32

GetKeyboardType
DestroyWindow
LoadStringA
MessageBoxA
CharNextA
CreateWindowExA
WindowFromPoint
WaitMessage
UpdateWindow
UnregisterClassA
UnhookWindowsHookEx
TranslateMessage
TranslateMDISysAccel
TrackPopupMenu
SystemParametersInfoA
ShowWindow
ShowScrollBar
ShowOwnedPopups
SetWindowsHookExA
SetWindowPos
SetWindowPlacement
SetWindowLongW
SetWindowLongA
SetTimer
SetScrollRange
SetScrollPos
SetScrollInfo
SetRect
SetPropA
SetParent
SetMenuItemInfoA
SetMenu
SetKeyboardState
SetForegroundWindow
SetFocus
SetCursor
SetClassLongA
SetCapture
SetActiveWindow
SendMessageW
SendMessageA
ScrollWindow
ScreenToClient
RemovePropA
RemoveMenu
ReleaseDC
ReleaseCapture
RegisterWindowMessageA
RegisterClipboardFormatA
RegisterClassA
RedrawWindow
PtInRect
PostQuitMessage
PostMessageA
PeekMessageW
PeekMessageA
OffsetRect
OemToCharA
MessageBoxA
MapWindowPoints
MapVirtualKeyA
LoadStringA
LoadKeyboardLayoutA
LoadIconA
LoadCursorA
LoadBitmapA
KillTimer
IsZoomed
IsWindowVisible
IsWindowUnicode
IsWindowEnabled
IsWindow
IsRectEmpty
IsIconic
IsDialogMessageW
IsDialogMessageA
IsChild
InvalidateRect
IntersectRect
InsertMenuItemA
InsertMenuA
InflateRect
GetWindowThreadProcessId
GetWindowTextA
GetWindowRect
GetWindowPlacement
GetWindowLongW
GetWindowLongA
GetWindowDC
GetTopWindow
GetSystemMetrics
GetSystemMenu
GetSysColorBrush
GetSysColor
GetSubMenu
GetScrollRange
GetScrollPos
GetScrollInfo
GetPropA
GetParent
GetWindow
GetMessagePos
GetMenuStringA
GetMenuState
GetMenuItemInfoA
GetMenuItemID
GetMenuItemCount
GetMenu
GetLastActivePopup
GetKeyboardState
GetKeyboardLayoutNameA
GetKeyboardLayoutList
GetKeyboardLayout
GetKeyState
GetKeyNameTextA
GetIconInfo
GetForegroundWindow
GetFocus
GetDesktopWindow
GetDCEx
GetDC
GetCursorPos
GetCursor
GetClientRect
GetClassLongA
GetClassInfoA
GetCapture
GetActiveWindow
FrameRect
FindWindowA
FillRect
EqualRect
EnumWindows
EnumThreadWindows
EnumChildWindows
EndPaint
EnableWindow
EnableScrollBar
EnableMenuItem
DrawTextA
DrawMenuBar
DrawIconEx
DrawIcon
DrawFrameControl
DrawEdge
DispatchMessageW
DispatchMessageA
DestroyWindow
DestroyMenu
DestroyIcon
DestroyCursor
DeleteMenu
DefWindowProcA
DefMDIChildProcA
DefFrameProcA
CreatePopupMenu
CreateMenu
CreateIcon
ClientToScreen
CheckMenuItem
CallWindowProcA
CallNextHookEx
BeginPaint
CharNextA
CharLowerA
CharUpperBuffA
CharToOemA
AdjustWindowRectEx
ActivateKeyboardLayout

kernel32

GetACP
Sleep
VirtualFree
VirtualAlloc
GetCurrentThreadId
InterlockedDecrement
InterlockedIncrement
VirtualQuery
WideCharToMultiByte
MultiByteToWideChar
lstrlenA
lstrcpynA
LoadLibraryExA
GetThreadLocale
GetStartupInfoA
GetProcAddress
GetModuleHandleA
GetModuleFileNameA
GetLocaleInfoA
GetCommandLineA
FreeLibrary
FindFirstFileA
FindClose
ExitProcess
CompareStringA
WriteFile
UnhandledExceptionFilter
RtlUnwind
RaiseException
GetStdHandle
TlsSetValue
TlsGetValue
LocalAlloc
GetModuleHandleA
lstrcpyA
WriteFile
WaitForSingleObject
VirtualQuery
VirtualAlloc
SizeofResource
SetThreadLocale
SetFilePointer
SetEvent
SetErrorMode
SetEndOfFile
ResetEvent
ReadFile
MultiByteToWideChar
MulDiv
LockResource
LoadResource
LoadLibraryA
LeaveCriticalSection
InitializeCriticalSection
GlobalFindAtomA
GlobalDeleteAtom
GlobalAddAtomA
GetVersionExA
GetVersion
GetTickCount
GetThreadLocale
GetStdHandle
GetProcAddress
GetModuleHandleA
GetModuleFileNameA
GetLocaleInfoA
GetLocalTime
GetLastError
GetFullPathNameA
GetFileAttributesA
GetDiskFreeSpaceA
GetDateFormatA
GetCurrentThreadId
GetCurrentProcessId
GetCurrentProcess
GetCPInfo
FreeResource
InterlockedExchange
FreeLibrary
FormatMessageA
FindResourceA
EnumCalendarInfoA
EnterCriticalSection
DeleteCriticalSection
CreateThread
CreateFileA
CreateEventA
CompareStringA
CloseHandle
Sleep

gdi32

UnrealizeObject
StretchBlt
SetWindowOrgEx
SetViewportOrgEx
SetTextColor
SetStretchBltMode
SetROP2
SetPixel
SetPaletteEntries
SetDIBColorTable
SetBrushOrgEx
SetBkMode
SetBkColor
SelectPalette
SelectObject
SaveDC
RestoreDC
ResizePalette
Rectangle
RectVisible
RealizePalette
PatBlt
MoveToEx
MaskBlt
LineTo
IntersectClipRect
GetWindowOrgEx
GetTextMetricsA
GetTextExtentPoint32A
GetSystemPaletteEntries
GetStockObject
GetRgnBox
GetPixel
GetPaletteEntries
GetObjectA
GetDeviceCaps
GetDIBits
GetDIBColorTable
GetDCOrgEx
GetCurrentPositionEx
GetCurrentObject
GetClipBox
GetBrushOrgEx
GetBitmapBits
GdiFlush
ExcludeClipRect
DeleteObject
DeleteDC
CreateSolidBrush
CreatePenIndirect
CreatePalette
CreateHalftonePalette
CreateFontIndirectA
CreateDIBitmap
CreateDIBSection
CreateCompatibleDC
CreateCompatibleBitmap
CreateBrushIndirect
CreateBitmap
BitBlt

version

VerQueryValueA
GetFileVersionInfoSizeA
GetFileVersionInfoA

shell32

DragAcceptFiles
SHGetSpecialFolderLocation
SHGetMalloc
SHGetDesktopFolder

ole32

OleUninitialize
OleInitialize
CoUninitialize
CoInitialize

comctl32

_TrackMouseEvent
ImageList_SetIconSize
ImageList_GetIconSize
ImageList_Write
ImageList_Read
ImageList_DragShowNolock
ImageList_DragMove
ImageList_DragLeave
ImageList_DragEnter
ImageList_EndDrag
ImageList_BeginDrag
ImageList_Remove
ImageList_DrawEx
ImageList_Draw
ImageList_GetBkColor
ImageList_SetBkColor
ImageList_Add
ImageList_SetImageCount
ImageList_GetImageCount
ImageList_Destroy
ImageList_Create

Sections

.text
Size: 552KB - Virtual size: 551KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 25KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 56B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 34KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.11.26_Checkpoint-Bandook/d217288a046e2739159d0081608a44c2e79d41de12c57ebe88a8591693fa15d5
.docx office2007
Malware-Feed-master/2020.11.26_Checkpoint-Bandook/ea4792353e0f97968e7c69ffba81c144f22f54382af4e61a1347edd0ae15830f
.exe windows:4 windows x86 arch:x86

491b25a8d3dcb0663e497d6c4ab6a3dd

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

oleaut32

SysFreeString
SysReAllocStringLen
SysAllocStringLen
GetErrorInfo
SysFreeString
SafeArrayPtrOfIndex
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayCreate
VariantChangeType
VariantCopy
VariantClear
VariantInit

advapi32

RegQueryValueExA
RegOpenKeyExA
RegCloseKey
RegQueryValueExA
RegOpenKeyExA
RegFlushKey
RegCloseKey

user32

GetKeyboardType
DestroyWindow
LoadStringA
MessageBoxA
CharNextA
CreateWindowExA
WindowFromPoint
WaitMessage
UpdateWindow
UnregisterClassA
UnhookWindowsHookEx
TranslateMessage
TranslateMDISysAccel
TrackPopupMenu
SystemParametersInfoA
ShowWindow
ShowScrollBar
ShowOwnedPopups
SetWindowsHookExA
SetWindowPos
SetWindowPlacement
SetWindowLongW
SetWindowLongA
SetTimer
SetScrollRange
SetScrollPos
SetScrollInfo
SetRect
SetPropA
SetParent
SetMenuItemInfoA
SetMenu
SetForegroundWindow
SetFocus
SetCursor
SetClassLongA
SetCapture
SetActiveWindow
SendMessageW
SendMessageA
ScrollWindow
ScreenToClient
RemovePropA
RemoveMenu
ReleaseDC
ReleaseCapture
RegisterWindowMessageA
RegisterClipboardFormatA
RegisterClassA
RedrawWindow
PtInRect
PostQuitMessage
PostMessageA
PeekMessageW
PeekMessageA
OffsetRect
OemToCharA
MsgWaitForMultipleObjects
MessageBoxA
MapWindowPoints
MapVirtualKeyA
LoadStringA
LoadKeyboardLayoutA
LoadIconA
LoadCursorA
LoadBitmapA
KillTimer
IsZoomed
IsWindowVisible
IsWindowUnicode
IsWindowEnabled
IsWindow
IsRectEmpty
IsIconic
IsDialogMessageW
IsDialogMessageA
IsChild
InvalidateRect
IntersectRect
InsertMenuItemA
InsertMenuA
InflateRect
GetWindowThreadProcessId
GetWindowTextA
GetWindowRect
GetWindowPlacement
GetWindowLongW
GetWindowLongA
GetWindowDC
GetTopWindow
GetSystemMetrics
GetSystemMenu
GetSysColorBrush
GetSysColor
GetSubMenu
GetScrollRange
GetScrollPos
GetScrollInfo
GetPropA
GetParent
GetWindow
GetMessagePos
GetMenuStringA
GetMenuState
GetMenuItemInfoA
GetMenuItemID
GetMenuItemCount
GetMenu
GetLastActivePopup
GetKeyboardState
GetKeyboardLayoutNameA
GetKeyboardLayoutList
GetKeyboardLayout
GetKeyState
GetKeyNameTextA
GetIconInfo
GetForegroundWindow
GetFocus
GetDesktopWindow
GetDCEx
GetDC
GetCursorPos
GetCursor
GetClipboardFormatNameA
GetClipboardData
GetClientRect
GetClassLongA
GetClassInfoA
GetCapture
GetActiveWindow
FrameRect
FindWindowA
FillRect
EqualRect
EnumWindows
EnumThreadWindows
EnumChildWindows
EndPaint
EnableWindow
EnableScrollBar
EnableMenuItem
DrawTextA
DrawMenuBar
DrawIconEx
DrawIcon
DrawFrameControl
DrawEdge
DispatchMessageW
DispatchMessageA
DestroyWindow
DestroyMenu
DestroyIcon
DestroyCursor
DeleteMenu
DefWindowProcA
DefMDIChildProcA
DefFrameProcA
CreatePopupMenu
CreateMenu
CreateIcon
ClientToScreen
CheckMenuItem
CallWindowProcA
CallNextHookEx
BeginPaint
AttachThreadInput
CharNextA
CharLowerBuffA
CharLowerA
CharToOemA
AdjustWindowRectEx
ActivateKeyboardLayout

kernel32

GetACP
Sleep
VirtualFree
VirtualAlloc
GetCurrentThreadId
InterlockedDecrement
InterlockedIncrement
VirtualQuery
WideCharToMultiByte
MultiByteToWideChar
lstrlenA
lstrcpynA
LoadLibraryExA
GetThreadLocale
GetStartupInfoA
GetProcAddress
GetModuleHandleA
GetModuleFileNameA
GetLocaleInfoA
GetCommandLineA
FreeLibrary
FindFirstFileA
FindClose
ExitProcess
ExitThread
CreateThread
CompareStringA
WriteFile
UnhandledExceptionFilter
RtlUnwind
RaiseException
GetStdHandle
TlsSetValue
TlsGetValue
LocalAlloc
GetModuleHandleA
lstrcpyA
WriteFile
WaitForSingleObject
VirtualQuery
VirtualAlloc
SizeofResource
SetThreadLocale
SetFilePointer
SetEvent
SetErrorMode
SetEndOfFile
ResumeThread
ResetEvent
ReadFile
OutputDebugStringA
MultiByteToWideChar
MulDiv
LockResource
LoadResource
LoadLibraryA
LeaveCriticalSection
InitializeCriticalSection
GlobalUnlock
GlobalSize
GlobalLock
GlobalFree
GlobalFindAtomA
GlobalDeleteAtom
GlobalAlloc
GlobalAddAtomA
GetVersionExA
GetVersion
GetTickCount
GetThreadLocale
GetStdHandle
GetProcAddress
GetModuleHandleA
GetModuleFileNameA
GetLocaleInfoA
GetLocalTime
GetLastError
GetFullPathNameA
GetExitCodeThread
GetDiskFreeSpaceA
GetDateFormatA
GetCurrentThreadId
GetCurrentProcessId
GetCurrentProcess
GetCPInfo
FreeResource
InterlockedIncrement
InterlockedExchange
InterlockedDecrement
FreeLibrary
FormatMessageA
FindResourceA
EnumCalendarInfoA
EnterCriticalSection
DeleteCriticalSection
CreateThread
CreateFileA
CreateEventA
CompareStringA
CloseHandle
Sleep

gdi32

UnrealizeObject
StretchBlt
SetWindowOrgEx
SetWinMetaFileBits
SetViewportOrgEx
SetTextColor
SetStretchBltMode
SetROP2
SetPixel
SetMapMode
SetEnhMetaFileBits
SetDIBColorTable
SetBrushOrgEx
SetBkMode
SetBkColor
SelectPalette
SelectObject
SaveDC
RestoreDC
RectVisible
RealizePalette
PlayEnhMetaFile
PatBlt
MoveToEx
MaskBlt
LineTo
LPtoDP
IntersectClipRect
GetWindowOrgEx
GetWinMetaFileBits
GetTextMetricsA
GetTextExtentPoint32A
GetSystemPaletteEntries
GetStockObject
GetRgnBox
GetPixel
GetPaletteEntries
GetObjectA
GetEnhMetaFilePaletteEntries
GetEnhMetaFileHeader
GetEnhMetaFileBits
GetDeviceCaps
GetDIBits
GetDIBColorTable
GetDCOrgEx
GetCurrentPositionEx
GetClipBox
GetBrushOrgEx
GetBitmapBits
ExcludeClipRect
DeleteObject
DeleteEnhMetaFile
DeleteDC
CreateSolidBrush
CreatePenIndirect
CreatePalette
CreateHalftonePalette
CreateFontIndirectA
CreateDIBitmap
CreateDIBSection
CreateCompatibleDC
CreateCompatibleBitmap
CreateBrushIndirect
CreateBitmap
CopyEnhMetaFileA
BitBlt

version

VerQueryValueA
GetFileVersionInfoSizeA
GetFileVersionInfoA

shell32

DragAcceptFiles
SHGetMalloc

ole32

CreateStreamOnHGlobal
CreateILockBytesOnHGlobal
ReleaseStgMedium
OleIsCurrentClipboard
OleFlushClipboard
OleSetClipboard
DoDragDrop
OleUninitialize
OleInitialize
StgCreateDocfileOnILockBytes
CoCreateInstance
CoGetInterfaceAndReleaseStream
CoMarshalInterThreadInterfaceInStream
CoUninitialize
CoInitialize
IsEqualGUID

comctl32

_TrackMouseEvent
ImageList_SetIconSize
ImageList_GetIconSize
ImageList_Write
ImageList_Read
ImageList_GetDragImage
ImageList_DragShowNolock
ImageList_DragMove
ImageList_DragLeave
ImageList_DragEnter
ImageList_EndDrag
ImageList_BeginDrag
ImageList_Remove
ImageList_DrawEx
ImageList_Draw
ImageList_GetBkColor
ImageList_SetBkColor
ImageList_Add
ImageList_SetImageCount
ImageList_GetImageCount
ImageList_Destroy
ImageList_Create

Sections

.text
Size: 416KB - Virtual size: 416KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 19KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 56B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 29KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 565KB - Virtual size: 565KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.11.27_PTSecurity-APT27_Polar_Ransomware/README.md
Malware-Feed-master/2020.11.27_PTSecurity-APT27_Polar_Ransomware/ad9093adf832b6f86d6001331547f0072de21419fe40e6446c3525213add1413
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\wana\Ransomware_ALL_encode\dir_file\obj\x86\Release\Encode.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 185KB - Virtual size: 185KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.11.27_PTSecurity-APT27_Polar_Ransomware/added14aaf3df22b63dcd1c53f02f9de4f9c1f88869e93381305568a87e18cb6
.asp .js polyglot
Malware-Feed-master/2020.12.02_ESET-Turla_Crutch/0010ccb822538d1881c61be874af49382c44b6c9cb665081cf0f672cbed5b6a5
.dll windows:6 windows x86 arch:x86

2769e631325004ea913e5174621873fc

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\Users\user\build_system\Project_Crutch\Release-Dropbox\Crutch3.pdb

Imports

dnsapi

DnsFree
DnsQuery_W

iphlpapi

GetAdaptersInfo

advapi32

CryptDestroyHash
CryptImportKey
CryptEncrypt
CryptDestroyKey
CryptGetHashParam
RegQueryValueExA
RegOpenKeyExA
CryptReleaseContext
RegCloseKey
CryptHashData
CryptCreateHash
CryptAcquireContextA
CryptGenRandom

ws2_32

accept
listen
ioctlsocket
sendto
getaddrinfo
freeaddrinfo
gethostname
connect
closesocket
getpeername
getsockopt
htons
bind
ntohs
getsockname
setsockopt
WSAIoctl
send
recv
socket
select
WSAGetLastError
__WSAFDIsSet
WSASetLastError
WSAStartup
WSACleanup
htonl
ntohl
inet_addr
recvfrom

winhttp

WinHttpGetDefaultProxyConfiguration
WinHttpGetIEProxyConfigForCurrentUser

crypt32

CertFreeCertificateContext

wldap32

ord45
ord60
ord22
ord211
ord143
ord50
ord26
ord30
ord200
ord32
ord35
ord79
ord33
ord301
ord27
ord41
ord46

wininet

InternetOpenUrlA
InternetCloseHandle
InternetReadFile
InternetOpenA

kernel32

LCMapStringW
CompareStringW
SystemTimeToTzSpecificLocalTime
GetDriveTypeW
FindFirstFileExW
FindClose
SetStdHandle
FlushFileBuffers
FreeEnvironmentStringsW
GetEnvironmentStringsW
WriteConsoleW
SetEnvironmentVariableA
GetTimeZoneInformation
GetFullPathNameW
GetCurrentDirectoryW
SetEndOfFile
GetModuleFileNameA
GetConsoleCP
GetModuleFileNameW
ReadConsoleW
GetConsoleMode
GetStringTypeW
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
GetModuleHandleW
GetStartupInfoW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
GetCurrentProcess
InitializeCriticalSectionAndSpinCount
SetUnhandledExceptionFilter
QueryPerformanceCounter
OutputDebugStringW
UnhandledExceptionFilter
HeapSize
RtlUnwind
RaiseException
SetFilePointerEx
FileTimeToSystemTime
GetFileInformationByHandle
FileTimeToLocalFileTime
GetNativeSystemInfo
FreeLibrary
HeapAlloc
HeapFree
VirtualFree
GetProcessHeap
IsBadReadPtr
SetLastError
GetProcAddress
VirtualAlloc
LoadLibraryA
VirtualProtect
CreateProcessW
SetHandleInformation
WaitForSingleObject
WriteFile
Sleep
ReadFile
CreateFileW
MultiByteToWideChar
GetLastError
CreatePipe
CloseHandle
DeleteFileW
CreateThread
CreateFileA
GetFileSize
CreateMutexW
GetSystemTimeAsFileTime
DeleteFileA
GetTickCount
SetErrorMode
ExpandEnvironmentStringsA
GetFileAttributesW
CreateProcessA
TerminateProcess
LocalAlloc
LocalFree
GetVolumeInformationW
ExpandEnvironmentStringsW
SystemTimeToFileTime
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
SleepEx
VerifyVersionInfoA
VerSetConditionMask
GetSystemDirectoryA
GetModuleHandleA
FormatMessageA
PeekNamedPipe
WaitForMultipleObjects
GetFileType
GetStdHandle
GetCurrentProcessId
LoadLibraryExW
EncodePointer
DecodePointer
IsDebuggerPresent
IsProcessorFeaturePresent
HeapReAlloc
GetCommandLineA
GetCurrentThreadId
WideCharToMultiByte
ExitProcess
GetModuleHandleExW
AreFileApisANSI
ExitThread

user32

OemToCharA

Sections

.text
Size: 387KB - Virtual size: 386KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 79KB - Virtual size: 78KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 21KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.12.02_ESET-Turla_Crutch/README.md
Malware-Feed-master/2020.12.09_TrendMicro-SideWinder/1cbec920afe2f978b8f84e0a4e6b757d400aeb96e8c0a221130060b196ece010
.docx office2007
Malware-Feed-master/2020.12.09_TrendMicro-SideWinder/2548a819e4c597ba5958d2d18baa544452948e5b00271570192ccd79abe88e8d
.js
Malware-Feed-master/2020.12.09_TrendMicro-SideWinder/34446f7f60f730fcca145155d10d1aff0a1153b085836df38313772cd03c8d70
.rtf
Malware-Feed-master/2020.12.09_TrendMicro-SideWinder/7238f4e5edbe0e5a2242d8780fb58c47e7d32bf2c4f860c88c511c30675d0857
.rtf
Malware-Feed-master/2020.12.09_TrendMicro-SideWinder/75c158cea14e338c8d9d32ed988c7032da9ae6d54f5b1126ed6a83f71b9e03bf
.js
Malware-Feed-master/2020.12.09_TrendMicro-SideWinder/799260b992c77e2e14f2d586665c570142d8425864455cab5f2575015cd0b87a
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

mscoree

_CorDllMain

Sections

.text
Size: 600KB - Virtual size: 600KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 676B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.12.09_TrendMicro-SideWinder/96bf8f579acb8d9d0ff116d05fdadef85953f11e5b2e703041fdae0abf5b75dc
.js
Malware-Feed-master/2020.12.09_TrendMicro-SideWinder/README.md
Malware-Feed-master/2020.12.09_TrendMicro-SideWinder/ab7c1967bf1fefdffde93626b78eb30994655ab02f59e0adb0935e3e599a953f
.rtf
Malware-Feed-master/2020.12.09_TrendMicro-SideWinder/ed5e1d6e914de64a203f2f32ab95176fc7efff3a520915971d5fe748e79d611c
.js
Malware-Feed-master/2020.12.16_TeamCymru-APTC_23_AridViper_GnatSpy/00bc6fcfa82a693db4d7c1c9d5f4c3d0bfbbd0806e122f1fbded034eb9a67b10
.exe windows:4 windows x86 arch:x86

5d8786b378c881f44443eb17940d6af6

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

GetLastError
SetLastError
GetTickCount
ExitProcess
GetStartupInfoA
GetStdHandle
GetCommandLineA
GetCurrentProcessId
GetCurrentThreadId
GetCurrentProcess
ReadProcessMemory
GetModuleFileNameA
GetModuleHandleA
WriteFile
ReadFile
CloseHandle
SetFilePointer
SetEndOfFile
FreeLibrary
GetSystemInfo
LoadLibraryA
GetProcAddress
DeleteFileW
CreateFileW
GetFileAttributesW
SetCurrentDirectoryW
GetCurrentDirectoryW
GetConsoleMode
GetConsoleOutputCP
GetOEMCP
GetProcessHeap
HeapAlloc
HeapFree
TlsAlloc
TlsGetValue
TlsSetValue
CreateThread
ExitThread
LocalAlloc
LocalFree
Sleep
SuspendThread
ResumeThread
TerminateThread
WaitForSingleObject
SetThreadPriority
GetThreadPriority
CreateEventA
ResetEvent
SetEvent
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
TryEnterCriticalSection
MultiByteToWideChar
WideCharToMultiByte
GetACP
GetConsoleCP
SetUnhandledExceptionFilter
EnumResourceTypesA
EnumResourceNamesA
EnumResourceLanguagesA
FindResourceA
FindResourceExA
LoadResource
SizeofResource
LockResource
FreeResource
GetEnvironmentStringsA
FreeEnvironmentStringsA
FormatMessageA
CreateMutexA
GlobalAddAtomA
GetWindowsDirectoryA
DeleteFileA
CopyFileA
CreateProcessA
GetVersionExA
CompareStringA
GetLocaleInfoA
GetDateFormatA
EnumCalendarInfoA
GetEnvironmentStringsW
FreeEnvironmentStringsW
FormatMessageW
LoadLibraryW
GetModuleFileNameW
GetCommandLineW
CompareStringW
GetLocaleInfoW
GlobalAlloc
GlobalReAlloc
GlobalSize
GlobalLock
GlobalUnlock
VirtualFree
GetExitCodeProcess
GetExitCodeThread
GlobalDeleteAtom
MulDiv
GetLocalTime
CreatePipe
PeekNamedPipe
GetThreadLocale
SetThreadLocale
GetUserDefaultLCID

oleaut32

SysAllocStringLen
SysFreeString
SysReAllocStringLen
SafeArrayCreate
SafeArrayRedim
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayAccessData
SafeArrayUnaccessData
SafeArrayGetElement
SafeArrayPutElement
SafeArrayPtrOfIndex
VariantChangeTypeEx
VariantClear
VariantCopy
VariantInit

user32

MessageBoxA
CharUpperBuffW
CharLowerBuffW
PeekMessageA
SendMessageA
PostMessageA
DefWindowProcA
CallWindowProcA
RegisterClassA
UnregisterClassA
GetClassInfoA
CreateWindowExA
RegisterClipboardFormatA
GetClipboardFormatNameA
CharToOemA
CharUpperA
CharUpperBuffA
CharLowerA
CharLowerBuffA
GetMenuItemInfoA
SetPropA
GetPropA
RemovePropA
EnumPropsA
GetWindowLongA
SetWindowLongA
SetClassLongA
GetClassNameA
LoadBitmapA
LoadCursorA
LoadIconA
LoadImageA
SystemParametersInfoA
DispatchMessageW
PeekMessageW
SendMessageW
DefWindowProcW
CallWindowProcW
RegisterClassW
UnregisterClassW
GetClassInfoW
CreateWindowExW
InsertMenuItemW
GetMenuItemInfoW
SetMenuItemInfoW
DrawTextW
DrawStateW
SetWindowTextW
GetWindowTextW
GetWindowTextLengthW
MessageBoxW
GetWindowLongW
SetWindowLongW
TranslateMessage
PostQuitMessage
GetDoubleClickTime
IsWindow
IsMenu
DestroyWindow
ShowWindow
ShowWindowAsync
ShowOwnedPopups
SetWindowPos
GetWindowPlacement
SetWindowPlacement
BeginDeferWindowPos
DeferWindowPos
EndDeferWindowPos
IsWindowVisible
IsIconic
BringWindowToTop
IsZoomed
OpenClipboard
CloseClipboard
SetClipboardData
GetClipboardData
CountClipboardFormats
EnumClipboardFormats
EmptyClipboard
IsClipboardFormatAvailable
SetFocus
GetActiveWindow
GetFocus
GetKeyState
GetCapture
SetCapture
ReleaseCapture
MsgWaitForMultipleObjects
SetTimer
KillTimer
EnableWindow
IsWindowEnabled
GetSystemMetrics
GetMenu
SetMenu
DrawMenuBar
GetSystemMenu
CreateMenu
CreatePopupMenu
DestroyMenu
EnableMenuItem
GetSubMenu
GetMenuItemCount
RemoveMenu
DeleteMenu
UpdateWindow
SetActiveWindow
GetForegroundWindow
SetForegroundWindow
WindowFromDC
GetDC
GetDCEx
GetWindowDC
ReleaseDC
BeginPaint
EndPaint
GetUpdateRect
SetWindowRgn
InvalidateRect
InvalidateRgn
RedrawWindow
ScrollWindowEx
ShowScrollBar
EnableScrollBar
GetClientRect
GetWindowRect
AdjustWindowRectEx
MessageBeep
SetCursorPos
SetCursor
GetCursorPos
CreateCaret
DestroyCaret
HideCaret
ShowCaret
SetCaretPos
GetCaretPos
ClientToScreen
ScreenToClient
MapWindowPoints
WindowFromPoint
GetSysColor
GetSysColorBrush
SetSysColors
DrawFocusRect
FillRect
FrameRect
SetRect
InflateRect
IntersectRect
OffsetRect
GetDesktopWindow
GetParent
SetParent
EnumThreadWindows
GetTopWindow
GetWindowThreadProcessId
GetLastActivePopup
GetWindow
CallNextHookEx
DestroyCursor
DestroyIcon
CopyImage
CreateIconIndirect
GetIconInfo
SetScrollInfo
GetScrollInfo
DrawEdge
DrawFrameControl
TrackPopupMenuEx
ChildWindowFromPointEx
FlashWindowEx

advapi32

RegCreateKeyExA
RegOpenKeyExA
RegSetValueExA
RegCloseKey
RegFlushKey

gdi32

CreateFontIndirectA
EnumFontFamiliesA
GetCharABCWidthsA
GetTextExtentPointA
GetTextMetricsA
GetObjectA
ExtTextOutA
CreateFontIndirectW
EnumFontFamiliesExW
GetCharABCWidthsW
GetTextExtentPoint32W
GetTextExtentExPointW
GetObjectW
TextOutW
ExtTextOutW
GetRandomRgn
Arc
BitBlt
Chord
CombineRgn
CreateBitmap
CreateBrushIndirect
CreateCompatibleBitmap
CreateCompatibleDC
CreateDIBitmap
CreateEllipticRgn
CreatePen
CreatePenIndirect
CreatePatternBrush
CreateRectRgn
CreateRoundRectRgn
CreateSolidBrush
DeleteDC
DeleteObject
Ellipse
EqualRgn
ExcludeClipRect
ExtCreateRegion
ExtFloodFill
FillRgn
GetROP2
GetBkColor
GetBitmapBits
GetClipBox
GetClipRgn
GetCurrentObject
GetDeviceCaps
GetDIBits
GetMapMode
GetObjectType
GetPixel
GetRegionData
GetRgnBox
GetStockObject
GetTextAlign
GetTextColor
GetViewportExtEx
GetViewportOrgEx
GetWindowExtEx
GetWindowOrgEx
IntersectClipRect
LineTo
MaskBlt
OffsetRgn
PatBlt
Pie
PaintRgn
PtInRegion
RectInRegion
RectVisible
Rectangle
RestoreDC
RealizePalette
RoundRect
SaveDC
SelectClipRgn
ExtSelectClipRgn
SelectObject
SelectPalette
SetBkColor
SetBkMode
SetMapMode
SetPixel
SetPolyFillMode
StretchBlt
SetRectRgn
SetROP2
SetStretchBltMode
SetTextCharacterExtra
SetTextColor
SetTextAlign
CreateDIBSection
SetArcDirection
ExtCreatePen
MoveToEx
CreatePolygonRgn
DPtoLP
LPtoDP
Polygon
Polyline
PolyBezier
SetViewportExtEx
SetViewportOrgEx
SetWindowExtEx
SetWindowOrgEx
OffsetViewportOrgEx
SetBrushOrgEx
GetDCOrgEx

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

shell32

DragQueryFileA
ShellExecuteA
DragQueryFileW
DragFinish
DragAcceptFiles
SHGetSpecialFolderLocation
SHGetPathFromIDListA

ole32

OleInitialize
OleUninitialize
CoUninitialize
CoCreateInstance
CoInitialize
MkParseDisplayName
CreateBindCtx
GetErrorInfo

comctl32

InitCommonControls
ImageList_Create
ImageList_Destroy
ImageList_GetImageCount
ImageList_SetImageCount
ImageList_Add
ImageList_Replace
ImageList_AddMasked
ImageList_DrawEx
ImageList_DrawIndirect
ImageList_Remove
ImageList_Copy
ImageList_BeginDrag
ImageList_EndDrag
ImageList_DragEnter
ImageList_DragLeave
ImageList_DragMove
ImageList_DragShowNolock
_TrackMouseEvent

ws2_32

closesocket
connect
getsockopt
recv
send
setsockopt
shutdown
socket
WSAStartup
WSACleanup
WSAGetLastError

wsock32

gethostbyaddr
gethostbyname
WSAStartup

Sections

.text
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 112KB - Virtual size: 111KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 351KB - Virtual size: 350KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 25KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 249KB - Virtual size: 249KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Malware-Feed-master/2020.12.16_TeamCymru-APTC_23_AridViper_GnatSpy/050a45680d5f344034be13d4fc3a7e389ceb096bd01c36c680d8e7a75d3dbae2
.exe windows:4 windows x86 arch:x86

51e53e55ec7d8af56797a171159d5535

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

GetLastError
SetLastError
GetTickCount
ExitProcess
GetStartupInfoA
GetStdHandle
GetCommandLineA
GetCurrentProcessId
GetCurrentThreadId
GetCurrentProcess
ReadProcessMemory
GetModuleFileNameA
GetModuleHandleA
WriteFile
ReadFile
CloseHandle
SetFilePointer
SetEndOfFile
FreeLibrary
GetSystemInfo
LoadLibraryA
GetProcAddress
DeleteFileW
CreateFileW
GetFileAttributesW
CreateDirectoryW
SetCurrentDirectoryW
GetCurrentDirectoryW
GetConsoleMode
GetConsoleOutputCP
GetOEMCP
GetProcessHeap
HeapAlloc
HeapFree
TlsAlloc
TlsGetValue
TlsSetValue
CreateThread
ExitThread
LocalAlloc
LocalFree
Sleep
SuspendThread
ResumeThread
TerminateThread
WaitForSingleObject
SetThreadPriority
GetThreadPriority
CreateEventA
ResetEvent
SetEvent
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
TryEnterCriticalSection
MultiByteToWideChar
WideCharToMultiByte
GetACP
GetConsoleCP
SetUnhandledExceptionFilter
EnumResourceTypesA
EnumResourceNamesA
EnumResourceLanguagesA
FindResourceA
FindResourceExA
LoadResource
SizeofResource
LockResource
FreeResource
GetEnvironmentStringsA
FreeEnvironmentStringsA
FormatMessageA
CreateMutexA
GlobalAddAtomA
GetWindowsDirectoryA
DeleteFileA
CopyFileA
CreateProcessA
GetVersionExA
CompareStringA
GetLocaleInfoA
GetDateFormatA
EnumCalendarInfoA
GetEnvironmentStringsW
FreeEnvironmentStringsW
FormatMessageW
LoadLibraryW
GetModuleFileNameW
GetCommandLineW
CompareStringW
GetLocaleInfoW
GlobalAlloc
GlobalReAlloc
GlobalSize
GlobalLock
GlobalUnlock
VirtualFree
GetExitCodeProcess
GetExitCodeThread
GlobalDeleteAtom
MulDiv
GetLocalTime
CreatePipe
PeekNamedPipe
GetThreadLocale
SetThreadLocale
GetUserDefaultLCID

oleaut32

SysAllocStringLen
SysFreeString
SysReAllocStringLen
SafeArrayCreate
SafeArrayRedim
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayAccessData
SafeArrayUnaccessData
SafeArrayGetElement
SafeArrayPutElement
SafeArrayPtrOfIndex
VariantChangeTypeEx
VariantClear
VariantCopy
VariantInit

user32

MessageBoxA
CharUpperBuffW
CharLowerBuffW
PeekMessageA
SendMessageA
PostMessageA
DefWindowProcA
CallWindowProcA
RegisterClassA
UnregisterClassA
GetClassInfoA
CreateWindowExA
RegisterClipboardFormatA
GetClipboardFormatNameA
CharToOemA
CharUpperA
CharUpperBuffA
CharLowerA
CharLowerBuffA
GetMenuItemInfoA
SetPropA
GetPropA
RemovePropA
EnumPropsA
GetWindowLongA
SetWindowLongA
SetClassLongA
GetClassNameA
LoadBitmapA
LoadCursorA
LoadIconA
LoadImageA
SystemParametersInfoA
DispatchMessageW
PeekMessageW
SendMessageW
DefWindowProcW
CallWindowProcW
RegisterClassW
UnregisterClassW
GetClassInfoW
CreateWindowExW
InsertMenuItemW
GetMenuItemInfoW
SetMenuItemInfoW
DrawTextW
DrawStateW
SetWindowTextW
GetWindowTextW
GetWindowTextLengthW
MessageBoxW
GetWindowLongW
SetWindowLongW
TranslateMessage
PostQuitMessage
GetDoubleClickTime
IsWindow
IsMenu
DestroyWindow
ShowWindow
ShowWindowAsync
ShowOwnedPopups
SetWindowPos
GetWindowPlacement
SetWindowPlacement
BeginDeferWindowPos
DeferWindowPos
EndDeferWindowPos
IsWindowVisible
IsIconic
BringWindowToTop
IsZoomed
OpenClipboard
CloseClipboard
SetClipboardData
GetClipboardData
CountClipboardFormats
EnumClipboardFormats
EmptyClipboard
IsClipboardFormatAvailable
SetFocus
GetActiveWindow
GetFocus
GetKeyState
GetCapture
SetCapture
ReleaseCapture
MsgWaitForMultipleObjects
SetTimer
KillTimer
EnableWindow
IsWindowEnabled
GetSystemMetrics
GetMenu
SetMenu
DrawMenuBar
GetSystemMenu
CreateMenu
CreatePopupMenu
DestroyMenu
EnableMenuItem
GetSubMenu
GetMenuItemCount
RemoveMenu
DeleteMenu
UpdateWindow
SetActiveWindow
GetForegroundWindow
SetForegroundWindow
WindowFromDC
GetDC
GetDCEx
GetWindowDC
ReleaseDC
BeginPaint
EndPaint
GetUpdateRect
SetWindowRgn
InvalidateRect
InvalidateRgn
RedrawWindow
ScrollWindowEx
ShowScrollBar
EnableScrollBar
GetClientRect
GetWindowRect
AdjustWindowRectEx
MessageBeep
SetCursorPos
SetCursor
GetCursorPos
CreateCaret
DestroyCaret
HideCaret
ShowCaret
SetCaretPos
GetCaretPos
ClientToScreen
ScreenToClient
MapWindowPoints
WindowFromPoint
GetSysColor
GetSysColorBrush
SetSysColors
DrawFocusRect
FillRect
FrameRect
SetRect
InflateRect
IntersectRect
OffsetRect
GetDesktopWindow
GetParent
SetParent
EnumThreadWindows
GetTopWindow
GetWindowThreadProcessId
GetLastActivePopup
GetWindow
CallNextHookEx
DestroyCursor
DestroyIcon
CopyImage
CreateIconIndirect
GetIconInfo
SetScrollInfo
GetScrollInfo
DrawEdge
DrawFrameControl
TrackPopupMenuEx
ChildWindowFromPointEx
FlashWindowEx

advapi32

RegCreateKeyExA
RegOpenKeyExA
RegSetValueExA
RegCloseKey
RegFlushKey

gdi32

CreateFontIndirectA
EnumFontFamiliesA
GetCharABCWidthsA
GetTextExtentPointA
GetTextMetricsA
GetObjectA
ExtTextOutA
CreateFontIndirectW
EnumFontFamiliesExW
GetCharABCWidthsW
GetTextExtentPoint32W
GetTextExtentExPointW
GetObjectW
TextOutW
ExtTextOutW
GetRandomRgn
Arc
BitBlt
Chord
CombineRgn
CreateBitmap
CreateBrushIndirect
CreateCompatibleBitmap
CreateCompatibleDC
CreateDIBitmap
CreateEllipticRgn
CreatePen
CreatePenIndirect
CreatePatternBrush
CreateRectRgn
CreateRoundRectRgn
CreateSolidBrush
DeleteDC
DeleteObject
Ellipse
EqualRgn
ExcludeClipRect
ExtCreateRegion
ExtFloodFill
FillRgn
GetROP2
GetBkColor
GetBitmapBits
GetClipBox
GetClipRgn
GetCurrentObject
GetDeviceCaps
GetDIBits
GetMapMode
GetObjectType
GetPixel
GetRegionData
GetRgnBox
GetStockObject
GetTextAlign
GetTextColor
GetViewportExtEx
GetViewportOrgEx
GetWindowExtEx
GetWindowOrgEx
IntersectClipRect
LineTo
MaskBlt
OffsetRgn
PatBlt
Pie
PaintRgn
PtInRegion
RectInRegion
RectVisible
Rectangle
RestoreDC
RealizePalette
RoundRect
SaveDC
SelectClipRgn
ExtSelectClipRgn
SelectObject
SelectPalette
SetBkColor
SetBkMode
SetMapMode
SetPixel
SetPolyFillMode
StretchBlt
SetRectRgn
SetROP2
SetStretchBltMode
SetTextCharacterExtra
SetTextColor
SetTextAlign
CreateDIBSection
SetArcDirection
ExtCreatePen
MoveToEx
CreatePolygonRgn
DPtoLP
LPtoDP
Polygon
Polyline
PolyBezier
SetViewportExtEx
SetViewportOrgEx
SetWindowExtEx
SetWindowOrgEx
OffsetViewportOrgEx
SetBrushOrgEx
GetDCOrgEx

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

shell32

DragQueryFileA
ShellExecuteA
DragQueryFileW
DragFinish
DragAcceptFiles
SHGetSpecialFolderLocation
SHGetPathFromIDListA

ole32

OleInitialize
OleUninitialize
CoUninitialize
CoCreateInstance
CoInitialize
MkParseDisplayName
CreateBindCtx
GetErrorInfo

comctl32

InitCommonControls
ImageList_Create
ImageList_Destroy
ImageList_GetImageCount
ImageList_SetImageCount
ImageList_Add
ImageList_Replace
ImageList_AddMasked
ImageList_DrawEx
ImageList_DrawIndirect
ImageList_Remove
ImageList_Copy
ImageList_BeginDrag
ImageList_EndDrag
ImageList_DragEnter
ImageList_DragLeave
ImageList_DragMove
ImageList_DragShowNolock
_TrackMouseEvent

ws2_32

closesocket
connect
getsockopt
recv
send
setsockopt
shutdown
socket
WSAStartup
WSACleanup
WSAGetLastError

wsock32

gethostbyaddr
gethostbyname
WSAStartup

Sections

.text
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 112KB - Virtual size: 111KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 351KB - Virtual size: 351KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 25KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2.1MB - Virtual size: 2.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Malware-Feed-master/2020.12.16_TeamCymru-APTC_23_AridViper_GnatSpy/094e318d14493a9f56d56b44b30fd396af8b296119ff5b82aca01db9af83fd48
.exe windows:4 windows x86 arch:x86

51e53e55ec7d8af56797a171159d5535

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

GetLastError
SetLastError
GetTickCount
ExitProcess
GetStartupInfoA
GetStdHandle
GetCommandLineA
GetCurrentProcessId
GetCurrentThreadId
GetCurrentProcess
ReadProcessMemory
GetModuleFileNameA
GetModuleHandleA
WriteFile
ReadFile
CloseHandle
SetFilePointer
SetEndOfFile
FreeLibrary
GetSystemInfo
LoadLibraryA
GetProcAddress
DeleteFileW
CreateFileW
GetFileAttributesW
CreateDirectoryW
SetCurrentDirectoryW
GetCurrentDirectoryW
GetConsoleMode
GetConsoleOutputCP
GetOEMCP
GetProcessHeap
HeapAlloc
HeapFree
TlsAlloc
TlsGetValue
TlsSetValue
CreateThread
ExitThread
LocalAlloc
LocalFree
Sleep
SuspendThread
ResumeThread
TerminateThread
WaitForSingleObject
SetThreadPriority
GetThreadPriority
CreateEventA
ResetEvent
SetEvent
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
TryEnterCriticalSection
MultiByteToWideChar
WideCharToMultiByte
GetACP
GetConsoleCP
SetUnhandledExceptionFilter
EnumResourceTypesA
EnumResourceNamesA
EnumResourceLanguagesA
FindResourceA
FindResourceExA
LoadResource
SizeofResource
LockResource
FreeResource
GetEnvironmentStringsA
FreeEnvironmentStringsA
FormatMessageA
CreateMutexA
GlobalAddAtomA
GetWindowsDirectoryA
DeleteFileA
CopyFileA
CreateProcessA
GetVersionExA
CompareStringA
GetLocaleInfoA
GetDateFormatA
EnumCalendarInfoA
GetEnvironmentStringsW
FreeEnvironmentStringsW
FormatMessageW
LoadLibraryW
GetModuleFileNameW
GetCommandLineW
CompareStringW
GetLocaleInfoW
GlobalAlloc
GlobalReAlloc
GlobalSize
GlobalLock
GlobalUnlock
VirtualFree
GetExitCodeProcess
GetExitCodeThread
GlobalDeleteAtom
MulDiv
GetLocalTime
CreatePipe
PeekNamedPipe
GetThreadLocale
SetThreadLocale
GetUserDefaultLCID

oleaut32

SysAllocStringLen
SysFreeString
SysReAllocStringLen
SafeArrayCreate
SafeArrayRedim
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayAccessData
SafeArrayUnaccessData
SafeArrayGetElement
SafeArrayPutElement
SafeArrayPtrOfIndex
VariantChangeTypeEx
VariantClear
VariantCopy
VariantInit

user32

MessageBoxA
CharUpperBuffW
CharLowerBuffW
PeekMessageA
SendMessageA
PostMessageA
DefWindowProcA
CallWindowProcA
RegisterClassA
UnregisterClassA
GetClassInfoA
CreateWindowExA
RegisterClipboardFormatA
GetClipboardFormatNameA
CharToOemA
CharUpperA
CharUpperBuffA
CharLowerA
CharLowerBuffA
GetMenuItemInfoA
SetPropA
GetPropA
RemovePropA
EnumPropsA
GetWindowLongA
SetWindowLongA
SetClassLongA
GetClassNameA
LoadBitmapA
LoadCursorA
LoadIconA
LoadImageA
SystemParametersInfoA
DispatchMessageW
PeekMessageW
SendMessageW
DefWindowProcW
CallWindowProcW
RegisterClassW
UnregisterClassW
GetClassInfoW
CreateWindowExW
InsertMenuItemW
GetMenuItemInfoW
SetMenuItemInfoW
DrawTextW
DrawStateW
SetWindowTextW
GetWindowTextW
GetWindowTextLengthW
MessageBoxW
GetWindowLongW
SetWindowLongW
TranslateMessage
PostQuitMessage
GetDoubleClickTime
IsWindow
IsMenu
DestroyWindow
ShowWindow
ShowWindowAsync
ShowOwnedPopups
SetWindowPos
GetWindowPlacement
SetWindowPlacement
BeginDeferWindowPos
DeferWindowPos
EndDeferWindowPos
IsWindowVisible
IsIconic
BringWindowToTop
IsZoomed
OpenClipboard
CloseClipboard
SetClipboardData
GetClipboardData
CountClipboardFormats
EnumClipboardFormats
EmptyClipboard
IsClipboardFormatAvailable
SetFocus
GetActiveWindow
GetFocus
GetKeyState
GetCapture
SetCapture
ReleaseCapture
MsgWaitForMultipleObjects
SetTimer
KillTimer
EnableWindow
IsWindowEnabled
GetSystemMetrics
GetMenu
SetMenu
DrawMenuBar
GetSystemMenu
CreateMenu
CreatePopupMenu
DestroyMenu
EnableMenuItem
GetSubMenu
GetMenuItemCount
RemoveMenu
DeleteMenu
UpdateWindow
SetActiveWindow
GetForegroundWindow
SetForegroundWindow
WindowFromDC
GetDC
GetDCEx
GetWindowDC
ReleaseDC
BeginPaint
EndPaint
GetUpdateRect
SetWindowRgn
InvalidateRect
InvalidateRgn
RedrawWindow
ScrollWindowEx
ShowScrollBar
EnableScrollBar
GetClientRect
GetWindowRect
AdjustWindowRectEx
MessageBeep
SetCursorPos
SetCursor
GetCursorPos
CreateCaret
DestroyCaret
HideCaret
ShowCaret
SetCaretPos
GetCaretPos
ClientToScreen
ScreenToClient
MapWindowPoints
WindowFromPoint
GetSysColor
GetSysColorBrush
SetSysColors
DrawFocusRect
FillRect
FrameRect
SetRect
InflateRect
IntersectRect
OffsetRect
GetDesktopWindow
GetParent
SetParent
EnumThreadWindows
GetTopWindow
GetWindowThreadProcessId
GetLastActivePopup
GetWindow
CallNextHookEx
DestroyCursor
DestroyIcon
CopyImage
CreateIconIndirect
GetIconInfo
SetScrollInfo
GetScrollInfo
DrawEdge
DrawFrameControl
TrackPopupMenuEx
ChildWindowFromPointEx
FlashWindowEx

advapi32

RegCreateKeyExA
RegOpenKeyExA
RegSetValueExA
RegCloseKey
RegFlushKey

gdi32

CreateFontIndirectA
EnumFontFamiliesA
GetCharABCWidthsA
GetTextExtentPointA
GetTextMetricsA
GetObjectA
ExtTextOutA
CreateFontIndirectW
EnumFontFamiliesExW
GetCharABCWidthsW
GetTextExtentPoint32W
GetTextExtentExPointW
GetObjectW
TextOutW
ExtTextOutW
GetRandomRgn
Arc
BitBlt
Chord
CombineRgn
CreateBitmap
CreateBrushIndirect
CreateCompatibleBitmap
CreateCompatibleDC
CreateDIBitmap
CreateEllipticRgn
CreatePen
CreatePenIndirect
CreatePatternBrush
CreateRectRgn
CreateRoundRectRgn
CreateSolidBrush
DeleteDC
DeleteObject
Ellipse
EqualRgn
ExcludeClipRect
ExtCreateRegion
ExtFloodFill
FillRgn
GetROP2
GetBkColor
GetBitmapBits
GetClipBox
GetClipRgn
GetCurrentObject
GetDeviceCaps
GetDIBits
GetMapMode
GetObjectType
GetPixel
GetRegionData
GetRgnBox
GetStockObject
GetTextAlign
GetTextColor
GetViewportExtEx
GetViewportOrgEx
GetWindowExtEx
GetWindowOrgEx
IntersectClipRect
LineTo
MaskBlt
OffsetRgn
PatBlt
Pie
PaintRgn
PtInRegion
RectInRegion
RectVisible
Rectangle
RestoreDC
RealizePalette
RoundRect
SaveDC
SelectClipRgn
ExtSelectClipRgn
SelectObject
SelectPalette
SetBkColor
SetBkMode
SetMapMode
SetPixel
SetPolyFillMode
StretchBlt
SetRectRgn
SetROP2
SetStretchBltMode
SetTextCharacterExtra
SetTextColor
SetTextAlign
CreateDIBSection
SetArcDirection
ExtCreatePen
MoveToEx
CreatePolygonRgn
DPtoLP
LPtoDP
Polygon
Polyline
PolyBezier
SetViewportExtEx
SetViewportOrgEx
SetWindowExtEx
SetWindowOrgEx
OffsetViewportOrgEx
SetBrushOrgEx
GetDCOrgEx

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

shell32

DragQueryFileA
ShellExecuteA
DragQueryFileW
DragFinish
DragAcceptFiles
SHGetSpecialFolderLocation
SHGetPathFromIDListA

ole32

OleInitialize
OleUninitialize
CoUninitialize
CoCreateInstance
CoInitialize
MkParseDisplayName
CreateBindCtx
GetErrorInfo

comctl32

InitCommonControls
ImageList_Create
ImageList_Destroy
ImageList_GetImageCount
ImageList_SetImageCount
ImageList_Add
ImageList_Replace
ImageList_AddMasked
ImageList_DrawEx
ImageList_DrawIndirect
ImageList_Remove
ImageList_Copy
ImageList_BeginDrag
ImageList_EndDrag
ImageList_DragEnter
ImageList_DragLeave
ImageList_DragMove
ImageList_DragShowNolock
_TrackMouseEvent

ws2_32

closesocket
connect
getsockopt
recv
send
setsockopt
shutdown
socket
WSAStartup
WSACleanup
WSAGetLastError

wsock32

gethostbyaddr
gethostbyname
WSAStartup

Sections

.text
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 112KB - Virtual size: 111KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 351KB - Virtual size: 351KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 25KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3.7MB - Virtual size: 3.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Malware-Feed-master/2020.12.16_TeamCymru-APTC_23_AridViper_GnatSpy/0d65b9671e51baf64e1389649c94f2a9c33547bfe1f5411e12c16ae2f2f463dd
.exe windows:5 windows x86 arch:x86

2b67b7d14d1479dd7935f326d05a34d2

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

winspool.drv

DocumentPropertiesW
ClosePrinter
OpenPrinterW
GetDefaultPrinterW
EnumPrintersW

comctl32

ImageList_GetImageInfo
FlatSB_SetScrollInfo
ImageList_DragMove
ImageList_Destroy
_TrackMouseEvent
ImageList_DragShowNolock
ImageList_Add
FlatSB_SetScrollProp
ImageList_GetDragImage
ImageList_Create
ImageList_EndDrag
ImageList_DrawEx
ImageList_SetImageCount
FlatSB_GetScrollPos
FlatSB_SetScrollPos
InitializeFlatSB
ImageList_Copy
FlatSB_GetScrollInfo
ImageList_Write
ImageList_SetBkColor
ImageList_GetBkColor
ImageList_BeginDrag
ImageList_GetIcon
ImageList_Replace
ImageList_GetImageCount
ImageList_DragEnter
ImageList_GetIconSize
ImageList_SetIconSize
ImageList_Read
ImageList_DragLeave
ImageList_LoadImageW
ImageList_Draw
ImageList_Remove
ImageList_ReplaceIcon
ImageList_SetOverlayImage

shell32

SHGetSpecialFolderLocation
Shell_NotifyIconW
ShellExecuteW
SHGetPathFromIDListW

user32

CopyImage
CreateWindowExW
GetMenuItemInfoW
SetMenuItemInfoW
DefFrameProcW
GetDCEx
PeekMessageW
MonitorFromWindow
GetDlgCtrlID
SetTimer
WindowFromPoint
BeginPaint
RegisterClipboardFormatW
FrameRect
MapVirtualKeyW
IsWindowUnicode
RegisterWindowMessageW
FillRect
GetMenuStringW
DispatchMessageW
CreateAcceleratorTableW
SendMessageA
DefMDIChildProcW
EnumWindows
GetClassInfoW
ShowOwnedPopups
GetSystemMenu
GetScrollRange
SetScrollPos
GetScrollPos
GetActiveWindow
SetActiveWindow
DrawEdge
GetKeyboardLayoutList
LoadBitmapW
DrawFocusRect
EnumChildWindows
GetScrollBarInfo
ReleaseCapture
UnhookWindowsHookEx
LoadCursorW
GetCapture
SetCapture
CreatePopupMenu
ScrollWindow
ShowCaret
GetMenuItemID
GetLastActivePopup
CharLowerBuffW
GetSystemMetrics
SetWindowLongW
PostMessageW
DrawMenuBar
SetParent
IsZoomed
CharUpperBuffW
GetClientRect
IsChild
ClientToScreen
GetClipboardData
SetClipboardData
SetWindowPlacement
IsIconic
CallNextHookEx
GetMonitorInfoW
ShowWindow
CheckMenuItem
CharUpperW
DefWindowProcW
GetForegroundWindow
SetForegroundWindow
GetWindowTextW
EnableWindow
DestroyWindow
IsDialogMessageW
EndMenu
RegisterClassW
CharNextW
GetWindowThreadProcessId
RedrawWindow
GetDC
GetFocus
SetFocus
EndPaint
ReleaseDC
MsgWaitForMultipleObjectsEx
LoadKeyboardLayoutW
GetClassLongW
ActivateKeyboardLayout
GetParent
DrawTextW
SetScrollRange
MonitorFromRect
InsertMenuItemW
PeekMessageA
GetPropW
SetClassLongW
MessageBoxW
MessageBeep
SetPropW
RemovePropW
UpdateWindow
GetSubMenu
MsgWaitForMultipleObjects
DestroyMenu
DestroyIcon
SetWindowsHookExW
EmptyClipboard
IsWindowVisible
DispatchMessageA
UnregisterClassW
GetTopWindow
SendMessageW
AdjustWindowRectEx
DrawIcon
IsWindow
EnumThreadWindows
InvalidateRect
GetKeyboardState
DrawFrameControl
ScreenToClient
SetCursor
CreateIcon
CreateMenu
LoadStringW
CharLowerW
SetWindowRgn
SetWindowPos
GetMenuItemCount
RemoveMenu
GetSysColorBrush
GetKeyboardLayoutNameW
GetWindowDC
TranslateMessage
OpenClipboard
DrawTextExW
MapWindowPoints
EnumDisplayMonitors
CallWindowProcW
CloseClipboard
DestroyCursor
GetScrollInfo
SetWindowTextW
GetMessageExtraInfo
EnableScrollBar
GetSysColor
TrackPopupMenu
CopyIcon
DrawIconEx
PostQuitMessage
GetClassNameW
ShowScrollBar
EnableMenuItem
GetIconInfo
GetMessagePos
SetScrollInfo
GetKeyNameTextW
GetDesktopWindow
GetCursorPos
SetCursorPos
HideCaret
GetMenu
GetMenuState
SetMenu
SetRect
GetKeyState
FindWindowExW
MonitorFromPoint
SystemParametersInfoW
LoadIconW
GetCursor
GetWindow
GetWindowLongW
GetWindowRect
InsertMenuW
KillTimer
WaitMessage
IsWindowEnabled
IsDialogMessageA
TranslateMDISysAccel
GetWindowPlacement
CreateIconIndirect
FindWindowW
DeleteMenu
GetKeyboardLayout

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

oleaut32

GetErrorInfo
SysFreeString
VariantClear
VariantInit
SysReAllocStringLen
SafeArrayCreate
SafeArrayGetElement
SysAllocStringLen
SafeArrayPtrOfIndex
SafeArrayGetUBound
SafeArrayGetLBound
VariantCopy
VariantChangeType

advapi32

RegSetValueExW
RegConnectRegistryW
RegEnumKeyExW
RegLoadKeyW
RegDeleteKeyW
RegOpenKeyExW
RegQueryInfoKeyW
RegUnLoadKeyW
RegSaveKeyW
RegDeleteValueW
RegReplaceKeyW
RegFlushKey
RegQueryValueExW
RegEnumValueW
RegCloseKey
RegCreateKeyExW
RegRestoreKeyW

netapi32

NetWkstaGetInfo
NetApiBufferFree

msvcrt

memcpy
memset

winhttp

WinHttpGetIEProxyConfigForCurrentUser
WinHttpSetTimeouts
WinHttpSetStatusCallback
WinHttpConnect
WinHttpReceiveResponse
WinHttpQueryAuthSchemes
WinHttpGetProxyForUrl
WinHttpReadData
WinHttpCloseHandle
WinHttpQueryHeaders
WinHttpOpenRequest
WinHttpAddRequestHeaders
WinHttpOpen
WinHttpWriteData
WinHttpSetCredentials
WinHttpQueryDataAvailable
WinHttpSetOption
WinHttpSendRequest
WinHttpQueryOption

kernel32

GetFileType
GetACP
CloseHandle
LocalFree
GetCurrentProcessId
SizeofResource
VirtualProtect
TerminateThread
QueryPerformanceFrequency
IsDebuggerPresent
GetFullPathNameW
VirtualFree
ExitProcess
HeapAlloc
GetCPInfoExW
RtlUnwind
GetCPInfo
EnumSystemLocalesW
GetStdHandle
GetTimeZoneInformation
GetModuleHandleW
FreeLibrary
TryEnterCriticalSection
HeapDestroy
ReadFile
CreateProcessW
GetLastError
GetModuleFileNameW
SetLastError
GlobalAlloc
GlobalUnlock
FindResourceW
CreateThread
CompareStringW
CopyFileW
CreateMutexW
LoadLibraryA
ResetEvent
MulDiv
FreeResource
GetVersion
RaiseException
GlobalAddAtomW
FormatMessageW
SwitchToThread
GetExitCodeThread
GetCurrentThread
LoadLibraryExW
LockResource
FileTimeToSystemTime
GetCurrentThreadId
UnhandledExceptionFilter
VirtualQuery
GlobalFindAtomW
VirtualQueryEx
GlobalFree
Sleep
EnterCriticalSection
SetFilePointer
LoadResource
SuspendThread
GetTickCount
GetFileSize
GetStartupInfoW
GlobalDeleteAtom
GetFileAttributesW
InitializeCriticalSection
GetThreadPriority
GetCurrentProcess
SetThreadPriority
GlobalLock
VirtualAlloc
GetCommandLineW
GetSystemInfo
LeaveCriticalSection
GetProcAddress
ResumeThread
GetVersionExW
VerifyVersionInfoW
HeapCreate
LCMapStringW
GetDiskFreeSpaceW
VerSetConditionMask
FindFirstFileW
GetUserDefaultUILanguage
GetConsoleOutputCP
GetConsoleCP
lstrlenW
SetEndOfFile
QueryPerformanceCounter
HeapFree
WideCharToMultiByte
FindClose
MultiByteToWideChar
LoadLibraryW
SetEvent
GetLocaleInfoW
CreateFileW
EnumResourceNamesW
DeleteFileW
IsDBCSLeadByteEx
GetEnvironmentVariableW
GetLocalTime
WaitForSingleObject
WriteFile
ExitThread
CreatePipe
DeleteCriticalSection
GetDateFormatW
TlsGetValue
SetErrorMode
IsValidLocale
TlsSetValue
CreateDirectoryW
GetSystemDefaultUILanguage
EnumCalendarInfoW
LocalAlloc
RemoveDirectoryW
CreateEventW
WaitForMultipleObjectsEx
SetThreadLocale
GetThreadLocale

ole32

CreateBindCtx
MkParseDisplayName
CoCreateInstance
CoUninitialize
IsEqualGUID
OleInitialize
CLSIDFromProgID
OleUninitialize
CoInitialize
CoTaskMemFree
CoTaskMemAlloc
StringFromCLSID

gdi32

Pie
SetBkMode
CreateCompatibleBitmap
GetEnhMetaFileHeader
RectVisible
AngleArc
SetAbortProc
SetTextColor
StretchBlt
RoundRect
RestoreDC
SetRectRgn
GetTextMetricsW
GetWindowOrgEx
CreatePalette
PolyBezierTo
CreateICW
CreateDCW
GetStockObject
CreateSolidBrush
Polygon
MoveToEx
PlayEnhMetaFile
Ellipse
StartPage
GetBitmapBits
StartDocW
GetSystemPaletteEntries
GetEnhMetaFileBits
AbortDoc
GetEnhMetaFilePaletteEntries
CreatePenIndirect
CreateFontIndirectW
PolyBezier
EndDoc
GetObjectW
GetWinMetaFileBits
SetROP2
GetEnhMetaFileDescriptionW
ArcTo
Arc
SelectPalette
ExcludeClipRect
MaskBlt
SetWindowOrgEx
EndPage
DeleteEnhMetaFile
Chord
SetDIBits
SetViewportOrgEx
CreateRectRgn
RealizePalette
SetDIBColorTable
GetDIBColorTable
CreateBrushIndirect
PatBlt
SetEnhMetaFileBits
Rectangle
SaveDC
DeleteDC
FrameRgn
BitBlt
GetDeviceCaps
GetTextExtentPoint32W
GetClipBox
IntersectClipRect
Polyline
CreateBitmap
SetWinMetaFileBits
GetStretchBltMode
CreateDIBitmap
SetStretchBltMode
GetDIBits
CreateDIBSection
LineTo
GetRgnBox
EnumFontsW
CreateHalftonePalette
SelectObject
DeleteObject
ExtFloodFill
UnrealizeObject
CopyEnhMetaFileW
SetBkColor
CreateCompatibleDC
GetBrushOrgEx
GetCurrentPositionEx
GetTextExtentPointW
ExtTextOutW
SetBrushOrgEx
GetPixel
GdiFlush
SetPixel
EnumFontFamiliesExW
StretchDIBits
GetPaletteEntries

Exports

Exports

TMethodImplementationIntercept
__dbk_fcall_wrapper
dbkFCallWrapperAddr

Sections

.text
Size: 2.9MB - Virtual size: 2.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 35KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 26KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.didata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 163B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: - Virtual size: 92B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 93B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 255KB - Virtual size: 255KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 417KB - Virtual size: 417KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.12.16_TeamCymru-APTC_23_AridViper_GnatSpy/0de10ec9ec327818002281b4cdd399d6cf330146d47ac00cf47b571a6f0a4eaa
.exe windows:4 windows x86 arch:x86

51e53e55ec7d8af56797a171159d5535

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

GetLastError
SetLastError
GetTickCount
ExitProcess
GetStartupInfoA
GetStdHandle
GetCommandLineA
GetCurrentProcessId
GetCurrentThreadId
GetCurrentProcess
ReadProcessMemory
GetModuleFileNameA
GetModuleHandleA
WriteFile
ReadFile
CloseHandle
SetFilePointer
SetEndOfFile
FreeLibrary
GetSystemInfo
LoadLibraryA
GetProcAddress
DeleteFileW
CreateFileW
GetFileAttributesW
CreateDirectoryW
SetCurrentDirectoryW
GetCurrentDirectoryW
GetConsoleMode
GetConsoleOutputCP
GetOEMCP
GetProcessHeap
HeapAlloc
HeapFree
TlsAlloc
TlsGetValue
TlsSetValue
CreateThread
ExitThread
LocalAlloc
LocalFree
Sleep
SuspendThread
ResumeThread
TerminateThread
WaitForSingleObject
SetThreadPriority
GetThreadPriority
CreateEventA
ResetEvent
SetEvent
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
TryEnterCriticalSection
MultiByteToWideChar
WideCharToMultiByte
GetACP
GetConsoleCP
SetUnhandledExceptionFilter
EnumResourceTypesA
EnumResourceNamesA
EnumResourceLanguagesA
FindResourceA
FindResourceExA
LoadResource
SizeofResource
LockResource
FreeResource
GetEnvironmentStringsA
FreeEnvironmentStringsA
FormatMessageA
CreateMutexA
GlobalAddAtomA
GetWindowsDirectoryA
DeleteFileA
CopyFileA
CreateProcessA
GetVersionExA
CompareStringA
GetLocaleInfoA
GetDateFormatA
EnumCalendarInfoA
GetEnvironmentStringsW
FreeEnvironmentStringsW
FormatMessageW
LoadLibraryW
GetModuleFileNameW
GetCommandLineW
CompareStringW
GetLocaleInfoW
GlobalAlloc
GlobalReAlloc
GlobalSize
GlobalLock
GlobalUnlock
VirtualFree
GetExitCodeProcess
GetExitCodeThread
GlobalDeleteAtom
MulDiv
GetLocalTime
CreatePipe
PeekNamedPipe
GetThreadLocale
SetThreadLocale
GetUserDefaultLCID

oleaut32

SysAllocStringLen
SysFreeString
SysReAllocStringLen
SafeArrayCreate
SafeArrayRedim
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayAccessData
SafeArrayUnaccessData
SafeArrayGetElement
SafeArrayPutElement
SafeArrayPtrOfIndex
VariantChangeTypeEx
VariantClear
VariantCopy
VariantInit

user32

MessageBoxA
CharUpperBuffW
CharLowerBuffW
PeekMessageA
SendMessageA
PostMessageA
DefWindowProcA
CallWindowProcA
RegisterClassA
UnregisterClassA
GetClassInfoA
CreateWindowExA
RegisterClipboardFormatA
GetClipboardFormatNameA
CharToOemA
CharUpperA
CharUpperBuffA
CharLowerA
CharLowerBuffA
GetMenuItemInfoA
SetPropA
GetPropA
RemovePropA
EnumPropsA
GetWindowLongA
SetWindowLongA
SetClassLongA
GetClassNameA
LoadBitmapA
LoadCursorA
LoadIconA
LoadImageA
SystemParametersInfoA
DispatchMessageW
PeekMessageW
SendMessageW
DefWindowProcW
CallWindowProcW
RegisterClassW
UnregisterClassW
GetClassInfoW
CreateWindowExW
InsertMenuItemW
GetMenuItemInfoW
SetMenuItemInfoW
DrawTextW
DrawStateW
SetWindowTextW
GetWindowTextW
GetWindowTextLengthW
MessageBoxW
GetWindowLongW
SetWindowLongW
TranslateMessage
PostQuitMessage
GetDoubleClickTime
IsWindow
IsMenu
DestroyWindow
ShowWindow
ShowWindowAsync
ShowOwnedPopups
SetWindowPos
GetWindowPlacement
SetWindowPlacement
BeginDeferWindowPos
DeferWindowPos
EndDeferWindowPos
IsWindowVisible
IsIconic
BringWindowToTop
IsZoomed
OpenClipboard
CloseClipboard
SetClipboardData
GetClipboardData
CountClipboardFormats
EnumClipboardFormats
EmptyClipboard
IsClipboardFormatAvailable
SetFocus
GetActiveWindow
GetFocus
GetKeyState
GetCapture
SetCapture
ReleaseCapture
MsgWaitForMultipleObjects
SetTimer
KillTimer
EnableWindow
IsWindowEnabled
GetSystemMetrics
GetMenu
SetMenu
DrawMenuBar
GetSystemMenu
CreateMenu
CreatePopupMenu
DestroyMenu
EnableMenuItem
GetSubMenu
GetMenuItemCount
RemoveMenu
DeleteMenu
UpdateWindow
SetActiveWindow
GetForegroundWindow
SetForegroundWindow
WindowFromDC
GetDC
GetDCEx
GetWindowDC
ReleaseDC
BeginPaint
EndPaint
GetUpdateRect
SetWindowRgn
InvalidateRect
InvalidateRgn
RedrawWindow
ScrollWindowEx
ShowScrollBar
EnableScrollBar
GetClientRect
GetWindowRect
AdjustWindowRectEx
MessageBeep
SetCursorPos
SetCursor
GetCursorPos
CreateCaret
DestroyCaret
HideCaret
ShowCaret
SetCaretPos
GetCaretPos
ClientToScreen
ScreenToClient
MapWindowPoints
WindowFromPoint
GetSysColor
GetSysColorBrush
SetSysColors
DrawFocusRect
FillRect
FrameRect
SetRect
InflateRect
IntersectRect
OffsetRect
GetDesktopWindow
GetParent
SetParent
EnumThreadWindows
GetTopWindow
GetWindowThreadProcessId
GetLastActivePopup
GetWindow
CallNextHookEx
DestroyCursor
DestroyIcon
CopyImage
CreateIconIndirect
GetIconInfo
SetScrollInfo
GetScrollInfo
DrawEdge
DrawFrameControl
TrackPopupMenuEx
ChildWindowFromPointEx
FlashWindowEx

advapi32

RegCreateKeyExA
RegOpenKeyExA
RegSetValueExA
RegCloseKey
RegFlushKey

gdi32

CreateFontIndirectA
EnumFontFamiliesA
GetCharABCWidthsA
GetTextExtentPointA
GetTextMetricsA
GetObjectA
ExtTextOutA
CreateFontIndirectW
EnumFontFamiliesExW
GetCharABCWidthsW
GetTextExtentPoint32W
GetTextExtentExPointW
GetObjectW
TextOutW
ExtTextOutW
GetRandomRgn
Arc
BitBlt
Chord
CombineRgn
CreateBitmap
CreateBrushIndirect
CreateCompatibleBitmap
CreateCompatibleDC
CreateDIBitmap
CreateEllipticRgn
CreatePen
CreatePenIndirect
CreatePatternBrush
CreateRectRgn
CreateRoundRectRgn
CreateSolidBrush
DeleteDC
DeleteObject
Ellipse
EqualRgn
ExcludeClipRect
ExtCreateRegion
ExtFloodFill
FillRgn
GetROP2
GetBkColor
GetBitmapBits
GetClipBox
GetClipRgn
GetCurrentObject
GetDeviceCaps
GetDIBits
GetMapMode
GetObjectType
GetPixel
GetRegionData
GetRgnBox
GetStockObject
GetTextAlign
GetTextColor
GetViewportExtEx
GetViewportOrgEx
GetWindowExtEx
GetWindowOrgEx
IntersectClipRect
LineTo
MaskBlt
OffsetRgn
PatBlt
Pie
PaintRgn
PtInRegion
RectInRegion
RectVisible
Rectangle
RestoreDC
RealizePalette
RoundRect
SaveDC
SelectClipRgn
ExtSelectClipRgn
SelectObject
SelectPalette
SetBkColor
SetBkMode
SetMapMode
SetPixel
SetPolyFillMode
StretchBlt
SetRectRgn
SetROP2
SetStretchBltMode
SetTextCharacterExtra
SetTextColor
SetTextAlign
CreateDIBSection
SetArcDirection
ExtCreatePen
MoveToEx
CreatePolygonRgn
DPtoLP
LPtoDP
Polygon
Polyline
PolyBezier
SetViewportExtEx
SetViewportOrgEx
SetWindowExtEx
SetWindowOrgEx
OffsetViewportOrgEx
SetBrushOrgEx
GetDCOrgEx

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

shell32

DragQueryFileA
ShellExecuteA
DragQueryFileW
DragFinish
DragAcceptFiles
SHGetSpecialFolderLocation
SHGetPathFromIDListA

ole32

OleInitialize
OleUninitialize
CoUninitialize
CoCreateInstance
CoInitialize
MkParseDisplayName
CreateBindCtx
GetErrorInfo

comctl32

InitCommonControls
ImageList_Create
ImageList_Destroy
ImageList_GetImageCount
ImageList_SetImageCount
ImageList_Add
ImageList_Replace
ImageList_AddMasked
ImageList_DrawEx
ImageList_DrawIndirect
ImageList_Remove
ImageList_Copy
ImageList_BeginDrag
ImageList_EndDrag
ImageList_DragEnter
ImageList_DragLeave
ImageList_DragMove
ImageList_DragShowNolock
_TrackMouseEvent

ws2_32

closesocket
connect
getsockopt
recv
send
setsockopt
shutdown
socket
WSAStartup
WSACleanup
WSAGetLastError

wsock32

gethostbyaddr
gethostbyname
WSAStartup

Sections

.text
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 112KB - Virtual size: 111KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 351KB - Virtual size: 351KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 25KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Malware-Feed-master/2020.12.16_TeamCymru-APTC_23_AridViper_GnatSpy/2115d02ead5e497ce5a52ab9b17f0e007a671b3cd95aa55554af17d9a30de37c
.exe windows:4 windows x64 arch:x64

f60ff7bc2495abc11777f85fbd08fa18

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

GetLastError
SetLastError
GetTickCount
ExitProcess
GetStartupInfoA
GetStdHandle
GetCommandLineA
GetCurrentProcessId
GetCurrentThreadId
GetCurrentProcess
ReadProcessMemory
GetModuleFileNameA
GetModuleHandleA
WriteFile
ReadFile
CloseHandle
SetFilePointer
SetEndOfFile
FreeLibrary
GetSystemInfo
LoadLibraryA
GetProcAddress
DeleteFileW
CreateFileW
GetFileAttributesW
CreateDirectoryW
GetCurrentDirectoryW
GetFullPathNameW
GetConsoleMode
GetConsoleOutputCP
GetOEMCP
GetProcessHeap
HeapAlloc
HeapFree
TlsAlloc
TlsGetValue
TlsSetValue
CreateThread
ExitThread
LocalAlloc
LocalFree
Sleep
SuspendThread
ResumeThread
TerminateThread
WaitForSingleObject
SetThreadPriority
GetThreadPriority
CreateEventA
ResetEvent
SetEvent
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
TryEnterCriticalSection
RaiseException
MultiByteToWideChar
WideCharToMultiByte
GetACP
GetConsoleCP
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
RtlUnwindEx
EnumResourceTypesA
EnumResourceNamesA
EnumResourceLanguagesA
FindResourceA
FindResourceExA
LoadResource
SizeofResource
LockResource
FreeResource
GetEnvironmentStringsA
FreeEnvironmentStringsA
FormatMessageA
GlobalAddAtomA
GetWindowsDirectoryA
DeleteFileA
CopyFileA
CreateProcessA
GetVersionExA
CompareStringA
GetLocaleInfoA
GetDateFormatA
EnumCalendarInfoA
GetEnvironmentStringsW
FreeEnvironmentStringsW
FormatMessageW
LoadLibraryW
GetModuleFileNameW
GetCommandLineW
CompareStringW
GetLocaleInfoW
GlobalAlloc
GlobalReAlloc
GlobalSize
GlobalLock
GlobalUnlock
GetExitCodeProcess
GetExitCodeThread
GlobalDeleteAtom
MulDiv
GetLocalTime
CreatePipe
PeekNamedPipe
GetThreadLocale
SetThreadLocale
GetUserDefaultLCID

oleaut32

SysAllocStringLen
SysFreeString
SysReAllocStringLen
SafeArrayCreate
SafeArrayRedim
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayAccessData
SafeArrayUnaccessData
SafeArrayGetElement
SafeArrayPutElement
SafeArrayPtrOfIndex
VariantChangeTypeEx
VariantClear
VariantCopy
VariantInit

user32

MessageBoxA
CharUpperBuffW
CharLowerBuffW
PeekMessageA
SendMessageA
PostMessageA
DefWindowProcA
CallWindowProcA
RegisterClassA
UnregisterClassA
GetClassInfoA
CreateWindowExA
RegisterClipboardFormatA
GetClipboardFormatNameA
CharToOemA
CharUpperA
CharUpperBuffA
CharLowerA
CharLowerBuffA
GetMenuItemInfoA
SetPropA
GetPropA
RemovePropA
EnumPropsA
GetWindowLongA
SetWindowLongA
SetClassLongPtrA
GetClassNameA
LoadBitmapA
LoadCursorA
LoadIconA
LoadImageA
SystemParametersInfoA
DispatchMessageW
PeekMessageW
SendMessageW
DefWindowProcW
CallWindowProcW
RegisterClassW
UnregisterClassW
GetClassInfoW
CreateWindowExW
InsertMenuItemW
GetMenuItemInfoW
SetMenuItemInfoW
DrawTextW
DrawStateW
SetWindowTextW
GetWindowTextW
GetWindowTextLengthW
MessageBoxW
GetWindowLongPtrW
SetWindowLongPtrW
TranslateMessage
PostQuitMessage
GetDoubleClickTime
IsWindow
IsMenu
DestroyWindow
ShowWindow
ShowWindowAsync
ShowOwnedPopups
SetWindowPos
GetWindowPlacement
SetWindowPlacement
BeginDeferWindowPos
DeferWindowPos
EndDeferWindowPos
IsWindowVisible
IsIconic
BringWindowToTop
IsZoomed
OpenClipboard
CloseClipboard
SetClipboardData
GetClipboardData
CountClipboardFormats
EnumClipboardFormats
EmptyClipboard
IsClipboardFormatAvailable
SetFocus
GetActiveWindow
GetFocus
GetKeyState
GetCapture
SetCapture
ReleaseCapture
MsgWaitForMultipleObjects
SetTimer
KillTimer
EnableWindow
IsWindowEnabled
GetSystemMetrics
GetMenu
SetMenu
DrawMenuBar
GetSystemMenu
CreateMenu
CreatePopupMenu
DestroyMenu
EnableMenuItem
GetSubMenu
GetMenuItemCount
RemoveMenu
DeleteMenu
UpdateWindow
SetActiveWindow
GetForegroundWindow
SetForegroundWindow
WindowFromDC
GetDC
GetDCEx
GetWindowDC
ReleaseDC
BeginPaint
EndPaint
GetUpdateRect
SetWindowRgn
InvalidateRect
InvalidateRgn
RedrawWindow
ScrollWindowEx
ShowScrollBar
EnableScrollBar
GetClientRect
GetWindowRect
AdjustWindowRectEx
MessageBeep
SetCursorPos
SetCursor
GetCursorPos
CreateCaret
DestroyCaret
HideCaret
ShowCaret
SetCaretPos
GetCaretPos
ClientToScreen
ScreenToClient
MapWindowPoints
WindowFromPoint
GetSysColor
GetSysColorBrush
SetSysColors
DrawFocusRect
FillRect
FrameRect
SetRect
InflateRect
IntersectRect
OffsetRect
GetDesktopWindow
GetParent
SetParent
EnumThreadWindows
GetTopWindow
GetWindowThreadProcessId
GetLastActivePopup
GetWindow
CallNextHookEx
DestroyCursor
DestroyIcon
CopyImage
CreateIconIndirect
GetIconInfo
SetScrollInfo
GetScrollInfo
DrawEdge
DrawFrameControl
TrackPopupMenuEx
ChildWindowFromPointEx
FlashWindowEx

advapi32

RegCreateKeyExA
RegOpenKeyExA
RegSetValueExA
RegCloseKey
RegFlushKey

gdi32

CreateFontIndirectA
EnumFontFamiliesA
GetCharABCWidthsA
GetTextExtentPointA
GetTextMetricsA
GetObjectA
ExtTextOutA
CreateFontIndirectW
EnumFontFamiliesExW
GetCharABCWidthsW
GetTextExtentPoint32W
GetTextExtentExPointW
GetObjectW
TextOutW
ExtTextOutW
GetRandomRgn
Arc
BitBlt
Chord
CombineRgn
CreateBitmap
CreateBrushIndirect
CreateCompatibleBitmap
CreateCompatibleDC
CreateDIBitmap
CreateEllipticRgn
CreatePen
CreatePenIndirect
CreatePatternBrush
CreateRectRgn
CreateRoundRectRgn
CreateSolidBrush
DeleteDC
DeleteObject
Ellipse
EqualRgn
ExcludeClipRect
ExtCreateRegion
ExtFloodFill
FillRgn
GetROP2
GetBkColor
GetBitmapBits
GetClipBox
GetClipRgn
GetCurrentObject
GetDeviceCaps
GetDIBits
GetMapMode
GetObjectType
GetPixel
GetRegionData
GetRgnBox
GetStockObject
GetTextAlign
GetTextColor
GetViewportExtEx
GetViewportOrgEx
GetWindowExtEx
GetWindowOrgEx
IntersectClipRect
LineTo
MaskBlt
OffsetRgn
PatBlt
Pie
PaintRgn
PtInRegion
RectInRegion
RectVisible
Rectangle
RestoreDC
RealizePalette
RoundRect
SaveDC
SelectClipRgn
ExtSelectClipRgn
SelectObject
SelectPalette
SetBkColor
SetBkMode
SetMapMode
SetPixel
SetPolyFillMode
StretchBlt
SetRectRgn
SetROP2
SetStretchBltMode
SetTextCharacterExtra
SetTextColor
SetTextAlign
CreateDIBSection
SetArcDirection
ExtCreatePen
MoveToEx
CreatePolygonRgn
DPtoLP
LPtoDP
Polygon
Polyline
PolyBezier
SetViewportExtEx
SetViewportOrgEx
SetWindowExtEx
SetWindowOrgEx
OffsetViewportOrgEx
SetBrushOrgEx
GetDCOrgEx

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

shell32

DragQueryFileA
ShellExecuteA
DragQueryFileW
DragFinish
DragAcceptFiles
SHGetSpecialFolderLocation
SHGetPathFromIDListA

ole32

OleInitialize
OleUninitialize
CoUninitialize
CoCreateInstance
CLSIDFromProgID
CoInitialize
MkParseDisplayName
CreateBindCtx
GetErrorInfo

comctl32

InitCommonControls
ImageList_Create
ImageList_Destroy
ImageList_GetImageCount
ImageList_SetImageCount
ImageList_Add
ImageList_Replace
ImageList_AddMasked
ImageList_DrawEx
ImageList_DrawIndirect
ImageList_Remove
ImageList_Copy
ImageList_BeginDrag
ImageList_EndDrag
ImageList_DragEnter
ImageList_DragLeave
ImageList_DragMove
ImageList_DragShowNolock
_TrackMouseEvent

ws2_32

closesocket
connect
getsockopt
recv
send
setsockopt
shutdown
socket
WSAStartup
WSACleanup
WSAGetLastError

wsock32

gethostbyaddr
gethostbyname
WSAStartup

Sections

.text
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 123KB - Virtual size: 123KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 715KB - Virtual size: 714KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 123KB - Virtual size: 123KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 27KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 40B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 542KB - Virtual size: 542KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Malware-Feed-master/2020.12.16_TeamCymru-APTC_23_AridViper_GnatSpy/2118c79dbb6767549cf9aa12367faa8f55281d4299d0a3f4c2f40c1686d8016a
.exe windows:5 windows x86 arch:x86

f67f9bec9bab7d6ef1ebca8702edae6b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

winspool.drv

DocumentPropertiesW
ClosePrinter
OpenPrinterW
GetDefaultPrinterW
EnumPrintersW

comctl32

ImageList_GetImageInfo
FlatSB_SetScrollInfo
InitCommonControls
ImageList_DragMove
ImageList_Destroy
_TrackMouseEvent
ImageList_DragShowNolock
ImageList_Add
FlatSB_SetScrollProp
ImageList_GetDragImage
ImageList_Create
ImageList_EndDrag
ImageList_DrawEx
ImageList_SetImageCount
FlatSB_GetScrollPos
FlatSB_SetScrollPos
InitializeFlatSB
ImageList_Copy
FlatSB_GetScrollInfo
ImageList_Write
ImageList_SetBkColor
ImageList_GetBkColor
ImageList_BeginDrag
ImageList_GetIcon
ImageList_Replace
ImageList_GetImageCount
ImageList_DragEnter
ImageList_GetIconSize
ImageList_SetIconSize
ImageList_Read
ImageList_DragLeave
ImageList_LoadImageW
ImageList_Draw
ImageList_Remove
ImageList_ReplaceIcon
ImageList_SetOverlayImage

shell32

SHGetSpecialFolderLocation
Shell_NotifyIconW
ShellExecuteW
SHGetPathFromIDListW

user32

CopyImage
CreateWindowExW
GetMenuItemInfoW
SetMenuItemInfoW
DefFrameProcW
GetDCEx
PeekMessageW
MonitorFromWindow
GetDlgCtrlID
SetTimer
WindowFromPoint
BeginPaint
RegisterClipboardFormatW
FrameRect
MapVirtualKeyW
IsWindowUnicode
RegisterWindowMessageW
FillRect
GetMenuStringW
DispatchMessageW
CreateAcceleratorTableW
SendMessageA
DefMDIChildProcW
EnumWindows
GetClassInfoW
ShowOwnedPopups
GetSystemMenu
GetScrollRange
SetScrollPos
GetScrollPos
GetActiveWindow
SetActiveWindow
DrawEdge
GetKeyboardLayoutList
LoadBitmapW
DrawFocusRect
EnumChildWindows
GetScrollBarInfo
ReleaseCapture
UnhookWindowsHookEx
LoadCursorW
GetCapture
SetCapture
CreatePopupMenu
ScrollWindow
ShowCaret
GetMenuItemID
GetLastActivePopup
CharLowerBuffW
GetSystemMetrics
SetWindowLongW
PostMessageW
DrawMenuBar
SetParent
IsZoomed
CharUpperBuffW
GetClientRect
IsChild
ClientToScreen
GetClipboardData
SetClipboardData
SetWindowPlacement
IsIconic
CallNextHookEx
GetMonitorInfoW
ShowWindow
CheckMenuItem
CharUpperW
DefWindowProcW
GetForegroundWindow
SetForegroundWindow
GetWindowTextW
EnableWindow
DestroyWindow
IsDialogMessageW
EndMenu
RegisterClassW
CharNextW
GetWindowThreadProcessId
RedrawWindow
GetDC
GetFocus
SetFocus
EndPaint
ReleaseDC
MsgWaitForMultipleObjectsEx
LoadKeyboardLayoutW
GetClassLongW
ActivateKeyboardLayout
GetParent
DrawTextW
SetScrollRange
MonitorFromRect
InsertMenuItemW
PeekMessageA
GetPropW
SetClassLongW
MessageBoxW
MessageBeep
SetPropW
RemovePropW
UpdateWindow
GetSubMenu
MsgWaitForMultipleObjects
DestroyMenu
DestroyIcon
SetWindowsHookExW
EmptyClipboard
IsWindowVisible
DispatchMessageA
UnregisterClassW
GetTopWindow
SendMessageW
AdjustWindowRectEx
DrawIcon
IsWindow
EnumThreadWindows
InvalidateRect
GetKeyboardState
DrawFrameControl
ScreenToClient
SetCursor
CreateIcon
CreateMenu
LoadStringW
CharLowerW
SetWindowRgn
SetWindowPos
GetMenuItemCount
RemoveMenu
GetSysColorBrush
GetKeyboardLayoutNameW
GetWindowDC
TranslateMessage
OpenClipboard
DrawTextExW
MapWindowPoints
EnumDisplayMonitors
CallWindowProcW
CloseClipboard
DestroyCursor
GetScrollInfo
SetWindowTextW
GetMessageExtraInfo
EnableScrollBar
GetSysColor
TrackPopupMenu
CopyIcon
DrawIconEx
PostQuitMessage
GetClassNameW
ShowScrollBar
EnableMenuItem
GetIconInfo
GetMessagePos
SetScrollInfo
GetKeyNameTextW
GetDesktopWindow
GetCursorPos
SetCursorPos
HideCaret
GetMenu
GetMenuState
SetMenu
SetRect
GetKeyState
FindWindowExW
MonitorFromPoint
SystemParametersInfoW
LoadIconW
GetCursor
GetWindow
GetWindowLongW
GetWindowRect
InsertMenuW
KillTimer
WaitMessage
IsWindowEnabled
IsDialogMessageA
TranslateMDISysAccel
GetWindowPlacement
CreateIconIndirect
FindWindowW
DeleteMenu
GetKeyboardLayout

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

oleaut32

GetErrorInfo
SysFreeString
VariantClear
VariantInit
SysReAllocStringLen
SafeArrayCreate
SafeArrayGetElement
SysAllocStringLen
SafeArrayPtrOfIndex
SafeArrayGetUBound
SafeArrayGetLBound
VariantCopy
VariantChangeType

advapi32

RegSetValueExW
RegConnectRegistryW
RegEnumKeyExW
RegLoadKeyW
RegDeleteKeyW
RegOpenKeyExW
RegQueryInfoKeyW
RegUnLoadKeyW
RegSaveKeyW
RegDeleteValueW
RegReplaceKeyW
RegFlushKey
RegQueryValueExW
RegEnumValueW
RegCloseKey
RegCreateKeyExW
RegRestoreKeyW

netapi32

NetWkstaGetInfo
NetApiBufferFree

msvcrt

memcpy
memset

winhttp

WinHttpGetIEProxyConfigForCurrentUser
WinHttpSetTimeouts
WinHttpSetStatusCallback
WinHttpConnect
WinHttpReceiveResponse
WinHttpQueryAuthSchemes
WinHttpGetProxyForUrl
WinHttpReadData
WinHttpCloseHandle
WinHttpQueryHeaders
WinHttpOpenRequest
WinHttpAddRequestHeaders
WinHttpOpen
WinHttpWriteData
WinHttpSetCredentials
WinHttpQueryDataAvailable
WinHttpSetOption
WinHttpSendRequest
WinHttpQueryOption

kernel32

GetFileType
GetACP
CloseHandle
LocalFree
GetCurrentProcessId
SizeofResource
VirtualProtect
TerminateThread
QueryPerformanceFrequency
IsDebuggerPresent
GetFullPathNameW
VirtualFree
ExitProcess
HeapAlloc
GetCPInfoExW
GetLongPathNameW
RtlUnwind
GetCPInfo
EnumSystemLocalesW
GetStdHandle
GetTimeZoneInformation
GetModuleHandleW
FreeLibrary
TryEnterCriticalSection
HeapDestroy
ReadFile
CreateProcessW
GetLastError
GetModuleFileNameW
SetLastError
GlobalAlloc
GlobalUnlock
FindResourceW
CreateThread
CompareStringW
CreateMutexW
LoadLibraryA
ResetEvent
MulDiv
FreeResource
GetVersion
RaiseException
MoveFileW
GlobalAddAtomW
FormatMessageW
SwitchToThread
GetExitCodeThread
GetCurrentThread
LoadLibraryExW
LockResource
FileTimeToSystemTime
GetCurrentThreadId
UnhandledExceptionFilter
VirtualQuery
GlobalFindAtomW
VirtualQueryEx
GlobalFree
Sleep
EnterCriticalSection
SetFilePointer
LoadResource
SuspendThread
GetTickCount
GetTempFileNameW
GetFileSize
GetStartupInfoW
GlobalDeleteAtom
GetFileAttributesW
InitializeCriticalSection
GetThreadPriority
GetCurrentProcess
SetThreadPriority
GlobalLock
VirtualAlloc
GetTempPathW
GetCommandLineW
GetSystemInfo
LeaveCriticalSection
GetProcAddress
ResumeThread
GetVersionExW
VerifyVersionInfoW
HeapCreate
LCMapStringW
GetDiskFreeSpaceW
VerSetConditionMask
FindFirstFileW
GetUserDefaultUILanguage
GetConsoleOutputCP
GetConsoleCP
lstrlenW
SetEndOfFile
QueryPerformanceCounter
HeapFree
WideCharToMultiByte
FindClose
MultiByteToWideChar
LoadLibraryW
SetEvent
GetLocaleInfoW
CreateFileW
EnumResourceNamesW
DeleteFileW
IsDBCSLeadByteEx
GetEnvironmentVariableW
GetLocalTime
WaitForSingleObject
WriteFile
ExitThread
CreatePipe
DeleteCriticalSection
GetDateFormatW
TlsGetValue
SetErrorMode
IsValidLocale
TlsSetValue
CreateDirectoryW
GetSystemDefaultUILanguage
EnumCalendarInfoW
LocalAlloc
RemoveDirectoryW
CreateEventW
WaitForMultipleObjectsEx
GetThreadLocale
SetThreadLocale

shfolder

SHGetFolderPathW

ole32

CreateBindCtx
MkParseDisplayName
CoCreateInstance
CoUninitialize
IsEqualGUID
OleInitialize
CLSIDFromProgID
OleUninitialize
CoInitialize
CoTaskMemFree
CoTaskMemAlloc
StringFromCLSID

gdi32

Pie
SetBkMode
CreateCompatibleBitmap
GetEnhMetaFileHeader
RectVisible
AngleArc
SetAbortProc
SetTextColor
StretchBlt
RoundRect
RestoreDC
SetRectRgn
GetTextMetricsW
GetWindowOrgEx
CreatePalette
PolyBezierTo
CreateICW
CreateDCW
GetStockObject
CreateSolidBrush
Polygon
MoveToEx
PlayEnhMetaFile
Ellipse
StartPage
GetBitmapBits
StartDocW
GetSystemPaletteEntries
GetEnhMetaFileBits
AbortDoc
GetEnhMetaFilePaletteEntries
CreatePenIndirect
CreateFontIndirectW
PolyBezier
EndDoc
GetObjectW
GetWinMetaFileBits
SetROP2
GetEnhMetaFileDescriptionW
ArcTo
Arc
SelectPalette
ExcludeClipRect
MaskBlt
SetWindowOrgEx
EndPage
DeleteEnhMetaFile
Chord
SetDIBits
SetViewportOrgEx
CreateRectRgn
RealizePalette
SetDIBColorTable
GetDIBColorTable
CreateBrushIndirect
PatBlt
SetEnhMetaFileBits
Rectangle
SaveDC
DeleteDC
FrameRgn
BitBlt
GetDeviceCaps
GetTextExtentPoint32W
GetClipBox
IntersectClipRect
Polyline
CreateBitmap
SetWinMetaFileBits
GetStretchBltMode
CreateDIBitmap
SetStretchBltMode
GetDIBits
CreateDIBSection
LineTo
GetRgnBox
EnumFontsW
CreateHalftonePalette
SelectObject
DeleteObject
ExtFloodFill
UnrealizeObject
CopyEnhMetaFileW
SetBkColor
CreateCompatibleDC
GetBrushOrgEx
GetCurrentPositionEx
GetTextExtentPointW
ExtTextOutW
SetBrushOrgEx
GetPixel
GdiFlush
SetPixel
EnumFontFamiliesExW
StretchDIBits
GetPaletteEntries

Exports

Exports

TMethodImplementationIntercept
__dbk_fcall_wrapper
dbkFCallWrapperAddr

Sections

.text
Size: 2.9MB - Virtual size: 2.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 35KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 26KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.didata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 147B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: - Virtual size: 92B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 93B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 256KB - Virtual size: 255KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 152KB - Virtual size: 152KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.12.16_TeamCymru-APTC_23_AridViper_GnatSpy/23aa2347bf83127d40e05742d7c521245e51886f38b285be7227ddb96d765337
.exe windows:4 windows x86 arch:x86

71b0b46f2c41173f6ab779a154efe354

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

GetLastError
SetLastError
GetTickCount
ExitProcess
GetStartupInfoA
GetStdHandle
GetCommandLineA
GetCurrentProcessId
GetCurrentThreadId
GetCurrentProcess
ReadProcessMemory
GetModuleFileNameA
GetModuleHandleA
WriteFile
ReadFile
CloseHandle
SetFilePointer
SetEndOfFile
FreeLibrary
GetSystemInfo
LoadLibraryA
GetProcAddress
DeleteFileW
CreateFileW
GetFileAttributesW
CreateDirectoryW
SetCurrentDirectoryW
GetCurrentDirectoryW
GetConsoleMode
GetConsoleOutputCP
GetOEMCP
GetProcessHeap
HeapAlloc
HeapFree
TlsAlloc
TlsGetValue
TlsSetValue
CreateThread
ExitThread
LocalAlloc
LocalFree
Sleep
SuspendThread
ResumeThread
TerminateThread
WaitForSingleObject
SetThreadPriority
GetThreadPriority
CreateEventA
ResetEvent
SetEvent
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
TryEnterCriticalSection
MultiByteToWideChar
WideCharToMultiByte
GetACP
GetConsoleCP
SetUnhandledExceptionFilter
EnumResourceTypesA
EnumResourceNamesA
EnumResourceLanguagesA
FindResourceA
FindResourceExA
LoadResource
SizeofResource
LockResource
FreeResource
GetEnvironmentStringsA
FreeEnvironmentStringsA
FormatMessageA
CreateMutexA
GlobalAddAtomA
GetWindowsDirectoryA
DeleteFileA
CopyFileA
CreateProcessA
GetVersionExA
CompareStringA
GetLocaleInfoA
GetDateFormatA
EnumCalendarInfoA
GetEnvironmentStringsW
FreeEnvironmentStringsW
FormatMessageW
LoadLibraryW
GetModuleFileNameW
GetCommandLineW
CompareStringW
GetLocaleInfoW
GlobalAlloc
GlobalReAlloc
GlobalSize
GlobalLock
GlobalUnlock
VirtualFree
GetExitCodeProcess
GetExitCodeThread
GlobalDeleteAtom
MulDiv
GetLocalTime
CreatePipe
PeekNamedPipe
GetThreadLocale
SetThreadLocale
GetUserDefaultLCID

oleaut32

SysAllocStringLen
SysFreeString
SysReAllocStringLen
SafeArrayCreate
SafeArrayRedim
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayAccessData
SafeArrayUnaccessData
SafeArrayGetElement
SafeArrayPutElement
SafeArrayPtrOfIndex
VariantChangeTypeEx
VariantClear
VariantCopy
VariantInit

user32

MessageBoxA
CharUpperBuffW
CharLowerBuffW
PeekMessageA
SendMessageA
PostMessageA
DefWindowProcA
CallWindowProcA
RegisterClassA
UnregisterClassA
GetClassInfoA
CreateWindowExA
RegisterClipboardFormatA
GetClipboardFormatNameA
CharToOemA
CharUpperA
CharUpperBuffA
CharLowerA
CharLowerBuffA
GetMenuItemInfoA
SetPropA
GetPropA
RemovePropA
EnumPropsA
GetWindowLongA
SetWindowLongA
SetClassLongA
GetClassNameA
LoadBitmapA
LoadCursorA
LoadIconA
LoadImageA
SystemParametersInfoA
DispatchMessageW
PeekMessageW
SendMessageW
DefWindowProcW
CallWindowProcW
RegisterClassW
UnregisterClassW
GetClassInfoW
CreateWindowExW
InsertMenuItemW
GetMenuItemInfoW
SetMenuItemInfoW
DrawTextW
DrawStateW
SetWindowTextW
GetWindowTextW
GetWindowTextLengthW
MessageBoxW
GetWindowLongW
SetWindowLongW
TranslateMessage
PostQuitMessage
GetDoubleClickTime
IsWindow
IsMenu
DestroyWindow
ShowWindow
ShowWindowAsync
ShowOwnedPopups
SetWindowPos
GetWindowPlacement
SetWindowPlacement
BeginDeferWindowPos
DeferWindowPos
EndDeferWindowPos
IsWindowVisible
IsIconic
BringWindowToTop
IsZoomed
OpenClipboard
CloseClipboard
SetClipboardData
GetClipboardData
CountClipboardFormats
EnumClipboardFormats
EmptyClipboard
IsClipboardFormatAvailable
SetFocus
GetActiveWindow
GetFocus
GetKeyState
GetCapture
SetCapture
ReleaseCapture
MsgWaitForMultipleObjects
SetTimer
KillTimer
EnableWindow
IsWindowEnabled
GetSystemMetrics
GetMenu
SetMenu
DrawMenuBar
GetSystemMenu
CreateMenu
CreatePopupMenu
DestroyMenu
EnableMenuItem
GetSubMenu
GetMenuItemCount
RemoveMenu
DeleteMenu
UpdateWindow
SetActiveWindow
GetForegroundWindow
SetForegroundWindow
WindowFromDC
GetDC
GetDCEx
GetWindowDC
ReleaseDC
BeginPaint
EndPaint
GetUpdateRect
SetWindowRgn
InvalidateRect
InvalidateRgn
RedrawWindow
ScrollWindowEx
ShowScrollBar
EnableScrollBar
GetClientRect
GetWindowRect
AdjustWindowRectEx
MessageBeep
SetCursorPos
SetCursor
GetCursorPos
CreateCaret
DestroyCaret
HideCaret
ShowCaret
SetCaretPos
GetCaretPos
ClientToScreen
ScreenToClient
MapWindowPoints
WindowFromPoint
GetSysColor
GetSysColorBrush
SetSysColors
DrawFocusRect
FillRect
FrameRect
SetRect
InflateRect
IntersectRect
OffsetRect
GetDesktopWindow
GetParent
SetParent
EnumThreadWindows
GetTopWindow
GetWindowThreadProcessId
GetLastActivePopup
GetWindow
CallNextHookEx
DestroyCursor
DestroyIcon
CopyImage
CreateIconIndirect
GetIconInfo
SetScrollInfo
GetScrollInfo
DrawEdge
DrawFrameControl
TrackPopupMenuEx
ChildWindowFromPointEx
FlashWindowEx

advapi32

RegCreateKeyExA
RegOpenKeyExA
RegSetValueExA
RegCloseKey
RegFlushKey

gdi32

CreateFontIndirectA
EnumFontFamiliesA
GetCharABCWidthsA
GetTextExtentPointA
GetTextMetricsA
GetObjectA
ExtTextOutA
CreateFontIndirectW
EnumFontFamiliesExW
GetCharABCWidthsW
GetTextExtentPoint32W
GetTextExtentExPointW
GetObjectW
TextOutW
ExtTextOutW
GetRandomRgn
Arc
BitBlt
Chord
CombineRgn
CreateBitmap
CreateBrushIndirect
CreateCompatibleBitmap
CreateCompatibleDC
CreateDIBitmap
CreateEllipticRgn
CreatePen
CreatePenIndirect
CreatePatternBrush
CreateRectRgn
CreateRoundRectRgn
CreateSolidBrush
DeleteDC
DeleteObject
Ellipse
EqualRgn
ExcludeClipRect
ExtCreateRegion
ExtFloodFill
FillRgn
GetROP2
GetBkColor
GetBitmapBits
GetClipBox
GetClipRgn
GetCurrentObject
GetDeviceCaps
GetDIBits
GetMapMode
GetObjectType
GetPixel
GetRegionData
GetRgnBox
GetStockObject
GetTextAlign
GetTextColor
GetViewportExtEx
GetViewportOrgEx
GetWindowExtEx
GetWindowOrgEx
IntersectClipRect
LineTo
MaskBlt
OffsetRgn
PatBlt
Pie
PaintRgn
PtInRegion
RectInRegion
RectVisible
Rectangle
RestoreDC
RealizePalette
RoundRect
SaveDC
SelectClipRgn
ExtSelectClipRgn
SelectObject
SelectPalette
SetBkColor
SetBkMode
SetMapMode
SetPixel
SetPolyFillMode
StretchBlt
SetRectRgn
SetROP2
SetStretchBltMode
SetTextCharacterExtra
SetTextColor
SetTextAlign
CreateDIBSection
SetArcDirection
ExtCreatePen
MoveToEx
CreatePolygonRgn
DPtoLP
LPtoDP
Polygon
Polyline
PolyBezier
SetViewportExtEx
SetViewportOrgEx
SetWindowExtEx
SetWindowOrgEx
OffsetViewportOrgEx
SetBrushOrgEx
GetDCOrgEx

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

shell32

DragQueryFileA
ShellExecuteA
DragQueryFileW
DragFinish
DragAcceptFiles
SHGetSpecialFolderLocation
SHGetPathFromIDListA

ole32

OleInitialize
OleUninitialize
CoUninitialize
CoCreateInstance
CLSIDFromProgID
CoInitialize
MkParseDisplayName
CreateBindCtx
GetErrorInfo

comctl32

InitCommonControls
ImageList_Create
ImageList_Destroy
ImageList_GetImageCount
ImageList_SetImageCount
ImageList_Add
ImageList_Replace
ImageList_AddMasked
ImageList_DrawEx
ImageList_DrawIndirect
ImageList_Remove
ImageList_Copy
ImageList_BeginDrag
ImageList_EndDrag
ImageList_DragEnter
ImageList_DragLeave
ImageList_DragMove
ImageList_DragShowNolock
_TrackMouseEvent

ws2_32

closesocket
connect
getsockopt
recv
send
setsockopt
shutdown
socket
WSAStartup
WSACleanup
WSAGetLastError

wsock32

gethostbyaddr
gethostbyname
WSAStartup

Sections

.text
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 112KB - Virtual size: 111KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 352KB - Virtual size: 351KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 25KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 120KB - Virtual size: 120KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Malware-Feed-master/2020.12.16_TeamCymru-APTC_23_AridViper_GnatSpy/284a0c5cc0efe78f18c7b9b6dbe7be1d93da8f556b432f03d5464a34992dbd01
.exe windows:4 windows x86 arch:x86

5d8786b378c881f44443eb17940d6af6

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

GetLastError
SetLastError
GetTickCount
ExitProcess
GetStartupInfoA
GetStdHandle
GetCommandLineA
GetCurrentProcessId
GetCurrentThreadId
GetCurrentProcess
ReadProcessMemory
GetModuleFileNameA
GetModuleHandleA
WriteFile
ReadFile
CloseHandle
SetFilePointer
SetEndOfFile
FreeLibrary
GetSystemInfo
LoadLibraryA
GetProcAddress
DeleteFileW
CreateFileW
GetFileAttributesW
SetCurrentDirectoryW
GetCurrentDirectoryW
GetConsoleMode
GetConsoleOutputCP
GetOEMCP
GetProcessHeap
HeapAlloc
HeapFree
TlsAlloc
TlsGetValue
TlsSetValue
CreateThread
ExitThread
LocalAlloc
LocalFree
Sleep
SuspendThread
ResumeThread
TerminateThread
WaitForSingleObject
SetThreadPriority
GetThreadPriority
CreateEventA
ResetEvent
SetEvent
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
TryEnterCriticalSection
MultiByteToWideChar
WideCharToMultiByte
GetACP
GetConsoleCP
SetUnhandledExceptionFilter
EnumResourceTypesA
EnumResourceNamesA
EnumResourceLanguagesA
FindResourceA
FindResourceExA
LoadResource
SizeofResource
LockResource
FreeResource
GetEnvironmentStringsA
FreeEnvironmentStringsA
FormatMessageA
CreateMutexA
GlobalAddAtomA
GetWindowsDirectoryA
DeleteFileA
CopyFileA
CreateProcessA
GetVersionExA
CompareStringA
GetLocaleInfoA
GetDateFormatA
EnumCalendarInfoA
GetEnvironmentStringsW
FreeEnvironmentStringsW
FormatMessageW
LoadLibraryW
GetModuleFileNameW
GetCommandLineW
CompareStringW
GetLocaleInfoW
GlobalAlloc
GlobalReAlloc
GlobalSize
GlobalLock
GlobalUnlock
VirtualFree
GetExitCodeProcess
GetExitCodeThread
GlobalDeleteAtom
MulDiv
GetLocalTime
CreatePipe
PeekNamedPipe
GetThreadLocale
SetThreadLocale
GetUserDefaultLCID

oleaut32

SysAllocStringLen
SysFreeString
SysReAllocStringLen
SafeArrayCreate
SafeArrayRedim
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayAccessData
SafeArrayUnaccessData
SafeArrayGetElement
SafeArrayPutElement
SafeArrayPtrOfIndex
VariantChangeTypeEx
VariantClear
VariantCopy
VariantInit

user32

MessageBoxA
CharUpperBuffW
CharLowerBuffW
PeekMessageA
SendMessageA
PostMessageA
DefWindowProcA
CallWindowProcA
RegisterClassA
UnregisterClassA
GetClassInfoA
CreateWindowExA
RegisterClipboardFormatA
GetClipboardFormatNameA
CharToOemA
CharUpperA
CharUpperBuffA
CharLowerA
CharLowerBuffA
GetMenuItemInfoA
SetPropA
GetPropA
RemovePropA
EnumPropsA
GetWindowLongA
SetWindowLongA
SetClassLongA
GetClassNameA
LoadBitmapA
LoadCursorA
LoadIconA
LoadImageA
SystemParametersInfoA
DispatchMessageW
PeekMessageW
SendMessageW
DefWindowProcW
CallWindowProcW
RegisterClassW
UnregisterClassW
GetClassInfoW
CreateWindowExW
InsertMenuItemW
GetMenuItemInfoW
SetMenuItemInfoW
DrawTextW
DrawStateW
SetWindowTextW
GetWindowTextW
GetWindowTextLengthW
MessageBoxW
GetWindowLongW
SetWindowLongW
TranslateMessage
PostQuitMessage
GetDoubleClickTime
IsWindow
IsMenu
DestroyWindow
ShowWindow
ShowWindowAsync
ShowOwnedPopups
SetWindowPos
GetWindowPlacement
SetWindowPlacement
BeginDeferWindowPos
DeferWindowPos
EndDeferWindowPos
IsWindowVisible
IsIconic
BringWindowToTop
IsZoomed
OpenClipboard
CloseClipboard
SetClipboardData
GetClipboardData
CountClipboardFormats
EnumClipboardFormats
EmptyClipboard
IsClipboardFormatAvailable
SetFocus
GetActiveWindow
GetFocus
GetKeyState
GetCapture
SetCapture
ReleaseCapture
MsgWaitForMultipleObjects
SetTimer
KillTimer
EnableWindow
IsWindowEnabled
GetSystemMetrics
GetMenu
SetMenu
DrawMenuBar
GetSystemMenu
CreateMenu
CreatePopupMenu
DestroyMenu
EnableMenuItem
GetSubMenu
GetMenuItemCount
RemoveMenu
DeleteMenu
UpdateWindow
SetActiveWindow
GetForegroundWindow
SetForegroundWindow
WindowFromDC
GetDC
GetDCEx
GetWindowDC
ReleaseDC
BeginPaint
EndPaint
GetUpdateRect
SetWindowRgn
InvalidateRect
InvalidateRgn
RedrawWindow
ScrollWindowEx
ShowScrollBar
EnableScrollBar
GetClientRect
GetWindowRect
AdjustWindowRectEx
MessageBeep
SetCursorPos
SetCursor
GetCursorPos
CreateCaret
DestroyCaret
HideCaret
ShowCaret
SetCaretPos
GetCaretPos
ClientToScreen
ScreenToClient
MapWindowPoints
WindowFromPoint
GetSysColor
GetSysColorBrush
SetSysColors
DrawFocusRect
FillRect
FrameRect
SetRect
InflateRect
IntersectRect
OffsetRect
GetDesktopWindow
GetParent
SetParent
EnumThreadWindows
GetTopWindow
GetWindowThreadProcessId
GetLastActivePopup
GetWindow
CallNextHookEx
DestroyCursor
DestroyIcon
CopyImage
CreateIconIndirect
GetIconInfo
SetScrollInfo
GetScrollInfo
DrawEdge
DrawFrameControl
TrackPopupMenuEx
ChildWindowFromPointEx
FlashWindowEx

advapi32

RegCreateKeyExA
RegOpenKeyExA
RegSetValueExA
RegCloseKey
RegFlushKey

gdi32

CreateFontIndirectA
EnumFontFamiliesA
GetCharABCWidthsA
GetTextExtentPointA
GetTextMetricsA
GetObjectA
ExtTextOutA
CreateFontIndirectW
EnumFontFamiliesExW
GetCharABCWidthsW
GetTextExtentPoint32W
GetTextExtentExPointW
GetObjectW
TextOutW
ExtTextOutW
GetRandomRgn
Arc
BitBlt
Chord
CombineRgn
CreateBitmap
CreateBrushIndirect
CreateCompatibleBitmap
CreateCompatibleDC
CreateDIBitmap
CreateEllipticRgn
CreatePen
CreatePenIndirect
CreatePatternBrush
CreateRectRgn
CreateRoundRectRgn
CreateSolidBrush
DeleteDC
DeleteObject
Ellipse
EqualRgn
ExcludeClipRect
ExtCreateRegion
ExtFloodFill
FillRgn
GetROP2
GetBkColor
GetBitmapBits
GetClipBox
GetClipRgn
GetCurrentObject
GetDeviceCaps
GetDIBits
GetMapMode
GetObjectType
GetPixel
GetRegionData
GetRgnBox
GetStockObject
GetTextAlign
GetTextColor
GetViewportExtEx
GetViewportOrgEx
GetWindowExtEx
GetWindowOrgEx
IntersectClipRect
LineTo
MaskBlt
OffsetRgn
PatBlt
Pie
PaintRgn
PtInRegion
RectInRegion
RectVisible
Rectangle
RestoreDC
RealizePalette
RoundRect
SaveDC
SelectClipRgn
ExtSelectClipRgn
SelectObject
SelectPalette
SetBkColor
SetBkMode
SetMapMode
SetPixel
SetPolyFillMode
StretchBlt
SetRectRgn
SetROP2
SetStretchBltMode
SetTextCharacterExtra
SetTextColor
SetTextAlign
CreateDIBSection
SetArcDirection
ExtCreatePen
MoveToEx
CreatePolygonRgn
DPtoLP
LPtoDP
Polygon
Polyline
PolyBezier
SetViewportExtEx
SetViewportOrgEx
SetWindowExtEx
SetWindowOrgEx
OffsetViewportOrgEx
SetBrushOrgEx
GetDCOrgEx

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

shell32

DragQueryFileA
ShellExecuteA
DragQueryFileW
DragFinish
DragAcceptFiles
SHGetSpecialFolderLocation
SHGetPathFromIDListA

ole32

OleInitialize
OleUninitialize
CoUninitialize
CoCreateInstance
CoInitialize
MkParseDisplayName
CreateBindCtx
GetErrorInfo

comctl32

InitCommonControls
ImageList_Create
ImageList_Destroy
ImageList_GetImageCount
ImageList_SetImageCount
ImageList_Add
ImageList_Replace
ImageList_AddMasked
ImageList_DrawEx
ImageList_DrawIndirect
ImageList_Remove
ImageList_Copy
ImageList_BeginDrag
ImageList_EndDrag
ImageList_DragEnter
ImageList_DragLeave
ImageList_DragMove
ImageList_DragShowNolock
_TrackMouseEvent

ws2_32

closesocket
connect
getsockopt
recv
send
setsockopt
shutdown
socket
WSAStartup
WSACleanup
WSAGetLastError

wsock32

gethostbyaddr
gethostbyname
WSAStartup

Sections

.text
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 112KB - Virtual size: 111KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 351KB - Virtual size: 350KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 25KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 388KB - Virtual size: 388KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Malware-Feed-master/2020.12.16_TeamCymru-APTC_23_AridViper_GnatSpy/2b70045d4878a20b8fca568c0b3414f2d255f3b2a7dfed85c84cf88d1b2f4e74
.exe windows:5 windows x86 arch:x86

2b67b7d14d1479dd7935f326d05a34d2

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

winspool.drv

DocumentPropertiesW
ClosePrinter
OpenPrinterW
GetDefaultPrinterW
EnumPrintersW

comctl32

ImageList_GetImageInfo
FlatSB_SetScrollInfo
ImageList_DragMove
ImageList_Destroy
_TrackMouseEvent
ImageList_DragShowNolock
ImageList_Add
FlatSB_SetScrollProp
ImageList_GetDragImage
ImageList_Create
ImageList_EndDrag
ImageList_DrawEx
ImageList_SetImageCount
FlatSB_GetScrollPos
FlatSB_SetScrollPos
InitializeFlatSB
ImageList_Copy
FlatSB_GetScrollInfo
ImageList_Write
ImageList_SetBkColor
ImageList_GetBkColor
ImageList_BeginDrag
ImageList_GetIcon
ImageList_Replace
ImageList_GetImageCount
ImageList_DragEnter
ImageList_GetIconSize
ImageList_SetIconSize
ImageList_Read
ImageList_DragLeave
ImageList_LoadImageW
ImageList_Draw
ImageList_Remove
ImageList_ReplaceIcon
ImageList_SetOverlayImage

shell32

SHGetSpecialFolderLocation
Shell_NotifyIconW
ShellExecuteW
SHGetPathFromIDListW

user32

CopyImage
CreateWindowExW
GetMenuItemInfoW
SetMenuItemInfoW
DefFrameProcW
GetDCEx
PeekMessageW
MonitorFromWindow
GetDlgCtrlID
SetTimer
WindowFromPoint
BeginPaint
RegisterClipboardFormatW
FrameRect
MapVirtualKeyW
IsWindowUnicode
RegisterWindowMessageW
FillRect
GetMenuStringW
DispatchMessageW
CreateAcceleratorTableW
SendMessageA
DefMDIChildProcW
EnumWindows
GetClassInfoW
ShowOwnedPopups
GetSystemMenu
GetScrollRange
SetScrollPos
GetScrollPos
GetActiveWindow
SetActiveWindow
DrawEdge
GetKeyboardLayoutList
LoadBitmapW
DrawFocusRect
EnumChildWindows
GetScrollBarInfo
ReleaseCapture
UnhookWindowsHookEx
LoadCursorW
GetCapture
SetCapture
CreatePopupMenu
ScrollWindow
ShowCaret
GetMenuItemID
GetLastActivePopup
CharLowerBuffW
GetSystemMetrics
SetWindowLongW
PostMessageW
DrawMenuBar
SetParent
IsZoomed
CharUpperBuffW
GetClientRect
IsChild
ClientToScreen
GetClipboardData
SetClipboardData
SetWindowPlacement
IsIconic
CallNextHookEx
GetMonitorInfoW
ShowWindow
CheckMenuItem
CharUpperW
DefWindowProcW
GetForegroundWindow
SetForegroundWindow
GetWindowTextW
EnableWindow
DestroyWindow
IsDialogMessageW
EndMenu
RegisterClassW
CharNextW
GetWindowThreadProcessId
RedrawWindow
GetDC
GetFocus
SetFocus
EndPaint
ReleaseDC
MsgWaitForMultipleObjectsEx
LoadKeyboardLayoutW
GetClassLongW
ActivateKeyboardLayout
GetParent
DrawTextW
SetScrollRange
MonitorFromRect
InsertMenuItemW
PeekMessageA
GetPropW
SetClassLongW
MessageBoxW
MessageBeep
SetPropW
RemovePropW
UpdateWindow
GetSubMenu
MsgWaitForMultipleObjects
DestroyMenu
DestroyIcon
SetWindowsHookExW
EmptyClipboard
IsWindowVisible
DispatchMessageA
UnregisterClassW
GetTopWindow
SendMessageW
AdjustWindowRectEx
DrawIcon
IsWindow
EnumThreadWindows
InvalidateRect
GetKeyboardState
DrawFrameControl
ScreenToClient
SetCursor
CreateIcon
CreateMenu
LoadStringW
CharLowerW
SetWindowRgn
SetWindowPos
GetMenuItemCount
RemoveMenu
GetSysColorBrush
GetKeyboardLayoutNameW
GetWindowDC
TranslateMessage
OpenClipboard
DrawTextExW
MapWindowPoints
EnumDisplayMonitors
CallWindowProcW
CloseClipboard
DestroyCursor
GetScrollInfo
SetWindowTextW
GetMessageExtraInfo
EnableScrollBar
GetSysColor
TrackPopupMenu
CopyIcon
DrawIconEx
PostQuitMessage
GetClassNameW
ShowScrollBar
EnableMenuItem
GetIconInfo
GetMessagePos
SetScrollInfo
GetKeyNameTextW
GetDesktopWindow
GetCursorPos
SetCursorPos
HideCaret
GetMenu
GetMenuState
SetMenu
SetRect
GetKeyState
FindWindowExW
MonitorFromPoint
SystemParametersInfoW
LoadIconW
GetCursor
GetWindow
GetWindowLongW
GetWindowRect
InsertMenuW
KillTimer
WaitMessage
IsWindowEnabled
IsDialogMessageA
TranslateMDISysAccel
GetWindowPlacement
CreateIconIndirect
FindWindowW
DeleteMenu
GetKeyboardLayout

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

oleaut32

GetErrorInfo
SysFreeString
VariantClear
VariantInit
SysReAllocStringLen
SafeArrayCreate
SafeArrayGetElement
SysAllocStringLen
SafeArrayPtrOfIndex
SafeArrayGetUBound
SafeArrayGetLBound
VariantCopy
VariantChangeType

advapi32

RegSetValueExW
RegConnectRegistryW
RegEnumKeyExW
RegLoadKeyW
RegDeleteKeyW
RegOpenKeyExW
RegQueryInfoKeyW
RegUnLoadKeyW
RegSaveKeyW
RegDeleteValueW
RegReplaceKeyW
RegFlushKey
RegQueryValueExW
RegEnumValueW
RegCloseKey
RegCreateKeyExW
RegRestoreKeyW

netapi32

NetWkstaGetInfo
NetApiBufferFree

msvcrt

memcpy
memset

winhttp

WinHttpGetIEProxyConfigForCurrentUser
WinHttpSetTimeouts
WinHttpSetStatusCallback
WinHttpConnect
WinHttpReceiveResponse
WinHttpQueryAuthSchemes
WinHttpGetProxyForUrl
WinHttpReadData
WinHttpCloseHandle
WinHttpQueryHeaders
WinHttpOpenRequest
WinHttpAddRequestHeaders
WinHttpOpen
WinHttpWriteData
WinHttpSetCredentials
WinHttpQueryDataAvailable
WinHttpSetOption
WinHttpSendRequest
WinHttpQueryOption

kernel32

GetFileType
GetACP
CloseHandle
LocalFree
GetCurrentProcessId
SizeofResource
VirtualProtect
TerminateThread
QueryPerformanceFrequency
IsDebuggerPresent
GetFullPathNameW
VirtualFree
ExitProcess
HeapAlloc
GetCPInfoExW
RtlUnwind
GetCPInfo
EnumSystemLocalesW
GetStdHandle
GetTimeZoneInformation
GetModuleHandleW
FreeLibrary
TryEnterCriticalSection
HeapDestroy
ReadFile
CreateProcessW
GetLastError
GetModuleFileNameW
SetLastError
GlobalAlloc
GlobalUnlock
FindResourceW
CreateThread
CompareStringW
CopyFileW
CreateMutexW
LoadLibraryA
ResetEvent
MulDiv
FreeResource
GetVersion
RaiseException
GlobalAddAtomW
FormatMessageW
SwitchToThread
GetExitCodeThread
GetCurrentThread
LoadLibraryExW
LockResource
FileTimeToSystemTime
GetCurrentThreadId
UnhandledExceptionFilter
VirtualQuery
GlobalFindAtomW
VirtualQueryEx
GlobalFree
Sleep
EnterCriticalSection
SetFilePointer
LoadResource
SuspendThread
GetTickCount
GetFileSize
GetStartupInfoW
GlobalDeleteAtom
GetFileAttributesW
InitializeCriticalSection
GetThreadPriority
GetCurrentProcess
SetThreadPriority
GlobalLock
VirtualAlloc
GetCommandLineW
GetSystemInfo
LeaveCriticalSection
GetProcAddress
ResumeThread
GetVersionExW
VerifyVersionInfoW
HeapCreate
LCMapStringW
GetDiskFreeSpaceW
VerSetConditionMask
FindFirstFileW
GetUserDefaultUILanguage
GetConsoleOutputCP
GetConsoleCP
lstrlenW
SetEndOfFile
QueryPerformanceCounter
HeapFree
WideCharToMultiByte
FindClose
MultiByteToWideChar
LoadLibraryW
SetEvent
GetLocaleInfoW
CreateFileW
EnumResourceNamesW
DeleteFileW
IsDBCSLeadByteEx
GetEnvironmentVariableW
GetLocalTime
WaitForSingleObject
WriteFile
ExitThread
CreatePipe
DeleteCriticalSection
GetDateFormatW
TlsGetValue
SetErrorMode
IsValidLocale
TlsSetValue
CreateDirectoryW
GetSystemDefaultUILanguage
EnumCalendarInfoW
LocalAlloc
RemoveDirectoryW
CreateEventW
WaitForMultipleObjectsEx
SetThreadLocale
GetThreadLocale

ole32

CreateBindCtx
MkParseDisplayName
CoCreateInstance
CoUninitialize
IsEqualGUID
OleInitialize
CLSIDFromProgID
OleUninitialize
CoInitialize
CoTaskMemFree
CoTaskMemAlloc
StringFromCLSID

gdi32

Pie
SetBkMode
CreateCompatibleBitmap
GetEnhMetaFileHeader
RectVisible
AngleArc
SetAbortProc
SetTextColor
StretchBlt
RoundRect
RestoreDC
SetRectRgn
GetTextMetricsW
GetWindowOrgEx
CreatePalette
PolyBezierTo
CreateICW
CreateDCW
GetStockObject
CreateSolidBrush
Polygon
MoveToEx
PlayEnhMetaFile
Ellipse
StartPage
GetBitmapBits
StartDocW
GetSystemPaletteEntries
GetEnhMetaFileBits
AbortDoc
GetEnhMetaFilePaletteEntries
CreatePenIndirect
CreateFontIndirectW
PolyBezier
EndDoc
GetObjectW
GetWinMetaFileBits
SetROP2
GetEnhMetaFileDescriptionW
ArcTo
Arc
SelectPalette
ExcludeClipRect
MaskBlt
SetWindowOrgEx
EndPage
DeleteEnhMetaFile
Chord
SetDIBits
SetViewportOrgEx
CreateRectRgn
RealizePalette
SetDIBColorTable
GetDIBColorTable
CreateBrushIndirect
PatBlt
SetEnhMetaFileBits
Rectangle
SaveDC
DeleteDC
FrameRgn
BitBlt
GetDeviceCaps
GetTextExtentPoint32W
GetClipBox
IntersectClipRect
Polyline
CreateBitmap
SetWinMetaFileBits
GetStretchBltMode
CreateDIBitmap
SetStretchBltMode
GetDIBits
CreateDIBSection
LineTo
GetRgnBox
EnumFontsW
CreateHalftonePalette
SelectObject
DeleteObject
ExtFloodFill
UnrealizeObject
CopyEnhMetaFileW
SetBkColor
CreateCompatibleDC
GetBrushOrgEx
GetCurrentPositionEx
GetTextExtentPointW
ExtTextOutW
SetBrushOrgEx
GetPixel
GdiFlush
SetPixel
EnumFontFamiliesExW
StretchDIBits
GetPaletteEntries

Exports

Exports

TMethodImplementationIntercept
__dbk_fcall_wrapper
dbkFCallWrapperAddr

Sections

.text
Size: 2.9MB - Virtual size: 2.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 35KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 26KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.didata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 163B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: - Virtual size: 92B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 93B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 256KB - Virtual size: 255KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 189KB - Virtual size: 189KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.12.16_TeamCymru-APTC_23_AridViper_GnatSpy/2d03ff4e5d4d72afffd9bde9225fe03d6dc941982d6f3a0bbd14076a6c890247
.exe windows:5 windows x86 arch:x86

2b67b7d14d1479dd7935f326d05a34d2

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

winspool.drv

DocumentPropertiesW
ClosePrinter
OpenPrinterW
GetDefaultPrinterW
EnumPrintersW

comctl32

ImageList_GetImageInfo
FlatSB_SetScrollInfo
ImageList_DragMove
ImageList_Destroy
_TrackMouseEvent
ImageList_DragShowNolock
ImageList_Add
FlatSB_SetScrollProp
ImageList_GetDragImage
ImageList_Create
ImageList_EndDrag
ImageList_DrawEx
ImageList_SetImageCount
FlatSB_GetScrollPos
FlatSB_SetScrollPos
InitializeFlatSB
ImageList_Copy
FlatSB_GetScrollInfo
ImageList_Write
ImageList_SetBkColor
ImageList_GetBkColor
ImageList_BeginDrag
ImageList_GetIcon
ImageList_Replace
ImageList_GetImageCount
ImageList_DragEnter
ImageList_GetIconSize
ImageList_SetIconSize
ImageList_Read
ImageList_DragLeave
ImageList_LoadImageW
ImageList_Draw
ImageList_Remove
ImageList_ReplaceIcon
ImageList_SetOverlayImage

shell32

SHGetSpecialFolderLocation
Shell_NotifyIconW
ShellExecuteW
SHGetPathFromIDListW

user32

CopyImage
CreateWindowExW
GetMenuItemInfoW
SetMenuItemInfoW
DefFrameProcW
GetDCEx
PeekMessageW
MonitorFromWindow
GetDlgCtrlID
SetTimer
WindowFromPoint
BeginPaint
RegisterClipboardFormatW
FrameRect
MapVirtualKeyW
IsWindowUnicode
RegisterWindowMessageW
FillRect
GetMenuStringW
DispatchMessageW
CreateAcceleratorTableW
SendMessageA
DefMDIChildProcW
EnumWindows
GetClassInfoW
ShowOwnedPopups
GetSystemMenu
GetScrollRange
SetScrollPos
GetScrollPos
GetActiveWindow
SetActiveWindow
DrawEdge
GetKeyboardLayoutList
LoadBitmapW
DrawFocusRect
EnumChildWindows
GetScrollBarInfo
ReleaseCapture
UnhookWindowsHookEx
LoadCursorW
GetCapture
SetCapture
CreatePopupMenu
ScrollWindow
ShowCaret
GetMenuItemID
GetLastActivePopup
CharLowerBuffW
GetSystemMetrics
SetWindowLongW
PostMessageW
DrawMenuBar
SetParent
IsZoomed
CharUpperBuffW
GetClientRect
IsChild
ClientToScreen
GetClipboardData
SetClipboardData
SetWindowPlacement
IsIconic
CallNextHookEx
GetMonitorInfoW
ShowWindow
CheckMenuItem
CharUpperW
DefWindowProcW
GetForegroundWindow
SetForegroundWindow
GetWindowTextW
EnableWindow
DestroyWindow
IsDialogMessageW
EndMenu
RegisterClassW
CharNextW
GetWindowThreadProcessId
RedrawWindow
GetDC
GetFocus
SetFocus
EndPaint
ReleaseDC
MsgWaitForMultipleObjectsEx
LoadKeyboardLayoutW
GetClassLongW
ActivateKeyboardLayout
GetParent
DrawTextW
SetScrollRange
MonitorFromRect
InsertMenuItemW
PeekMessageA
GetPropW
SetClassLongW
MessageBoxW
MessageBeep
SetPropW
RemovePropW
UpdateWindow
GetSubMenu
MsgWaitForMultipleObjects
DestroyMenu
DestroyIcon
SetWindowsHookExW
EmptyClipboard
IsWindowVisible
DispatchMessageA
UnregisterClassW
GetTopWindow
SendMessageW
AdjustWindowRectEx
DrawIcon
IsWindow
EnumThreadWindows
InvalidateRect
GetKeyboardState
DrawFrameControl
ScreenToClient
SetCursor
CreateIcon
CreateMenu
LoadStringW
CharLowerW
SetWindowRgn
SetWindowPos
GetMenuItemCount
RemoveMenu
GetSysColorBrush
GetKeyboardLayoutNameW
GetWindowDC
TranslateMessage
OpenClipboard
DrawTextExW
MapWindowPoints
EnumDisplayMonitors
CallWindowProcW
CloseClipboard
DestroyCursor
GetScrollInfo
SetWindowTextW
GetMessageExtraInfo
EnableScrollBar
GetSysColor
TrackPopupMenu
CopyIcon
DrawIconEx
PostQuitMessage
GetClassNameW
ShowScrollBar
EnableMenuItem
GetIconInfo
GetMessagePos
SetScrollInfo
GetKeyNameTextW
GetDesktopWindow
GetCursorPos
SetCursorPos
HideCaret
GetMenu
GetMenuState
SetMenu
SetRect
GetKeyState
FindWindowExW
MonitorFromPoint
SystemParametersInfoW
LoadIconW
GetCursor
GetWindow
GetWindowLongW
GetWindowRect
InsertMenuW
KillTimer
WaitMessage
IsWindowEnabled
IsDialogMessageA
TranslateMDISysAccel
GetWindowPlacement
CreateIconIndirect
FindWindowW
DeleteMenu
GetKeyboardLayout

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

oleaut32

GetErrorInfo
SysFreeString
VariantClear
VariantInit
SysReAllocStringLen
SafeArrayCreate
SafeArrayGetElement
SysAllocStringLen
SafeArrayPtrOfIndex
SafeArrayGetUBound
SafeArrayGetLBound
VariantCopy
VariantChangeType

advapi32

RegSetValueExW
RegConnectRegistryW
RegEnumKeyExW
RegLoadKeyW
RegDeleteKeyW
RegOpenKeyExW
RegQueryInfoKeyW
RegUnLoadKeyW
RegSaveKeyW
RegDeleteValueW
RegReplaceKeyW
RegFlushKey
RegQueryValueExW
RegEnumValueW
RegCloseKey
RegCreateKeyExW
RegRestoreKeyW

netapi32

NetWkstaGetInfo
NetApiBufferFree

msvcrt

memcpy
memset

winhttp

WinHttpGetIEProxyConfigForCurrentUser
WinHttpSetTimeouts
WinHttpSetStatusCallback
WinHttpConnect
WinHttpReceiveResponse
WinHttpQueryAuthSchemes
WinHttpGetProxyForUrl
WinHttpReadData
WinHttpCloseHandle
WinHttpQueryHeaders
WinHttpOpenRequest
WinHttpAddRequestHeaders
WinHttpOpen
WinHttpWriteData
WinHttpSetCredentials
WinHttpQueryDataAvailable
WinHttpSetOption
WinHttpSendRequest
WinHttpQueryOption

kernel32

GetFileType
GetACP
CloseHandle
LocalFree
GetCurrentProcessId
SizeofResource
VirtualProtect
TerminateThread
QueryPerformanceFrequency
IsDebuggerPresent
GetFullPathNameW
VirtualFree
ExitProcess
HeapAlloc
GetCPInfoExW
RtlUnwind
GetCPInfo
EnumSystemLocalesW
GetStdHandle
GetTimeZoneInformation
GetModuleHandleW
FreeLibrary
TryEnterCriticalSection
HeapDestroy
ReadFile
CreateProcessW
GetLastError
GetModuleFileNameW
SetLastError
GlobalAlloc
GlobalUnlock
FindResourceW
CreateThread
CompareStringW
CopyFileW
CreateMutexW
LoadLibraryA
ResetEvent
MulDiv
FreeResource
GetVersion
RaiseException
GlobalAddAtomW
FormatMessageW
SwitchToThread
GetExitCodeThread
GetCurrentThread
LoadLibraryExW
LockResource
FileTimeToSystemTime
GetCurrentThreadId
UnhandledExceptionFilter
VirtualQuery
GlobalFindAtomW
VirtualQueryEx
GlobalFree
Sleep
EnterCriticalSection
SetFilePointer
LoadResource
SuspendThread
GetTickCount
GetFileSize
GetStartupInfoW
GlobalDeleteAtom
GetFileAttributesW
InitializeCriticalSection
GetThreadPriority
GetCurrentProcess
SetThreadPriority
GlobalLock
VirtualAlloc
GetCommandLineW
GetSystemInfo
LeaveCriticalSection
GetProcAddress
ResumeThread
GetVersionExW
VerifyVersionInfoW
HeapCreate
LCMapStringW
GetDiskFreeSpaceW
VerSetConditionMask
FindFirstFileW
GetUserDefaultUILanguage
GetConsoleOutputCP
GetConsoleCP
lstrlenW
SetEndOfFile
QueryPerformanceCounter
HeapFree
WideCharToMultiByte
FindClose
MultiByteToWideChar
LoadLibraryW
SetEvent
GetLocaleInfoW
CreateFileW
EnumResourceNamesW
DeleteFileW
IsDBCSLeadByteEx
GetEnvironmentVariableW
GetLocalTime
WaitForSingleObject
WriteFile
ExitThread
CreatePipe
DeleteCriticalSection
GetDateFormatW
TlsGetValue
SetErrorMode
IsValidLocale
TlsSetValue
CreateDirectoryW
GetSystemDefaultUILanguage
EnumCalendarInfoW
LocalAlloc
RemoveDirectoryW
CreateEventW
WaitForMultipleObjectsEx
SetThreadLocale
GetThreadLocale

ole32

CreateBindCtx
MkParseDisplayName
CoCreateInstance
CoUninitialize
IsEqualGUID
OleInitialize
CLSIDFromProgID
OleUninitialize
CoInitialize
CoTaskMemFree
CoTaskMemAlloc
StringFromCLSID

gdi32

Pie
SetBkMode
CreateCompatibleBitmap
GetEnhMetaFileHeader
RectVisible
AngleArc
SetAbortProc
SetTextColor
StretchBlt
RoundRect
RestoreDC
SetRectRgn
GetTextMetricsW
GetWindowOrgEx
CreatePalette
PolyBezierTo
CreateICW
CreateDCW
GetStockObject
CreateSolidBrush
Polygon
MoveToEx
PlayEnhMetaFile
Ellipse
StartPage
GetBitmapBits
StartDocW
GetSystemPaletteEntries
GetEnhMetaFileBits
AbortDoc
GetEnhMetaFilePaletteEntries
CreatePenIndirect
CreateFontIndirectW
PolyBezier
EndDoc
GetObjectW
GetWinMetaFileBits
SetROP2
GetEnhMetaFileDescriptionW
ArcTo
Arc
SelectPalette
ExcludeClipRect
MaskBlt
SetWindowOrgEx
EndPage
DeleteEnhMetaFile
Chord
SetDIBits
SetViewportOrgEx
CreateRectRgn
RealizePalette
SetDIBColorTable
GetDIBColorTable
CreateBrushIndirect
PatBlt
SetEnhMetaFileBits
Rectangle
SaveDC
DeleteDC
FrameRgn
BitBlt
GetDeviceCaps
GetTextExtentPoint32W
GetClipBox
IntersectClipRect
Polyline
CreateBitmap
SetWinMetaFileBits
GetStretchBltMode
CreateDIBitmap
SetStretchBltMode
GetDIBits
CreateDIBSection
LineTo
GetRgnBox
EnumFontsW
CreateHalftonePalette
SelectObject
DeleteObject
ExtFloodFill
UnrealizeObject
CopyEnhMetaFileW
SetBkColor
CreateCompatibleDC
GetBrushOrgEx
GetCurrentPositionEx
GetTextExtentPointW
ExtTextOutW
SetBrushOrgEx
GetPixel
GdiFlush
SetPixel
EnumFontFamiliesExW
StretchDIBits
GetPaletteEntries

Exports

Exports

TMethodImplementationIntercept
__dbk_fcall_wrapper
dbkFCallWrapperAddr

Sections

.text
Size: 2.9MB - Virtual size: 2.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 35KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 26KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.didata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 163B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: - Virtual size: 92B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 93B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 256KB - Virtual size: 255KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 352KB - Virtual size: 352KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.12.16_TeamCymru-APTC_23_AridViper_GnatSpy/3884ac554dcd58c871a4e55900f8847c9e308a79c321ae46ced58daa00d82ab4
.exe windows:4 windows x86 arch:x86

776bfab4178fc8093bfe09ad3c3fb931

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

GetStdHandle
GetConsoleMode
TlsGetValue
GetLastError
SetLastError
GetTickCount
ExitProcess
GetStartupInfoA
GetCommandLineA
GetCurrentProcessId
GetCurrentThreadId
GetCurrentProcess
ReadProcessMemory
GetModuleFileNameA
GetModuleHandleA
WriteFile
ReadFile
CloseHandle
SetFilePointer
SetEndOfFile
GetSystemInfo
LoadLibraryW
LoadLibraryA
GetProcAddress
FreeLibrary
FormatMessageW
DeleteFileW
CreateFileW
GetFileAttributesW
CreateDirectoryW
GetCurrentDirectoryW
GetFullPathNameW
GetConsoleOutputCP
GetOEMCP
GetProcessHeap
HeapAlloc
HeapFree
TlsAlloc
TlsSetValue
CreateThread
ExitThread
LocalAlloc
LocalFree
Sleep
SuspendThread
ResumeThread
TerminateThread
WaitForSingleObject
SetThreadPriority
GetThreadPriority
CreateEventA
ResetEvent
SetEvent
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
TryEnterCriticalSection
GetEnvironmentStringsW
FreeEnvironmentStringsW
RaiseException
MultiByteToWideChar
WideCharToMultiByte
GetACP
GetConsoleCP
RtlUnwind
EnumResourceTypesA
EnumResourceNamesA
EnumResourceLanguagesA
FindResourceA
FindResourceExA
LoadResource
SizeofResource
LockResource
FreeResource
GetEnvironmentStringsA
FreeEnvironmentStringsA
FormatMessageA
CreateMutexA
GlobalAddAtomA
GetWindowsDirectoryA
SetFileAttributesA
CreateProcessA
GetVersionExA
CompareStringA
GetLocaleInfoA
GetDateFormatA
EnumCalendarInfoA
GetModuleFileNameW
GetCommandLineW
FindNextFileW
CompareStringW
GetLocaleInfoW
GetDateFormatW
FindFirstFileExW
GlobalAlloc
GlobalReAlloc
GlobalSize
GlobalLock
GlobalUnlock
VirtualFree
GetExitCodeProcess
GetExitCodeThread
GlobalDeleteAtom
DeviceIoControl
FindClose
MulDiv
GetLocalTime
FileTimeToLocalFileTime
FileTimeToDosDateTime
PeekNamedPipe
GetCPInfo
GetThreadLocale
SetThreadLocale
GetUserDefaultLCID

oleaut32

SysAllocStringLen
SysFreeString
SysReAllocStringLen
SafeArrayCreate
SafeArrayRedim
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayAccessData
SafeArrayUnaccessData
SafeArrayGetElement
SafeArrayPutElement
SafeArrayPtrOfIndex
VariantChangeTypeEx
VariantClear
VariantCopy
VariantInit

user32

MessageBoxA
CharUpperBuffW
CharLowerBuffW
PeekMessageA
SendMessageA
PostMessageA
DefWindowProcA
CallWindowProcA
RegisterClassA
UnregisterClassA
GetClassInfoA
CreateWindowExA
RegisterClipboardFormatA
GetClipboardFormatNameA
CharToOemA
CharUpperA
CharUpperBuffA
CharLowerA
CharLowerBuffA
GetMenuItemInfoA
SetPropA
GetPropA
RemovePropA
EnumPropsA
GetWindowLongA
SetWindowLongA
SetClassLongA
GetClassNameA
LoadBitmapA
LoadCursorA
LoadIconA
LoadImageA
SystemParametersInfoA
DispatchMessageW
PeekMessageW
SendMessageW
DefWindowProcW
CallWindowProcW
RegisterClassW
UnregisterClassW
GetClassInfoW
CreateWindowExW
InsertMenuItemW
GetMenuItemInfoW
SetMenuItemInfoW
DrawTextW
DrawStateW
SetWindowTextW
GetWindowTextW
GetWindowTextLengthW
MessageBoxW
GetWindowLongW
SetWindowLongW
TranslateMessage
PostQuitMessage
GetDoubleClickTime
IsWindow
IsMenu
DestroyWindow
ShowWindow
ShowWindowAsync
ShowOwnedPopups
MoveWindow
SetWindowPos
GetWindowPlacement
SetWindowPlacement
BeginDeferWindowPos
DeferWindowPos
EndDeferWindowPos
IsWindowVisible
IsIconic
BringWindowToTop
IsZoomed
OpenClipboard
CloseClipboard
SetClipboardData
GetClipboardData
CountClipboardFormats
EnumClipboardFormats
EmptyClipboard
IsClipboardFormatAvailable
SetFocus
GetActiveWindow
GetFocus
GetKeyState
GetCapture
SetCapture
ReleaseCapture
MsgWaitForMultipleObjects
SetTimer
KillTimer
EnableWindow
IsWindowEnabled
GetSystemMetrics
GetMenu
SetMenu
DrawMenuBar
GetSystemMenu
CreateMenu
CreatePopupMenu
DestroyMenu
EnableMenuItem
GetSubMenu
GetMenuItemCount
RemoveMenu
DeleteMenu
UpdateWindow
SetActiveWindow
GetForegroundWindow
SetForegroundWindow
WindowFromDC
GetDC
GetDCEx
GetWindowDC
ReleaseDC
BeginPaint
EndPaint
GetUpdateRect
SetWindowRgn
InvalidateRect
InvalidateRgn
RedrawWindow
ScrollWindowEx
ShowScrollBar
EnableScrollBar
GetClientRect
GetWindowRect
AdjustWindowRectEx
MessageBeep
SetCursorPos
SetCursor
GetCursorPos
CreateCaret
DestroyCaret
HideCaret
ShowCaret
SetCaretPos
GetCaretPos
ClientToScreen
ScreenToClient
MapWindowPoints
WindowFromPoint
GetSysColor
GetSysColorBrush
SetSysColors
DrawFocusRect
FillRect
FrameRect
SetRect
InflateRect
IntersectRect
OffsetRect
GetDesktopWindow
GetParent
SetParent
EnumThreadWindows
GetTopWindow
GetWindowThreadProcessId
GetLastActivePopup
GetWindow
CallNextHookEx
DestroyCursor
DestroyIcon
CopyImage
CreateIconIndirect
GetIconInfo
SetScrollInfo
GetScrollInfo
DrawEdge
DrawFrameControl
TrackPopupMenuEx
ChildWindowFromPointEx
FlashWindowEx

gdi32

CreateFontIndirectA
EnumFontFamiliesA
GetCharABCWidthsA
GetTextExtentPointA
GetTextMetricsA
GetObjectA
ExtTextOutA
CreateFontIndirectW
EnumFontFamiliesExW
GetCharABCWidthsW
GetTextExtentPoint32W
GetTextExtentExPointW
GetObjectW
TextOutW
ExtTextOutW
GetRandomRgn
Arc
BitBlt
Chord
CombineRgn
CreateBitmap
CreateBrushIndirect
CreateCompatibleBitmap
CreateCompatibleDC
CreateDIBitmap
CreateEllipticRgn
CreatePen
CreatePenIndirect
CreatePatternBrush
CreateRectRgn
CreateRoundRectRgn
CreateSolidBrush
DeleteDC
DeleteObject
Ellipse
EqualRgn
ExcludeClipRect
ExtCreateRegion
ExtFloodFill
FillRgn
GetROP2
GetBkColor
GetBitmapBits
GetClipBox
GetClipRgn
GetCurrentObject
GetDeviceCaps
GetDIBits
GetMapMode
GetObjectType
GetPixel
GetRegionData
GetRgnBox
GetStockObject
GetTextAlign
GetTextColor
GetViewportExtEx
GetViewportOrgEx
GetWindowExtEx
GetWindowOrgEx
IntersectClipRect
LineTo
MaskBlt
OffsetRgn
PatBlt
Pie
PaintRgn
PtInRegion
RectInRegion
RectVisible
Rectangle
RestoreDC
RealizePalette
RoundRect
SaveDC
SelectClipRgn
ExtSelectClipRgn
SelectObject
SelectPalette
SetBkColor
SetBkMode
SetMapMode
SetPixel
SetPolyFillMode
StretchBlt
SetRectRgn
SetROP2
SetStretchBltMode
SetTextCharacterExtra
SetTextColor
SetTextAlign
CreateDIBSection
SetArcDirection
ExtCreatePen
MoveToEx
CreatePolygonRgn
DPtoLP
LPtoDP
Polygon
Polyline
PolyBezier
SetViewportExtEx
SetViewportOrgEx
SetWindowExtEx
SetWindowOrgEx
OffsetViewportOrgEx
SetBrushOrgEx
GetDCOrgEx

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

shell32

DragQueryFileA
ShellExecuteA
DragQueryFileW
DragFinish
DragAcceptFiles
SHGetSpecialFolderLocation
SHGetPathFromIDListA

ole32

OleInitialize
OleUninitialize
CoUninitialize
CoCreateInstance
CoInitialize
GetErrorInfo

comctl32

InitCommonControls
ImageList_Create
ImageList_Destroy
ImageList_GetImageCount
ImageList_SetImageCount
ImageList_Add
ImageList_Replace
ImageList_AddMasked
ImageList_DrawEx
ImageList_DrawIndirect
ImageList_Remove
ImageList_Copy
ImageList_BeginDrag
ImageList_EndDrag
ImageList_DragEnter
ImageList_DragLeave
ImageList_DragMove
ImageList_DragShowNolock
_TrackMouseEvent

ws2_32

closesocket
connect
ioctlsocket
getsockopt
recv
select
send
setsockopt
shutdown
socket
WSAStartup
WSACleanup
WSAGetLastError
__WSAFDIsSet

wsock32

gethostbyaddr
gethostbyname
WSAStartup

Sections

.text
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 117KB - Virtual size: 116KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 379KB - Virtual size: 378KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 26KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2.2MB - Virtual size: 2.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Malware-Feed-master/2020.12.16_TeamCymru-APTC_23_AridViper_GnatSpy/3c8979740d2f634ff2c0c0ab7adb78fe69d6d42307118d0bb934f03974deddac
.exe windows:5 windows x86 arch:x86

45a6e4d95a6cac444771b413e7d921d9

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

winmm

waveInGetDevCapsW
waveInGetNumDevs
mciSendStringW

winspool.drv

DocumentPropertiesW
ClosePrinter
OpenPrinterW
GetDefaultPrinterW
EnumPrintersW

comctl32

ImageList_GetImageInfo
FlatSB_SetScrollInfo
InitCommonControls
ImageList_DragMove
ImageList_Destroy
_TrackMouseEvent
ImageList_DragShowNolock
ImageList_Add
FlatSB_SetScrollProp
ImageList_GetDragImage
ImageList_Create
ImageList_EndDrag
ImageList_DrawEx
ImageList_SetImageCount
FlatSB_GetScrollPos
FlatSB_SetScrollPos
InitializeFlatSB
ImageList_Copy
FlatSB_GetScrollInfo
ImageList_Write
ImageList_SetBkColor
ImageList_GetBkColor
ImageList_BeginDrag
ImageList_GetIcon
ImageList_Replace
ImageList_GetImageCount
ImageList_DragEnter
ImageList_GetIconSize
ImageList_SetIconSize
ImageList_Read
ImageList_DragLeave
ImageList_LoadImageW
ImageList_Draw
ImageList_Remove
ImageList_ReplaceIcon
ImageList_SetOverlayImage

shell32

SHGetSpecialFolderLocation
Shell_NotifyIconW
ShellExecuteW
SHGetPathFromIDListW

user32

CopyImage
SetMenuItemInfoW
GetMenuItemInfoW
DefFrameProcW
GetDlgCtrlID
FrameRect
RegisterWindowMessageW
GetMenuStringW
FillRect
SendMessageA
IsClipboardFormatAvailable
EnumWindows
ShowOwnedPopups
GetClassInfoW
GetScrollRange
SetActiveWindow
GetActiveWindow
DrawEdge
GetKeyboardLayoutList
LoadBitmapW
EnumChildWindows
GetScrollBarInfo
UnhookWindowsHookEx
SetCapture
GetCapture
ShowCaret
CreatePopupMenu
GetMenuItemID
CharLowerBuffW
PostMessageW
SetWindowLongW
IsZoomed
SetParent
DrawMenuBar
GetClientRect
IsChild
IsIconic
CallNextHookEx
ShowWindow
GetWindowTextW
SetForegroundWindow
GetAsyncKeyState
GetWindowTextLengthW
IsDialogMessageW
DestroyWindow
RegisterClassW
EndMenu
CharNextW
GetFocus
GetDC
SetFocus
ReleaseDC
GetClassLongW
SetScrollRange
DrawTextW
PeekMessageA
MessageBeep
SetClassLongW
RemovePropW
GetSubMenu
DestroyIcon
IsWindowVisible
DispatchMessageA
UnregisterClassW
GetTopWindow
SendMessageW
GetLastInputInfo
LoadStringW
CreateMenu
CharLowerW
SetWindowPos
SetWindowRgn
GetMenuItemCount
GetSysColorBrush
GetWindowDC
DrawTextExW
EnumClipboardFormats
GetScrollInfo
SetWindowTextW
GetMessageExtraInfo
GetSysColor
EnableScrollBar
TrackPopupMenu
DrawIconEx
GetClassNameW
GetMessagePos
GetIconInfo
SetScrollInfo
GetKeyNameTextW
GetDesktopWindow
SetCursorPos
GetCursorPos
SetMenu
GetMenuState
GetMenu
SetRect
GetKeyState
GetCursor
KillTimer
WaitMessage
TranslateMDISysAccel
GetWindowPlacement
CreateIconIndirect
CreateWindowExW
GetDCEx
PeekMessageW
RegisterDeviceNotificationW
MonitorFromWindow
SetTimer
WindowFromPoint
BeginPaint
RegisterClipboardFormatW
MapVirtualKeyW
IsWindowUnicode
DispatchMessageW
CreateAcceleratorTableW
DefMDIChildProcW
GetSystemMenu
SetScrollPos
GetScrollPos
DrawFocusRect
ReleaseCapture
LoadCursorW
ScrollWindow
GetLastActivePopup
GetSystemMetrics
CharUpperBuffW
SetClipboardData
GetClipboardData
ClientToScreen
SetWindowPlacement
GetMonitorInfoW
CheckMenuItem
CharUpperW
DefWindowProcW
GetForegroundWindow
EnableWindow
GetWindowThreadProcessId
RedrawWindow
EndPaint
MsgWaitForMultipleObjectsEx
LoadKeyboardLayoutW
ActivateKeyboardLayout
GetParent
InsertMenuItemW
MonitorFromRect
GetPropW
MessageBoxW
SetPropW
UpdateWindow
MsgWaitForMultipleObjects
DestroyMenu
SetWindowsHookExW
EmptyClipboard
AdjustWindowRectEx
IsWindow
DrawIcon
EnumThreadWindows
InvalidateRect
GetKeyboardState
ScreenToClient
DrawFrameControl
SetCursor
CreateIcon
RemoveMenu
GetKeyboardLayoutNameW
OpenClipboard
TranslateMessage
MapWindowPoints
EnumDisplayMonitors
CountClipboardFormats
CallWindowProcW
CloseClipboard
DestroyCursor
CopyIcon
PostQuitMessage
ShowScrollBar
EnableMenuItem
HideCaret
FindWindowExW
LoadIconW
SystemParametersInfoW
MonitorFromPoint
GetWindow
GetWindowRect
GetWindowLongW
InsertMenuW
IsWindowEnabled
IsDialogMessageA
FindWindowW
GetKeyboardLayout
DeleteMenu

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

oleaut32

GetErrorInfo
SysFreeString
VariantClear
VariantInit
SysReAllocStringLen
SafeArrayCreate
SafeArrayGetElement
SysAllocStringLen
SafeArrayPtrOfIndex
SafeArrayGetUBound
SafeArrayGetLBound
VariantCopy
VariantChangeType

advapi32

RegSetValueExW
RegConnectRegistryW
RegEnumKeyExW
RegLoadKeyW
RegDeleteKeyW
RegOpenKeyExW
RegQueryInfoKeyW
RegUnLoadKeyW
RegSaveKeyW
RegDeleteValueW
RegReplaceKeyW
RegFlushKey
RegQueryValueExW
RegEnumValueW
RegCloseKey
RegCreateKeyExW
RegRestoreKeyW

netapi32

NetWkstaGetInfo
NetApiBufferFree

msvcrt

memcpy
memset

winhttp

WinHttpGetIEProxyConfigForCurrentUser
WinHttpSetTimeouts
WinHttpSetStatusCallback
WinHttpConnect
WinHttpReceiveResponse
WinHttpQueryAuthSchemes
WinHttpGetProxyForUrl
WinHttpReadData
WinHttpCloseHandle
WinHttpQueryHeaders
WinHttpOpenRequest
WinHttpAddRequestHeaders
WinHttpOpen
WinHttpWriteData
WinHttpSetCredentials
WinHttpQueryDataAvailable
WinHttpSetOption
WinHttpSendRequest
WinHttpQueryOption

kernel32

SetFileAttributesW
GetFileType
QueryDosDeviceW
GetACP
GetExitCodeProcess
CloseHandle
LocalFree
GetCurrentProcessId
SizeofResource
VirtualProtect
TerminateThread
QueryPerformanceFrequency
IsDebuggerPresent
FindNextFileW
GetFullPathNameW
VirtualFree
ExitProcess
HeapAlloc
GetCPInfoExW
GlobalSize
GetLongPathNameW
RtlUnwind
GetCPInfo
EnumSystemLocalesW
GetStdHandle
GetTimeZoneInformation
FileTimeToLocalFileTime
SystemTimeToTzSpecificLocalTime
GetModuleHandleW
FreeLibrary
TryEnterCriticalSection
HeapDestroy
FileTimeToDosDateTime
ReadFile
CreateProcessW
GetLastError
GetModuleFileNameW
SetLastError
GlobalAlloc
GlobalUnlock
FindResourceW
CreateThread
CompareStringW
MapViewOfFile
CreateMutexW
LoadLibraryA
GetVolumeInformationW
ResetEvent
MulDiv
FreeResource
GetDriveTypeW
GetVersion
RaiseException
GlobalAddAtomW
FormatMessageW
SwitchToThread
GetExitCodeThread
GetCurrentThread
GetFileAttributesExW
GlobalMemoryStatusEx
LoadLibraryExW
TerminateProcess
LockResource
FileTimeToSystemTime
GetCurrentThreadId
UnhandledExceptionFilter
PeekNamedPipe
GlobalFindAtomW
VirtualQuery
GlobalFree
VirtualQueryEx
Sleep
EnterCriticalSection
SetFilePointer
LoadResource
SuspendThread
GetTickCount
GetTempFileNameW
GetFileSize
GlobalDeleteAtom
GetStartupInfoW
GetFileAttributesW
InitializeCriticalSection
GetThreadPriority
GetCurrentProcess
GlobalLock
SetThreadPriority
VirtualAlloc
GetTempPathW
GetCommandLineW
GetSystemInfo
DuplicateHandle
LeaveCriticalSection
GetProcAddress
ResumeThread
GetLogicalDriveStringsW
GetVersionExW
VerifyVersionInfoW
HeapCreate
LCMapStringW
GetDiskFreeSpaceW
VerSetConditionMask
FindFirstFileW
GetUserDefaultUILanguage
GetConsoleOutputCP
UnmapViewOfFile
GetConsoleCP
lstrlenW
SetEndOfFile
QueryPerformanceCounter
lstrcmpW
HeapFree
WideCharToMultiByte
FindClose
MultiByteToWideChar
LoadLibraryW
SetEvent
GetLocaleInfoW
CreateFileW
EnumResourceNamesW
DeleteFileW
IsDBCSLeadByteEx
GetEnvironmentVariableW
GetLocalTime
WaitForSingleObject
GetSystemPowerStatus
WriteFile
CreateFileMappingW
ExitThread
CreatePipe
DeleteCriticalSection
GetDateFormatW
TlsGetValue
SetErrorMode
IsValidLocale
TlsSetValue
CreateDirectoryW
GetSystemDefaultUILanguage
EnumCalendarInfoW
LocalAlloc
RemoveDirectoryW
CreateEventW
WaitForMultipleObjectsEx
GetThreadLocale
SetThreadLocale

ole32

IsEqualGUID
OleInitialize
CreateBindCtx
OleUninitialize
MkParseDisplayName
CoInitialize
CoCreateInstance
CoUninitialize
CoTaskMemFree
CoTaskMemAlloc

gdi32

Pie
SetBkMode
CreateCompatibleBitmap
GetEnhMetaFileHeader
RectVisible
AngleArc
SetAbortProc
SetTextColor
StretchBlt
RoundRect
RestoreDC
SetRectRgn
GetTextMetricsW
GetWindowOrgEx
CreatePalette
PolyBezierTo
CreateICW
CreateDCW
GetStockObject
CreateSolidBrush
Polygon
MoveToEx
PlayEnhMetaFile
Ellipse
StartPage
GetBitmapBits
StartDocW
GetSystemPaletteEntries
GetEnhMetaFileBits
AbortDoc
GetEnhMetaFilePaletteEntries
CreatePenIndirect
CreateFontIndirectW
PolyBezier
EndDoc
GetObjectW
GetWinMetaFileBits
SetROP2
GetEnhMetaFileDescriptionW
ArcTo
Arc
SelectPalette
ExcludeClipRect
MaskBlt
SetWindowOrgEx
EndPage
DeleteEnhMetaFile
Chord
SetDIBits
SetViewportOrgEx
CreateRectRgn
RealizePalette
SetDIBColorTable
GetDIBColorTable
CreateBrushIndirect
PatBlt
SetEnhMetaFileBits
Rectangle
SaveDC
DeleteDC
FrameRgn
BitBlt
GetDeviceCaps
GetTextExtentPoint32W
GetClipBox
IntersectClipRect
Polyline
CreateBitmap
SetWinMetaFileBits
GetStretchBltMode
CreateDIBitmap
SetStretchBltMode
GetDIBits
CreateDIBSection
LineTo
GetRgnBox
EnumFontsW
CreateHalftonePalette
SelectObject
DeleteObject
ExtFloodFill
UnrealizeObject
CopyEnhMetaFileW
SetBkColor
CreateCompatibleDC
GetBrushOrgEx
GetCurrentPositionEx
GetTextExtentPointW
ExtTextOutW
SetBrushOrgEx
GetPixel
GdiFlush
SetPixel
EnumFontFamiliesExW
StretchDIBits
GetPaletteEntries

Exports

Exports

TMethodImplementationIntercept
__dbk_fcall_wrapper
dbkFCallWrapperAddr

Sections

.text
Size: 3.1MB - Virtual size: 3.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 26KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.didata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 161B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: - Virtual size: 92B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 93B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 275KB - Virtual size: 274KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 761KB - Virtual size: 761KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.12.16_TeamCymru-APTC_23_AridViper_GnatSpy/3da95f33b6feb5dcc86d15e2a31e211e031efa2e96792ce9c459b6b769ffd6a4
.exe windows:4 windows x64 arch:x64

f60ff7bc2495abc11777f85fbd08fa18

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

GetLastError
SetLastError
GetTickCount
ExitProcess
GetStartupInfoA
GetStdHandle
GetCommandLineA
GetCurrentProcessId
GetCurrentThreadId
GetCurrentProcess
ReadProcessMemory
GetModuleFileNameA
GetModuleHandleA
WriteFile
ReadFile
CloseHandle
SetFilePointer
SetEndOfFile
FreeLibrary
GetSystemInfo
LoadLibraryA
GetProcAddress
DeleteFileW
CreateFileW
GetFileAttributesW
CreateDirectoryW
GetCurrentDirectoryW
GetFullPathNameW
GetConsoleMode
GetConsoleOutputCP
GetOEMCP
GetProcessHeap
HeapAlloc
HeapFree
TlsAlloc
TlsGetValue
TlsSetValue
CreateThread
ExitThread
LocalAlloc
LocalFree
Sleep
SuspendThread
ResumeThread
TerminateThread
WaitForSingleObject
SetThreadPriority
GetThreadPriority
CreateEventA
ResetEvent
SetEvent
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
TryEnterCriticalSection
RaiseException
MultiByteToWideChar
WideCharToMultiByte
GetACP
GetConsoleCP
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
RtlUnwindEx
EnumResourceTypesA
EnumResourceNamesA
EnumResourceLanguagesA
FindResourceA
FindResourceExA
LoadResource
SizeofResource
LockResource
FreeResource
GetEnvironmentStringsA
FreeEnvironmentStringsA
FormatMessageA
GlobalAddAtomA
GetWindowsDirectoryA
DeleteFileA
CopyFileA
CreateProcessA
GetVersionExA
CompareStringA
GetLocaleInfoA
GetDateFormatA
EnumCalendarInfoA
GetEnvironmentStringsW
FreeEnvironmentStringsW
FormatMessageW
LoadLibraryW
GetModuleFileNameW
GetCommandLineW
CompareStringW
GetLocaleInfoW
GlobalAlloc
GlobalReAlloc
GlobalSize
GlobalLock
GlobalUnlock
GetExitCodeProcess
GetExitCodeThread
GlobalDeleteAtom
MulDiv
GetLocalTime
CreatePipe
PeekNamedPipe
GetThreadLocale
SetThreadLocale
GetUserDefaultLCID

oleaut32

SysAllocStringLen
SysFreeString
SysReAllocStringLen
SafeArrayCreate
SafeArrayRedim
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayAccessData
SafeArrayUnaccessData
SafeArrayGetElement
SafeArrayPutElement
SafeArrayPtrOfIndex
VariantChangeTypeEx
VariantClear
VariantCopy
VariantInit

user32

MessageBoxA
CharUpperBuffW
CharLowerBuffW
PeekMessageA
SendMessageA
PostMessageA
DefWindowProcA
CallWindowProcA
RegisterClassA
UnregisterClassA
GetClassInfoA
CreateWindowExA
RegisterClipboardFormatA
GetClipboardFormatNameA
CharToOemA
CharUpperA
CharUpperBuffA
CharLowerA
CharLowerBuffA
GetMenuItemInfoA
SetPropA
GetPropA
RemovePropA
EnumPropsA
GetWindowLongA
SetWindowLongA
SetClassLongPtrA
GetClassNameA
LoadBitmapA
LoadCursorA
LoadIconA
LoadImageA
SystemParametersInfoA
DispatchMessageW
PeekMessageW
SendMessageW
DefWindowProcW
CallWindowProcW
RegisterClassW
UnregisterClassW
GetClassInfoW
CreateWindowExW
InsertMenuItemW
GetMenuItemInfoW
SetMenuItemInfoW
DrawTextW
DrawStateW
SetWindowTextW
GetWindowTextW
GetWindowTextLengthW
MessageBoxW
GetWindowLongPtrW
SetWindowLongPtrW
TranslateMessage
PostQuitMessage
GetDoubleClickTime
IsWindow
IsMenu
DestroyWindow
ShowWindow
ShowWindowAsync
ShowOwnedPopups
SetWindowPos
GetWindowPlacement
SetWindowPlacement
BeginDeferWindowPos
DeferWindowPos
EndDeferWindowPos
IsWindowVisible
IsIconic
BringWindowToTop
IsZoomed
OpenClipboard
CloseClipboard
SetClipboardData
GetClipboardData
CountClipboardFormats
EnumClipboardFormats
EmptyClipboard
IsClipboardFormatAvailable
SetFocus
GetActiveWindow
GetFocus
GetKeyState
GetCapture
SetCapture
ReleaseCapture
MsgWaitForMultipleObjects
SetTimer
KillTimer
EnableWindow
IsWindowEnabled
GetSystemMetrics
GetMenu
SetMenu
DrawMenuBar
GetSystemMenu
CreateMenu
CreatePopupMenu
DestroyMenu
EnableMenuItem
GetSubMenu
GetMenuItemCount
RemoveMenu
DeleteMenu
UpdateWindow
SetActiveWindow
GetForegroundWindow
SetForegroundWindow
WindowFromDC
GetDC
GetDCEx
GetWindowDC
ReleaseDC
BeginPaint
EndPaint
GetUpdateRect
SetWindowRgn
InvalidateRect
InvalidateRgn
RedrawWindow
ScrollWindowEx
ShowScrollBar
EnableScrollBar
GetClientRect
GetWindowRect
AdjustWindowRectEx
MessageBeep
SetCursorPos
SetCursor
GetCursorPos
CreateCaret
DestroyCaret
HideCaret
ShowCaret
SetCaretPos
GetCaretPos
ClientToScreen
ScreenToClient
MapWindowPoints
WindowFromPoint
GetSysColor
GetSysColorBrush
SetSysColors
DrawFocusRect
FillRect
FrameRect
SetRect
InflateRect
IntersectRect
OffsetRect
GetDesktopWindow
GetParent
SetParent
EnumThreadWindows
GetTopWindow
GetWindowThreadProcessId
GetLastActivePopup
GetWindow
CallNextHookEx
DestroyCursor
DestroyIcon
CopyImage
CreateIconIndirect
GetIconInfo
SetScrollInfo
GetScrollInfo
DrawEdge
DrawFrameControl
TrackPopupMenuEx
ChildWindowFromPointEx
FlashWindowEx

advapi32

RegCreateKeyExA
RegOpenKeyExA
RegSetValueExA
RegCloseKey
RegFlushKey

gdi32

CreateFontIndirectA
EnumFontFamiliesA
GetCharABCWidthsA
GetTextExtentPointA
GetTextMetricsA
GetObjectA
ExtTextOutA
CreateFontIndirectW
EnumFontFamiliesExW
GetCharABCWidthsW
GetTextExtentPoint32W
GetTextExtentExPointW
GetObjectW
TextOutW
ExtTextOutW
GetRandomRgn
Arc
BitBlt
Chord
CombineRgn
CreateBitmap
CreateBrushIndirect
CreateCompatibleBitmap
CreateCompatibleDC
CreateDIBitmap
CreateEllipticRgn
CreatePen
CreatePenIndirect
CreatePatternBrush
CreateRectRgn
CreateRoundRectRgn
CreateSolidBrush
DeleteDC
DeleteObject
Ellipse
EqualRgn
ExcludeClipRect
ExtCreateRegion
ExtFloodFill
FillRgn
GetROP2
GetBkColor
GetBitmapBits
GetClipBox
GetClipRgn
GetCurrentObject
GetDeviceCaps
GetDIBits
GetMapMode
GetObjectType
GetPixel
GetRegionData
GetRgnBox
GetStockObject
GetTextAlign
GetTextColor
GetViewportExtEx
GetViewportOrgEx
GetWindowExtEx
GetWindowOrgEx
IntersectClipRect
LineTo
MaskBlt
OffsetRgn
PatBlt
Pie
PaintRgn
PtInRegion
RectInRegion
RectVisible
Rectangle
RestoreDC
RealizePalette
RoundRect
SaveDC
SelectClipRgn
ExtSelectClipRgn
SelectObject
SelectPalette
SetBkColor
SetBkMode
SetMapMode
SetPixel
SetPolyFillMode
StretchBlt
SetRectRgn
SetROP2
SetStretchBltMode
SetTextCharacterExtra
SetTextColor
SetTextAlign
CreateDIBSection
SetArcDirection
ExtCreatePen
MoveToEx
CreatePolygonRgn
DPtoLP
LPtoDP
Polygon
Polyline
PolyBezier
SetViewportExtEx
SetViewportOrgEx
SetWindowExtEx
SetWindowOrgEx
OffsetViewportOrgEx
SetBrushOrgEx
GetDCOrgEx

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

shell32

DragQueryFileA
ShellExecuteA
DragQueryFileW
DragFinish
DragAcceptFiles
SHGetSpecialFolderLocation
SHGetPathFromIDListA

ole32

OleInitialize
OleUninitialize
CoUninitialize
CoCreateInstance
CLSIDFromProgID
CoInitialize
MkParseDisplayName
CreateBindCtx
GetErrorInfo

comctl32

InitCommonControls
ImageList_Create
ImageList_Destroy
ImageList_GetImageCount
ImageList_SetImageCount
ImageList_Add
ImageList_Replace
ImageList_AddMasked
ImageList_DrawEx
ImageList_DrawIndirect
ImageList_Remove
ImageList_Copy
ImageList_BeginDrag
ImageList_EndDrag
ImageList_DragEnter
ImageList_DragLeave
ImageList_DragMove
ImageList_DragShowNolock
_TrackMouseEvent

ws2_32

closesocket
connect
getsockopt
recv
send
setsockopt
shutdown
socket
WSAStartup
WSACleanup
WSAGetLastError

wsock32

gethostbyaddr
gethostbyname
WSAStartup

Sections

.text
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 123KB - Virtual size: 123KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 715KB - Virtual size: 714KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 123KB - Virtual size: 123KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 27KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 40B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 119KB - Virtual size: 118KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Malware-Feed-master/2020.12.16_TeamCymru-APTC_23_AridViper_GnatSpy/445ea69e361e8efd7e00cfc6c6204cb7cece7415b4eb6539c4ebf5e6b020f702
.exe windows:5 windows x86 arch:x86

3ae61a4be5640107e2c5cfaf2dd79851

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

winmm

mciSendStringW

winspool.drv

DocumentPropertiesW
ClosePrinter
OpenPrinterW
GetDefaultPrinterW
EnumPrintersW

comctl32

ImageList_GetImageInfo
FlatSB_SetScrollInfo
InitCommonControls
ImageList_DragMove
ImageList_Destroy
_TrackMouseEvent
ImageList_DragShowNolock
ImageList_Add
FlatSB_SetScrollProp
ImageList_GetDragImage
ImageList_Create
ImageList_EndDrag
ImageList_DrawEx
ImageList_SetImageCount
FlatSB_GetScrollPos
FlatSB_SetScrollPos
InitializeFlatSB
ImageList_Copy
FlatSB_GetScrollInfo
ImageList_Write
ImageList_SetBkColor
ImageList_GetBkColor
ImageList_BeginDrag
ImageList_GetIcon
ImageList_Replace
ImageList_GetImageCount
ImageList_DragEnter
ImageList_GetIconSize
ImageList_SetIconSize
ImageList_Read
ImageList_DragLeave
ImageList_LoadImageW
ImageList_Draw
ImageList_Remove
ImageList_ReplaceIcon
ImageList_SetOverlayImage

shell32

SHGetFolderPathW
Shell_NotifyIconW
ShellExecuteW

user32

CopyImage
CreateWindowExW
GetMenuItemInfoW
SetMenuItemInfoW
DefFrameProcW
GetDCEx
PeekMessageW
MonitorFromWindow
GetDlgCtrlID
RegisterDeviceNotificationW
GetUpdateRect
SetTimer
WindowFromPoint
BeginPaint
RegisterClipboardFormatW
FrameRect
MapVirtualKeyW
IsWindowUnicode
RegisterWindowMessageW
FillRect
GetMenuStringW
DispatchMessageW
CreateAcceleratorTableW
SendMessageA
IsClipboardFormatAvailable
DefMDIChildProcW
EnumWindows
GetClassInfoW
ShowOwnedPopups
GetSystemMenu
GetScrollRange
GetScrollPos
SetScrollPos
GetActiveWindow
SetActiveWindow
DrawEdge
GetKeyboardLayoutList
LoadBitmapW
DrawFocusRect
EnumChildWindows
GetScrollBarInfo
ReleaseCapture
UnhookWindowsHookEx
LoadCursorW
GetCapture
SetCapture
CreatePopupMenu
ScrollWindow
ShowCaret
GetMenuItemID
GetLastActivePopup
CharLowerBuffW
GetSystemMetrics
SetWindowLongW
PostMessageW
DrawMenuBar
SetParent
IsZoomed
CharUpperBuffW
GetClientRect
IsChild
ClientToScreen
GetClipboardData
SetClipboardData
SetWindowPlacement
IsIconic
CallNextHookEx
GetMonitorInfoW
ShowWindow
CheckMenuItem
CharUpperW
DefWindowProcW
GetAsyncKeyState
GetForegroundWindow
SetForegroundWindow
GetWindowTextW
GetWindowTextLengthW
EnableWindow
DestroyWindow
IsDialogMessageW
EndMenu
RegisterClassW
CharNextW
GetWindowThreadProcessId
RedrawWindow
GetDC
GetFocus
SetFocus
EndPaint
ReleaseDC
MsgWaitForMultipleObjectsEx
LoadKeyboardLayoutW
GetClassLongW
ActivateKeyboardLayout
GetParent
DrawTextW
SetScrollRange
MonitorFromRect
InsertMenuItemW
PeekMessageA
GetPropW
SetClassLongW
MessageBoxW
MessageBeep
SetPropW
RemovePropW
UpdateWindow
GetSubMenu
MsgWaitForMultipleObjects
DestroyMenu
DestroyIcon
SetWindowsHookExW
EmptyClipboard
IsWindowVisible
DispatchMessageA
UnregisterClassW
GetTopWindow
SendMessageW
AdjustWindowRectEx
DrawIcon
IsWindow
EnumThreadWindows
InvalidateRect
GetKeyboardState
DrawFrameControl
ScreenToClient
SetCursor
CreateIcon
CreateMenu
LoadStringW
CharLowerW
SetWindowRgn
SetWindowPos
GetMenuItemCount
RemoveMenu
GetSysColorBrush
GetKeyboardLayoutNameW
GetWindowDC
TranslateMessage
OpenClipboard
DrawTextExW
MapWindowPoints
EnumDisplayMonitors
CallWindowProcW
CountClipboardFormats
CloseClipboard
DestroyCursor
EnumClipboardFormats
GetScrollInfo
SetWindowTextW
GetMessageExtraInfo
EnableScrollBar
GetSysColor
TrackPopupMenu
CopyIcon
DrawIconEx
PostQuitMessage
GetClassNameW
ShowScrollBar
EnableMenuItem
GetIconInfo
GetMessagePos
SetScrollInfo
GetKeyNameTextW
GetDesktopWindow
GetCursorPos
SetCursorPos
HideCaret
GetMenu
GetMenuState
SetMenu
SetRect
GetKeyState
FindWindowExW
MonitorFromPoint
SystemParametersInfoW
LoadIconW
GetCursor
GetWindow
GetWindowLongW
GetWindowRect
InsertMenuW
KillTimer
WaitMessage
IsWindowEnabled
IsDialogMessageA
TranslateMDISysAccel
GetWindowPlacement
FindWindowW
DeleteMenu
GetKeyboardLayout

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

oleaut32

SysFreeString
VariantClear
VariantInit
GetErrorInfo
SysReAllocStringLen
SafeArrayCreate
SysAllocStringLen
SafeArrayPtrOfIndex
SafeArrayGetUBound
SafeArrayGetLBound
VariantCopy
VariantChangeType

advapi32

RegSetValueExW
RegConnectRegistryW
RegEnumKeyExW
RegLoadKeyW
RegDeleteKeyW
RegOpenKeyExW
RegQueryInfoKeyW
RegUnLoadKeyW
RegSaveKeyW
RegDeleteValueW
RegReplaceKeyW
RegFlushKey
RegQueryValueExW
RegEnumValueW
RegCloseKey
RegCreateKeyExW
RegRestoreKeyW

netapi32

NetWkstaGetInfo
NetApiBufferFree

msvcrt

memcpy
memset

winhttp

WinHttpGetIEProxyConfigForCurrentUser
WinHttpSetTimeouts
WinHttpSetStatusCallback
WinHttpConnect
WinHttpReceiveResponse
WinHttpQueryAuthSchemes
WinHttpGetProxyForUrl
WinHttpReadData
WinHttpCloseHandle
WinHttpQueryHeaders
WinHttpOpenRequest
WinHttpAddRequestHeaders
WinHttpOpen
WinHttpWriteData
WinHttpSetCredentials
WinHttpQueryDataAvailable
WinHttpSetOption
WinHttpSendRequest
WinHttpQueryOption

kernel32

SetFileAttributesW
GetFileType
GetACP
CloseHandle
LocalFree
GetCurrentProcessId
SizeofResource
VirtualProtect
TerminateThread
QueryPerformanceFrequency
IsDebuggerPresent
FindNextFileW
GetFullPathNameW
VirtualFree
ExitProcess
HeapAlloc
GetCPInfoExW
GlobalSize
RtlUnwind
GetCPInfo
EnumSystemLocalesW
GetStdHandle
GetTimeZoneInformation
FileTimeToLocalFileTime
SystemTimeToTzSpecificLocalTime
GetModuleHandleW
FreeLibrary
TryEnterCriticalSection
HeapDestroy
FileTimeToDosDateTime
ReadFile
CreateProcessW
HeapSize
GetLastError
GetModuleFileNameW
SetLastError
GlobalAlloc
GlobalUnlock
FindResourceW
CreateThread
CompareStringW
CreateMutexW
LoadLibraryA
ResetEvent
MulDiv
FreeResource
GetVersion
RaiseException
GlobalAddAtomW
FormatMessageW
SwitchToThread
GetExitCodeThread
OutputDebugStringW
GetCurrentThread
GetFileAttributesExW
LoadLibraryExW
LockResource
FileTimeToSystemTime
GetCurrentThreadId
UnhandledExceptionFilter
VirtualQuery
GlobalFindAtomW
VirtualQueryEx
GlobalFree
Sleep
EnterCriticalSection
SetFilePointer
LoadResource
SuspendThread
GetTickCount
GetFileSize
GetStartupInfoW
GlobalDeleteAtom
GetFileAttributesW
InitializeCriticalSection
GetThreadPriority
GetCurrentProcess
SetThreadPriority
GlobalLock
VirtualAlloc
GetTempPathW
GetCommandLineW
GetSystemInfo
LeaveCriticalSection
GetProcAddress
ResumeThread
GetVersionExW
VerifyVersionInfoW
HeapCreate
LCMapStringW
GetDiskFreeSpaceW
VerSetConditionMask
FindFirstFileW
GetUserDefaultUILanguage
GetConsoleOutputCP
GetConsoleCP
lstrlenW
SetEndOfFile
QueryPerformanceCounter
lstrcmpW
HeapFree
WideCharToMultiByte
FindClose
MultiByteToWideChar
LoadLibraryW
SetEvent
GetLocaleInfoW
CreateFileW
EnumResourceNamesW
DeleteFileW
IsDBCSLeadByteEx
GetEnvironmentVariableW
GetLocalTime
WaitForSingleObject
WriteFile
ExitThread
CreatePipe
DeleteCriticalSection
GetDateFormatW
TlsGetValue
SetErrorMode
GetComputerNameW
IsValidLocale
TlsSetValue
CreateDirectoryW
GetSystemDefaultUILanguage
EnumCalendarInfoW
LocalAlloc
RemoveDirectoryW
CreateEventW
WaitForMultipleObjectsEx
GetThreadLocale
SetThreadLocale

ole32

IsEqualGUID
OleInitialize
CLSIDFromProgID
OleUninitialize
CoInitialize
CoCreateInstance
CoUninitialize
CoTaskMemFree
CoTaskMemAlloc
StringFromCLSID

gdi32

Pie
SetBkMode
CreateCompatibleBitmap
GetEnhMetaFileHeader
RectVisible
AngleArc
SetAbortProc
SetTextColor
StretchBlt
RoundRect
RestoreDC
SetRectRgn
GetTextMetricsW
GetWindowOrgEx
CreatePalette
PolyBezierTo
CreateICW
CreateDCW
GetStockObject
CreateSolidBrush
Polygon
MoveToEx
PlayEnhMetaFile
Ellipse
StartPage
GetBitmapBits
StartDocW
AbortDoc
GetSystemPaletteEntries
GetEnhMetaFileBits
GetEnhMetaFilePaletteEntries
CreatePenIndirect
SetMapMode
CreateFontIndirectW
PolyBezier
EndDoc
GetObjectW
GetWinMetaFileBits
SetROP2
GetEnhMetaFileDescriptionW
ArcTo
Arc
SelectPalette
ExcludeClipRect
MaskBlt
SetWindowOrgEx
EndPage
DeleteEnhMetaFile
Chord
SetDIBits
SetViewportOrgEx
CreateRectRgn
RealizePalette
SetDIBColorTable
GetDIBColorTable
CreateBrushIndirect
PatBlt
SetEnhMetaFileBits
Rectangle
SaveDC
DeleteDC
FrameRgn
BitBlt
GetDeviceCaps
GetTextExtentPoint32W
GetClipBox
IntersectClipRect
Polyline
CreateBitmap
SetWinMetaFileBits
GetStretchBltMode
CreateDIBitmap
SetStretchBltMode
GetDIBits
CreateDIBSection
LineTo
GetRgnBox
EnumFontsW
CreateHalftonePalette
SelectObject
DeleteObject
ExtFloodFill
UnrealizeObject
CopyEnhMetaFileW
SetBkColor
CreateCompatibleDC
GetBrushOrgEx
GetCurrentPositionEx
GetTextExtentPointW
ExtTextOutW
SetBrushOrgEx
GetPixel
GdiFlush
SetPixel
EnumFontFamiliesExW
StretchDIBits
GetPaletteEntries

Exports

Exports

TMethodImplementationIntercept
__dbk_fcall_wrapper
dbkFCallWrapperAddr

Sections

.text
Size: 3.5MB - Virtual size: 3.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 49KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 25KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.didata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 153B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: - Virtual size: 80B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 93B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 313KB - Virtual size: 312KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 2.6MB - Virtual size: 2.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.12.16_TeamCymru-APTC_23_AridViper_GnatSpy/479742e205e1fcd9dadc600ee72f9c1e03ba6399d0a6535e558026d0fbbba07a
.exe windows:5 windows x86 arch:x86

3ae61a4be5640107e2c5cfaf2dd79851

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

winmm

mciSendStringW

winspool.drv

DocumentPropertiesW
ClosePrinter
OpenPrinterW
GetDefaultPrinterW
EnumPrintersW

comctl32

ImageList_GetImageInfo
FlatSB_SetScrollInfo
InitCommonControls
ImageList_DragMove
ImageList_Destroy
_TrackMouseEvent
ImageList_DragShowNolock
ImageList_Add
FlatSB_SetScrollProp
ImageList_GetDragImage
ImageList_Create
ImageList_EndDrag
ImageList_DrawEx
ImageList_SetImageCount
FlatSB_GetScrollPos
FlatSB_SetScrollPos
InitializeFlatSB
ImageList_Copy
FlatSB_GetScrollInfo
ImageList_Write
ImageList_SetBkColor
ImageList_GetBkColor
ImageList_BeginDrag
ImageList_GetIcon
ImageList_Replace
ImageList_GetImageCount
ImageList_DragEnter
ImageList_GetIconSize
ImageList_SetIconSize
ImageList_Read
ImageList_DragLeave
ImageList_LoadImageW
ImageList_Draw
ImageList_Remove
ImageList_ReplaceIcon
ImageList_SetOverlayImage

shell32

SHGetFolderPathW
Shell_NotifyIconW
ShellExecuteW

user32

CopyImage
CreateWindowExW
GetMenuItemInfoW
SetMenuItemInfoW
DefFrameProcW
GetDCEx
PeekMessageW
MonitorFromWindow
GetDlgCtrlID
RegisterDeviceNotificationW
GetUpdateRect
SetTimer
WindowFromPoint
BeginPaint
RegisterClipboardFormatW
FrameRect
MapVirtualKeyW
IsWindowUnicode
RegisterWindowMessageW
FillRect
GetMenuStringW
DispatchMessageW
CreateAcceleratorTableW
SendMessageA
IsClipboardFormatAvailable
DefMDIChildProcW
EnumWindows
GetClassInfoW
ShowOwnedPopups
GetSystemMenu
GetScrollRange
GetScrollPos
SetScrollPos
GetActiveWindow
SetActiveWindow
DrawEdge
GetKeyboardLayoutList
LoadBitmapW
DrawFocusRect
EnumChildWindows
GetScrollBarInfo
ReleaseCapture
UnhookWindowsHookEx
LoadCursorW
GetCapture
SetCapture
CreatePopupMenu
ScrollWindow
ShowCaret
GetMenuItemID
GetLastActivePopup
CharLowerBuffW
GetSystemMetrics
SetWindowLongW
PostMessageW
DrawMenuBar
SetParent
IsZoomed
CharUpperBuffW
GetClientRect
IsChild
ClientToScreen
GetClipboardData
SetClipboardData
SetWindowPlacement
IsIconic
CallNextHookEx
GetMonitorInfoW
ShowWindow
CheckMenuItem
CharUpperW
DefWindowProcW
GetAsyncKeyState
GetForegroundWindow
SetForegroundWindow
GetWindowTextW
GetWindowTextLengthW
EnableWindow
DestroyWindow
IsDialogMessageW
EndMenu
RegisterClassW
CharNextW
GetWindowThreadProcessId
RedrawWindow
GetDC
GetFocus
SetFocus
EndPaint
ReleaseDC
MsgWaitForMultipleObjectsEx
LoadKeyboardLayoutW
GetClassLongW
ActivateKeyboardLayout
GetParent
DrawTextW
SetScrollRange
MonitorFromRect
InsertMenuItemW
PeekMessageA
GetPropW
SetClassLongW
MessageBoxW
MessageBeep
SetPropW
RemovePropW
UpdateWindow
GetSubMenu
MsgWaitForMultipleObjects
DestroyMenu
DestroyIcon
SetWindowsHookExW
EmptyClipboard
IsWindowVisible
DispatchMessageA
UnregisterClassW
GetTopWindow
SendMessageW
AdjustWindowRectEx
DrawIcon
IsWindow
EnumThreadWindows
InvalidateRect
GetKeyboardState
DrawFrameControl
ScreenToClient
SetCursor
CreateIcon
CreateMenu
LoadStringW
CharLowerW
SetWindowRgn
SetWindowPos
GetMenuItemCount
RemoveMenu
GetSysColorBrush
GetKeyboardLayoutNameW
GetWindowDC
TranslateMessage
OpenClipboard
DrawTextExW
MapWindowPoints
EnumDisplayMonitors
CallWindowProcW
CountClipboardFormats
CloseClipboard
DestroyCursor
EnumClipboardFormats
GetScrollInfo
SetWindowTextW
GetMessageExtraInfo
EnableScrollBar
GetSysColor
TrackPopupMenu
CopyIcon
DrawIconEx
PostQuitMessage
GetClassNameW
ShowScrollBar
EnableMenuItem
GetIconInfo
GetMessagePos
SetScrollInfo
GetKeyNameTextW
GetDesktopWindow
GetCursorPos
SetCursorPos
HideCaret
GetMenu
GetMenuState
SetMenu
SetRect
GetKeyState
FindWindowExW
MonitorFromPoint
SystemParametersInfoW
LoadIconW
GetCursor
GetWindow
GetWindowLongW
GetWindowRect
InsertMenuW
KillTimer
WaitMessage
IsWindowEnabled
IsDialogMessageA
TranslateMDISysAccel
GetWindowPlacement
FindWindowW
DeleteMenu
GetKeyboardLayout

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

oleaut32

SysFreeString
VariantClear
VariantInit
GetErrorInfo
SysReAllocStringLen
SafeArrayCreate
SysAllocStringLen
SafeArrayPtrOfIndex
SafeArrayGetUBound
SafeArrayGetLBound
VariantCopy
VariantChangeType

advapi32

RegSetValueExW
RegConnectRegistryW
RegEnumKeyExW
RegLoadKeyW
RegDeleteKeyW
RegOpenKeyExW
RegQueryInfoKeyW
RegUnLoadKeyW
RegSaveKeyW
RegDeleteValueW
RegReplaceKeyW
RegFlushKey
RegQueryValueExW
RegEnumValueW
RegCloseKey
RegCreateKeyExW
RegRestoreKeyW

netapi32

NetWkstaGetInfo
NetApiBufferFree

msvcrt

memcpy
memset

winhttp

WinHttpGetIEProxyConfigForCurrentUser
WinHttpSetTimeouts
WinHttpSetStatusCallback
WinHttpConnect
WinHttpReceiveResponse
WinHttpQueryAuthSchemes
WinHttpGetProxyForUrl
WinHttpReadData
WinHttpCloseHandle
WinHttpQueryHeaders
WinHttpOpenRequest
WinHttpAddRequestHeaders
WinHttpOpen
WinHttpWriteData
WinHttpSetCredentials
WinHttpQueryDataAvailable
WinHttpSetOption
WinHttpSendRequest
WinHttpQueryOption

kernel32

SetFileAttributesW
GetFileType
GetACP
CloseHandle
LocalFree
GetCurrentProcessId
SizeofResource
VirtualProtect
TerminateThread
QueryPerformanceFrequency
IsDebuggerPresent
FindNextFileW
GetFullPathNameW
VirtualFree
ExitProcess
HeapAlloc
GetCPInfoExW
GlobalSize
RtlUnwind
GetCPInfo
EnumSystemLocalesW
GetStdHandle
GetTimeZoneInformation
FileTimeToLocalFileTime
SystemTimeToTzSpecificLocalTime
GetModuleHandleW
FreeLibrary
TryEnterCriticalSection
HeapDestroy
FileTimeToDosDateTime
ReadFile
CreateProcessW
HeapSize
GetLastError
GetModuleFileNameW
SetLastError
GlobalAlloc
GlobalUnlock
FindResourceW
CreateThread
CompareStringW
CreateMutexW
LoadLibraryA
ResetEvent
MulDiv
FreeResource
GetVersion
RaiseException
GlobalAddAtomW
FormatMessageW
SwitchToThread
GetExitCodeThread
OutputDebugStringW
GetCurrentThread
GetFileAttributesExW
LoadLibraryExW
LockResource
FileTimeToSystemTime
GetCurrentThreadId
UnhandledExceptionFilter
VirtualQuery
GlobalFindAtomW
VirtualQueryEx
GlobalFree
Sleep
EnterCriticalSection
SetFilePointer
LoadResource
SuspendThread
GetTickCount
GetFileSize
GetStartupInfoW
GlobalDeleteAtom
GetFileAttributesW
InitializeCriticalSection
GetThreadPriority
GetCurrentProcess
SetThreadPriority
GlobalLock
VirtualAlloc
GetTempPathW
GetCommandLineW
GetSystemInfo
LeaveCriticalSection
GetProcAddress
ResumeThread
GetVersionExW
VerifyVersionInfoW
HeapCreate
LCMapStringW
GetDiskFreeSpaceW
VerSetConditionMask
FindFirstFileW
GetUserDefaultUILanguage
GetConsoleOutputCP
GetConsoleCP
lstrlenW
SetEndOfFile
QueryPerformanceCounter
lstrcmpW
HeapFree
WideCharToMultiByte
FindClose
MultiByteToWideChar
LoadLibraryW
SetEvent
GetLocaleInfoW
CreateFileW
EnumResourceNamesW
DeleteFileW
IsDBCSLeadByteEx
GetEnvironmentVariableW
GetLocalTime
WaitForSingleObject
WriteFile
ExitThread
CreatePipe
DeleteCriticalSection
GetDateFormatW
TlsGetValue
SetErrorMode
GetComputerNameW
IsValidLocale
TlsSetValue
CreateDirectoryW
GetSystemDefaultUILanguage
EnumCalendarInfoW
LocalAlloc
RemoveDirectoryW
CreateEventW
WaitForMultipleObjectsEx
GetThreadLocale
SetThreadLocale

ole32

IsEqualGUID
OleInitialize
CLSIDFromProgID
OleUninitialize
CoInitialize
CoCreateInstance
CoUninitialize
CoTaskMemFree
CoTaskMemAlloc
StringFromCLSID

gdi32

Pie
SetBkMode
CreateCompatibleBitmap
GetEnhMetaFileHeader
RectVisible
AngleArc
SetAbortProc
SetTextColor
StretchBlt
RoundRect
RestoreDC
SetRectRgn
GetTextMetricsW
GetWindowOrgEx
CreatePalette
PolyBezierTo
CreateICW
CreateDCW
GetStockObject
CreateSolidBrush
Polygon
MoveToEx
PlayEnhMetaFile
Ellipse
StartPage
GetBitmapBits
StartDocW
AbortDoc
GetSystemPaletteEntries
GetEnhMetaFileBits
GetEnhMetaFilePaletteEntries
CreatePenIndirect
SetMapMode
CreateFontIndirectW
PolyBezier
EndDoc
GetObjectW
GetWinMetaFileBits
SetROP2
GetEnhMetaFileDescriptionW
ArcTo
Arc
SelectPalette
ExcludeClipRect
MaskBlt
SetWindowOrgEx
EndPage
DeleteEnhMetaFile
Chord
SetDIBits
SetViewportOrgEx
CreateRectRgn
RealizePalette
SetDIBColorTable
GetDIBColorTable
CreateBrushIndirect
PatBlt
SetEnhMetaFileBits
Rectangle
SaveDC
DeleteDC
FrameRgn
BitBlt
GetDeviceCaps
GetTextExtentPoint32W
GetClipBox
IntersectClipRect
Polyline
CreateBitmap
SetWinMetaFileBits
GetStretchBltMode
CreateDIBitmap
SetStretchBltMode
GetDIBits
CreateDIBSection
LineTo
GetRgnBox
EnumFontsW
CreateHalftonePalette
SelectObject
DeleteObject
ExtFloodFill
UnrealizeObject
CopyEnhMetaFileW
SetBkColor
CreateCompatibleDC
GetBrushOrgEx
GetCurrentPositionEx
GetTextExtentPointW
ExtTextOutW
SetBrushOrgEx
GetPixel
GdiFlush
SetPixel
EnumFontFamiliesExW
StretchDIBits
GetPaletteEntries

Exports

Exports

TMethodImplementationIntercept
__dbk_fcall_wrapper
dbkFCallWrapperAddr

Sections

.text
Size: 3.5MB - Virtual size: 3.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 49KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 25KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.didata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 153B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: - Virtual size: 80B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 93B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 313KB - Virtual size: 312KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 2.6MB - Virtual size: 2.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.12.16_TeamCymru-APTC_23_AridViper_GnatSpy/4be7b1c2d862348ee00bcd36d7a6543f1ebb7d81f9c48f5dd05e19d6ccdfaeb5
.exe windows:4 windows x86 arch:x86

51e53e55ec7d8af56797a171159d5535

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

GetLastError
SetLastError
GetTickCount
ExitProcess
GetStartupInfoA
GetStdHandle
GetCommandLineA
GetCurrentProcessId
GetCurrentThreadId
GetCurrentProcess
ReadProcessMemory
GetModuleFileNameA
GetModuleHandleA
WriteFile
ReadFile
CloseHandle
SetFilePointer
SetEndOfFile
FreeLibrary
GetSystemInfo
LoadLibraryA
GetProcAddress
DeleteFileW
CreateFileW
GetFileAttributesW
CreateDirectoryW
SetCurrentDirectoryW
GetCurrentDirectoryW
GetConsoleMode
GetConsoleOutputCP
GetOEMCP
GetProcessHeap
HeapAlloc
HeapFree
TlsAlloc
TlsGetValue
TlsSetValue
CreateThread
ExitThread
LocalAlloc
LocalFree
Sleep
SuspendThread
ResumeThread
TerminateThread
WaitForSingleObject
SetThreadPriority
GetThreadPriority
CreateEventA
ResetEvent
SetEvent
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
TryEnterCriticalSection
MultiByteToWideChar
WideCharToMultiByte
GetACP
GetConsoleCP
SetUnhandledExceptionFilter
EnumResourceTypesA
EnumResourceNamesA
EnumResourceLanguagesA
FindResourceA
FindResourceExA
LoadResource
SizeofResource
LockResource
FreeResource
GetEnvironmentStringsA
FreeEnvironmentStringsA
FormatMessageA
CreateMutexA
GlobalAddAtomA
GetWindowsDirectoryA
DeleteFileA
CopyFileA
CreateProcessA
GetVersionExA
CompareStringA
GetLocaleInfoA
GetDateFormatA
EnumCalendarInfoA
GetEnvironmentStringsW
FreeEnvironmentStringsW
FormatMessageW
LoadLibraryW
GetModuleFileNameW
GetCommandLineW
CompareStringW
GetLocaleInfoW
GlobalAlloc
GlobalReAlloc
GlobalSize
GlobalLock
GlobalUnlock
VirtualFree
GetExitCodeProcess
GetExitCodeThread
GlobalDeleteAtom
MulDiv
GetLocalTime
CreatePipe
PeekNamedPipe
GetThreadLocale
SetThreadLocale
GetUserDefaultLCID

oleaut32

SysAllocStringLen
SysFreeString
SysReAllocStringLen
SafeArrayCreate
SafeArrayRedim
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayAccessData
SafeArrayUnaccessData
SafeArrayGetElement
SafeArrayPutElement
SafeArrayPtrOfIndex
VariantChangeTypeEx
VariantClear
VariantCopy
VariantInit

user32

MessageBoxA
CharUpperBuffW
CharLowerBuffW
PeekMessageA
SendMessageA
PostMessageA
DefWindowProcA
CallWindowProcA
RegisterClassA
UnregisterClassA
GetClassInfoA
CreateWindowExA
RegisterClipboardFormatA
GetClipboardFormatNameA
CharToOemA
CharUpperA
CharUpperBuffA
CharLowerA
CharLowerBuffA
GetMenuItemInfoA
SetPropA
GetPropA
RemovePropA
EnumPropsA
GetWindowLongA
SetWindowLongA
SetClassLongA
GetClassNameA
LoadBitmapA
LoadCursorA
LoadIconA
LoadImageA
SystemParametersInfoA
DispatchMessageW
PeekMessageW
SendMessageW
DefWindowProcW
CallWindowProcW
RegisterClassW
UnregisterClassW
GetClassInfoW
CreateWindowExW
InsertMenuItemW
GetMenuItemInfoW
SetMenuItemInfoW
DrawTextW
DrawStateW
SetWindowTextW
GetWindowTextW
GetWindowTextLengthW
MessageBoxW
GetWindowLongW
SetWindowLongW
TranslateMessage
PostQuitMessage
GetDoubleClickTime
IsWindow
IsMenu
DestroyWindow
ShowWindow
ShowWindowAsync
ShowOwnedPopups
SetWindowPos
GetWindowPlacement
SetWindowPlacement
BeginDeferWindowPos
DeferWindowPos
EndDeferWindowPos
IsWindowVisible
IsIconic
BringWindowToTop
IsZoomed
OpenClipboard
CloseClipboard
SetClipboardData
GetClipboardData
CountClipboardFormats
EnumClipboardFormats
EmptyClipboard
IsClipboardFormatAvailable
SetFocus
GetActiveWindow
GetFocus
GetKeyState
GetCapture
SetCapture
ReleaseCapture
MsgWaitForMultipleObjects
SetTimer
KillTimer
EnableWindow
IsWindowEnabled
GetSystemMetrics
GetMenu
SetMenu
DrawMenuBar
GetSystemMenu
CreateMenu
CreatePopupMenu
DestroyMenu
EnableMenuItem
GetSubMenu
GetMenuItemCount
RemoveMenu
DeleteMenu
UpdateWindow
SetActiveWindow
GetForegroundWindow
SetForegroundWindow
WindowFromDC
GetDC
GetDCEx
GetWindowDC
ReleaseDC
BeginPaint
EndPaint
GetUpdateRect
SetWindowRgn
InvalidateRect
InvalidateRgn
RedrawWindow
ScrollWindowEx
ShowScrollBar
EnableScrollBar
GetClientRect
GetWindowRect
AdjustWindowRectEx
MessageBeep
SetCursorPos
SetCursor
GetCursorPos
CreateCaret
DestroyCaret
HideCaret
ShowCaret
SetCaretPos
GetCaretPos
ClientToScreen
ScreenToClient
MapWindowPoints
WindowFromPoint
GetSysColor
GetSysColorBrush
SetSysColors
DrawFocusRect
FillRect
FrameRect
SetRect
InflateRect
IntersectRect
OffsetRect
GetDesktopWindow
GetParent
SetParent
EnumThreadWindows
GetTopWindow
GetWindowThreadProcessId
GetLastActivePopup
GetWindow
CallNextHookEx
DestroyCursor
DestroyIcon
CopyImage
CreateIconIndirect
GetIconInfo
SetScrollInfo
GetScrollInfo
DrawEdge
DrawFrameControl
TrackPopupMenuEx
ChildWindowFromPointEx
FlashWindowEx

advapi32

RegCreateKeyExA
RegOpenKeyExA
RegSetValueExA
RegCloseKey
RegFlushKey

gdi32

CreateFontIndirectA
EnumFontFamiliesA
GetCharABCWidthsA
GetTextExtentPointA
GetTextMetricsA
GetObjectA
ExtTextOutA
CreateFontIndirectW
EnumFontFamiliesExW
GetCharABCWidthsW
GetTextExtentPoint32W
GetTextExtentExPointW
GetObjectW
TextOutW
ExtTextOutW
GetRandomRgn
Arc
BitBlt
Chord
CombineRgn
CreateBitmap
CreateBrushIndirect
CreateCompatibleBitmap
CreateCompatibleDC
CreateDIBitmap
CreateEllipticRgn
CreatePen
CreatePenIndirect
CreatePatternBrush
CreateRectRgn
CreateRoundRectRgn
CreateSolidBrush
DeleteDC
DeleteObject
Ellipse
EqualRgn
ExcludeClipRect
ExtCreateRegion
ExtFloodFill
FillRgn
GetROP2
GetBkColor
GetBitmapBits
GetClipBox
GetClipRgn
GetCurrentObject
GetDeviceCaps
GetDIBits
GetMapMode
GetObjectType
GetPixel
GetRegionData
GetRgnBox
GetStockObject
GetTextAlign
GetTextColor
GetViewportExtEx
GetViewportOrgEx
GetWindowExtEx
GetWindowOrgEx
IntersectClipRect
LineTo
MaskBlt
OffsetRgn
PatBlt
Pie
PaintRgn
PtInRegion
RectInRegion
RectVisible
Rectangle
RestoreDC
RealizePalette
RoundRect
SaveDC
SelectClipRgn
ExtSelectClipRgn
SelectObject
SelectPalette
SetBkColor
SetBkMode
SetMapMode
SetPixel
SetPolyFillMode
StretchBlt
SetRectRgn
SetROP2
SetStretchBltMode
SetTextCharacterExtra
SetTextColor
SetTextAlign
CreateDIBSection
SetArcDirection
ExtCreatePen
MoveToEx
CreatePolygonRgn
DPtoLP
LPtoDP
Polygon
Polyline
PolyBezier
SetViewportExtEx
SetViewportOrgEx
SetWindowExtEx
SetWindowOrgEx
OffsetViewportOrgEx
SetBrushOrgEx
GetDCOrgEx

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

shell32

DragQueryFileA
ShellExecuteA
DragQueryFileW
DragFinish
DragAcceptFiles
SHGetSpecialFolderLocation
SHGetPathFromIDListA

ole32

OleInitialize
OleUninitialize
CoUninitialize
CoCreateInstance
CoInitialize
MkParseDisplayName
CreateBindCtx
GetErrorInfo

comctl32

InitCommonControls
ImageList_Create
ImageList_Destroy
ImageList_GetImageCount
ImageList_SetImageCount
ImageList_Add
ImageList_Replace
ImageList_AddMasked
ImageList_DrawEx
ImageList_DrawIndirect
ImageList_Remove
ImageList_Copy
ImageList_BeginDrag
ImageList_EndDrag
ImageList_DragEnter
ImageList_DragLeave
ImageList_DragMove
ImageList_DragShowNolock
_TrackMouseEvent

ws2_32

closesocket
connect
getsockopt
recv
send
setsockopt
shutdown
socket
WSAStartup
WSACleanup
WSAGetLastError

wsock32

gethostbyaddr
gethostbyname
WSAStartup

Sections

.text
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 112KB - Virtual size: 111KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 351KB - Virtual size: 351KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 25KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 283KB - Virtual size: 282KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Malware-Feed-master/2020.12.16_TeamCymru-APTC_23_AridViper_GnatSpy/4e77963ba7f70d6777a77c158fab61024f384877d78282d31ba7bbac06724b68
.exe windows:4 windows x86 arch:x86

51e53e55ec7d8af56797a171159d5535

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

GetLastError
SetLastError
GetTickCount
ExitProcess
GetStartupInfoA
GetStdHandle
GetCommandLineA
GetCurrentProcessId
GetCurrentThreadId
GetCurrentProcess
ReadProcessMemory
GetModuleFileNameA
GetModuleHandleA
WriteFile
ReadFile
CloseHandle
SetFilePointer
SetEndOfFile
FreeLibrary
GetSystemInfo
LoadLibraryA
GetProcAddress
DeleteFileW
CreateFileW
GetFileAttributesW
CreateDirectoryW
SetCurrentDirectoryW
GetCurrentDirectoryW
GetConsoleMode
GetConsoleOutputCP
GetOEMCP
GetProcessHeap
HeapAlloc
HeapFree
TlsAlloc
TlsGetValue
TlsSetValue
CreateThread
ExitThread
LocalAlloc
LocalFree
Sleep
SuspendThread
ResumeThread
TerminateThread
WaitForSingleObject
SetThreadPriority
GetThreadPriority
CreateEventA
ResetEvent
SetEvent
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
TryEnterCriticalSection
MultiByteToWideChar
WideCharToMultiByte
GetACP
GetConsoleCP
SetUnhandledExceptionFilter
EnumResourceTypesA
EnumResourceNamesA
EnumResourceLanguagesA
FindResourceA
FindResourceExA
LoadResource
SizeofResource
LockResource
FreeResource
GetEnvironmentStringsA
FreeEnvironmentStringsA
FormatMessageA
CreateMutexA
GlobalAddAtomA
GetWindowsDirectoryA
DeleteFileA
CopyFileA
CreateProcessA
GetVersionExA
CompareStringA
GetLocaleInfoA
GetDateFormatA
EnumCalendarInfoA
GetEnvironmentStringsW
FreeEnvironmentStringsW
FormatMessageW
LoadLibraryW
GetModuleFileNameW
GetCommandLineW
CompareStringW
GetLocaleInfoW
GlobalAlloc
GlobalReAlloc
GlobalSize
GlobalLock
GlobalUnlock
VirtualFree
GetExitCodeProcess
GetExitCodeThread
GlobalDeleteAtom
MulDiv
GetLocalTime
CreatePipe
PeekNamedPipe
GetThreadLocale
SetThreadLocale
GetUserDefaultLCID

oleaut32

SysAllocStringLen
SysFreeString
SysReAllocStringLen
SafeArrayCreate
SafeArrayRedim
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayAccessData
SafeArrayUnaccessData
SafeArrayGetElement
SafeArrayPutElement
SafeArrayPtrOfIndex
VariantChangeTypeEx
VariantClear
VariantCopy
VariantInit

user32

MessageBoxA
CharUpperBuffW
CharLowerBuffW
PeekMessageA
SendMessageA
PostMessageA
DefWindowProcA
CallWindowProcA
RegisterClassA
UnregisterClassA
GetClassInfoA
CreateWindowExA
RegisterClipboardFormatA
GetClipboardFormatNameA
CharToOemA
CharUpperA
CharUpperBuffA
CharLowerA
CharLowerBuffA
GetMenuItemInfoA
SetPropA
GetPropA
RemovePropA
EnumPropsA
GetWindowLongA
SetWindowLongA
SetClassLongA
GetClassNameA
LoadBitmapA
LoadCursorA
LoadIconA
LoadImageA
SystemParametersInfoA
DispatchMessageW
PeekMessageW
SendMessageW
DefWindowProcW
CallWindowProcW
RegisterClassW
UnregisterClassW
GetClassInfoW
CreateWindowExW
InsertMenuItemW
GetMenuItemInfoW
SetMenuItemInfoW
DrawTextW
DrawStateW
SetWindowTextW
GetWindowTextW
GetWindowTextLengthW
MessageBoxW
GetWindowLongW
SetWindowLongW
TranslateMessage
PostQuitMessage
GetDoubleClickTime
IsWindow
IsMenu
DestroyWindow
ShowWindow
ShowWindowAsync
ShowOwnedPopups
SetWindowPos
GetWindowPlacement
SetWindowPlacement
BeginDeferWindowPos
DeferWindowPos
EndDeferWindowPos
IsWindowVisible
IsIconic
BringWindowToTop
IsZoomed
OpenClipboard
CloseClipboard
SetClipboardData
GetClipboardData
CountClipboardFormats
EnumClipboardFormats
EmptyClipboard
IsClipboardFormatAvailable
SetFocus
GetActiveWindow
GetFocus
GetKeyState
GetCapture
SetCapture
ReleaseCapture
MsgWaitForMultipleObjects
SetTimer
KillTimer
EnableWindow
IsWindowEnabled
GetSystemMetrics
GetMenu
SetMenu
DrawMenuBar
GetSystemMenu
CreateMenu
CreatePopupMenu
DestroyMenu
EnableMenuItem
GetSubMenu
GetMenuItemCount
RemoveMenu
DeleteMenu
UpdateWindow
SetActiveWindow
GetForegroundWindow
SetForegroundWindow
WindowFromDC
GetDC
GetDCEx
GetWindowDC
ReleaseDC
BeginPaint
EndPaint
GetUpdateRect
SetWindowRgn
InvalidateRect
InvalidateRgn
RedrawWindow
ScrollWindowEx
ShowScrollBar
EnableScrollBar
GetClientRect
GetWindowRect
AdjustWindowRectEx
MessageBeep
SetCursorPos
SetCursor
GetCursorPos
CreateCaret
DestroyCaret
HideCaret
ShowCaret
SetCaretPos
GetCaretPos
ClientToScreen
ScreenToClient
MapWindowPoints
WindowFromPoint
GetSysColor
GetSysColorBrush
SetSysColors
DrawFocusRect
FillRect
FrameRect
SetRect
InflateRect
IntersectRect
OffsetRect
GetDesktopWindow
GetParent
SetParent
EnumThreadWindows
GetTopWindow
GetWindowThreadProcessId
GetLastActivePopup
GetWindow
CallNextHookEx
DestroyCursor
DestroyIcon
CopyImage
CreateIconIndirect
GetIconInfo
SetScrollInfo
GetScrollInfo
DrawEdge
DrawFrameControl
TrackPopupMenuEx
ChildWindowFromPointEx
FlashWindowEx

advapi32

RegCreateKeyExA
RegOpenKeyExA
RegSetValueExA
RegCloseKey
RegFlushKey

gdi32

CreateFontIndirectA
EnumFontFamiliesA
GetCharABCWidthsA
GetTextExtentPointA
GetTextMetricsA
GetObjectA
ExtTextOutA
CreateFontIndirectW
EnumFontFamiliesExW
GetCharABCWidthsW
GetTextExtentPoint32W
GetTextExtentExPointW
GetObjectW
TextOutW
ExtTextOutW
GetRandomRgn
Arc
BitBlt
Chord
CombineRgn
CreateBitmap
CreateBrushIndirect
CreateCompatibleBitmap
CreateCompatibleDC
CreateDIBitmap
CreateEllipticRgn
CreatePen
CreatePenIndirect
CreatePatternBrush
CreateRectRgn
CreateRoundRectRgn
CreateSolidBrush
DeleteDC
DeleteObject
Ellipse
EqualRgn
ExcludeClipRect
ExtCreateRegion
ExtFloodFill
FillRgn
GetROP2
GetBkColor
GetBitmapBits
GetClipBox
GetClipRgn
GetCurrentObject
GetDeviceCaps
GetDIBits
GetMapMode
GetObjectType
GetPixel
GetRegionData
GetRgnBox
GetStockObject
GetTextAlign
GetTextColor
GetViewportExtEx
GetViewportOrgEx
GetWindowExtEx
GetWindowOrgEx
IntersectClipRect
LineTo
MaskBlt
OffsetRgn
PatBlt
Pie
PaintRgn
PtInRegion
RectInRegion
RectVisible
Rectangle
RestoreDC
RealizePalette
RoundRect
SaveDC
SelectClipRgn
ExtSelectClipRgn
SelectObject
SelectPalette
SetBkColor
SetBkMode
SetMapMode
SetPixel
SetPolyFillMode
StretchBlt
SetRectRgn
SetROP2
SetStretchBltMode
SetTextCharacterExtra
SetTextColor
SetTextAlign
CreateDIBSection
SetArcDirection
ExtCreatePen
MoveToEx
CreatePolygonRgn
DPtoLP
LPtoDP
Polygon
Polyline
PolyBezier
SetViewportExtEx
SetViewportOrgEx
SetWindowExtEx
SetWindowOrgEx
OffsetViewportOrgEx
SetBrushOrgEx
GetDCOrgEx

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

shell32

DragQueryFileA
ShellExecuteA
DragQueryFileW
DragFinish
DragAcceptFiles
SHGetSpecialFolderLocation
SHGetPathFromIDListA

ole32

OleInitialize
OleUninitialize
CoUninitialize
CoCreateInstance
CoInitialize
MkParseDisplayName
CreateBindCtx
GetErrorInfo

comctl32

InitCommonControls
ImageList_Create
ImageList_Destroy
ImageList_GetImageCount
ImageList_SetImageCount
ImageList_Add
ImageList_Replace
ImageList_AddMasked
ImageList_DrawEx
ImageList_DrawIndirect
ImageList_Remove
ImageList_Copy
ImageList_BeginDrag
ImageList_EndDrag
ImageList_DragEnter
ImageList_DragLeave
ImageList_DragMove
ImageList_DragShowNolock
_TrackMouseEvent

ws2_32

closesocket
connect
getsockopt
recv
send
setsockopt
shutdown
socket
WSAStartup
WSACleanup
WSAGetLastError

wsock32

gethostbyaddr
gethostbyname
WSAStartup

Sections

.text
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 112KB - Virtual size: 111KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 351KB - Virtual size: 351KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 25KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 136KB - Virtual size: 136KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Malware-Feed-master/2020.12.16_TeamCymru-APTC_23_AridViper_GnatSpy/4eced949a2da569ee9c4e536283dabad49e2f41371b6e8d40b80a79ec1b0e986
.exe windows:5 windows x86 arch:x86

6f5e3e85ccc333b84764df9ffa39f9b2

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

winspool.drv

DocumentPropertiesW
ClosePrinter
OpenPrinterW
GetDefaultPrinterW
EnumPrintersW

comctl32

ImageList_GetImageInfo
FlatSB_SetScrollInfo
ImageList_DragMove
ImageList_Destroy
_TrackMouseEvent
ImageList_DragShowNolock
ImageList_Add
FlatSB_SetScrollProp
ImageList_GetDragImage
ImageList_Create
ImageList_EndDrag
ImageList_DrawEx
ImageList_SetImageCount
FlatSB_GetScrollPos
FlatSB_SetScrollPos
InitializeFlatSB
ImageList_Copy
FlatSB_GetScrollInfo
ImageList_Write
ImageList_SetBkColor
ImageList_GetBkColor
ImageList_BeginDrag
ImageList_GetIcon
ImageList_Replace
ImageList_GetImageCount
ImageList_DragEnter
ImageList_GetIconSize
ImageList_SetIconSize
ImageList_Read
ImageList_DragLeave
ImageList_LoadImageW
ImageList_Draw
ImageList_Remove
ImageList_ReplaceIcon
ImageList_SetOverlayImage

shell32

SHGetSpecialFolderLocation
Shell_NotifyIconW
ShellExecuteW
SHGetPathFromIDListW

user32

CopyImage
CreateWindowExW
GetMenuItemInfoW
SetMenuItemInfoW
DefFrameProcW
GetDCEx
PeekMessageW
MonitorFromWindow
GetDlgCtrlID
SetTimer
WindowFromPoint
BeginPaint
RegisterClipboardFormatW
FrameRect
MapVirtualKeyW
IsWindowUnicode
RegisterWindowMessageW
FillRect
GetMenuStringW
DispatchMessageW
CreateAcceleratorTableW
SendMessageA
DefMDIChildProcW
EnumWindows
GetClassInfoW
ShowOwnedPopups
GetSystemMenu
GetScrollRange
SetScrollPos
GetScrollPos
GetActiveWindow
SetActiveWindow
DrawEdge
GetKeyboardLayoutList
LoadBitmapW
DrawFocusRect
EnumChildWindows
GetScrollBarInfo
ReleaseCapture
UnhookWindowsHookEx
LoadCursorW
GetCapture
SetCapture
CreatePopupMenu
ScrollWindow
ShowCaret
GetMenuItemID
GetLastActivePopup
CharLowerBuffW
GetSystemMetrics
SetWindowLongW
PostMessageW
DrawMenuBar
SetParent
IsZoomed
CharUpperBuffW
GetClientRect
IsChild
ClientToScreen
GetClipboardData
SetClipboardData
SetWindowPlacement
IsIconic
CallNextHookEx
GetMonitorInfoW
ShowWindow
CheckMenuItem
CharUpperW
DefWindowProcW
GetForegroundWindow
SetForegroundWindow
GetWindowTextW
EnableWindow
DestroyWindow
IsDialogMessageW
EndMenu
RegisterClassW
CharNextW
GetWindowThreadProcessId
RedrawWindow
GetDC
GetFocus
SetFocus
EndPaint
ReleaseDC
MsgWaitForMultipleObjectsEx
LoadKeyboardLayoutW
GetClassLongW
ActivateKeyboardLayout
GetParent
DrawTextW
SetScrollRange
MonitorFromRect
InsertMenuItemW
PeekMessageA
GetPropW
SetClassLongW
MessageBoxW
MessageBeep
SetPropW
RemovePropW
UpdateWindow
GetSubMenu
MsgWaitForMultipleObjects
DestroyMenu
DestroyIcon
SetWindowsHookExW
EmptyClipboard
IsWindowVisible
DispatchMessageA
UnregisterClassW
GetTopWindow
SendMessageW
AdjustWindowRectEx
DrawIcon
IsWindow
EnumThreadWindows
InvalidateRect
GetKeyboardState
DrawFrameControl
ScreenToClient
SetCursor
CreateIcon
CreateMenu
LoadStringW
CharLowerW
SetWindowRgn
SetWindowPos
GetMenuItemCount
RemoveMenu
GetSysColorBrush
GetKeyboardLayoutNameW
GetWindowDC
TranslateMessage
OpenClipboard
DrawTextExW
MapWindowPoints
EnumDisplayMonitors
CallWindowProcW
CloseClipboard
DestroyCursor
GetScrollInfo
SetWindowTextW
GetMessageExtraInfo
EnableScrollBar
GetSysColor
TrackPopupMenu
CopyIcon
DrawIconEx
PostQuitMessage
GetClassNameW
ShowScrollBar
EnableMenuItem
GetIconInfo
GetMessagePos
SetScrollInfo
GetKeyNameTextW
GetDesktopWindow
GetCursorPos
SetCursorPos
HideCaret
GetMenu
GetMenuState
SetMenu
SetRect
GetKeyState
FindWindowExW
MonitorFromPoint
SystemParametersInfoW
LoadIconW
GetCursor
GetWindow
GetWindowLongW
GetWindowRect
InsertMenuW
KillTimer
WaitMessage
IsWindowEnabled
IsDialogMessageA
TranslateMDISysAccel
GetWindowPlacement
FindWindowW
DeleteMenu
GetKeyboardLayout

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

oleaut32

GetErrorInfo
SysFreeString
VariantClear
VariantInit
SysReAllocStringLen
SafeArrayCreate
SafeArrayGetElement
SysAllocStringLen
SafeArrayPtrOfIndex
SafeArrayGetUBound
SafeArrayGetLBound
VariantCopy
VariantChangeType

advapi32

RegSetValueExW
RegConnectRegistryW
RegEnumKeyExW
RegLoadKeyW
RegDeleteKeyW
RegOpenKeyExW
RegQueryInfoKeyW
RegUnLoadKeyW
RegSaveKeyW
RegDeleteValueW
RegReplaceKeyW
RegFlushKey
RegQueryValueExW
RegEnumValueW
RegCloseKey
RegCreateKeyExW
RegRestoreKeyW

netapi32

NetWkstaGetInfo
NetApiBufferFree

msvcrt

memcpy
memset

winhttp

WinHttpGetIEProxyConfigForCurrentUser
WinHttpSetTimeouts
WinHttpSetStatusCallback
WinHttpConnect
WinHttpReceiveResponse
WinHttpQueryAuthSchemes
WinHttpGetProxyForUrl
WinHttpReadData
WinHttpCloseHandle
WinHttpQueryHeaders
WinHttpOpenRequest
WinHttpAddRequestHeaders
WinHttpOpen
WinHttpWriteData
WinHttpSetCredentials
WinHttpQueryDataAvailable
WinHttpSetOption
WinHttpSendRequest
WinHttpQueryOption

kernel32

GetFileType
GetACP
CloseHandle
LocalFree
GetCurrentProcessId
SizeofResource
VirtualProtect
TerminateThread
QueryPerformanceFrequency
IsDebuggerPresent
GetFullPathNameW
VirtualFree
ExitProcess
HeapAlloc
GetCPInfoExW
RtlUnwind
GetCPInfo
EnumSystemLocalesW
GetStdHandle
GetTimeZoneInformation
GetModuleHandleW
FreeLibrary
TryEnterCriticalSection
HeapDestroy
ReadFile
CreateProcessW
HeapSize
GetLastError
GetModuleFileNameW
SetLastError
GlobalAlloc
GlobalUnlock
FindResourceW
CreateThread
CompareStringW
CopyFileW
LoadLibraryA
ResetEvent
MulDiv
FreeResource
GetVersion
RaiseException
GlobalAddAtomW
FormatMessageW
SwitchToThread
GetExitCodeThread
OutputDebugStringW
GetCurrentThread
LoadLibraryExW
LockResource
FileTimeToSystemTime
GetCurrentThreadId
UnhandledExceptionFilter
VirtualQuery
GlobalFindAtomW
VirtualQueryEx
GlobalFree
Sleep
EnterCriticalSection
SetFilePointer
LoadResource
SuspendThread
GetTickCount
GetFileSize
GetStartupInfoW
GlobalDeleteAtom
GetFileAttributesW
InitializeCriticalSection
GetThreadPriority
GetCurrentProcess
SetThreadPriority
GlobalLock
VirtualAlloc
GetCommandLineW
GetSystemInfo
LeaveCriticalSection
GetProcAddress
ResumeThread
GetVersionExW
VerifyVersionInfoW
HeapCreate
LCMapStringW
GetDiskFreeSpaceW
VerSetConditionMask
FindFirstFileW
GetUserDefaultUILanguage
GetConsoleOutputCP
GetConsoleCP
lstrlenW
SetEndOfFile
QueryPerformanceCounter
HeapFree
WideCharToMultiByte
FindClose
MultiByteToWideChar
LoadLibraryW
SetEvent
GetLocaleInfoW
CreateFileW
EnumResourceNamesW
DeleteFileW
IsDBCSLeadByteEx
GetEnvironmentVariableW
GetLocalTime
WaitForSingleObject
WriteFile
ExitThread
CreatePipe
DeleteCriticalSection
GetDateFormatW
TlsGetValue
SetErrorMode
IsValidLocale
TlsSetValue
CreateDirectoryW
GetSystemDefaultUILanguage
EnumCalendarInfoW
LocalAlloc
RemoveDirectoryW
CreateEventW
WaitForMultipleObjectsEx
GetThreadLocale
SetThreadLocale

ole32

CreateBindCtx
MkParseDisplayName
CoCreateInstance
CoUninitialize
IsEqualGUID
OleInitialize
CLSIDFromProgID
OleUninitialize
CoInitialize
CoTaskMemFree
CoTaskMemAlloc
StringFromCLSID

gdi32

Pie
SetBkMode
CreateCompatibleBitmap
GetEnhMetaFileHeader
RectVisible
AngleArc
SetAbortProc
SetTextColor
StretchBlt
RoundRect
RestoreDC
SetRectRgn
GetTextMetricsW
GetWindowOrgEx
CreatePalette
PolyBezierTo
CreateICW
CreateDCW
GetStockObject
CreateSolidBrush
Polygon
MoveToEx
PlayEnhMetaFile
Ellipse
StartPage
GetBitmapBits
StartDocW
GetSystemPaletteEntries
GetEnhMetaFileBits
AbortDoc
GetEnhMetaFilePaletteEntries
CreatePenIndirect
CreateFontIndirectW
PolyBezier
EndDoc
GetObjectW
GetWinMetaFileBits
SetROP2
GetEnhMetaFileDescriptionW
ArcTo
Arc
SelectPalette
ExcludeClipRect
MaskBlt
SetWindowOrgEx
EndPage
DeleteEnhMetaFile
Chord
SetDIBits
SetViewportOrgEx
CreateRectRgn
RealizePalette
SetDIBColorTable
GetDIBColorTable
CreateBrushIndirect
PatBlt
SetEnhMetaFileBits
Rectangle
SaveDC
DeleteDC
FrameRgn
BitBlt
GetDeviceCaps
GetTextExtentPoint32W
GetClipBox
IntersectClipRect
Polyline
CreateBitmap
SetWinMetaFileBits
GetStretchBltMode
CreateDIBitmap
SetStretchBltMode
GetDIBits
CreateDIBSection
LineTo
GetRgnBox
EnumFontsW
CreateHalftonePalette
SelectObject
DeleteObject
ExtFloodFill
UnrealizeObject
CopyEnhMetaFileW
SetBkColor
CreateCompatibleDC
GetBrushOrgEx
GetCurrentPositionEx
GetTextExtentPointW
ExtTextOutW
SetBrushOrgEx
GetPixel
GdiFlush
SetPixel
EnumFontFamiliesExW
StretchDIBits
GetPaletteEntries

Exports

Exports

TMethodImplementationIntercept
__dbk_fcall_wrapper
dbkFCallWrapperAddr

Sections

.text
Size: 2.9MB - Virtual size: 2.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 26KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.didata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 154B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: - Virtual size: 80B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 93B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 258KB - Virtual size: 257KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 92KB - Virtual size: 91KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.12.16_TeamCymru-APTC_23_AridViper_GnatSpy/5b8b71d1140beaae4736eb58adc64930613ebeab997506fbb09aabff68242e17
.exe windows:5 windows x86 arch:x86

a3f074158982788e6d871663910c4b1c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

winmm

mciSendStringW
waveOutGetNumDevs

winspool.drv

DocumentPropertiesW
ClosePrinter
OpenPrinterW
GetDefaultPrinterW
EnumPrintersW

comctl32

ImageList_GetImageInfo
FlatSB_SetScrollInfo
InitCommonControls
ImageList_DragMove
ImageList_Destroy
_TrackMouseEvent
ImageList_DragShowNolock
ImageList_Add
FlatSB_SetScrollProp
ImageList_GetDragImage
ImageList_Create
ImageList_EndDrag
ImageList_DrawEx
ImageList_SetImageCount
FlatSB_GetScrollPos
FlatSB_SetScrollPos
InitializeFlatSB
ImageList_Copy
FlatSB_GetScrollInfo
ImageList_Write
ImageList_SetBkColor
ImageList_GetBkColor
ImageList_BeginDrag
ImageList_GetIcon
ImageList_Replace
ImageList_GetImageCount
ImageList_DragEnter
ImageList_GetIconSize
ImageList_SetIconSize
ImageList_Read
ImageList_DragLeave
ImageList_LoadImageW
ImageList_Draw
ImageList_Remove
ImageList_ReplaceIcon
ImageList_SetOverlayImage

shell32

SHGetFolderPathW
Shell_NotifyIconW
ShellExecuteW

user32

CopyImage
CreateWindowExW
GetMenuItemInfoW
SetMenuItemInfoW
DefFrameProcW
GetDCEx
PeekMessageW
MonitorFromWindow
GetDlgCtrlID
RegisterDeviceNotificationW
SetTimer
WindowFromPoint
BeginPaint
RegisterClipboardFormatW
FrameRect
MapVirtualKeyW
IsWindowUnicode
RegisterWindowMessageW
FillRect
GetMenuStringW
DispatchMessageW
CreateAcceleratorTableW
SendMessageA
IsClipboardFormatAvailable
DefMDIChildProcW
EnumWindows
GetClassInfoW
ShowOwnedPopups
GetSystemMenu
GetScrollRange
GetScrollPos
SetScrollPos
GetActiveWindow
SetActiveWindow
DrawEdge
GetKeyboardLayoutList
LoadBitmapW
DrawFocusRect
EnumChildWindows
GetScrollBarInfo
ReleaseCapture
UnhookWindowsHookEx
LoadCursorW
GetCapture
SetCapture
CreatePopupMenu
ScrollWindow
ShowCaret
GetMenuItemID
GetLastActivePopup
CharLowerBuffW
GetSystemMetrics
SetWindowLongW
PostMessageW
DrawMenuBar
SetParent
IsZoomed
CharUpperBuffW
GetClientRect
IsChild
ClientToScreen
GetClipboardData
SetClipboardData
SetWindowPlacement
IsIconic
CallNextHookEx
GetMonitorInfoW
ShowWindow
CheckMenuItem
CharUpperW
DefWindowProcW
GetAsyncKeyState
GetForegroundWindow
SetForegroundWindow
GetWindowTextW
GetWindowTextLengthW
EnableWindow
DestroyWindow
IsDialogMessageW
EndMenu
RegisterClassW
CharNextW
GetWindowThreadProcessId
RedrawWindow
GetDC
GetFocus
SetFocus
EndPaint
ReleaseDC
MsgWaitForMultipleObjectsEx
LoadKeyboardLayoutW
GetClassLongW
ActivateKeyboardLayout
GetParent
DrawTextW
SetScrollRange
MonitorFromRect
InsertMenuItemW
PeekMessageA
GetPropW
SetClassLongW
MessageBoxW
MessageBeep
SetPropW
RemovePropW
UpdateWindow
GetSubMenu
MsgWaitForMultipleObjects
DestroyMenu
DestroyIcon
SetWindowsHookExW
EmptyClipboard
IsWindowVisible
DispatchMessageA
UnregisterClassW
GetTopWindow
SendMessageW
AdjustWindowRectEx
DrawIcon
IsWindow
EnumThreadWindows
InvalidateRect
GetKeyboardState
DrawFrameControl
ScreenToClient
SetCursor
CreateIcon
CreateMenu
LoadStringW
CharLowerW
SetWindowRgn
SetWindowPos
GetMenuItemCount
RemoveMenu
GetSysColorBrush
GetKeyboardLayoutNameW
GetWindowDC
TranslateMessage
OpenClipboard
DrawTextExW
MapWindowPoints
EnumDisplayMonitors
CallWindowProcW
CountClipboardFormats
CloseClipboard
DestroyCursor
EnumClipboardFormats
GetScrollInfo
SetWindowTextW
GetMessageExtraInfo
EnableScrollBar
GetSysColor
TrackPopupMenu
CopyIcon
DrawIconEx
PostQuitMessage
GetClassNameW
ShowScrollBar
EnableMenuItem
GetIconInfo
GetMessagePos
SetScrollInfo
GetKeyNameTextW
GetDesktopWindow
GetCursorPos
SetCursorPos
HideCaret
GetMenu
GetMenuState
SetMenu
SetRect
GetKeyState
FindWindowExW
MonitorFromPoint
SystemParametersInfoW
LoadIconW
GetCursor
GetWindow
GetWindowLongW
GetWindowRect
InsertMenuW
KillTimer
WaitMessage
IsWindowEnabled
IsDialogMessageA
TranslateMDISysAccel
GetWindowPlacement
FindWindowW
DeleteMenu
GetKeyboardLayout

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

oleaut32

SysFreeString
VariantClear
VariantInit
GetErrorInfo
SysReAllocStringLen
SafeArrayCreate
SysAllocStringLen
SafeArrayPtrOfIndex
SafeArrayGetUBound
SafeArrayGetLBound
VariantCopy
VariantChangeType

advapi32

RegSetValueExW
RegConnectRegistryW
RegEnumKeyExW
RegLoadKeyW
RegDeleteKeyW
RegOpenKeyExW
RegQueryInfoKeyW
RegUnLoadKeyW
RegSaveKeyW
RegDeleteValueW
RegReplaceKeyW
RegFlushKey
RegQueryValueExW
RegEnumValueW
RegCloseKey
RegCreateKeyExW
RegRestoreKeyW

netapi32

NetWkstaGetInfo
NetApiBufferFree

msvcrt

memcpy
memset

winhttp

WinHttpGetIEProxyConfigForCurrentUser
WinHttpSetTimeouts
WinHttpSetStatusCallback
WinHttpConnect
WinHttpReceiveResponse
WinHttpQueryAuthSchemes
WinHttpGetProxyForUrl
WinHttpReadData
WinHttpCloseHandle
WinHttpQueryHeaders
WinHttpOpenRequest
WinHttpAddRequestHeaders
WinHttpOpen
WinHttpWriteData
WinHttpSetCredentials
WinHttpQueryDataAvailable
WinHttpSetOption
WinHttpSendRequest
WinHttpQueryOption

kernel32

SetFileAttributesW
GetACP
LocalFree
CloseHandle
GetCurrentProcessId
SizeofResource
VirtualProtect
TerminateThread
QueryPerformanceFrequency
IsDebuggerPresent
FindNextFileW
GetFullPathNameW
VirtualFree
ExitProcess
HeapAlloc
GetCPInfoExW
GlobalSize
RtlUnwind
GetCPInfo
EnumSystemLocalesW
GetStdHandle
GetTimeZoneInformation
FileTimeToLocalFileTime
SystemTimeToTzSpecificLocalTime
GetModuleHandleW
FreeLibrary
TryEnterCriticalSection
HeapDestroy
FileTimeToDosDateTime
ReadFile
CreateProcessW
HeapSize
GetLastError
GetModuleFileNameW
SetLastError
GlobalAlloc
GlobalUnlock
FindResourceW
CreateThread
CompareStringW
CreateMutexW
LoadLibraryA
ResetEvent
MulDiv
FreeResource
GetVersion
RaiseException
GlobalAddAtomW
FormatMessageW
SwitchToThread
GetExitCodeThread
OutputDebugStringW
GetCurrentThread
GetFileAttributesExW
LoadLibraryExW
LockResource
FileTimeToSystemTime
GetCurrentThreadId
UnhandledExceptionFilter
VirtualQuery
GlobalFindAtomW
VirtualQueryEx
GlobalFree
Sleep
EnterCriticalSection
SetFilePointer
LoadResource
SuspendThread
GetTickCount
GetStartupInfoW
GlobalDeleteAtom
GetFileAttributesW
InitializeCriticalSection
GetThreadPriority
GetCurrentProcess
SetThreadPriority
GlobalLock
VirtualAlloc
GetSystemInfo
GetCommandLineW
LeaveCriticalSection
GetProcAddress
ResumeThread
GetVersionExW
VerifyVersionInfoW
HeapCreate
LCMapStringW
GetDiskFreeSpaceW
VerSetConditionMask
FindFirstFileW
GetUserDefaultUILanguage
lstrlenW
QueryPerformanceCounter
SetEndOfFile
lstrcmpW
HeapFree
WideCharToMultiByte
FindClose
MultiByteToWideChar
LoadLibraryW
SetEvent
CreateFileW
GetLocaleInfoW
EnumResourceNamesW
DeleteFileW
GetEnvironmentVariableW
GetLocalTime
WaitForSingleObject
WriteFile
ExitThread
CreatePipe
DeleteCriticalSection
GetDateFormatW
TlsGetValue
SetErrorMode
IsValidLocale
TlsSetValue
CreateDirectoryW
GetSystemDefaultUILanguage
EnumCalendarInfoW
LocalAlloc
RemoveDirectoryW
CreateEventW
WaitForMultipleObjectsEx
SetThreadLocale
GetThreadLocale

ole32

IsEqualGUID
OleInitialize
CLSIDFromProgID
OleUninitialize
CoInitialize
CoCreateInstance
CoUninitialize
CoTaskMemFree
CoTaskMemAlloc
StringFromCLSID

gdi32

Pie
SetBkMode
CreateCompatibleBitmap
GetEnhMetaFileHeader
RectVisible
AngleArc
SetAbortProc
SetTextColor
StretchBlt
RoundRect
RestoreDC
SetRectRgn
GetTextMetricsW
GetWindowOrgEx
CreatePalette
PolyBezierTo
CreateICW
CreateDCW
GetStockObject
CreateSolidBrush
Polygon
MoveToEx
PlayEnhMetaFile
Ellipse
StartPage
GetBitmapBits
StartDocW
GetSystemPaletteEntries
GetEnhMetaFileBits
AbortDoc
GetEnhMetaFilePaletteEntries
CreatePenIndirect
CreateFontIndirectW
PolyBezier
EndDoc
GetObjectW
GetWinMetaFileBits
SetROP2
GetEnhMetaFileDescriptionW
ArcTo
Arc
SelectPalette
ExcludeClipRect
MaskBlt
SetWindowOrgEx
EndPage
DeleteEnhMetaFile
Chord
SetDIBits
SetViewportOrgEx
CreateRectRgn
RealizePalette
SetDIBColorTable
GetDIBColorTable
CreateBrushIndirect
PatBlt
SetEnhMetaFileBits
Rectangle
SaveDC
DeleteDC
FrameRgn
BitBlt
GetDeviceCaps
GetTextExtentPoint32W
GetClipBox
IntersectClipRect
Polyline
CreateBitmap
SetWinMetaFileBits
GetStretchBltMode
CreateDIBitmap
SetStretchBltMode
GetDIBits
CreateDIBSection
LineTo
GetRgnBox
EnumFontsW
CreateHalftonePalette
SelectObject
DeleteObject
ExtFloodFill
UnrealizeObject
CopyEnhMetaFileW
SetBkColor
CreateCompatibleDC
GetBrushOrgEx
GetCurrentPositionEx
GetTextExtentPointW
ExtTextOutW
SetBrushOrgEx
GetPixel
GdiFlush
SetPixel
EnumFontFamiliesExW
StretchDIBits
GetPaletteEntries

Exports

Exports

TMethodImplementationIntercept
__dbk_fcall_wrapper
dbkFCallWrapperAddr

Sections

.text
Size: 2.9MB - Virtual size: 2.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 35KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 24KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.didata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 153B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: - Virtual size: 80B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 93B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 257KB - Virtual size: 256KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1003KB - Virtual size: 1003KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.12.16_TeamCymru-APTC_23_AridViper_GnatSpy/5f5af4762c073234fef6bfeaa3b9f6a04982e82a25e540116aa1f9e38223ae2b
.exe windows:5 windows x86 arch:x86

5ec0bb622a4b94b294b8589ab839ef4f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

oleaut32

SysFreeString
SysReAllocStringLen
SysAllocStringLen
SafeArrayPtrOfIndex
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayCreate
VariantChangeType
VariantCopy
VariantClear
VariantInit
GetErrorInfo
SysFreeString

advapi32

RegQueryValueExW
RegOpenKeyExW
RegCloseKey
RegUnLoadKeyW
RegSetValueExW
RegSaveKeyW
RegRestoreKeyW
RegReplaceKeyW
RegQueryValueExW
RegQueryInfoKeyW
RegOpenKeyExW
RegLoadKeyW
RegFlushKey
RegEnumValueW
RegEnumKeyExW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
RegConnectRegistryW
RegCloseKey

user32

MessageBoxA
CharNextW
LoadStringW
SetClassLongW
GetClassLongW
SetWindowLongW
GetWindowLongW
CreateWindowExW
WindowFromPoint
WaitMessage
UpdateWindow
UnregisterClassW
UnhookWindowsHookEx
TranslateMessage
TranslateMDISysAccel
TrackPopupMenu
SystemParametersInfoW
ShowWindow
ShowScrollBar
ShowOwnedPopups
ShowCaret
SetWindowRgn
SetWindowsHookExW
SetWindowTextW
SetWindowPos
SetWindowPlacement
SetTimer
SetScrollRange
SetScrollPos
SetScrollInfo
SetRect
SetPropW
SetParent
SetMenuItemInfoW
SetMenu
SetForegroundWindow
SetFocus
SetCursorPos
SetCursor
SetClipboardData
SetCapture
SetActiveWindow
SendMessageA
SendMessageW
ScrollWindow
ScreenToClient
RemovePropW
RemoveMenu
ReleaseDC
ReleaseCapture
RegisterWindowMessageW
RegisterClipboardFormatW
RegisterClassW
RedrawWindow
PostQuitMessage
PostMessageW
PeekMessageA
PeekMessageW
OpenClipboard
MsgWaitForMultipleObjectsEx
MsgWaitForMultipleObjects
MessageBoxW
MessageBeep
MapWindowPoints
MapVirtualKeyW
LoadStringW
LoadKeyboardLayoutW
LoadIconW
LoadCursorW
LoadBitmapW
KillTimer
IsZoomed
IsWindowVisible
IsWindowUnicode
IsWindowEnabled
IsWindow
IsIconic
IsDialogMessageA
IsDialogMessageW
IsChild
InvalidateRect
InsertMenuItemW
InsertMenuW
HideCaret
GetWindowThreadProcessId
GetWindowTextW
GetWindowRect
GetWindowPlacement
GetWindowDC
GetTopWindow
GetSystemMetrics
GetSystemMenu
GetSysColorBrush
GetSysColor
GetSubMenu
GetScrollRange
GetScrollPos
GetScrollInfo
GetScrollBarInfo
GetPropW
GetParent
GetWindow
GetMessagePos
GetMessageExtraInfo
GetMenuStringW
GetMenuState
GetMenuItemInfoW
GetMenuItemID
GetMenuItemCount
GetMenu
GetLastActivePopup
GetKeyboardState
GetKeyboardLayoutNameW
GetKeyboardLayoutList
GetKeyboardLayout
GetKeyState
GetKeyNameTextW
GetIconInfo
GetForegroundWindow
GetFocus
GetDlgCtrlID
GetDesktopWindow
GetDCEx
GetDC
GetCursorPos
GetCursor
GetClipboardData
GetClientRect
GetClassNameW
GetClassInfoExW
GetClassInfoW
GetCapture
GetActiveWindow
FrameRect
FindWindowExW
FindWindowW
FillRect
EnumWindows
EnumThreadWindows
EnumChildWindows
EndPaint
EndMenu
EnableWindow
EnableScrollBar
EnableMenuItem
EmptyClipboard
DrawTextExW
DrawTextW
DrawMenuBar
DrawIconEx
DrawIcon
DrawFrameControl
DrawFocusRect
DrawEdge
DispatchMessageA
DispatchMessageW
DestroyWindow
DestroyMenu
DestroyIcon
DestroyCursor
DeleteMenu
DefWindowProcW
DefMDIChildProcW
DefFrameProcW
CreatePopupMenu
CreateMenu
CreateIcon
CreateAcceleratorTableW
CopyImage
CopyIcon
CloseClipboard
ClientToScreen
CheckMenuItem
CharUpperBuffW
CharUpperW
CharNextW
CharLowerBuffW
CharLowerW
CallWindowProcW
CallNextHookEx
BeginPaint
AdjustWindowRectEx
ActivateKeyboardLayout
EnumDisplayMonitors
GetMonitorInfoW
MonitorFromPoint
MonitorFromRect
MonitorFromWindow

kernel32

Sleep
VirtualFree
VirtualAlloc
lstrlenW
VirtualQuery
QueryPerformanceCounter
GetTickCount
GetSystemInfo
GetVersion
CompareStringW
IsValidLocale
SetThreadLocale
GetSystemDefaultUILanguage
GetUserDefaultUILanguage
GetLocaleInfoW
WideCharToMultiByte
MultiByteToWideChar
GetACP
LoadLibraryExW
GetStartupInfoW
GetProcAddress
GetModuleHandleW
GetModuleFileNameW
GetCommandLineW
FreeLibrary
GetLastError
UnhandledExceptionFilter
RtlUnwind
RaiseException
ExitProcess
ExitThread
SwitchToThread
GetCurrentThreadId
CreateThread
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
FindFirstFileW
FindClose
WriteFile
GetStdHandle
CloseHandle
GetProcAddress
RaiseException
LoadLibraryA
GetLastError
TlsSetValue
TlsGetValue
LocalFree
LocalAlloc
GetModuleHandleW
FreeLibrary
WriteFile
WideCharToMultiByte
WaitForSingleObject
WaitForMultipleObjectsEx
VirtualQueryEx
VirtualQuery
VirtualProtect
VirtualFree
VirtualAlloc
VerSetConditionMask
VerifyVersionInfoW
TryEnterCriticalSection
SwitchToThread
SuspendThread
Sleep
SizeofResource
SetThreadPriority
SetThreadLocale
SetLastError
SetFilePointer
SetFileAttributesW
SetEvent
SetErrorMode
SetEndOfFile
ResumeThread
ResetEvent
RemoveDirectoryW
ReadFile
RaiseException
IsDebuggerPresent
MulDiv
LockResource
LocalFree
LoadResource
LoadLibraryW
LeaveCriticalSection
IsValidLocale
InitializeCriticalSection
HeapSize
HeapFree
HeapDestroy
HeapCreate
HeapAlloc
GlobalUnlock
GlobalLock
GlobalFree
GlobalFindAtomW
GlobalDeleteAtom
GlobalAlloc
GlobalAddAtomW
GetVersionExW
GetVersion
GetTimeZoneInformation
GetTickCount
GetThreadPriority
GetThreadLocale
GetTempPathW
GetSystemTimes
GetStdHandle
GetProcAddress
GetModuleHandleW
GetModuleFileNameW
GetLocaleInfoW
GetLocalTime
GetLastError
GetFullPathNameW
GetFileSize
GetFileAttributesW
GetExitCodeThread
GetEnvironmentVariableW
GetDiskFreeSpaceW
GetDateFormatW
GetCurrentThreadId
GetCurrentThread
GetCurrentProcessId
GetCurrentProcess
GetComputerNameW
GetCPInfoExW
GetCPInfo
GetACP
FreeResource
InterlockedExchange
InterlockedCompareExchange
FreeLibrary
FormatMessageW
FindResourceW
FindNextFileW
FindFirstFileW
FindClose
FileTimeToLocalFileTime
FileTimeToDosDateTime
EnumSystemLocalesW
EnumResourceNamesW
EnumCalendarInfoW
EnterCriticalSection
DeleteFileW
DeleteCriticalSection
CreateThread
CreateFileW
CreateEventW
CreateDirectoryW
CompareStringW
CloseHandle
Sleep

gdi32

UnrealizeObject
StretchDIBits
StretchBlt
StartPage
StartDocW
SetWindowOrgEx
SetWinMetaFileBits
SetViewportOrgEx
SetTextColor
SetStretchBltMode
SetROP2
SetPixel
SetEnhMetaFileBits
SetDIBits
SetDIBColorTable
SetBrushOrgEx
SetBkMode
SetBkColor
SetAbortProc
SelectPalette
SelectObject
SaveDC
RoundRect
RestoreDC
Rectangle
RectVisible
RealizePalette
Polyline
Polygon
PolyBezierTo
PolyBezier
PlayEnhMetaFile
Pie
PatBlt
MoveToEx
MaskBlt
LineTo
IntersectClipRect
GetWindowOrgEx
GetWinMetaFileBits
GetTextMetricsW
GetTextExtentPointW
GetTextExtentPoint32W
GetSystemPaletteEntries
GetStockObject
GetRgnBox
GetPixel
GetPaletteEntries
GetObjectW
GetEnhMetaFilePaletteEntries
GetEnhMetaFileHeader
GetEnhMetaFileDescriptionW
GetEnhMetaFileBits
GetDeviceCaps
GetDIBits
GetDIBColorTable
GetCurrentPositionEx
GetClipBox
GetBrushOrgEx
GetBitmapBits
GdiFlush
FrameRgn
ExtTextOutW
ExtFloodFill
ExcludeClipRect
EnumFontsW
EnumFontFamiliesExW
EndPage
EndDoc
Ellipse
DeleteObject
DeleteEnhMetaFile
DeleteDC
CreateSolidBrush
CreateRectRgn
CreatePenIndirect
CreatePalette
CreateICW
CreateHalftonePalette
CreateFontIndirectW
CreateDIBitmap
CreateDIBSection
CreateDCW
CreateCompatibleDC
CreateCompatibleBitmap
CreateBrushIndirect
CreateBitmap
CopyEnhMetaFileW
Chord
BitBlt
ArcTo
Arc
AngleArc
AbortDoc

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

ole32

OleUninitialize
OleInitialize
CoTaskMemFree
CoTaskMemAlloc
CLSIDFromProgID
StringFromCLSID
CoCreateInstance
CoUninitialize
CoInitialize
IsEqualGUID

comctl32

InitializeFlatSB
FlatSB_SetScrollProp
FlatSB_SetScrollPos
FlatSB_SetScrollInfo
FlatSB_GetScrollPos
FlatSB_GetScrollInfo
_TrackMouseEvent
ImageList_GetImageInfo
ImageList_SetIconSize
ImageList_GetIconSize
ImageList_Write
ImageList_Read
ImageList_GetDragImage
ImageList_DragShowNolock
ImageList_DragMove
ImageList_DragLeave
ImageList_DragEnter
ImageList_EndDrag
ImageList_BeginDrag
ImageList_Copy
ImageList_LoadImageW
ImageList_GetIcon
ImageList_Remove
ImageList_DrawEx
ImageList_Replace
ImageList_Draw
ImageList_SetOverlayImage
ImageList_GetBkColor
ImageList_SetBkColor
ImageList_ReplaceIcon
ImageList_Add
ImageList_SetImageCount
ImageList_GetImageCount
ImageList_Destroy
ImageList_Create

shell32

ShellExecuteW
Shell_NotifyIconW
SHGetSpecialFolderLocation
SHGetPathFromIDListW

winspool.drv

OpenPrinterW
EnumPrintersW
DocumentPropertiesW
ClosePrinter
GetDefaultPrinterW

Exports

Exports

TMethodImplementationIntercept

Sections

.text
Size: 2.6MB - Virtual size: 2.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 34KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 22KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.didata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 96B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: - Virtual size: 64B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 239KB - Virtual size: 238KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 5.0MB - Virtual size: 5.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.12.16_TeamCymru-APTC_23_AridViper_GnatSpy/707e27d94b0d37dc55d7ca12d833ebaec80b50decb218a2eb79565561a807fe6
.exe windows:4 windows x86 arch:x86

5d8786b378c881f44443eb17940d6af6

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

GetLastError
SetLastError
GetTickCount
ExitProcess
GetStartupInfoA
GetStdHandle
GetCommandLineA
GetCurrentProcessId
GetCurrentThreadId
GetCurrentProcess
ReadProcessMemory
GetModuleFileNameA
GetModuleHandleA
WriteFile
ReadFile
CloseHandle
SetFilePointer
SetEndOfFile
FreeLibrary
GetSystemInfo
LoadLibraryA
GetProcAddress
DeleteFileW
CreateFileW
GetFileAttributesW
SetCurrentDirectoryW
GetCurrentDirectoryW
GetConsoleMode
GetConsoleOutputCP
GetOEMCP
GetProcessHeap
HeapAlloc
HeapFree
TlsAlloc
TlsGetValue
TlsSetValue
CreateThread
ExitThread
LocalAlloc
LocalFree
Sleep
SuspendThread
ResumeThread
TerminateThread
WaitForSingleObject
SetThreadPriority
GetThreadPriority
CreateEventA
ResetEvent
SetEvent
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
TryEnterCriticalSection
MultiByteToWideChar
WideCharToMultiByte
GetACP
GetConsoleCP
SetUnhandledExceptionFilter
EnumResourceTypesA
EnumResourceNamesA
EnumResourceLanguagesA
FindResourceA
FindResourceExA
LoadResource
SizeofResource
LockResource
FreeResource
GetEnvironmentStringsA
FreeEnvironmentStringsA
FormatMessageA
CreateMutexA
GlobalAddAtomA
GetWindowsDirectoryA
DeleteFileA
CopyFileA
CreateProcessA
GetVersionExA
CompareStringA
GetLocaleInfoA
GetDateFormatA
EnumCalendarInfoA
GetEnvironmentStringsW
FreeEnvironmentStringsW
FormatMessageW
LoadLibraryW
GetModuleFileNameW
GetCommandLineW
CompareStringW
GetLocaleInfoW
GlobalAlloc
GlobalReAlloc
GlobalSize
GlobalLock
GlobalUnlock
VirtualFree
GetExitCodeProcess
GetExitCodeThread
GlobalDeleteAtom
MulDiv
GetLocalTime
CreatePipe
PeekNamedPipe
GetThreadLocale
SetThreadLocale
GetUserDefaultLCID

oleaut32

SysAllocStringLen
SysFreeString
SysReAllocStringLen
SafeArrayCreate
SafeArrayRedim
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayAccessData
SafeArrayUnaccessData
SafeArrayGetElement
SafeArrayPutElement
SafeArrayPtrOfIndex
VariantChangeTypeEx
VariantClear
VariantCopy
VariantInit

user32

MessageBoxA
CharUpperBuffW
CharLowerBuffW
PeekMessageA
SendMessageA
PostMessageA
DefWindowProcA
CallWindowProcA
RegisterClassA
UnregisterClassA
GetClassInfoA
CreateWindowExA
RegisterClipboardFormatA
GetClipboardFormatNameA
CharToOemA
CharUpperA
CharUpperBuffA
CharLowerA
CharLowerBuffA
GetMenuItemInfoA
SetPropA
GetPropA
RemovePropA
EnumPropsA
GetWindowLongA
SetWindowLongA
SetClassLongA
GetClassNameA
LoadBitmapA
LoadCursorA
LoadIconA
LoadImageA
SystemParametersInfoA
DispatchMessageW
PeekMessageW
SendMessageW
DefWindowProcW
CallWindowProcW
RegisterClassW
UnregisterClassW
GetClassInfoW
CreateWindowExW
InsertMenuItemW
GetMenuItemInfoW
SetMenuItemInfoW
DrawTextW
DrawStateW
SetWindowTextW
GetWindowTextW
GetWindowTextLengthW
MessageBoxW
GetWindowLongW
SetWindowLongW
TranslateMessage
PostQuitMessage
GetDoubleClickTime
IsWindow
IsMenu
DestroyWindow
ShowWindow
ShowWindowAsync
ShowOwnedPopups
SetWindowPos
GetWindowPlacement
SetWindowPlacement
BeginDeferWindowPos
DeferWindowPos
EndDeferWindowPos
IsWindowVisible
IsIconic
BringWindowToTop
IsZoomed
OpenClipboard
CloseClipboard
SetClipboardData
GetClipboardData
CountClipboardFormats
EnumClipboardFormats
EmptyClipboard
IsClipboardFormatAvailable
SetFocus
GetActiveWindow
GetFocus
GetKeyState
GetCapture
SetCapture
ReleaseCapture
MsgWaitForMultipleObjects
SetTimer
KillTimer
EnableWindow
IsWindowEnabled
GetSystemMetrics
GetMenu
SetMenu
DrawMenuBar
GetSystemMenu
CreateMenu
CreatePopupMenu
DestroyMenu
EnableMenuItem
GetSubMenu
GetMenuItemCount
RemoveMenu
DeleteMenu
UpdateWindow
SetActiveWindow
GetForegroundWindow
SetForegroundWindow
WindowFromDC
GetDC
GetDCEx
GetWindowDC
ReleaseDC
BeginPaint
EndPaint
GetUpdateRect
SetWindowRgn
InvalidateRect
InvalidateRgn
RedrawWindow
ScrollWindowEx
ShowScrollBar
EnableScrollBar
GetClientRect
GetWindowRect
AdjustWindowRectEx
MessageBeep
SetCursorPos
SetCursor
GetCursorPos
CreateCaret
DestroyCaret
HideCaret
ShowCaret
SetCaretPos
GetCaretPos
ClientToScreen
ScreenToClient
MapWindowPoints
WindowFromPoint
GetSysColor
GetSysColorBrush
SetSysColors
DrawFocusRect
FillRect
FrameRect
SetRect
InflateRect
IntersectRect
OffsetRect
GetDesktopWindow
GetParent
SetParent
EnumThreadWindows
GetTopWindow
GetWindowThreadProcessId
GetLastActivePopup
GetWindow
CallNextHookEx
DestroyCursor
DestroyIcon
CopyImage
CreateIconIndirect
GetIconInfo
SetScrollInfo
GetScrollInfo
DrawEdge
DrawFrameControl
TrackPopupMenuEx
ChildWindowFromPointEx
FlashWindowEx

advapi32

RegCreateKeyExA
RegOpenKeyExA
RegSetValueExA
RegCloseKey
RegFlushKey

gdi32

CreateFontIndirectA
EnumFontFamiliesA
GetCharABCWidthsA
GetTextExtentPointA
GetTextMetricsA
GetObjectA
ExtTextOutA
CreateFontIndirectW
EnumFontFamiliesExW
GetCharABCWidthsW
GetTextExtentPoint32W
GetTextExtentExPointW
GetObjectW
TextOutW
ExtTextOutW
GetRandomRgn
Arc
BitBlt
Chord
CombineRgn
CreateBitmap
CreateBrushIndirect
CreateCompatibleBitmap
CreateCompatibleDC
CreateDIBitmap
CreateEllipticRgn
CreatePen
CreatePenIndirect
CreatePatternBrush
CreateRectRgn
CreateRoundRectRgn
CreateSolidBrush
DeleteDC
DeleteObject
Ellipse
EqualRgn
ExcludeClipRect
ExtCreateRegion
ExtFloodFill
FillRgn
GetROP2
GetBkColor
GetBitmapBits
GetClipBox
GetClipRgn
GetCurrentObject
GetDeviceCaps
GetDIBits
GetMapMode
GetObjectType
GetPixel
GetRegionData
GetRgnBox
GetStockObject
GetTextAlign
GetTextColor
GetViewportExtEx
GetViewportOrgEx
GetWindowExtEx
GetWindowOrgEx
IntersectClipRect
LineTo
MaskBlt
OffsetRgn
PatBlt
Pie
PaintRgn
PtInRegion
RectInRegion
RectVisible
Rectangle
RestoreDC
RealizePalette
RoundRect
SaveDC
SelectClipRgn
ExtSelectClipRgn
SelectObject
SelectPalette
SetBkColor
SetBkMode
SetMapMode
SetPixel
SetPolyFillMode
StretchBlt
SetRectRgn
SetROP2
SetStretchBltMode
SetTextCharacterExtra
SetTextColor
SetTextAlign
CreateDIBSection
SetArcDirection
ExtCreatePen
MoveToEx
CreatePolygonRgn
DPtoLP
LPtoDP
Polygon
Polyline
PolyBezier
SetViewportExtEx
SetViewportOrgEx
SetWindowExtEx
SetWindowOrgEx
OffsetViewportOrgEx
SetBrushOrgEx
GetDCOrgEx

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

shell32

DragQueryFileA
ShellExecuteA
DragQueryFileW
DragFinish
DragAcceptFiles
SHGetSpecialFolderLocation
SHGetPathFromIDListA

ole32

OleInitialize
OleUninitialize
CoUninitialize
CoCreateInstance
CoInitialize
MkParseDisplayName
CreateBindCtx
GetErrorInfo

comctl32

InitCommonControls
ImageList_Create
ImageList_Destroy
ImageList_GetImageCount
ImageList_SetImageCount
ImageList_Add
ImageList_Replace
ImageList_AddMasked
ImageList_DrawEx
ImageList_DrawIndirect
ImageList_Remove
ImageList_Copy
ImageList_BeginDrag
ImageList_EndDrag
ImageList_DragEnter
ImageList_DragLeave
ImageList_DragMove
ImageList_DragShowNolock
_TrackMouseEvent

ws2_32

closesocket
connect
getsockopt
recv
send
setsockopt
shutdown
socket
WSAStartup
WSACleanup
WSAGetLastError

wsock32

gethostbyaddr
gethostbyname
WSAStartup

Sections

.text
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 112KB - Virtual size: 111KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 351KB - Virtual size: 350KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 25KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 148KB - Virtual size: 147KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Malware-Feed-master/2020.12.16_TeamCymru-APTC_23_AridViper_GnatSpy/80fb33854bf54ceac731aed91c677d8fb933d1593eb95447b06bd9b80f562ed2
.exe windows:4 windows x86 arch:x86

db9f9229176033960295e1833a3f4418

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

GetLastError
SetLastError
GetTickCount
ExitProcess
GetStartupInfoA
GetStdHandle
GetCommandLineA
GetCurrentProcessId
GetCurrentThreadId
GetCurrentProcess
ReadProcessMemory
GetModuleFileNameA
GetModuleHandleA
WriteFile
ReadFile
CloseHandle
SetFilePointer
SetEndOfFile
FreeLibrary
GetSystemInfo
LoadLibraryA
GetProcAddress
DeleteFileW
CreateFileW
GetFileAttributesW
CreateDirectoryW
SetCurrentDirectoryW
GetCurrentDirectoryW
GetConsoleMode
GetConsoleOutputCP
GetOEMCP
GetProcessHeap
HeapAlloc
HeapFree
TlsAlloc
TlsGetValue
TlsSetValue
CreateThread
ExitThread
LocalAlloc
LocalFree
Sleep
SuspendThread
ResumeThread
TerminateThread
WaitForSingleObject
SetThreadPriority
GetThreadPriority
CreateEventA
ResetEvent
SetEvent
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
TryEnterCriticalSection
MultiByteToWideChar
WideCharToMultiByte
GetACP
GetConsoleCP
SetUnhandledExceptionFilter
EnumResourceTypesA
EnumResourceNamesA
EnumResourceLanguagesA
FindResourceA
FindResourceExA
LoadResource
SizeofResource
LockResource
FreeResource
GetEnvironmentStringsA
FreeEnvironmentStringsA
FormatMessageA
CreateMutexA
GlobalAddAtomA
GetWindowsDirectoryA
DeleteFileA
CreateProcessA
GetVersionExA
CompareStringA
GetLocaleInfoA
GetDateFormatA
EnumCalendarInfoA
GetEnvironmentStringsW
FreeEnvironmentStringsW
FormatMessageW
LoadLibraryW
GetModuleFileNameW
GetCommandLineW
CompareStringW
GetLocaleInfoW
GlobalAlloc
GlobalReAlloc
GlobalSize
GlobalLock
GlobalUnlock
VirtualFree
GetExitCodeProcess
GetExitCodeThread
GlobalDeleteAtom
MulDiv
GetLocalTime
CreatePipe
PeekNamedPipe
GetThreadLocale
SetThreadLocale
GetUserDefaultLCID

oleaut32

SysAllocStringLen
SysFreeString
SysReAllocStringLen
SafeArrayCreate
SafeArrayRedim
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayAccessData
SafeArrayUnaccessData
SafeArrayGetElement
SafeArrayPutElement
SafeArrayPtrOfIndex
VariantChangeTypeEx
VariantClear
VariantCopy
VariantInit

user32

MessageBoxA
CharUpperBuffW
CharLowerBuffW
PeekMessageA
SendMessageA
PostMessageA
DefWindowProcA
CallWindowProcA
RegisterClassA
UnregisterClassA
GetClassInfoA
CreateWindowExA
RegisterClipboardFormatA
GetClipboardFormatNameA
CharToOemA
CharUpperA
CharUpperBuffA
CharLowerA
CharLowerBuffA
GetMenuItemInfoA
SetPropA
GetPropA
RemovePropA
EnumPropsA
GetWindowLongA
SetWindowLongA
SetClassLongA
GetClassNameA
LoadBitmapA
LoadCursorA
LoadIconA
LoadImageA
SystemParametersInfoA
DispatchMessageW
PeekMessageW
SendMessageW
DefWindowProcW
CallWindowProcW
RegisterClassW
UnregisterClassW
GetClassInfoW
CreateWindowExW
InsertMenuItemW
GetMenuItemInfoW
SetMenuItemInfoW
DrawTextW
DrawStateW
SetWindowTextW
GetWindowTextW
GetWindowTextLengthW
MessageBoxW
GetWindowLongW
SetWindowLongW
TranslateMessage
PostQuitMessage
GetDoubleClickTime
IsWindow
IsMenu
DestroyWindow
ShowWindow
ShowWindowAsync
ShowOwnedPopups
SetWindowPos
GetWindowPlacement
SetWindowPlacement
BeginDeferWindowPos
DeferWindowPos
EndDeferWindowPos
IsWindowVisible
IsIconic
BringWindowToTop
IsZoomed
OpenClipboard
CloseClipboard
SetClipboardData
GetClipboardData
CountClipboardFormats
EnumClipboardFormats
EmptyClipboard
IsClipboardFormatAvailable
SetFocus
GetActiveWindow
GetFocus
GetKeyState
GetCapture
SetCapture
ReleaseCapture
MsgWaitForMultipleObjects
SetTimer
KillTimer
EnableWindow
IsWindowEnabled
GetSystemMetrics
GetMenu
SetMenu
DrawMenuBar
GetSystemMenu
CreateMenu
CreatePopupMenu
DestroyMenu
EnableMenuItem
GetSubMenu
GetMenuItemCount
RemoveMenu
DeleteMenu
UpdateWindow
SetActiveWindow
GetForegroundWindow
SetForegroundWindow
WindowFromDC
GetDC
GetDCEx
GetWindowDC
ReleaseDC
BeginPaint
EndPaint
GetUpdateRect
SetWindowRgn
InvalidateRect
InvalidateRgn
RedrawWindow
ScrollWindowEx
ShowScrollBar
EnableScrollBar
GetClientRect
GetWindowRect
AdjustWindowRectEx
MessageBeep
SetCursorPos
SetCursor
GetCursorPos
CreateCaret
DestroyCaret
HideCaret
ShowCaret
SetCaretPos
GetCaretPos
ClientToScreen
ScreenToClient
MapWindowPoints
WindowFromPoint
GetSysColor
GetSysColorBrush
SetSysColors
DrawFocusRect
FillRect
FrameRect
SetRect
InflateRect
IntersectRect
OffsetRect
GetDesktopWindow
GetParent
SetParent
EnumThreadWindows
GetTopWindow
GetWindowThreadProcessId
GetLastActivePopup
GetWindow
CallNextHookEx
DestroyCursor
DestroyIcon
CopyImage
CreateIconIndirect
GetIconInfo
SetScrollInfo
GetScrollInfo
DrawEdge
DrawFrameControl
TrackPopupMenuEx
ChildWindowFromPointEx
FlashWindowEx

advapi32

RegCreateKeyExA
RegOpenKeyExA
RegSetValueExA
RegCloseKey
RegFlushKey

gdi32

CreateFontIndirectA
EnumFontFamiliesA
GetCharABCWidthsA
GetTextExtentPointA
GetTextMetricsA
GetObjectA
ExtTextOutA
CreateFontIndirectW
EnumFontFamiliesExW
GetCharABCWidthsW
GetTextExtentPoint32W
GetTextExtentExPointW
GetObjectW
TextOutW
ExtTextOutW
GetRandomRgn
Arc
BitBlt
Chord
CombineRgn
CreateBitmap
CreateBrushIndirect
CreateCompatibleBitmap
CreateCompatibleDC
CreateDIBitmap
CreateEllipticRgn
CreatePen
CreatePenIndirect
CreatePatternBrush
CreateRectRgn
CreateRoundRectRgn
CreateSolidBrush
DeleteDC
DeleteObject
Ellipse
EqualRgn
ExcludeClipRect
ExtCreateRegion
ExtFloodFill
FillRgn
GetROP2
GetBkColor
GetBitmapBits
GetClipBox
GetClipRgn
GetCurrentObject
GetDeviceCaps
GetDIBits
GetMapMode
GetObjectType
GetPixel
GetRegionData
GetRgnBox
GetStockObject
GetTextAlign
GetTextColor
GetViewportExtEx
GetViewportOrgEx
GetWindowExtEx
GetWindowOrgEx
IntersectClipRect
LineTo
MaskBlt
OffsetRgn
PatBlt
Pie
PaintRgn
PtInRegion
RectInRegion
RectVisible
Rectangle
RestoreDC
RealizePalette
RoundRect
SaveDC
SelectClipRgn
ExtSelectClipRgn
SelectObject
SelectPalette
SetBkColor
SetBkMode
SetMapMode
SetPixel
SetPolyFillMode
StretchBlt
SetRectRgn
SetROP2
SetStretchBltMode
SetTextCharacterExtra
SetTextColor
SetTextAlign
CreateDIBSection
SetArcDirection
ExtCreatePen
MoveToEx
CreatePolygonRgn
DPtoLP
LPtoDP
Polygon
Polyline
PolyBezier
SetViewportExtEx
SetViewportOrgEx
SetWindowExtEx
SetWindowOrgEx
OffsetViewportOrgEx
SetBrushOrgEx
GetDCOrgEx

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

shell32

DragQueryFileA
ShellExecuteA
DragQueryFileW
DragFinish
DragAcceptFiles
SHGetSpecialFolderLocation
SHGetPathFromIDListA

ole32

OleInitialize
OleUninitialize
CoUninitialize
CoCreateInstance
CLSIDFromProgID
CoInitialize
MkParseDisplayName
CreateBindCtx
GetErrorInfo

comctl32

InitCommonControls
ImageList_Create
ImageList_Destroy
ImageList_GetImageCount
ImageList_SetImageCount
ImageList_Add
ImageList_Replace
ImageList_AddMasked
ImageList_DrawEx
ImageList_DrawIndirect
ImageList_Remove
ImageList_Copy
ImageList_BeginDrag
ImageList_EndDrag
ImageList_DragEnter
ImageList_DragLeave
ImageList_DragMove
ImageList_DragShowNolock
_TrackMouseEvent

ws2_32

closesocket
connect
getsockopt
recv
send
setsockopt
shutdown
socket
WSAStartup
WSACleanup
WSAGetLastError

wsock32

gethostbyaddr
gethostbyname
WSAStartup

Sections

.text
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 112KB - Virtual size: 111KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 352KB - Virtual size: 351KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 25KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 63KB - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Malware-Feed-master/2020.12.16_TeamCymru-APTC_23_AridViper_GnatSpy/82ad34384fd3b37f85e735a849b033326d8ce907155f5ff2d24318b1616b2950
.exe windows:4 windows x86 arch:x86

6234bde9261b1f0ed0a0b4b15635c81f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

GetLastError
SetLastError
GetTickCount
ExitProcess
GetStartupInfoA
GetStdHandle
GetCommandLineA
GetCurrentProcessId
GetCurrentThreadId
GetCurrentProcess
ReadProcessMemory
GetModuleFileNameA
GetModuleHandleA
WriteFile
ReadFile
CloseHandle
SetFilePointer
SetEndOfFile
FreeLibrary
GetSystemInfo
LoadLibraryA
GetProcAddress
DeleteFileW
CreateFileW
GetFileAttributesW
CreateDirectoryW
SetCurrentDirectoryW
GetCurrentDirectoryW
GetConsoleMode
GetConsoleOutputCP
GetOEMCP
GetProcessHeap
HeapAlloc
HeapFree
TlsAlloc
TlsGetValue
TlsSetValue
CreateThread
ExitThread
LocalAlloc
LocalFree
Sleep
SuspendThread
ResumeThread
TerminateThread
WaitForSingleObject
SetThreadPriority
GetThreadPriority
CreateEventA
ResetEvent
SetEvent
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
TryEnterCriticalSection
MultiByteToWideChar
WideCharToMultiByte
GetACP
GetConsoleCP
SetUnhandledExceptionFilter
EnumResourceTypesA
EnumResourceNamesA
EnumResourceLanguagesA
FindResourceA
FindResourceExA
LoadResource
SizeofResource
LockResource
FreeResource
GetEnvironmentStringsA
FreeEnvironmentStringsA
FormatMessageA
GlobalAddAtomA
GetWindowsDirectoryA
DeleteFileA
CopyFileA
CreateProcessA
GetVersionExA
CompareStringA
GetLocaleInfoA
GetDateFormatA
EnumCalendarInfoA
GetEnvironmentStringsW
FreeEnvironmentStringsW
FormatMessageW
LoadLibraryW
GetModuleFileNameW
GetCommandLineW
CompareStringW
GetLocaleInfoW
GlobalAlloc
GlobalReAlloc
GlobalSize
GlobalLock
GlobalUnlock
VirtualFree
GetExitCodeProcess
GetExitCodeThread
GlobalDeleteAtom
MulDiv
GetLocalTime
CreatePipe
PeekNamedPipe
GetThreadLocale
SetThreadLocale
GetUserDefaultLCID

oleaut32

SysAllocStringLen
SysFreeString
SysReAllocStringLen
SafeArrayCreate
SafeArrayRedim
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayAccessData
SafeArrayUnaccessData
SafeArrayGetElement
SafeArrayPutElement
SafeArrayPtrOfIndex
VariantChangeTypeEx
VariantClear
VariantCopy
VariantInit

user32

MessageBoxA
CharUpperBuffW
CharLowerBuffW
PeekMessageA
SendMessageA
PostMessageA
DefWindowProcA
CallWindowProcA
RegisterClassA
UnregisterClassA
GetClassInfoA
CreateWindowExA
RegisterClipboardFormatA
GetClipboardFormatNameA
CharToOemA
CharUpperA
CharUpperBuffA
CharLowerA
CharLowerBuffA
GetMenuItemInfoA
SetPropA
GetPropA
RemovePropA
EnumPropsA
GetWindowLongA
SetWindowLongA
SetClassLongA
GetClassNameA
LoadBitmapA
LoadCursorA
LoadIconA
LoadImageA
SystemParametersInfoA
DispatchMessageW
PeekMessageW
SendMessageW
DefWindowProcW
CallWindowProcW
RegisterClassW
UnregisterClassW
GetClassInfoW
CreateWindowExW
InsertMenuItemW
GetMenuItemInfoW
SetMenuItemInfoW
DrawTextW
DrawStateW
SetWindowTextW
GetWindowTextW
GetWindowTextLengthW
MessageBoxW
GetWindowLongW
SetWindowLongW
TranslateMessage
PostQuitMessage
GetDoubleClickTime
IsWindow
IsMenu
DestroyWindow
ShowWindow
ShowWindowAsync
ShowOwnedPopups
SetWindowPos
GetWindowPlacement
SetWindowPlacement
BeginDeferWindowPos
DeferWindowPos
EndDeferWindowPos
IsWindowVisible
IsIconic
BringWindowToTop
IsZoomed
OpenClipboard
CloseClipboard
SetClipboardData
GetClipboardData
CountClipboardFormats
EnumClipboardFormats
EmptyClipboard
IsClipboardFormatAvailable
SetFocus
GetActiveWindow
GetFocus
GetKeyState
GetCapture
SetCapture
ReleaseCapture
MsgWaitForMultipleObjects
SetTimer
KillTimer
EnableWindow
IsWindowEnabled
GetSystemMetrics
GetMenu
SetMenu
DrawMenuBar
GetSystemMenu
CreateMenu
CreatePopupMenu
DestroyMenu
EnableMenuItem
GetSubMenu
GetMenuItemCount
RemoveMenu
DeleteMenu
UpdateWindow
SetActiveWindow
GetForegroundWindow
SetForegroundWindow
WindowFromDC
GetDC
GetDCEx
GetWindowDC
ReleaseDC
BeginPaint
EndPaint
GetUpdateRect
SetWindowRgn
InvalidateRect
InvalidateRgn
RedrawWindow
ScrollWindowEx
ShowScrollBar
EnableScrollBar
GetClientRect
GetWindowRect
AdjustWindowRectEx
MessageBeep
SetCursorPos
SetCursor
GetCursorPos
CreateCaret
DestroyCaret
HideCaret
ShowCaret
SetCaretPos
GetCaretPos
ClientToScreen
ScreenToClient
MapWindowPoints
WindowFromPoint
GetSysColor
GetSysColorBrush
SetSysColors
DrawFocusRect
FillRect
FrameRect
SetRect
InflateRect
IntersectRect
OffsetRect
GetDesktopWindow
GetParent
SetParent
EnumThreadWindows
GetTopWindow
GetWindowThreadProcessId
GetLastActivePopup
GetWindow
CallNextHookEx
DestroyCursor
DestroyIcon
CopyImage
CreateIconIndirect
GetIconInfo
SetScrollInfo
GetScrollInfo
DrawEdge
DrawFrameControl
TrackPopupMenuEx
ChildWindowFromPointEx
FlashWindowEx

advapi32

RegCreateKeyExA
RegOpenKeyExA
RegSetValueExA
RegCloseKey
RegFlushKey

gdi32

CreateFontIndirectA
EnumFontFamiliesA
GetCharABCWidthsA
GetTextExtentPointA
GetTextMetricsA
GetObjectA
ExtTextOutA
CreateFontIndirectW
EnumFontFamiliesExW
GetCharABCWidthsW
GetTextExtentPoint32W
GetTextExtentExPointW
GetObjectW
TextOutW
ExtTextOutW
GetRandomRgn
Arc
BitBlt
Chord
CombineRgn
CreateBitmap
CreateBrushIndirect
CreateCompatibleBitmap
CreateCompatibleDC
CreateDIBitmap
CreateEllipticRgn
CreatePen
CreatePenIndirect
CreatePatternBrush
CreateRectRgn
CreateRoundRectRgn
CreateSolidBrush
DeleteDC
DeleteObject
Ellipse
EqualRgn
ExcludeClipRect
ExtCreateRegion
ExtFloodFill
FillRgn
GetROP2
GetBkColor
GetBitmapBits
GetClipBox
GetClipRgn
GetCurrentObject
GetDeviceCaps
GetDIBits
GetMapMode
GetObjectType
GetPixel
GetRegionData
GetRgnBox
GetStockObject
GetTextAlign
GetTextColor
GetViewportExtEx
GetViewportOrgEx
GetWindowExtEx
GetWindowOrgEx
IntersectClipRect
LineTo
MaskBlt
OffsetRgn
PatBlt
Pie
PaintRgn
PtInRegion
RectInRegion
RectVisible
Rectangle
RestoreDC
RealizePalette
RoundRect
SaveDC
SelectClipRgn
ExtSelectClipRgn
SelectObject
SelectPalette
SetBkColor
SetBkMode
SetMapMode
SetPixel
SetPolyFillMode
StretchBlt
SetRectRgn
SetROP2
SetStretchBltMode
SetTextCharacterExtra
SetTextColor
SetTextAlign
CreateDIBSection
SetArcDirection
ExtCreatePen
MoveToEx
CreatePolygonRgn
DPtoLP
LPtoDP
Polygon
Polyline
PolyBezier
SetViewportExtEx
SetViewportOrgEx
SetWindowExtEx
SetWindowOrgEx
OffsetViewportOrgEx
SetBrushOrgEx
GetDCOrgEx

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

shell32

DragQueryFileA
ShellExecuteA
DragQueryFileW
DragFinish
DragAcceptFiles
SHGetSpecialFolderLocation
SHGetPathFromIDListA

ole32

OleInitialize
OleUninitialize
CoUninitialize
CoCreateInstance
CLSIDFromProgID
CoInitialize
MkParseDisplayName
CreateBindCtx
GetErrorInfo

comctl32

InitCommonControls
ImageList_Create
ImageList_Destroy
ImageList_GetImageCount
ImageList_SetImageCount
ImageList_Add
ImageList_Replace
ImageList_AddMasked
ImageList_DrawEx
ImageList_DrawIndirect
ImageList_Remove
ImageList_Copy
ImageList_BeginDrag
ImageList_EndDrag
ImageList_DragEnter
ImageList_DragLeave
ImageList_DragMove
ImageList_DragShowNolock
_TrackMouseEvent

ws2_32

closesocket
connect
getsockopt
recv
send
setsockopt
shutdown
socket
WSAStartup
WSACleanup
WSAGetLastError

wsock32

gethostbyaddr
gethostbyname
WSAStartup

Sections

.text
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 112KB - Virtual size: 111KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 352KB - Virtual size: 352KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 25KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 534KB - Virtual size: 533KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Malware-Feed-master/2020.12.16_TeamCymru-APTC_23_AridViper_GnatSpy/83e0db0fa3feaf911a18c1e2076cc40ba17a185e61623a9759991deeca551d8b
.exe windows:4 windows x86 arch:x86

51e53e55ec7d8af56797a171159d5535

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

GetLastError
SetLastError
GetTickCount
ExitProcess
GetStartupInfoA
GetStdHandle
GetCommandLineA
GetCurrentProcessId
GetCurrentThreadId
GetCurrentProcess
ReadProcessMemory
GetModuleFileNameA
GetModuleHandleA
WriteFile
ReadFile
CloseHandle
SetFilePointer
SetEndOfFile
FreeLibrary
GetSystemInfo
LoadLibraryA
GetProcAddress
DeleteFileW
CreateFileW
GetFileAttributesW
CreateDirectoryW
SetCurrentDirectoryW
GetCurrentDirectoryW
GetConsoleMode
GetConsoleOutputCP
GetOEMCP
GetProcessHeap
HeapAlloc
HeapFree
TlsAlloc
TlsGetValue
TlsSetValue
CreateThread
ExitThread
LocalAlloc
LocalFree
Sleep
SuspendThread
ResumeThread
TerminateThread
WaitForSingleObject
SetThreadPriority
GetThreadPriority
CreateEventA
ResetEvent
SetEvent
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
TryEnterCriticalSection
MultiByteToWideChar
WideCharToMultiByte
GetACP
GetConsoleCP
SetUnhandledExceptionFilter
EnumResourceTypesA
EnumResourceNamesA
EnumResourceLanguagesA
FindResourceA
FindResourceExA
LoadResource
SizeofResource
LockResource
FreeResource
GetEnvironmentStringsA
FreeEnvironmentStringsA
FormatMessageA
CreateMutexA
GlobalAddAtomA
GetWindowsDirectoryA
DeleteFileA
CopyFileA
CreateProcessA
GetVersionExA
CompareStringA
GetLocaleInfoA
GetDateFormatA
EnumCalendarInfoA
GetEnvironmentStringsW
FreeEnvironmentStringsW
FormatMessageW
LoadLibraryW
GetModuleFileNameW
GetCommandLineW
CompareStringW
GetLocaleInfoW
GlobalAlloc
GlobalReAlloc
GlobalSize
GlobalLock
GlobalUnlock
VirtualFree
GetExitCodeProcess
GetExitCodeThread
GlobalDeleteAtom
MulDiv
GetLocalTime
CreatePipe
PeekNamedPipe
GetThreadLocale
SetThreadLocale
GetUserDefaultLCID

oleaut32

SysAllocStringLen
SysFreeString
SysReAllocStringLen
SafeArrayCreate
SafeArrayRedim
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayAccessData
SafeArrayUnaccessData
SafeArrayGetElement
SafeArrayPutElement
SafeArrayPtrOfIndex
VariantChangeTypeEx
VariantClear
VariantCopy
VariantInit

user32

MessageBoxA
CharUpperBuffW
CharLowerBuffW
PeekMessageA
SendMessageA
PostMessageA
DefWindowProcA
CallWindowProcA
RegisterClassA
UnregisterClassA
GetClassInfoA
CreateWindowExA
RegisterClipboardFormatA
GetClipboardFormatNameA
CharToOemA
CharUpperA
CharUpperBuffA
CharLowerA
CharLowerBuffA
GetMenuItemInfoA
SetPropA
GetPropA
RemovePropA
EnumPropsA
GetWindowLongA
SetWindowLongA
SetClassLongA
GetClassNameA
LoadBitmapA
LoadCursorA
LoadIconA
LoadImageA
SystemParametersInfoA
DispatchMessageW
PeekMessageW
SendMessageW
DefWindowProcW
CallWindowProcW
RegisterClassW
UnregisterClassW
GetClassInfoW
CreateWindowExW
InsertMenuItemW
GetMenuItemInfoW
SetMenuItemInfoW
DrawTextW
DrawStateW
SetWindowTextW
GetWindowTextW
GetWindowTextLengthW
MessageBoxW
GetWindowLongW
SetWindowLongW
TranslateMessage
PostQuitMessage
GetDoubleClickTime
IsWindow
IsMenu
DestroyWindow
ShowWindow
ShowWindowAsync
ShowOwnedPopups
SetWindowPos
GetWindowPlacement
SetWindowPlacement
BeginDeferWindowPos
DeferWindowPos
EndDeferWindowPos
IsWindowVisible
IsIconic
BringWindowToTop
IsZoomed
OpenClipboard
CloseClipboard
SetClipboardData
GetClipboardData
CountClipboardFormats
EnumClipboardFormats
EmptyClipboard
IsClipboardFormatAvailable
SetFocus
GetActiveWindow
GetFocus
GetKeyState
GetCapture
SetCapture
ReleaseCapture
MsgWaitForMultipleObjects
SetTimer
KillTimer
EnableWindow
IsWindowEnabled
GetSystemMetrics
GetMenu
SetMenu
DrawMenuBar
GetSystemMenu
CreateMenu
CreatePopupMenu
DestroyMenu
EnableMenuItem
GetSubMenu
GetMenuItemCount
RemoveMenu
DeleteMenu
UpdateWindow
SetActiveWindow
GetForegroundWindow
SetForegroundWindow
WindowFromDC
GetDC
GetDCEx
GetWindowDC
ReleaseDC
BeginPaint
EndPaint
GetUpdateRect
SetWindowRgn
InvalidateRect
InvalidateRgn
RedrawWindow
ScrollWindowEx
ShowScrollBar
EnableScrollBar
GetClientRect
GetWindowRect
AdjustWindowRectEx
MessageBeep
SetCursorPos
SetCursor
GetCursorPos
CreateCaret
DestroyCaret
HideCaret
ShowCaret
SetCaretPos
GetCaretPos
ClientToScreen
ScreenToClient
MapWindowPoints
WindowFromPoint
GetSysColor
GetSysColorBrush
SetSysColors
DrawFocusRect
FillRect
FrameRect
SetRect
InflateRect
IntersectRect
OffsetRect
GetDesktopWindow
GetParent
SetParent
EnumThreadWindows
GetTopWindow
GetWindowThreadProcessId
GetLastActivePopup
GetWindow
CallNextHookEx
DestroyCursor
DestroyIcon
CopyImage
CreateIconIndirect
GetIconInfo
SetScrollInfo
GetScrollInfo
DrawEdge
DrawFrameControl
TrackPopupMenuEx
ChildWindowFromPointEx
FlashWindowEx

advapi32

RegCreateKeyExA
RegOpenKeyExA
RegSetValueExA
RegCloseKey
RegFlushKey

gdi32

CreateFontIndirectA
EnumFontFamiliesA
GetCharABCWidthsA
GetTextExtentPointA
GetTextMetricsA
GetObjectA
ExtTextOutA
CreateFontIndirectW
EnumFontFamiliesExW
GetCharABCWidthsW
GetTextExtentPoint32W
GetTextExtentExPointW
GetObjectW
TextOutW
ExtTextOutW
GetRandomRgn
Arc
BitBlt
Chord
CombineRgn
CreateBitmap
CreateBrushIndirect
CreateCompatibleBitmap
CreateCompatibleDC
CreateDIBitmap
CreateEllipticRgn
CreatePen
CreatePenIndirect
CreatePatternBrush
CreateRectRgn
CreateRoundRectRgn
CreateSolidBrush
DeleteDC
DeleteObject
Ellipse
EqualRgn
ExcludeClipRect
ExtCreateRegion
ExtFloodFill
FillRgn
GetROP2
GetBkColor
GetBitmapBits
GetClipBox
GetClipRgn
GetCurrentObject
GetDeviceCaps
GetDIBits
GetMapMode
GetObjectType
GetPixel
GetRegionData
GetRgnBox
GetStockObject
GetTextAlign
GetTextColor
GetViewportExtEx
GetViewportOrgEx
GetWindowExtEx
GetWindowOrgEx
IntersectClipRect
LineTo
MaskBlt
OffsetRgn
PatBlt
Pie
PaintRgn
PtInRegion
RectInRegion
RectVisible
Rectangle
RestoreDC
RealizePalette
RoundRect
SaveDC
SelectClipRgn
ExtSelectClipRgn
SelectObject
SelectPalette
SetBkColor
SetBkMode
SetMapMode
SetPixel
SetPolyFillMode
StretchBlt
SetRectRgn
SetROP2
SetStretchBltMode
SetTextCharacterExtra
SetTextColor
SetTextAlign
CreateDIBSection
SetArcDirection
ExtCreatePen
MoveToEx
CreatePolygonRgn
DPtoLP
LPtoDP
Polygon
Polyline
PolyBezier
SetViewportExtEx
SetViewportOrgEx
SetWindowExtEx
SetWindowOrgEx
OffsetViewportOrgEx
SetBrushOrgEx
GetDCOrgEx

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

shell32

DragQueryFileA
ShellExecuteA
DragQueryFileW
DragFinish
DragAcceptFiles
SHGetSpecialFolderLocation
SHGetPathFromIDListA

ole32

OleInitialize
OleUninitialize
CoUninitialize
CoCreateInstance
CoInitialize
MkParseDisplayName
CreateBindCtx
GetErrorInfo

comctl32

InitCommonControls
ImageList_Create
ImageList_Destroy
ImageList_GetImageCount
ImageList_SetImageCount
ImageList_Add
ImageList_Replace
ImageList_AddMasked
ImageList_DrawEx
ImageList_DrawIndirect
ImageList_Remove
ImageList_Copy
ImageList_BeginDrag
ImageList_EndDrag
ImageList_DragEnter
ImageList_DragLeave
ImageList_DragMove
ImageList_DragShowNolock
_TrackMouseEvent

ws2_32

closesocket
connect
getsockopt
recv
send
setsockopt
shutdown
socket
WSAStartup
WSACleanup
WSAGetLastError

wsock32

gethostbyaddr
gethostbyname
WSAStartup

Sections

.text
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 112KB - Virtual size: 111KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 351KB - Virtual size: 351KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 25KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 201KB - Virtual size: 201KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Malware-Feed-master/2020.12.16_TeamCymru-APTC_23_AridViper_GnatSpy/9c1ebd6f1800194b29720f626d51bf8f67310c4c59e67cd12e398dde234872ca
.exe windows:5 windows x86 arch:x86

f67f9bec9bab7d6ef1ebca8702edae6b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

winspool.drv

DocumentPropertiesW
ClosePrinter
OpenPrinterW
GetDefaultPrinterW
EnumPrintersW

comctl32

ImageList_GetImageInfo
FlatSB_SetScrollInfo
InitCommonControls
ImageList_DragMove
ImageList_Destroy
_TrackMouseEvent
ImageList_DragShowNolock
ImageList_Add
FlatSB_SetScrollProp
ImageList_GetDragImage
ImageList_Create
ImageList_EndDrag
ImageList_DrawEx
ImageList_SetImageCount
FlatSB_GetScrollPos
FlatSB_SetScrollPos
InitializeFlatSB
ImageList_Copy
FlatSB_GetScrollInfo
ImageList_Write
ImageList_SetBkColor
ImageList_GetBkColor
ImageList_BeginDrag
ImageList_GetIcon
ImageList_Replace
ImageList_GetImageCount
ImageList_DragEnter
ImageList_GetIconSize
ImageList_SetIconSize
ImageList_Read
ImageList_DragLeave
ImageList_LoadImageW
ImageList_Draw
ImageList_Remove
ImageList_ReplaceIcon
ImageList_SetOverlayImage

shell32

SHGetSpecialFolderLocation
Shell_NotifyIconW
ShellExecuteW
SHGetPathFromIDListW

user32

CopyImage
CreateWindowExW
GetMenuItemInfoW
SetMenuItemInfoW
DefFrameProcW
GetDCEx
PeekMessageW
MonitorFromWindow
GetDlgCtrlID
SetTimer
WindowFromPoint
BeginPaint
RegisterClipboardFormatW
FrameRect
MapVirtualKeyW
IsWindowUnicode
RegisterWindowMessageW
FillRect
GetMenuStringW
DispatchMessageW
CreateAcceleratorTableW
SendMessageA
DefMDIChildProcW
EnumWindows
GetClassInfoW
ShowOwnedPopups
GetSystemMenu
GetScrollRange
SetScrollPos
GetScrollPos
GetActiveWindow
SetActiveWindow
DrawEdge
GetKeyboardLayoutList
LoadBitmapW
DrawFocusRect
EnumChildWindows
GetScrollBarInfo
ReleaseCapture
UnhookWindowsHookEx
LoadCursorW
GetCapture
SetCapture
CreatePopupMenu
ScrollWindow
ShowCaret
GetMenuItemID
GetLastActivePopup
CharLowerBuffW
GetSystemMetrics
SetWindowLongW
PostMessageW
DrawMenuBar
SetParent
IsZoomed
CharUpperBuffW
GetClientRect
IsChild
ClientToScreen
GetClipboardData
SetClipboardData
SetWindowPlacement
IsIconic
CallNextHookEx
GetMonitorInfoW
ShowWindow
CheckMenuItem
CharUpperW
DefWindowProcW
GetForegroundWindow
SetForegroundWindow
GetWindowTextW
EnableWindow
DestroyWindow
IsDialogMessageW
EndMenu
RegisterClassW
CharNextW
GetWindowThreadProcessId
RedrawWindow
GetDC
GetFocus
SetFocus
EndPaint
ReleaseDC
MsgWaitForMultipleObjectsEx
LoadKeyboardLayoutW
GetClassLongW
ActivateKeyboardLayout
GetParent
DrawTextW
SetScrollRange
MonitorFromRect
InsertMenuItemW
PeekMessageA
GetPropW
SetClassLongW
MessageBoxW
MessageBeep
SetPropW
RemovePropW
UpdateWindow
GetSubMenu
MsgWaitForMultipleObjects
DestroyMenu
DestroyIcon
SetWindowsHookExW
EmptyClipboard
IsWindowVisible
DispatchMessageA
UnregisterClassW
GetTopWindow
SendMessageW
AdjustWindowRectEx
DrawIcon
IsWindow
EnumThreadWindows
InvalidateRect
GetKeyboardState
DrawFrameControl
ScreenToClient
SetCursor
CreateIcon
CreateMenu
LoadStringW
CharLowerW
SetWindowRgn
SetWindowPos
GetMenuItemCount
RemoveMenu
GetSysColorBrush
GetKeyboardLayoutNameW
GetWindowDC
TranslateMessage
OpenClipboard
DrawTextExW
MapWindowPoints
EnumDisplayMonitors
CallWindowProcW
CloseClipboard
DestroyCursor
GetScrollInfo
SetWindowTextW
GetMessageExtraInfo
EnableScrollBar
GetSysColor
TrackPopupMenu
CopyIcon
DrawIconEx
PostQuitMessage
GetClassNameW
ShowScrollBar
EnableMenuItem
GetIconInfo
GetMessagePos
SetScrollInfo
GetKeyNameTextW
GetDesktopWindow
GetCursorPos
SetCursorPos
HideCaret
GetMenu
GetMenuState
SetMenu
SetRect
GetKeyState
FindWindowExW
MonitorFromPoint
SystemParametersInfoW
LoadIconW
GetCursor
GetWindow
GetWindowLongW
GetWindowRect
InsertMenuW
KillTimer
WaitMessage
IsWindowEnabled
IsDialogMessageA
TranslateMDISysAccel
GetWindowPlacement
CreateIconIndirect
FindWindowW
DeleteMenu
GetKeyboardLayout

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

oleaut32

GetErrorInfo
SysFreeString
VariantClear
VariantInit
SysReAllocStringLen
SafeArrayCreate
SafeArrayGetElement
SysAllocStringLen
SafeArrayPtrOfIndex
SafeArrayGetUBound
SafeArrayGetLBound
VariantCopy
VariantChangeType

advapi32

RegSetValueExW
RegConnectRegistryW
RegEnumKeyExW
RegLoadKeyW
RegDeleteKeyW
RegOpenKeyExW
RegQueryInfoKeyW
RegUnLoadKeyW
RegSaveKeyW
RegDeleteValueW
RegReplaceKeyW
RegFlushKey
RegQueryValueExW
RegEnumValueW
RegCloseKey
RegCreateKeyExW
RegRestoreKeyW

netapi32

NetWkstaGetInfo
NetApiBufferFree

msvcrt

memcpy
memset

winhttp

WinHttpGetIEProxyConfigForCurrentUser
WinHttpSetTimeouts
WinHttpSetStatusCallback
WinHttpConnect
WinHttpReceiveResponse
WinHttpQueryAuthSchemes
WinHttpGetProxyForUrl
WinHttpReadData
WinHttpCloseHandle
WinHttpQueryHeaders
WinHttpOpenRequest
WinHttpAddRequestHeaders
WinHttpOpen
WinHttpWriteData
WinHttpSetCredentials
WinHttpQueryDataAvailable
WinHttpSetOption
WinHttpSendRequest
WinHttpQueryOption

kernel32

GetFileType
GetACP
CloseHandle
LocalFree
GetCurrentProcessId
SizeofResource
VirtualProtect
TerminateThread
QueryPerformanceFrequency
IsDebuggerPresent
GetFullPathNameW
VirtualFree
ExitProcess
HeapAlloc
GetCPInfoExW
GetLongPathNameW
RtlUnwind
GetCPInfo
EnumSystemLocalesW
GetStdHandle
GetTimeZoneInformation
GetModuleHandleW
FreeLibrary
TryEnterCriticalSection
HeapDestroy
ReadFile
CreateProcessW
GetLastError
GetModuleFileNameW
SetLastError
GlobalAlloc
GlobalUnlock
FindResourceW
CreateThread
CompareStringW
CreateMutexW
LoadLibraryA
ResetEvent
MulDiv
FreeResource
GetVersion
RaiseException
MoveFileW
GlobalAddAtomW
FormatMessageW
SwitchToThread
GetExitCodeThread
GetCurrentThread
LoadLibraryExW
LockResource
FileTimeToSystemTime
GetCurrentThreadId
UnhandledExceptionFilter
VirtualQuery
GlobalFindAtomW
VirtualQueryEx
GlobalFree
Sleep
EnterCriticalSection
SetFilePointer
LoadResource
SuspendThread
GetTickCount
GetTempFileNameW
GetFileSize
GetStartupInfoW
GlobalDeleteAtom
GetFileAttributesW
InitializeCriticalSection
GetThreadPriority
GetCurrentProcess
SetThreadPriority
GlobalLock
VirtualAlloc
GetTempPathW
GetCommandLineW
GetSystemInfo
LeaveCriticalSection
GetProcAddress
ResumeThread
GetVersionExW
VerifyVersionInfoW
HeapCreate
LCMapStringW
GetDiskFreeSpaceW
VerSetConditionMask
FindFirstFileW
GetUserDefaultUILanguage
GetConsoleOutputCP
GetConsoleCP
lstrlenW
SetEndOfFile
QueryPerformanceCounter
HeapFree
WideCharToMultiByte
FindClose
MultiByteToWideChar
LoadLibraryW
SetEvent
GetLocaleInfoW
CreateFileW
EnumResourceNamesW
DeleteFileW
IsDBCSLeadByteEx
GetEnvironmentVariableW
GetLocalTime
WaitForSingleObject
WriteFile
ExitThread
CreatePipe
DeleteCriticalSection
GetDateFormatW
TlsGetValue
SetErrorMode
IsValidLocale
TlsSetValue
CreateDirectoryW
GetSystemDefaultUILanguage
EnumCalendarInfoW
LocalAlloc
RemoveDirectoryW
CreateEventW
WaitForMultipleObjectsEx
GetThreadLocale
SetThreadLocale

shfolder

SHGetFolderPathW

ole32

CreateBindCtx
MkParseDisplayName
CoCreateInstance
CoUninitialize
IsEqualGUID
OleInitialize
CLSIDFromProgID
OleUninitialize
CoInitialize
CoTaskMemFree
CoTaskMemAlloc
StringFromCLSID

gdi32

Pie
SetBkMode
CreateCompatibleBitmap
GetEnhMetaFileHeader
RectVisible
AngleArc
SetAbortProc
SetTextColor
StretchBlt
RoundRect
RestoreDC
SetRectRgn
GetTextMetricsW
GetWindowOrgEx
CreatePalette
PolyBezierTo
CreateICW
CreateDCW
GetStockObject
CreateSolidBrush
Polygon
MoveToEx
PlayEnhMetaFile
Ellipse
StartPage
GetBitmapBits
StartDocW
GetSystemPaletteEntries
GetEnhMetaFileBits
AbortDoc
GetEnhMetaFilePaletteEntries
CreatePenIndirect
CreateFontIndirectW
PolyBezier
EndDoc
GetObjectW
GetWinMetaFileBits
SetROP2
GetEnhMetaFileDescriptionW
ArcTo
Arc
SelectPalette
ExcludeClipRect
MaskBlt
SetWindowOrgEx
EndPage
DeleteEnhMetaFile
Chord
SetDIBits
SetViewportOrgEx
CreateRectRgn
RealizePalette
SetDIBColorTable
GetDIBColorTable
CreateBrushIndirect
PatBlt
SetEnhMetaFileBits
Rectangle
SaveDC
DeleteDC
FrameRgn
BitBlt
GetDeviceCaps
GetTextExtentPoint32W
GetClipBox
IntersectClipRect
Polyline
CreateBitmap
SetWinMetaFileBits
GetStretchBltMode
CreateDIBitmap
SetStretchBltMode
GetDIBits
CreateDIBSection
LineTo
GetRgnBox
EnumFontsW
CreateHalftonePalette
SelectObject
DeleteObject
ExtFloodFill
UnrealizeObject
CopyEnhMetaFileW
SetBkColor
CreateCompatibleDC
GetBrushOrgEx
GetCurrentPositionEx
GetTextExtentPointW
ExtTextOutW
SetBrushOrgEx
GetPixel
GdiFlush
SetPixel
EnumFontFamiliesExW
StretchDIBits
GetPaletteEntries

Exports

Exports

TMethodImplementationIntercept
__dbk_fcall_wrapper
dbkFCallWrapperAddr

Sections

.text
Size: 2.9MB - Virtual size: 2.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 35KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 26KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.didata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 154B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: - Virtual size: 92B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 93B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 256KB - Virtual size: 255KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 152KB - Virtual size: 152KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.12.16_TeamCymru-APTC_23_AridViper_GnatSpy/README.md
Malware-Feed-master/2020.12.16_TeamCymru-APTC_23_AridViper_GnatSpy/a6f4a0400fc7eee60610c0e113802d5aa544d462d2141b93203a0f9f380f0a16
.exe windows:5 windows x86 arch:x86

f67f9bec9bab7d6ef1ebca8702edae6b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

winspool.drv

DocumentPropertiesW
ClosePrinter
OpenPrinterW
GetDefaultPrinterW
EnumPrintersW

comctl32

ImageList_GetImageInfo
FlatSB_SetScrollInfo
InitCommonControls
ImageList_DragMove
ImageList_Destroy
_TrackMouseEvent
ImageList_DragShowNolock
ImageList_Add
FlatSB_SetScrollProp
ImageList_GetDragImage
ImageList_Create
ImageList_EndDrag
ImageList_DrawEx
ImageList_SetImageCount
FlatSB_GetScrollPos
FlatSB_SetScrollPos
InitializeFlatSB
ImageList_Copy
FlatSB_GetScrollInfo
ImageList_Write
ImageList_SetBkColor
ImageList_GetBkColor
ImageList_BeginDrag
ImageList_GetIcon
ImageList_Replace
ImageList_GetImageCount
ImageList_DragEnter
ImageList_GetIconSize
ImageList_SetIconSize
ImageList_Read
ImageList_DragLeave
ImageList_LoadImageW
ImageList_Draw
ImageList_Remove
ImageList_ReplaceIcon
ImageList_SetOverlayImage

shell32

SHGetSpecialFolderLocation
Shell_NotifyIconW
ShellExecuteW
SHGetPathFromIDListW

user32

CopyImage
CreateWindowExW
GetMenuItemInfoW
SetMenuItemInfoW
DefFrameProcW
GetDCEx
PeekMessageW
MonitorFromWindow
GetDlgCtrlID
SetTimer
WindowFromPoint
BeginPaint
RegisterClipboardFormatW
FrameRect
MapVirtualKeyW
IsWindowUnicode
RegisterWindowMessageW
FillRect
GetMenuStringW
DispatchMessageW
CreateAcceleratorTableW
SendMessageA
DefMDIChildProcW
EnumWindows
GetClassInfoW
ShowOwnedPopups
GetSystemMenu
GetScrollRange
SetScrollPos
GetScrollPos
GetActiveWindow
SetActiveWindow
DrawEdge
GetKeyboardLayoutList
LoadBitmapW
DrawFocusRect
EnumChildWindows
GetScrollBarInfo
ReleaseCapture
UnhookWindowsHookEx
LoadCursorW
GetCapture
SetCapture
CreatePopupMenu
ScrollWindow
ShowCaret
GetMenuItemID
GetLastActivePopup
CharLowerBuffW
GetSystemMetrics
SetWindowLongW
PostMessageW
DrawMenuBar
SetParent
IsZoomed
CharUpperBuffW
GetClientRect
IsChild
ClientToScreen
GetClipboardData
SetClipboardData
SetWindowPlacement
IsIconic
CallNextHookEx
GetMonitorInfoW
ShowWindow
CheckMenuItem
CharUpperW
DefWindowProcW
GetForegroundWindow
SetForegroundWindow
GetWindowTextW
EnableWindow
DestroyWindow
IsDialogMessageW
EndMenu
RegisterClassW
CharNextW
GetWindowThreadProcessId
RedrawWindow
GetDC
GetFocus
SetFocus
EndPaint
ReleaseDC
MsgWaitForMultipleObjectsEx
LoadKeyboardLayoutW
GetClassLongW
ActivateKeyboardLayout
GetParent
DrawTextW
SetScrollRange
MonitorFromRect
InsertMenuItemW
PeekMessageA
GetPropW
SetClassLongW
MessageBoxW
MessageBeep
SetPropW
RemovePropW
UpdateWindow
GetSubMenu
MsgWaitForMultipleObjects
DestroyMenu
DestroyIcon
SetWindowsHookExW
EmptyClipboard
IsWindowVisible
DispatchMessageA
UnregisterClassW
GetTopWindow
SendMessageW
AdjustWindowRectEx
DrawIcon
IsWindow
EnumThreadWindows
InvalidateRect
GetKeyboardState
DrawFrameControl
ScreenToClient
SetCursor
CreateIcon
CreateMenu
LoadStringW
CharLowerW
SetWindowRgn
SetWindowPos
GetMenuItemCount
RemoveMenu
GetSysColorBrush
GetKeyboardLayoutNameW
GetWindowDC
TranslateMessage
OpenClipboard
DrawTextExW
MapWindowPoints
EnumDisplayMonitors
CallWindowProcW
CloseClipboard
DestroyCursor
GetScrollInfo
SetWindowTextW
GetMessageExtraInfo
EnableScrollBar
GetSysColor
TrackPopupMenu
CopyIcon
DrawIconEx
PostQuitMessage
GetClassNameW
ShowScrollBar
EnableMenuItem
GetIconInfo
GetMessagePos
SetScrollInfo
GetKeyNameTextW
GetDesktopWindow
GetCursorPos
SetCursorPos
HideCaret
GetMenu
GetMenuState
SetMenu
SetRect
GetKeyState
FindWindowExW
MonitorFromPoint
SystemParametersInfoW
LoadIconW
GetCursor
GetWindow
GetWindowLongW
GetWindowRect
InsertMenuW
KillTimer
WaitMessage
IsWindowEnabled
IsDialogMessageA
TranslateMDISysAccel
GetWindowPlacement
CreateIconIndirect
FindWindowW
DeleteMenu
GetKeyboardLayout

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

oleaut32

GetErrorInfo
SysFreeString
VariantClear
VariantInit
SysReAllocStringLen
SafeArrayCreate
SafeArrayGetElement
SysAllocStringLen
SafeArrayPtrOfIndex
SafeArrayGetUBound
SafeArrayGetLBound
VariantCopy
VariantChangeType

advapi32

RegSetValueExW
RegConnectRegistryW
RegEnumKeyExW
RegLoadKeyW
RegDeleteKeyW
RegOpenKeyExW
RegQueryInfoKeyW
RegUnLoadKeyW
RegSaveKeyW
RegDeleteValueW
RegReplaceKeyW
RegFlushKey
RegQueryValueExW
RegEnumValueW
RegCloseKey
RegCreateKeyExW
RegRestoreKeyW

netapi32

NetWkstaGetInfo
NetApiBufferFree

msvcrt

memcpy
memset

winhttp

WinHttpGetIEProxyConfigForCurrentUser
WinHttpSetTimeouts
WinHttpSetStatusCallback
WinHttpConnect
WinHttpReceiveResponse
WinHttpQueryAuthSchemes
WinHttpGetProxyForUrl
WinHttpReadData
WinHttpCloseHandle
WinHttpQueryHeaders
WinHttpOpenRequest
WinHttpAddRequestHeaders
WinHttpOpen
WinHttpWriteData
WinHttpSetCredentials
WinHttpQueryDataAvailable
WinHttpSetOption
WinHttpSendRequest
WinHttpQueryOption

kernel32

GetFileType
GetACP
CloseHandle
LocalFree
GetCurrentProcessId
SizeofResource
VirtualProtect
TerminateThread
QueryPerformanceFrequency
IsDebuggerPresent
GetFullPathNameW
VirtualFree
ExitProcess
HeapAlloc
GetCPInfoExW
GetLongPathNameW
RtlUnwind
GetCPInfo
EnumSystemLocalesW
GetStdHandle
GetTimeZoneInformation
GetModuleHandleW
FreeLibrary
TryEnterCriticalSection
HeapDestroy
ReadFile
CreateProcessW
GetLastError
GetModuleFileNameW
SetLastError
GlobalAlloc
GlobalUnlock
FindResourceW
CreateThread
CompareStringW
CreateMutexW
LoadLibraryA
ResetEvent
MulDiv
FreeResource
GetVersion
RaiseException
MoveFileW
GlobalAddAtomW
FormatMessageW
SwitchToThread
GetExitCodeThread
GetCurrentThread
LoadLibraryExW
LockResource
FileTimeToSystemTime
GetCurrentThreadId
UnhandledExceptionFilter
VirtualQuery
GlobalFindAtomW
VirtualQueryEx
GlobalFree
Sleep
EnterCriticalSection
SetFilePointer
LoadResource
SuspendThread
GetTickCount
GetTempFileNameW
GetFileSize
GetStartupInfoW
GlobalDeleteAtom
GetFileAttributesW
InitializeCriticalSection
GetThreadPriority
GetCurrentProcess
SetThreadPriority
GlobalLock
VirtualAlloc
GetTempPathW
GetCommandLineW
GetSystemInfo
LeaveCriticalSection
GetProcAddress
ResumeThread
GetVersionExW
VerifyVersionInfoW
HeapCreate
LCMapStringW
GetDiskFreeSpaceW
VerSetConditionMask
FindFirstFileW
GetUserDefaultUILanguage
GetConsoleOutputCP
GetConsoleCP
lstrlenW
SetEndOfFile
QueryPerformanceCounter
HeapFree
WideCharToMultiByte
FindClose
MultiByteToWideChar
LoadLibraryW
SetEvent
GetLocaleInfoW
CreateFileW
EnumResourceNamesW
DeleteFileW
IsDBCSLeadByteEx
GetEnvironmentVariableW
GetLocalTime
WaitForSingleObject
WriteFile
ExitThread
CreatePipe
DeleteCriticalSection
GetDateFormatW
TlsGetValue
SetErrorMode
IsValidLocale
TlsSetValue
CreateDirectoryW
GetSystemDefaultUILanguage
EnumCalendarInfoW
LocalAlloc
RemoveDirectoryW
CreateEventW
WaitForMultipleObjectsEx
GetThreadLocale
SetThreadLocale

shfolder

SHGetFolderPathW

ole32

CreateBindCtx
MkParseDisplayName
CoCreateInstance
CoUninitialize
IsEqualGUID
OleInitialize
CLSIDFromProgID
OleUninitialize
CoInitialize
CoTaskMemFree
CoTaskMemAlloc
StringFromCLSID

gdi32

Pie
SetBkMode
CreateCompatibleBitmap
GetEnhMetaFileHeader
RectVisible
AngleArc
SetAbortProc
SetTextColor
StretchBlt
RoundRect
RestoreDC
SetRectRgn
GetTextMetricsW
GetWindowOrgEx
CreatePalette
PolyBezierTo
CreateICW
CreateDCW
GetStockObject
CreateSolidBrush
Polygon
MoveToEx
PlayEnhMetaFile
Ellipse
StartPage
GetBitmapBits
StartDocW
GetSystemPaletteEntries
GetEnhMetaFileBits
AbortDoc
GetEnhMetaFilePaletteEntries
CreatePenIndirect
CreateFontIndirectW
PolyBezier
EndDoc
GetObjectW
GetWinMetaFileBits
SetROP2
GetEnhMetaFileDescriptionW
ArcTo
Arc
SelectPalette
ExcludeClipRect
MaskBlt
SetWindowOrgEx
EndPage
DeleteEnhMetaFile
Chord
SetDIBits
SetViewportOrgEx
CreateRectRgn
RealizePalette
SetDIBColorTable
GetDIBColorTable
CreateBrushIndirect
PatBlt
SetEnhMetaFileBits
Rectangle
SaveDC
DeleteDC
FrameRgn
BitBlt
GetDeviceCaps
GetTextExtentPoint32W
GetClipBox
IntersectClipRect
Polyline
CreateBitmap
SetWinMetaFileBits
GetStretchBltMode
CreateDIBitmap
SetStretchBltMode
GetDIBits
CreateDIBSection
LineTo
GetRgnBox
EnumFontsW
CreateHalftonePalette
SelectObject
DeleteObject
ExtFloodFill
UnrealizeObject
CopyEnhMetaFileW
SetBkColor
CreateCompatibleDC
GetBrushOrgEx
GetCurrentPositionEx
GetTextExtentPointW
ExtTextOutW
SetBrushOrgEx
GetPixel
GdiFlush
SetPixel
EnumFontFamiliesExW
StretchDIBits
GetPaletteEntries

Exports

Exports

TMethodImplementationIntercept
__dbk_fcall_wrapper
dbkFCallWrapperAddr

Sections

.text
Size: 2.9MB - Virtual size: 2.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 35KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 26KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.didata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 147B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: - Virtual size: 92B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 93B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 256KB - Virtual size: 255KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 455KB - Virtual size: 455KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.12.16_TeamCymru-APTC_23_AridViper_GnatSpy/ab5b59331a1beeb857dc3476c3c3906869c66f4d281400bc079b07cd811959c4
.exe windows:5 windows x86 arch:x86

2b67b7d14d1479dd7935f326d05a34d2

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

winspool.drv

DocumentPropertiesW
ClosePrinter
OpenPrinterW
GetDefaultPrinterW
EnumPrintersW

comctl32

ImageList_GetImageInfo
FlatSB_SetScrollInfo
ImageList_DragMove
ImageList_Destroy
_TrackMouseEvent
ImageList_DragShowNolock
ImageList_Add
FlatSB_SetScrollProp
ImageList_GetDragImage
ImageList_Create
ImageList_EndDrag
ImageList_DrawEx
ImageList_SetImageCount
FlatSB_GetScrollPos
FlatSB_SetScrollPos
InitializeFlatSB
ImageList_Copy
FlatSB_GetScrollInfo
ImageList_Write
ImageList_SetBkColor
ImageList_GetBkColor
ImageList_BeginDrag
ImageList_GetIcon
ImageList_Replace
ImageList_GetImageCount
ImageList_DragEnter
ImageList_GetIconSize
ImageList_SetIconSize
ImageList_Read
ImageList_DragLeave
ImageList_LoadImageW
ImageList_Draw
ImageList_Remove
ImageList_ReplaceIcon
ImageList_SetOverlayImage

shell32

SHGetSpecialFolderLocation
Shell_NotifyIconW
ShellExecuteW
SHGetPathFromIDListW

user32

CopyImage
CreateWindowExW
GetMenuItemInfoW
SetMenuItemInfoW
DefFrameProcW
GetDCEx
PeekMessageW
MonitorFromWindow
GetDlgCtrlID
SetTimer
WindowFromPoint
BeginPaint
RegisterClipboardFormatW
FrameRect
MapVirtualKeyW
IsWindowUnicode
RegisterWindowMessageW
FillRect
GetMenuStringW
DispatchMessageW
CreateAcceleratorTableW
SendMessageA
DefMDIChildProcW
EnumWindows
GetClassInfoW
ShowOwnedPopups
GetSystemMenu
GetScrollRange
SetScrollPos
GetScrollPos
GetActiveWindow
SetActiveWindow
DrawEdge
GetKeyboardLayoutList
LoadBitmapW
DrawFocusRect
EnumChildWindows
GetScrollBarInfo
ReleaseCapture
UnhookWindowsHookEx
LoadCursorW
GetCapture
SetCapture
CreatePopupMenu
ScrollWindow
ShowCaret
GetMenuItemID
GetLastActivePopup
CharLowerBuffW
GetSystemMetrics
SetWindowLongW
PostMessageW
DrawMenuBar
SetParent
IsZoomed
CharUpperBuffW
GetClientRect
IsChild
ClientToScreen
GetClipboardData
SetClipboardData
SetWindowPlacement
IsIconic
CallNextHookEx
GetMonitorInfoW
ShowWindow
CheckMenuItem
CharUpperW
DefWindowProcW
GetForegroundWindow
SetForegroundWindow
GetWindowTextW
EnableWindow
DestroyWindow
IsDialogMessageW
EndMenu
RegisterClassW
CharNextW
GetWindowThreadProcessId
RedrawWindow
GetDC
GetFocus
SetFocus
EndPaint
ReleaseDC
MsgWaitForMultipleObjectsEx
LoadKeyboardLayoutW
GetClassLongW
ActivateKeyboardLayout
GetParent
DrawTextW
SetScrollRange
MonitorFromRect
InsertMenuItemW
PeekMessageA
GetPropW
SetClassLongW
MessageBoxW
MessageBeep
SetPropW
RemovePropW
UpdateWindow
GetSubMenu
MsgWaitForMultipleObjects
DestroyMenu
DestroyIcon
SetWindowsHookExW
EmptyClipboard
IsWindowVisible
DispatchMessageA
UnregisterClassW
GetTopWindow
SendMessageW
AdjustWindowRectEx
DrawIcon
IsWindow
EnumThreadWindows
InvalidateRect
GetKeyboardState
DrawFrameControl
ScreenToClient
SetCursor
CreateIcon
CreateMenu
LoadStringW
CharLowerW
SetWindowRgn
SetWindowPos
GetMenuItemCount
RemoveMenu
GetSysColorBrush
GetKeyboardLayoutNameW
GetWindowDC
TranslateMessage
OpenClipboard
DrawTextExW
MapWindowPoints
EnumDisplayMonitors
CallWindowProcW
CloseClipboard
DestroyCursor
GetScrollInfo
SetWindowTextW
GetMessageExtraInfo
EnableScrollBar
GetSysColor
TrackPopupMenu
CopyIcon
DrawIconEx
PostQuitMessage
GetClassNameW
ShowScrollBar
EnableMenuItem
GetIconInfo
GetMessagePos
SetScrollInfo
GetKeyNameTextW
GetDesktopWindow
GetCursorPos
SetCursorPos
HideCaret
GetMenu
GetMenuState
SetMenu
SetRect
GetKeyState
FindWindowExW
MonitorFromPoint
SystemParametersInfoW
LoadIconW
GetCursor
GetWindow
GetWindowLongW
GetWindowRect
InsertMenuW
KillTimer
WaitMessage
IsWindowEnabled
IsDialogMessageA
TranslateMDISysAccel
GetWindowPlacement
CreateIconIndirect
FindWindowW
DeleteMenu
GetKeyboardLayout

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

oleaut32

GetErrorInfo
SysFreeString
VariantClear
VariantInit
SysReAllocStringLen
SafeArrayCreate
SafeArrayGetElement
SysAllocStringLen
SafeArrayPtrOfIndex
SafeArrayGetUBound
SafeArrayGetLBound
VariantCopy
VariantChangeType

advapi32

RegSetValueExW
RegConnectRegistryW
RegEnumKeyExW
RegLoadKeyW
RegDeleteKeyW
RegOpenKeyExW
RegQueryInfoKeyW
RegUnLoadKeyW
RegSaveKeyW
RegDeleteValueW
RegReplaceKeyW
RegFlushKey
RegQueryValueExW
RegEnumValueW
RegCloseKey
RegCreateKeyExW
RegRestoreKeyW

netapi32

NetWkstaGetInfo
NetApiBufferFree

msvcrt

memcpy
memset

winhttp

WinHttpGetIEProxyConfigForCurrentUser
WinHttpSetTimeouts
WinHttpSetStatusCallback
WinHttpConnect
WinHttpReceiveResponse
WinHttpQueryAuthSchemes
WinHttpGetProxyForUrl
WinHttpReadData
WinHttpCloseHandle
WinHttpQueryHeaders
WinHttpOpenRequest
WinHttpAddRequestHeaders
WinHttpOpen
WinHttpWriteData
WinHttpSetCredentials
WinHttpQueryDataAvailable
WinHttpSetOption
WinHttpSendRequest
WinHttpQueryOption

kernel32

GetFileType
GetACP
CloseHandle
LocalFree
GetCurrentProcessId
SizeofResource
VirtualProtect
TerminateThread
QueryPerformanceFrequency
IsDebuggerPresent
GetFullPathNameW
VirtualFree
ExitProcess
HeapAlloc
GetCPInfoExW
RtlUnwind
GetCPInfo
EnumSystemLocalesW
GetStdHandle
GetTimeZoneInformation
GetModuleHandleW
FreeLibrary
TryEnterCriticalSection
HeapDestroy
ReadFile
CreateProcessW
GetLastError
GetModuleFileNameW
SetLastError
GlobalAlloc
GlobalUnlock
FindResourceW
CreateThread
CompareStringW
CopyFileW
CreateMutexW
LoadLibraryA
ResetEvent
MulDiv
FreeResource
GetVersion
RaiseException
GlobalAddAtomW
FormatMessageW
SwitchToThread
GetExitCodeThread
GetCurrentThread
LoadLibraryExW
LockResource
FileTimeToSystemTime
GetCurrentThreadId
UnhandledExceptionFilter
VirtualQuery
GlobalFindAtomW
VirtualQueryEx
GlobalFree
Sleep
EnterCriticalSection
SetFilePointer
LoadResource
SuspendThread
GetTickCount
GetFileSize
GetStartupInfoW
GlobalDeleteAtom
GetFileAttributesW
InitializeCriticalSection
GetThreadPriority
GetCurrentProcess
SetThreadPriority
GlobalLock
VirtualAlloc
GetCommandLineW
GetSystemInfo
LeaveCriticalSection
GetProcAddress
ResumeThread
GetVersionExW
VerifyVersionInfoW
HeapCreate
LCMapStringW
GetDiskFreeSpaceW
VerSetConditionMask
FindFirstFileW
GetUserDefaultUILanguage
GetConsoleOutputCP
GetConsoleCP
lstrlenW
SetEndOfFile
QueryPerformanceCounter
HeapFree
WideCharToMultiByte
FindClose
MultiByteToWideChar
LoadLibraryW
SetEvent
GetLocaleInfoW
CreateFileW
EnumResourceNamesW
DeleteFileW
IsDBCSLeadByteEx
GetEnvironmentVariableW
GetLocalTime
WaitForSingleObject
WriteFile
ExitThread
CreatePipe
DeleteCriticalSection
GetDateFormatW
TlsGetValue
SetErrorMode
IsValidLocale
TlsSetValue
CreateDirectoryW
GetSystemDefaultUILanguage
EnumCalendarInfoW
LocalAlloc
RemoveDirectoryW
CreateEventW
WaitForMultipleObjectsEx
SetThreadLocale
GetThreadLocale

ole32

CreateBindCtx
MkParseDisplayName
CoCreateInstance
CoUninitialize
IsEqualGUID
OleInitialize
CLSIDFromProgID
OleUninitialize
CoInitialize
CoTaskMemFree
CoTaskMemAlloc
StringFromCLSID

gdi32

Pie
SetBkMode
CreateCompatibleBitmap
GetEnhMetaFileHeader
RectVisible
AngleArc
SetAbortProc
SetTextColor
StretchBlt
RoundRect
RestoreDC
SetRectRgn
GetTextMetricsW
GetWindowOrgEx
CreatePalette
PolyBezierTo
CreateICW
CreateDCW
GetStockObject
CreateSolidBrush
Polygon
MoveToEx
PlayEnhMetaFile
Ellipse
StartPage
GetBitmapBits
StartDocW
GetSystemPaletteEntries
GetEnhMetaFileBits
AbortDoc
GetEnhMetaFilePaletteEntries
CreatePenIndirect
CreateFontIndirectW
PolyBezier
EndDoc
GetObjectW
GetWinMetaFileBits
SetROP2
GetEnhMetaFileDescriptionW
ArcTo
Arc
SelectPalette
ExcludeClipRect
MaskBlt
SetWindowOrgEx
EndPage
DeleteEnhMetaFile
Chord
SetDIBits
SetViewportOrgEx
CreateRectRgn
RealizePalette
SetDIBColorTable
GetDIBColorTable
CreateBrushIndirect
PatBlt
SetEnhMetaFileBits
Rectangle
SaveDC
DeleteDC
FrameRgn
BitBlt
GetDeviceCaps
GetTextExtentPoint32W
GetClipBox
IntersectClipRect
Polyline
CreateBitmap
SetWinMetaFileBits
GetStretchBltMode
CreateDIBitmap
SetStretchBltMode
GetDIBits
CreateDIBSection
LineTo
GetRgnBox
EnumFontsW
CreateHalftonePalette
SelectObject
DeleteObject
ExtFloodFill
UnrealizeObject
CopyEnhMetaFileW
SetBkColor
CreateCompatibleDC
GetBrushOrgEx
GetCurrentPositionEx
GetTextExtentPointW
ExtTextOutW
SetBrushOrgEx
GetPixel
GdiFlush
SetPixel
EnumFontFamiliesExW
StretchDIBits
GetPaletteEntries

Exports

Exports

TMethodImplementationIntercept
__dbk_fcall_wrapper
dbkFCallWrapperAddr

Sections

.text
Size: 2.9MB - Virtual size: 2.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 35KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 26KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.didata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 163B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: - Virtual size: 92B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 93B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 256KB - Virtual size: 255KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 306KB - Virtual size: 306KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.12.16_TeamCymru-APTC_23_AridViper_GnatSpy/ae254ab021632cb583071079b2be8af62ccfc232c687a515a716ea17bfa0db9b
.exe windows:5 windows x86 arch:x86

0aa03c07a0e6fe1afbf21d69e0d0203c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

winspool.drv

DocumentPropertiesW
ClosePrinter
OpenPrinterW
GetDefaultPrinterW
EnumPrintersW

comctl32

ImageList_GetImageInfo
FlatSB_SetScrollInfo
ImageList_DragMove
ImageList_Destroy
_TrackMouseEvent
ImageList_DragShowNolock
ImageList_Add
FlatSB_SetScrollProp
ImageList_GetDragImage
ImageList_Create
ImageList_EndDrag
ImageList_DrawEx
ImageList_SetImageCount
FlatSB_GetScrollPos
FlatSB_SetScrollPos
InitializeFlatSB
ImageList_Copy
FlatSB_GetScrollInfo
ImageList_Write
ImageList_SetBkColor
ImageList_GetBkColor
ImageList_BeginDrag
ImageList_GetIcon
ImageList_Replace
ImageList_GetImageCount
ImageList_DragEnter
ImageList_GetIconSize
ImageList_SetIconSize
ImageList_Read
ImageList_DragLeave
ImageList_LoadImageW
ImageList_Draw
ImageList_Remove
ImageList_ReplaceIcon
ImageList_SetOverlayImage

shell32

SHGetSpecialFolderLocation
Shell_NotifyIconW
ShellExecuteW
SHGetPathFromIDListW

user32

CopyImage
CreateWindowExW
GetMenuItemInfoW
SetMenuItemInfoW
DefFrameProcW
GetDCEx
PeekMessageW
MonitorFromWindow
GetDlgCtrlID
GetUpdateRect
SetTimer
WindowFromPoint
BeginPaint
RegisterClipboardFormatW
FrameRect
MapVirtualKeyW
IsWindowUnicode
RegisterWindowMessageW
FillRect
GetMenuStringW
DispatchMessageW
CreateAcceleratorTableW
SendMessageA
DefMDIChildProcW
EnumWindows
GetClassInfoW
ShowOwnedPopups
GetSystemMenu
GetScrollRange
SetScrollPos
GetScrollPos
GetActiveWindow
SetActiveWindow
DrawEdge
GetKeyboardLayoutList
LoadBitmapW
DrawFocusRect
EnumChildWindows
GetScrollBarInfo
ReleaseCapture
UnhookWindowsHookEx
LoadCursorW
GetCapture
SetCapture
CreatePopupMenu
ScrollWindow
ShowCaret
GetMenuItemID
GetLastActivePopup
CharLowerBuffW
GetSystemMetrics
SetWindowLongW
PostMessageW
DrawMenuBar
SetParent
IsZoomed
CharUpperBuffW
GetClientRect
IsChild
ClientToScreen
GetClipboardData
SetClipboardData
SetWindowPlacement
IsIconic
CallNextHookEx
GetMonitorInfoW
ShowWindow
CheckMenuItem
CharUpperW
DefWindowProcW
GetForegroundWindow
SetForegroundWindow
GetWindowTextW
EnableWindow
DestroyWindow
IsDialogMessageW
EndMenu
RegisterClassW
CharNextW
GetWindowThreadProcessId
RedrawWindow
GetDC
GetFocus
SetFocus
EndPaint
ReleaseDC
MsgWaitForMultipleObjectsEx
LoadKeyboardLayoutW
GetClassLongW
ActivateKeyboardLayout
GetParent
DrawTextW
SetScrollRange
MonitorFromRect
InsertMenuItemW
PeekMessageA
GetPropW
SetClassLongW
MessageBoxW
MessageBeep
SetPropW
RemovePropW
UpdateWindow
GetSubMenu
MsgWaitForMultipleObjects
DestroyMenu
DestroyIcon
SetWindowsHookExW
EmptyClipboard
IsWindowVisible
DispatchMessageA
UnregisterClassW
GetTopWindow
SendMessageW
AdjustWindowRectEx
DrawIcon
IsWindow
EnumThreadWindows
InvalidateRect
GetKeyboardState
DrawFrameControl
ScreenToClient
SetCursor
CreateIcon
CreateMenu
LoadStringW
CharLowerW
SetWindowRgn
SetWindowPos
GetMenuItemCount
RemoveMenu
GetSysColorBrush
GetKeyboardLayoutNameW
GetWindowDC
TranslateMessage
OpenClipboard
DrawTextExW
MapWindowPoints
EnumDisplayMonitors
CallWindowProcW
CloseClipboard
DestroyCursor
GetScrollInfo
SetWindowTextW
GetMessageExtraInfo
EnableScrollBar
GetSysColor
TrackPopupMenu
CopyIcon
DrawIconEx
PostQuitMessage
GetClassNameW
ShowScrollBar
EnableMenuItem
GetIconInfo
GetMessagePos
SetScrollInfo
GetKeyNameTextW
GetDesktopWindow
GetCursorPos
SetCursorPos
HideCaret
GetMenu
GetMenuState
SetMenu
SetRect
GetKeyState
FindWindowExW
MonitorFromPoint
SystemParametersInfoW
LoadIconW
GetCursor
GetWindow
GetWindowLongW
GetWindowRect
InsertMenuW
KillTimer
WaitMessage
IsWindowEnabled
IsDialogMessageA
TranslateMDISysAccel
GetWindowPlacement
FindWindowW
DeleteMenu
GetKeyboardLayout

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

oleaut32

GetErrorInfo
SysFreeString
VariantClear
VariantInit
SysReAllocStringLen
SafeArrayCreate
SysAllocStringLen
SafeArrayPtrOfIndex
SafeArrayGetUBound
SafeArrayGetLBound
VariantCopy
VariantChangeType
VariantCopyInd

advapi32

RegSetValueExW
RegConnectRegistryW
RegEnumKeyExW
RegLoadKeyW
RegDeleteKeyW
RegOpenKeyExW
RegQueryInfoKeyW
RegUnLoadKeyW
RegSaveKeyW
RegDeleteValueW
RegReplaceKeyW
RegFlushKey
RegQueryValueExW
RegEnumValueW
RegCloseKey
RegCreateKeyExW
RegRestoreKeyW

netapi32

NetWkstaGetInfo
NetApiBufferFree

msvcrt

memcpy
memset

winhttp

WinHttpGetIEProxyConfigForCurrentUser
WinHttpSetTimeouts
WinHttpSetStatusCallback
WinHttpConnect
WinHttpReceiveResponse
WinHttpQueryAuthSchemes
WinHttpGetProxyForUrl
WinHttpReadData
WinHttpCloseHandle
WinHttpQueryHeaders
WinHttpOpenRequest
WinHttpAddRequestHeaders
WinHttpOpen
WinHttpWriteData
WinHttpSetCredentials
WinHttpQueryDataAvailable
WinHttpSetOption
WinHttpSendRequest
WinHttpQueryOption

kernel32

GetACP
LocalFree
CloseHandle
GetCurrentProcessId
SizeofResource
VirtualProtect
TerminateThread
QueryPerformanceFrequency
IsDebuggerPresent
VirtualFree
GetFullPathNameW
ExitProcess
HeapAlloc
GetCPInfoExW
RtlUnwind
GetCPInfo
EnumSystemLocalesW
GetStdHandle
GetTimeZoneInformation
GetModuleHandleW
FreeLibrary
TryEnterCriticalSection
HeapDestroy
ReadFile
CreateProcessW
HeapSize
GetLastError
GetModuleFileNameW
SetLastError
GlobalAlloc
GlobalUnlock
FindResourceW
CreateThread
CompareStringW
CopyFileW
CreateMutexW
LoadLibraryA
ResetEvent
MulDiv
FreeResource
GetVersion
RaiseException
GlobalAddAtomW
FormatMessageW
SwitchToThread
GetExitCodeThread
OutputDebugStringW
GetCurrentThread
LoadLibraryExW
LockResource
FileTimeToSystemTime
GetCurrentThreadId
UnhandledExceptionFilter
VirtualQuery
GlobalFindAtomW
VirtualQueryEx
GlobalFree
Sleep
EnterCriticalSection
SetFilePointer
LoadResource
SuspendThread
GetTickCount
GetStartupInfoW
GlobalDeleteAtom
GetFileAttributesW
InitializeCriticalSection
GetThreadPriority
GetCurrentProcess
SetThreadPriority
GlobalLock
VirtualAlloc
GetSystemInfo
GetCommandLineW
LeaveCriticalSection
GetProcAddress
ResumeThread
GetVersionExW
VerifyVersionInfoW
HeapCreate
LCMapStringW
GetDiskFreeSpaceW
VerSetConditionMask
FindFirstFileW
GetUserDefaultUILanguage
lstrlenW
QueryPerformanceCounter
SetEndOfFile
HeapFree
WideCharToMultiByte
FindClose
MultiByteToWideChar
LoadLibraryW
SetEvent
CreateFileW
GetLocaleInfoW
EnumResourceNamesW
DeleteFileW
GetEnvironmentVariableW
GetLocalTime
WaitForSingleObject
WriteFile
ExitThread
CreatePipe
DeleteCriticalSection
GetDateFormatW
TlsGetValue
SetErrorMode
IsValidLocale
TlsSetValue
CreateDirectoryW
GetSystemDefaultUILanguage
EnumCalendarInfoW
LocalAlloc
RemoveDirectoryW
CreateEventW
WaitForMultipleObjectsEx
SetThreadLocale
GetThreadLocale

ole32

IsEqualGUID
OleInitialize
CLSIDFromProgID
OleUninitialize
CoInitialize
CoCreateInstance
CoUninitialize
CoTaskMemFree
CoTaskMemAlloc
StringFromCLSID

gdi32

Pie
SetBkMode
CreateCompatibleBitmap
GetEnhMetaFileHeader
RectVisible
AngleArc
SetAbortProc
SetTextColor
StretchBlt
RoundRect
SelectClipRgn
RestoreDC
SetRectRgn
GetTextMetricsW
GetWindowOrgEx
CreatePalette
PolyBezierTo
CreateICW
CreateDCW
GetStockObject
CreateSolidBrush
Polygon
MoveToEx
PlayEnhMetaFile
Ellipse
StartPage
GetBitmapBits
StartDocW
AbortDoc
GetSystemPaletteEntries
GetEnhMetaFileBits
GetEnhMetaFilePaletteEntries
CreatePenIndirect
SetMapMode
CreateFontIndirectW
PolyBezier
EndDoc
GetObjectW
GetWinMetaFileBits
SetROP2
GetEnhMetaFileDescriptionW
ArcTo
Arc
SelectPalette
ExcludeClipRect
MaskBlt
SetWindowOrgEx
EndPage
DeleteEnhMetaFile
Chord
SetDIBits
SetViewportOrgEx
CreateRectRgn
RealizePalette
SetDIBColorTable
GetDIBColorTable
CreateBrushIndirect
PatBlt
SetEnhMetaFileBits
Rectangle
SaveDC
DeleteDC
FrameRgn
BitBlt
GetDeviceCaps
GetTextExtentPoint32W
GetClipBox
IntersectClipRect
Polyline
CreateBitmap
SetWinMetaFileBits
GetStretchBltMode
CreateDIBitmap
SetStretchBltMode
GetDIBits
CreateDIBSection
LineTo
GetRgnBox
EnumFontsW
CreateHalftonePalette
SelectObject
DeleteObject
ExtFloodFill
UnrealizeObject
CopyEnhMetaFileW
SetBkColor
CreateCompatibleDC
GetBrushOrgEx
GetCurrentPositionEx
GetTextExtentPointW
ExtTextOutW
SetBrushOrgEx
GetPixel
GdiFlush
SetPixel
EnumFontFamiliesExW
StretchDIBits
GetPaletteEntries

Exports

Exports

TMethodImplementationIntercept
__dbk_fcall_wrapper
dbkFCallWrapperAddr

Sections

.text
Size: 2.8MB - Virtual size: 2.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 35KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 24KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.didata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 156B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: - Virtual size: 80B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 93B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 246KB - Virtual size: 245KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 442KB - Virtual size: 442KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.12.16_TeamCymru-APTC_23_AridViper_GnatSpy/b2ec6aeb55eb0acf12be51185e4d6b3e67e9f3931a0ce0ebbc5849f52c0d8fd3
.exe windows:4 windows x64 arch:x64

f60ff7bc2495abc11777f85fbd08fa18

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

GetLastError
SetLastError
GetTickCount
ExitProcess
GetStartupInfoA
GetStdHandle
GetCommandLineA
GetCurrentProcessId
GetCurrentThreadId
GetCurrentProcess
ReadProcessMemory
GetModuleFileNameA
GetModuleHandleA
WriteFile
ReadFile
CloseHandle
SetFilePointer
SetEndOfFile
FreeLibrary
GetSystemInfo
LoadLibraryA
GetProcAddress
DeleteFileW
CreateFileW
GetFileAttributesW
CreateDirectoryW
GetCurrentDirectoryW
GetFullPathNameW
GetConsoleMode
GetConsoleOutputCP
GetOEMCP
GetProcessHeap
HeapAlloc
HeapFree
TlsAlloc
TlsGetValue
TlsSetValue
CreateThread
ExitThread
LocalAlloc
LocalFree
Sleep
SuspendThread
ResumeThread
TerminateThread
WaitForSingleObject
SetThreadPriority
GetThreadPriority
CreateEventA
ResetEvent
SetEvent
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
TryEnterCriticalSection
RaiseException
MultiByteToWideChar
WideCharToMultiByte
GetACP
GetConsoleCP
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
RtlUnwindEx
EnumResourceTypesA
EnumResourceNamesA
EnumResourceLanguagesA
FindResourceA
FindResourceExA
LoadResource
SizeofResource
LockResource
FreeResource
GetEnvironmentStringsA
FreeEnvironmentStringsA
FormatMessageA
GlobalAddAtomA
GetWindowsDirectoryA
DeleteFileA
CopyFileA
CreateProcessA
GetVersionExA
CompareStringA
GetLocaleInfoA
GetDateFormatA
EnumCalendarInfoA
GetEnvironmentStringsW
FreeEnvironmentStringsW
FormatMessageW
LoadLibraryW
GetModuleFileNameW
GetCommandLineW
CompareStringW
GetLocaleInfoW
GlobalAlloc
GlobalReAlloc
GlobalSize
GlobalLock
GlobalUnlock
GetExitCodeProcess
GetExitCodeThread
GlobalDeleteAtom
MulDiv
GetLocalTime
CreatePipe
PeekNamedPipe
GetThreadLocale
SetThreadLocale
GetUserDefaultLCID

oleaut32

SysAllocStringLen
SysFreeString
SysReAllocStringLen
SafeArrayCreate
SafeArrayRedim
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayAccessData
SafeArrayUnaccessData
SafeArrayGetElement
SafeArrayPutElement
SafeArrayPtrOfIndex
VariantChangeTypeEx
VariantClear
VariantCopy
VariantInit

user32

MessageBoxA
CharUpperBuffW
CharLowerBuffW
PeekMessageA
SendMessageA
PostMessageA
DefWindowProcA
CallWindowProcA
RegisterClassA
UnregisterClassA
GetClassInfoA
CreateWindowExA
RegisterClipboardFormatA
GetClipboardFormatNameA
CharToOemA
CharUpperA
CharUpperBuffA
CharLowerA
CharLowerBuffA
GetMenuItemInfoA
SetPropA
GetPropA
RemovePropA
EnumPropsA
GetWindowLongA
SetWindowLongA
SetClassLongPtrA
GetClassNameA
LoadBitmapA
LoadCursorA
LoadIconA
LoadImageA
SystemParametersInfoA
DispatchMessageW
PeekMessageW
SendMessageW
DefWindowProcW
CallWindowProcW
RegisterClassW
UnregisterClassW
GetClassInfoW
CreateWindowExW
InsertMenuItemW
GetMenuItemInfoW
SetMenuItemInfoW
DrawTextW
DrawStateW
SetWindowTextW
GetWindowTextW
GetWindowTextLengthW
MessageBoxW
GetWindowLongPtrW
SetWindowLongPtrW
TranslateMessage
PostQuitMessage
GetDoubleClickTime
IsWindow
IsMenu
DestroyWindow
ShowWindow
ShowWindowAsync
ShowOwnedPopups
SetWindowPos
GetWindowPlacement
SetWindowPlacement
BeginDeferWindowPos
DeferWindowPos
EndDeferWindowPos
IsWindowVisible
IsIconic
BringWindowToTop
IsZoomed
OpenClipboard
CloseClipboard
SetClipboardData
GetClipboardData
CountClipboardFormats
EnumClipboardFormats
EmptyClipboard
IsClipboardFormatAvailable
SetFocus
GetActiveWindow
GetFocus
GetKeyState
GetCapture
SetCapture
ReleaseCapture
MsgWaitForMultipleObjects
SetTimer
KillTimer
EnableWindow
IsWindowEnabled
GetSystemMetrics
GetMenu
SetMenu
DrawMenuBar
GetSystemMenu
CreateMenu
CreatePopupMenu
DestroyMenu
EnableMenuItem
GetSubMenu
GetMenuItemCount
RemoveMenu
DeleteMenu
UpdateWindow
SetActiveWindow
GetForegroundWindow
SetForegroundWindow
WindowFromDC
GetDC
GetDCEx
GetWindowDC
ReleaseDC
BeginPaint
EndPaint
GetUpdateRect
SetWindowRgn
InvalidateRect
InvalidateRgn
RedrawWindow
ScrollWindowEx
ShowScrollBar
EnableScrollBar
GetClientRect
GetWindowRect
AdjustWindowRectEx
MessageBeep
SetCursorPos
SetCursor
GetCursorPos
CreateCaret
DestroyCaret
HideCaret
ShowCaret
SetCaretPos
GetCaretPos
ClientToScreen
ScreenToClient
MapWindowPoints
WindowFromPoint
GetSysColor
GetSysColorBrush
SetSysColors
DrawFocusRect
FillRect
FrameRect
SetRect
InflateRect
IntersectRect
OffsetRect
GetDesktopWindow
GetParent
SetParent
EnumThreadWindows
GetTopWindow
GetWindowThreadProcessId
GetLastActivePopup
GetWindow
CallNextHookEx
DestroyCursor
DestroyIcon
CopyImage
CreateIconIndirect
GetIconInfo
SetScrollInfo
GetScrollInfo
DrawEdge
DrawFrameControl
TrackPopupMenuEx
ChildWindowFromPointEx
FlashWindowEx

advapi32

RegCreateKeyExA
RegOpenKeyExA
RegSetValueExA
RegCloseKey
RegFlushKey

gdi32

CreateFontIndirectA
EnumFontFamiliesA
GetCharABCWidthsA
GetTextExtentPointA
GetTextMetricsA
GetObjectA
ExtTextOutA
CreateFontIndirectW
EnumFontFamiliesExW
GetCharABCWidthsW
GetTextExtentPoint32W
GetTextExtentExPointW
GetObjectW
TextOutW
ExtTextOutW
GetRandomRgn
Arc
BitBlt
Chord
CombineRgn
CreateBitmap
CreateBrushIndirect
CreateCompatibleBitmap
CreateCompatibleDC
CreateDIBitmap
CreateEllipticRgn
CreatePen
CreatePenIndirect
CreatePatternBrush
CreateRectRgn
CreateRoundRectRgn
CreateSolidBrush
DeleteDC
DeleteObject
Ellipse
EqualRgn
ExcludeClipRect
ExtCreateRegion
ExtFloodFill
FillRgn
GetROP2
GetBkColor
GetBitmapBits
GetClipBox
GetClipRgn
GetCurrentObject
GetDeviceCaps
GetDIBits
GetMapMode
GetObjectType
GetPixel
GetRegionData
GetRgnBox
GetStockObject
GetTextAlign
GetTextColor
GetViewportExtEx
GetViewportOrgEx
GetWindowExtEx
GetWindowOrgEx
IntersectClipRect
LineTo
MaskBlt
OffsetRgn
PatBlt
Pie
PaintRgn
PtInRegion
RectInRegion
RectVisible
Rectangle
RestoreDC
RealizePalette
RoundRect
SaveDC
SelectClipRgn
ExtSelectClipRgn
SelectObject
SelectPalette
SetBkColor
SetBkMode
SetMapMode
SetPixel
SetPolyFillMode
StretchBlt
SetRectRgn
SetROP2
SetStretchBltMode
SetTextCharacterExtra
SetTextColor
SetTextAlign
CreateDIBSection
SetArcDirection
ExtCreatePen
MoveToEx
CreatePolygonRgn
DPtoLP
LPtoDP
Polygon
Polyline
PolyBezier
SetViewportExtEx
SetViewportOrgEx
SetWindowExtEx
SetWindowOrgEx
OffsetViewportOrgEx
SetBrushOrgEx
GetDCOrgEx

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

shell32

DragQueryFileA
ShellExecuteA
DragQueryFileW
DragFinish
DragAcceptFiles
SHGetSpecialFolderLocation
SHGetPathFromIDListA

ole32

OleInitialize
OleUninitialize
CoUninitialize
CoCreateInstance
CLSIDFromProgID
CoInitialize
MkParseDisplayName
CreateBindCtx
GetErrorInfo

comctl32

InitCommonControls
ImageList_Create
ImageList_Destroy
ImageList_GetImageCount
ImageList_SetImageCount
ImageList_Add
ImageList_Replace
ImageList_AddMasked
ImageList_DrawEx
ImageList_DrawIndirect
ImageList_Remove
ImageList_Copy
ImageList_BeginDrag
ImageList_EndDrag
ImageList_DragEnter
ImageList_DragLeave
ImageList_DragMove
ImageList_DragShowNolock
_TrackMouseEvent

ws2_32

closesocket
connect
getsockopt
recv
send
setsockopt
shutdown
socket
WSAStartup
WSACleanup
WSAGetLastError

wsock32

gethostbyaddr
gethostbyname
WSAStartup

Sections

.text
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 123KB - Virtual size: 123KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 715KB - Virtual size: 714KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 123KB - Virtual size: 123KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 27KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 40B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 255KB - Virtual size: 254KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Malware-Feed-master/2020.12.16_TeamCymru-APTC_23_AridViper_GnatSpy/b3e991914ca782b0b6f6a96d7df6d02e2388079a12e76dfacb47155fbff1084d
.exe windows:4 windows x86 arch:x86

0e1e4375b1a774e94877864795ccdc38

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

GetLastError
SetLastError
GetTickCount
ExitProcess
GetStartupInfoA
GetStdHandle
GetCommandLineA
GetCurrentProcessId
GetCurrentThreadId
GetCurrentProcess
ReadProcessMemory
GetModuleFileNameA
GetModuleHandleA
WriteFile
ReadFile
CloseHandle
SetFilePointer
SetEndOfFile
FreeLibrary
GetSystemInfo
LoadLibraryA
GetProcAddress
DeleteFileW
CreateFileW
GetFileAttributesW
CreateDirectoryW
GetCurrentDirectoryW
GetFullPathNameW
GetConsoleMode
GetConsoleOutputCP
GetOEMCP
GetProcessHeap
HeapAlloc
HeapFree
TlsAlloc
TlsGetValue
TlsSetValue
CreateThread
ExitThread
LocalAlloc
LocalFree
Sleep
SuspendThread
ResumeThread
TerminateThread
WaitForSingleObject
SetThreadPriority
GetThreadPriority
CreateEventA
ResetEvent
SetEvent
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
TryEnterCriticalSection
MultiByteToWideChar
WideCharToMultiByte
GetACP
GetConsoleCP
SetUnhandledExceptionFilter
EnumResourceTypesA
EnumResourceNamesA
EnumResourceLanguagesA
FindResourceA
FindResourceExA
LoadResource
SizeofResource
LockResource
FreeResource
GetEnvironmentStringsA
FreeEnvironmentStringsA
FormatMessageA
CreateMutexA
GlobalAddAtomA
GetWindowsDirectoryA
SetFileAttributesA
CreateProcessA
GetVersionExA
CompareStringA
GetLocaleInfoA
GetDateFormatA
EnumCalendarInfoA
GetEnvironmentStringsW
FreeEnvironmentStringsW
FormatMessageW
LoadLibraryW
GetModuleFileNameW
GetCommandLineW
FindFirstFileW
FindNextFileW
CompareStringW
GetLocaleInfoW
GlobalAlloc
GlobalReAlloc
GlobalSize
GlobalLock
GlobalUnlock
VirtualFree
GetExitCodeProcess
GetExitCodeThread
GlobalDeleteAtom
FindClose
MulDiv
GetLocalTime
FileTimeToLocalFileTime
FileTimeToDosDateTime
PeekNamedPipe
GetThreadLocale
SetThreadLocale
GetUserDefaultLCID

oleaut32

SysAllocStringLen
SysFreeString
SysReAllocStringLen
SafeArrayCreate
SafeArrayRedim
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayAccessData
SafeArrayUnaccessData
SafeArrayGetElement
SafeArrayPutElement
SafeArrayPtrOfIndex
VariantChangeTypeEx
VariantClear
VariantCopy
VariantInit

user32

MessageBoxA
CharUpperBuffW
CharLowerBuffW
PeekMessageA
SendMessageA
PostMessageA
DefWindowProcA
CallWindowProcA
RegisterClassA
UnregisterClassA
GetClassInfoA
CreateWindowExA
RegisterClipboardFormatA
GetClipboardFormatNameA
CharToOemA
CharUpperA
CharUpperBuffA
CharLowerA
CharLowerBuffA
GetMenuItemInfoA
SetPropA
GetPropA
RemovePropA
EnumPropsA
GetWindowLongA
SetWindowLongA
SetClassLongA
GetClassNameA
LoadBitmapA
LoadCursorA
LoadIconA
LoadImageA
SystemParametersInfoA
DispatchMessageW
PeekMessageW
SendMessageW
DefWindowProcW
CallWindowProcW
RegisterClassW
UnregisterClassW
GetClassInfoW
CreateWindowExW
InsertMenuItemW
GetMenuItemInfoW
SetMenuItemInfoW
DrawTextW
DrawStateW
SetWindowTextW
GetWindowTextW
GetWindowTextLengthW
MessageBoxW
GetWindowLongW
SetWindowLongW
TranslateMessage
PostQuitMessage
GetDoubleClickTime
IsWindow
IsMenu
DestroyWindow
ShowWindow
ShowWindowAsync
ShowOwnedPopups
SetWindowPos
GetWindowPlacement
SetWindowPlacement
BeginDeferWindowPos
DeferWindowPos
EndDeferWindowPos
IsWindowVisible
IsIconic
BringWindowToTop
IsZoomed
OpenClipboard
CloseClipboard
SetClipboardData
GetClipboardData
CountClipboardFormats
EnumClipboardFormats
EmptyClipboard
IsClipboardFormatAvailable
SetFocus
GetActiveWindow
GetFocus
GetKeyState
GetCapture
SetCapture
ReleaseCapture
MsgWaitForMultipleObjects
SetTimer
KillTimer
EnableWindow
IsWindowEnabled
GetSystemMetrics
GetMenu
SetMenu
DrawMenuBar
GetSystemMenu
CreateMenu
CreatePopupMenu
DestroyMenu
EnableMenuItem
GetSubMenu
GetMenuItemCount
RemoveMenu
DeleteMenu
UpdateWindow
SetActiveWindow
GetForegroundWindow
SetForegroundWindow
WindowFromDC
GetDC
GetDCEx
GetWindowDC
ReleaseDC
BeginPaint
EndPaint
GetUpdateRect
SetWindowRgn
InvalidateRect
InvalidateRgn
RedrawWindow
ScrollWindowEx
ShowScrollBar
EnableScrollBar
GetClientRect
GetWindowRect
AdjustWindowRectEx
MessageBeep
SetCursorPos
SetCursor
GetCursorPos
CreateCaret
DestroyCaret
HideCaret
ShowCaret
SetCaretPos
GetCaretPos
ClientToScreen
ScreenToClient
MapWindowPoints
WindowFromPoint
GetSysColor
GetSysColorBrush
SetSysColors
DrawFocusRect
FillRect
FrameRect
SetRect
InflateRect
IntersectRect
OffsetRect
GetDesktopWindow
GetParent
SetParent
EnumThreadWindows
GetTopWindow
GetWindowThreadProcessId
GetLastActivePopup
GetWindow
CallNextHookEx
DestroyCursor
DestroyIcon
CopyImage
CreateIconIndirect
GetIconInfo
SetScrollInfo
GetScrollInfo
DrawEdge
DrawFrameControl
TrackPopupMenuEx
ChildWindowFromPointEx
FlashWindowEx

advapi32

RegCreateKeyExA
RegDeleteValueA
RegOpenKeyExA
RegSetValueExA
RegCloseKey
RegFlushKey

gdi32

CreateFontIndirectA
EnumFontFamiliesA
GetCharABCWidthsA
GetTextExtentPointA
GetTextMetricsA
GetObjectA
ExtTextOutA
CreateFontIndirectW
EnumFontFamiliesExW
GetCharABCWidthsW
GetTextExtentPoint32W
GetTextExtentExPointW
GetObjectW
TextOutW
ExtTextOutW
GetRandomRgn
Arc
BitBlt
Chord
CombineRgn
CreateBitmap
CreateBrushIndirect
CreateCompatibleBitmap
CreateCompatibleDC
CreateDIBitmap
CreateEllipticRgn
CreatePen
CreatePenIndirect
CreatePatternBrush
CreateRectRgn
CreateRoundRectRgn
CreateSolidBrush
DeleteDC
DeleteObject
Ellipse
EqualRgn
ExcludeClipRect
ExtCreateRegion
ExtFloodFill
FillRgn
GetROP2
GetBkColor
GetBitmapBits
GetClipBox
GetClipRgn
GetCurrentObject
GetDeviceCaps
GetDIBits
GetMapMode
GetObjectType
GetPixel
GetRegionData
GetRgnBox
GetStockObject
GetTextAlign
GetTextColor
GetViewportExtEx
GetViewportOrgEx
GetWindowExtEx
GetWindowOrgEx
IntersectClipRect
LineTo
MaskBlt
OffsetRgn
PatBlt
Pie
PaintRgn
PtInRegion
RectInRegion
RectVisible
Rectangle
RestoreDC
RealizePalette
RoundRect
SaveDC
SelectClipRgn
ExtSelectClipRgn
SelectObject
SelectPalette
SetBkColor
SetBkMode
SetMapMode
SetPixel
SetPolyFillMode
StretchBlt
SetRectRgn
SetROP2
SetStretchBltMode
SetTextCharacterExtra
SetTextColor
SetTextAlign
CreateDIBSection
SetArcDirection
ExtCreatePen
MoveToEx
CreatePolygonRgn
DPtoLP
LPtoDP
Polygon
Polyline
PolyBezier
SetViewportExtEx
SetViewportOrgEx
SetWindowExtEx
SetWindowOrgEx
OffsetViewportOrgEx
SetBrushOrgEx
GetDCOrgEx

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

shell32

DragQueryFileA
ShellExecuteA
DragQueryFileW
DragFinish
DragAcceptFiles

ole32

OleInitialize
OleUninitialize
CoUninitialize
CoInitialize
GetErrorInfo

comctl32

InitCommonControls
ImageList_Create
ImageList_Destroy
ImageList_GetImageCount
ImageList_SetImageCount
ImageList_Add
ImageList_Replace
ImageList_AddMasked
ImageList_DrawEx
ImageList_DrawIndirect
ImageList_Remove
ImageList_Copy
ImageList_BeginDrag
ImageList_EndDrag
ImageList_DragEnter
ImageList_DragLeave
ImageList_DragMove
ImageList_DragShowNolock
_TrackMouseEvent

ws2_32

closesocket
connect
getsockopt
recv
send
setsockopt
shutdown
socket
WSAStartup
WSACleanup
WSAGetLastError

wsock32

gethostbyaddr
gethostbyname
WSAStartup

Sections

.text
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 112KB - Virtual size: 112KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 357KB - Virtual size: 357KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 25KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2.2MB - Virtual size: 2.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Malware-Feed-master/2020.12.16_TeamCymru-APTC_23_AridViper_GnatSpy/b42d3deab6932e04d6a3fb059348e608f68464a6cdc1440518c1c5e66f937694
.exe windows:4 windows x86 arch:x86

5d8786b378c881f44443eb17940d6af6

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

GetLastError
SetLastError
GetTickCount
ExitProcess
GetStartupInfoA
GetStdHandle
GetCommandLineA
GetCurrentProcessId
GetCurrentThreadId
GetCurrentProcess
ReadProcessMemory
GetModuleFileNameA
GetModuleHandleA
WriteFile
ReadFile
CloseHandle
SetFilePointer
SetEndOfFile
FreeLibrary
GetSystemInfo
LoadLibraryA
GetProcAddress
DeleteFileW
CreateFileW
GetFileAttributesW
SetCurrentDirectoryW
GetCurrentDirectoryW
GetConsoleMode
GetConsoleOutputCP
GetOEMCP
GetProcessHeap
HeapAlloc
HeapFree
TlsAlloc
TlsGetValue
TlsSetValue
CreateThread
ExitThread
LocalAlloc
LocalFree
Sleep
SuspendThread
ResumeThread
TerminateThread
WaitForSingleObject
SetThreadPriority
GetThreadPriority
CreateEventA
ResetEvent
SetEvent
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
TryEnterCriticalSection
MultiByteToWideChar
WideCharToMultiByte
GetACP
GetConsoleCP
SetUnhandledExceptionFilter
EnumResourceTypesA
EnumResourceNamesA
EnumResourceLanguagesA
FindResourceA
FindResourceExA
LoadResource
SizeofResource
LockResource
FreeResource
GetEnvironmentStringsA
FreeEnvironmentStringsA
FormatMessageA
CreateMutexA
GlobalAddAtomA
GetWindowsDirectoryA
DeleteFileA
CopyFileA
CreateProcessA
GetVersionExA
CompareStringA
GetLocaleInfoA
GetDateFormatA
EnumCalendarInfoA
GetEnvironmentStringsW
FreeEnvironmentStringsW
FormatMessageW
LoadLibraryW
GetModuleFileNameW
GetCommandLineW
CompareStringW
GetLocaleInfoW
GlobalAlloc
GlobalReAlloc
GlobalSize
GlobalLock
GlobalUnlock
VirtualFree
GetExitCodeProcess
GetExitCodeThread
GlobalDeleteAtom
MulDiv
GetLocalTime
CreatePipe
PeekNamedPipe
GetThreadLocale
SetThreadLocale
GetUserDefaultLCID

oleaut32

SysAllocStringLen
SysFreeString
SysReAllocStringLen
SafeArrayCreate
SafeArrayRedim
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayAccessData
SafeArrayUnaccessData
SafeArrayGetElement
SafeArrayPutElement
SafeArrayPtrOfIndex
VariantChangeTypeEx
VariantClear
VariantCopy
VariantInit

user32

MessageBoxA
CharUpperBuffW
CharLowerBuffW
PeekMessageA
SendMessageA
PostMessageA
DefWindowProcA
CallWindowProcA
RegisterClassA
UnregisterClassA
GetClassInfoA
CreateWindowExA
RegisterClipboardFormatA
GetClipboardFormatNameA
CharToOemA
CharUpperA
CharUpperBuffA
CharLowerA
CharLowerBuffA
GetMenuItemInfoA
SetPropA
GetPropA
RemovePropA
EnumPropsA
GetWindowLongA
SetWindowLongA
SetClassLongA
GetClassNameA
LoadBitmapA
LoadCursorA
LoadIconA
LoadImageA
SystemParametersInfoA
DispatchMessageW
PeekMessageW
SendMessageW
DefWindowProcW
CallWindowProcW
RegisterClassW
UnregisterClassW
GetClassInfoW
CreateWindowExW
InsertMenuItemW
GetMenuItemInfoW
SetMenuItemInfoW
DrawTextW
DrawStateW
SetWindowTextW
GetWindowTextW
GetWindowTextLengthW
MessageBoxW
GetWindowLongW
SetWindowLongW
TranslateMessage
PostQuitMessage
GetDoubleClickTime
IsWindow
IsMenu
DestroyWindow
ShowWindow
ShowWindowAsync
ShowOwnedPopups
SetWindowPos
GetWindowPlacement
SetWindowPlacement
BeginDeferWindowPos
DeferWindowPos
EndDeferWindowPos
IsWindowVisible
IsIconic
BringWindowToTop
IsZoomed
OpenClipboard
CloseClipboard
SetClipboardData
GetClipboardData
CountClipboardFormats
EnumClipboardFormats
EmptyClipboard
IsClipboardFormatAvailable
SetFocus
GetActiveWindow
GetFocus
GetKeyState
GetCapture
SetCapture
ReleaseCapture
MsgWaitForMultipleObjects
SetTimer
KillTimer
EnableWindow
IsWindowEnabled
GetSystemMetrics
GetMenu
SetMenu
DrawMenuBar
GetSystemMenu
CreateMenu
CreatePopupMenu
DestroyMenu
EnableMenuItem
GetSubMenu
GetMenuItemCount
RemoveMenu
DeleteMenu
UpdateWindow
SetActiveWindow
GetForegroundWindow
SetForegroundWindow
WindowFromDC
GetDC
GetDCEx
GetWindowDC
ReleaseDC
BeginPaint
EndPaint
GetUpdateRect
SetWindowRgn
InvalidateRect
InvalidateRgn
RedrawWindow
ScrollWindowEx
ShowScrollBar
EnableScrollBar
GetClientRect
GetWindowRect
AdjustWindowRectEx
MessageBeep
SetCursorPos
SetCursor
GetCursorPos
CreateCaret
DestroyCaret
HideCaret
ShowCaret
SetCaretPos
GetCaretPos
ClientToScreen
ScreenToClient
MapWindowPoints
WindowFromPoint
GetSysColor
GetSysColorBrush
SetSysColors
DrawFocusRect
FillRect
FrameRect
SetRect
InflateRect
IntersectRect
OffsetRect
GetDesktopWindow
GetParent
SetParent
EnumThreadWindows
GetTopWindow
GetWindowThreadProcessId
GetLastActivePopup
GetWindow
CallNextHookEx
DestroyCursor
DestroyIcon
CopyImage
CreateIconIndirect
GetIconInfo
SetScrollInfo
GetScrollInfo
DrawEdge
DrawFrameControl
TrackPopupMenuEx
ChildWindowFromPointEx
FlashWindowEx

advapi32

RegCreateKeyExA
RegOpenKeyExA
RegSetValueExA
RegCloseKey
RegFlushKey

gdi32

CreateFontIndirectA
EnumFontFamiliesA
GetCharABCWidthsA
GetTextExtentPointA
GetTextMetricsA
GetObjectA
ExtTextOutA
CreateFontIndirectW
EnumFontFamiliesExW
GetCharABCWidthsW
GetTextExtentPoint32W
GetTextExtentExPointW
GetObjectW
TextOutW
ExtTextOutW
GetRandomRgn
Arc
BitBlt
Chord
CombineRgn
CreateBitmap
CreateBrushIndirect
CreateCompatibleBitmap
CreateCompatibleDC
CreateDIBitmap
CreateEllipticRgn
CreatePen
CreatePenIndirect
CreatePatternBrush
CreateRectRgn
CreateRoundRectRgn
CreateSolidBrush
DeleteDC
DeleteObject
Ellipse
EqualRgn
ExcludeClipRect
ExtCreateRegion
ExtFloodFill
FillRgn
GetROP2
GetBkColor
GetBitmapBits
GetClipBox
GetClipRgn
GetCurrentObject
GetDeviceCaps
GetDIBits
GetMapMode
GetObjectType
GetPixel
GetRegionData
GetRgnBox
GetStockObject
GetTextAlign
GetTextColor
GetViewportExtEx
GetViewportOrgEx
GetWindowExtEx
GetWindowOrgEx
IntersectClipRect
LineTo
MaskBlt
OffsetRgn
PatBlt
Pie
PaintRgn
PtInRegion
RectInRegion
RectVisible
Rectangle
RestoreDC
RealizePalette
RoundRect
SaveDC
SelectClipRgn
ExtSelectClipRgn
SelectObject
SelectPalette
SetBkColor
SetBkMode
SetMapMode
SetPixel
SetPolyFillMode
StretchBlt
SetRectRgn
SetROP2
SetStretchBltMode
SetTextCharacterExtra
SetTextColor
SetTextAlign
CreateDIBSection
SetArcDirection
ExtCreatePen
MoveToEx
CreatePolygonRgn
DPtoLP
LPtoDP
Polygon
Polyline
PolyBezier
SetViewportExtEx
SetViewportOrgEx
SetWindowExtEx
SetWindowOrgEx
OffsetViewportOrgEx
SetBrushOrgEx
GetDCOrgEx

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

shell32

DragQueryFileA
ShellExecuteA
DragQueryFileW
DragFinish
DragAcceptFiles
SHGetSpecialFolderLocation
SHGetPathFromIDListA

ole32

OleInitialize
OleUninitialize
CoUninitialize
CoCreateInstance
CoInitialize
MkParseDisplayName
CreateBindCtx
GetErrorInfo

comctl32

InitCommonControls
ImageList_Create
ImageList_Destroy
ImageList_GetImageCount
ImageList_SetImageCount
ImageList_Add
ImageList_Replace
ImageList_AddMasked
ImageList_DrawEx
ImageList_DrawIndirect
ImageList_Remove
ImageList_Copy
ImageList_BeginDrag
ImageList_EndDrag
ImageList_DragEnter
ImageList_DragLeave
ImageList_DragMove
ImageList_DragShowNolock
_TrackMouseEvent

ws2_32

closesocket
connect
getsockopt
recv
send
setsockopt
shutdown
socket
WSAStartup
WSACleanup
WSAGetLastError

wsock32

gethostbyaddr
gethostbyname
WSAStartup

Sections

.text
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 112KB - Virtual size: 111KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 351KB - Virtual size: 350KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 25KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 599KB - Virtual size: 599KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Malware-Feed-master/2020.12.16_TeamCymru-APTC_23_AridViper_GnatSpy/b599b0327c4593a06a2e05a3373ee84c37faa6e4fd6f7e5c24544aa9192e0b43
.exe windows:5 windows x86 arch:x86

f67f9bec9bab7d6ef1ebca8702edae6b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

winspool.drv

DocumentPropertiesW
ClosePrinter
OpenPrinterW
GetDefaultPrinterW
EnumPrintersW

comctl32

ImageList_GetImageInfo
FlatSB_SetScrollInfo
InitCommonControls
ImageList_DragMove
ImageList_Destroy
_TrackMouseEvent
ImageList_DragShowNolock
ImageList_Add
FlatSB_SetScrollProp
ImageList_GetDragImage
ImageList_Create
ImageList_EndDrag
ImageList_DrawEx
ImageList_SetImageCount
FlatSB_GetScrollPos
FlatSB_SetScrollPos
InitializeFlatSB
ImageList_Copy
FlatSB_GetScrollInfo
ImageList_Write
ImageList_SetBkColor
ImageList_GetBkColor
ImageList_BeginDrag
ImageList_GetIcon
ImageList_Replace
ImageList_GetImageCount
ImageList_DragEnter
ImageList_GetIconSize
ImageList_SetIconSize
ImageList_Read
ImageList_DragLeave
ImageList_LoadImageW
ImageList_Draw
ImageList_Remove
ImageList_ReplaceIcon
ImageList_SetOverlayImage

shell32

SHGetSpecialFolderLocation
Shell_NotifyIconW
ShellExecuteW
SHGetPathFromIDListW

user32

CopyImage
CreateWindowExW
GetMenuItemInfoW
SetMenuItemInfoW
DefFrameProcW
GetDCEx
PeekMessageW
MonitorFromWindow
GetDlgCtrlID
SetTimer
WindowFromPoint
BeginPaint
RegisterClipboardFormatW
FrameRect
MapVirtualKeyW
IsWindowUnicode
RegisterWindowMessageW
FillRect
GetMenuStringW
DispatchMessageW
CreateAcceleratorTableW
SendMessageA
DefMDIChildProcW
EnumWindows
GetClassInfoW
ShowOwnedPopups
GetSystemMenu
GetScrollRange
SetScrollPos
GetScrollPos
GetActiveWindow
SetActiveWindow
DrawEdge
GetKeyboardLayoutList
LoadBitmapW
DrawFocusRect
EnumChildWindows
GetScrollBarInfo
ReleaseCapture
UnhookWindowsHookEx
LoadCursorW
GetCapture
SetCapture
CreatePopupMenu
ScrollWindow
ShowCaret
GetMenuItemID
GetLastActivePopup
CharLowerBuffW
GetSystemMetrics
SetWindowLongW
PostMessageW
DrawMenuBar
SetParent
IsZoomed
CharUpperBuffW
GetClientRect
IsChild
ClientToScreen
GetClipboardData
SetClipboardData
SetWindowPlacement
IsIconic
CallNextHookEx
GetMonitorInfoW
ShowWindow
CheckMenuItem
CharUpperW
DefWindowProcW
GetForegroundWindow
SetForegroundWindow
GetWindowTextW
EnableWindow
DestroyWindow
IsDialogMessageW
EndMenu
RegisterClassW
CharNextW
GetWindowThreadProcessId
RedrawWindow
GetDC
GetFocus
SetFocus
EndPaint
ReleaseDC
MsgWaitForMultipleObjectsEx
LoadKeyboardLayoutW
GetClassLongW
ActivateKeyboardLayout
GetParent
DrawTextW
SetScrollRange
MonitorFromRect
InsertMenuItemW
PeekMessageA
GetPropW
SetClassLongW
MessageBoxW
MessageBeep
SetPropW
RemovePropW
UpdateWindow
GetSubMenu
MsgWaitForMultipleObjects
DestroyMenu
DestroyIcon
SetWindowsHookExW
EmptyClipboard
IsWindowVisible
DispatchMessageA
UnregisterClassW
GetTopWindow
SendMessageW
AdjustWindowRectEx
DrawIcon
IsWindow
EnumThreadWindows
InvalidateRect
GetKeyboardState
DrawFrameControl
ScreenToClient
SetCursor
CreateIcon
CreateMenu
LoadStringW
CharLowerW
SetWindowRgn
SetWindowPos
GetMenuItemCount
RemoveMenu
GetSysColorBrush
GetKeyboardLayoutNameW
GetWindowDC
TranslateMessage
OpenClipboard
DrawTextExW
MapWindowPoints
EnumDisplayMonitors
CallWindowProcW
CloseClipboard
DestroyCursor
GetScrollInfo
SetWindowTextW
GetMessageExtraInfo
EnableScrollBar
GetSysColor
TrackPopupMenu
CopyIcon
DrawIconEx
PostQuitMessage
GetClassNameW
ShowScrollBar
EnableMenuItem
GetIconInfo
GetMessagePos
SetScrollInfo
GetKeyNameTextW
GetDesktopWindow
GetCursorPos
SetCursorPos
HideCaret
GetMenu
GetMenuState
SetMenu
SetRect
GetKeyState
FindWindowExW
MonitorFromPoint
SystemParametersInfoW
LoadIconW
GetCursor
GetWindow
GetWindowLongW
GetWindowRect
InsertMenuW
KillTimer
WaitMessage
IsWindowEnabled
IsDialogMessageA
TranslateMDISysAccel
GetWindowPlacement
CreateIconIndirect
FindWindowW
DeleteMenu
GetKeyboardLayout

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

oleaut32

GetErrorInfo
SysFreeString
VariantClear
VariantInit
SysReAllocStringLen
SafeArrayCreate
SafeArrayGetElement
SysAllocStringLen
SafeArrayPtrOfIndex
SafeArrayGetUBound
SafeArrayGetLBound
VariantCopy
VariantChangeType

advapi32

RegSetValueExW
RegConnectRegistryW
RegEnumKeyExW
RegLoadKeyW
RegDeleteKeyW
RegOpenKeyExW
RegQueryInfoKeyW
RegUnLoadKeyW
RegSaveKeyW
RegDeleteValueW
RegReplaceKeyW
RegFlushKey
RegQueryValueExW
RegEnumValueW
RegCloseKey
RegCreateKeyExW
RegRestoreKeyW

netapi32

NetWkstaGetInfo
NetApiBufferFree

msvcrt

memcpy
memset

winhttp

WinHttpGetIEProxyConfigForCurrentUser
WinHttpSetTimeouts
WinHttpSetStatusCallback
WinHttpConnect
WinHttpReceiveResponse
WinHttpQueryAuthSchemes
WinHttpGetProxyForUrl
WinHttpReadData
WinHttpCloseHandle
WinHttpQueryHeaders
WinHttpOpenRequest
WinHttpAddRequestHeaders
WinHttpOpen
WinHttpWriteData
WinHttpSetCredentials
WinHttpQueryDataAvailable
WinHttpSetOption
WinHttpSendRequest
WinHttpQueryOption

kernel32

GetFileType
GetACP
CloseHandle
LocalFree
GetCurrentProcessId
SizeofResource
VirtualProtect
TerminateThread
QueryPerformanceFrequency
IsDebuggerPresent
GetFullPathNameW
VirtualFree
ExitProcess
HeapAlloc
GetCPInfoExW
GetLongPathNameW
RtlUnwind
GetCPInfo
EnumSystemLocalesW
GetStdHandle
GetTimeZoneInformation
GetModuleHandleW
FreeLibrary
TryEnterCriticalSection
HeapDestroy
ReadFile
CreateProcessW
GetLastError
GetModuleFileNameW
SetLastError
GlobalAlloc
GlobalUnlock
FindResourceW
CreateThread
CompareStringW
CreateMutexW
LoadLibraryA
ResetEvent
MulDiv
FreeResource
GetVersion
RaiseException
MoveFileW
GlobalAddAtomW
FormatMessageW
SwitchToThread
GetExitCodeThread
GetCurrentThread
LoadLibraryExW
LockResource
FileTimeToSystemTime
GetCurrentThreadId
UnhandledExceptionFilter
VirtualQuery
GlobalFindAtomW
VirtualQueryEx
GlobalFree
Sleep
EnterCriticalSection
SetFilePointer
LoadResource
SuspendThread
GetTickCount
GetTempFileNameW
GetFileSize
GetStartupInfoW
GlobalDeleteAtom
GetFileAttributesW
InitializeCriticalSection
GetThreadPriority
GetCurrentProcess
SetThreadPriority
GlobalLock
VirtualAlloc
GetTempPathW
GetCommandLineW
GetSystemInfo
LeaveCriticalSection
GetProcAddress
ResumeThread
GetVersionExW
VerifyVersionInfoW
HeapCreate
LCMapStringW
GetDiskFreeSpaceW
VerSetConditionMask
FindFirstFileW
GetUserDefaultUILanguage
GetConsoleOutputCP
GetConsoleCP
lstrlenW
SetEndOfFile
QueryPerformanceCounter
HeapFree
WideCharToMultiByte
FindClose
MultiByteToWideChar
LoadLibraryW
SetEvent
GetLocaleInfoW
CreateFileW
EnumResourceNamesW
DeleteFileW
IsDBCSLeadByteEx
GetEnvironmentVariableW
GetLocalTime
WaitForSingleObject
WriteFile
ExitThread
CreatePipe
DeleteCriticalSection
GetDateFormatW
TlsGetValue
SetErrorMode
IsValidLocale
TlsSetValue
CreateDirectoryW
GetSystemDefaultUILanguage
EnumCalendarInfoW
LocalAlloc
RemoveDirectoryW
CreateEventW
WaitForMultipleObjectsEx
GetThreadLocale
SetThreadLocale

shfolder

SHGetFolderPathW

ole32

CreateBindCtx
MkParseDisplayName
CoCreateInstance
CoUninitialize
IsEqualGUID
OleInitialize
CLSIDFromProgID
OleUninitialize
CoInitialize
CoTaskMemFree
CoTaskMemAlloc
StringFromCLSID

gdi32

Pie
SetBkMode
CreateCompatibleBitmap
GetEnhMetaFileHeader
RectVisible
AngleArc
SetAbortProc
SetTextColor
StretchBlt
RoundRect
RestoreDC
SetRectRgn
GetTextMetricsW
GetWindowOrgEx
CreatePalette
PolyBezierTo
CreateICW
CreateDCW
GetStockObject
CreateSolidBrush
Polygon
MoveToEx
PlayEnhMetaFile
Ellipse
StartPage
GetBitmapBits
StartDocW
GetSystemPaletteEntries
GetEnhMetaFileBits
AbortDoc
GetEnhMetaFilePaletteEntries
CreatePenIndirect
CreateFontIndirectW
PolyBezier
EndDoc
GetObjectW
GetWinMetaFileBits
SetROP2
GetEnhMetaFileDescriptionW
ArcTo
Arc
SelectPalette
ExcludeClipRect
MaskBlt
SetWindowOrgEx
EndPage
DeleteEnhMetaFile
Chord
SetDIBits
SetViewportOrgEx
CreateRectRgn
RealizePalette
SetDIBColorTable
GetDIBColorTable
CreateBrushIndirect
PatBlt
SetEnhMetaFileBits
Rectangle
SaveDC
DeleteDC
FrameRgn
BitBlt
GetDeviceCaps
GetTextExtentPoint32W
GetClipBox
IntersectClipRect
Polyline
CreateBitmap
SetWinMetaFileBits
GetStretchBltMode
CreateDIBitmap
SetStretchBltMode
GetDIBits
CreateDIBSection
LineTo
GetRgnBox
EnumFontsW
CreateHalftonePalette
SelectObject
DeleteObject
ExtFloodFill
UnrealizeObject
CopyEnhMetaFileW
SetBkColor
CreateCompatibleDC
GetBrushOrgEx
GetCurrentPositionEx
GetTextExtentPointW
ExtTextOutW
SetBrushOrgEx
GetPixel
GdiFlush
SetPixel
EnumFontFamiliesExW
StretchDIBits
GetPaletteEntries

Exports

Exports

TMethodImplementationIntercept
__dbk_fcall_wrapper
dbkFCallWrapperAddr

Sections

.text
Size: 2.9MB - Virtual size: 2.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 35KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 26KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.didata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 154B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: - Virtual size: 92B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 93B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 256KB - Virtual size: 255KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 152KB - Virtual size: 152KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.12.16_TeamCymru-APTC_23_AridViper_GnatSpy/b61fa79c6e8bfcb96f6e2ed4057f5a835a299e9e13e4c6893c3c3309e31cad44
.exe windows:4 windows x64 arch:x64

f60ff7bc2495abc11777f85fbd08fa18

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

GetLastError
SetLastError
GetTickCount
ExitProcess
GetStartupInfoA
GetStdHandle
GetCommandLineA
GetCurrentProcessId
GetCurrentThreadId
GetCurrentProcess
ReadProcessMemory
GetModuleFileNameA
GetModuleHandleA
WriteFile
ReadFile
CloseHandle
SetFilePointer
SetEndOfFile
FreeLibrary
GetSystemInfo
LoadLibraryA
GetProcAddress
DeleteFileW
CreateFileW
GetFileAttributesW
CreateDirectoryW
GetCurrentDirectoryW
GetFullPathNameW
GetConsoleMode
GetConsoleOutputCP
GetOEMCP
GetProcessHeap
HeapAlloc
HeapFree
TlsAlloc
TlsGetValue
TlsSetValue
CreateThread
ExitThread
LocalAlloc
LocalFree
Sleep
SuspendThread
ResumeThread
TerminateThread
WaitForSingleObject
SetThreadPriority
GetThreadPriority
CreateEventA
ResetEvent
SetEvent
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
TryEnterCriticalSection
RaiseException
MultiByteToWideChar
WideCharToMultiByte
GetACP
GetConsoleCP
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
RtlUnwindEx
EnumResourceTypesA
EnumResourceNamesA
EnumResourceLanguagesA
FindResourceA
FindResourceExA
LoadResource
SizeofResource
LockResource
FreeResource
GetEnvironmentStringsA
FreeEnvironmentStringsA
FormatMessageA
GlobalAddAtomA
GetWindowsDirectoryA
DeleteFileA
CopyFileA
CreateProcessA
GetVersionExA
CompareStringA
GetLocaleInfoA
GetDateFormatA
EnumCalendarInfoA
GetEnvironmentStringsW
FreeEnvironmentStringsW
FormatMessageW
LoadLibraryW
GetModuleFileNameW
GetCommandLineW
CompareStringW
GetLocaleInfoW
GlobalAlloc
GlobalReAlloc
GlobalSize
GlobalLock
GlobalUnlock
GetExitCodeProcess
GetExitCodeThread
GlobalDeleteAtom
MulDiv
GetLocalTime
CreatePipe
PeekNamedPipe
GetThreadLocale
SetThreadLocale
GetUserDefaultLCID

oleaut32

SysAllocStringLen
SysFreeString
SysReAllocStringLen
SafeArrayCreate
SafeArrayRedim
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayAccessData
SafeArrayUnaccessData
SafeArrayGetElement
SafeArrayPutElement
SafeArrayPtrOfIndex
VariantChangeTypeEx
VariantClear
VariantCopy
VariantInit

user32

MessageBoxA
CharUpperBuffW
CharLowerBuffW
PeekMessageA
SendMessageA
PostMessageA
DefWindowProcA
CallWindowProcA
RegisterClassA
UnregisterClassA
GetClassInfoA
CreateWindowExA
RegisterClipboardFormatA
GetClipboardFormatNameA
CharToOemA
CharUpperA
CharUpperBuffA
CharLowerA
CharLowerBuffA
GetMenuItemInfoA
SetPropA
GetPropA
RemovePropA
EnumPropsA
GetWindowLongA
SetWindowLongA
SetClassLongPtrA
GetClassNameA
LoadBitmapA
LoadCursorA
LoadIconA
LoadImageA
SystemParametersInfoA
DispatchMessageW
PeekMessageW
SendMessageW
DefWindowProcW
CallWindowProcW
RegisterClassW
UnregisterClassW
GetClassInfoW
CreateWindowExW
InsertMenuItemW
GetMenuItemInfoW
SetMenuItemInfoW
DrawTextW
DrawStateW
SetWindowTextW
GetWindowTextW
GetWindowTextLengthW
MessageBoxW
GetWindowLongPtrW
SetWindowLongPtrW
TranslateMessage
PostQuitMessage
GetDoubleClickTime
IsWindow
IsMenu
DestroyWindow
ShowWindow
ShowWindowAsync
ShowOwnedPopups
SetWindowPos
GetWindowPlacement
SetWindowPlacement
BeginDeferWindowPos
DeferWindowPos
EndDeferWindowPos
IsWindowVisible
IsIconic
BringWindowToTop
IsZoomed
OpenClipboard
CloseClipboard
SetClipboardData
GetClipboardData
CountClipboardFormats
EnumClipboardFormats
EmptyClipboard
IsClipboardFormatAvailable
SetFocus
GetActiveWindow
GetFocus
GetKeyState
GetCapture
SetCapture
ReleaseCapture
MsgWaitForMultipleObjects
SetTimer
KillTimer
EnableWindow
IsWindowEnabled
GetSystemMetrics
GetMenu
SetMenu
DrawMenuBar
GetSystemMenu
CreateMenu
CreatePopupMenu
DestroyMenu
EnableMenuItem
GetSubMenu
GetMenuItemCount
RemoveMenu
DeleteMenu
UpdateWindow
SetActiveWindow
GetForegroundWindow
SetForegroundWindow
WindowFromDC
GetDC
GetDCEx
GetWindowDC
ReleaseDC
BeginPaint
EndPaint
GetUpdateRect
SetWindowRgn
InvalidateRect
InvalidateRgn
RedrawWindow
ScrollWindowEx
ShowScrollBar
EnableScrollBar
GetClientRect
GetWindowRect
AdjustWindowRectEx
MessageBeep
SetCursorPos
SetCursor
GetCursorPos
CreateCaret
DestroyCaret
HideCaret
ShowCaret
SetCaretPos
GetCaretPos
ClientToScreen
ScreenToClient
MapWindowPoints
WindowFromPoint
GetSysColor
GetSysColorBrush
SetSysColors
DrawFocusRect
FillRect
FrameRect
SetRect
InflateRect
IntersectRect
OffsetRect
GetDesktopWindow
GetParent
SetParent
EnumThreadWindows
GetTopWindow
GetWindowThreadProcessId
GetLastActivePopup
GetWindow
CallNextHookEx
DestroyCursor
DestroyIcon
CopyImage
CreateIconIndirect
GetIconInfo
SetScrollInfo
GetScrollInfo
DrawEdge
DrawFrameControl
TrackPopupMenuEx
ChildWindowFromPointEx
FlashWindowEx

advapi32

RegCreateKeyExA
RegOpenKeyExA
RegSetValueExA
RegCloseKey
RegFlushKey

gdi32

CreateFontIndirectA
EnumFontFamiliesA
GetCharABCWidthsA
GetTextExtentPointA
GetTextMetricsA
GetObjectA
ExtTextOutA
CreateFontIndirectW
EnumFontFamiliesExW
GetCharABCWidthsW
GetTextExtentPoint32W
GetTextExtentExPointW
GetObjectW
TextOutW
ExtTextOutW
GetRandomRgn
Arc
BitBlt
Chord
CombineRgn
CreateBitmap
CreateBrushIndirect
CreateCompatibleBitmap
CreateCompatibleDC
CreateDIBitmap
CreateEllipticRgn
CreatePen
CreatePenIndirect
CreatePatternBrush
CreateRectRgn
CreateRoundRectRgn
CreateSolidBrush
DeleteDC
DeleteObject
Ellipse
EqualRgn
ExcludeClipRect
ExtCreateRegion
ExtFloodFill
FillRgn
GetROP2
GetBkColor
GetBitmapBits
GetClipBox
GetClipRgn
GetCurrentObject
GetDeviceCaps
GetDIBits
GetMapMode
GetObjectType
GetPixel
GetRegionData
GetRgnBox
GetStockObject
GetTextAlign
GetTextColor
GetViewportExtEx
GetViewportOrgEx
GetWindowExtEx
GetWindowOrgEx
IntersectClipRect
LineTo
MaskBlt
OffsetRgn
PatBlt
Pie
PaintRgn
PtInRegion
RectInRegion
RectVisible
Rectangle
RestoreDC
RealizePalette
RoundRect
SaveDC
SelectClipRgn
ExtSelectClipRgn
SelectObject
SelectPalette
SetBkColor
SetBkMode
SetMapMode
SetPixel
SetPolyFillMode
StretchBlt
SetRectRgn
SetROP2
SetStretchBltMode
SetTextCharacterExtra
SetTextColor
SetTextAlign
CreateDIBSection
SetArcDirection
ExtCreatePen
MoveToEx
CreatePolygonRgn
DPtoLP
LPtoDP
Polygon
Polyline
PolyBezier
SetViewportExtEx
SetViewportOrgEx
SetWindowExtEx
SetWindowOrgEx
OffsetViewportOrgEx
SetBrushOrgEx
GetDCOrgEx

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

shell32

DragQueryFileA
ShellExecuteA
DragQueryFileW
DragFinish
DragAcceptFiles
SHGetSpecialFolderLocation
SHGetPathFromIDListA

ole32

OleInitialize
OleUninitialize
CoUninitialize
CoCreateInstance
CLSIDFromProgID
CoInitialize
MkParseDisplayName
CreateBindCtx
GetErrorInfo

comctl32

InitCommonControls
ImageList_Create
ImageList_Destroy
ImageList_GetImageCount
ImageList_SetImageCount
ImageList_Add
ImageList_Replace
ImageList_AddMasked
ImageList_DrawEx
ImageList_DrawIndirect
ImageList_Remove
ImageList_Copy
ImageList_BeginDrag
ImageList_EndDrag
ImageList_DragEnter
ImageList_DragLeave
ImageList_DragMove
ImageList_DragShowNolock
_TrackMouseEvent

ws2_32

closesocket
connect
getsockopt
recv
send
setsockopt
shutdown
socket
WSAStartup
WSACleanup
WSAGetLastError

wsock32

gethostbyaddr
gethostbyname
WSAStartup

Sections

.text
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 123KB - Virtual size: 123KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 715KB - Virtual size: 714KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 123KB - Virtual size: 123KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 27KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 40B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 416KB - Virtual size: 416KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Malware-Feed-master/2020.12.16_TeamCymru-APTC_23_AridViper_GnatSpy/d08e7464fa8650e669012056548383fbadcd29a093a28eb7d0c2ba4e9036eb07
.exe windows:4 windows x86 arch:x86

71b0b46f2c41173f6ab779a154efe354

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

GetLastError
SetLastError
GetTickCount
ExitProcess
GetStartupInfoA
GetStdHandle
GetCommandLineA
GetCurrentProcessId
GetCurrentThreadId
GetCurrentProcess
ReadProcessMemory
GetModuleFileNameA
GetModuleHandleA
WriteFile
ReadFile
CloseHandle
SetFilePointer
SetEndOfFile
FreeLibrary
GetSystemInfo
LoadLibraryA
GetProcAddress
DeleteFileW
CreateFileW
GetFileAttributesW
CreateDirectoryW
SetCurrentDirectoryW
GetCurrentDirectoryW
GetConsoleMode
GetConsoleOutputCP
GetOEMCP
GetProcessHeap
HeapAlloc
HeapFree
TlsAlloc
TlsGetValue
TlsSetValue
CreateThread
ExitThread
LocalAlloc
LocalFree
Sleep
SuspendThread
ResumeThread
TerminateThread
WaitForSingleObject
SetThreadPriority
GetThreadPriority
CreateEventA
ResetEvent
SetEvent
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
TryEnterCriticalSection
MultiByteToWideChar
WideCharToMultiByte
GetACP
GetConsoleCP
SetUnhandledExceptionFilter
EnumResourceTypesA
EnumResourceNamesA
EnumResourceLanguagesA
FindResourceA
FindResourceExA
LoadResource
SizeofResource
LockResource
FreeResource
GetEnvironmentStringsA
FreeEnvironmentStringsA
FormatMessageA
CreateMutexA
GlobalAddAtomA
GetWindowsDirectoryA
DeleteFileA
CopyFileA
CreateProcessA
GetVersionExA
CompareStringA
GetLocaleInfoA
GetDateFormatA
EnumCalendarInfoA
GetEnvironmentStringsW
FreeEnvironmentStringsW
FormatMessageW
LoadLibraryW
GetModuleFileNameW
GetCommandLineW
CompareStringW
GetLocaleInfoW
GlobalAlloc
GlobalReAlloc
GlobalSize
GlobalLock
GlobalUnlock
VirtualFree
GetExitCodeProcess
GetExitCodeThread
GlobalDeleteAtom
MulDiv
GetLocalTime
CreatePipe
PeekNamedPipe
GetThreadLocale
SetThreadLocale
GetUserDefaultLCID

oleaut32

SysAllocStringLen
SysFreeString
SysReAllocStringLen
SafeArrayCreate
SafeArrayRedim
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayAccessData
SafeArrayUnaccessData
SafeArrayGetElement
SafeArrayPutElement
SafeArrayPtrOfIndex
VariantChangeTypeEx
VariantClear
VariantCopy
VariantInit

user32

MessageBoxA
CharUpperBuffW
CharLowerBuffW
PeekMessageA
SendMessageA
PostMessageA
DefWindowProcA
CallWindowProcA
RegisterClassA
UnregisterClassA
GetClassInfoA
CreateWindowExA
RegisterClipboardFormatA
GetClipboardFormatNameA
CharToOemA
CharUpperA
CharUpperBuffA
CharLowerA
CharLowerBuffA
GetMenuItemInfoA
SetPropA
GetPropA
RemovePropA
EnumPropsA
GetWindowLongA
SetWindowLongA
SetClassLongA
GetClassNameA
LoadBitmapA
LoadCursorA
LoadIconA
LoadImageA
SystemParametersInfoA
DispatchMessageW
PeekMessageW
SendMessageW
DefWindowProcW
CallWindowProcW
RegisterClassW
UnregisterClassW
GetClassInfoW
CreateWindowExW
InsertMenuItemW
GetMenuItemInfoW
SetMenuItemInfoW
DrawTextW
DrawStateW
SetWindowTextW
GetWindowTextW
GetWindowTextLengthW
MessageBoxW
GetWindowLongW
SetWindowLongW
TranslateMessage
PostQuitMessage
GetDoubleClickTime
IsWindow
IsMenu
DestroyWindow
ShowWindow
ShowWindowAsync
ShowOwnedPopups
SetWindowPos
GetWindowPlacement
SetWindowPlacement
BeginDeferWindowPos
DeferWindowPos
EndDeferWindowPos
IsWindowVisible
IsIconic
BringWindowToTop
IsZoomed
OpenClipboard
CloseClipboard
SetClipboardData
GetClipboardData
CountClipboardFormats
EnumClipboardFormats
EmptyClipboard
IsClipboardFormatAvailable
SetFocus
GetActiveWindow
GetFocus
GetKeyState
GetCapture
SetCapture
ReleaseCapture
MsgWaitForMultipleObjects
SetTimer
KillTimer
EnableWindow
IsWindowEnabled
GetSystemMetrics
GetMenu
SetMenu
DrawMenuBar
GetSystemMenu
CreateMenu
CreatePopupMenu
DestroyMenu
EnableMenuItem
GetSubMenu
GetMenuItemCount
RemoveMenu
DeleteMenu
UpdateWindow
SetActiveWindow
GetForegroundWindow
SetForegroundWindow
WindowFromDC
GetDC
GetDCEx
GetWindowDC
ReleaseDC
BeginPaint
EndPaint
GetUpdateRect
SetWindowRgn
InvalidateRect
InvalidateRgn
RedrawWindow
ScrollWindowEx
ShowScrollBar
EnableScrollBar
GetClientRect
GetWindowRect
AdjustWindowRectEx
MessageBeep
SetCursorPos
SetCursor
GetCursorPos
CreateCaret
DestroyCaret
HideCaret
ShowCaret
SetCaretPos
GetCaretPos
ClientToScreen
ScreenToClient
MapWindowPoints
WindowFromPoint
GetSysColor
GetSysColorBrush
SetSysColors
DrawFocusRect
FillRect
FrameRect
SetRect
InflateRect
IntersectRect
OffsetRect
GetDesktopWindow
GetParent
SetParent
EnumThreadWindows
GetTopWindow
GetWindowThreadProcessId
GetLastActivePopup
GetWindow
CallNextHookEx
DestroyCursor
DestroyIcon
CopyImage
CreateIconIndirect
GetIconInfo
SetScrollInfo
GetScrollInfo
DrawEdge
DrawFrameControl
TrackPopupMenuEx
ChildWindowFromPointEx
FlashWindowEx

advapi32

RegCreateKeyExA
RegOpenKeyExA
RegSetValueExA
RegCloseKey
RegFlushKey

gdi32

CreateFontIndirectA
EnumFontFamiliesA
GetCharABCWidthsA
GetTextExtentPointA
GetTextMetricsA
GetObjectA
ExtTextOutA
CreateFontIndirectW
EnumFontFamiliesExW
GetCharABCWidthsW
GetTextExtentPoint32W
GetTextExtentExPointW
GetObjectW
TextOutW
ExtTextOutW
GetRandomRgn
Arc
BitBlt
Chord
CombineRgn
CreateBitmap
CreateBrushIndirect
CreateCompatibleBitmap
CreateCompatibleDC
CreateDIBitmap
CreateEllipticRgn
CreatePen
CreatePenIndirect
CreatePatternBrush
CreateRectRgn
CreateRoundRectRgn
CreateSolidBrush
DeleteDC
DeleteObject
Ellipse
EqualRgn
ExcludeClipRect
ExtCreateRegion
ExtFloodFill
FillRgn
GetROP2
GetBkColor
GetBitmapBits
GetClipBox
GetClipRgn
GetCurrentObject
GetDeviceCaps
GetDIBits
GetMapMode
GetObjectType
GetPixel
GetRegionData
GetRgnBox
GetStockObject
GetTextAlign
GetTextColor
GetViewportExtEx
GetViewportOrgEx
GetWindowExtEx
GetWindowOrgEx
IntersectClipRect
LineTo
MaskBlt
OffsetRgn
PatBlt
Pie
PaintRgn
PtInRegion
RectInRegion
RectVisible
Rectangle
RestoreDC
RealizePalette
RoundRect
SaveDC
SelectClipRgn
ExtSelectClipRgn
SelectObject
SelectPalette
SetBkColor
SetBkMode
SetMapMode
SetPixel
SetPolyFillMode
StretchBlt
SetRectRgn
SetROP2
SetStretchBltMode
SetTextCharacterExtra
SetTextColor
SetTextAlign
CreateDIBSection
SetArcDirection
ExtCreatePen
MoveToEx
CreatePolygonRgn
DPtoLP
LPtoDP
Polygon
Polyline
PolyBezier
SetViewportExtEx
SetViewportOrgEx
SetWindowExtEx
SetWindowOrgEx
OffsetViewportOrgEx
SetBrushOrgEx
GetDCOrgEx

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

shell32

DragQueryFileA
ShellExecuteA
DragQueryFileW
DragFinish
DragAcceptFiles
SHGetSpecialFolderLocation
SHGetPathFromIDListA

ole32

OleInitialize
OleUninitialize
CoUninitialize
CoCreateInstance
CLSIDFromProgID
CoInitialize
MkParseDisplayName
CreateBindCtx
GetErrorInfo

comctl32

InitCommonControls
ImageList_Create
ImageList_Destroy
ImageList_GetImageCount
ImageList_SetImageCount
ImageList_Add
ImageList_Replace
ImageList_AddMasked
ImageList_DrawEx
ImageList_DrawIndirect
ImageList_Remove
ImageList_Copy
ImageList_BeginDrag
ImageList_EndDrag
ImageList_DragEnter
ImageList_DragLeave
ImageList_DragMove
ImageList_DragShowNolock
_TrackMouseEvent

ws2_32

closesocket
connect
getsockopt
recv
send
setsockopt
shutdown
socket
WSAStartup
WSACleanup
WSAGetLastError

wsock32

gethostbyaddr
gethostbyname
WSAStartup

Sections

.text
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 112KB - Virtual size: 111KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 351KB - Virtual size: 351KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 25KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 120KB - Virtual size: 120KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Malware-Feed-master/2020.12.16_TeamCymru-APTC_23_AridViper_GnatSpy/db1c2482063299ba5b1d5001a4e69e59f6cc91b64d24135c296ec194b2cab57a
.exe windows:4 windows x86 arch:x86

b40873b72993aaf176a81e1bad6757b9

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

GetLastError
SetLastError
GetTickCount
ExitProcess
GetStartupInfoA
GetStdHandle
GetCommandLineA
GetCurrentProcessId
GetCurrentThreadId
GetCurrentProcess
ReadProcessMemory
GetModuleFileNameA
GetModuleHandleA
WriteFile
ReadFile
CloseHandle
SetFilePointer
SetEndOfFile
FreeLibrary
GetSystemInfo
LoadLibraryA
GetProcAddress
DeleteFileW
CreateFileW
GetFileAttributesW
CreateDirectoryW
SetCurrentDirectoryW
GetCurrentDirectoryW
GetConsoleMode
GetConsoleOutputCP
GetOEMCP
GetProcessHeap
HeapAlloc
HeapFree
TlsAlloc
TlsGetValue
TlsSetValue
CreateThread
ExitThread
LocalAlloc
LocalFree
Sleep
SuspendThread
ResumeThread
TerminateThread
WaitForSingleObject
SetThreadPriority
GetThreadPriority
CreateEventA
ResetEvent
SetEvent
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
TryEnterCriticalSection
MultiByteToWideChar
WideCharToMultiByte
GetACP
GetConsoleCP
SetUnhandledExceptionFilter
EnumResourceTypesA
EnumResourceNamesA
EnumResourceLanguagesA
FindResourceA
FindResourceExA
LoadResource
SizeofResource
LockResource
FreeResource
GetEnvironmentStringsA
FreeEnvironmentStringsA
FormatMessageA
GlobalAddAtomA
GetWindowsDirectoryA
GetDiskFreeSpaceA
SetFileAttributesA
GetFileAttributesExA
CopyFileA
CreateProcessA
GetVersionExA
CompareStringA
GetLocaleInfoA
GetDateFormatA
EnumCalendarInfoA
GetEnvironmentStringsW
FreeEnvironmentStringsW
FormatMessageW
LoadLibraryW
GetModuleFileNameW
GetCommandLineW
SetFileAttributesW
FindFirstFileW
FindNextFileW
CompareStringW
GetLocaleInfoW
GlobalAlloc
GlobalReAlloc
GlobalSize
GlobalLock
GlobalUnlock
VirtualFree
TerminateProcess
GetExitCodeProcess
GetExitCodeThread
GlobalDeleteAtom
FindClose
SetFileTime
DuplicateHandle
MulDiv
GetLocalTime
SystemTimeToTzSpecificLocalTime
FileTimeToLocalFileTime
LocalFileTimeToFileTime
FileTimeToSystemTime
FileTimeToDosDateTime
DosDateTimeToFileTime
CreatePipe
PeekNamedPipe
GetThreadLocale
SetThreadLocale
GetUserDefaultLCID
GetSystemPowerStatus
GlobalMemoryStatusEx

oleaut32

SysAllocStringLen
SysFreeString
SysReAllocStringLen
SafeArrayCreate
SafeArrayRedim
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayAccessData
SafeArrayUnaccessData
SafeArrayGetElement
SafeArrayPutElement
SafeArrayPtrOfIndex
VariantChangeTypeEx
VariantClear
VariantCopy
VariantInit

user32

MessageBoxA
CharUpperBuffW
CharLowerBuffW
GetLastInputInfo
PeekMessageA
SendMessageA
PostMessageA
DefWindowProcA
CallWindowProcA
RegisterClassA
UnregisterClassA
GetClassInfoA
CreateWindowExA
RegisterClipboardFormatA
GetClipboardFormatNameA
CharToOemA
CharUpperA
CharUpperBuffA
CharLowerA
CharLowerBuffA
GetMenuItemInfoA
SetPropA
GetPropA
RemovePropA
EnumPropsA
GetWindowLongA
SetWindowLongA
SetClassLongA
GetClassNameA
LoadBitmapA
LoadCursorA
LoadIconA
LoadImageA
SystemParametersInfoA
DispatchMessageW
PeekMessageW
SendMessageW
DefWindowProcW
CallWindowProcW
RegisterClassW
UnregisterClassW
GetClassInfoW
CreateWindowExW
InsertMenuItemW
GetMenuItemInfoW
SetMenuItemInfoW
DrawTextW
DrawStateW
SetWindowTextW
GetWindowTextW
GetWindowTextLengthW
MessageBoxW
GetWindowLongW
SetWindowLongW
GetKeyboardLayout
TranslateMessage
PostQuitMessage
GetDoubleClickTime
IsWindow
IsMenu
DestroyWindow
ShowWindow
ShowWindowAsync
ShowOwnedPopups
SetWindowPos
GetWindowPlacement
SetWindowPlacement
BeginDeferWindowPos
DeferWindowPos
EndDeferWindowPos
IsWindowVisible
IsIconic
BringWindowToTop
IsZoomed
OpenClipboard
CloseClipboard
SetClipboardData
GetClipboardData
CountClipboardFormats
EnumClipboardFormats
EmptyClipboard
IsClipboardFormatAvailable
SetFocus
GetActiveWindow
GetFocus
GetKeyState
GetAsyncKeyState
GetKeyboardState
GetCapture
SetCapture
ReleaseCapture
MsgWaitForMultipleObjects
SetTimer
KillTimer
EnableWindow
IsWindowEnabled
GetSystemMetrics
GetMenu
SetMenu
DrawMenuBar
GetSystemMenu
CreateMenu
CreatePopupMenu
DestroyMenu
EnableMenuItem
GetSubMenu
GetMenuItemCount
RemoveMenu
DeleteMenu
UpdateWindow
SetActiveWindow
GetForegroundWindow
SetForegroundWindow
WindowFromDC
GetDC
GetDCEx
GetWindowDC
ReleaseDC
BeginPaint
EndPaint
GetUpdateRect
SetWindowRgn
InvalidateRect
InvalidateRgn
RedrawWindow
ScrollWindowEx
ShowScrollBar
EnableScrollBar
GetClientRect
GetWindowRect
AdjustWindowRectEx
MessageBeep
SetCursorPos
SetCursor
GetCursorPos
CreateCaret
DestroyCaret
HideCaret
ShowCaret
SetCaretPos
GetCaretPos
ClientToScreen
ScreenToClient
MapWindowPoints
WindowFromPoint
GetSysColor
GetSysColorBrush
SetSysColors
DrawFocusRect
FillRect
FrameRect
SetRect
InflateRect
IntersectRect
OffsetRect
GetDesktopWindow
GetParent
SetParent
EnumThreadWindows
GetTopWindow
GetWindowThreadProcessId
GetLastActivePopup
GetWindow
CallNextHookEx
DestroyCursor
DestroyIcon
CopyImage
CreateIconIndirect
GetIconInfo
SetScrollInfo
GetScrollInfo
DrawEdge
DrawFrameControl
TrackPopupMenuEx
ChildWindowFromPointEx
FlashWindowEx

advapi32

RegCreateKeyExA
RegDeleteValueA
RegOpenKeyExA
RegSetValueExA
RegCloseKey
RegFlushKey

gdi32

CreateFontIndirectA
EnumFontFamiliesA
GetCharABCWidthsA
GetTextExtentPointA
GetTextMetricsA
GetObjectA
ExtTextOutA
CreateFontIndirectW
EnumFontFamiliesExW
GetCharABCWidthsW
GetTextExtentPoint32W
GetTextExtentExPointW
GetObjectW
TextOutW
ExtTextOutW
GetRandomRgn
Arc
BitBlt
Chord
CombineRgn
CreateBitmap
CreateBrushIndirect
CreateCompatibleBitmap
CreateCompatibleDC
CreateDIBitmap
CreateEllipticRgn
CreatePen
CreatePenIndirect
CreatePatternBrush
CreateRectRgn
CreateRoundRectRgn
CreateSolidBrush
DeleteDC
DeleteObject
Ellipse
EqualRgn
ExcludeClipRect
ExtCreateRegion
ExtFloodFill
FillRgn
GetROP2
GetBkColor
GetBitmapBits
GetClipBox
GetClipRgn
GetCurrentObject
GetDeviceCaps
GetDIBits
GetMapMode
GetObjectType
GetPixel
GetRegionData
GetRgnBox
GetStockObject
GetTextAlign
GetTextColor
GetViewportExtEx
GetViewportOrgEx
GetWindowExtEx
GetWindowOrgEx
IntersectClipRect
LineTo
MaskBlt
OffsetRgn
PatBlt
Pie
PaintRgn
PtInRegion
RectInRegion
RectVisible
Rectangle
RestoreDC
RealizePalette
RoundRect
SaveDC
SelectClipRgn
ExtSelectClipRgn
SelectObject
SelectPalette
SetBkColor
SetBkMode
SetMapMode
SetPixel
SetPolyFillMode
StretchBlt
SetRectRgn
SetROP2
SetStretchBltMode
SetTextCharacterExtra
SetTextColor
SetTextAlign
CreateDIBSection
SetArcDirection
ExtCreatePen
MoveToEx
CreatePolygonRgn
DPtoLP
LPtoDP
Polygon
Polyline
PolyBezier
SetViewportExtEx
SetViewportOrgEx
SetWindowExtEx
SetWindowOrgEx
OffsetViewportOrgEx
SetBrushOrgEx
GetDCOrgEx

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

shell32

DragQueryFileA
ShellExecuteA
DragQueryFileW
DragFinish
DragAcceptFiles
SHGetSpecialFolderLocation
SHGetPathFromIDListA

ole32

OleInitialize
OleUninitialize
CoUninitialize
CoCreateInstance
CLSIDFromProgID
CoInitialize
MkParseDisplayName
CreateBindCtx
GetErrorInfo

comctl32

InitCommonControls
ImageList_Create
ImageList_Destroy
ImageList_GetImageCount
ImageList_SetImageCount
ImageList_Add
ImageList_Replace
ImageList_AddMasked
ImageList_DrawEx
ImageList_DrawIndirect
ImageList_Remove
ImageList_Copy
ImageList_BeginDrag
ImageList_EndDrag
ImageList_DragEnter
ImageList_DragLeave
ImageList_DragMove
ImageList_DragShowNolock
_TrackMouseEvent

ws2_32

closesocket
connect
getsockopt
recv
send
setsockopt
shutdown
socket
WSAStartup
WSACleanup
WSAGetLastError

wsock32

gethostbyaddr
gethostbyname
WSAStartup

crypt32

CryptUnprotectData

winmm

mciSendStringA
waveInGetNumDevs
waveInGetDevCapsA

Sections

.text
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 113KB - Virtual size: 113KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 391KB - Virtual size: 391KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 26KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2.9MB - Virtual size: 2.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Malware-Feed-master/2020.12.16_TeamCymru-APTC_23_AridViper_GnatSpy/e67d6094dd5fa5ad678a36a020225c83adf97ac995c23893ffcc476f7d1f8481
.exe windows:5 windows x86 arch:x86

e749d312b7dfacb474af5104671357d6

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

winmm

mciSendStringW
waveOutGetNumDevs

winspool.drv

DocumentPropertiesW
ClosePrinter
OpenPrinterW
GetDefaultPrinterW
EnumPrintersW

comctl32

ImageList_GetImageInfo
FlatSB_SetScrollInfo
InitCommonControls
ImageList_DragMove
ImageList_Destroy
_TrackMouseEvent
ImageList_DragShowNolock
ImageList_Add
FlatSB_SetScrollProp
ImageList_GetDragImage
ImageList_Create
ImageList_EndDrag
ImageList_DrawEx
ImageList_SetImageCount
FlatSB_GetScrollPos
FlatSB_SetScrollPos
InitializeFlatSB
ImageList_Copy
FlatSB_GetScrollInfo
ImageList_Write
ImageList_SetBkColor
ImageList_GetBkColor
ImageList_BeginDrag
ImageList_GetIcon
ImageList_Replace
ImageList_GetImageCount
ImageList_DragEnter
ImageList_GetIconSize
ImageList_SetIconSize
ImageList_Read
ImageList_DragLeave
ImageList_LoadImageW
ImageList_Draw
ImageList_Remove
ImageList_ReplaceIcon
ImageList_SetOverlayImage

shell32

SHGetFolderPathW
Shell_NotifyIconW
ShellExecuteW

user32

CopyImage
CreateWindowExW
GetMenuItemInfoW
SetMenuItemInfoW
DefFrameProcW
GetDCEx
PeekMessageW
MonitorFromWindow
GetDlgCtrlID
RegisterDeviceNotificationW
SetTimer
WindowFromPoint
BeginPaint
RegisterClipboardFormatW
FrameRect
MapVirtualKeyW
IsWindowUnicode
RegisterWindowMessageW
FillRect
GetMenuStringW
DispatchMessageW
CreateAcceleratorTableW
SendMessageA
IsClipboardFormatAvailable
DefMDIChildProcW
EnumWindows
GetClassInfoW
GetClassInfoExW
ShowOwnedPopups
GetSystemMenu
GetScrollRange
GetScrollPos
SetScrollPos
GetActiveWindow
SetActiveWindow
DrawEdge
GetKeyboardLayoutList
LoadBitmapW
DrawFocusRect
EnumChildWindows
GetScrollBarInfo
ReleaseCapture
UnhookWindowsHookEx
LoadCursorW
GetCapture
SetCapture
CreatePopupMenu
ScrollWindow
ShowCaret
GetMenuItemID
GetLastActivePopup
CharLowerBuffW
GetSystemMetrics
SetWindowLongW
PostMessageW
DrawMenuBar
SetParent
IsZoomed
CharUpperBuffW
GetClientRect
IsChild
ClientToScreen
GetClipboardData
SetClipboardData
SetWindowPlacement
IsIconic
CallNextHookEx
GetMonitorInfoW
ShowWindow
CheckMenuItem
CharUpperW
DefWindowProcW
GetAsyncKeyState
GetForegroundWindow
SetForegroundWindow
GetWindowTextW
GetWindowTextLengthW
EnableWindow
DestroyWindow
IsDialogMessageW
EndMenu
RegisterClassW
CharNextW
GetWindowThreadProcessId
RedrawWindow
GetDC
GetFocus
SetFocus
EndPaint
ReleaseDC
MsgWaitForMultipleObjectsEx
LoadKeyboardLayoutW
GetClassLongW
ActivateKeyboardLayout
GetParent
DrawTextW
SetScrollRange
MonitorFromRect
InsertMenuItemW
PeekMessageA
GetPropW
SetClassLongW
MessageBoxW
MessageBeep
SetPropW
RemovePropW
UpdateWindow
GetSubMenu
MsgWaitForMultipleObjects
DestroyMenu
DestroyIcon
SetWindowsHookExW
EmptyClipboard
IsWindowVisible
DispatchMessageA
UnregisterClassW
GetTopWindow
SendMessageW
AdjustWindowRectEx
DrawIcon
IsWindow
EnumThreadWindows
InvalidateRect
GetKeyboardState
DrawFrameControl
ScreenToClient
SetCursor
CreateIcon
CreateMenu
LoadStringW
CharLowerW
SetWindowRgn
SetWindowPos
GetMenuItemCount
RemoveMenu
GetSysColorBrush
GetKeyboardLayoutNameW
GetWindowDC
TranslateMessage
OpenClipboard
DrawTextExW
MapWindowPoints
EnumDisplayMonitors
CallWindowProcW
CountClipboardFormats
CloseClipboard
DestroyCursor
EnumClipboardFormats
GetScrollInfo
SetWindowTextW
GetMessageExtraInfo
EnableScrollBar
GetSysColor
TrackPopupMenu
CopyIcon
DrawIconEx
PostQuitMessage
GetClassNameW
ShowScrollBar
EnableMenuItem
GetIconInfo
GetMessagePos
SetScrollInfo
GetKeyNameTextW
GetDesktopWindow
GetCursorPos
SetCursorPos
HideCaret
GetMenu
GetMenuState
SetMenu
SetRect
GetKeyState
FindWindowExW
MonitorFromPoint
SystemParametersInfoW
LoadIconW
GetCursor
GetWindow
GetWindowLongW
GetWindowRect
InsertMenuW
KillTimer
WaitMessage
IsWindowEnabled
IsDialogMessageA
TranslateMDISysAccel
GetWindowPlacement
FindWindowW
DeleteMenu
GetKeyboardLayout

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

oleaut32

SysFreeString
VariantClear
VariantInit
GetErrorInfo
SysReAllocStringLen
SafeArrayCreate
SysAllocStringLen
SafeArrayPtrOfIndex
SafeArrayGetUBound
SafeArrayGetLBound
VariantCopy
VariantChangeType

advapi32

RegSetValueExW
RegConnectRegistryW
RegEnumKeyExW
RegLoadKeyW
RegDeleteKeyW
RegOpenKeyExW
RegQueryInfoKeyW
RegUnLoadKeyW
RegSaveKeyW
RegDeleteValueW
RegReplaceKeyW
RegFlushKey
RegQueryValueExW
RegEnumValueW
RegCloseKey
RegCreateKeyExW
RegRestoreKeyW

netapi32

NetWkstaGetInfo
NetApiBufferFree

msvcrt

memcpy
memset

winhttp

WinHttpGetIEProxyConfigForCurrentUser
WinHttpSetTimeouts
WinHttpConnect
WinHttpReceiveResponse
WinHttpQueryAuthSchemes
WinHttpGetProxyForUrl
WinHttpReadData
WinHttpCloseHandle
WinHttpQueryHeaders
WinHttpOpenRequest
WinHttpAddRequestHeaders
WinHttpOpen
WinHttpWriteData
WinHttpSetCredentials
WinHttpQueryDataAvailable
WinHttpSetOption
WinHttpSendRequest
WinHttpQueryOption

kernel32

SetFileAttributesW
GetACP
LocalFree
CloseHandle
GetCurrentProcessId
SizeofResource
VirtualProtect
TerminateThread
QueryPerformanceFrequency
IsDebuggerPresent
FindNextFileW
GetFullPathNameW
VirtualFree
ExitProcess
HeapAlloc
GetCPInfoExW
GlobalSize
RtlUnwind
GetCPInfo
EnumSystemLocalesW
GetStdHandle
GetTimeZoneInformation
FileTimeToLocalFileTime
SystemTimeToTzSpecificLocalTime
GetModuleHandleW
FreeLibrary
TryEnterCriticalSection
HeapDestroy
FileTimeToDosDateTime
ReadFile
CreateProcessW
HeapSize
GetLastError
GetModuleFileNameW
SetLastError
GlobalAlloc
GlobalUnlock
FindResourceW
CreateThread
CompareStringW
CreateMutexW
LoadLibraryA
ResetEvent
MulDiv
FreeResource
GetVersion
RaiseException
GlobalAddAtomW
FormatMessageW
SwitchToThread
GetExitCodeThread
OutputDebugStringW
GetCurrentThread
GetFileAttributesExW
LoadLibraryExW
LockResource
FileTimeToSystemTime
GetCurrentThreadId
UnhandledExceptionFilter
VirtualQuery
GlobalFindAtomW
VirtualQueryEx
GlobalFree
Sleep
EnterCriticalSection
SetFilePointer
LoadResource
SuspendThread
GetTickCount
GetStartupInfoW
GlobalDeleteAtom
GetFileAttributesW
InitializeCriticalSection
GetThreadPriority
GetCurrentProcess
SetThreadPriority
GlobalLock
VirtualAlloc
GetSystemInfo
GetCommandLineW
LeaveCriticalSection
GetProcAddress
ResumeThread
WinExec
GetVersionExW
VerifyVersionInfoW
HeapCreate
LCMapStringW
GetDiskFreeSpaceW
VerSetConditionMask
FindFirstFileW
GetUserDefaultUILanguage
lstrlenW
QueryPerformanceCounter
SetEndOfFile
lstrcmpW
HeapFree
WideCharToMultiByte
FindClose
MultiByteToWideChar
LoadLibraryW
SetEvent
CreateFileW
GetLocaleInfoW
EnumResourceNamesW
DeleteFileW
GetEnvironmentVariableW
GetLocalTime
WaitForSingleObject
WriteFile
ExitThread
CreatePipe
DeleteCriticalSection
GetDateFormatW
TlsGetValue
SetErrorMode
IsValidLocale
TlsSetValue
CreateDirectoryW
GetSystemDefaultUILanguage
EnumCalendarInfoW
LocalAlloc
RemoveDirectoryW
CreateEventW
WaitForMultipleObjectsEx
GetThreadLocale
SetThreadLocale

ole32

IsEqualGUID
OleInitialize
CLSIDFromProgID
OleUninitialize
CoInitialize
CoCreateInstance
CoUninitialize
CoTaskMemFree
CoTaskMemAlloc

gdi32

Pie
SetBkMode
CreateCompatibleBitmap
GetEnhMetaFileHeader
RectVisible
AngleArc
SetAbortProc
SetTextColor
StretchBlt
RoundRect
RestoreDC
SetRectRgn
GetTextMetricsW
GetWindowOrgEx
CreatePalette
PolyBezierTo
CreateICW
CreateDCW
GetStockObject
CreateSolidBrush
Polygon
MoveToEx
PlayEnhMetaFile
Ellipse
StartPage
GetBitmapBits
StartDocW
GetSystemPaletteEntries
GetEnhMetaFileBits
AbortDoc
GetEnhMetaFilePaletteEntries
CreatePenIndirect
CreateFontIndirectW
PolyBezier
EndDoc
GetObjectW
GetWinMetaFileBits
SetROP2
GetEnhMetaFileDescriptionW
ArcTo
Arc
SelectPalette
ExcludeClipRect
MaskBlt
SetWindowOrgEx
EndPage
DeleteEnhMetaFile
Chord
SetDIBits
SetViewportOrgEx
CreateRectRgn
RealizePalette
SetDIBColorTable
GetDIBColorTable
CreateBrushIndirect
PatBlt
SetEnhMetaFileBits
Rectangle
SaveDC
DeleteDC
FrameRgn
BitBlt
GetDeviceCaps
GetTextExtentPoint32W
GetClipBox
IntersectClipRect
Polyline
CreateBitmap
SetWinMetaFileBits
GetStretchBltMode
CreateDIBitmap
SetStretchBltMode
GetDIBits
CreateDIBSection
LineTo
GetRgnBox
EnumFontsW
CreateHalftonePalette
SelectObject
DeleteObject
ExtFloodFill
UnrealizeObject
CopyEnhMetaFileW
SetBkColor
CreateCompatibleDC
GetBrushOrgEx
GetCurrentPositionEx
GetTextExtentPointW
ExtTextOutW
SetBrushOrgEx
GetPixel
GdiFlush
SetPixel
EnumFontFamiliesExW
StretchDIBits
GetPaletteEntries

Exports

Exports

TMethodImplementationIntercept
__dbk_fcall_wrapper
dbkFCallWrapperAddr

Sections

.text
Size: 2.8MB - Virtual size: 2.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 35KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 24KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.didata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 160B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: - Virtual size: 80B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 93B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 245KB - Virtual size: 244KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 696KB - Virtual size: 696KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.12.16_TeamCymru-APTC_23_AridViper_GnatSpy/e869c7f981256ddb7aa1c187a081c46fed541722fa5668a7d90ff8d6b81c1db6
.exe windows:4 windows x64 arch:x64

f60ff7bc2495abc11777f85fbd08fa18

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

GetLastError
SetLastError
GetTickCount
ExitProcess
GetStartupInfoA
GetStdHandle
GetCommandLineA
GetCurrentProcessId
GetCurrentThreadId
GetCurrentProcess
ReadProcessMemory
GetModuleFileNameA
GetModuleHandleA
WriteFile
ReadFile
CloseHandle
SetFilePointer
SetEndOfFile
FreeLibrary
GetSystemInfo
LoadLibraryA
GetProcAddress
DeleteFileW
CreateFileW
GetFileAttributesW
CreateDirectoryW
GetCurrentDirectoryW
GetFullPathNameW
GetConsoleMode
GetConsoleOutputCP
GetOEMCP
GetProcessHeap
HeapAlloc
HeapFree
TlsAlloc
TlsGetValue
TlsSetValue
CreateThread
ExitThread
LocalAlloc
LocalFree
Sleep
SuspendThread
ResumeThread
TerminateThread
WaitForSingleObject
SetThreadPriority
GetThreadPriority
CreateEventA
ResetEvent
SetEvent
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
TryEnterCriticalSection
RaiseException
MultiByteToWideChar
WideCharToMultiByte
GetACP
GetConsoleCP
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
RtlUnwindEx
EnumResourceTypesA
EnumResourceNamesA
EnumResourceLanguagesA
FindResourceA
FindResourceExA
LoadResource
SizeofResource
LockResource
FreeResource
GetEnvironmentStringsA
FreeEnvironmentStringsA
FormatMessageA
GlobalAddAtomA
GetWindowsDirectoryA
DeleteFileA
CopyFileA
CreateProcessA
GetVersionExA
CompareStringA
GetLocaleInfoA
GetDateFormatA
EnumCalendarInfoA
GetEnvironmentStringsW
FreeEnvironmentStringsW
FormatMessageW
LoadLibraryW
GetModuleFileNameW
GetCommandLineW
CompareStringW
GetLocaleInfoW
GlobalAlloc
GlobalReAlloc
GlobalSize
GlobalLock
GlobalUnlock
GetExitCodeProcess
GetExitCodeThread
GlobalDeleteAtom
MulDiv
GetLocalTime
CreatePipe
PeekNamedPipe
GetThreadLocale
SetThreadLocale
GetUserDefaultLCID

oleaut32

SysAllocStringLen
SysFreeString
SysReAllocStringLen
SafeArrayCreate
SafeArrayRedim
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayAccessData
SafeArrayUnaccessData
SafeArrayGetElement
SafeArrayPutElement
SafeArrayPtrOfIndex
VariantChangeTypeEx
VariantClear
VariantCopy
VariantInit

user32

MessageBoxA
CharUpperBuffW
CharLowerBuffW
PeekMessageA
SendMessageA
PostMessageA
DefWindowProcA
CallWindowProcA
RegisterClassA
UnregisterClassA
GetClassInfoA
CreateWindowExA
RegisterClipboardFormatA
GetClipboardFormatNameA
CharToOemA
CharUpperA
CharUpperBuffA
CharLowerA
CharLowerBuffA
GetMenuItemInfoA
SetPropA
GetPropA
RemovePropA
EnumPropsA
GetWindowLongA
SetWindowLongA
SetClassLongPtrA
GetClassNameA
LoadBitmapA
LoadCursorA
LoadIconA
LoadImageA
SystemParametersInfoA
DispatchMessageW
PeekMessageW
SendMessageW
DefWindowProcW
CallWindowProcW
RegisterClassW
UnregisterClassW
GetClassInfoW
CreateWindowExW
InsertMenuItemW
GetMenuItemInfoW
SetMenuItemInfoW
DrawTextW
DrawStateW
SetWindowTextW
GetWindowTextW
GetWindowTextLengthW
MessageBoxW
GetWindowLongPtrW
SetWindowLongPtrW
TranslateMessage
PostQuitMessage
GetDoubleClickTime
IsWindow
IsMenu
DestroyWindow
ShowWindow
ShowWindowAsync
ShowOwnedPopups
SetWindowPos
GetWindowPlacement
SetWindowPlacement
BeginDeferWindowPos
DeferWindowPos
EndDeferWindowPos
IsWindowVisible
IsIconic
BringWindowToTop
IsZoomed
OpenClipboard
CloseClipboard
SetClipboardData
GetClipboardData
CountClipboardFormats
EnumClipboardFormats
EmptyClipboard
IsClipboardFormatAvailable
SetFocus
GetActiveWindow
GetFocus
GetKeyState
GetCapture
SetCapture
ReleaseCapture
MsgWaitForMultipleObjects
SetTimer
KillTimer
EnableWindow
IsWindowEnabled
GetSystemMetrics
GetMenu
SetMenu
DrawMenuBar
GetSystemMenu
CreateMenu
CreatePopupMenu
DestroyMenu
EnableMenuItem
GetSubMenu
GetMenuItemCount
RemoveMenu
DeleteMenu
UpdateWindow
SetActiveWindow
GetForegroundWindow
SetForegroundWindow
WindowFromDC
GetDC
GetDCEx
GetWindowDC
ReleaseDC
BeginPaint
EndPaint
GetUpdateRect
SetWindowRgn
InvalidateRect
InvalidateRgn
RedrawWindow
ScrollWindowEx
ShowScrollBar
EnableScrollBar
GetClientRect
GetWindowRect
AdjustWindowRectEx
MessageBeep
SetCursorPos
SetCursor
GetCursorPos
CreateCaret
DestroyCaret
HideCaret
ShowCaret
SetCaretPos
GetCaretPos
ClientToScreen
ScreenToClient
MapWindowPoints
WindowFromPoint
GetSysColor
GetSysColorBrush
SetSysColors
DrawFocusRect
FillRect
FrameRect
SetRect
InflateRect
IntersectRect
OffsetRect
GetDesktopWindow
GetParent
SetParent
EnumThreadWindows
GetTopWindow
GetWindowThreadProcessId
GetLastActivePopup
GetWindow
CallNextHookEx
DestroyCursor
DestroyIcon
CopyImage
CreateIconIndirect
GetIconInfo
SetScrollInfo
GetScrollInfo
DrawEdge
DrawFrameControl
TrackPopupMenuEx
ChildWindowFromPointEx
FlashWindowEx

advapi32

RegCreateKeyExA
RegOpenKeyExA
RegSetValueExA
RegCloseKey
RegFlushKey

gdi32

CreateFontIndirectA
EnumFontFamiliesA
GetCharABCWidthsA
GetTextExtentPointA
GetTextMetricsA
GetObjectA
ExtTextOutA
CreateFontIndirectW
EnumFontFamiliesExW
GetCharABCWidthsW
GetTextExtentPoint32W
GetTextExtentExPointW
GetObjectW
TextOutW
ExtTextOutW
GetRandomRgn
Arc
BitBlt
Chord
CombineRgn
CreateBitmap
CreateBrushIndirect
CreateCompatibleBitmap
CreateCompatibleDC
CreateDIBitmap
CreateEllipticRgn
CreatePen
CreatePenIndirect
CreatePatternBrush
CreateRectRgn
CreateRoundRectRgn
CreateSolidBrush
DeleteDC
DeleteObject
Ellipse
EqualRgn
ExcludeClipRect
ExtCreateRegion
ExtFloodFill
FillRgn
GetROP2
GetBkColor
GetBitmapBits
GetClipBox
GetClipRgn
GetCurrentObject
GetDeviceCaps
GetDIBits
GetMapMode
GetObjectType
GetPixel
GetRegionData
GetRgnBox
GetStockObject
GetTextAlign
GetTextColor
GetViewportExtEx
GetViewportOrgEx
GetWindowExtEx
GetWindowOrgEx
IntersectClipRect
LineTo
MaskBlt
OffsetRgn
PatBlt
Pie
PaintRgn
PtInRegion
RectInRegion
RectVisible
Rectangle
RestoreDC
RealizePalette
RoundRect
SaveDC
SelectClipRgn
ExtSelectClipRgn
SelectObject
SelectPalette
SetBkColor
SetBkMode
SetMapMode
SetPixel
SetPolyFillMode
StretchBlt
SetRectRgn
SetROP2
SetStretchBltMode
SetTextCharacterExtra
SetTextColor
SetTextAlign
CreateDIBSection
SetArcDirection
ExtCreatePen
MoveToEx
CreatePolygonRgn
DPtoLP
LPtoDP
Polygon
Polyline
PolyBezier
SetViewportExtEx
SetViewportOrgEx
SetWindowExtEx
SetWindowOrgEx
OffsetViewportOrgEx
SetBrushOrgEx
GetDCOrgEx

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

shell32

DragQueryFileA
ShellExecuteA
DragQueryFileW
DragFinish
DragAcceptFiles
SHGetSpecialFolderLocation
SHGetPathFromIDListA

ole32

OleInitialize
OleUninitialize
CoUninitialize
CoCreateInstance
CLSIDFromProgID
CoInitialize
MkParseDisplayName
CreateBindCtx
GetErrorInfo

comctl32

InitCommonControls
ImageList_Create
ImageList_Destroy
ImageList_GetImageCount
ImageList_SetImageCount
ImageList_Add
ImageList_Replace
ImageList_AddMasked
ImageList_DrawEx
ImageList_DrawIndirect
ImageList_Remove
ImageList_Copy
ImageList_BeginDrag
ImageList_EndDrag
ImageList_DragEnter
ImageList_DragLeave
ImageList_DragMove
ImageList_DragShowNolock
_TrackMouseEvent

ws2_32

closesocket
connect
getsockopt
recv
send
setsockopt
shutdown
socket
WSAStartup
WSACleanup
WSAGetLastError

wsock32

gethostbyaddr
gethostbyname
WSAStartup

Sections

.text
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 123KB - Virtual size: 123KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 715KB - Virtual size: 714KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 123KB - Virtual size: 123KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 27KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 40B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Malware-Feed-master/2020.12.16_TeamCymru-APTC_23_AridViper_GnatSpy/eab20d4c0eeff48e7e1b6b59d79cd169cac277aeb5f91f462f838fcd6835e0ac
.exe windows:4 windows x86 arch:x86

51e53e55ec7d8af56797a171159d5535

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

GetLastError
SetLastError
GetTickCount
ExitProcess
GetStartupInfoA
GetStdHandle
GetCommandLineA
GetCurrentProcessId
GetCurrentThreadId
GetCurrentProcess
ReadProcessMemory
GetModuleFileNameA
GetModuleHandleA
WriteFile
ReadFile
CloseHandle
SetFilePointer
SetEndOfFile
FreeLibrary
GetSystemInfo
LoadLibraryA
GetProcAddress
DeleteFileW
CreateFileW
GetFileAttributesW
CreateDirectoryW
SetCurrentDirectoryW
GetCurrentDirectoryW
GetConsoleMode
GetConsoleOutputCP
GetOEMCP
GetProcessHeap
HeapAlloc
HeapFree
TlsAlloc
TlsGetValue
TlsSetValue
CreateThread
ExitThread
LocalAlloc
LocalFree
Sleep
SuspendThread
ResumeThread
TerminateThread
WaitForSingleObject
SetThreadPriority
GetThreadPriority
CreateEventA
ResetEvent
SetEvent
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
TryEnterCriticalSection
MultiByteToWideChar
WideCharToMultiByte
GetACP
GetConsoleCP
SetUnhandledExceptionFilter
EnumResourceTypesA
EnumResourceNamesA
EnumResourceLanguagesA
FindResourceA
FindResourceExA
LoadResource
SizeofResource
LockResource
FreeResource
GetEnvironmentStringsA
FreeEnvironmentStringsA
FormatMessageA
CreateMutexA
GlobalAddAtomA
GetWindowsDirectoryA
DeleteFileA
CopyFileA
CreateProcessA
GetVersionExA
CompareStringA
GetLocaleInfoA
GetDateFormatA
EnumCalendarInfoA
GetEnvironmentStringsW
FreeEnvironmentStringsW
FormatMessageW
LoadLibraryW
GetModuleFileNameW
GetCommandLineW
CompareStringW
GetLocaleInfoW
GlobalAlloc
GlobalReAlloc
GlobalSize
GlobalLock
GlobalUnlock
VirtualFree
GetExitCodeProcess
GetExitCodeThread
GlobalDeleteAtom
MulDiv
GetLocalTime
CreatePipe
PeekNamedPipe
GetThreadLocale
SetThreadLocale
GetUserDefaultLCID

oleaut32

SysAllocStringLen
SysFreeString
SysReAllocStringLen
SafeArrayCreate
SafeArrayRedim
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayAccessData
SafeArrayUnaccessData
SafeArrayGetElement
SafeArrayPutElement
SafeArrayPtrOfIndex
VariantChangeTypeEx
VariantClear
VariantCopy
VariantInit

user32

MessageBoxA
CharUpperBuffW
CharLowerBuffW
PeekMessageA
SendMessageA
PostMessageA
DefWindowProcA
CallWindowProcA
RegisterClassA
UnregisterClassA
GetClassInfoA
CreateWindowExA
RegisterClipboardFormatA
GetClipboardFormatNameA
CharToOemA
CharUpperA
CharUpperBuffA
CharLowerA
CharLowerBuffA
GetMenuItemInfoA
SetPropA
GetPropA
RemovePropA
EnumPropsA
GetWindowLongA
SetWindowLongA
SetClassLongA
GetClassNameA
LoadBitmapA
LoadCursorA
LoadIconA
LoadImageA
SystemParametersInfoA
DispatchMessageW
PeekMessageW
SendMessageW
DefWindowProcW
CallWindowProcW
RegisterClassW
UnregisterClassW
GetClassInfoW
CreateWindowExW
InsertMenuItemW
GetMenuItemInfoW
SetMenuItemInfoW
DrawTextW
DrawStateW
SetWindowTextW
GetWindowTextW
GetWindowTextLengthW
MessageBoxW
GetWindowLongW
SetWindowLongW
TranslateMessage
PostQuitMessage
GetDoubleClickTime
IsWindow
IsMenu
DestroyWindow
ShowWindow
ShowWindowAsync
ShowOwnedPopups
SetWindowPos
GetWindowPlacement
SetWindowPlacement
BeginDeferWindowPos
DeferWindowPos
EndDeferWindowPos
IsWindowVisible
IsIconic
BringWindowToTop
IsZoomed
OpenClipboard
CloseClipboard
SetClipboardData
GetClipboardData
CountClipboardFormats
EnumClipboardFormats
EmptyClipboard
IsClipboardFormatAvailable
SetFocus
GetActiveWindow
GetFocus
GetKeyState
GetCapture
SetCapture
ReleaseCapture
MsgWaitForMultipleObjects
SetTimer
KillTimer
EnableWindow
IsWindowEnabled
GetSystemMetrics
GetMenu
SetMenu
DrawMenuBar
GetSystemMenu
CreateMenu
CreatePopupMenu
DestroyMenu
EnableMenuItem
GetSubMenu
GetMenuItemCount
RemoveMenu
DeleteMenu
UpdateWindow
SetActiveWindow
GetForegroundWindow
SetForegroundWindow
WindowFromDC
GetDC
GetDCEx
GetWindowDC
ReleaseDC
BeginPaint
EndPaint
GetUpdateRect
SetWindowRgn
InvalidateRect
InvalidateRgn
RedrawWindow
ScrollWindowEx
ShowScrollBar
EnableScrollBar
GetClientRect
GetWindowRect
AdjustWindowRectEx
MessageBeep
SetCursorPos
SetCursor
GetCursorPos
CreateCaret
DestroyCaret
HideCaret
ShowCaret
SetCaretPos
GetCaretPos
ClientToScreen
ScreenToClient
MapWindowPoints
WindowFromPoint
GetSysColor
GetSysColorBrush
SetSysColors
DrawFocusRect
FillRect
FrameRect
SetRect
InflateRect
IntersectRect
OffsetRect
GetDesktopWindow
GetParent
SetParent
EnumThreadWindows
GetTopWindow
GetWindowThreadProcessId
GetLastActivePopup
GetWindow
CallNextHookEx
DestroyCursor
DestroyIcon
CopyImage
CreateIconIndirect
GetIconInfo
SetScrollInfo
GetScrollInfo
DrawEdge
DrawFrameControl
TrackPopupMenuEx
ChildWindowFromPointEx
FlashWindowEx

advapi32

RegCreateKeyExA
RegOpenKeyExA
RegSetValueExA
RegCloseKey
RegFlushKey

gdi32

CreateFontIndirectA
EnumFontFamiliesA
GetCharABCWidthsA
GetTextExtentPointA
GetTextMetricsA
GetObjectA
ExtTextOutA
CreateFontIndirectW
EnumFontFamiliesExW
GetCharABCWidthsW
GetTextExtentPoint32W
GetTextExtentExPointW
GetObjectW
TextOutW
ExtTextOutW
GetRandomRgn
Arc
BitBlt
Chord
CombineRgn
CreateBitmap
CreateBrushIndirect
CreateCompatibleBitmap
CreateCompatibleDC
CreateDIBitmap
CreateEllipticRgn
CreatePen
CreatePenIndirect
CreatePatternBrush
CreateRectRgn
CreateRoundRectRgn
CreateSolidBrush
DeleteDC
DeleteObject
Ellipse
EqualRgn
ExcludeClipRect
ExtCreateRegion
ExtFloodFill
FillRgn
GetROP2
GetBkColor
GetBitmapBits
GetClipBox
GetClipRgn
GetCurrentObject
GetDeviceCaps
GetDIBits
GetMapMode
GetObjectType
GetPixel
GetRegionData
GetRgnBox
GetStockObject
GetTextAlign
GetTextColor
GetViewportExtEx
GetViewportOrgEx
GetWindowExtEx
GetWindowOrgEx
IntersectClipRect
LineTo
MaskBlt
OffsetRgn
PatBlt
Pie
PaintRgn
PtInRegion
RectInRegion
RectVisible
Rectangle
RestoreDC
RealizePalette
RoundRect
SaveDC
SelectClipRgn
ExtSelectClipRgn
SelectObject
SelectPalette
SetBkColor
SetBkMode
SetMapMode
SetPixel
SetPolyFillMode
StretchBlt
SetRectRgn
SetROP2
SetStretchBltMode
SetTextCharacterExtra
SetTextColor
SetTextAlign
CreateDIBSection
SetArcDirection
ExtCreatePen
MoveToEx
CreatePolygonRgn
DPtoLP
LPtoDP
Polygon
Polyline
PolyBezier
SetViewportExtEx
SetViewportOrgEx
SetWindowExtEx
SetWindowOrgEx
OffsetViewportOrgEx
SetBrushOrgEx
GetDCOrgEx

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

shell32

DragQueryFileA
ShellExecuteA
DragQueryFileW
DragFinish
DragAcceptFiles
SHGetSpecialFolderLocation
SHGetPathFromIDListA

ole32

OleInitialize
OleUninitialize
CoUninitialize
CoCreateInstance
CoInitialize
MkParseDisplayName
CreateBindCtx
GetErrorInfo

comctl32

InitCommonControls
ImageList_Create
ImageList_Destroy
ImageList_GetImageCount
ImageList_SetImageCount
ImageList_Add
ImageList_Replace
ImageList_AddMasked
ImageList_DrawEx
ImageList_DrawIndirect
ImageList_Remove
ImageList_Copy
ImageList_BeginDrag
ImageList_EndDrag
ImageList_DragEnter
ImageList_DragLeave
ImageList_DragMove
ImageList_DragShowNolock
_TrackMouseEvent

ws2_32

closesocket
connect
getsockopt
recv
send
setsockopt
shutdown
socket
WSAStartup
WSACleanup
WSAGetLastError

wsock32

gethostbyaddr
gethostbyname
WSAStartup

Sections

.text
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 112KB - Virtual size: 111KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 351KB - Virtual size: 351KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 25KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 599KB - Virtual size: 599KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Malware-Feed-master/2020.12.16_TeamCymru-APTC_23_AridViper_GnatSpy/eda6d901c7d94cbd1c827dfa7c518685b611de85f4708a6701fcbf1a3f101768
.exe windows:4 windows x64 arch:x64

f60ff7bc2495abc11777f85fbd08fa18

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

GetLastError
SetLastError
GetTickCount
ExitProcess
GetStartupInfoA
GetStdHandle
GetCommandLineA
GetCurrentProcessId
GetCurrentThreadId
GetCurrentProcess
ReadProcessMemory
GetModuleFileNameA
GetModuleHandleA
WriteFile
ReadFile
CloseHandle
SetFilePointer
SetEndOfFile
FreeLibrary
GetSystemInfo
LoadLibraryA
GetProcAddress
DeleteFileW
CreateFileW
GetFileAttributesW
CreateDirectoryW
GetCurrentDirectoryW
GetFullPathNameW
GetConsoleMode
GetConsoleOutputCP
GetOEMCP
GetProcessHeap
HeapAlloc
HeapFree
TlsAlloc
TlsGetValue
TlsSetValue
CreateThread
ExitThread
LocalAlloc
LocalFree
Sleep
SuspendThread
ResumeThread
TerminateThread
WaitForSingleObject
SetThreadPriority
GetThreadPriority
CreateEventA
ResetEvent
SetEvent
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
TryEnterCriticalSection
RaiseException
MultiByteToWideChar
WideCharToMultiByte
GetACP
GetConsoleCP
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
RtlUnwindEx
EnumResourceTypesA
EnumResourceNamesA
EnumResourceLanguagesA
FindResourceA
FindResourceExA
LoadResource
SizeofResource
LockResource
FreeResource
GetEnvironmentStringsA
FreeEnvironmentStringsA
FormatMessageA
GlobalAddAtomA
GetWindowsDirectoryA
DeleteFileA
CopyFileA
CreateProcessA
GetVersionExA
CompareStringA
GetLocaleInfoA
GetDateFormatA
EnumCalendarInfoA
GetEnvironmentStringsW
FreeEnvironmentStringsW
FormatMessageW
LoadLibraryW
GetModuleFileNameW
GetCommandLineW
CompareStringW
GetLocaleInfoW
GlobalAlloc
GlobalReAlloc
GlobalSize
GlobalLock
GlobalUnlock
GetExitCodeProcess
GetExitCodeThread
GlobalDeleteAtom
MulDiv
GetLocalTime
CreatePipe
PeekNamedPipe
GetThreadLocale
SetThreadLocale
GetUserDefaultLCID

oleaut32

SysAllocStringLen
SysFreeString
SysReAllocStringLen
SafeArrayCreate
SafeArrayRedim
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayAccessData
SafeArrayUnaccessData
SafeArrayGetElement
SafeArrayPutElement
SafeArrayPtrOfIndex
VariantChangeTypeEx
VariantClear
VariantCopy
VariantInit

user32

MessageBoxA
CharUpperBuffW
CharLowerBuffW
PeekMessageA
SendMessageA
PostMessageA
DefWindowProcA
CallWindowProcA
RegisterClassA
UnregisterClassA
GetClassInfoA
CreateWindowExA
RegisterClipboardFormatA
GetClipboardFormatNameA
CharToOemA
CharUpperA
CharUpperBuffA
CharLowerA
CharLowerBuffA
GetMenuItemInfoA
SetPropA
GetPropA
RemovePropA
EnumPropsA
GetWindowLongA
SetWindowLongA
SetClassLongPtrA
GetClassNameA
LoadBitmapA
LoadCursorA
LoadIconA
LoadImageA
SystemParametersInfoA
DispatchMessageW
PeekMessageW
SendMessageW
DefWindowProcW
CallWindowProcW
RegisterClassW
UnregisterClassW
GetClassInfoW
CreateWindowExW
InsertMenuItemW
GetMenuItemInfoW
SetMenuItemInfoW
DrawTextW
DrawStateW
SetWindowTextW
GetWindowTextW
GetWindowTextLengthW
MessageBoxW
GetWindowLongPtrW
SetWindowLongPtrW
TranslateMessage
PostQuitMessage
GetDoubleClickTime
IsWindow
IsMenu
DestroyWindow
ShowWindow
ShowWindowAsync
ShowOwnedPopups
SetWindowPos
GetWindowPlacement
SetWindowPlacement
BeginDeferWindowPos
DeferWindowPos
EndDeferWindowPos
IsWindowVisible
IsIconic
BringWindowToTop
IsZoomed
OpenClipboard
CloseClipboard
SetClipboardData
GetClipboardData
CountClipboardFormats
EnumClipboardFormats
EmptyClipboard
IsClipboardFormatAvailable
SetFocus
GetActiveWindow
GetFocus
GetKeyState
GetCapture
SetCapture
ReleaseCapture
MsgWaitForMultipleObjects
SetTimer
KillTimer
EnableWindow
IsWindowEnabled
GetSystemMetrics
GetMenu
SetMenu
DrawMenuBar
GetSystemMenu
CreateMenu
CreatePopupMenu
DestroyMenu
EnableMenuItem
GetSubMenu
GetMenuItemCount
RemoveMenu
DeleteMenu
UpdateWindow
SetActiveWindow
GetForegroundWindow
SetForegroundWindow
WindowFromDC
GetDC
GetDCEx
GetWindowDC
ReleaseDC
BeginPaint
EndPaint
GetUpdateRect
SetWindowRgn
InvalidateRect
InvalidateRgn
RedrawWindow
ScrollWindowEx
ShowScrollBar
EnableScrollBar
GetClientRect
GetWindowRect
AdjustWindowRectEx
MessageBeep
SetCursorPos
SetCursor
GetCursorPos
CreateCaret
DestroyCaret
HideCaret
ShowCaret
SetCaretPos
GetCaretPos
ClientToScreen
ScreenToClient
MapWindowPoints
WindowFromPoint
GetSysColor
GetSysColorBrush
SetSysColors
DrawFocusRect
FillRect
FrameRect
SetRect
InflateRect
IntersectRect
OffsetRect
GetDesktopWindow
GetParent
SetParent
EnumThreadWindows
GetTopWindow
GetWindowThreadProcessId
GetLastActivePopup
GetWindow
CallNextHookEx
DestroyCursor
DestroyIcon
CopyImage
CreateIconIndirect
GetIconInfo
SetScrollInfo
GetScrollInfo
DrawEdge
DrawFrameControl
TrackPopupMenuEx
ChildWindowFromPointEx
FlashWindowEx

advapi32

RegCreateKeyExA
RegOpenKeyExA
RegSetValueExA
RegCloseKey
RegFlushKey

gdi32

CreateFontIndirectA
EnumFontFamiliesA
GetCharABCWidthsA
GetTextExtentPointA
GetTextMetricsA
GetObjectA
ExtTextOutA
CreateFontIndirectW
EnumFontFamiliesExW
GetCharABCWidthsW
GetTextExtentPoint32W
GetTextExtentExPointW
GetObjectW
TextOutW
ExtTextOutW
GetRandomRgn
Arc
BitBlt
Chord
CombineRgn
CreateBitmap
CreateBrushIndirect
CreateCompatibleBitmap
CreateCompatibleDC
CreateDIBitmap
CreateEllipticRgn
CreatePen
CreatePenIndirect
CreatePatternBrush
CreateRectRgn
CreateRoundRectRgn
CreateSolidBrush
DeleteDC
DeleteObject
Ellipse
EqualRgn
ExcludeClipRect
ExtCreateRegion
ExtFloodFill
FillRgn
GetROP2
GetBkColor
GetBitmapBits
GetClipBox
GetClipRgn
GetCurrentObject
GetDeviceCaps
GetDIBits
GetMapMode
GetObjectType
GetPixel
GetRegionData
GetRgnBox
GetStockObject
GetTextAlign
GetTextColor
GetViewportExtEx
GetViewportOrgEx
GetWindowExtEx
GetWindowOrgEx
IntersectClipRect
LineTo
MaskBlt
OffsetRgn
PatBlt
Pie
PaintRgn
PtInRegion
RectInRegion
RectVisible
Rectangle
RestoreDC
RealizePalette
RoundRect
SaveDC
SelectClipRgn
ExtSelectClipRgn
SelectObject
SelectPalette
SetBkColor
SetBkMode
SetMapMode
SetPixel
SetPolyFillMode
StretchBlt
SetRectRgn
SetROP2
SetStretchBltMode
SetTextCharacterExtra
SetTextColor
SetTextAlign
CreateDIBSection
SetArcDirection
ExtCreatePen
MoveToEx
CreatePolygonRgn
DPtoLP
LPtoDP
Polygon
Polyline
PolyBezier
SetViewportExtEx
SetViewportOrgEx
SetWindowExtEx
SetWindowOrgEx
OffsetViewportOrgEx
SetBrushOrgEx
GetDCOrgEx

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

shell32

DragQueryFileA
ShellExecuteA
DragQueryFileW
DragFinish
DragAcceptFiles
SHGetSpecialFolderLocation
SHGetPathFromIDListA

ole32

OleInitialize
OleUninitialize
CoUninitialize
CoCreateInstance
CLSIDFromProgID
CoInitialize
MkParseDisplayName
CreateBindCtx
GetErrorInfo

comctl32

InitCommonControls
ImageList_Create
ImageList_Destroy
ImageList_GetImageCount
ImageList_SetImageCount
ImageList_Add
ImageList_Replace
ImageList_AddMasked
ImageList_DrawEx
ImageList_DrawIndirect
ImageList_Remove
ImageList_Copy
ImageList_BeginDrag
ImageList_EndDrag
ImageList_DragEnter
ImageList_DragLeave
ImageList_DragMove
ImageList_DragShowNolock
_TrackMouseEvent

ws2_32

closesocket
connect
getsockopt
recv
send
setsockopt
shutdown
socket
WSAStartup
WSACleanup
WSAGetLastError

wsock32

gethostbyaddr
gethostbyname
WSAStartup

Sections

.text
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 123KB - Virtual size: 123KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 715KB - Virtual size: 714KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 123KB - Virtual size: 123KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 27KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 40B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 119KB - Virtual size: 119KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Malware-Feed-master/2020.12.17_CISA_AA20-352A_APT_Gov_Infrastructure/019085a76ba7126fff22770d71bd901c325fc68ac55aa743327984e89f4b0134
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Code Sign

0f:e9:73:75:20:22:a6:06:ad:f2:a3:6e:34:5d:c0:ed
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

21-01-2020 00:00

Not After

20-01-2023 23:59

Subject

CN=Solarwinds Worldwide\, LLC,O=Solarwinds Worldwide\, LLC,L=Austin,ST=Texas,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10-12-2013 00:00

Not After

09-12-2023 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:cd:3f:85:68:ae:76:c6:1b:b0:fe:71:60:cc:a7:6d
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-10-2019 00:00

Not After

17-10-2030 00:00

Subject

CN=TIMESTAMP-SHA256-2019-10-15,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07-01-2016 12:00

Not After

07-01-2031 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0f:14:86:89:a0:57:30:5c:a7:70:8a:79:a0:92:f6:57:66:d6:d2:11:cb:b8:be:28:46:f6:17:00:96:4a:c0:d4
Signer

Actual PE Digest

0f:14:86:89:a0:57:30:5c:a7:70:8a:79:a0:92:f6:57:66:d6:d2:11:cb:b8:be:28:46:f6:17:00:96:4a:c0:d4

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\buildAgent\temp\buildTmp\Obj\SolarWinds.Orion.Core.BusinessLayer\Release\SolarWinds.Orion.Core.BusinessLayer.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 994KB - Virtual size: 994KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.12.17_CISA_AA20-352A_APT_Gov_Infrastructure/0f5d7e6dfdd62c83eb096ba193b5ae394001bac036745495674156ead6557589
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Code Sign

0f:e9:73:75:20:22:a6:06:ad:f2:a3:6e:34:5d:c0:ed
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

21-01-2020 00:00

Not After

20-01-2023 23:59

Subject

CN=Solarwinds Worldwide\, LLC,O=Solarwinds Worldwide\, LLC,L=Austin,ST=Texas,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10-12-2013 00:00

Not After

09-12-2023 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12-01-2016 00:00

Not After

11-01-2031 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23-12-2017 00:00

Not After

22-03-2029 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

d8:50:19:98:0b:a8:99:98:9e:a2:13:bc:6a:ef:b4:5b:df:29:da:9e:cf:8c:c5:aa:b2:06:0d:f8:46:0f:5a:33
Signer

Actual PE Digest

d8:50:19:98:0b:a8:99:98:9e:a2:13:bc:6a:ef:b4:5b:df:29:da:9e:cf:8c:c5:aa:b2:06:0d:f8:46:0f:5a:33

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\buildAgent\temp\buildTmp\Obj\SolarWinds.Orion.Core.BusinessLayer\Release\SolarWinds.Orion.Core.BusinessLayer.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 978KB - Virtual size: 977KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.12.17_CISA_AA20-352A_APT_Gov_Infrastructure/32519b85c0b422e4656de6e6c41878e95fd95026267daab4215ee59c107d6c77
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Code Sign

0f:e9:73:75:20:22:a6:06:ad:f2:a3:6e:34:5d:c0:ed
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

21-01-2020 00:00

Not After

20-01-2023 23:59

Subject

CN=Solarwinds Worldwide\, LLC,O=Solarwinds Worldwide\, LLC,L=Austin,ST=Texas,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10-12-2013 00:00

Not After

09-12-2023 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12-01-2016 00:00

Not After

11-01-2031 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23-12-2017 00:00

Not After

22-03-2029 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

81:43:fa:cd:39:be:94:39:0f:aa:10:5f:58:1d:0a:c6:c8:d7:fe:54:f3:5d:e2:10:58:1c:79:b5:e6:8f:ac:46
Signer

Actual PE Digest

81:43:fa:cd:39:be:94:39:0f:aa:10:5f:58:1d:0a:c6:c8:d7:fe:54:f3:5d:e2:10:58:1c:79:b5:e6:8f:ac:46

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\buildAgent\temp\buildTmp\Obj\SolarWinds.Orion.Core.BusinessLayer\Release\SolarWinds.Orion.Core.BusinessLayer.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 978KB - Virtual size: 977KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.12.17_CISA_AA20-352A_APT_Gov_Infrastructure/6e4050c6a2d2e5e49606d96dd2922da480f2e0c70082cc7e54449a7dc0d20f8d
.dll windows:4 windows x64 arch:x64

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Sections

.text
Size: 21KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 280KB - Virtual size: 279KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 1024B - Virtual size: 728B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 12KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 80B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 88B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 104B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 832B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 100B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.12.17_CISA_AA20-352A_APT_Gov_Infrastructure/README.md
Malware-Feed-master/2020.12.17_CISA_AA20-352A_APT_Gov_Infrastructure/a25cadd48d70f6ea0c4a241d99c5241269e6faccb4054e62d16784640f8e53bc
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Code Sign

75:85:49:70:c4:61:7a:00:2a:cc:ca:dc:b3:9b:34:7c
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

06-02-2019 00:00

Not After

06-02-2020 23:59

Subject

CN=Solarwinds Worldwide\, LLC,O=Solarwinds Worldwide\, LLC,L=Austin,ST=Texas,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10-12-2013 00:00

Not After

09-12-2023 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12-01-2016 00:00

Not After

11-01-2031 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23-12-2017 00:00

Not After

22-03-2029 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

75:7d:b7:24:de:57:56:7b:ff:91:04:d5:2e:23:ae:67:21:0c:9c:19:85:5a:4e:f1:2c:ff:45:14:51:b6:e3:42
Signer

Actual PE Digest

75:7d:b7:24:de:57:56:7b:ff:91:04:d5:2e:23:ae:67:21:0c:9c:19:85:5a:4e:f1:2c:ff:45:14:51:b6:e3:42

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\buildAgent\temp\buildTmp\Obj\SolarWinds.Orion.Core.BusinessLayer\Release\SolarWinds.Orion.Core.BusinessLayer.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 903KB - Virtual size: 902KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.12.17_CISA_AA20-352A_APT_Gov_Infrastructure/b820e8a2057112d0ed73bd7995201dbed79a79e13c79d4bdad81a22f12387e07
.dll windows:4 windows x64 arch:x64

3417123af2f473f771d46841bfce6d48

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

advapi32

DuplicateToken
RegOpenKeyA

kernel32

AddVectoredExceptionHandler
CreateFileA
DeleteCriticalSection
EnterCriticalSection
ExitProcess
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetLastError
GetProcAddress
GetSystemTimeAsFileTime
GetTempPathW
GetTickCount
InitializeCriticalSection
LeaveCriticalSection
LoadLibraryA
LoadLibraryW
QueryPerformanceCounter
ReadFile
RtlAddFunctionTable
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
SetUnhandledExceptionFilter
Sleep
TerminateProcess
TlsGetValue
UnhandledExceptionFilter
VirtualProtect
VirtualQuery
WaitForSingleObject

msvcrt

__dllonexit
__iob_func
_amsg_exit
_initterm
_lock
_onexit
_unlock
abort
calloc
exit
free
fwrite
malloc
memcmp
memcpy
realloc
signal
strcpy
strlen
strncmp
tan
vfprintf

user32

GetSystemMenu

Exports

Exports

TkAllocWindow
TkBezierPoints
TkBezierScreenPoints
TkBindDeadWindow
TkBindEventProc
TkBindFree
TkBindInit
TkCanvasDashParseProc
TkCanvasDashPrintProc
TkChangeEventWindow
TkClipBox
TkClipCleanup
TkClipInit
TkComputeAnchor
TkCopyAndGlobalEval
TkCreateBindingProcedure
TkCreateCursorFromData
TkCreateFrame
TkCreateMainWindow
TkCreateRegion
TkCreateThreadExitHandler
TkCurrentTime
TkDebugBitmap
TkDebugBorder
TkDebugColor
TkDebugConfig
TkDebugCursor
TkDebugFont
TkDeleteAllImages
TkDeleteThreadExitHandler
TkDestroyRegion
TkDoConfigureNotify
TkDrawInsetFocusHighlight
TkEventDeadWindow
TkFillPolygon
TkFindStateNum
TkFindStateNumObj
TkFindStateString
TkFocusDeadWindow
TkFocusFilterEvent
TkFocusFree
TkFocusKeyEvent
TkFontPkgFree
TkFontPkgInit
TkFreeBindingTags
TkGCCleanup
TkGenerateActivateEvents
TkGetBitmapData
TkGetBitmapPredefTable
TkGetButtPoints
TkGetCursorByName
TkGetDefaultScreenName
TkGetDisplay
TkGetDisplayList
TkGetDisplayOf
TkGetFocusWin
TkGetInterpNames
TkGetMainInfoList
TkGetMiterPoints
TkGetOptionSpec
TkGetPointerCoords
TkGetServerInfo
TkGetWindowFromObj
TkGrabDeadWindow
TkGrabState
TkInOutEvents
TkIncludePoint
TkInstallFrameMenu
TkIntersectRegion
TkKeysymToString
TkLineToArea
TkLineToPoint
TkMakeBezierCurve
TkMakeBezierPostscript
TkMakeRawCurve
TkMakeRawCurvePostscript
TkOffsetParseProc
TkOffsetPrintProc
TkOptionClassChanged
TkOptionDeadWindow
TkOrientParseProc
TkOrientPrintProc
TkOvalToArea
TkOvalToPoint
TkPhotoGetValidRegion
TkPixelParseProc
TkPixelPrintProc
TkPointerDeadWindow
TkPointerEvent
TkPolygonToArea
TkPolygonToPoint
TkPositionInTree
TkPutImage
TkQueueEventForAllChildren
TkReadBitmapFile
TkRectInRegion
TkScrollWindow
TkSelDeadWindow
TkSelEventProc
TkSelInit
TkSelPropProc
TkSetFocusWin
TkSetPixmapColormap
TkSetRegion
TkSetWindowMenuBar
TkSmoothParseProc
TkSmoothPrintProc
TkStateParseProc
TkStatePrintProc
TkStringToKeysym
TkStylePkgFree
TkStylePkgInit
TkSubtractRegion
TkThickPolyLineToArea
TkToplevelWindowForCommand
TkUnionRectWithRegion
TkWinCancelMouseTimer
TkWinClipboardRender
TkWinDialogDebug
TkWinDisplayChanged
TkWinEmbeddedEventProc
TkWinFillRect
TkWinGetBorderPixels
TkWinGetDrawableDC
TkWinGetIcon
TkWinGetMenuSystemDefault
TkWinGetModifierState
TkWinGetPlatformId
TkWinGetPlatformTheme
TkWinGetSystemPalette
TkWinGetWrapperWindow
TkWinHandleMenuEvent
TkWinIndexOfColor
TkWinReleaseDrawableDC
TkWinResendEvent
TkWinSelectPalette
TkWinSetForegroundWindow
TkWinSetHINSTANCE
TkWinSetMenu
TkWinSetWindowPos
TkWinUpdatingClipboard
TkWinWmCleanup
TkWinXCleanup
TkWinXInit
TkWmAddToColormapWindows
TkWmDeadWindow
TkWmFocusToplevel
TkWmMapWindow
TkWmNewWindow
TkWmProtocolEventProc
TkWmRemoveFromColormapWindows
TkWmRestackToplevel
TkWmSetClass
TkWmStackorderToplevel
TkWmUnmapWindow
Tk_3DBorderColor
Tk_3DBorderGC
Tk_3DHorizontalBevel
Tk_3DVerticalBevel
Tk_AddOption
Tk_Alloc3DBorderFromObj
Tk_AllocBitmapFromObj
Tk_AllocColorFromObj
Tk_AllocCursorFromObj
Tk_AllocFontFromObj
Tk_AllocStyleFromObj
Tk_AttachHWND
Tk_BindEvent
Tk_CanvasDrawableCoords
Tk_CanvasEventuallyRedraw
Tk_CanvasGetCoord
Tk_CanvasGetCoordFromObj
Tk_CanvasGetTextInfo
Tk_CanvasPsBitmap
Tk_CanvasPsColor
Tk_CanvasPsFont
Tk_CanvasPsOutline
Tk_CanvasPsPath
Tk_CanvasPsStipple
Tk_CanvasPsY
Tk_CanvasSetOffset
Tk_CanvasSetStippleOrigin
Tk_CanvasTagsParseProc
Tk_CanvasTagsPrintProc
Tk_CanvasTkwin
Tk_CanvasWindowCoords
Tk_ChangeOutlineGC
Tk_ChangeWindowAttributes
Tk_CharBbox
Tk_ClearSelection
Tk_ClipboardAppend
Tk_ClipboardClear
Tk_CollapseMotionEvents
Tk_ComputeTextLayout
Tk_ConfigOutlineGC
Tk_ConfigureInfo
Tk_ConfigureValue
Tk_ConfigureWidget
Tk_ConfigureWindow
Tk_CoordsToWindow
Tk_CreateAnonymousWindow
Tk_CreateBinding
Tk_CreateBindingTable
Tk_CreateClientMessageHandler
Tk_CreateConsoleWindow
Tk_CreateErrorHandler
Tk_CreateEventHandler
Tk_CreateGenericHandler
Tk_CreateImageType
Tk_CreateItemType
Tk_CreateOldImageType
Tk_CreateOldPhotoImageFormat
Tk_CreateOptionTable
Tk_CreateOutline
Tk_CreatePhotoImageFormat
Tk_CreateSelHandler
Tk_CreateSmoothMethod
Tk_CreateStyle
Tk_CreateWindow
Tk_CreateWindowFromPath
Tk_DefineBitmap
Tk_DefineCursor
Tk_DeleteAllBindings
Tk_DeleteBinding
Tk_DeleteBindingTable
Tk_DeleteClientMessageHandler
Tk_DeleteErrorHandler
Tk_DeleteEventHandler
Tk_DeleteGenericHandler
Tk_DeleteImage
Tk_DeleteOptionTable
Tk_DeleteOutline
Tk_DeleteSelHandler
Tk_DestroyWindow
Tk_DisplayName
Tk_DistanceToTextLayout
Tk_DitherPhoto
Tk_Draw3DPolygon
Tk_Draw3DRectangle
Tk_DrawChars
Tk_DrawElement
Tk_DrawFocusHighlight
Tk_DrawTextLayout
Tk_Fill3DPolygon
Tk_Fill3DRectangle
Tk_FindPhoto
Tk_FontId
Tk_Free3DBorder
Tk_Free3DBorderFromObj
Tk_FreeBitmap
Tk_FreeBitmapFromObj
Tk_FreeColor
Tk_FreeColorFromObj
Tk_FreeColormap
Tk_FreeConfigOptions
Tk_FreeCursor
Tk_FreeCursorFromObj
Tk_FreeFont
Tk_FreeFontFromObj
Tk_FreeGC
Tk_FreeImage
Tk_FreeOptions
Tk_FreePixmap
Tk_FreeSavedOptions
Tk_FreeStyle
Tk_FreeStyleFromObj
Tk_FreeTextLayout
Tk_FreeXId
Tk_GCForColor
Tk_GeometryRequest
Tk_Get3DBorder
Tk_Get3DBorderFromObj
Tk_GetAllBindings
Tk_GetAnchor
Tk_GetAnchorFromObj
Tk_GetAtomName
Tk_GetBinding
Tk_GetBitmap
Tk_GetBitmapFromData
Tk_GetBitmapFromObj
Tk_GetCapStyle
Tk_GetColor
Tk_GetColorByValue
Tk_GetColorFromObj
Tk_GetColormap
Tk_GetCursor
Tk_GetCursorFromData
Tk_GetCursorFromObj
Tk_GetDash
Tk_GetElementBorderWidth
Tk_GetElementBox
Tk_GetElementId
Tk_GetElementSize
Tk_GetEmbeddedMenuHWND
Tk_GetFont
Tk_GetFontFromObj
Tk_GetFontMetrics
Tk_GetGC
Tk_GetHINSTANCE
Tk_GetHWND
Tk_GetImage
Tk_GetImageMasterData
Tk_GetItemTypes
Tk_GetJoinStyle
Tk_GetJustify
Tk_GetJustifyFromObj
Tk_GetMMFromObj
Tk_GetMenuHWND
Tk_GetNumMainWindows
Tk_GetOption
Tk_GetOptionInfo
Tk_GetOptionValue
Tk_GetPixels
Tk_GetPixelsFromObj
Tk_GetPixmap
Tk_GetRelief
Tk_GetReliefFromObj
Tk_GetRootCoords
Tk_GetScreenMM
Tk_GetScrollInfo
Tk_GetScrollInfoObj
Tk_GetSelection
Tk_GetStyle
Tk_GetStyleEngine
Tk_GetStyleFromObj
Tk_GetStyledElement
Tk_GetUid
Tk_GetUserInactiveTime
Tk_GetVRootGeometry
Tk_GetVisual
Tk_Grab
Tk_HWNDToWindow
Tk_HandleEvent
Tk_IdToWindow
Tk_ImageChanged
Tk_Init
Tk_InitConsoleChannels
Tk_InitOptions
Tk_InternAtom
Tk_Interp
Tk_IntersectTextLayout
Tk_MainEx
Tk_MainLoop
Tk_MainWindow
Tk_MaintainGeometry
Tk_MakeWindowExist
Tk_ManageGeometry
Tk_MapWindow
Tk_MeasureChars
Tk_MoveResizeWindow
Tk_MoveToplevelWindow
Tk_MoveWindow
Tk_NameOf3DBorder
Tk_NameOfAnchor
Tk_NameOfBitmap
Tk_NameOfCapStyle
Tk_NameOfColor
Tk_NameOfCursor
Tk_NameOfFont
Tk_NameOfImage
Tk_NameOfJoinStyle
Tk_NameOfJustify
Tk_NameOfRelief
Tk_NameOfStyle
Tk_NameToWindow
Tk_OwnSelection
Tk_ParseArgv
Tk_PhotoBlank
Tk_PhotoExpand
Tk_PhotoExpand_Panic
Tk_PhotoGetImage
Tk_PhotoGetSize
Tk_PhotoPutBlock
Tk_PhotoPutBlock_NoComposite
Tk_PhotoPutBlock_Panic
Tk_PhotoPutZoomedBlock
Tk_PhotoPutZoomedBlock_NoComposite
Tk_PhotoPutZoomedBlock_Panic
Tk_PhotoSetSize
Tk_PhotoSetSize_Panic
Tk_PkgInitStubsCheck
Tk_PointToChar
Tk_PointerEvent
Tk_PostscriptBitmap
Tk_PostscriptColor
Tk_PostscriptFont
Tk_PostscriptFontName
Tk_PostscriptImage
Tk_PostscriptPath
Tk_PostscriptPhoto
Tk_PostscriptStipple
Tk_PostscriptY
Tk_PreserveColormap
Tk_QueueWindowEvent
Tk_RedrawImage
Tk_RegisterStyleEngine
Tk_RegisterStyledElement
Tk_ResetOutlineGC
Tk_ResetUserInactiveTime
Tk_ResizeWindow
Tk_RestackWindow
Tk_RestoreSavedOptions
Tk_RestrictEvents
Tk_SafeInit
Tk_SetAppName
Tk_SetBackgroundFromBorder
Tk_SetCaretPos
Tk_SetClass
Tk_SetClassProcs
Tk_SetGrid
Tk_SetInternalBorder
Tk_SetInternalBorderEx
Tk_SetMinimumRequestSize
Tk_SetOptions
Tk_SetTSOrigin
Tk_SetWindowBackground
Tk_SetWindowBackgroundPixmap
Tk_SetWindowBorder
Tk_SetWindowBorderPixmap
Tk_SetWindowBorderWidth
Tk_SetWindowColormap
Tk_SetWindowVisual
Tk_SizeOfBitmap
Tk_SizeOfImage
Tk_StrictMotif
Tk_TextLayoutToPostscript
Tk_TextWidth
Tk_TranslateWinEvent
Tk_UndefineCursor
Tk_UnderlineChars
Tk_UnderlineTextLayout
Tk_Ungrab
Tk_UnmaintainGeometry
Tk_UnmapWindow
Tk_UnsetGrid
Tk_UpdatePointer
TkpChangeFocus
TkpClaimFocus
TkpCloseDisplay
TkpDisplayWarning
TkpDrawFrame
TkpDrawHighlightBorder
TkpFreeCursor
TkpGetAppName
TkpGetKeySym
TkpGetMS
TkpGetOtherWindow
TkpGetString
TkpGetSubFonts
TkpGetSystemDefault
TkpGetWrapperWindow
TkpInit
TkpInitKeymapInfo
TkpInitializeMenuBindings
TkpMakeContainer
TkpMakeMenuWindow
TkpMakeWindow
TkpMenuNotifyToplevelCreate
TkpMenuThreadInit
TkpOpenDisplay
TkpPrintWindowId
TkpRedirectKeyEvent
TkpScanWindowId
TkpSetCapture
TkpSetCursor
TkpSetKeycodeAndState
TkpSetMainMenubar
TkpTestembedCmd
TkpTesttextCmd
TkpUseWindow
TkpWindowWasRecentlyDeleted
TkpWmSetState
XAllocColor
XBell
XChangeGC
XChangeProperty
XChangeWindowAttributes
XClearWindow
XConfigureWindow
XCopyArea
XCopyPlane
XCreateBitmapFromData
XCreateColormap
XCreateGC
XCreateGlyphCursor
XCreateIC
XCreateImage
XCreatePixmapCursor
XDefineCursor
XDeleteProperty
XDestroyIC
XDestroyWindow
XDrawArc
XDrawLine
XDrawLines
XDrawRectangle
XFillArc
XFillPolygon
XFillRectangle
XFillRectangles

Sections

.text
Size: 204KB - Virtual size: 204KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 280KB - Virtual size: 279KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 12KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 88B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 104B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 832B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 100B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.12.17_CISA_AA20-352A_APT_Gov_Infrastructure/c15abaf51e78ca56c0376522d699c978217bf041a3bd3c71d09193efa5717c71
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

mscoree

_CorDllMain

Sections

.text
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 796B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.12.17_CISA_AA20-352A_APT_Gov_Infrastructure/ce77d116a074dab7a22a0fd4f2c1ab475f16eec42e1ded3c0b0aa8211fe858d6
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Code Sign

0f:e9:73:75:20:22:a6:06:ad:f2:a3:6e:34:5d:c0:ed
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

21-01-2020 00:00

Not After

20-01-2023 23:59

Subject

CN=Solarwinds Worldwide\, LLC,O=Solarwinds Worldwide\, LLC,L=Austin,ST=Texas,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10-12-2013 00:00

Not After

09-12-2023 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:cd:3f:85:68:ae:76:c6:1b:b0:fe:71:60:cc:a7:6d
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-10-2019 00:00

Not After

17-10-2030 00:00

Subject

CN=TIMESTAMP-SHA256-2019-10-15,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07-01-2016 12:00

Not After

07-01-2031 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

29:3c:e1:8d:0d:fe:26:f1:d3:85:c0:93:a1:08:cd:81:b1:03:d5:1c:8e:2b:5c:1f:e3:42:48:1a:dd:55:01:e8
Signer

Actual PE Digest

29:3c:e1:8d:0d:fe:26:f1:d3:85:c0:93:a1:08:cd:81:b1:03:d5:1c:8e:2b:5c:1f:e3:42:48:1a:dd:55:01:e8

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\buildAgent\temp\buildTmp\Obj\SolarWinds.Orion.Core.BusinessLayer\Release\SolarWinds.Orion.Core.BusinessLayer.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 994KB - Virtual size: 994KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.12.17_CISA_AA20-352A_APT_Gov_Infrastructure/d3c6785e18fba3749fb785bc313cf8346182f532c59172b69adfb31b96a5d0af
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

75:85:49:70:c4:61:7a:00:2a:cc:ca:dc:b3:9b:34:7c
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

06-02-2019 00:00

Not After

06-02-2020 23:59

Subject

CN=Solarwinds Worldwide\, LLC,O=Solarwinds Worldwide\, LLC,L=Austin,ST=Texas,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10-12-2013 00:00

Not After

09-12-2023 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

75:85:49:70:c4:61:7a:00:2a:cc:ca:dc:b3:9b:34:7c
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

06-02-2019 00:00

Not After

06-02-2020 23:59

Subject

CN=Solarwinds Worldwide\, LLC,O=Solarwinds Worldwide\, LLC,L=Austin,ST=Texas,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10-12-2013 00:00

Not After

09-12-2023 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12-01-2016 00:00

Not After

11-01-2031 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23-12-2017 00:00

Not After

22-03-2029 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

75:7d:b7:24:de:57:56:7b:ff:91:04:d5:2e:23:ae:67:21:0c:9c:19:85:5a:4e:f1:2c:ff:45:14:51:b6:e3:42
Signer

Actual PE Digest

75:7d:b7:24:de:57:56:7b:ff:91:04:d5:2e:23:ae:67:21:0c:9c:19:85:5a:4e:f1:2c:ff:45:14:51:b6:e3:42

Digest Algorithm

sha256

PE Digest Matches

true

ff:89:ac:9f:e2:ca:40:23:4c:f9:ec:ff:3f:c8:88:44:d5:ec:b3:f7
Signer

Actual PE Digest

ff:89:ac:9f:e2:ca:40:23:4c:f9:ec:ff:3f:c8:88:44:d5:ec:b3:f7

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\buildAgent\temp\buildTmp\Obj\SolarWinds.Orion.Core.BusinessLayer\Release\SolarWinds.Orion.Core.BusinessLayer.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 903KB - Virtual size: 902KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.12.17_ClearSky-Pay2Kitten/3e35a2a6b58853ab7443aef40d22dc37c3d94848ec9f5b9ca27c1892082b4f07
Malware-Feed-master/2020.12.17_ClearSky-Pay2Kitten/483fe88d70cb09361c27468b97b7f96bd667d8c915c9f004a27d4260367d551b
.exe windows:6 windows x64 arch:x64

79b3362178937bf9559741c46bb9e035

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

GetModuleHandleA
GetProcAddress

Sections

.MPRESS1
Size: 2.8MB - Virtual size: 10.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MPRESS2
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Malware-Feed-master/2020.12.17_ClearSky-Pay2Kitten/48edd2cd9b09de0088c34020aea0bf40e226b22d629303ecee61a19d33ef3347
Malware-Feed-master/2020.12.17_ClearSky-Pay2Kitten/4a1fc30ffeee48f213e256fa7bff77d8abd8acd81e3b2eb3b9c40bd3e2b04756
Malware-Feed-master/2020.12.17_ClearSky-Pay2Kitten/55b9264bc1f665acd94d922dd13522f48f2c88b02b587e50d5665b72855aa71c
.exe windows:6 windows x64 arch:x64

91802a615b3a5c4bcc05bc5f66a5b219

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

WriteFile
WriteConsoleW
WaitForMultipleObjects
WaitForSingleObject
VirtualQuery
VirtualFree
VirtualAlloc
SwitchToThread
SuspendThread
SetWaitableTimer
SetUnhandledExceptionFilter
SetProcessPriorityBoost
SetEvent
SetErrorMode
SetConsoleCtrlHandler
ResumeThread
PostQueuedCompletionStatus
LoadLibraryA
LoadLibraryW
SetThreadContext
GetThreadContext
GetSystemInfo
GetSystemDirectoryA
GetStdHandle
GetQueuedCompletionStatus
GetProcessAffinityMask
GetProcAddress
GetEnvironmentStringsW
GetConsoleMode
FreeEnvironmentStringsW
ExitProcess
DuplicateHandle
CreateThread
CreateIoCompletionPort
CreateEventA
CloseHandle
AddVectoredExceptionHandler

Sections

.text
Size: 4.3MB - Virtual size: 4.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5.4MB - Virtual size: 5.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 362KB - Virtual size: 571KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.symtab
Size: 512B - Virtual size: 4B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.12.17_ClearSky-Pay2Kitten/5bae961fec67565fb88c8bcd3841b7090566d8fc12ccb70436b5269456e55c00
.exe windows:5 windows x86 arch:x86

0e6377943b05b8b3fb33a543257381a1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

F:\2-Sources\21-FinalCobalt\Source\cobalt\Cobalt\Cobalt\Win32\Release\Client\Cobalt.Client.pdb

Imports

netapi32

NetFileClose
NetApiBufferFree
NetFileEnum

kernel32

GetPrivateProfileStringW
FormatMessageW
SetEvent
TerminateThread
TlsAlloc
InterlockedExchangeAdd
CloseHandle
QueueUserAPC
LocalFree
GetProcessHeap
WideCharToMultiByte
InterlockedIncrement
TlsFree
CreateEventA
SetConsoleCtrlHandler
FindFirstFileW
GetCurrentProcess
FindClose
MultiByteToWideChar
FileTimeToSystemTime
HeapAlloc
GetComputerNameW
GetModuleHandleW
CompareFileTime
ReleaseSemaphore
TerminateProcess
WaitForMultipleObjectsEx
OpenProcess
WaitForSingleObjectEx
CopyFileW
CreateSemaphoreA
GetSystemWindowsDirectoryW
GetProcessTimes
SetWaitableTimer
TlsSetValue
PostQueuedCompletionStatus
InterlockedCompareExchange
InitializeCriticalSectionAndSpinCount
GetQueuedCompletionStatus
CreateEventW
Sleep
VerSetConditionMask
SleepEx
VerifyVersionInfoW
TlsGetValue
CreateIoCompletionPort
FindNextFileW
GetVolumeInformationW
GetLogicalDriveStringsW
GetDiskFreeSpaceExW
DeleteFileW
MoveFileW
HeapSize
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetOEMCP
IsValidCodePage
FindNextFileA
FindFirstFileExA
GetTimeZoneInformation
SetStdHandle
CreateProcessA
GetExitCodeProcess
ReadConsoleW
ReadFile
GetConsoleMode
GetConsoleCP
FlushFileBuffers
WaitForSingleObject
WaitForMultipleObjects
InterlockedDecrement
HeapFree
InterlockedExchange
SetFileAttributesW
GetFileAttributesW
FormatMessageA
GetLastError
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
InterlockedPopEntrySList
InterlockedPushEntrySList
SetLastError
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetTimeFormatW
GetDateFormatW
GetACP
GetCommandLineW
GetCommandLineA
WriteFile
HeapReAlloc
SystemTimeToTzSpecificLocalTime
PeekNamedPipe
ExitThread
GetFullPathNameA
GetDriveTypeW
ExitProcess
WriteConsoleW
GetModuleHandleExW
GetModuleFileNameA
GetFileType
GetStdHandle
RtlUnwind
RaiseException
LoadLibraryW
VirtualProtect
UnregisterWaitEx
QueryDepthSList
TryEnterCriticalSection
GetCurrentThreadId
DuplicateHandle
GetCurrentThread
QueryPerformanceCounter
QueryPerformanceFrequency
GetStringTypeW
EncodePointer
DecodePointer
GetSystemTimeAsFileTime
GetTickCount
GetProcAddress
CompareStringW
LCMapStringW
GetLocaleInfoW
GetCPInfo
ResetEvent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
GetCurrentProcessId
InitializeSListHead
GetCurrentDirectoryW
CreateFileW
GetFileAttributesExW
GetFullPathNameW
SetEndOfFile
SetFilePointerEx
MoveFileExW
AreFileApisANSI
CreateFileA
GetFileSize
SetFilePointer
MapViewOfFileEx
UnmapViewOfFile
GetModuleHandleA
CreateFileMappingA
OpenEventA
ResumeThread
GetLogicalProcessorInformation
CreateWaitableTimerA
CreateTimerQueue
SignalObjectAndWait
SwitchToThread
CreateThread
SetThreadPriority
GetThreadPriority
CreateTimerQueueTimer
ChangeTimerQueueTimer
DeleteTimerQueueTimer
GetNumaHighestNodeNumber
GetProcessAffinityMask
SetThreadAffinityMask
RegisterWaitForSingleObject
UnregisterWait
OutputDebugStringW
GetThreadTimes
FreeLibrary
FreeLibraryAndExitThread
GetModuleFileNameW
LoadLibraryExW
GetVersionExW
VirtualAlloc
VirtualFree
InterlockedFlushSList

user32

wsprintfW
BeginPaint
UpdateWindow
ShutdownBlockReasonDestroy
PostQuitMessage
LoadCursorW
LoadIconW
TranslateMessage
AdjustWindowRect
ShutdownBlockReasonCreate
DispatchMessageW
ShowWindow
RegisterClassExW
SendMessageW
CreateWindowExW
DefWindowProcW
GetMessageW
SystemParametersInfoW
EndPaint

advapi32

AdjustTokenPrivileges
CryptGetUserKey
CryptDecrypt
CryptExportKey
CryptImportKey
CryptGenKey
LookupPrivilegeValueW
CryptReleaseContext
AbortSystemShutdownW
OpenProcessToken
CryptAcquireContextW
CryptEncrypt
CryptCreateHash
CryptDeriveKey
CryptHashData

iphlpapi

GetAdaptersInfo

ws2_32

WSAStartup
setsockopt
ioctlsocket
freeaddrinfo
htonl
getsockopt
WSARecv
connect
getsockname
getaddrinfo
WSASocketW
WSASetLastError
listen
select
WSASend
closesocket
WSAIoctl
bind
accept
WSACleanup
__WSAFDIsSet
WSAGetLastError

rstrtmgr

RmEndSession
RmGetList
RmRegisterResources
RmStartSession

Sections

.text
Size: 743KB - Virtual size: 742KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 171KB - Virtual size: 171KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 36KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 45KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.12.17_ClearSky-Pay2Kitten/63e81ac3c8e438221a088bc765158006cc99b2894d4340cf73305c43d67e9627
.exe windows:4 windows x64 arch:x64

96c44fa1eee2c4e9b9e77d7bf42d59e6

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Imports

winmm

timeEndPeriod
timeBeginPeriod

ws2_32

WSAGetOverlappedResult

kernel32

WriteFile
WriteConsoleW
WaitForSingleObject
VirtualFree
VirtualAlloc
SwitchToThread
SetWaitableTimer
SetUnhandledExceptionFilter
SetProcessPriorityBoost
SetEvent
SetErrorMode
SetConsoleCtrlHandler
LoadLibraryA
LoadLibraryW
GetSystemInfo
GetStdHandle
GetQueuedCompletionStatus
GetProcessAffinityMask
GetProcAddress
GetEnvironmentStringsW
GetConsoleMode
FreeEnvironmentStringsW
ExitProcess
DuplicateHandle
CreateThread
CreateIoCompletionPort
CreateEventA
CloseHandle
AddVectoredExceptionHandler

Sections

.text
Size: 3.6MB - Virtual size: 3.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 123KB - Virtual size: 255KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1024B - Virtual size: 1022B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.symtab
Size: 512B - Virtual size: 4B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.12.17_ClearSky-Pay2Kitten/6467152f27ba0d02dbd27e20403d8c5cdd86258df927a9cdaa9630cfc1fd3883
.gz
Malware-Feed-master/2020.12.17_ClearSky-Pay2Kitten/README.md
Malware-Feed-master/2020.12.17_ClearSky-Pay2Kitten/a2440df2bf11c2882d139bddf5a33bfd63dcb4b82994ac2daf7c7f08b7170647
Malware-Feed-master/2020.12.17_ClearSky-Pay2Kitten/d2b612729d0c106cb5b0434e3d5de1a5dc9d065d276d51a3fb25a08f39e18467
.exe windows:5 windows x86 arch:x86

8b7ac1fd2af282ebbd5d19a84254b0c3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

F:\2-Sources\21-FinalCobalt\Source\cobalt\Cobalt\Cobalt\Win32\Release\Client\Cobalt.Client.pdb

Imports

netapi32

NetFileClose
NetApiBufferFree
NetFileEnum

kernel32

GetPrivateProfileStringW
FormatMessageW
SetEvent
TerminateThread
TlsAlloc
DeleteFileW
InterlockedExchangeAdd
CloseHandle
QueueUserAPC
LocalFree
GetProcessHeap
WideCharToMultiByte
InterlockedIncrement
TlsFree
CreateEventA
SetConsoleCtrlHandler
FindFirstFileW
GetCurrentProcess
FindClose
MultiByteToWideChar
FileTimeToSystemTime
HeapAlloc
GetComputerNameW
GetModuleHandleW
GetModuleFileNameW
CreateProcessW
CompareFileTime
ReleaseSemaphore
TerminateProcess
WaitForMultipleObjectsEx
OpenProcess
WaitForSingleObjectEx
CopyFileW
CreateSemaphoreA
GetSystemWindowsDirectoryW
GetProcessTimes
PostQueuedCompletionStatus
TlsSetValue
SetLastError
InterlockedCompareExchange
InitializeCriticalSectionAndSpinCount
GetQueuedCompletionStatus
CreateEventW
Sleep
VerSetConditionMask
SleepEx
VerifyVersionInfoW
TlsGetValue
CreateIoCompletionPort
FindNextFileW
GetVolumeInformationW
GetLogicalDriveStringsW
GetDiskFreeSpaceExW
MoveFileW
HeapSize
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetOEMCP
IsValidCodePage
FindNextFileA
FindFirstFileExA
GetTimeZoneInformation
SetStdHandle
CreateProcessA
GetExitCodeProcess
ReadConsoleW
ReadFile
GetConsoleMode
GetConsoleCP
FlushFileBuffers
WaitForSingleObject
WaitForMultipleObjects
InterlockedDecrement
HeapFree
InterlockedExchange
SetFileAttributesW
GetFileAttributesW
FormatMessageA
GetLastError
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
VirtualProtect
InterlockedPopEntrySList
SetWaitableTimer
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetTimeFormatW
GetDateFormatW
GetACP
GetCommandLineW
GetCommandLineA
WriteFile
HeapReAlloc
SystemTimeToTzSpecificLocalTime
PeekNamedPipe
ExitThread
GetFullPathNameA
GetDriveTypeW
ExitProcess
WriteConsoleW
GetModuleHandleExW
GetModuleFileNameA
GetFileType
GetStdHandle
RtlUnwind
RaiseException
VirtualFree
LoadLibraryW
UnregisterWaitEx
QueryDepthSList
InterlockedFlushSList
TryEnterCriticalSection
GetCurrentThreadId
DuplicateHandle
GetCurrentThread
QueryPerformanceCounter
QueryPerformanceFrequency
GetStringTypeW
EncodePointer
DecodePointer
GetSystemTimeAsFileTime
GetTickCount
GetProcAddress
CompareStringW
LCMapStringW
GetLocaleInfoW
GetCPInfo
ResetEvent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
GetCurrentProcessId
InitializeSListHead
GetCurrentDirectoryW
CreateFileW
GetFileAttributesExW
GetFullPathNameW
SetEndOfFile
SetFilePointerEx
MoveFileExW
AreFileApisANSI
CreateFileA
GetFileSize
SetFilePointer
MapViewOfFileEx
UnmapViewOfFile
GetModuleHandleA
CreateFileMappingA
OpenEventA
ResumeThread
GetLogicalProcessorInformation
CreateWaitableTimerA
CreateTimerQueue
SignalObjectAndWait
SwitchToThread
CreateThread
SetThreadPriority
GetThreadPriority
CreateTimerQueueTimer
ChangeTimerQueueTimer
DeleteTimerQueueTimer
GetNumaHighestNodeNumber
GetProcessAffinityMask
SetThreadAffinityMask
RegisterWaitForSingleObject
UnregisterWait
OutputDebugStringW
GetThreadTimes
FreeLibrary
FreeLibraryAndExitThread
LoadLibraryExW
GetVersionExW
VirtualAlloc
InterlockedPushEntrySList

user32

wsprintfW
BeginPaint
UpdateWindow
ShutdownBlockReasonDestroy
PostQuitMessage
LoadCursorW
LoadIconW
TranslateMessage
AdjustWindowRect
ShutdownBlockReasonCreate
DispatchMessageW
ShowWindow
RegisterClassExW
SendMessageW
CreateWindowExW
DefWindowProcW
GetMessageW
SystemParametersInfoW
EndPaint

advapi32

AdjustTokenPrivileges
CryptGetUserKey
CryptDecrypt
CryptExportKey
CryptImportKey
CryptGenKey
LookupPrivilegeValueW
CryptReleaseContext
AbortSystemShutdownW
OpenProcessToken
CryptAcquireContextW
CryptEncrypt
CryptCreateHash
CryptDeriveKey
CryptHashData

iphlpapi

GetAdaptersInfo

ws2_32

WSAStartup
setsockopt
ioctlsocket
freeaddrinfo
htonl
getsockopt
WSARecv
connect
getsockname
getaddrinfo
WSASocketW
WSASetLastError
listen
select
WSASend
closesocket
WSAIoctl
bind
accept
WSACleanup
__WSAFDIsSet
WSAGetLastError

rstrtmgr

RmEndSession
RmStartSession
RmGetList
RmRegisterResources

Sections

.text
Size: 744KB - Virtual size: 743KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 172KB - Virtual size: 171KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 36KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 45KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.12.17_ClearSky-Pay2Kitten/df86cd16a3008dba00590edae31d1313bd92528aca92c4f4ea7f24000ba62547
.exe windows:6 windows x64 arch:x64

93a138801d9601e4c36e6274c8b9d111

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

WriteFile
WriteConsoleW
WaitForMultipleObjects
WaitForSingleObject
VirtualQuery
VirtualFree
VirtualAlloc
SwitchToThread
SuspendThread
SetWaitableTimer
SetUnhandledExceptionFilter
SetProcessPriorityBoost
SetEvent
SetErrorMode
SetConsoleCtrlHandler
ResumeThread
QueryFullProcessImageNameA
ProcessIdToSessionId
PostQueuedCompletionStatus
OpenProcess
LoadLibraryA
LoadLibraryW
SetThreadContext
GetThreadContext
GetSystemInfo
GetSystemDirectoryA
GetStdHandle
GetQueuedCompletionStatusEx
GetProcessAffinityMask
GetProcAddress
GetEnvironmentStringsW
GetConsoleMode
FreeEnvironmentStringsW
ExitProcess
DuplicateHandle
CreateThread
CreateIoCompletionPort
CreateEventA
CloseHandle
AddVectoredExceptionHandler

Sections

.text
Size: 5.7MB - Virtual size: 5.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6.4MB - Virtual size: 6.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 440KB - Virtual size: 677KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 236KB - Virtual size: 235KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.symtab
Size: 512B - Virtual size: 4B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.12.17_ClearSky-Pay2Kitten/ea7ed9bb14a7bda590cf3ff81c8c37703a028c4fdb4599b6a283d68fdcb2613f
.exe windows:5 windows x86 arch:x86

0e6377943b05b8b3fb33a543257381a1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

F:\2-Sources\21-FinalCobalt\Source\cobalt\Cobalt\Cobalt\Win32\Release\Client\Cobalt.Client.pdb

Imports

netapi32

NetFileClose
NetApiBufferFree
NetFileEnum

kernel32

GetPrivateProfileStringW
FormatMessageW
SetEvent
TerminateThread
TlsAlloc
InterlockedExchangeAdd
CloseHandle
QueueUserAPC
LocalFree
GetProcessHeap
WideCharToMultiByte
InterlockedIncrement
TlsFree
CreateEventA
SetConsoleCtrlHandler
FindFirstFileW
GetCurrentProcess
FindClose
MultiByteToWideChar
FileTimeToSystemTime
HeapAlloc
GetComputerNameW
GetModuleHandleW
CompareFileTime
ReleaseSemaphore
TerminateProcess
WaitForMultipleObjectsEx
OpenProcess
WaitForSingleObjectEx
CopyFileW
CreateSemaphoreA
GetSystemWindowsDirectoryW
GetProcessTimes
SetWaitableTimer
TlsSetValue
PostQueuedCompletionStatus
InterlockedCompareExchange
InitializeCriticalSectionAndSpinCount
GetQueuedCompletionStatus
CreateEventW
Sleep
VerSetConditionMask
SleepEx
VerifyVersionInfoW
TlsGetValue
CreateIoCompletionPort
FindNextFileW
GetVolumeInformationW
GetLogicalDriveStringsW
GetDiskFreeSpaceExW
DeleteFileW
MoveFileW
HeapSize
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetOEMCP
IsValidCodePage
FindNextFileA
FindFirstFileExA
GetTimeZoneInformation
SetStdHandle
CreateProcessA
GetExitCodeProcess
ReadConsoleW
ReadFile
GetConsoleMode
GetConsoleCP
FlushFileBuffers
WaitForSingleObject
WaitForMultipleObjects
InterlockedDecrement
HeapFree
InterlockedExchange
SetFileAttributesW
GetFileAttributesW
FormatMessageA
GetLastError
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
InterlockedPopEntrySList
InterlockedPushEntrySList
SetLastError
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetTimeFormatW
GetDateFormatW
GetACP
GetCommandLineW
GetCommandLineA
WriteFile
HeapReAlloc
SystemTimeToTzSpecificLocalTime
PeekNamedPipe
ExitThread
GetFullPathNameA
GetDriveTypeW
ExitProcess
WriteConsoleW
GetModuleHandleExW
GetModuleFileNameA
GetFileType
GetStdHandle
RtlUnwind
RaiseException
LoadLibraryW
VirtualProtect
UnregisterWaitEx
QueryDepthSList
TryEnterCriticalSection
GetCurrentThreadId
DuplicateHandle
GetCurrentThread
QueryPerformanceCounter
QueryPerformanceFrequency
GetStringTypeW
EncodePointer
DecodePointer
GetSystemTimeAsFileTime
GetTickCount
GetProcAddress
CompareStringW
LCMapStringW
GetLocaleInfoW
GetCPInfo
ResetEvent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
GetCurrentProcessId
InitializeSListHead
GetCurrentDirectoryW
CreateFileW
GetFileAttributesExW
GetFullPathNameW
SetEndOfFile
SetFilePointerEx
MoveFileExW
AreFileApisANSI
CreateFileA
GetFileSize
SetFilePointer
MapViewOfFileEx
UnmapViewOfFile
GetModuleHandleA
CreateFileMappingA
OpenEventA
ResumeThread
GetLogicalProcessorInformation
CreateWaitableTimerA
CreateTimerQueue
SignalObjectAndWait
SwitchToThread
CreateThread
SetThreadPriority
GetThreadPriority
CreateTimerQueueTimer
ChangeTimerQueueTimer
DeleteTimerQueueTimer
GetNumaHighestNodeNumber
GetProcessAffinityMask
SetThreadAffinityMask
RegisterWaitForSingleObject
UnregisterWait
OutputDebugStringW
GetThreadTimes
FreeLibrary
FreeLibraryAndExitThread
GetModuleFileNameW
LoadLibraryExW
GetVersionExW
VirtualAlloc
VirtualFree
InterlockedFlushSList

user32

wsprintfW
BeginPaint
UpdateWindow
ShutdownBlockReasonDestroy
PostQuitMessage
LoadCursorW
LoadIconW
TranslateMessage
AdjustWindowRect
ShutdownBlockReasonCreate
DispatchMessageW
ShowWindow
RegisterClassExW
SendMessageW
CreateWindowExW
DefWindowProcW
GetMessageW
SystemParametersInfoW
EndPaint

advapi32

AdjustTokenPrivileges
CryptGetUserKey
CryptDecrypt
CryptExportKey
CryptImportKey
CryptGenKey
LookupPrivilegeValueW
CryptReleaseContext
AbortSystemShutdownW
OpenProcessToken
CryptAcquireContextW
CryptEncrypt
CryptCreateHash
CryptDeriveKey
CryptHashData

iphlpapi

GetAdaptersInfo

ws2_32

WSAStartup
setsockopt
ioctlsocket
freeaddrinfo
htonl
getsockopt
WSARecv
connect
getsockname
getaddrinfo
WSASocketW
WSASetLastError
listen
select
WSASend
closesocket
WSAIoctl
bind
accept
WSACleanup
__WSAFDIsSet
WSAGetLastError

rstrtmgr

RmEndSession
RmGetList
RmRegisterResources
RmStartSession

Sections

.text
Size: 743KB - Virtual size: 742KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 171KB - Virtual size: 171KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 36KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 45KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.12.17_ESET-Operation_SignSight_Southeast_Asia/6be34df727fcb79123e4e8f472ad24b698d83395fb17d4db019e9976f485cd83
.msi
Malware-Feed-master/2020.12.17_ESET-Operation_SignSight_Southeast_Asia/97a5fe1d2174e9d34cee8c1d6751bf01f99d8f40b1ae0bce205b8f2f0483225c
.exe windows:4 windows x86 arch:x86

764a9a179d3d138855baf5a597db57ee

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42

ord4998
ord2514
ord6052
ord4078
ord1775
ord4407
ord5241
ord2385
ord5163
ord6374
ord4353
ord5280
ord3798
ord4837
ord4441
ord2648
ord2055
ord6376
ord3749
ord5065
ord1727
ord5261
ord2446
ord2124
ord5277
ord3262
ord3081
ord4627
ord4425
ord3597
ord324
ord641
ord4234
ord4710
ord800
ord2818
ord540
ord2915
ord860
ord1158
ord4673
ord4853
ord6375
ord4486
ord2554
ord2512
ord5731
ord3922
ord1089
ord5199
ord2396
ord3346
ord5300
ord5302
ord2725
ord4079
ord4698
ord5307
ord5289
ord5714
ord3738
ord561
ord815
ord5500
ord6354
ord5716
ord5717
ord2621
ord1134
ord1199
ord1205
ord1816
ord1146
ord6215
ord2086
ord2864
ord4160
ord2863
ord2379
ord6453
ord755
ord470
ord4224
ord4376
ord5265
ord743
ord446
ord4003
ord2486
ord4226
ord4622
ord1223
ord825
ord290
ord2623
ord1206
ord1168
ord614
ord4424
ord4080
ord3079
ord3825
ord3831
ord3830
ord2976
ord2985
ord3136
ord4465
ord3259
ord3147
ord2982
ord1799
ord4274
ord823
ord1576

msvcrt

__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
_XcptFilter
_exit
??1type_info@@UAE@XZ
_onexit
__dllonexit
_setmbcp
_itoa
__CxxFrameHandler
atoi
strchr
_CxxThrowException
_controlfp
sscanf
strstr
_except_handler3
exit
sprintf

kernel32

WaitForSingleObject
Sleep
GetTickCount
SetFilePointer
ExpandEnvironmentStringsA
GetTempPathA
GetFileAttributesA
GetStartupInfoA
WriteFile
CloseHandle
GetModuleHandleA
GetProcAddress
ReadFile
GetFileSize
CreateFileA
GetLastError
GetShortPathNameA
LoadLibraryA
GetPrivateProfileStringA

user32

GetSystemMenu
GetSystemMetrics
SendMessageA
GetDesktopWindow
AppendMenuA
GetClientRect
EnableWindow
LoadIconA
DrawIcon

advapi32

RegOpenKeyExA
RegQueryValueExA
RegCloseKey

shell32

SHGetFolderPathA

dbghelp

MakeSureDirectoryPathExists

Sections

.text
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 96KB - Virtual size: 96KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 72KB - Virtual size: 69KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Malware-Feed-master/2020.12.17_ESET-Operation_SignSight_Southeast_Asia/README.md
Malware-Feed-master/2020.12.17_ESET-Operation_SignSight_Southeast_Asia/b0fd1ff7f5d45be89fffc04937f352754c6055e1f4ca26a9257169ce168569ef

Resubmissions

Sharing

General

Malware Config

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Signatures

Files

Headers

File Characteristics

Sections

CODE Size: 412KB - Virtual size: 412KB

DATA Size: 45KB - Virtual size: 45KB

BSS Size: - Virtual size: 3KB

.idata Size: 9KB - Virtual size: 9KB

.tls Size: - Virtual size: 16B

.rdata Size: 512B - Virtual size: 24B

.reloc Size: 31KB - Virtual size: 31KB

.rsrc Size: 261KB - Virtual size: 261KB

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 385KB - Virtual size: 385KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 12B

7f2222d75bcebeb591b7d884c5b9299b

Headers

DLL Characteristics

File Characteristics

Imports

wsock32

version

winmm

comctl32

mpr

wininet

psapi

iphlpapi

userenv

uxtheme

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

Sections

.text Size: 557KB - Virtual size: 557KB

.rdata Size: 179KB - Virtual size: 179KB

.data Size: 24KB - Virtual size: 39KB

.rsrc Size: 598KB - Virtual size: 597KB

.reloc Size: 41KB - Virtual size: 41KB

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 376KB - Virtual size: 375KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 12B

7f2222d75bcebeb591b7d884c5b9299b

Headers

DLL Characteristics

File Characteristics

Imports

wsock32

CODE
Size: 412KB - Virtual size: 412KB

DATA
Size: 45KB - Virtual size: 45KB

BSS
Size: - Virtual size: 3KB

.idata
Size: 9KB - Virtual size: 9KB

.tls
Size: - Virtual size: 16B

.rdata
Size: 512B - Virtual size: 24B

.reloc
Size: 31KB - Virtual size: 31KB

.rsrc
Size: 261KB - Virtual size: 261KB

.text
Size: 385KB - Virtual size: 385KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 557KB - Virtual size: 557KB

.rdata
Size: 179KB - Virtual size: 179KB

.data
Size: 24KB - Virtual size: 39KB

.rsrc
Size: 598KB - Virtual size: 597KB

.reloc
Size: 41KB - Virtual size: 41KB

.text
Size: 376KB - Virtual size: 375KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 557KB - Virtual size: 557KB

.rdata
Size: 179KB - Virtual size: 179KB

.data
Size: 24KB - Virtual size: 39KB

.rsrc
Size: 598KB - Virtual size: 597KB

.reloc
Size: 41KB - Virtual size: 41KB

.text
Size: 376KB - Virtual size: 375KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 557KB - Virtual size: 557KB

.rdata
Size: 179KB - Virtual size: 179KB

.data
Size: 24KB - Virtual size: 39KB

.rsrc
Size: 293KB - Virtual size: 293KB

.reloc
Size: 41KB - Virtual size: 41KB