a599639de74566a07d90c5d57fe9c506_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

a599639de74566a07d90c5d57fe9c506_JaffaCakes118
Size

3.6MB
MD5

a599639de74566a07d90c5d57fe9c506
SHA1

576f91df5e773e1dd98714529680a9c8b293df25
SHA256

3b0efcb5d1e8e8c6d8cd6002c4c09b16348856768b72cee97c3088ccb588f2ea
SHA512

6b70c7cd0619e1250676edacfa4cd2ca49f9a123f043e8e451c8c7d27a8a6a8fafbc0cda2c7087cb0da3b6ec07815532de6bc5dff0e3c526d213e85846fd323e
SSDEEP

49152:6CqTS0UO17EXgvLiFLGflIt7KPBxoNVb/+2DOxvvDkHH18ab6+KRYOelVVq3J/MZ:6CtVO14QAhcGgTY18KJHOe5gJ/MGA9P

Score

3^/10

Malware Config

Signatures

Unsigned PE 7 IoCs

Checks for missing Authenticode signature.

resource
unpack001/clonedisk.exe
unpack002/devio.exe
unpack001/libewf.dll
unpack001/libqcow.dll
unpack001/libvhdi.dll
unpack001/libvmdk.dll
unpack001/zlib.dll

Files

a599639de74566a07d90c5d57fe9c506_JaffaCakes118
.zip
clonedisk.exe
.exe windows:5 windows x64 arch:x64

cc813d55cc2d17aec7dc54390f0ba80b

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

oleaut32

SysFreeString
SysReAllocStringLen
SysAllocStringLen
SafeArrayPtrOfIndex
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayCreate
VariantChangeType
VariantCopy
VariantClear
VariantInit
CreateErrorInfo
GetErrorInfo
SetErrorInfo
GetActiveObject
SysFreeString

advapi32

RegQueryValueExW
RegOpenKeyExW
RegCloseKey
SetSecurityDescriptorDacl
RegSetValueExA
RegSetValueExW
RegQueryValueExA
RegQueryValueExW
RegOpenKeyExA
RegOpenKeyExW
RegFlushKey
RegDeleteValueA
RegDeleteValueW
RegCreateKeyExA
RegCreateKeyExW
RegCloseKey
InitializeSecurityDescriptor
GetUserNameA
GetUserNameW
FreeSid
AllocateAndInitializeSid

user32

MessageBoxA
CharNextW
LoadStringW
SetWindowLongPtrA
GetWindowLongPtrA
SetClassLongPtrW
GetClassLongPtrW
SetWindowLongPtrW
GetWindowLongPtrW
CreateWindowExA
CreateWindowExW
WindowFromPoint
WaitMessage
UpdateWindow
UnregisterClassW
UnhookWindowsHookEx
TranslateMessage
TranslateMDISysAccel
TrackPopupMenu
SystemParametersInfoW
ShowWindow
ShowScrollBar
ShowOwnedPopups
ShowCaret
SetWindowRgn
SetWindowsHookExW
SetWindowTextA
SetWindowTextW
SetWindowPos
SetWindowPlacement
SetTimer
SetScrollRange
SetScrollPos
SetScrollInfo
SetRect
SetPropW
SetParent
SetMenuItemInfoW
SetMenu
SetForegroundWindow
SetFocus
SetCursorPos
SetCursor
SetClipboardData
SetCapture
SetActiveWindow
SendMessageTimeoutA
SendMessageA
SendMessageW
ScrollWindow
ScreenToClient
RemovePropW
RemoveMenu
ReleaseDC
ReleaseCapture
RegisterWindowMessageW
RegisterClipboardFormatW
RegisterClassA
RegisterClassW
RedrawWindow
PostThreadMessageA
PostThreadMessageW
PostQuitMessage
PostMessageA
PostMessageW
PeekMessageA
PeekMessageW
OpenClipboard
OffsetRect
OemToCharBuffA
MsgWaitForMultipleObjectsEx
MsgWaitForMultipleObjects
MessageBoxA
MessageBoxW
MessageBeep
MapWindowPoints
MapVirtualKeyW
LoadStringW
LoadKeyboardLayoutW
LoadImageA
LoadImageW
LoadIconW
LoadCursorW
LoadBitmapW
KillTimer
IsZoomed
IsWindowVisible
IsWindowUnicode
IsWindowEnabled
IsWindow
IsIconic
IsDialogMessageA
IsDialogMessageW
IsChild
InvalidateRgn
InvalidateRect
InsertMenuItemW
InsertMenuW
InflateRect
HideCaret
GetWindowThreadProcessId
GetWindowTextA
GetWindowTextW
GetWindowRect
GetWindowPlacement
GetWindowDC
GetTopWindow
GetSystemMetrics
GetSystemMenu
GetSysColorBrush
GetSysColor
GetSubMenu
GetScrollRange
GetScrollPos
GetScrollInfo
GetScrollBarInfo
GetPropW
GetParent
GetWindow
GetMessagePos
GetMessageExtraInfo
GetMessageA
GetMessageW
GetMenuStringW
GetMenuState
GetMenuItemInfoW
GetMenuItemID
GetMenuItemCount
GetMenu
GetLastActivePopup
GetKeyboardState
GetKeyboardLayoutNameW
GetKeyboardLayoutList
GetKeyboardLayout
GetKeyState
GetKeyNameTextW
GetIconInfo
GetForegroundWindow
GetFocus
GetDlgItem
GetDlgCtrlID
GetDesktopWindow
GetDCEx
GetDC
GetCursorPos
GetCursor
GetClipboardData
GetClientRect
GetClassNameA
GetClassNameW
GetClassInfoExW
GetClassInfoW
GetCapture
GetActiveWindow
FrameRect
FindWindowExW
FindWindowA
FindWindowW
FillRect
EnumWindows
EnumThreadWindows
EnumClipboardFormats
EnumChildWindows
EndPaint
EndMenu
EnableWindow
EnableScrollBar
EnableMenuItem
EmptyClipboard
DrawTextExW
DrawTextA
DrawTextW
DrawMenuBar
DrawIconEx
DrawIcon
DrawFrameControl
DrawFocusRect
DrawEdge
DispatchMessageA
DispatchMessageW
DestroyWindow
DestroyMenu
DestroyIcon
DestroyCursor
DeleteMenu
DefWindowProcA
DefWindowProcW
DefMDIChildProcW
DefFrameProcW
CreatePopupMenu
CreateMenu
CreateIcon
CountClipboardFormats
CopyImage
CloseClipboard
ClientToScreen
ChildWindowFromPoint
CheckMenuItem
CharUpperBuffW
CharUpperW
CharNextW
CharLowerBuffW
CharLowerW
CallWindowProcA
CallWindowProcW
CallNextHookEx
BringWindowToTop
BeginPaint
AttachThreadInput
CharLowerBuffA
CharUpperBuffA
AdjustWindowRectEx
ActivateKeyboardLayout
EnumDisplayMonitors
GetMonitorInfoW
MonitorFromPoint
MonitorFromWindow

kernel32

Sleep
VirtualFree
VirtualAlloc
HeapFree
HeapAlloc
GetProcessHeap
lstrlenW
VirtualQuery
QueryPerformanceCounter
GetTickCount
GetSystemInfo
GetVersion
CompareStringW
IsDBCSLeadByteEx
IsValidLocale
SetThreadLocale
GetSystemDefaultUILanguage
GetUserDefaultUILanguage
GetLocaleInfoW
WideCharToMultiByte
MultiByteToWideChar
GetConsoleOutputCP
GetConsoleCP
GetACP
LoadLibraryExW
GetStartupInfoW
GetProcAddress
GetModuleHandleW
GetModuleFileNameW
GetCommandLineW
FreeLibrary
GetLastError
UnhandledExceptionFilter
RtlUnwindEx
RtlUnwind
RaiseException
ExitProcess
ExitThread
SwitchToThread
GetCurrentThreadId
CreateThread
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
FindFirstFileW
FindClose
SetCurrentDirectoryW
GetCurrentDirectoryW
WriteFile
SetFilePointer
SetEndOfFile
ReadFile
GetFileType
GetFileSize
CreateFileW
GetStdHandle
CloseHandle
GetProcAddress
RaiseException
LoadLibraryA
GetLastError
TlsSetValue
TlsGetValue
LocalFree
LocalAlloc
GetModuleHandleW
FreeLibrary
lstrlenA
lstrlenW
lstrcmpiW
lstrcmpA
lstrcmpW
WritePrivateProfileStringW
WriteFile
WideCharToMultiByte
WaitForSingleObject
WaitForMultipleObjectsEx
VirtualQueryEx
VirtualQuery
VirtualProtect
VirtualLock
VirtualFree
VirtualAlloc
UnmapViewOfFile
TerminateThread
TerminateProcess
SystemTimeToFileTime
SwitchToThread
SuspendThread
Sleep
SizeofResource
SetUnhandledExceptionFilter
SetThreadPriority
SetThreadLocale
SetLastError
SetFilePointerEx
SetFilePointer
SetFileAttributesA
SetFileAttributesW
SetEvent
SetErrorMode
SetEndOfFile
ResumeThread
ResetEvent
RemoveDirectoryA
RemoveDirectoryW
ReleaseMutex
ReadProcessMemory
ReadFile
RaiseException
QueryPerformanceFrequency
QueryPerformanceCounter
QueryDosDeviceW
OutputDebugStringW
OpenProcess
OpenFileMappingA
OpenFileMappingW
MulDiv
MoveFileW
MapViewOfFile
LockResource
LocalSize
LocalFree
LocalAlloc
LoadResource
LoadLibraryExA
LoadLibraryA
LoadLibraryW
LeaveCriticalSection
IsValidLocale
InitializeCriticalSection
HeapFree
HeapDestroy
HeapCreate
HeapAlloc
GlobalUnlock
GlobalMemoryStatus
GlobalLock
GlobalFree
GlobalFindAtomW
GlobalDeleteAtom
GlobalAlloc
GlobalAddAtomW
GetWindowsDirectoryA
GetWindowsDirectoryW
GetVolumeInformationW
GetVersionExA
GetVersionExW
GetVersion
GetTickCount
GetThreadPriority
GetThreadLocale
GetThreadContext
GetTempPathA
GetTempPathW
GetSystemTime
GetSystemInfo
GetStringTypeExA
GetStringTypeExW
GetStdHandle
GetShortPathNameW
GetProcAddress
GetPrivateProfileStringW
GetModuleHandleA
GetModuleHandleW
GetModuleFileNameA
GetModuleFileNameW
GetLogicalDrives
GetLocaleInfoA
GetLocaleInfoW
GetLocalTime
GetLastError
GetFullPathNameW
GetFileTime
GetFileSize
GetFileAttributesA
GetFileAttributesW
GetExitCodeThread
GetEnvironmentVariableW
GetDriveTypeW
GetDiskFreeSpaceA
GetDiskFreeSpaceW
GetDateFormatW
GetCurrentThreadId
GetCurrentThread
GetCurrentProcessId
GetCurrentProcess
GetCurrentDirectoryA
GetCurrentDirectoryW
GetComputerNameA
GetComputerNameW
GetCommandLineA
GetCommandLineW
GetCPInfoExW
GetCPInfo
GetACP
FreeResource
FreeLibrary
FreeConsole
FormatMessageA
FormatMessageW
FlushInstructionCache
FindResourceA
FindResourceW
FindNextFileA
FindNextFileW
FindFirstFileA
FindFirstFileW
FindClose
FileTimeToSystemTime
FileTimeToLocalFileTime
FileTimeToDosDateTime
ExpandEnvironmentStringsA
ExpandEnvironmentStringsW
ExitThread
ExitProcess
EnumCalendarInfoW
EnterCriticalSection
DuplicateHandle
DeviceIoControl
DeleteFileA
DeleteFileW
DeleteCriticalSection
DefineDosDeviceW
CreateThread
CreateProcessA
CreateProcessW
CreatePipe
CreateMutexA
CreateMutexW
CreateFileMappingA
CreateFileMappingW
CreateFileA
CreateFileW
CreateEventA
CreateEventW
CreateDirectoryA
CreateDirectoryW
CopyFileA
CopyFileW
CompareStringA
CompareStringW
CloseHandle
Beep
Sleep
FindVolumeClose
FindNextVolumeA
FindFirstVolumeA
GetVolumePathNamesForVolumeNameA
SetVolumeMountPointA
DeleteVolumeMountPointA
GetVersionExW
CreateMutexW

gdi32

UnrealizeObject
TextOutA
TextOutW
StretchBlt
StartPage
StartDocA
StartDocW
SetWindowOrgEx
SetWinMetaFileBits
SetViewportOrgEx
SetTextColor
SetStretchBltMode
SetROP2
SetPixel
SetMapMode
SetEnhMetaFileBits
SetDIBits
SetDIBColorTable
SetBrushOrgEx
SetBkMode
SetBkColor
SelectPalette
SelectObject
SelectClipRgn
SaveDC
RoundRect
RestoreDC
Rectangle
RectVisible
RealizePalette
Polyline
Polygon
PolyBezierTo
PolyBezier
PlayEnhMetaFile
Pie
PatBlt
MoveToEx
MaskBlt
LineTo
IntersectClipRect
GetWindowOrgEx
GetWinMetaFileBits
GetTextMetricsW
GetTextFaceA
GetTextExtentPointW
GetTextExtentPoint32A
GetTextExtentPoint32W
GetSystemPaletteEntries
GetStockObject
GetRgnBox
GetPixel
GetPaletteEntries
GetObjectW
GetEnhMetaFilePaletteEntries
GetEnhMetaFileHeader
GetEnhMetaFileDescriptionW
GetEnhMetaFileBits
GetDeviceCaps
GetDIBits
GetDIBColorTable
GetCurrentPositionEx
GetClipBox
GetBrushOrgEx
GetBitmapBits
GdiFlush
FrameRgn
ExtTextOutW
ExtFloodFill
ExcludeClipRect
EnumFontFamiliesExW
EndPage
EndDoc
Ellipse
DeleteObject
DeleteEnhMetaFile
DeleteDC
CreateSolidBrush
CreateRectRgnIndirect
CreateRectRgn
CreatePenIndirect
CreatePen
CreatePalette
CreateHalftonePalette
CreateFontIndirectW
CreateFontA
CreateFontW
CreateDIBitmap
CreateDIBSection
CreateDCW
CreateCompatibleDC
CreateCompatibleBitmap
CreateBrushIndirect
CreateBitmap
CopyEnhMetaFileW
CombineRgn
Chord
BitBlt
ArcTo
Arc
AngleArc

version

VerQueryValueA
VerQueryValueW
GetFileVersionInfoSizeA
GetFileVersionInfoSizeW
GetFileVersionInfoA
GetFileVersionInfoW

mpr

WNetGetConnectionW

ole32

CoCreateGuid
OleUninitialize
OleInitialize
CoTaskMemFree
CoTaskMemAlloc
ProgIDFromCLSID
StringFromCLSID
CoCreateInstance
CoUninitialize
CoInitialize
IsEqualGUID

comctl32

InitializeFlatSB
FlatSB_SetScrollProp
FlatSB_SetScrollPos
FlatSB_SetScrollInfo
FlatSB_GetScrollPos
FlatSB_GetScrollInfo
_TrackMouseEvent
ImageList_SetIconSize
ImageList_GetIconSize
ImageList_Write
ImageList_Read
ImageList_GetDragImage
ImageList_DragShowNolock
ImageList_DragMove
ImageList_DragLeave
ImageList_DragEnter
ImageList_EndDrag
ImageList_BeginDrag
ImageList_GetIcon
ImageList_Remove
ImageList_DrawEx
ImageList_Replace
ImageList_Draw
ImageList_GetBkColor
ImageList_SetBkColor
ImageList_Add
ImageList_SetImageCount
ImageList_GetImageCount
ImageList_Destroy
ImageList_Create
InitCommonControls

shell32

ShellExecuteExA
ShellExecuteExW
ShellExecuteA
ShellExecuteW
Shell_NotifyIconW
SHGetPathFromIDListW
SHGetMalloc
SHGetDesktopFolder
SHBrowseForFolderW
SHGetPathFromIDListA
SHGetSpecialFolderLocation
SHGetMalloc

comdlg32

PrintDlgW
GetSaveFileNameA
GetSaveFileNameW
GetOpenFileNameW

wsock32

WSACleanup
WSAStartup
WSAGetLastError
gethostbyname
socket
setsockopt
sendto
send
select
recvfrom
recv
ioctlsocket
inet_addr
htons
connect
closesocket
bind

msvcrt

memset
memcpy

shlwapi

SHCreateStreamOnFileA

Exports

Exports

TMethodImplementationIntercept

Sections

.text
Size: 4.3MB - Virtual size: 4.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 330KB - Virtual size: 329KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 567KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.didata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 95B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: - Virtual size: 1KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 40B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 191KB - Virtual size: 190KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 490KB - Virtual size: 490KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
devio.zip
.zip
devio.exe
.exe windows:4 windows x86 arch:x86

9e397d837a8450a4506a4b2075609cd1

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

WSAStartup
socket
htons
bind
getsockname
ntohs
inet_ntoa
accept
closesocket
setsockopt
htonl
ntohl
listen

user32

CharToOemA

msvcrt

__p__commode
__p__fmode
__set_app_type
_except_handler3
_controlfp
_adjust_fdiv
_initterm
__getmainargs
__initenv
exit
_cexit
_XcptFilter
_exit
_c_exit
_onexit
__dllonexit
strtok
strncmp
sscanf
_get_osfhandle
strtoul
puts
_snprintf
printf
malloc
free
_iob
_lseeki64
strstr
_read
_write
_close
_strnicmp
_open
_stricmp
_errno
vfprintf
fprintf
fflush
__setusermatherr

kernel32

FormatMessageA
GetLastError
WaitForSingleObject
SetEvent
CreateEventA
CreateMutexA
VirtualQuery
MapViewOfFile
CreateFileMappingA
CloseHandle
CreateFileA
GetStdHandle
DeviceIoControl
FlushFileBuffers
GetFileInformationByHandle
SetLastError
WriteFile
ReadFile
ResetEvent
GetOverlappedResult
LoadLibraryA
GetProcAddress
LocalFree

Sections

.text
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
exclude.sample
grub4dos-0.4.5c-2014-01-17.7z
.7z
grub4dos-0.4.5c/COPYING
grub4dos-0.4.5c/Get_Source_of_This_Build.txt
grub4dos-0.4.5c/badgrub.exe
grub4dos-0.4.5c/bootlace.com
.elf linux x86
grub4dos-0.4.5c/bootlace64.com
.elf linux x64
grub4dos-0.4.5c/docs/ChangeLog_GRUB4DOS.txt
grub4dos-0.4.5c/docs/ChangeLog_chenall.txt
.vbs
grub4dos-0.4.5c/docs/README_GRUB4DOS.txt
.vbs
grub4dos-0.4.5c/docs/README_GRUB4DOS_CN.txt
.vbs
grub4dos-0.4.5c/eltorito.sys
grub4dos-0.4.5c/grldr
grub4dos-0.4.5c/grldr.mbr
grub4dos-0.4.5c/grub.exe
grub4dos-0.4.5c/grub.pif
grub4dos-0.4.5c/grub4dos_r370.diff
grub4dos-0.4.5c/hmload.com
grub4dos-0.4.5c/sample/config.sys
grub4dos-0.4.5c/sample/default
grub4dos-0.4.5c/sample/menu.lst
history.txt
.vbs
libewf.dll
.dll windows:5 windows x86 arch:x86

77d7bd9ed618ac78cc0d217a9526de35

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

DisableThreadLibraryCalls
HeapReAlloc
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
InterlockedCompareExchange
Sleep
InterlockedExchange
OutputDebugStringA
GetFileAttributesW
GetFileAttributesA
DeviceIoControl
GetFileType
GetFileSizeEx
SetEndOfFile
SetFilePointerEx
WriteFile
ReadFile
GetOverlappedResult
CloseHandle
CreateFileW
CreateFileA
CreateDirectoryW
GetCurrentDirectoryW
SetCurrentDirectoryW
CreateDirectoryA
GetCurrentDirectoryA
SetCurrentDirectoryA
GetLastError
GetProcessHeap
HeapFree
RtlUnwind
HeapAlloc
FormatMessageW

zlib

compress2
compressBound
uncompress

msvcrt

_strnicmp
_wcsnicmp
malloc
free
_XcptFilter
fclose
_amsg_exit
mbtowc
isleadbyte
_snprintf
_itoa
wctomb
ferror
__badioinfo
__pioinfo
_fileno
_lseeki64
_write
_isatty
fopen
vfprintf
wcstombs_s
fprintf
time
_tzname
memchr
wcslen
wcsncpy
memcmp
mktime
localtime
memset
strlen
memcpy
_iob
__mb_cur_max
_vsnwprintf
_errno
_initterm

advapi32

CryptReleaseContext
CryptAcquireContextW
CryptDestroyHash
CryptHashData
CryptGetHashParam
CryptCreateHash

Exports

Exports

libewf_check_file_signature
libewf_check_file_signature_file_io_handle
libewf_check_file_signature_wide
libewf_error_backtrace_fprint
libewf_error_backtrace_sprint
libewf_error_fprint
libewf_error_free
libewf_error_sprint
libewf_file_entry_free
libewf_file_entry_get_access_time
libewf_file_entry_get_amount_of_sub_file_entries
libewf_file_entry_get_creation_time
libewf_file_entry_get_duplicate_media_data_offset
libewf_file_entry_get_entry_modification_time
libewf_file_entry_get_flags
libewf_file_entry_get_media_data_offset
libewf_file_entry_get_media_data_size
libewf_file_entry_get_modification_time
libewf_file_entry_get_name
libewf_file_entry_get_name_size
libewf_file_entry_get_number_of_sub_file_entries
libewf_file_entry_get_offset
libewf_file_entry_get_size
libewf_file_entry_get_sub_file_entry
libewf_file_entry_get_sub_file_entry_by_utf16_name
libewf_file_entry_get_sub_file_entry_by_utf16_path
libewf_file_entry_get_sub_file_entry_by_utf8_name
libewf_file_entry_get_sub_file_entry_by_utf8_path
libewf_file_entry_get_type
libewf_file_entry_get_utf16_hash_value_md5
libewf_file_entry_get_utf16_hash_value_sha1
libewf_file_entry_get_utf16_name
libewf_file_entry_get_utf16_name_size
libewf_file_entry_get_utf8_hash_value_md5
libewf_file_entry_get_utf8_hash_value_sha1
libewf_file_entry_get_utf8_name
libewf_file_entry_get_utf8_name_size
libewf_file_entry_read_buffer
libewf_file_entry_read_buffer_at_offset
libewf_file_entry_read_random
libewf_file_entry_seek_offset
libewf_file_get_file_entry_by_utf16_path
libewf_file_get_file_entry_by_utf8_path
libewf_get_access_flags_read
libewf_get_access_flags_read_write
libewf_get_access_flags_write
libewf_get_access_flags_write_resume
libewf_get_codepage
libewf_get_flags_read
libewf_get_flags_read_write
libewf_get_flags_write
libewf_get_flags_write_resume
libewf_get_version
libewf_glob
libewf_glob_free
libewf_glob_wide
libewf_glob_wide_free
libewf_handle_add_acquiry_error
libewf_handle_add_crc_error
libewf_handle_add_session
libewf_handle_append_acquiry_error
libewf_handle_append_checksum_error
libewf_handle_append_session
libewf_handle_append_track
libewf_handle_clone
libewf_handle_close
libewf_handle_copy_header_values
libewf_handle_copy_media_values
libewf_handle_free
libewf_handle_get_acquiry_error
libewf_handle_get_amount_of_acquiry_errors
libewf_handle_get_amount_of_crc_errors
libewf_handle_get_amount_of_hash_values
libewf_handle_get_amount_of_header_values
libewf_handle_get_amount_of_sectors
libewf_handle_get_amount_of_sessions
libewf_handle_get_bytes_per_sector
libewf_handle_get_checksum_error
libewf_handle_get_chunk_size
libewf_handle_get_compression_method
libewf_handle_get_compression_values
libewf_handle_get_crc_error
libewf_handle_get_delta_segment_file_size
libewf_handle_get_delta_segment_filename
libewf_handle_get_delta_segment_filename_size
libewf_handle_get_delta_segment_filename_size_wide
libewf_handle_get_delta_segment_filename_wide
libewf_handle_get_error_granularity
libewf_handle_get_file_io_handle
libewf_handle_get_filename
libewf_handle_get_filename_size
libewf_handle_get_filename_size_wide
libewf_handle_get_filename_wide
libewf_handle_get_format
libewf_handle_get_hash_value
libewf_handle_get_hash_value_identifier
libewf_handle_get_hash_value_identifier_size
libewf_handle_get_hash_value_size
libewf_handle_get_header_codepage
libewf_handle_get_header_value
libewf_handle_get_header_value_identifier
libewf_handle_get_header_value_identifier_size
libewf_handle_get_header_value_size
libewf_handle_get_header_values_date_format
libewf_handle_get_maximum_delta_segment_size
libewf_handle_get_maximum_segment_size
libewf_handle_get_md5_hash
libewf_handle_get_media_flags
libewf_handle_get_media_size
libewf_handle_get_media_type
libewf_handle_get_number_of_acquiry_errors
libewf_handle_get_number_of_checksum_errors
libewf_handle_get_number_of_chunks_written
libewf_handle_get_number_of_crc_errors
libewf_handle_get_number_of_hash_values
libewf_handle_get_number_of_header_values
libewf_handle_get_number_of_sectors
libewf_handle_get_number_of_sessions
libewf_handle_get_number_of_tracks
libewf_handle_get_offset
libewf_handle_get_root_file_entry
libewf_handle_get_sectors_per_chunk
libewf_handle_get_segment_file_set_identifier
libewf_handle_get_segment_file_size
libewf_handle_get_segment_file_version
libewf_handle_get_segment_filename
libewf_handle_get_segment_filename_size
libewf_handle_get_segment_filename_size_wide
libewf_handle_get_segment_filename_wide
libewf_handle_get_session
libewf_handle_get_sha1_hash
libewf_handle_get_track
libewf_handle_get_utf16_hash_value
libewf_handle_get_utf16_hash_value_size
libewf_handle_get_utf16_header_value
libewf_handle_get_utf16_header_value_size
libewf_handle_get_utf8_hash_value
libewf_handle_get_utf8_hash_value_size
libewf_handle_get_utf8_header_value
libewf_handle_get_utf8_header_value_size
libewf_handle_get_write_amount_of_chunks
libewf_handle_initialize
libewf_handle_open
libewf_handle_open_file_io_pool
libewf_handle_open_wide
libewf_handle_prepare_read_chunk
libewf_handle_prepare_write_chunk
libewf_handle_read_buffer
libewf_handle_read_buffer_at_offset
libewf_handle_read_chunk
libewf_handle_read_random
libewf_handle_seek_offset
libewf_handle_segment_files_corrupted
libewf_handle_segment_files_encrypted
libewf_handle_set_bytes_per_sector
libewf_handle_set_compression_method
libewf_handle_set_compression_values
libewf_handle_set_delta_segment_file_size
libewf_handle_set_delta_segment_filename
libewf_handle_set_delta_segment_filename_wide
libewf_handle_set_error_granularity
libewf_handle_set_format
libewf_handle_set_hash_value
libewf_handle_set_header_codepage
libewf_handle_set_header_value
libewf_handle_set_header_values_date_format
libewf_handle_set_maximum_amount_of_open_handles
libewf_handle_set_maximum_delta_segment_size
libewf_handle_set_maximum_number_of_open_handles
libewf_handle_set_maximum_segment_size
libewf_handle_set_md5_hash
libewf_handle_set_media_flags
libewf_handle_set_media_size
libewf_handle_set_media_type
libewf_handle_set_read_wipe_chunk_on_error
libewf_handle_set_read_zero_chunk_on_error
libewf_handle_set_sectors_per_chunk
libewf_handle_set_segment_file_set_identifier
libewf_handle_set_segment_file_size
libewf_handle_set_segment_filename
libewf_handle_set_segment_filename_wide
libewf_handle_set_sha1_hash
libewf_handle_set_utf16_hash_value
libewf_handle_set_utf16_header_value
libewf_handle_set_utf8_hash_value
libewf_handle_set_utf8_header_value
libewf_handle_signal_abort
libewf_handle_write_buffer
libewf_handle_write_buffer_at_offset
libewf_handle_write_chunk
libewf_handle_write_finalize
libewf_handle_write_random
libewf_notify_set_stream
libewf_notify_set_verbose
libewf_notify_stream_close
libewf_notify_stream_open
libewf_set_codepage

Sections

.text
Size: 651KB - Virtual size: 651KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 356KB - Virtual size: 355KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 310KB - Virtual size: 311KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
libqcow.dll
.dll windows:5 windows x86 arch:x86

aec0bd24b33fe949bd2b3bc001b64124

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

DisableThreadLibraryCalls
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
InterlockedCompareExchange
Sleep
InterlockedExchange
RtlUnwind
OutputDebugStringA
GetFileAttributesW
GetFileAttributesA
DeviceIoControl
GetFileSizeEx
SetEndOfFile
SetFilePointerEx
WriteFile
ReadFile
GetOverlappedResult
CloseHandle
CreateFileW
CreateFileA
CreateDirectoryW
GetCurrentDirectoryW
SetCurrentDirectoryW
CreateDirectoryA
GetCurrentDirectoryA
SetCurrentDirectoryA
ReleaseSRWLockExclusive
ReleaseSRWLockShared
AcquireSRWLockExclusive
AcquireSRWLockShared
InitializeSRWLock
FormatMessageW
HeapReAlloc
GetLastError
GetProcessHeap
HeapFree
GetFileType
HeapAlloc
GetSystemTimeAsFileTime

zlib

inflate
inflateEnd
inflateInit2_

msvcrt

mbtowc
isleadbyte
_snprintf
_itoa
ferror
__badioinfo
__pioinfo
_fileno
_lseeki64
_write
_isatty
_amsg_exit
_initterm
_XcptFilter
free
malloc
_wcsnicmp
_strnicmp
fclose
fopen
time
wcsncpy
wcstombs_s
fprintf
memcmp
memcpy
wcslen
strlen
memset
_iob
__mb_cur_max
_vsnwprintf
_errno

advapi32

CryptAcquireContextW
CryptDestroyKey
CryptImportKey
CryptDecrypt
CryptEncrypt
CryptGetKeyParam
CryptSetKeyParam
CryptReleaseContext

Exports

Exports

libqcow_check_file_signature
libqcow_check_file_signature_file_io_handle
libqcow_check_file_signature_wide
libqcow_error_backtrace_fprint
libqcow_error_backtrace_sprint
libqcow_error_fprint
libqcow_error_free
libqcow_error_sprint
libqcow_file_close
libqcow_file_free
libqcow_file_get_encryption_method
libqcow_file_get_format_version
libqcow_file_get_media_size
libqcow_file_get_offset
libqcow_file_initialize
libqcow_file_open
libqcow_file_open_file_io_handle
libqcow_file_open_wide
libqcow_file_read_buffer
libqcow_file_read_buffer_at_offset
libqcow_file_seek_offset
libqcow_file_set_keys
libqcow_file_set_utf16_password
libqcow_file_set_utf8_password
libqcow_file_signal_abort
libqcow_get_access_flags_read
libqcow_get_access_flags_read_write
libqcow_get_access_flags_write
libqcow_get_codepage
libqcow_get_version
libqcow_notify_set_stream
libqcow_notify_set_verbose
libqcow_notify_stream_close
libqcow_notify_stream_open
libqcow_set_codepage

Sections

.text
Size: 219KB - Virtual size: 218KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 349KB - Virtual size: 348KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 88KB - Virtual size: 89KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
libvhdi.dll
.dll windows:5 windows x86 arch:x86

cd2af0c82ae8f594a06da6dbad50da72

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

HeapAlloc
HeapFree
GetProcessHeap
DisableThreadLibraryCalls
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
InterlockedCompareExchange
Sleep
InterlockedExchange
RtlUnwind
OutputDebugStringA
GetFileAttributesW
GetFileAttributesA
DeviceIoControl
GetFileType
GetFileSizeEx
SetEndOfFile
SetFilePointerEx
WriteFile
ReadFile
GetOverlappedResult
CreateFileW
CreateFileA
CreateDirectoryW
GetCurrentDirectoryW
SetCurrentDirectoryW
CreateDirectoryA
GetCurrentDirectoryA
SetCurrentDirectoryA
SetEvent
WaitForSingleObject
EnterCriticalSection
ResetEvent
LeaveCriticalSection
CloseHandle
InitializeCriticalSection
CreateEventW
GetLastError
DeleteCriticalSection
HeapReAlloc
FormatMessageW

msvcrt

_amsg_exit
mbtowc
_initterm
_snprintf
_itoa
ferror
__badioinfo
__pioinfo
_fileno
_lseeki64
_write
_isatty
_XcptFilter
free
malloc
_wcsnicmp
_strnicmp
wcsncpy
fclose
fopen
time
wcstombs_s
fprintf
memcmp
memcpy
wcslen
strlen
memset
_iob
__mb_cur_max
_vsnwprintf
_errno
isleadbyte

Exports

Exports

libvhdi_check_file_signature
libvhdi_check_file_signature_file_io_handle
libvhdi_check_file_signature_wide
libvhdi_error_backtrace_fprint
libvhdi_error_backtrace_sprint
libvhdi_error_fprint
libvhdi_error_free
libvhdi_error_sprint
libvhdi_file_close
libvhdi_file_free
libvhdi_file_get_disk_type
libvhdi_file_get_format_version
libvhdi_file_get_identifier
libvhdi_file_get_media_size
libvhdi_file_get_offset
libvhdi_file_get_parent_identifier
libvhdi_file_get_utf16_parent_filename
libvhdi_file_get_utf16_parent_filename_size
libvhdi_file_get_utf8_parent_filename
libvhdi_file_get_utf8_parent_filename_size
libvhdi_file_initialize
libvhdi_file_open
libvhdi_file_open_file_io_handle
libvhdi_file_open_wide
libvhdi_file_read_buffer
libvhdi_file_read_buffer_at_offset
libvhdi_file_seek_offset
libvhdi_file_set_parent_file
libvhdi_file_signal_abort
libvhdi_get_access_flags_read
libvhdi_get_access_flags_read_write
libvhdi_get_access_flags_write
libvhdi_get_codepage
libvhdi_get_version
libvhdi_notify_set_stream
libvhdi_notify_set_verbose
libvhdi_notify_stream_close
libvhdi_notify_stream_open
libvhdi_set_codepage

Sections

.text
Size: 207KB - Virtual size: 206KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 349KB - Virtual size: 348KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 84KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
libvmdk.dll
.dll windows:5 windows x86 arch:x86

dfa4f6c579b1f2a61dc0224ea2815f6a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

HeapAlloc
HeapFree
GetProcessHeap
DisableThreadLibraryCalls
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
InterlockedCompareExchange
Sleep
InterlockedExchange
RtlUnwind
OutputDebugStringA
GetFileAttributesW
GetFileAttributesA
DeviceIoControl
GetFileType
GetFileSizeEx
SetEndOfFile
SetFilePointerEx
WriteFile
ReadFile
GetOverlappedResult
CreateFileW
CreateFileA
CreateDirectoryW
GetCurrentDirectoryW
SetCurrentDirectoryW
CreateDirectoryA
GetCurrentDirectoryA
SetCurrentDirectoryA
SetEvent
WaitForSingleObject
EnterCriticalSection
ResetEvent
LeaveCriticalSection
CloseHandle
InitializeCriticalSection
CreateEventW
GetLastError
DeleteCriticalSection
HeapReAlloc
FormatMessageW

zlib

uncompress

msvcrt

_XcptFilter
_initterm
_amsg_exit
free
mbtowc
isleadbyte
_snprintf
_itoa
ferror
__badioinfo
__pioinfo
_fileno
_lseeki64
_write
_isatty
malloc
_wcsnicmp
_strnicmp
time
fclose
fopen
wcstombs_s
fprintf
wcslen
wcsrchr
strlen
strrchr
wcsncpy
memcpy
memcmp
memset
_iob
__mb_cur_max
_vsnwprintf
_errno

Exports

Exports

libvmdk_check_file_signature
libvmdk_check_file_signature_file_io_handle
libvmdk_check_file_signature_wide
libvmdk_error_backtrace_fprint
libvmdk_error_backtrace_sprint
libvmdk_error_fprint
libvmdk_error_free
libvmdk_error_sprint
libvmdk_extent_descriptor_free
libvmdk_extent_descriptor_get_range
libvmdk_extent_descriptor_get_type
libvmdk_extent_descriptor_get_utf16_filename
libvmdk_extent_descriptor_get_utf16_filename_size
libvmdk_extent_descriptor_get_utf8_filename
libvmdk_extent_descriptor_get_utf8_filename_size
libvmdk_get_access_flags_read
libvmdk_get_codepage
libvmdk_get_version
libvmdk_handle_close
libvmdk_handle_free
libvmdk_handle_get_content_identifier
libvmdk_handle_get_disk_type
libvmdk_handle_get_extent_descriptor
libvmdk_handle_get_media_size
libvmdk_handle_get_number_of_extents
libvmdk_handle_get_offset
libvmdk_handle_get_parent_content_identifier
libvmdk_handle_get_utf16_parent_filename
libvmdk_handle_get_utf16_parent_filename_size
libvmdk_handle_get_utf8_parent_filename
libvmdk_handle_get_utf8_parent_filename_size
libvmdk_handle_initialize
libvmdk_handle_open
libvmdk_handle_open_extent_data_files
libvmdk_handle_open_extent_data_files_file_io_pool
libvmdk_handle_open_file_io_handle
libvmdk_handle_open_wide
libvmdk_handle_read_buffer
libvmdk_handle_read_buffer_at_offset
libvmdk_handle_seek_offset
libvmdk_handle_set_parent_handle
libvmdk_handle_signal_abort
libvmdk_notify_set_stream
libvmdk_notify_set_verbose
libvmdk_notify_stream_close
libvmdk_notify_stream_open
libvmdk_set_codepage

Sections

.text
Size: 294KB - Virtual size: 294KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 349KB - Virtual size: 349KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 131KB - Virtual size: 132KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
offreg.dll
.dll windows:6 windows x86 arch:x86

7f06a5f1ddbdb3daa4bd9e267b9e1f4c

Code Sign

61:04:b3:f5:00:00:00:00:00:0d
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

25/07/2008, 19:13

Not After

25/07/2011, 19:23

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:9E78-864B-039D,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

61:15:23:0f:00:00:00:00:00:0a
Certificate

Issuer

CN=Microsoft Windows Verification PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

07/12/2009, 21:57

Not After

07/03/2011, 21:57

Subject

CN=Microsoft Windows,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03/04/2007, 12:53

Not After

03/04/2021, 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:07:02:dc:00:00:00:00:00:0b
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

15/09/2005, 21:55

Not After

15/03/2016, 22:05

Subject

CN=Microsoft Windows Verification PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

13:3f:33:a4:99:03:ab:e0:5c:63:75:f6:fe:c4:d9:6b:4d:c1:a9:d5
Signer

Actual PE Digest

13:3f:33:a4:99:03:ab:e0:5c:63:75:f6:fe:c4:d9:6b:4d:c1:a9:d5

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

offreg.pdb

Imports

msvcrt

_wcsicmp
_aligned_malloc
_aligned_free
towupper
_wcsnicmp
memmove
memcpy
memset
_amsg_exit
_initterm
free
malloc
_XcptFilter

kernel32

DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
FreeLibrary
GetProcAddress
GetLastError
LoadLibraryA
TlsFree
TlsAlloc
TlsGetValue
InitializeCriticalSectionAndSpinCount
HeapFree
HeapAlloc
GetProcessHeap
CreateFileW
CloseHandle
ReadFile
WriteFile
GetFileSizeEx
FlushFileBuffers
GetCurrentProcessId
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
InterlockedExchange
Sleep
InterlockedCompareExchange
RtlUnwind
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
TlsSetValue
GetSystemTimeAsFileTime
TerminateProcess

advapi32

InitializeSid
DestroyPrivateObjectSecurity
IsValidSecurityDescriptor
GetSecurityDescriptorControl
MakeSelfRelativeSD
SetSecurityDescriptorGroup
SetSecurityDescriptorOwner
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
SetPrivateObjectSecurityEx
CreatePrivateObjectSecurityWithMultipleInheritance
GetAce
AddAccessAllowedAce
InitializeAcl
GetLengthSid
IsValidSid
GetSidLengthRequired
GetSecurityDescriptorLength
GetSidSubAuthority

Exports

Exports

ORCloseHive
ORCloseKey
ORCreateHive
ORCreateKey
ORDeleteKey
ORDeleteValue
OREnumKey
OREnumValue
ORGetKeySecurity
ORGetValue
ORGetVersion
ORGetVirtualFlags
OROpenHive
OROpenKey
ORQueryInfoKey
ORSaveHive
ORSetKeySecurity
ORSetValue
ORSetVirtualFlags

Sections

.text
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

PAGE
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1008B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
version.txt
wimscript.ini
zlib.dll
.dll windows:5 windows x86 arch:x86

5e81ff4a19d5ce71c46d94733465facf

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
InterlockedCompareExchange
Sleep
InterlockedExchange
RtlUnwind
GetSystemTimeAsFileTime

msvcrt

_vsnprintf
memset
memcpy
_lseeki64
_open
_wopen
_snprintf
strlen
wcstombs
free
malloc
_read
memchr
_close
_write
_XcptFilter
_initterm
_amsg_exit
_errno
strerror

Exports

Exports

adler32
adler32_combine
compress
compress2
compressBound
crc32
crc32_combine
deflate
deflateBound
deflateCopy
deflateEnd
deflateInit2_
deflateInit_
deflateParams
deflatePending
deflatePrime
deflateReset
deflateResetKeep
deflateSetDictionary
deflateSetHeader
deflateTune
get_crc_table
gzbuffer
gzclearerr
gzclose
gzclose_r
gzclose_w
gzdirect
gzdopen
gzeof
gzerror
gzflush
gzgetc
gzgetc_
gzgets
gzoffset
gzoffset64
gzopen
gzopen64
gzopen_w
gzprintf
gzputc
gzputs
gzread
gzrewind
gzseek
gzseek64
gzsetparams
gztell
gztell64
gzungetc
gzvprintf
gzwrite
inflate
inflateBack
inflateBackEnd
inflateBackInit_
inflateCopy
inflateEnd
inflateGetDictionary
inflateGetHeader
inflateInit2_
inflateInit_
inflateMark
inflatePrime
inflateReset
inflateReset2
inflateResetKeep
inflateSetDictionary
inflateSync
inflateSyncPoint
inflateUndermine
uncompress
zError
zlibCompileFlags
zlibVersion

Sections

.text
Size: 67KB - Virtual size: 67KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

cc813d55cc2d17aec7dc54390f0ba80b

Headers

File Characteristics

Imports

oleaut32

advapi32

user32

kernel32

gdi32

version

mpr

ole32

comctl32

shell32

comdlg32

wsock32

msvcrt

shlwapi

Exports

Exports

Sections

.text Size: 4.3MB - Virtual size: 4.3MB

.data Size: 330KB - Virtual size: 329KB

.bss Size: - Virtual size: 567KB

.idata Size: 24KB - Virtual size: 23KB

.didata Size: 3KB - Virtual size: 3KB

.edata Size: 512B - Virtual size: 95B

.tls Size: - Virtual size: 1KB

.rdata Size: 512B - Virtual size: 40B

.pdata Size: 191KB - Virtual size: 190KB

.rsrc Size: 490KB - Virtual size: 490KB

9e397d837a8450a4506a4b2075609cd1

Headers

File Characteristics

Imports

ws2_32

user32

msvcrt

kernel32

Sections

.text Size: 11KB - Virtual size: 10KB

.rdata Size: 2KB - Virtual size: 1KB

.data Size: 7KB - Virtual size: 9KB

77d7bd9ed618ac78cc0d217a9526de35

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

zlib

msvcrt

advapi32

Exports

Exports

Sections

.text Size: 651KB - Virtual size: 651KB

.rdata Size: 356KB - Virtual size: 355KB

.data Size: 310KB - Virtual size: 311KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 40KB - Virtual size: 39KB

aec0bd24b33fe949bd2b3bc001b64124

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

zlib

msvcrt

advapi32

Exports

Exports

Sections

.text Size: 219KB - Virtual size: 218KB

.rdata Size: 349KB - Virtual size: 348KB

.data Size: 88KB - Virtual size: 89KB

.text
Size: 4.3MB - Virtual size: 4.3MB

.data
Size: 330KB - Virtual size: 329KB

.bss
Size: - Virtual size: 567KB

.idata
Size: 24KB - Virtual size: 23KB

.didata
Size: 3KB - Virtual size: 3KB

.edata
Size: 512B - Virtual size: 95B

.tls
Size: - Virtual size: 1KB

.rdata
Size: 512B - Virtual size: 40B

.pdata
Size: 191KB - Virtual size: 190KB

.rsrc
Size: 490KB - Virtual size: 490KB

.text
Size: 11KB - Virtual size: 10KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 7KB - Virtual size: 9KB

.text
Size: 651KB - Virtual size: 651KB

.rdata
Size: 356KB - Virtual size: 355KB

.data
Size: 310KB - Virtual size: 311KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 40KB - Virtual size: 39KB

.text
Size: 219KB - Virtual size: 218KB

.rdata
Size: 349KB - Virtual size: 348KB

.data
Size: 88KB - Virtual size: 89KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 15KB - Virtual size: 15KB

.text
Size: 207KB - Virtual size: 206KB

.rdata
Size: 349KB - Virtual size: 348KB

.data
Size: 84KB - Virtual size: 84KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 15KB - Virtual size: 14KB

.text
Size: 294KB - Virtual size: 294KB

.rdata
Size: 349KB - Virtual size: 349KB

.data
Size: 131KB - Virtual size: 132KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 20KB - Virtual size: 19KB

61:04:b3:f5:00:00:00:00:00:0d
Certificate

61:15:23:0f:00:00:00:00:00:0a
Certificate

61:16:68:34:00:00:00:00:00:1c
Certificate

61:07:02:dc:00:00:00:00:00:0b
Certificate

13:3f:33:a4:99:03:ab:e0:5c:63:75:f6:fe:c4:d9:6b:4d:c1:a9:d5
Signer

.text
Size: 27KB - Virtual size: 26KB

PAGE
Size: 16KB - Virtual size: 15KB

.data
Size: 1024B - Virtual size: 1KB

.rsrc
Size: 1024B - Virtual size: 1008B

.reloc
Size: 2KB - Virtual size: 1KB