PotaoExpress[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

PotaoExpress.zip
Size

23.4MB
MD5

2677e57cd46328182af9ad3ea6dbe8d3
SHA1

16977ed39c01cdfedf5363bc473d16cad6173e43
SHA256

6b552cbb28bc63f034841ddeb188064fc770a82c44ce9b10992ed0597e31e35e
SHA512

6be9444893e89501d823efc5231870da2535dcd3db5cb4bd881c612257e08995dbd330f950aa277fc636dd4adb9d8f84ac67c7c56695dac28a5e035a100d23e9
SSDEEP

393216:Py3T9Ym81zJHC0x2EaxE6uEeAjqY1vt5Zbb2IycFu/pclFAMEdIcWFofdTmV8em3:63ym83tgxE67eUqqVbb2KFWSe79fZG81

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 6 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/Potao Express/Potao_1stVersion/Potao_1stVersion_0C7183D761F15772B7E9C788BE601D29	upx
static1/unpack001/Potao Express/Potao_1stVersion/Potao_1stVersion_14634D446471B9E2F55158D9AC09D0B2	upx
static1/unpack001/Potao Express/Potao_1stVersion/Potao_1stVersion_85B0E3264820008A30F17CA19332FA19	upx
static1/unpack001/Potao Express/Potao_1stVersion/Potao_1stVersion_A35E48909A49334A7EBB5448A78DCFF9	upx
static1/unpack001/Potao Express/Potao_1stVersion/Potao_1stVersion_D1658B792DD1569ABC27966083F59D44	upx
static1/unpack001/Potao Express/Potao_1stVersion/Potao_1stVersion_D939A05E1E3C9D7B6127D503C025DBC4	upx

Unsigned PE 67 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Potao Express/Potao_1stVersion/Potao_1stVersion_0C7183D761F15772B7E9C788BE601D29
unpack002/out.upx
unpack001/Potao Express/Potao_1stVersion/Potao_1stVersion_14634D446471B9E2F55158D9AC09D0B2
unpack003/out.upx
unpack001/Potao Express/Potao_1stVersion/Potao_1stVersion_3B7D88A069631111D5585B1B10CCCC86
unpack001/Potao Express/Potao_1stVersion/Potao_1stVersion_502F35002B1A95F1AE135BAFF6CFF836
unpack001/Potao Express/Potao_1stVersion/Potao_1stVersion_85B0E3264820008A30F17CA19332FA19
unpack004/out.upx
unpack001/Potao Express/Potao_1stVersion/Potao_1stVersion_A35E48909A49334A7EBB5448A78DCFF9
unpack005/out.upx
unpack001/Potao Express/Potao_1stVersion/Potao_1stVersion_A446CED5DB1DE877CF78F77741E2A804
unpack001/Potao Express/Potao_1stVersion/Potao_1stVersion_AC854A3C91D52BFC09605506E76975AE
unpack001/Potao Express/Potao_1stVersion/Potao_1stVersion_D1658B792DD1569ABC27966083F59D44
unpack006/out.upx
unpack001/Potao Express/Potao_1stVersion/Potao_1stVersion_D939A05E1E3C9D7B6127D503C025DBC4
unpack007/out.upx
unpack001/Potao Express/Potao_DebugVersion/Potao_DebugVersion_5199FCD031987834ED3121FB316F4970
unpack001/Potao Express/Potao_DebugVersion/Potao_DebugVersion_7263A328F0D47C76B4E103546B648484
unpack001/Potao Express/Potao_DebugVersion/Potao_DebugVersion_BDC9255DF5385F534FEA83B497C371C8
unpack001/Potao Express/Potao_Droppersfrompostalsites/Potao_Droppersfrompostalsites_07E99B2F572B84AF5C4504C23F1653BB
unpack001/Potao Express/Potao_Droppersfrompostalsites/Potao_Droppersfrompostalsites_1927A80CD45F0D27B1AE034C11DDEDB0
unpack001/Potao Express/Potao_Droppersfrompostalsites/Potao_Droppersfrompostalsites_579AD4A596602A10B7CF4659B6B6909D
unpack001/Potao Express/Potao_Droppersfrompostalsites/Potao_Droppersfrompostalsites_65F494580C95E10541D1F377C0A7BD49
unpack001/Potao Express/Potao_Droppersfrompostalsites/Potao_Droppersfrompostalsites_A4B0615CB639607E6905437DD900C059
unpack001/Potao Express/Potao_Droppersfrompostalsites/Potao_Droppersfrompostalsites_E64EB8B571F655B744C9154D8032CAEF
unpack001/Potao Express/Potao_Dropperswdecoy/Potao_Dropperswdecoy_5A24A7370F35DBDBB81ADF52E769A442
unpack001/Potao Express/Potao_Dropperswdecoy/Potao_Dropperswdecoy_73E7EE83133A175B815059F1AF79AB1B
unpack001/Potao Express/Potao_Dropperswdecoy/Potao_Dropperswdecoy_B4D909077AA25F31386722E716A5305C
unpack001/Potao Express/Potao_Dropperswdecoy/Potao_Dropperswdecoy_D755E52BA5658A639C778C22D1A906A3
unpack001/Potao Express/Potao_Dropperswdecoy/Potao_Dropperswdecoy_EEBBCB1ED5F5606AEC296168DEE39166
unpack001/Potao Express/Potao_Dropperswdecoy/Potao_Dropperswdecoy_FC4B285088413127B6D827656B9D0481
unpack001/Potao Express/Potao_FakeTrueCryptSetup/Potao_FakeTrueCryptSetup_83F3EC97A95595EBE40A75E94C98A7BD
unpack001/Potao Express/Potao_FakeTrueCryptSetup/Potao_FakeTrueCryptSetup_BABD17701CBE876149DC07E68EC7CA4F
unpack001/Potao Express/Potao_FakeTrueCryptSetup/Potao_FakeTrueCryptSetup_CFC8901FE6A9A8299087BFC73AE8909E
unpack001/Potao Express/Potao_FakeTrueCryptSetup/Potao_FakeTrueCryptSetup_F34B77F7B2233EE6F727D59FB28F438A
unpack001/Potao Express/Potao_FakeTrueCryptextracted exe/Potao_FakeTrueCryptextracted exe_7CA6101C2AE4838FBBD7CEB0B2354E43
unpack001/Potao Express/Potao_FakeTrueCryptextracted exe/Potao_FakeTrueCryptextracted exe_B64DBE5817B24D17A0404E9B2606AD96
unpack001/Potao Express/Potao_FakeTrueCryptextracted exe/Potao_FakeTrueCryptextracted exe_C1F715FF0AFC78AF81D215D485CC235C
unpack001/Potao Express/Potao_FakeTrueCryptextracted exe/Potao_FakeTrueCryptextracted exe_F64704ED25F4C728AF996EEE3EE85411
unpack001/Potao Express/Potao_OtherDroppers/Potao_OtherDroppers_02D438DF779AFFDDAF02CA995C60CECB
unpack001/Potao Express/Potao_OtherDroppers/Potao_OtherDroppers_043F99A875424CA0023A21739DBA51EF
unpack001/Potao Express/Potao_OtherDroppers/Potao_OtherDroppers_11B4E7EA6BAE19A29343AE3FF3FB00CA
unpack001/Potao Express/Potao_OtherDroppers/Potao_OtherDroppers_1AB8D45656E245ACA4E59AA0519F6BA0
unpack001/Potao Express/Potao_OtherDroppers/Potao_OtherDroppers_27D74523B182AE630C4E5236897E11F3
unpack001/Potao Express/Potao_OtherDroppers/Potao_OtherDroppers_360DF4C2F2B99052C07E08EDBE15AB2C
unpack001/Potao Express/Potao_OtherDroppers/Potao_OtherDroppers_38E708FEA8016520CB25D3CB933F2244
unpack001/Potao Express/Potao_OtherDroppers/Potao_OtherDroppers_6BA88E8E74B12C914483C026AE92EB42
unpack001/Potao Express/Potao_OtherDroppers/Potao_OtherDroppers_89A3EA3967745E04199EBF222494452E
unpack001/Potao Express/Potao_USBSpreaders/Potao_USBSpreaders_057028E46EA797834DA401E4DB7C860A
unpack001/Potao Express/Potao_USBSpreaders/Potao_USBSpreaders_1234BF4F0F5DEBC800D85C1BD2255671
unpack001/Potao Express/Potao_USBSpreaders/Potao_USBSpreaders_2646F7159E1723F089D63E08C8BFAFFB
unpack001/Potao Express/Potao_USBSpreaders/Potao_USBSpreaders_2BD0D2B5EE4E93717EA71445B102E38E
unpack001/Potao Express/Potao_USBSpreaders/Potao_USBSpreaders_35724E234F6258E601257FB219DB9079
unpack001/Potao Express/Potao_USBSpreaders/Potao_USBSpreaders_3813B848162261CC5982DD64C741B450
unpack001/Potao Express/Potao_USBSpreaders/Potao_USBSpreaders_39B67CC6DAE5214328022C44F28CED8B
unpack001/Potao Express/Potao_USBSpreaders/Potao_USBSpreaders_514423670DE210F13092D6CB8916748E
unpack001/Potao Express/Potao_USBSpreaders/Potao_USBSpreaders_542B00F903F945AD3A9291CB0AF73446
unpack001/Potao Express/Potao_USBSpreaders/Potao_USBSpreaders_609ABB2A86C324BBB9BA1E253595E573
unpack001/Potao Express/Potao_USBSpreaders/Potao_USBSpreaders_76DDA7CA15323FD658054E0550149B7B
unpack001/Potao Express/Potao_USBSpreaders/Potao_USBSpreaders_9179F4683ECE450C1AC7A819B32BDB6D
unpack001/Potao Express/Potao_USBSpreaders/Potao_USBSpreaders_A2BB01B764491DD61FA3A7BA5AFC709C
unpack001/Potao Express/Potao_USBSpreaders/Potao_USBSpreaders_A427FF7ABB17AF6CF5FB70C49E9BF4E1
unpack001/Potao Express/Potao_USBSpreaders/Potao_USBSpreaders_A59053CC3F66E72540634EB7895824AC
unpack001/Potao Express/Potao_USBSpreaders/Potao_USBSpreaders_ABB9F4FAB64DD7A03574ABDD1076B5EA
unpack001/Potao Express/Potao_USBSpreaders/Potao_USBSpreaders_AE552FC43F1BA8684655D8BF8C6AF869
unpack001/Potao Express/Potao_USBSpreaders/Potao_USBSpreaders_CDC60EB93B594FB5E7E5895E2B441240
unpack001/Potao Express/Potao_USBSpreaders/Potao_USBSpreaders_E685EA8B37F707F3706D7281B8F6816A

Files

PotaoExpress.zip
.zip

Password: infected
Potao Express/Potao_1stVersion/Potao_1stVersion_0C7183D761F15772B7E9C788BE601D29
.exe windows:9 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 280KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 51KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:9 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.pdata
Size: 1024B - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 289KB - Virtual size: 289KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Potao Express/Potao_1stVersion/Potao_1stVersion_14634D446471B9E2F55158D9AC09D0B2
.exe windows:9 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 344KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 61KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 11KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:9 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.pdata
Size: 512B - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 362KB - Virtual size: 362KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Potao Express/Potao_1stVersion/Potao_1stVersion_3B7D88A069631111D5585B1B10CCCC86
.exe windows:5 windows x86 arch:x86

1b9b4e9f8473550d8843bf1ec474e2e9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

__p__fmode
__set_app_type
_except_handler3
__p__commode
_controlfp
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_XcptFilter
_exit
realloc
strrchr
atoi
free
_stricmp
memset
memcpy

kernel32

CloseHandle
GetModuleHandleA
LoadLibraryA
GetProcAddress
Sleep
InitializeCriticalSection
IsBadReadPtr
GetProcessHeap
HeapFree
HeapAlloc
FreeLibrary
ExitProcess
GetStartupInfoA

Sections

.text
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 79KB - Virtual size: 79KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 864B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Potao Express/Potao_1stVersion/Potao_1stVersion_502F35002B1A95F1AE135BAFF6CFF836
.exe windows:5 windows x86 arch:x86

38f4148665ca4dab151948b49b57dce9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcAddress
GetModuleHandleA
GetStartupInfoA

msvcrt

_exit
_XcptFilter
exit
_acmdln
__getmainargs
_initterm
mbstowcs
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
_controlfp
__setusermatherr
memset

user32

MessageBoxA

ole32

CoInitialize
CoUninitialize
CoCreateInstance

Sections

.text
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 844B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 30KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 602B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Potao Express/Potao_1stVersion/Potao_1stVersion_85B0E3264820008A30F17CA19332FA19
.exe windows:6 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 280KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 55KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:6 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.idata
Size: - Virtual size: 1KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1024B - Virtual size: 2KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 290KB - Virtual size: 290KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Potao Express/Potao_1stVersion/Potao_1stVersion_A35E48909A49334A7EBB5448A78DCFF9
.exe windows:10 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 348KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 57KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 11KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:10 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.rsrc
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: - Virtual size: 835B

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 363KB - Virtual size: 362KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Potao Express/Potao_1stVersion/Potao_1stVersion_A446CED5DB1DE877CF78F77741E2A804
.exe windows:5 windows x86 arch:x86

84cf44102de4fa7a332463386ee841ce

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrlenA
Sleep
lstrcatA
GetProcAddress
LoadLibraryA
GetModuleHandleA
lstrcpyA
GetStartupInfoA

msvcrt

strrchr
_exit
_XcptFilter
exit
_controlfp
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
_acmdln
memset

Sections

.text
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 948B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 42KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 778B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Potao Express/Potao_1stVersion/Potao_1stVersion_AC854A3C91D52BFC09605506E76975AE
.exe windows:5 windows x86 arch:x86

779d35758196a6425692bc7afa50626c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrlenA
Sleep
lstrcatA
GetProcAddress
LoadLibraryA
GetModuleHandleA
lstrcpyA
GetStartupInfoA

msvcrt

srand
_exit
_XcptFilter
exit
_controlfp
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
_acmdln
memset

Sections

.text
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 836B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Potao Express/Potao_1stVersion/Potao_1stVersion_D1658B792DD1569ABC27966083F59D44
.exe windows:9 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 340KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 65KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:9 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.arch
Size: 512B - Virtual size: 573B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.xdata
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 362KB - Virtual size: 362KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Potao Express/Potao_1stVersion/Potao_1stVersion_D939A05E1E3C9D7B6127D503C025DBC4
.exe windows:7 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 348KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 68KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:7 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.arch
Size: 1024B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.xdata
Size: - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 1024B - Virtual size: 517B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.text
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 363KB - Virtual size: 362KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Potao Express/Potao_DebugVersion/Potao_DebugVersion_5199FCD031987834ED3121FB316F4970
.exe windows:6 windows x86 arch:x86

d8fef9edcad453cc0c374b0775829a11

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\svn\sapotao\BIN\node69-dropper.pdb

Imports

msvcrt

memset
??3@YAXPAX@Z
strlen
strcmp
_except_handler3
sprintf
??2@YAPAXI@Z
_strdup

kernel32

RaiseException
GetModuleHandleA

user32

DestroyWindow
UnregisterClassA
GetCapture
UpdateWindow
GetDC
ReleaseDC
GetWindowTextA
CreateWindowExA
FindWindowA
LoadCursorA
LoadIconA
EnumDisplayDevicesA
DefWindowProcA
DispatchMessageA
MessageBoxA
RegisterClassExA
TranslateMessage
GetMessageA
ShowWindow

gdi32

CreateDCA

shell32

SHGetFolderPathA

comctl32

ord17

Sections

.text
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 72KB - Virtual size: 71KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 69KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: 69KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Potao Express/Potao_DebugVersion/Potao_DebugVersion_7263A328F0D47C76B4E103546B648484
.exe windows:6 windows x86 arch:x86

d8fef9edcad453cc0c374b0775829a11

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\svn\sapotao\BIN\node69-dropper.pdb

Imports

msvcrt

memset
??3@YAXPAX@Z
strlen
strcmp
_except_handler3
sprintf
??2@YAPAXI@Z
_strdup

kernel32

RaiseException
GetModuleHandleA

user32

DestroyWindow
UnregisterClassA
GetCapture
UpdateWindow
GetDC
ReleaseDC
GetWindowTextA
CreateWindowExA
FindWindowA
LoadCursorA
LoadIconA
EnumDisplayDevicesA
DefWindowProcA
DispatchMessageA
MessageBoxA
RegisterClassExA
TranslateMessage
GetMessageA
ShowWindow

gdi32

CreateDCA

shell32

SHGetFolderPathA

comctl32

ord17

Sections

.text
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Potao Express/Potao_DebugVersion/Potao_DebugVersion_BDC9255DF5385F534FEA83B497C371C8
.exe windows:6 windows x86 arch:x86

d8fef9edcad453cc0c374b0775829a11

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\svn\sapotao\BIN\node69-dropper.pdb

Imports

msvcrt

memset
??3@YAXPAX@Z
strlen
strcmp
_except_handler3
sprintf
??2@YAPAXI@Z
_strdup

kernel32

RaiseException
GetModuleHandleA

user32

DestroyWindow
UnregisterClassA
GetCapture
UpdateWindow
GetDC
ReleaseDC
GetWindowTextA
CreateWindowExA
FindWindowA
LoadCursorA
LoadIconA
EnumDisplayDevicesA
DefWindowProcA
DispatchMessageA
MessageBoxA
RegisterClassExA
TranslateMessage
GetMessageA
ShowWindow

gdi32

CreateDCA

shell32

SHGetFolderPathA

comctl32

ord17

Sections

.text
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Potao Express/Potao_Droppersfrompostalsites/Potao_Droppersfrompostalsites_07E99B2F572B84AF5C4504C23F1653BB
.exe windows:5 windows x86 arch:x86

ec350fb3ad43ad5600ea3d14fcf75c12

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

??2@YAPAXI@Z
_except_handler3
memset
??3@YAXPAX@Z
sprintf

kernel32

TerminateProcess
CloseHandle
WriteConsoleW
SetFilePointerEx
SetStdHandle
GetConsoleMode
GetConsoleCP
GetProcAddress
InitializeCriticalSectionAndSpinCount
GetTickCount
LoadLibraryA
FlushFileBuffers
GetStringTypeW
LCMapStringW
WideCharToMultiByte
OutputDebugStringW
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
LoadLibraryExW
LoadLibraryW
IsDebuggerPresent
EncodePointer
DecodePointer
IsProcessorFeaturePresent
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
GetLastError
HeapFree
HeapAlloc
RtlUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
SetLastError
GetCurrentProcess
CreateFileW
TlsGetValue
TlsSetValue
InterlockedDecrement
ExitProcess
GetModuleHandleExW
MultiByteToWideChar
GetStdHandle
WriteFile
GetModuleFileNameW
Sleep
InterlockedIncrement
GetCurrentThreadId

user32

DefDlgProcA
CreateDialogParamA
MoveWindow
GetWindowLongA
PostQuitMessage
DispatchMessageA
GetMessageA
GetDesktopWindow
LoadCursorA
IsDialogMessageA

Sections

.text
Size: 95KB - Virtual size: 94KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Potao Express/Potao_Droppersfrompostalsites/Potao_Droppersfrompostalsites_1927A80CD45F0D27B1AE034C11DDEDB0
.exe windows:5 windows x86 arch:x86

a9aba99e03845faab8cddded800bbfe9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleHandleA
RaiseException
FlushFileBuffers
CloseHandle
CreateFileW
GetStringTypeW
LCMapStringW
MultiByteToWideChar
WriteConsoleW
SetStdHandle
HeapReAlloc
LoadLibraryW
GetCommandLineA
HeapSetInformation
GetStartupInfoW
EncodePointer
DecodePointer
HeapAlloc
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
TerminateProcess
GetCurrentProcess
RtlUnwind
VirtualQuery
IsProcessorFeaturePresent
GetLastError
HeapFree
GetProcAddress
GetModuleHandleW
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameW
GetModuleFileNameA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
SetHandleCount
InitializeCriticalSectionAndSpinCount
GetFileType
DeleteCriticalSection
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
HeapCreate
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
Sleep
HeapSize
LeaveCriticalSection
EnterCriticalSection
SetFilePointer
GetConsoleCP
GetConsoleMode
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage

user32

GetMessageA
DispatchMessageA
TranslateMessage
MessageBoxA
LoadCursorA
LoadIconA
RegisterClassExA
CreateWindowExA
FindWindowA
GetWindowTextA
ShowWindow
UpdateWindow
DestroyWindow
UnregisterClassA
DefWindowProcA

Sections

.text
Size: 51KB - Virtual size: 51KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Potao Express/Potao_Droppersfrompostalsites/Potao_Droppersfrompostalsites_579AD4A596602A10B7CF4659B6B6909D
.exe windows:5 windows x86 arch:x86

92ba77217e91e7bde6ae349078237586

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

??3@YAXPAX@Z
??2@YAPAXI@Z
sprintf
_except_handler3

kernel32

GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
GetTickCount
InitializeCriticalSectionAndSpinCount
GetProcAddress
LoadLibraryA
CreateFileW
CloseHandle
WriteConsoleW
SetFilePointerEx
SetStdHandle
GetConsoleMode
GetConsoleCP
FlushFileBuffers
GetStringTypeW
LCMapStringW
WideCharToMultiByte
LoadLibraryW
IsProcessorFeaturePresent
IsDebuggerPresent
EncodePointer
DecodePointer
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
GetLastError
HeapFree
HeapAlloc
RtlUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
SetLastError
GetCurrentProcess
TerminateProcess
TlsGetValue
TlsSetValue
InterlockedDecrement
ExitProcess
GetModuleHandleExW
MultiByteToWideChar
GetStdHandle
WriteFile
GetModuleFileNameW
Sleep
InterlockedIncrement
GetCurrentThreadId
LoadLibraryExW
OutputDebugStringW

user32

DefWindowProcA

Sections

.text
Size: 96KB - Virtual size: 96KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Potao Express/Potao_Droppersfrompostalsites/Potao_Droppersfrompostalsites_65F494580C95E10541D1F377C0A7BD49
.exe windows:4 windows x86 arch:x86

9b48a7d3b265281039b65bcb806a662b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_ISOLATION
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

??2@YAPAXI@Z
_except_handler3
memset
??3@YAXPAX@Z
sprintf

kernel32

HeapAlloc
CloseHandle
WriteConsoleW
SetFilePointerEx
SetStdHandle
GetConsoleMode
GetConsoleCP
InitializeCriticalSectionAndSpinCount
Sleep
GetTickCount
FlushFileBuffers
GetStringTypeW
LCMapStringW
WideCharToMultiByte
OutputDebugStringW
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
LoadLibraryExW
GetCurrentThreadId
InterlockedIncrement
GetModuleFileNameW
WriteFile
GetStdHandle
MultiByteToWideChar
GetModuleHandleExW
ExitProcess
LoadLibraryW
IsDebuggerPresent
EncodePointer
DecodePointer
IsProcessorFeaturePresent
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
GetLastError
HeapFree
CreateFileW
RtlUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
SetLastError
GetCurrentProcess
TerminateProcess
TlsGetValue
TlsSetValue
GetProcAddress
InterlockedDecrement

user32

GetWindowLongA
MessageBoxA
SetActiveWindow
EnableWindow
SetCapture
SetFocus
DefDlgProcA
GetDlgItemTextA
EndDialog
DialogBoxParamA
CreateDialogParamA
GetDesktopWindow
GetWindowPlacement
MoveWindow
PostQuitMessage
DispatchMessageA
GetMessageA
DrawEdge
RegisterWindowMessageA
GetParent
LoadCursorA
IsDialogMessageA
SetWindowPlacement

Sections

.text
Size: 61KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 39KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Potao Express/Potao_Droppersfrompostalsites/Potao_Droppersfrompostalsites_A4B0615CB639607E6905437DD900C059
.exe windows:5 windows x86 arch:x86

6d2241eb90be26eac633c05553c52271

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

??2@YAPAXI@Z
_except_handler3
memset
??3@YAXPAX@Z
strcmp
_strdup
sprintf

kernel32

CloseHandle
WriteConsoleW
SetFilePointerEx
SetStdHandle
GetConsoleMode
GetConsoleCP
FlushFileBuffers
InitializeCriticalSectionAndSpinCount
GetModuleHandleA
GetStringTypeW
LCMapStringW
WideCharToMultiByte
OutputDebugStringW
GetCPInfo
GetOEMCP
LoadLibraryW
IsDebuggerPresent
EncodePointer
DecodePointer
IsProcessorFeaturePresent
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
GetLastError
HeapFree
HeapAlloc
RtlUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
SetLastError
GetCurrentProcess
TerminateProcess
TlsGetValue
TlsSetValue
CreateFileW
GetProcAddress
InterlockedDecrement
ExitProcess
GetModuleHandleExW
MultiByteToWideChar
GetStdHandle
WriteFile
GetModuleFileNameW
Sleep
InterlockedIncrement
GetCurrentThreadId
LoadLibraryExW
IsValidCodePage
GetACP

user32

DestroyWindow
CreateWindowExA
RegisterClassExA
ShowWindow
DefWindowProcA
DispatchMessageA
TranslateMessage
GetMessageA
UpdateWindow
GetWindowTextA
MessageBoxA
FindWindowA
LoadCursorA
LoadIconA
UnregisterClassA

Sections

.flat
Size: 61KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.idata
Size: 39KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Potao Express/Potao_Droppersfrompostalsites/Potao_Droppersfrompostalsites_E64EB8B571F655B744C9154D8032CAEF
.exe windows:5 windows x86 arch:x86

d422409758bf356eaafaed28a0a73e48

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

??2@YAPAXI@Z
_except_handler3
memset
??3@YAXPAX@Z
strcmp
_strdup
sprintf

kernel32

CloseHandle
WriteConsoleW
SetFilePointerEx
SetStdHandle
GetConsoleMode
GetConsoleCP
FlushFileBuffers
InitializeCriticalSectionAndSpinCount
GetModuleHandleA
GetStringTypeW
LCMapStringW
WideCharToMultiByte
LoadLibraryW
OutputDebugStringW
GetCPInfo
GetModuleHandleW
IsDebuggerPresent
EncodePointer
DecodePointer
IsProcessorFeaturePresent
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
GetLastError
HeapFree
HeapAlloc
RtlUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
SetLastError
GetCurrentProcess
TerminateProcess
TlsGetValue
TlsSetValue
CreateFileW
GetProcAddress
InterlockedDecrement
ExitProcess
GetModuleHandleExW
MultiByteToWideChar
GetStdHandle
WriteFile
GetModuleFileNameW
Sleep
InterlockedIncrement
GetCurrentThreadId
LoadLibraryExW
IsValidCodePage
GetACP
GetOEMCP

user32

DestroyWindow
CreateWindowExA
RegisterClassExA
ShowWindow
DefWindowProcA
DispatchMessageA
TranslateMessage
GetMessageA
UpdateWindow
GetWindowTextA
MessageBoxA
FindWindowA
LoadCursorA
LoadIconA
UnregisterClassA

Sections

.text
Size: 83KB - Virtual size: 82KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Potao Express/Potao_Dropperswdecoy/Potao_Dropperswdecoy_5A24A7370F35DBDBB81ADF52E769A442
.exe windows:5 windows x86 arch:x86

8a93e150db8745ae3b407de57eaba3ba

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

_exit
_XcptFilter
exit
_acmdln
__getmainargs
_initterm
__setusermatherr
memcpy
__p__commode
__p__fmode
__set_app_type
_controlfp
_except_handler3
malloc
srand
memset
_adjust_fdiv
strrchr

kernel32

GetProcAddress
GetModuleHandleA
LoadLibraryA
GetModuleFileNameA
GetStartupInfoA

ws2_32

closesocket
WSAGetLastError

Sections

.text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 18KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Potao Express/Potao_Dropperswdecoy/Potao_Dropperswdecoy_73E7EE83133A175B815059F1AF79AB1B
.exe windows:5 windows x86 arch:x86

541f8571e1633593d73c9704f161a022

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

secur32

LsaEnumerateLogonSessions

kernel32

GetEnvironmentVariableA
CreateDirectoryA
MoveFileA
DeleteFileA
GetProcAddress
GetModuleHandleA
OutputDebugStringA
GetProcessHeap
FlushFileBuffers
CloseHandle
CreateFileW
HeapSize
HeapReAlloc
GetStringTypeW
LCMapStringW
MultiByteToWideChar
WriteConsoleW
SetStdHandle
HeapAlloc
WideCharToMultiByte
GetLastError
HeapFree
GetCommandLineA
HeapSetInformation
GetStartupInfoW
IsProcessorFeaturePresent
DecodePointer
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
EncodePointer
TerminateProcess
GetCurrentProcess
HeapCreate
GetModuleHandleW
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameW
GetModuleFileNameA
FreeEnvironmentStringsW
VirtualQuery
GetEnvironmentStringsW
SetHandleCount
InitializeCriticalSectionAndSpinCount
GetFileType
DeleteCriticalSection
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
SetFilePointer
GetConsoleCP
GetConsoleMode
EnterCriticalSection
LeaveCriticalSection
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
Sleep
LoadLibraryW
RtlUnwind

user32

GetMessageW
RegisterClassExA
LoadCursorW
TranslateMessage
LoadIconW
DestroyWindow
UnregisterClassA
CreateWindowExA
FindWindowA
DefWindowProcW
DispatchMessageW
GetWindowTextA

advapi32

GetUserNameA

crypt32

CryptStringToBinaryA

Sections

.text
Size: 31KB - Virtual size: 30KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 31KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: 21KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Potao Express/Potao_Dropperswdecoy/Potao_Dropperswdecoy_B4D909077AA25F31386722E716A5305C
.exe windows:5 windows x86 arch:x86

3260e5fff5886266a05629857462b73f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

secur32

LsaEnumerateLogonSessions

kernel32

MoveFileA
DeleteFileA
CreateDirectoryA
GetEnvironmentVariableA
GetProcAddress
GetModuleHandleA
OutputDebugStringA
GetProcessHeap
CloseHandle
CreateFileW
HeapSize
HeapReAlloc
GetStringTypeW
LCMapStringW
MultiByteToWideChar
WriteConsoleW
SetStdHandle
LoadLibraryW
HeapAlloc
FlushFileBuffers
VirtualQuery
GetLastError
HeapFree
GetCommandLineA
HeapSetInformation
GetStartupInfoW
DecodePointer
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
EncodePointer
TerminateProcess
GetCurrentProcess
IsProcessorFeaturePresent
HeapCreate
GetModuleHandleW
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameW
RtlUnwind
GetModuleFileNameA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
SetHandleCount
InitializeCriticalSectionAndSpinCount
GetFileType
DeleteCriticalSection
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
SetFilePointer
GetConsoleCP
GetConsoleMode
EnterCriticalSection
LeaveCriticalSection
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
Sleep

user32

TranslateMessage
DispatchMessageW
MessageBoxA
LoadCursorW
LoadIconW
GetMessageW
CreateWindowExA
FindWindowA
GetWindowTextA
DestroyWindow
UnregisterClassA
DefWindowProcW
RegisterClassExA

advapi32

GetUserNameA

crypt32

CryptStringToBinaryA

Sections

.text
Size: 70KB - Virtual size: 69KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 48KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 42KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Potao Express/Potao_Dropperswdecoy/Potao_Dropperswdecoy_D755E52BA5658A639C778C22D1A906A3
.exe windows:5 windows x86 arch:x86

3f5697fce2b5477c9a7e7bee5a88f3d3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

secur32

LsaEnumerateLogonSessions

kernel32

GetEnvironmentVariableA
CreateDirectoryA
MoveFileA
DeleteFileA
GetProcAddress
GetModuleHandleA
OutputDebugStringA
GetProcessHeap
FlushFileBuffers
CloseHandle
CreateFileW
HeapSize
HeapReAlloc
GetStringTypeW
LCMapStringW
MultiByteToWideChar
WriteConsoleW
SetStdHandle
RtlUnwind
HeapAlloc
FreeEnvironmentStringsW
GetLastError
HeapFree
GetCommandLineA
HeapSetInformation
GetStartupInfoW
IsProcessorFeaturePresent
DecodePointer
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
EncodePointer
TerminateProcess
GetCurrentProcess
HeapCreate
GetModuleHandleW
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameW
GetModuleFileNameA
VirtualQuery
WideCharToMultiByte
GetEnvironmentStringsW
SetHandleCount
InitializeCriticalSectionAndSpinCount
GetFileType
DeleteCriticalSection
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
SetFilePointer
GetConsoleCP
GetConsoleMode
EnterCriticalSection
LeaveCriticalSection
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
Sleep
LoadLibraryW

user32

GetMessageW
RegisterClassExA
LoadCursorW
TranslateMessage
LoadIconW
DestroyWindow
MessageBoxA
UnregisterClassA
CreateWindowExA
FindWindowA
DefWindowProcW
DispatchMessageW
GetWindowTextA

advapi32

GetUserNameA

crypt32

CryptStringToBinaryA

Sections

.text
Size: 984KB - Virtual size: 984KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 52KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 46KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Potao Express/Potao_Dropperswdecoy/Potao_Dropperswdecoy_EEBBCB1ED5F5606AEC296168DEE39166
.exe windows:5 windows x86 arch:x86

8ab781448bc2f273a22a2c931b1ed6f3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

_exit
_XcptFilter
exit
_acmdln
__getmainargs
_initterm
__setusermatherr
srand
__p__commode
__p__fmode
__set_app_type
_controlfp
memcpy
_except_handler3
malloc
strrchr
_adjust_fdiv
memset

kernel32

GetProcAddress
GetModuleHandleA
LoadLibraryA
GetModuleFileNameA
GetStartupInfoA

ws2_32

closesocket
WSAGetLastError

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Potao Express/Potao_Dropperswdecoy/Potao_Dropperswdecoy_FC4B285088413127B6D827656B9D0481
.exe windows:5 windows x86 arch:x86

8ab781448bc2f273a22a2c931b1ed6f3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

_exit
_XcptFilter
exit
_acmdln
__getmainargs
_initterm
__setusermatherr
srand
__p__commode
__p__fmode
__set_app_type
_controlfp
memcpy
_except_handler3
malloc
strrchr
_adjust_fdiv
memset

kernel32

GetProcAddress
GetModuleHandleA
LoadLibraryA
GetModuleFileNameA
GetStartupInfoA

ws2_32

closesocket
WSAGetLastError

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Potao Express/Potao_FakeTrueCryptSetup/Potao_FakeTrueCryptSetup_83F3EC97A95595EBE40A75E94C98A7BD
.exe windows:5 windows x86 arch:x86

c2839c856fcebdb2f16e37942ae1f180

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

comctl32

ord17

setupapi

SetupInstallFromInfSectionA
SetupCloseInfFile
SetupDiOpenClassRegKey
SetupOpenInfFileA

kernel32

FindVolumeClose
FindNextVolumeW
QueryDosDeviceW
FindFirstVolumeW
GetCurrentProcessId
FormatMessageW
VirtualQuery
ReleaseMutex
CreateMutexA
SetFileTime
GetFileTime
FlushFileBuffers
GetFileSize
GetFileSizeEx
GetCurrentProcess
GetVersionExA
LockResource
GetFileAttributesA
SetFilePointer
GetCurrentThreadId
UnhandledExceptionFilter
GetSystemInfo
GetFileInformationByHandle
WaitForSingleObject
GetCurrentThread
SetUnhandledExceptionFilter
SetErrorMode
FindNextFileW
CreateFileW
FindFirstFileW
GetDriveTypeW
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetConsoleMode
GetConsoleCP
LoadLibraryExA
LoadLibraryW
CreateDirectoryA
GetCurrentDirectoryW
PeekNamedPipe
GetFullPathNameA
IsProcessorFeaturePresent
HeapSize
HeapReAlloc
HeapCreate
GetStdHandle
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
LCMapStringW
GetStartupInfoW
HeapSetInformation
GetCommandLineA
TerminateProcess
IsDebuggerPresent
GetFileType
SetStdHandle
GetFileAttributesW
GetSystemTimeAsFileTime
ExitProcess
CreateThread
ResumeThread
ExitThread
FindFirstFileExA
FileTimeToLocalFileTime
FileTimeToSystemTime
RtlUnwind
GetModuleHandleW
VirtualAlloc
VirtualProtect
HeapFree
HeapAlloc
DecodePointer
EncodePointer
InitializeCriticalSection
InterlockedExchange
InterlockedCompareExchange
GetStringTypeW
InterlockedDecrement
InterlockedIncrement
SetEnvironmentVariableA
FindResourceA
LoadResource
SizeofResource
FreeLibrary
IsDBCSLeadByte
FormatMessageA
GetVolumePathNameA
GetVolumeInformationA
GetShortPathNameA
GetDriveTypeA
SetFilePointerEx
SetLastError
LoadLibraryA
MoveFileA
GetTempPathA
GetSystemDirectoryA
GetWindowsDirectoryA
SetCurrentDirectoryA
CopyFileA
FindFirstFileA
FindClose
CreateFileA
Sleep
DeviceIoControl
RemoveDirectoryA
DeleteFileA
GetModuleFileNameA
CreatePipe
SetHandleInformation
CreateProcessA
WriteFile
ReadFile
CloseHandle
SetHandleCount
GetModuleFileNameW
LocalAlloc
LocalFree
lstrcmpiA
lstrlenA
GetModuleHandleA
GetProcAddress
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
GetLastError
LeaveCriticalSection
EnterCriticalSection
RaiseException
lstrlenW
WideCharToMultiByte
MultiByteToWideChar
SetEndOfFile
GetProcessHeap
GetTimeZoneInformation
WriteConsoleW
CompareStringW
GetLocaleInfoW

user32

MessageBoxA
wsprintfW
PostMessageA
MessageBoxW
CharNextA
GetClassInfoA
SendDlgItemMessageW
GetSystemMenu
AppendMenuA
AppendMenuW
TrackMouseEvent
ExitWindowsEx
GetKeyState
EnumChildWindows
GetDlgCtrlID
GetClassNameA
LoadCursorA
SetCursor
DefDlgProcA
UnregisterClassA
LoadIconA
RegisterClassA
LoadBitmapA
SetWindowLongA
CallWindowProcA
GetWindowLongA
GetWindowTextW
GetSystemMetrics
GetWindowInfo
GetDC
MessageBeep
GetClientRect
SetWindowPos
GetWindowTextA
DestroyWindow
GetWindowRect
CreateDialogParamW
MapDialogRect
MoveWindow
BeginPaint
FillRect
EndPaint
ReleaseDC
GetWindowTextLengthA
SetDlgItemTextA
SetWindowTextA
ShowWindow
SetWindowTextW
SetFocus
EndDialog
DialogBoxParamW
EnableWindow
EnumWindows
SendMessageA
SendMessageW
SendDlgItemMessageA
GetParent
GetDlgItem
InvalidateRect
SystemParametersInfoW

gdi32

GetCurrentObject
GetObjectA
CreateCompatibleBitmap
SetStretchBltMode
StretchBlt
DeleteDC
BitBlt
CreateCompatibleDC
SetMapMode
GetDeviceCaps
GetTextExtentPoint32W
GetTextMetricsA
SelectObject
CreateSolidBrush
SetTextColor
SetBkColor
SetTextAlign
TextOutW
SetBkMode
GetStockObject
CreateFontIndirectW
DeleteObject

advapi32

LookupPrivilegeValueA
AdjustTokenPrivileges
ChangeServiceConfigA
CryptAcquireContextA
CryptGenRandom
CryptReleaseContext
RegQueryValueExA
OpenSCManagerA
OpenServiceA
QueryServiceStatus
ControlService
CloseServiceHandle
DeleteService
RegEnumKeyExA
RegQueryInfoKeyW
RegSetValueExA
RegCloseKey
RegDeleteValueA
RegDeleteKeyA
RegCreateKeyExA
RegOpenKeyExA
OpenProcessToken
StartServiceA
CreateServiceA

shell32

SHGetSpecialFolderPathA
SHGetFolderPathA
SHBrowseForFolderW
SHGetMalloc
ord680
SHChangeNotify
SHGetSpecialFolderLocation
SHGetPathFromIDListA
ShellExecuteA

ole32

CoInitialize
CoUninitialize
CoCreateInstance
PropVariantClear
OleInitialize
OleUninitialize
CoTaskMemFree
CoTaskMemRealloc
CoTaskMemAlloc

oleaut32

RegisterTypeLi
UnRegisterTypeLi
LoadTypeLi
VarUI4FromStr

shlwapi

SHStrDupW

Sections

.text
Size: 259KB - Virtual size: 259KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 50KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 185KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 718KB - Virtual size: 717KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Potao Express/Potao_FakeTrueCryptSetup/Potao_FakeTrueCryptSetup_BABD17701CBE876149DC07E68EC7CA4F
.exe windows:5 windows x86 arch:x86

16ae218ee39229e071a4eca0a757afbf

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

comctl32

ord17

setupapi

SetupInstallFromInfSectionA
SetupOpenInfFileA
SetupDiOpenClassRegKey
SetupCloseInfFile

kernel32

GetVolumeInformationA
GetVolumePathNameA
FindVolumeClose
FindNextVolumeW
QueryDosDeviceW
FindFirstVolumeW
GetCurrentProcessId
FormatMessageW
VirtualQuery
ReleaseMutex
CreateMutexA
SetFileTime
GetFileTime
FlushFileBuffers
GetFileSize
GetFileSizeEx
GetCurrentProcess
GetVersionExA
GetCurrentDirectoryA
LockResource
GetFileAttributesA
SetFilePointer
GetCurrentThreadId
UnhandledExceptionFilter
GetSystemInfo
GetFileInformationByHandle
WaitForSingleObject
GetCurrentThread
SetUnhandledExceptionFilter
SetErrorMode
FindNextFileW
CreateFileW
FindFirstFileW
WriteConsoleA
GetLocaleInfoW
GetTimeZoneInformation
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
GetStringTypeA
FindResourceA
GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetShortPathNameA
FreeEnvironmentStringsA
GetConsoleMode
GetConsoleCP
InitializeCriticalSectionAndSpinCount
SetHandleCount
GetFullPathNameA
HeapSize
GetStdHandle
HeapCreate
HeapReAlloc
VirtualFree
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
IsValidCodePage
GetOEMCP
GetACP
GetStringTypeW
GetCPInfo
LCMapStringW
LCMapStringA
GetStartupInfoA
GetCommandLineA
GetFileType
SetStdHandle
GetFileAttributesW
IsDebuggerPresent
TerminateProcess
GetSystemTimeAsFileTime
ExitProcess
CreateThread
ResumeThread
ExitThread
FileTimeToLocalFileTime
FileTimeToSystemTime
RtlUnwind
GetModuleHandleW
VirtualAlloc
VirtualProtect
InterlockedExchange
InterlockedCompareExchange
InterlockedDecrement
InterlockedIncrement
SetEnvironmentVariableA
LoadResource
SizeofResource
FreeLibrary
IsDBCSLeadByte
FormatMessageA
HeapAlloc
GetProcessHeap
HeapFree
lstrcmpiA
GetDriveTypeA
CreateDirectoryA
SetFilePointerEx
SetLastError
LoadLibraryA
MoveFileA
GetTempPathA
GetSystemDirectoryA
GetWindowsDirectoryA
SetCurrentDirectoryA
CopyFileA
LocalFree
FindFirstFileA
FindClose
CreateFileA
Sleep
DeviceIoControl
RemoveDirectoryA
DeleteFileA
GetModuleFileNameA
CreatePipe
SetHandleInformation
CreateProcessA
ReadFile
CloseHandle
WriteFile
GetModuleFileNameW
GetEnvironmentStrings
LoadLibraryExA
lstrlenA
GetModuleHandleA
GetProcAddress
GetLastError
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
RaiseException
lstrlenW
WideCharToMultiByte
MultiByteToWideChar
GetConsoleOutputCP
WriteConsoleW
SetEndOfFile
CompareStringA
CompareStringW
GetLocaleInfoA

user32

AppendMenuA
GetSystemMenu
CharNextA
MessageBoxA
wsprintfW
PostMessageA
MessageBoxW
SystemParametersInfoW
GetClassInfoA
SendDlgItemMessageW
TrackMouseEvent
ExitWindowsEx
GetKeyState
EnumChildWindows
GetDlgCtrlID
GetClassNameA
LoadCursorA
SetCursor
DefDlgProcA
UnregisterClassA
LoadIconA
RegisterClassA
LoadBitmapA
SetWindowLongA
CallWindowProcA
GetWindowLongA
GetWindowTextW
GetSystemMetrics
GetWindowInfo
GetDC
MessageBeep
GetClientRect
SetWindowPos
GetWindowTextA
DestroyWindow
GetWindowRect
CreateDialogParamW
MapDialogRect
MoveWindow
BeginPaint
FillRect
EndPaint
ReleaseDC
GetWindowTextLengthA
SetDlgItemTextA
SetWindowTextA
ShowWindow
SetWindowTextW
SetFocus
EndDialog
DialogBoxParamW
EnableWindow
EnumWindows
SendMessageA
SendMessageW
SendDlgItemMessageA
GetParent
GetDlgItem
InvalidateRect
AppendMenuW

gdi32

GetCurrentObject
GetObjectA
CreateCompatibleBitmap
SetStretchBltMode
StretchBlt
DeleteDC
BitBlt
CreateCompatibleDC
SetMapMode
GetDeviceCaps
GetTextExtentPoint32W
GetTextMetricsA
SelectObject
CreateSolidBrush
SetTextColor
SetBkColor
SetTextAlign
TextOutW
SetBkMode
GetStockObject
CreateFontIndirectW
DeleteObject

advapi32

CryptAcquireContextA
CryptGenRandom
CryptReleaseContext
RegQueryValueExA
OpenSCManagerA
OpenServiceA
QueryServiceStatus
ControlService
CloseServiceHandle
DeleteService
RegEnumKeyExA
RegQueryInfoKeyA
RegSetValueExA
RegOpenKeyExA
RegCreateKeyExA
RegCloseKey
RegDeleteValueA
RegDeleteKeyA
ChangeServiceConfigA
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
StartServiceA
CreateServiceA

shell32

SHGetPathFromIDListA
SHChangeNotify
SHGetFolderPathA
SHGetSpecialFolderPathA
ShellExecuteA
SHBrowseForFolderW
SHGetMalloc
ord680
SHGetSpecialFolderLocation

ole32

CoInitialize
CoUninitialize
CoCreateInstance
PropVariantClear
OleInitialize
OleUninitialize
CoTaskMemFree
CoTaskMemRealloc
CoTaskMemAlloc

oleaut32

RegisterTypeLi
UnRegisterTypeLi
LoadTypeLi
VarUI4FromStr

shlwapi

SHStrDupW

Sections

.text
Size: 257KB - Virtual size: 256KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 47KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 184KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 837KB - Virtual size: 836KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Potao Express/Potao_FakeTrueCryptSetup/Potao_FakeTrueCryptSetup_CFC8901FE6A9A8299087BFC73AE8909E
.exe windows:5 windows x86 arch:x86

16ae218ee39229e071a4eca0a757afbf

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

comctl32

ord17

setupapi

SetupInstallFromInfSectionA
SetupOpenInfFileA
SetupDiOpenClassRegKey
SetupCloseInfFile

kernel32

GetVolumeInformationA
GetVolumePathNameA
FindVolumeClose
FindNextVolumeW
QueryDosDeviceW
FindFirstVolumeW
GetCurrentProcessId
FormatMessageW
VirtualQuery
ReleaseMutex
CreateMutexA
SetFileTime
GetFileTime
FlushFileBuffers
GetFileSize
GetFileSizeEx
GetCurrentProcess
GetVersionExA
GetCurrentDirectoryA
LockResource
GetFileAttributesA
SetFilePointer
GetCurrentThreadId
UnhandledExceptionFilter
GetSystemInfo
GetFileInformationByHandle
WaitForSingleObject
GetCurrentThread
SetUnhandledExceptionFilter
SetErrorMode
FindNextFileW
CreateFileW
FindFirstFileW
WriteConsoleA
GetLocaleInfoW
GetTimeZoneInformation
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
GetStringTypeA
FindResourceA
GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetShortPathNameA
FreeEnvironmentStringsA
GetConsoleMode
GetConsoleCP
InitializeCriticalSectionAndSpinCount
SetHandleCount
GetFullPathNameA
HeapSize
GetStdHandle
HeapCreate
HeapReAlloc
VirtualFree
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
IsValidCodePage
GetOEMCP
GetACP
GetStringTypeW
GetCPInfo
LCMapStringW
LCMapStringA
GetStartupInfoA
GetCommandLineA
GetFileType
SetStdHandle
GetFileAttributesW
IsDebuggerPresent
TerminateProcess
GetSystemTimeAsFileTime
ExitProcess
CreateThread
ResumeThread
ExitThread
FileTimeToLocalFileTime
FileTimeToSystemTime
RtlUnwind
GetModuleHandleW
VirtualAlloc
VirtualProtect
InterlockedExchange
InterlockedCompareExchange
InterlockedDecrement
InterlockedIncrement
SetEnvironmentVariableA
LoadResource
SizeofResource
FreeLibrary
IsDBCSLeadByte
FormatMessageA
HeapAlloc
GetProcessHeap
HeapFree
lstrcmpiA
GetDriveTypeA
CreateDirectoryA
SetFilePointerEx
SetLastError
LoadLibraryA
MoveFileA
GetTempPathA
GetSystemDirectoryA
GetWindowsDirectoryA
SetCurrentDirectoryA
CopyFileA
LocalFree
FindFirstFileA
FindClose
CreateFileA
Sleep
DeviceIoControl
RemoveDirectoryA
DeleteFileA
GetModuleFileNameA
CreatePipe
SetHandleInformation
CreateProcessA
ReadFile
CloseHandle
WriteFile
GetModuleFileNameW
GetEnvironmentStrings
LoadLibraryExA
lstrlenA
GetModuleHandleA
GetProcAddress
GetLastError
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
RaiseException
lstrlenW
WideCharToMultiByte
MultiByteToWideChar
GetConsoleOutputCP
WriteConsoleW
SetEndOfFile
CompareStringA
CompareStringW
GetLocaleInfoA

user32

AppendMenuA
GetSystemMenu
CharNextA
MessageBoxA
wsprintfW
PostMessageA
MessageBoxW
SystemParametersInfoW
GetClassInfoA
SendDlgItemMessageW
TrackMouseEvent
ExitWindowsEx
GetKeyState
EnumChildWindows
GetDlgCtrlID
GetClassNameA
LoadCursorA
SetCursor
DefDlgProcA
UnregisterClassA
LoadIconA
RegisterClassA
LoadBitmapA
SetWindowLongA
CallWindowProcA
GetWindowLongA
GetWindowTextW
GetSystemMetrics
GetWindowInfo
GetDC
MessageBeep
GetClientRect
SetWindowPos
GetWindowTextA
DestroyWindow
GetWindowRect
CreateDialogParamW
MapDialogRect
MoveWindow
BeginPaint
FillRect
EndPaint
ReleaseDC
GetWindowTextLengthA
SetDlgItemTextA
SetWindowTextA
ShowWindow
SetWindowTextW
SetFocus
EndDialog
DialogBoxParamW
EnableWindow
EnumWindows
SendMessageA
SendMessageW
SendDlgItemMessageA
GetParent
GetDlgItem
InvalidateRect
AppendMenuW

gdi32

GetCurrentObject
GetObjectA
CreateCompatibleBitmap
SetStretchBltMode
StretchBlt
DeleteDC
BitBlt
CreateCompatibleDC
SetMapMode
GetDeviceCaps
GetTextExtentPoint32W
GetTextMetricsA
SelectObject
CreateSolidBrush
SetTextColor
SetBkColor
SetTextAlign
TextOutW
SetBkMode
GetStockObject
CreateFontIndirectW
DeleteObject

advapi32

CryptAcquireContextA
CryptGenRandom
CryptReleaseContext
RegQueryValueExA
OpenSCManagerA
OpenServiceA
QueryServiceStatus
ControlService
CloseServiceHandle
DeleteService
RegEnumKeyExA
RegQueryInfoKeyA
RegSetValueExA
RegOpenKeyExA
RegCreateKeyExA
RegCloseKey
RegDeleteValueA
RegDeleteKeyA
ChangeServiceConfigA
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
StartServiceA
CreateServiceA

shell32

SHGetPathFromIDListA
SHChangeNotify
SHGetFolderPathA
SHGetSpecialFolderPathA
ShellExecuteA
SHBrowseForFolderW
SHGetMalloc
ord680
SHGetSpecialFolderLocation

ole32

CoInitialize
CoUninitialize
CoCreateInstance
PropVariantClear
OleInitialize
OleUninitialize
CoTaskMemFree
CoTaskMemRealloc
CoTaskMemAlloc

oleaut32

RegisterTypeLi
UnRegisterTypeLi
LoadTypeLi
VarUI4FromStr

shlwapi

SHStrDupW

Sections

.text
Size: 257KB - Virtual size: 256KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 47KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 184KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 837KB - Virtual size: 836KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Potao Express/Potao_FakeTrueCryptSetup/Potao_FakeTrueCryptSetup_F34B77F7B2233EE6F727D59FB28F438A
.exe windows:5 windows x86 arch:x86

16ae218ee39229e071a4eca0a757afbf

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

comctl32

ord17

setupapi

SetupInstallFromInfSectionA
SetupOpenInfFileA
SetupDiOpenClassRegKey
SetupCloseInfFile

kernel32

GetVolumeInformationA
GetVolumePathNameA
FindVolumeClose
FindNextVolumeW
QueryDosDeviceW
FindFirstVolumeW
GetCurrentProcessId
FormatMessageW
VirtualQuery
ReleaseMutex
CreateMutexA
SetFileTime
GetFileTime
FlushFileBuffers
GetFileSize
GetFileSizeEx
GetCurrentProcess
GetVersionExA
GetCurrentDirectoryA
LockResource
GetFileAttributesA
SetFilePointer
GetCurrentThreadId
UnhandledExceptionFilter
GetSystemInfo
GetFileInformationByHandle
WaitForSingleObject
GetCurrentThread
SetUnhandledExceptionFilter
SetErrorMode
FindNextFileW
CreateFileW
FindFirstFileW
WriteConsoleA
GetLocaleInfoW
GetTimeZoneInformation
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
GetStringTypeA
FindResourceA
GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetShortPathNameA
FreeEnvironmentStringsA
GetConsoleMode
GetConsoleCP
InitializeCriticalSectionAndSpinCount
SetHandleCount
GetFullPathNameA
HeapSize
GetStdHandle
HeapCreate
HeapReAlloc
VirtualFree
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
IsValidCodePage
GetOEMCP
GetACP
GetStringTypeW
GetCPInfo
LCMapStringW
LCMapStringA
GetStartupInfoA
GetCommandLineA
GetFileType
SetStdHandle
GetFileAttributesW
IsDebuggerPresent
TerminateProcess
GetSystemTimeAsFileTime
ExitProcess
CreateThread
ResumeThread
ExitThread
FileTimeToLocalFileTime
FileTimeToSystemTime
RtlUnwind
GetModuleHandleW
VirtualAlloc
VirtualProtect
InterlockedExchange
InterlockedCompareExchange
InterlockedDecrement
InterlockedIncrement
SetEnvironmentVariableA
LoadResource
SizeofResource
FreeLibrary
IsDBCSLeadByte
FormatMessageA
HeapAlloc
GetProcessHeap
HeapFree
lstrcmpiA
GetDriveTypeA
CreateDirectoryA
SetFilePointerEx
SetLastError
LoadLibraryA
MoveFileA
GetTempPathA
GetSystemDirectoryA
GetWindowsDirectoryA
SetCurrentDirectoryA
CopyFileA
LocalFree
FindFirstFileA
FindClose
CreateFileA
Sleep
DeviceIoControl
RemoveDirectoryA
DeleteFileA
GetModuleFileNameA
CreatePipe
SetHandleInformation
CreateProcessA
ReadFile
CloseHandle
WriteFile
GetModuleFileNameW
GetEnvironmentStrings
LoadLibraryExA
lstrlenA
GetModuleHandleA
GetProcAddress
GetLastError
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
RaiseException
lstrlenW
WideCharToMultiByte
MultiByteToWideChar
GetConsoleOutputCP
WriteConsoleW
SetEndOfFile
CompareStringA
CompareStringW
GetLocaleInfoA

user32

AppendMenuA
GetSystemMenu
CharNextA
MessageBoxA
wsprintfW
PostMessageA
MessageBoxW
SystemParametersInfoW
GetClassInfoA
SendDlgItemMessageW
TrackMouseEvent
ExitWindowsEx
GetKeyState
EnumChildWindows
GetDlgCtrlID
GetClassNameA
LoadCursorA
SetCursor
DefDlgProcA
UnregisterClassA
LoadIconA
RegisterClassA
LoadBitmapA
SetWindowLongA
CallWindowProcA
GetWindowLongA
GetWindowTextW
GetSystemMetrics
GetWindowInfo
GetDC
MessageBeep
GetClientRect
SetWindowPos
GetWindowTextA
DestroyWindow
GetWindowRect
CreateDialogParamW
MapDialogRect
MoveWindow
BeginPaint
FillRect
EndPaint
ReleaseDC
GetWindowTextLengthA
SetDlgItemTextA
SetWindowTextA
ShowWindow
SetWindowTextW
SetFocus
EndDialog
DialogBoxParamW
EnableWindow
EnumWindows
SendMessageA
SendMessageW
SendDlgItemMessageA
GetParent
GetDlgItem
InvalidateRect
AppendMenuW

gdi32

GetCurrentObject
GetObjectA
CreateCompatibleBitmap
SetStretchBltMode
StretchBlt
DeleteDC
BitBlt
CreateCompatibleDC
SetMapMode
GetDeviceCaps
GetTextExtentPoint32W
GetTextMetricsA
SelectObject
CreateSolidBrush
SetTextColor
SetBkColor
SetTextAlign
TextOutW
SetBkMode
GetStockObject
CreateFontIndirectW
DeleteObject

advapi32

CryptAcquireContextA
CryptGenRandom
CryptReleaseContext
RegQueryValueExA
OpenSCManagerA
OpenServiceA
QueryServiceStatus
ControlService
CloseServiceHandle
DeleteService
RegEnumKeyExA
RegQueryInfoKeyA
RegSetValueExA
RegOpenKeyExA
RegCreateKeyExA
RegCloseKey
RegDeleteValueA
RegDeleteKeyA
ChangeServiceConfigA
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
StartServiceA
CreateServiceA

shell32

SHGetPathFromIDListA
SHChangeNotify
SHGetFolderPathA
SHGetSpecialFolderPathA
ShellExecuteA
SHBrowseForFolderW
SHGetMalloc
ord680
SHGetSpecialFolderLocation

ole32

CoInitialize
CoUninitialize
CoCreateInstance
PropVariantClear
OleInitialize
OleUninitialize
CoTaskMemFree
CoTaskMemRealloc
CoTaskMemAlloc

oleaut32

RegisterTypeLi
UnRegisterTypeLi
LoadTypeLi
VarUI4FromStr

shlwapi

SHStrDupW

Sections

.text
Size: 257KB - Virtual size: 256KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 47KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 184KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 837KB - Virtual size: 836KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Potao Express/Potao_FakeTrueCryptextracted exe/Potao_FakeTrueCryptextracted exe_7CA6101C2AE4838FBBD7CEB0B2354E43
.exe windows:5 windows x86 arch:x86

17e2d845a4a591914df117cadfcaa45a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

comctl32

ord17
ImageList_Create
ImageList_Add

setupapi

SetupDiOpenClassRegKey
SetupOpenInfFileA
SetupInstallFromInfSectionA
SetupCloseInfFile

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

kernel32

SystemTimeToFileTime
GetSystemTime
VirtualLock
VirtualAlloc
VirtualProtect
VirtualFree
IsBadReadPtr
HeapFree
GetProcessHeap
HeapAlloc
GetVersionExA
GetComputerNameW
GetVolumeInformationA
FindNextFileW
FindFirstFileW
GetDriveTypeW
GetLogicalDriveStringsW
CopyFileA
GetDriveTypeA
GetShortPathNameA
GetVolumePathNameA
FindNextVolumeW
QueryDosDeviceW
FindFirstVolumeW
WriteFile
LocalFree
VirtualUnlock
DefineDosDeviceA
GetCurrentProcessId
FormatMessageW
VirtualQuery
ReleaseMutex
OpenMutexA
GetVolumeInformationW
QueryPerformanceCounter
QueryPerformanceFrequency
FlushFileBuffers
GetFileSize
GetVolumeNameForVolumeMountPointA
GetModuleHandleA
GetCurrentDirectoryA
LockResource
SizeofResource
LoadResource
FindResourceA
GetFileAttributesA
SetFilePointer
GetModuleFileNameW
SetCurrentDirectoryA
GetDiskFreeSpaceA
UnhandledExceptionFilter
GetFileInformationByHandle
GetCurrentThread
SetUnhandledExceptionFilter
SetErrorMode
InterlockedExchangeAdd
InterlockedExchange
SetEvent
ResetEvent
CreateEventA
GetFileAttributesExA
DeleteCriticalSection
GetStartupInfoA
SetVolumeMountPointA
GetProcessTimes
GetThreadTimes
GlobalMemoryStatus
SleepEx
VerifyVersionInfoA
VerSetConditionMask
FormatMessageA
PeekNamedPipe
WaitForMultipleObjects
GetFileType
GetStdHandle
ExpandEnvironmentStringsA
GetVersion
FlushConsoleInputBuffer
GetCurrentProcess
DeleteVolumeMountPointA
InitializeCriticalSection
CreateThread
EnterCriticalSection
GetConsoleCP
GetConsoleMode
HeapReAlloc
GetFileAttributesW
GetSystemTimeAsFileTime
SetStdHandle
ExitThread
ResumeThread
FileTimeToSystemTime
FileTimeToLocalFileTime
DebugBreak
GetTimeZoneInformation
SetConsoleCtrlHandler
ReadConsoleInputA
SetConsoleMode
LCMapStringA
LCMapStringW
GetCPInfo
GetStringTypeW
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
HeapCreate
HeapSize
InitializeCriticalSectionAndSpinCount
GetACP
GetOEMCP
IsValidCodePage
SetHandleCount
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetFullPathNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetEndOfFile
GetLocaleInfoA
GetStringTypeA
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
GetLocaleInfoW
CompareStringA
ExitProcess
CompareStringW
LeaveCriticalSection
GetTempPathA
GetTempFileNameA
CopyFileW
GetWindowsDirectoryA
WaitForSingleObject
GetExitCodeProcess
CreatePipe
SetHandleInformation
GetSystemInfo
FindFirstFileA
LoadLibraryA
GetProcAddress
FreeLibrary
FindNextFileA
FindClose
SetFilePointerEx
CreateFileA
GetFileSizeEx
GetFileTime
ReadFile
SetFileTime
GetLogicalDrives
MoveFileA
SetLastError
CreateFileW
GetCommandLineA
GetCommandLineW
GetTickCount
CreateMutexA
Sleep
GetSystemDirectoryA
CreateDirectoryA
GetModuleFileNameA
CreateProcessA
CloseHandle
SetProcessShutdownParameters
GetCurrentThreadId
lstrlenW
WideCharToMultiByte
MultiByteToWideChar
InterlockedIncrement
GetLastError
InterlockedDecrement
DeviceIoControl
FindFirstVolumeA
QueryDosDeviceA
FindNextVolumeA
FindVolumeClose
DeleteFileA
SetEnvironmentVariableA
GetStringTypeExA
InterlockedCompareExchange
TerminateProcess
IsDebuggerPresent
RaiseException
RtlUnwind
GetModuleHandleW
GetProcessWorkingSetSize

user32

GetKeyState
EnumChildWindows
GetDlgCtrlID
GetClassNameA
LoadCursorA
SetCursor
DefDlgProcA
UnregisterClassA
LoadIconA
RegisterClassA
GetUpdateRect
BeginPaint
DefWindowProcA
GetDialogBaseUnits
EndPaint
PeekMessageA
DestroyWindow
GetSystemMetrics
GetWindowInfo
MoveWindow
GetDC
ReleaseDC
MessageBoxA
GetActiveWindow
GetMessagePos
EnumWindows
RegisterWindowMessageA
IsWindowEnabled
SystemParametersInfoA
DrawMenuBar
PostMessageA
GetCursorPos
SetLayeredWindowAttributes
CreateWindowExA
RegisterClassExA
TrackMouseEvent
GetSystemMenu
SystemParametersInfoW
SendMessageTimeoutA
wsprintfA
DrawTextA
GetClassInfoA
UnhookWindowsHookEx
CallNextHookEx
GetCaretPos
GetQueueStatus
GetProcessWindowStation
GetOpenClipboardWindow
GetWindowTextW
SetMenuItemInfoW
GetSubMenu
LoadBitmapA
FlashWindowEx
GetDlgItemInt
CreatePopupMenu
TrackPopupMenu
GetMessageTime
GetInputState
GetFocus
GetDesktopWindow
GetClipboardViewer
DestroyMenu
SetDlgItemInt
GetMenu
EnableMenuItem
SetWindowLongA
GetWindowLongA
CallWindowProcA
GetWindowRect
SetForegroundWindow
LoadImageA
GetDlgItemTextA
SetDlgItemTextA
SendDlgItemMessageA
SetFocus
SendDlgItemMessageW
GetKeyboardLayout
LoadKeyboardLayoutA
MessageBoxW
GetWindowTextA
SetWindowTextA
GetWindowTextLengthA
GetMessageA
TranslateMessage
DispatchMessageA
PostThreadMessageA
GetParent
SetTimer
GetWindowTextLengthW
KillTimer
GetAsyncKeyState
RegisterHotKey
UnregisterHotKey
wsprintfW
DialogBoxParamW
ShowWindow
SetWindowTextW
GetClientRect
SetWindowPos
InvalidateRect
SendMessageW
EndDialog
SendMessageA
DeleteMenu
AppendMenuA
AppendMenuW
GetDlgItemTextW
IsDlgButtonChecked
SetDlgItemTextW
CheckDlgButton
GetDlgItem
EnableWindow
LoadStringA
GetClipboardOwner
GetCapture
SetWindowsHookExA
GetUserObjectInformationW
MessageBeep

gdi32

CreateFontIndirectW
GetStockObject
CreatePen
MoveToEx
LineTo
GetCurrentObject
GetObjectA
SetStretchBltMode
StretchBlt
DeleteDC
BitBlt
CreateCompatibleDC
SetMapMode
GetDeviceCaps
SelectObject
GetTextExtentPoint32W
GetTextMetricsA
CreateCompatibleBitmap
DeleteObject

comdlg32

GetOpenFileNameW
GetSaveFileNameW

advapi32

StartServiceCtrlDispatcherA
RegEnumValueA
RegQueryValueExA
RegSetValueExA
RegDeleteValueA
RegDeleteKeyA
CryptAcquireContextA
CryptGenRandom
CryptReleaseContext
RegEnumKeyExA
GetTokenInformation
IsWellKnownSid
QueryServiceStatus
ControlService
StartServiceA
OpenProcessToken
RegOpenKeyExA
ChangeServiceConfigA
OpenSCManagerA
CreateServiceA
ChangeServiceConfig2A
OpenServiceA
DeleteService
CloseServiceHandle
GetUserNameW
SetServiceStatus
DeregisterEventSource
ReportEventA
RegisterEventSourceA
RegisterServiceCtrlHandlerA
RegCloseKey
RegCreateKeyExA

shell32

ShellExecuteW
ord680
SHGetFileInfoA
SHGetMalloc
SHBrowseForFolderW
SHGetPathFromIDListA
ShellExecuteExA
CommandLineToArgvW
SHGetSpecialFolderPathA
ShellExecuteA
SHChangeNotify
SHGetFolderPathA
DragAcceptFiles
DragQueryFileA
DragFinish
Shell_NotifyIconA
Shell_NotifyIconW

ole32

CoUninitialize
CoRegisterClassObject
CoRevokeClassObject
CoGetObject
StringFromGUID2
CoCreateInstance
CoInitialize

oleaut32

SysAllocStringLen
SysStringByteLen
SysAllocStringByteLen
SysFreeString

ws2_32

listen
recvfrom
sendto
getaddrinfo
freeaddrinfo
socket
closesocket
accept
bind
WSAIoctl
connect
setsockopt
getsockopt
ntohs
getpeername
getsockname
select
__WSAFDIsSet
WSASetLastError
recv
send
WSAGetLastError
WSAStartup
WSACleanup
shutdown
gethostname
ioctlsocket
htons

wldap32

ord50
ord26
ord27
ord30
ord32
ord60
ord35
ord79
ord200
ord301
ord41
ord46
ord143
ord211
ord22
ord33

crypt32

CryptStringToBinaryA
CryptBinaryToStringA

Sections

.text
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 399KB - Virtual size: 399KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 97KB - Virtual size: 298KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 855KB - Virtual size: 855KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Potao Express/Potao_FakeTrueCryptextracted exe/Potao_FakeTrueCryptextracted exe_B64DBE5817B24D17A0404E9B2606AD96
.exe windows:5 windows x86 arch:x86

4098b6f9029f52b0beb688b23e6d2f8e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

comctl32

ord17
ImageList_Create
ImageList_Add

setupapi

SetupDiOpenClassRegKey
SetupOpenInfFileA
SetupInstallFromInfSectionA
SetupCloseInfFile

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

kernel32

SystemTimeToFileTime
GetSystemTime
VirtualLock
VirtualAlloc
VirtualProtect
VirtualFree
IsBadReadPtr
HeapFree
GetProcessHeap
HeapAlloc
GetVolumeInformationA
GetVersionExA
GetComputerNameW
FindNextFileW
FindFirstFileW
GetDriveTypeW
GetLogicalDriveStringsW
CopyFileA
GetDriveTypeA
GetShortPathNameA
GetVolumePathNameA
FindNextVolumeW
QueryDosDeviceW
FindFirstVolumeW
WriteFile
LocalFree
VirtualUnlock
DefineDosDeviceA
GetCurrentProcessId
FormatMessageW
VirtualQuery
ReleaseMutex
OpenMutexA
GetVolumeInformationW
QueryPerformanceCounter
QueryPerformanceFrequency
FlushFileBuffers
GetFileSize
GetVolumeNameForVolumeMountPointA
GetModuleHandleA
GetCurrentDirectoryA
LockResource
SizeofResource
LoadResource
FindResourceA
GetFileAttributesA
SetFilePointer
GetModuleFileNameW
SetCurrentDirectoryA
GetDiskFreeSpaceA
UnhandledExceptionFilter
GetFileInformationByHandle
GetCurrentThread
SetUnhandledExceptionFilter
SetErrorMode
InterlockedExchangeAdd
InterlockedExchange
SetEvent
ResetEvent
CreateEventA
GetFileAttributesExA
DeleteCriticalSection
GetStartupInfoA
SetVolumeMountPointA
GetProcessTimes
GetThreadTimes
GlobalMemoryStatus
SleepEx
VerifyVersionInfoA
VerSetConditionMask
FormatMessageA
PeekNamedPipe
WaitForMultipleObjects
GetFileType
GetStdHandle
ExpandEnvironmentStringsA
GetVersion
FlushConsoleInputBuffer
GetCurrentProcess
DeleteVolumeMountPointA
InitializeCriticalSection
CreateThread
EnterCriticalSection
GetConsoleCP
GetConsoleMode
HeapReAlloc
GetFileAttributesW
GetSystemTimeAsFileTime
SetStdHandle
ExitThread
ResumeThread
FileTimeToSystemTime
FileTimeToLocalFileTime
DebugBreak
GetTimeZoneInformation
SetConsoleCtrlHandler
ReadConsoleInputA
SetConsoleMode
LCMapStringA
LCMapStringW
GetCPInfo
GetStringTypeW
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
HeapCreate
HeapSize
InitializeCriticalSectionAndSpinCount
GetACP
GetOEMCP
IsValidCodePage
SetHandleCount
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetFullPathNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetEndOfFile
GetLocaleInfoA
GetStringTypeA
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
GetLocaleInfoW
CompareStringA
ExitProcess
CompareStringW
LeaveCriticalSection
GetTempPathA
GetTempFileNameA
CopyFileW
GetWindowsDirectoryA
WaitForSingleObject
GetExitCodeProcess
CreatePipe
SetHandleInformation
GetSystemInfo
FindFirstFileA
LoadLibraryA
GetProcAddress
FreeLibrary
FindNextFileA
FindClose
SetFilePointerEx
CreateFileA
GetFileSizeEx
GetFileTime
ReadFile
SetFileTime
GetLogicalDrives
MoveFileA
SetLastError
CreateFileW
GetCommandLineA
GetCommandLineW
GetTickCount
CreateMutexA
Sleep
GetSystemDirectoryA
CreateDirectoryA
GetModuleFileNameA
CreateProcessA
CloseHandle
SetProcessShutdownParameters
GetCurrentThreadId
lstrlenW
WideCharToMultiByte
MultiByteToWideChar
InterlockedIncrement
GetLastError
InterlockedDecrement
DeviceIoControl
FindFirstVolumeA
QueryDosDeviceA
FindNextVolumeA
FindVolumeClose
DeleteFileA
SetEnvironmentVariableA
GetStringTypeExA
InterlockedCompareExchange
TerminateProcess
IsDebuggerPresent
RaiseException
RtlUnwind
GetModuleHandleW
GetProcessWorkingSetSize

user32

GetKeyState
EnumChildWindows
GetDlgCtrlID
GetClassNameA
LoadCursorA
SetCursor
DefDlgProcA
UnregisterClassA
LoadIconA
RegisterClassA
GetUpdateRect
BeginPaint
DefWindowProcA
GetDialogBaseUnits
EndPaint
PeekMessageA
DestroyWindow
GetSystemMetrics
GetWindowInfo
MoveWindow
GetDC
ReleaseDC
MessageBoxA
GetActiveWindow
GetMessagePos
EnumWindows
RegisterWindowMessageA
IsWindowEnabled
SystemParametersInfoA
DrawMenuBar
PostMessageA
GetCursorPos
SetLayeredWindowAttributes
CreateWindowExA
RegisterClassExA
TrackMouseEvent
GetSystemMenu
SystemParametersInfoW
SendMessageTimeoutA
wsprintfA
DrawTextA
GetClassInfoA
UnhookWindowsHookEx
CallNextHookEx
GetCaretPos
GetQueueStatus
GetProcessWindowStation
GetOpenClipboardWindow
GetWindowTextW
SetMenuItemInfoW
GetSubMenu
LoadBitmapA
FlashWindowEx
GetDlgItemInt
CreatePopupMenu
TrackPopupMenu
GetMessageTime
GetInputState
GetFocus
GetDesktopWindow
GetClipboardViewer
DestroyMenu
SetDlgItemInt
GetMenu
EnableMenuItem
SetWindowLongA
GetWindowLongA
CallWindowProcA
GetWindowRect
SetForegroundWindow
LoadImageA
GetDlgItemTextA
SetDlgItemTextA
SendDlgItemMessageA
SetFocus
SendDlgItemMessageW
GetKeyboardLayout
LoadKeyboardLayoutA
MessageBoxW
GetWindowTextA
SetWindowTextA
GetWindowTextLengthA
GetMessageA
TranslateMessage
DispatchMessageA
PostThreadMessageA
GetParent
SetTimer
GetWindowTextLengthW
KillTimer
GetAsyncKeyState
RegisterHotKey
UnregisterHotKey
wsprintfW
DialogBoxParamW
ShowWindow
SetWindowTextW
GetClientRect
SetWindowPos
InvalidateRect
SendMessageW
EndDialog
SendMessageA
DeleteMenu
AppendMenuA
AppendMenuW
GetDlgItemTextW
IsDlgButtonChecked
SetDlgItemTextW
CheckDlgButton
GetDlgItem
EnableWindow
LoadStringA
GetClipboardOwner
GetCapture
SetWindowsHookExA
GetUserObjectInformationW
MessageBeep

gdi32

CreateFontIndirectW
GetStockObject
CreatePen
MoveToEx
LineTo
GetCurrentObject
GetObjectA
SetStretchBltMode
StretchBlt
DeleteDC
BitBlt
CreateCompatibleDC
SetMapMode
GetDeviceCaps
SelectObject
GetTextExtentPoint32W
GetTextMetricsA
CreateCompatibleBitmap
DeleteObject

comdlg32

GetOpenFileNameW
GetSaveFileNameW

advapi32

StartServiceCtrlDispatcherA
RegEnumValueA
RegQueryValueExA
RegSetValueExA
RegDeleteValueA
RegDeleteKeyA
CryptAcquireContextA
CryptGenRandom
CryptReleaseContext
RegEnumKeyExA
GetTokenInformation
IsWellKnownSid
QueryServiceStatus
ControlService
StartServiceA
OpenProcessToken
RegOpenKeyExA
ChangeServiceConfigA
OpenSCManagerA
CreateServiceA
ChangeServiceConfig2A
OpenServiceA
DeleteService
CloseServiceHandle
GetUserNameW
SetServiceStatus
DeregisterEventSource
ReportEventA
RegisterEventSourceA
RegisterServiceCtrlHandlerA
RegCloseKey
RegCreateKeyExA

shell32

ShellExecuteW
ord680
SHGetFileInfoA
SHGetMalloc
SHBrowseForFolderW
SHGetPathFromIDListA
ShellExecuteExA
CommandLineToArgvW
SHGetSpecialFolderPathA
ShellExecuteA
SHChangeNotify
SHGetFolderPathA
DragAcceptFiles
DragQueryFileA
DragFinish
Shell_NotifyIconA
Shell_NotifyIconW

ole32

CoUninitialize
CoRegisterClassObject
CoRevokeClassObject
CoGetObject
StringFromGUID2
CoCreateInstance
CoInitialize

oleaut32

SysAllocStringLen
SysStringByteLen
SysAllocStringByteLen
SysFreeString

ws2_32

listen
recvfrom
sendto
getaddrinfo
freeaddrinfo
socket
closesocket
accept
bind
WSAIoctl
connect
setsockopt
getsockopt
ntohs
getpeername
getsockname
select
__WSAFDIsSet
WSASetLastError
recv
send
WSAGetLastError
WSAStartup
WSACleanup
shutdown
gethostname
ioctlsocket
htons

wldap32

ord50
ord26
ord27
ord30
ord32
ord60
ord35
ord79
ord200
ord301
ord41
ord46
ord143
ord211
ord22
ord33

crypt32

CryptStringToBinaryA
CryptBinaryToStringA

iphlpapi

GetAdaptersInfo

Sections

.text
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 399KB - Virtual size: 399KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 97KB - Virtual size: 298KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 855KB - Virtual size: 855KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Potao Express/Potao_FakeTrueCryptextracted exe/Potao_FakeTrueCryptextracted exe_C1F715FF0AFC78AF81D215D485CC235C
.exe windows:5 windows x86 arch:x86

92b206cc4b926d6afd09c3335b1a6ad5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\dev\msvc\TrueCrypt\Mount\Debug\Mount.pdb

Imports

comctl32

ord17
ImageList_Create
ImageList_Add

setupapi

SetupInstallFromInfSectionA
SetupDiOpenClassRegKey
SetupOpenInfFileA
SetupCloseInfFile

version

VerQueryValueA
GetFileVersionInfoSizeA
GetFileVersionInfoA

kernel32

SetHandleInformation
CreatePipe
GetExitCodeProcess
WaitForSingleObject
MoveFileA
CopyFileA
WriteFile
GetShortPathNameA
GetVolumePathNameA
FindNextVolumeW
QueryDosDeviceW
FindFirstVolumeW
GetTempPathA
GetDriveTypeA
LocalFree
VirtualUnlock
OutputDebugStringA
DefineDosDeviceA
GetCurrentProcessId
FormatMessageW
UnhandledExceptionFilter
GetFileInformationByHandle
VirtualQuery
GetCurrentProcess
GetCurrentThread
SetUnhandledExceptionFilter
ReleaseMutex
OpenMutexA
GetVersionExA
GetModuleHandleA
SetErrorMode
GetVolumeInformationW
SetCurrentDirectoryA
QueryPerformanceCounter
QueryPerformanceFrequency
GetDiskFreeSpaceA
GetDiskFreeSpaceExA
SetFilePointer
FlushFileBuffers
GetModuleFileNameW
GetFileSize
GetCurrentDirectoryA
LockResource
SizeofResource
LoadResource
FindResourceA
GetFileAttributesA
CreateEventA
SetEvent
InterlockedExchange
InterlockedExchangeAdd
ResetEvent
GetFileAttributesExA
CreateFileW
FindNextFileW
FindFirstFileW
DeleteCriticalSection
GetStartupInfoA
GetProcessWorkingSetSize
GetProcessTimes
GetThreadTimes
GlobalMemoryStatus
GetProcessHeap
GetDriveTypeW
LoadLibraryA
GetTimeZoneInformation
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
GetLocaleInfoA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetFullPathNameA
SetCurrentDirectoryW
GetCurrentDirectoryW
SetHandleCount
IsValidCodePage
GetOEMCP
GetACP
HeapDestroy
HeapCreate
HeapFree
HeapQueryInformation
HeapSize
HeapReAlloc
HeapAlloc
SetConsoleCtrlHandler
OutputDebugStringW
FatalAppExitA
GetLocaleInfoW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
IsProcessorFeaturePresent
GetCPInfo
LCMapStringW
GetStartupInfoW
HeapSetInformation
FindFirstFileExA
SetStdHandle
InitializeCriticalSectionAndSpinCount
LoadLibraryW
lstrlenA
GetSystemTimeAsFileTime
GetFileAttributesW
GetStdHandle
WriteConsoleW
GetConsoleMode
GetConsoleCP
ExitProcess
GetModuleHandleW
GetFileType
PeekNamedPipe
FileTimeToLocalFileTime
FileTimeToSystemTime
ExitThread
CreateThread
ResumeThread
IsBadReadPtr
HeapValidate
IsDebuggerPresent
TerminateProcess
RaiseException
RtlUnwind
DecodePointer
EncodePointer
InterlockedCompareExchange
GetStringTypeW
ExpandEnvironmentStringsA
OpenEventA
VirtualAlloc
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
OpenFileMappingA
GetProcAddress
FreeLibrary
GetSystemInfo
FormatMessageA
SetFilePointerEx
CreateFileA
GetFileSizeEx
GetFileTime
ReadFile
SetFileTime
SetLastError
GetVolumeNameForVolumeMountPointA
DeleteVolumeMountPointA
SetVolumeMountPointA
GetTickCount
CreateMutexA
VirtualLock
InitializeCriticalSection
CreateProcessA
CloseHandle
GetCommandLineA
GetCommandLineW
GetSystemTime
GetWindowsDirectoryA
SystemTimeToFileTime
GetModuleFileNameA
GetSystemDirectoryA
CreateDirectoryA
GetLogicalDrives
Sleep
EnterCriticalSection
LeaveCriticalSection
GetVolumeInformationA
FindFirstFileA
FindNextFileA
FindClose
lstrlenW
WideCharToMultiByte
GetLastError
InterlockedDecrement
InterlockedIncrement
MultiByteToWideChar
SetProcessShutdownParameters
GetCurrentThreadId
DeleteFileA
DeviceIoControl
FindFirstVolumeA
QueryDosDeviceA
FindNextVolumeA
FindVolumeClose
CompareStringW
SetEnvironmentVariableA
GetStringTypeExA
LCMapStringA
GetStringTypeExW
SleepEx
SetEndOfFile

user32

SetCursor
DefDlgProcA
LoadIconA
RegisterClassA
GetUpdateRect
BeginPaint
DefWindowProcA
GetDialogBaseUnits
EndPaint
LoadCursorA
SystemParametersInfoW
GetSystemMenu
DestroyWindow
CreateDialogParamW
GetWindowTextW
GetSystemMetrics
MoveWindow
TrackMouseEvent
DrawTextA
GetClassInfoA
SetLayeredWindowAttributes
CreateWindowExA
RegisterClassExA
EnumChildWindows
GetClassNameA
GetDlgCtrlID
GetKeyState
SendMessageTimeoutA
wsprintfA
ExitWindowsEx
SetWindowsHookExA
UnhookWindowsHookEx
CallNextHookEx
GetCaretPos
PeekMessageA
GetQueueStatus
LoadStringA
GetDC
ReleaseDC
UnregisterClassA
GetActiveWindow
MessageBoxA
CallWindowProcA
LoadImageA
GetProcessWindowStation
GetOpenClipboardWindow
GetMessageTime
GetInputState
GetFocus
DestroyIcon
SetWindowLongA
SetMenuItemInfoW
GetSubMenu
MessageBeep
EnumWindows
GetWindowLongA
RegisterWindowMessageA
IsWindowEnabled
SystemParametersInfoA
GetCursorPos
PostMessageA
GetMessagePos
DrawMenuBar
LoadBitmapA
SendDlgItemMessageW
GetDlgItemTextA
SetDlgItemTextA
SetFocus
SendDlgItemMessageA
SetDlgItemInt
GetDlgItemInt
CreatePopupMenu
TrackPopupMenu
DestroyMenu
GetWindowRect
FlashWindowEx
GetKeyboardLayout
LoadKeyboardLayoutA
SetForegroundWindow
MessageBoxW
GetWindowTextA
GetWindowTextLengthA
GetMenu
EnableMenuItem
SetWindowTextA
PostThreadMessageA
GetMessageA
TranslateMessage
DispatchMessageA
GetAsyncKeyState
GetParent
SetTimer
GetWindowTextLengthW
KillTimer
RegisterHotKey
UnregisterHotKey
wsprintfW
GetDlgItemTextW
CheckDlgButton
EnableWindow
GetDlgItem
ShowWindow
SetWindowTextW
GetClientRect
SetWindowPos
InvalidateRect
SendMessageW
SendMessageA
SetDlgItemTextW
EndDialog
IsDlgButtonChecked
DialogBoxParamW
DeleteMenu
AppendMenuA
AppendMenuW
LoadStringW
GetDesktopWindow
GetClipboardViewer
GetClipboardOwner
GetCapture
GetWindowInfo

gdi32

LineTo
GetCurrentObject
GetObjectA
CreateCompatibleBitmap
SetStretchBltMode
StretchBlt
MoveToEx
GetTextMetricsA
GetTextExtentPoint32W
SelectObject
GetDeviceCaps
CreateFontIndirectW
SetMapMode
CreateCompatibleDC
BitBlt
CreatePen
GetStockObject
DeleteObject
DeleteDC

comdlg32

GetSaveFileNameW
GetOpenFileNameW

advapi32

SetServiceStatus
RegDeleteValueA
RegDeleteKeyA
RegCreateKeyExA
CryptGenRandom
CryptReleaseContext
CryptAcquireContextA
RegEnumKeyExA
LookupPrivilegeValueA
OpenThreadToken
RevertToSelf
SetThreadToken
AdjustTokenPrivileges
OpenProcessToken
GetTokenInformation
IsWellKnownSid
QueryServiceStatus
ControlService
StartServiceA
CreateServiceA
ChangeServiceConfig2A
DeleteService
RegCloseKey
RegOpenKeyExA
RegQueryValueExA
RegSetValueExA
CloseServiceHandle
OpenSCManagerA
OpenServiceA
StartServiceCtrlDispatcherA
RegisterServiceCtrlHandlerA
DeregisterEventSource
ReportEventA
RegisterEventSourceA
ChangeServiceConfigA

shell32

ord680
SHGetFileInfoA
SHGetMalloc
SHBrowseForFolderW
SHGetPathFromIDListA
SHGetSpecialFolderPathA
Shell_NotifyIconA
Shell_NotifyIconW
CommandLineToArgvW
SHChangeNotify
SHGetFolderPathA
DragAcceptFiles
DragQueryFileA
DragFinish
ShellExecuteA
ShellExecuteW

ole32

CoRegisterClassObject
CoUninitialize
CoInitialize
CoGetObject
StringFromGUID2
CoCreateInstance
CoRevokeClassObject

oleaut32

SysStringByteLen
SysAllocStringLen
SysAllocStringByteLen
SysFreeString

ws2_32

select
freeaddrinfo
htons
ioctlsocket
gethostname
getaddrinfo
__WSAFDIsSet
closesocket
WSACleanup
WSAStartup
WSAGetLastError
send
recv
socket
getsockname
getpeername
ntohs
WSASetLastError
getsockopt
setsockopt
connect
bind

Sections

.textbss
Size: - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 2.4MB - Virtual size: 2.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 430KB - Virtual size: 430KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 50KB - Virtual size: 281KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 884KB - Virtual size: 884KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Potao Express/Potao_FakeTrueCryptextracted exe/Potao_FakeTrueCryptextracted exe_F64704ED25F4C728AF996EEE3EE85411
.exe windows:5 windows x86 arch:x86

17e2d845a4a591914df117cadfcaa45a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

comctl32

ord17
ImageList_Create
ImageList_Add

setupapi

SetupDiOpenClassRegKey
SetupOpenInfFileA
SetupInstallFromInfSectionA
SetupCloseInfFile

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

kernel32

SystemTimeToFileTime
GetSystemTime
VirtualLock
VirtualAlloc
VirtualProtect
VirtualFree
IsBadReadPtr
HeapFree
GetProcessHeap
HeapAlloc
GetVersionExA
GetComputerNameW
GetVolumeInformationA
FindNextFileW
FindFirstFileW
GetDriveTypeW
GetLogicalDriveStringsW
CopyFileA
GetDriveTypeA
GetShortPathNameA
GetVolumePathNameA
FindNextVolumeW
QueryDosDeviceW
FindFirstVolumeW
WriteFile
LocalFree
VirtualUnlock
DefineDosDeviceA
GetCurrentProcessId
FormatMessageW
VirtualQuery
ReleaseMutex
OpenMutexA
GetVolumeInformationW
QueryPerformanceCounter
QueryPerformanceFrequency
FlushFileBuffers
GetFileSize
GetVolumeNameForVolumeMountPointA
GetModuleHandleA
GetCurrentDirectoryA
LockResource
SizeofResource
LoadResource
FindResourceA
GetFileAttributesA
SetFilePointer
GetModuleFileNameW
SetCurrentDirectoryA
GetDiskFreeSpaceA
UnhandledExceptionFilter
GetFileInformationByHandle
GetCurrentThread
SetUnhandledExceptionFilter
SetErrorMode
InterlockedExchangeAdd
InterlockedExchange
SetEvent
ResetEvent
CreateEventA
GetFileAttributesExA
DeleteCriticalSection
GetStartupInfoA
SetVolumeMountPointA
GetProcessTimes
GetThreadTimes
GlobalMemoryStatus
SleepEx
VerifyVersionInfoA
VerSetConditionMask
FormatMessageA
PeekNamedPipe
WaitForMultipleObjects
GetFileType
GetStdHandle
ExpandEnvironmentStringsA
GetVersion
FlushConsoleInputBuffer
GetCurrentProcess
DeleteVolumeMountPointA
InitializeCriticalSection
CreateThread
EnterCriticalSection
GetConsoleCP
GetConsoleMode
HeapReAlloc
GetFileAttributesW
GetSystemTimeAsFileTime
SetStdHandle
ExitThread
ResumeThread
FileTimeToSystemTime
FileTimeToLocalFileTime
DebugBreak
GetTimeZoneInformation
SetConsoleCtrlHandler
ReadConsoleInputA
SetConsoleMode
LCMapStringA
LCMapStringW
GetCPInfo
GetStringTypeW
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
HeapCreate
HeapSize
InitializeCriticalSectionAndSpinCount
GetACP
GetOEMCP
IsValidCodePage
SetHandleCount
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetFullPathNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetEndOfFile
GetLocaleInfoA
GetStringTypeA
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
GetLocaleInfoW
CompareStringA
ExitProcess
CompareStringW
LeaveCriticalSection
GetTempPathA
GetTempFileNameA
CopyFileW
GetWindowsDirectoryA
WaitForSingleObject
GetExitCodeProcess
CreatePipe
SetHandleInformation
GetSystemInfo
FindFirstFileA
LoadLibraryA
GetProcAddress
FreeLibrary
FindNextFileA
FindClose
SetFilePointerEx
CreateFileA
GetFileSizeEx
GetFileTime
ReadFile
SetFileTime
GetLogicalDrives
MoveFileA
SetLastError
CreateFileW
GetCommandLineA
GetCommandLineW
GetTickCount
CreateMutexA
Sleep
GetSystemDirectoryA
CreateDirectoryA
GetModuleFileNameA
CreateProcessA
CloseHandle
SetProcessShutdownParameters
GetCurrentThreadId
lstrlenW
WideCharToMultiByte
MultiByteToWideChar
InterlockedIncrement
GetLastError
InterlockedDecrement
DeviceIoControl
FindFirstVolumeA
QueryDosDeviceA
FindNextVolumeA
FindVolumeClose
DeleteFileA
SetEnvironmentVariableA
GetStringTypeExA
InterlockedCompareExchange
TerminateProcess
IsDebuggerPresent
RaiseException
RtlUnwind
GetModuleHandleW
GetProcessWorkingSetSize

user32

GetKeyState
EnumChildWindows
GetDlgCtrlID
GetClassNameA
LoadCursorA
SetCursor
DefDlgProcA
UnregisterClassA
LoadIconA
RegisterClassA
GetUpdateRect
BeginPaint
DefWindowProcA
GetDialogBaseUnits
EndPaint
PeekMessageA
DestroyWindow
GetSystemMetrics
GetWindowInfo
MoveWindow
GetDC
ReleaseDC
MessageBoxA
GetActiveWindow
GetMessagePos
EnumWindows
RegisterWindowMessageA
IsWindowEnabled
SystemParametersInfoA
DrawMenuBar
PostMessageA
GetCursorPos
SetLayeredWindowAttributes
CreateWindowExA
RegisterClassExA
TrackMouseEvent
GetSystemMenu
SystemParametersInfoW
SendMessageTimeoutA
wsprintfA
DrawTextA
GetClassInfoA
UnhookWindowsHookEx
CallNextHookEx
GetCaretPos
GetQueueStatus
GetProcessWindowStation
GetOpenClipboardWindow
GetWindowTextW
SetMenuItemInfoW
GetSubMenu
LoadBitmapA
FlashWindowEx
GetDlgItemInt
CreatePopupMenu
TrackPopupMenu
GetMessageTime
GetInputState
GetFocus
GetDesktopWindow
GetClipboardViewer
DestroyMenu
SetDlgItemInt
GetMenu
EnableMenuItem
SetWindowLongA
GetWindowLongA
CallWindowProcA
GetWindowRect
SetForegroundWindow
LoadImageA
GetDlgItemTextA
SetDlgItemTextA
SendDlgItemMessageA
SetFocus
SendDlgItemMessageW
GetKeyboardLayout
LoadKeyboardLayoutA
MessageBoxW
GetWindowTextA
SetWindowTextA
GetWindowTextLengthA
GetMessageA
TranslateMessage
DispatchMessageA
PostThreadMessageA
GetParent
SetTimer
GetWindowTextLengthW
KillTimer
GetAsyncKeyState
RegisterHotKey
UnregisterHotKey
wsprintfW
DialogBoxParamW
ShowWindow
SetWindowTextW
GetClientRect
SetWindowPos
InvalidateRect
SendMessageW
EndDialog
SendMessageA
DeleteMenu
AppendMenuA
AppendMenuW
GetDlgItemTextW
IsDlgButtonChecked
SetDlgItemTextW
CheckDlgButton
GetDlgItem
EnableWindow
LoadStringA
GetClipboardOwner
GetCapture
SetWindowsHookExA
GetUserObjectInformationW
MessageBeep

gdi32

CreateFontIndirectW
GetStockObject
CreatePen
MoveToEx
LineTo
GetCurrentObject
GetObjectA
SetStretchBltMode
StretchBlt
DeleteDC
BitBlt
CreateCompatibleDC
SetMapMode
GetDeviceCaps
SelectObject
GetTextExtentPoint32W
GetTextMetricsA
CreateCompatibleBitmap
DeleteObject

comdlg32

GetOpenFileNameW
GetSaveFileNameW

advapi32

StartServiceCtrlDispatcherA
RegEnumValueA
RegQueryValueExA
RegSetValueExA
RegDeleteValueA
RegDeleteKeyA
CryptAcquireContextA
CryptGenRandom
CryptReleaseContext
RegEnumKeyExA
GetTokenInformation
IsWellKnownSid
QueryServiceStatus
ControlService
StartServiceA
OpenProcessToken
RegOpenKeyExA
ChangeServiceConfigA
OpenSCManagerA
CreateServiceA
ChangeServiceConfig2A
OpenServiceA
DeleteService
CloseServiceHandle
GetUserNameW
SetServiceStatus
DeregisterEventSource
ReportEventA
RegisterEventSourceA
RegisterServiceCtrlHandlerA
RegCloseKey
RegCreateKeyExA

shell32

ShellExecuteW
ord680
SHGetFileInfoA
SHGetMalloc
SHBrowseForFolderW
SHGetPathFromIDListA
ShellExecuteExA
CommandLineToArgvW
SHGetSpecialFolderPathA
ShellExecuteA
SHChangeNotify
SHGetFolderPathA
DragAcceptFiles
DragQueryFileA
DragFinish
Shell_NotifyIconA
Shell_NotifyIconW

ole32

CoUninitialize
CoRegisterClassObject
CoRevokeClassObject
CoGetObject
StringFromGUID2
CoCreateInstance
CoInitialize

oleaut32

SysAllocStringLen
SysStringByteLen
SysAllocStringByteLen
SysFreeString

ws2_32

listen
recvfrom
sendto
getaddrinfo
freeaddrinfo
socket
closesocket
accept
bind
WSAIoctl
connect
setsockopt
getsockopt
ntohs
getpeername
getsockname
select
__WSAFDIsSet
WSASetLastError
recv
send
WSAGetLastError
WSAStartup
WSACleanup
shutdown
gethostname
ioctlsocket
htons

wldap32

ord50
ord26
ord27
ord30
ord32
ord60
ord35
ord79
ord200
ord301
ord41
ord46
ord143
ord211
ord22
ord33

crypt32

CryptStringToBinaryA
CryptBinaryToStringA

Sections

.text
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 399KB - Virtual size: 399KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 97KB - Virtual size: 298KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 855KB - Virtual size: 855KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Potao Express/Potao_OtherDroppers/Potao_OtherDroppers_02D438DF779AFFDDAF02CA995C60CECB
.exe windows:5 windows x86 arch:x86

e7fbb8c497d92f1f6ebab4219113def6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

??3@YAXPAX@Z
_except_handler3
strlen
sprintf
strcmp
memset
??2@YAPAXI@Z
_strdup

kernel32

RaiseException
GetModuleHandleA

user32

UnregisterClassA
DefWindowProcA
UpdateWindow
ShowWindow
GetWindowTextA
FindWindowA
CreateWindowExA
RegisterClassExA
LoadIconA
LoadCursorA
DispatchMessageA
TranslateMessage
GetMessageA
DestroyWindow

Sections

.text
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Potao Express/Potao_OtherDroppers/Potao_OtherDroppers_043F99A875424CA0023A21739DBA51EF
.exe windows:5 windows x86 arch:x86

9ffe655467145da5ed16f296022d5039

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

strlen
memset
strcmp
_exit
_XcptFilter
exit
_acmdln
__getmainargs
??3@YAXPAX@Z
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
_controlfp
??2@YAPAXI@Z
_initterm
sprintf
_strdup

kernel32

GetModuleHandleA
GetStartupInfoA

user32

FindWindowA
UpdateWindow
DispatchMessageA
ShowWindow
DefWindowProcA
CreateWindowExA
UnregisterClassA
MessageBoxA
GetWindowTextA
TranslateMessage
LoadIconA
RegisterClassExA
GetMessageA
DestroyWindow
LoadCursorA

Sections

.text
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Potao Express/Potao_OtherDroppers/Potao_OtherDroppers_11B4E7EA6BAE19A29343AE3FF3FB00CA
.exe windows:5 windows x86 arch:x86

28160afac4b60d207256e4254513bee2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

??2@YAPAXI@Z
_except_handler3
memset
??3@YAXPAX@Z
_strdup
sprintf

kernel32

RtlUnwind
CloseHandle
WriteConsoleW
SetFilePointerEx
SetStdHandle
GetConsoleMode
GetConsoleCP
InitializeCriticalSectionAndSpinCount
GetModuleHandleA
FlushFileBuffers
GetStringTypeW
LCMapStringW
WideCharToMultiByte
OutputDebugStringW
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
LoadLibraryExW
GetCurrentThreadId
InterlockedIncrement
Sleep
GetModuleFileNameW
WriteFile
GetStdHandle
MultiByteToWideChar
GetModuleHandleExW
ExitProcess
LoadLibraryW
IsDebuggerPresent
EncodePointer
DecodePointer
IsProcessorFeaturePresent
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
GetLastError
HeapFree
HeapAlloc
CreateFileW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
SetLastError
GetCurrentProcess
TerminateProcess
TlsGetValue
TlsSetValue
GetProcAddress
InterlockedDecrement

user32

GetWindowLongA
MessageBoxA
GetWindowTextA
SetActiveWindow
UpdateWindow
EnableWindow
SetCapture
SetFocus
DefDlgProcA
GetDlgItemTextA
EndDialog
DialogBoxParamA
CreateDialogParamA
GetDesktopWindow
GetWindowPlacement
MoveWindow
ShowWindow
DestroyWindow
CreateWindowExA
RegisterClassExA
UnregisterClassA
PostQuitMessage
DefWindowProcA
DispatchMessageA
TranslateMessage
GetMessageA
DrawEdge
RegisterWindowMessageA
GetParent
FindWindowA
LoadCursorA
LoadIconA
IsDialogMessageA
SetWindowPlacement

Sections

.text
Size: 61KB - Virtual size: 61KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 39KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Potao Express/Potao_OtherDroppers/Potao_OtherDroppers_1AB8D45656E245ACA4E59AA0519F6BA0
.exe windows:5 windows x86 arch:x86

a9b1363a83d63d79d353b877cee7e5e1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

strlen
calloc
free
??2@YAPAXI@Z
strcmp
memset
sprintf
_strdup
_except_handler3

kernel32

MoveFileA
CreateDirectoryA
GetEnvironmentVariableA
DeleteFileA

user32

ShowWindow
DefWindowProcA
CreateWindowExA
UnregisterClassA
MessageBoxA
DispatchMessageA
TranslateMessage
LoadIconA
RegisterClassExA
GetMessageA
DestroyWindow
GetWindowTextA
FindWindowA
LoadCursorA
UpdateWindow

shell32

SHGetFolderPathA

Sections

.text
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Potao Express/Potao_OtherDroppers/Potao_OtherDroppers_27D74523B182AE630C4E5236897E11F3
.exe windows:5 windows x86 arch:x86

20e9cb8e133d2d906a4bb4ce70b26f17

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

??2@YAPAXI@Z
_strdup
sprintf
_except_handler3
memset
??3@YAXPAX@Z
strcmp

kernel32

SetStdHandle
GetConsoleMode
GetConsoleCP
FlushFileBuffers
InitializeCriticalSectionAndSpinCount
GetModuleHandleA
GetStringTypeW
SetFilePointerEx
CloseHandle
WideCharToMultiByte
LoadLibraryW
OutputDebugStringW
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
LCMapStringW
WriteConsoleW
LoadLibraryExW
GetCurrentProcess
GetModuleHandleW
IsDebuggerPresent
EncodePointer
DecodePointer
IsProcessorFeaturePresent
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
GetLastError
HeapFree
HeapAlloc
RtlUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
SetLastError
CreateFileW
TerminateProcess
TlsGetValue
TlsSetValue
GetProcAddress
InterlockedDecrement
ExitProcess
GetModuleHandleExW
MultiByteToWideChar
GetStdHandle
WriteFile
GetModuleFileNameW
Sleep
InterlockedIncrement
GetCurrentThreadId

user32

GetDC
UpdateWindow
GetCapture
ShowWindow
DestroyWindow
ReleaseDC
RegisterClassExA
UnregisterClassA
DefWindowProcA
DispatchMessageA
TranslateMessage
GetMessageA
GetWindowTextA
MessageBoxA
FindWindowA
LoadCursorA
LoadIconA
EnumDisplayDevicesA
CreateWindowExA

gdi32

CreateDCA

shell32

SHGetFolderPathA

comctl32

ord17

Sections

.text
Size: 69KB - Virtual size: 68KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Potao Express/Potao_OtherDroppers/Potao_OtherDroppers_360DF4C2F2B99052C07E08EDBE15AB2C
.exe windows:5 windows x86 arch:x86

28160afac4b60d207256e4254513bee2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

??2@YAPAXI@Z
_except_handler3
memset
??3@YAXPAX@Z
_strdup
sprintf

kernel32

RtlUnwind
CloseHandle
WriteConsoleW
SetFilePointerEx
SetStdHandle
GetConsoleMode
GetConsoleCP
InitializeCriticalSectionAndSpinCount
GetModuleHandleA
FlushFileBuffers
GetStringTypeW
LCMapStringW
WideCharToMultiByte
OutputDebugStringW
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
LoadLibraryExW
GetCurrentThreadId
InterlockedIncrement
Sleep
GetModuleFileNameW
WriteFile
GetStdHandle
MultiByteToWideChar
GetModuleHandleExW
ExitProcess
LoadLibraryW
IsDebuggerPresent
EncodePointer
DecodePointer
IsProcessorFeaturePresent
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
GetLastError
HeapFree
HeapAlloc
CreateFileW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
SetLastError
GetCurrentProcess
TerminateProcess
TlsGetValue
TlsSetValue
GetProcAddress
InterlockedDecrement

user32

GetWindowLongA
MessageBoxA
GetWindowTextA
SetActiveWindow
UpdateWindow
EnableWindow
SetCapture
SetFocus
DefDlgProcA
GetDlgItemTextA
EndDialog
DialogBoxParamA
CreateDialogParamA
GetDesktopWindow
GetWindowPlacement
MoveWindow
ShowWindow
DestroyWindow
CreateWindowExA
RegisterClassExA
UnregisterClassA
PostQuitMessage
DefWindowProcA
DispatchMessageA
TranslateMessage
GetMessageA
DrawEdge
RegisterWindowMessageA
GetParent
FindWindowA
LoadCursorA
LoadIconA
IsDialogMessageA
SetWindowPlacement

Sections

.text
Size: 61KB - Virtual size: 61KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 39KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Potao Express/Potao_OtherDroppers/Potao_OtherDroppers_38E708FEA8016520CB25D3CB933F2244
.exe windows:5 windows x86 arch:x86

33dcf253c46574ff95d3a6ebc6cd2ade

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

??3@YAXPAX@Z
??2@YAPAXI@Z
sprintf
_except_handler3

kernel32

GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
GetProcAddress
GetModuleHandleA
InitializeCriticalSectionAndSpinCount
LoadLibraryA
CreateFileW
CloseHandle
WriteConsoleW
SetFilePointerEx
SetStdHandle
GetConsoleMode
GetConsoleCP
FlushFileBuffers
GetStringTypeW
LCMapStringW
WideCharToMultiByte
LoadLibraryW
IsProcessorFeaturePresent
IsDebuggerPresent
EncodePointer
DecodePointer
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
GetLastError
HeapFree
HeapAlloc
RtlUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
SetLastError
GetCurrentProcess
TerminateProcess
TlsGetValue
TlsSetValue
InterlockedDecrement
ExitProcess
GetModuleHandleExW
MultiByteToWideChar
GetStdHandle
WriteFile
GetModuleFileNameW
Sleep
InterlockedIncrement
GetCurrentThreadId
LoadLibraryExW
OutputDebugStringW

user32

DefWindowProcA

Sections

.text
Size: 95KB - Virtual size: 94KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Potao Express/Potao_OtherDroppers/Potao_OtherDroppers_6BA88E8E74B12C914483C026AE92EB42
.exe windows:5 windows x86 arch:x86

0ccd2d423dfdb09fd81be9ae98a678f1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

??2@YAPAXI@Z
_except_handler3
memset
??3@YAXPAX@Z
strcmp
_strdup
sprintf

kernel32

CloseHandle
WriteConsoleW
SetFilePointerEx
SetStdHandle
GetConsoleMode
GetConsoleCP
FlushFileBuffers
InitializeCriticalSectionAndSpinCount
GetModuleHandleA
GetStringTypeW
LCMapStringW
WideCharToMultiByte
OutputDebugStringW
GetCPInfo
LoadLibraryW
IsDebuggerPresent
EncodePointer
DecodePointer
IsProcessorFeaturePresent
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
GetLastError
HeapFree
HeapAlloc
RtlUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
SetLastError
GetCurrentProcess
TerminateProcess
TlsGetValue
TlsSetValue
CreateFileW
GetProcAddress
InterlockedDecrement
ExitProcess
GetModuleHandleExW
MultiByteToWideChar
GetStdHandle
WriteFile
GetModuleFileNameW
Sleep
InterlockedIncrement
GetCurrentThreadId
LoadLibraryExW
IsValidCodePage
GetACP
GetOEMCP

user32

CreateWindowExA
RegisterClassExA
UnregisterClassA
DestroyWindow
DispatchMessageA
TranslateMessage
GetMessageA
ShowWindow
UpdateWindow
GetWindowTextA
FindWindowA
LoadCursorA
LoadIconA
DefWindowProcA

Sections

.text
Size: 63KB - Virtual size: 62KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 39KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Potao Express/Potao_OtherDroppers/Potao_OtherDroppers_89A3EA3967745E04199EBF222494452E
.exe windows:5 windows x86 arch:x86

a9b1363a83d63d79d353b877cee7e5e1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

strlen
calloc
free
??2@YAPAXI@Z
strcmp
memset
sprintf
_strdup
_except_handler3

kernel32

MoveFileA
CreateDirectoryA
GetEnvironmentVariableA
DeleteFileA

user32

ShowWindow
DefWindowProcA
CreateWindowExA
UnregisterClassA
MessageBoxA
DispatchMessageA
TranslateMessage
LoadIconA
RegisterClassExA
GetMessageA
DestroyWindow
GetWindowTextA
FindWindowA
LoadCursorA
UpdateWindow

shell32

SHGetFolderPathA

Sections

.text
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Potao Express/Potao_USBSpreaders/Potao_USBSpreaders_057028E46EA797834DA401E4DB7C860A
.exe windows:5 windows x86 arch:x86

1e81476a7ece76f166693566027b93b3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shell32

SHGetFolderPathA

user32

RegisterClassExA
CreateWindowExA
GetMessageA
TranslateMessage
DefWindowProcA
MessageBoxA
EnumDisplayDevicesA
GetDC
ReleaseDC
DispatchMessageA

kernel32

FlushFileBuffers
CreateFileW
HeapSize
HeapReAlloc
GetStringTypeW
LCMapStringW
WriteConsoleW
SetStdHandle
GetLocaleInfoW
GetUserDefaultLCID
CloseHandle
GetLastError
GetProcAddress
LoadLibraryA
ExitProcess
Sleep
CopyFileA
GetModuleFileNameA
VirtualAlloc
EnumSystemLocalesA
GetLocaleInfoA
VirtualFree
GetCurrentThread
HeapFree
GetCommandLineA
HeapSetInformation
GetStartupInfoW
HeapAlloc
DecodePointer
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
EncodePointer
TerminateProcess
GetCurrentProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
GetModuleHandleW
SetLastError
GetCurrentThreadId
InterlockedDecrement
IsValidLocale
WideCharToMultiByte
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
LeaveCriticalSection
FatalAppExitA
EnterCriticalSection
RtlUnwind
VirtualQuery
IsProcessorFeaturePresent
HeapCreate
HeapDestroy
WriteFile
GetStdHandle
GetModuleFileNameW
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
SetFilePointer
GetConsoleCP
GetConsoleMode
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
CompareStringW
MultiByteToWideChar
SetEnvironmentVariableA
SetConsoleCtrlHandler
FreeLibrary
InterlockedExchange
LoadLibraryW

gdi32

CreateDCA

advapi32

AccessCheckByTypeResultListAndAuditAlarmByHandleA

Sections

.text
Size: 118KB - Virtual size: 118KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 37KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.itext
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Potao Express/Potao_USBSpreaders/Potao_USBSpreaders_1234BF4F0F5DEBC800D85C1BD2255671
.exe windows:5 windows x86 arch:x86

1e81476a7ece76f166693566027b93b3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shell32

SHGetFolderPathA

user32

RegisterClassExA
CreateWindowExA
GetMessageA
TranslateMessage
DefWindowProcA
MessageBoxA
EnumDisplayDevicesA
GetDC
ReleaseDC
DispatchMessageA

kernel32

FlushFileBuffers
CreateFileW
HeapSize
HeapReAlloc
GetStringTypeW
LCMapStringW
WriteConsoleW
SetStdHandle
GetLocaleInfoW
GetUserDefaultLCID
CloseHandle
GetLastError
GetProcAddress
LoadLibraryA
ExitProcess
Sleep
CopyFileA
GetModuleFileNameA
VirtualAlloc
EnumSystemLocalesA
GetLocaleInfoA
VirtualFree
GetCurrentThread
HeapFree
GetCommandLineA
HeapSetInformation
GetStartupInfoW
HeapAlloc
DecodePointer
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
EncodePointer
TerminateProcess
GetCurrentProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
GetModuleHandleW
SetLastError
GetCurrentThreadId
InterlockedDecrement
IsValidLocale
WideCharToMultiByte
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
LeaveCriticalSection
FatalAppExitA
EnterCriticalSection
RtlUnwind
VirtualQuery
IsProcessorFeaturePresent
HeapCreate
HeapDestroy
WriteFile
GetStdHandle
GetModuleFileNameW
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
SetFilePointer
GetConsoleCP
GetConsoleMode
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
CompareStringW
MultiByteToWideChar
SetEnvironmentVariableA
SetConsoleCtrlHandler
FreeLibrary
InterlockedExchange
LoadLibraryW

gdi32

CreateDCA

advapi32

AccessCheckByTypeResultListAndAuditAlarmByHandleA

Sections

.text
Size: 118KB - Virtual size: 118KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 37KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.itext
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Potao Express/Potao_USBSpreaders/Potao_USBSpreaders_2646F7159E1723F089D63E08C8BFAFFB
.exe windows:5 windows x86 arch:x86

7d49c6380096d9d2548dbf3bb120d2ee

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shell32

SHGetFolderPathA

user32

RegisterClassExA
CreateWindowExA
GetMessageA
TranslateMessage
DefWindowProcA
MessageBoxA
EnumDisplayDevicesA
GetDC
ReleaseDC
DispatchMessageA

kernel32

GetLocaleInfoA
GetUserDefaultLCID
FlushFileBuffers
CreateFileW
HeapSize
HeapReAlloc
GetStringTypeW
LCMapStringW
WriteConsoleW
SetStdHandle
RtlUnwind
EnumSystemLocalesA
GetLastError
GetProcAddress
LoadLibraryA
ResumeThread
CreateProcessA
ExitProcess
CopyFileA
GetModuleFileNameA
CloseHandle
VirtualAlloc
VirtualFree
SetLastError
GetCommandLineA
HeapSetInformation
GetStartupInfoW
DecodePointer
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
EncodePointer
TerminateProcess
GetCurrentProcess
WideCharToMultiByte
GetModuleHandleW
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
LeaveCriticalSection
FatalAppExitA
EnterCriticalSection
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
IsValidLocale
GetCurrentThreadId
InterlockedDecrement
GetCurrentThread
HeapAlloc
IsProcessorFeaturePresent
WriteFile
GetStdHandle
GetModuleFileNameW
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
HeapCreate
HeapDestroy
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
SetFilePointer
GetConsoleCP
GetConsoleMode
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
HeapFree
Sleep
CompareStringW
MultiByteToWideChar
SetEnvironmentVariableA
SetConsoleCtrlHandler
FreeLibrary
InterlockedExchange
LoadLibraryW
GetLocaleInfoW

gdi32

CreateDCA

Sections

.text
Size: 80KB - Virtual size: 80KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 91KB - Virtual size: 90KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 33KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Potao Express/Potao_USBSpreaders/Potao_USBSpreaders_2BD0D2B5EE4E93717EA71445B102E38E
.exe windows:5 windows x86 arch:x86

ea28566f36e44d0f734b6bc1587bc9ec

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shell32

SHGetFolderPathA

user32

RegisterClassExA
CreateWindowExA
GetMessageA
TranslateMessage
DefWindowProcA
MessageBoxA
EnumDisplayDevicesA
GetDC
ReleaseDC
DispatchMessageA

kernel32

GetLocaleInfoA
GetUserDefaultLCID
FlushFileBuffers
CreateFileW
HeapSize
HeapReAlloc
GetStringTypeW
LCMapStringW
WriteConsoleW
SetStdHandle
EnumSystemLocalesA
VirtualFree
GetLastError
GetProcAddress
LoadLibraryA
ExitProcess
Sleep
CopyFileA
CloseHandle
GetModuleFileNameA
VirtualAlloc
RtlUnwind
InitializeCriticalSectionAndSpinCount
GetCommandLineA
HeapSetInformation
GetStartupInfoW
HeapAlloc
DecodePointer
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
EncodePointer
TerminateProcess
GetCurrentProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
GetModuleHandleW
SetLastError
GetCurrentThreadId
InterlockedDecrement
GetCurrentThread
WideCharToMultiByte
IsValidLocale
DeleteCriticalSection
LeaveCriticalSection
FatalAppExitA
EnterCriticalSection
IsProcessorFeaturePresent
WriteFile
GetStdHandle
GetModuleFileNameW
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
HeapCreate
HeapDestroy
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
SetFilePointer
GetConsoleCP
GetConsoleMode
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
HeapFree
CompareStringW
MultiByteToWideChar
SetEnvironmentVariableA
SetConsoleCtrlHandler
FreeLibrary
InterlockedExchange
LoadLibraryW
GetLocaleInfoW

gdi32

CreateDCA

Sections

.text
Size: 85KB - Virtual size: 85KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 91KB - Virtual size: 91KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 33KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Potao Express/Potao_USBSpreaders/Potao_USBSpreaders_35724E234F6258E601257FB219DB9079
.exe windows:5 windows x86 arch:x86

d09c5cff654ad336b562406337e1accf

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shell32

SHGetFolderPathA

user32

EnumDisplayDevicesA
MessageBoxA
DispatchMessageA
TranslateMessage
GetMessageA
CreateWindowExA
RegisterClassExA
GetDC
ReleaseDC
DefWindowProcA

kernel32

GetModuleHandleA
GetStartupInfoA
VirtualAlloc
ExitProcess
LoadLibraryA
GetProcAddress
GetLastError
CloseHandle
VirtualFree

msvcrt

_initterm
_adjust_fdiv
_onexit
__dllonexit
_controlfp
_except_handler3
__set_app_type
__p__fmode
_exit
_XcptFilter
exit
_acmdln
__getmainargs
__setusermatherr
__p__commode

gdi32

CreateDCA

Sections

.text
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Potao Express/Potao_USBSpreaders/Potao_USBSpreaders_3813B848162261CC5982DD64C741B450
.exe windows:5 windows x86 arch:x86

1e81476a7ece76f166693566027b93b3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shell32

SHGetFolderPathA

user32

RegisterClassExA
CreateWindowExA
GetMessageA
TranslateMessage
DefWindowProcA
MessageBoxA
EnumDisplayDevicesA
GetDC
ReleaseDC
DispatchMessageA

kernel32

FlushFileBuffers
CreateFileW
HeapSize
HeapReAlloc
GetStringTypeW
LCMapStringW
WriteConsoleW
SetStdHandle
GetLocaleInfoW
GetUserDefaultLCID
CloseHandle
GetLastError
GetProcAddress
LoadLibraryA
ExitProcess
Sleep
CopyFileA
GetModuleFileNameA
VirtualAlloc
EnumSystemLocalesA
GetLocaleInfoA
VirtualFree
GetCurrentThread
HeapFree
GetCommandLineA
HeapSetInformation
GetStartupInfoW
HeapAlloc
DecodePointer
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
EncodePointer
TerminateProcess
GetCurrentProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
GetModuleHandleW
SetLastError
GetCurrentThreadId
InterlockedDecrement
IsValidLocale
WideCharToMultiByte
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
LeaveCriticalSection
FatalAppExitA
EnterCriticalSection
RtlUnwind
VirtualQuery
IsProcessorFeaturePresent
HeapCreate
HeapDestroy
WriteFile
GetStdHandle
GetModuleFileNameW
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
SetFilePointer
GetConsoleCP
GetConsoleMode
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
CompareStringW
MultiByteToWideChar
SetEnvironmentVariableA
SetConsoleCtrlHandler
FreeLibrary
InterlockedExchange
LoadLibraryW

gdi32

CreateDCA

advapi32

AccessCheckByTypeResultListAndAuditAlarmByHandleA

Sections

.text
Size: 90KB - Virtual size: 89KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 38KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.itext
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Potao Express/Potao_USBSpreaders/Potao_USBSpreaders_39B67CC6DAE5214328022C44F28CED8B
.exe windows:5 windows x86 arch:x86

7d49c6380096d9d2548dbf3bb120d2ee

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shell32

SHGetFolderPathA

user32

RegisterClassExA
CreateWindowExA
GetMessageA
TranslateMessage
DefWindowProcA
MessageBoxA
EnumDisplayDevicesA
GetDC
ReleaseDC
DispatchMessageA

kernel32

GetLocaleInfoA
GetUserDefaultLCID
FlushFileBuffers
CreateFileW
HeapSize
HeapReAlloc
GetStringTypeW
LCMapStringW
WriteConsoleW
SetStdHandle
RtlUnwind
EnumSystemLocalesA
GetLastError
GetProcAddress
LoadLibraryA
ResumeThread
CreateProcessA
ExitProcess
CopyFileA
GetModuleFileNameA
CloseHandle
VirtualAlloc
VirtualFree
SetLastError
GetCommandLineA
HeapSetInformation
GetStartupInfoW
DecodePointer
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
EncodePointer
TerminateProcess
GetCurrentProcess
WideCharToMultiByte
GetModuleHandleW
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
LeaveCriticalSection
FatalAppExitA
EnterCriticalSection
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
IsValidLocale
GetCurrentThreadId
InterlockedDecrement
GetCurrentThread
HeapAlloc
IsProcessorFeaturePresent
WriteFile
GetStdHandle
GetModuleFileNameW
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
HeapCreate
HeapDestroy
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
SetFilePointer
GetConsoleCP
GetConsoleMode
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
HeapFree
Sleep
CompareStringW
MultiByteToWideChar
SetEnvironmentVariableA
SetConsoleCtrlHandler
FreeLibrary
InterlockedExchange
LoadLibraryW
GetLocaleInfoW

gdi32

CreateDCA

Sections

.text
Size: 80KB - Virtual size: 80KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 91KB - Virtual size: 90KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 33KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Potao Express/Potao_USBSpreaders/Potao_USBSpreaders_514423670DE210F13092D6CB8916748E
.exe windows:5 windows x86 arch:x86

ea28566f36e44d0f734b6bc1587bc9ec

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shell32

SHGetFolderPathA

user32

RegisterClassExA
CreateWindowExA
GetMessageA
TranslateMessage
DefWindowProcA
MessageBoxA
EnumDisplayDevicesA
GetDC
ReleaseDC
DispatchMessageA

kernel32

GetLocaleInfoA
GetUserDefaultLCID
FlushFileBuffers
CreateFileW
HeapSize
HeapReAlloc
GetStringTypeW
LCMapStringW
WriteConsoleW
SetStdHandle
EnumSystemLocalesA
VirtualFree
GetLastError
GetProcAddress
LoadLibraryA
ExitProcess
Sleep
CopyFileA
CloseHandle
GetModuleFileNameA
VirtualAlloc
RtlUnwind
InitializeCriticalSectionAndSpinCount
GetCommandLineA
HeapSetInformation
GetStartupInfoW
HeapAlloc
DecodePointer
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
EncodePointer
TerminateProcess
GetCurrentProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
GetModuleHandleW
SetLastError
GetCurrentThreadId
InterlockedDecrement
GetCurrentThread
WideCharToMultiByte
IsValidLocale
DeleteCriticalSection
LeaveCriticalSection
FatalAppExitA
EnterCriticalSection
IsProcessorFeaturePresent
WriteFile
GetStdHandle
GetModuleFileNameW
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
HeapCreate
HeapDestroy
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
SetFilePointer
GetConsoleCP
GetConsoleMode
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
HeapFree
CompareStringW
MultiByteToWideChar
SetEnvironmentVariableA
SetConsoleCtrlHandler
FreeLibrary
InterlockedExchange
LoadLibraryW
GetLocaleInfoW

gdi32

CreateDCA

Sections

.text
Size: 85KB - Virtual size: 85KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 91KB - Virtual size: 91KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 33KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Potao Express/Potao_USBSpreaders/Potao_USBSpreaders_542B00F903F945AD3A9291CB0AF73446
.exe windows:5 windows x86 arch:x86

da727c7f9f8154e6be5cbd0ae0dc3aa0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shell32

SHGetFolderPathA

user32

EnumDisplayDevicesA
MessageBoxA
DispatchMessageA
TranslateMessage
GetMessageA
CreateWindowExA
RegisterClassExA
GetDC
ReleaseDC
DefWindowProcA

kernel32

GetModuleHandleA
GetStartupInfoA
VirtualAlloc
VirtualFree
ExitProcess
LoadLibraryA
GetProcAddress
GetLastError
CloseHandle

msvcrt

_initterm
_adjust_fdiv
_onexit
__dllonexit
_controlfp
_except_handler3
__set_app_type
__p__fmode
_exit
_XcptFilter
exit
_acmdln
__getmainargs
__setusermatherr
__p__commode

gdi32

CreateDCA

Sections

.text
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 42KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 930B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Potao Express/Potao_USBSpreaders/Potao_USBSpreaders_609ABB2A86C324BBB9BA1E253595E573
.exe windows:5 windows x86 arch:x86

a91ff54f95d9488aa57799c2d9a04ccc

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shell32

SHGetFolderPathA

user32

RegisterClassExA
CreateWindowExA
GetMessageA
TranslateMessage
DefWindowProcA
MessageBoxA
EnumDisplayDevicesA
GetDC
ReleaseDC
DispatchMessageA

kernel32

GetLocaleInfoA
GetUserDefaultLCID
FlushFileBuffers
CreateFileW
HeapSize
HeapReAlloc
HeapAlloc
GetStringTypeW
LCMapStringW
MultiByteToWideChar
WriteConsoleW
VirtualFree
EnumSystemLocalesA
GetProcAddress
LoadLibraryA
ResumeThread
CreateProcessA
ExitProcess
CopyFileA
DeleteFileA
GetTempFileNameA
GetTempPathA
GetModuleFileNameA
CloseHandle
VirtualAlloc
GetLastError
InitializeCriticalSectionAndSpinCount
GetCommandLineA
HeapSetInformation
GetStartupInfoW
DecodePointer
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
EncodePointer
TerminateProcess
GetCurrentProcess
IsProcessorFeaturePresent
GetModuleHandleW
WriteFile
GetStdHandle
GetModuleFileNameW
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
SetHandleCount
IsValidLocale
GetFileType
DeleteCriticalSection
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
GetCurrentThread
HeapCreate
HeapDestroy
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
SetFilePointer
GetConsoleCP
GetConsoleMode
EnterCriticalSection
LeaveCriticalSection
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
HeapFree
Sleep
FatalAppExitA
SetConsoleCtrlHandler
FreeLibrary
InterlockedExchange
LoadLibraryW
GetLocaleInfoW
RtlUnwind
SetStdHandle

gdi32

CreateDCA

Sections

.text
Size: 76KB - Virtual size: 76KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 87KB - Virtual size: 86KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 31KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Potao Express/Potao_USBSpreaders/Potao_USBSpreaders_76DDA7CA15323FD658054E0550149B7B
.exe windows:5 windows x86 arch:x86

d09c5cff654ad336b562406337e1accf

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shell32

SHGetFolderPathA

user32

EnumDisplayDevicesA
MessageBoxA
DispatchMessageA
TranslateMessage
GetMessageA
CreateWindowExA
RegisterClassExA
GetDC
ReleaseDC
DefWindowProcA

kernel32

GetModuleHandleA
GetStartupInfoA
VirtualAlloc
ExitProcess
LoadLibraryA
GetProcAddress
GetLastError
CloseHandle
VirtualFree

msvcrt

_initterm
_adjust_fdiv
_onexit
__dllonexit
_controlfp
_except_handler3
__set_app_type
__p__fmode
_exit
_XcptFilter
exit
_acmdln
__getmainargs
__setusermatherr
__p__commode

gdi32

CreateDCA

Sections

.text
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Potao Express/Potao_USBSpreaders/Potao_USBSpreaders_9179F4683ECE450C1AC7A819B32BDB6D
.exe windows:5 windows x86 arch:x86

7d49c6380096d9d2548dbf3bb120d2ee

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shell32

SHGetFolderPathA

user32

RegisterClassExA
CreateWindowExA
GetMessageA
TranslateMessage
DefWindowProcA
MessageBoxA
EnumDisplayDevicesA
GetDC
ReleaseDC
DispatchMessageA

kernel32

GetLocaleInfoA
GetUserDefaultLCID
FlushFileBuffers
CreateFileW
HeapSize
HeapReAlloc
GetStringTypeW
LCMapStringW
WriteConsoleW
SetStdHandle
RtlUnwind
EnumSystemLocalesA
GetLastError
GetProcAddress
LoadLibraryA
ResumeThread
CreateProcessA
ExitProcess
CopyFileA
GetModuleFileNameA
CloseHandle
VirtualAlloc
VirtualFree
SetLastError
GetCommandLineA
HeapSetInformation
GetStartupInfoW
DecodePointer
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
EncodePointer
TerminateProcess
GetCurrentProcess
WideCharToMultiByte
GetModuleHandleW
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
LeaveCriticalSection
FatalAppExitA
EnterCriticalSection
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
IsValidLocale
GetCurrentThreadId
InterlockedDecrement
GetCurrentThread
HeapAlloc
IsProcessorFeaturePresent
WriteFile
GetStdHandle
GetModuleFileNameW
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
HeapCreate
HeapDestroy
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
SetFilePointer
GetConsoleCP
GetConsoleMode
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
HeapFree
Sleep
CompareStringW
MultiByteToWideChar
SetEnvironmentVariableA
SetConsoleCtrlHandler
FreeLibrary
InterlockedExchange
LoadLibraryW
GetLocaleInfoW

gdi32

CreateDCA

Sections

.text
Size: 80KB - Virtual size: 80KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 91KB - Virtual size: 90KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 33KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Potao Express/Potao_USBSpreaders/Potao_USBSpreaders_A2BB01B764491DD61FA3A7BA5AFC709C
.exe windows:5 windows x86 arch:x86

1e81476a7ece76f166693566027b93b3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shell32

SHGetFolderPathA

user32

RegisterClassExA
CreateWindowExA
GetMessageA
TranslateMessage
DefWindowProcA
MessageBoxA
EnumDisplayDevicesA
GetDC
ReleaseDC
DispatchMessageA

kernel32

FlushFileBuffers
CreateFileW
HeapSize
HeapReAlloc
GetStringTypeW
LCMapStringW
WriteConsoleW
SetStdHandle
GetLocaleInfoW
GetUserDefaultLCID
CloseHandle
GetLastError
GetProcAddress
LoadLibraryA
ExitProcess
Sleep
CopyFileA
GetModuleFileNameA
VirtualAlloc
EnumSystemLocalesA
GetLocaleInfoA
VirtualFree
GetCurrentThread
HeapFree
GetCommandLineA
HeapSetInformation
GetStartupInfoW
HeapAlloc
DecodePointer
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
EncodePointer
TerminateProcess
GetCurrentProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
GetModuleHandleW
SetLastError
GetCurrentThreadId
InterlockedDecrement
IsValidLocale
WideCharToMultiByte
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
LeaveCriticalSection
FatalAppExitA
EnterCriticalSection
RtlUnwind
VirtualQuery
IsProcessorFeaturePresent
HeapCreate
HeapDestroy
WriteFile
GetStdHandle
GetModuleFileNameW
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
SetFilePointer
GetConsoleCP
GetConsoleMode
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
CompareStringW
MultiByteToWideChar
SetEnvironmentVariableA
SetConsoleCtrlHandler
FreeLibrary
InterlockedExchange
LoadLibraryW

gdi32

CreateDCA

advapi32

AccessCheckByTypeResultListAndAuditAlarmByHandleA

Sections

.text
Size: 90KB - Virtual size: 89KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 37KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.itext
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Potao Express/Potao_USBSpreaders/Potao_USBSpreaders_A427FF7ABB17AF6CF5FB70C49E9BF4E1
.exe windows:5 windows x86 arch:x86

d09c5cff654ad336b562406337e1accf

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shell32

SHGetFolderPathA

user32

EnumDisplayDevicesA
MessageBoxA
DispatchMessageA
TranslateMessage
GetMessageA
CreateWindowExA
RegisterClassExA
GetDC
ReleaseDC
DefWindowProcA

kernel32

GetModuleHandleA
GetStartupInfoA
VirtualAlloc
ExitProcess
LoadLibraryA
GetProcAddress
GetLastError
CloseHandle
VirtualFree

msvcrt

_initterm
_adjust_fdiv
_onexit
__dllonexit
_controlfp
_except_handler3
__set_app_type
__p__fmode
_exit
_XcptFilter
exit
_acmdln
__getmainargs
__setusermatherr
__p__commode

gdi32

CreateDCA

Sections

.text
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Potao Express/Potao_USBSpreaders/Potao_USBSpreaders_A59053CC3F66E72540634EB7895824AC
.exe windows:5 windows x86 arch:x86

d8e05abd5c33451d5d18fbe18bff746d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shell32

SHGetFolderPathA

user32

RegisterClassExA
CreateWindowExA
GetMessageA
TranslateMessage
DefWindowProcA
MessageBoxA
EnumDisplayDevicesA
ReleaseDC
GetDC
DispatchMessageA

kernel32

FlushFileBuffers
CreateFileW
HeapSize
HeapReAlloc
HeapAlloc
GetStringTypeW
LCMapStringW
MultiByteToWideChar
WriteConsoleW
VirtualFree
GetLastError
GetProcAddress
GetUserDefaultLCID
GetModuleHandleA
CreateProcessA
ExitProcess
CopyFileA
DeleteFileA
GetTempFileNameA
GetTempPathA
GetModuleFileNameA
CloseHandle
GetComputerNameA
GetEnvironmentVariableA
VirtualAlloc
EnumSystemLocalesA
GetLocaleInfoA
LoadLibraryA
GetEnvironmentStringsW
GetCommandLineA
HeapSetInformation
GetStartupInfoW
DecodePointer
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
EncodePointer
TerminateProcess
GetCurrentProcess
IsProcessorFeaturePresent
GetModuleHandleW
WriteFile
GetStdHandle
GetModuleFileNameW
FreeEnvironmentStringsW
WideCharToMultiByte
IsValidLocale
SetHandleCount
InitializeCriticalSectionAndSpinCount
GetFileType
DeleteCriticalSection
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
GetCurrentThread
HeapCreate
HeapDestroy
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
SetFilePointer
GetConsoleCP
GetConsoleMode
EnterCriticalSection
LeaveCriticalSection
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
HeapFree
Sleep
FatalAppExitA
SetConsoleCtrlHandler
FreeLibrary
InterlockedExchange
LoadLibraryW
GetLocaleInfoW
RtlUnwind
SetStdHandle

gdi32

CreateDCA

advapi32

GetUserNameA

Sections

.text
Size: 77KB - Virtual size: 76KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 98KB - Virtual size: 97KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Potao Express/Potao_USBSpreaders/Potao_USBSpreaders_ABB9F4FAB64DD7A03574ABDD1076B5EA
.exe windows:5 windows x86 arch:x86

d354a61aaf104a5508f0209529f92de8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shell32

SHGetFolderPathA

user32

ReleaseDC
DefWindowProcA
RegisterClassExA
CreateWindowExA
MessageBoxA
TranslateMessage
DispatchMessageA
EnumDisplayDevicesA
GetDC
GetCapture
GetMessageA

kernel32

GetStringTypeW
MultiByteToWideChar
LCMapStringW
HeapSize
RtlUnwind
Sleep
HeapFree
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
GetCurrentProcess
VirtualFree
GetLastError
HeapAlloc
LoadLibraryA
GetModuleHandleA
CreateProcessA
ExitProcess
CopyFileA
DeleteFileA
GetTempFileNameA
GetTempPathA
GetModuleFileNameA
FatalExit
GetTickCount
VirtualAlloc
CloseHandle
GetProcAddress
GetEnvironmentStringsW
GetCommandLineA
HeapSetInformation
GetStartupInfoW
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
GetModuleHandleW
DecodePointer
WriteFile
GetStdHandle
GetModuleFileNameW
FreeEnvironmentStringsW
WideCharToMultiByte
HeapReAlloc
SetHandleCount
InitializeCriticalSectionAndSpinCount
GetFileType
DeleteCriticalSection
EncodePointer
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
GetCurrentThread
HeapCreate
HeapDestroy
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
LeaveCriticalSection
FatalAppExitA
EnterCriticalSection
SetConsoleCtrlHandler
FreeLibrary
InterlockedExchange
LoadLibraryW
GetLocaleInfoW
UnhandledExceptionFilter
IsDebuggerPresent
TerminateProcess

gdi32

CreateDCA

Sections

.text
Size: 33KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 89KB - Virtual size: 89KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Potao Express/Potao_USBSpreaders/Potao_USBSpreaders_AE552FC43F1BA8684655D8BF8C6AF869
.exe windows:5 windows x86 arch:x86

a163e1178a2feb4fc26d4bec2e703914

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shell32

SHGetFolderPathA

user32

RegisterClassExA
CreateWindowExA
GetMessageA
TranslateMessage
DefWindowProcA
MessageBoxA
EnumDisplayDevicesA
GetDC
ReleaseDC
DispatchMessageA

kernel32

GetLocaleInfoA
GetUserDefaultLCID
FlushFileBuffers
CreateFileW
HeapSize
HeapReAlloc
HeapAlloc
GetStringTypeW
LCMapStringW
MultiByteToWideChar
WriteConsoleW
VirtualFree
GetLastError
EnumSystemLocalesA
LoadLibraryA
ResumeThread
CreateProcessA
ExitProcess
CopyFileA
DeleteFileA
GetTempFileNameA
GetTempPathA
GetModuleFileNameA
CloseHandle
GetTickCount
VirtualAlloc
GetProcAddress
SetHandleCount
GetCommandLineA
HeapSetInformation
GetStartupInfoW
DecodePointer
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
EncodePointer
TerminateProcess
GetCurrentProcess
IsProcessorFeaturePresent
GetModuleHandleW
WriteFile
GetStdHandle
GetModuleFileNameW
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
IsValidLocale
InitializeCriticalSectionAndSpinCount
GetFileType
DeleteCriticalSection
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
GetCurrentThread
HeapCreate
HeapDestroy
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
SetFilePointer
GetConsoleCP
GetConsoleMode
EnterCriticalSection
LeaveCriticalSection
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
HeapFree
Sleep
FatalAppExitA
SetConsoleCtrlHandler
FreeLibrary
InterlockedExchange
LoadLibraryW
GetLocaleInfoW
RtlUnwind
SetStdHandle

gdi32

CreateDCA

Sections

.text
Size: 77KB - Virtual size: 76KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 89KB - Virtual size: 89KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Potao Express/Potao_USBSpreaders/Potao_USBSpreaders_CA1A3618088F91B8FB2A30C9A9AA4ACA
.exe windows:5 windows x86 arch:x86

1e81476a7ece76f166693566027b93b3

Code Sign

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bb
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

24/08/2011, 00:00

Not After

30/05/2020, 10:48

Subject

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:53:b9:6e:b0:39:af:d6:c9:98:8c:8c:b6:98:e7:c9
Certificate

Issuer

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

19/08/2014, 00:00

Not After

19/08/2015, 23:59

Subject

CN=Grandtorg,O=Grandtorg,POSTALCODE=125502,STREET=Petrozavodskaya\, 11\, 9,L=Moscow,ST=Moscow,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

85:47:df:cd:ab:cf:07:be:fa:d1:55:4e:b8:6b:56:92:f8:ae:6f:0b
Signer

Actual PE Digest

85:47:df:cd:ab:cf:07:be:fa:d1:55:4e:b8:6b:56:92:f8:ae:6f:0b

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shell32

SHGetFolderPathA

user32

RegisterClassExA
CreateWindowExA
GetMessageA
TranslateMessage
DefWindowProcA
MessageBoxA
EnumDisplayDevicesA
GetDC
ReleaseDC
DispatchMessageA

kernel32

FlushFileBuffers
CreateFileW
HeapSize
HeapReAlloc
GetStringTypeW
LCMapStringW
WriteConsoleW
SetStdHandle
GetLocaleInfoW
GetUserDefaultLCID
CloseHandle
GetLastError
GetProcAddress
LoadLibraryA
ExitProcess
Sleep
CopyFileA
GetModuleFileNameA
VirtualAlloc
EnumSystemLocalesA
GetLocaleInfoA
VirtualFree
GetCurrentThread
HeapFree
GetCommandLineA
HeapSetInformation
GetStartupInfoW
HeapAlloc
DecodePointer
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
EncodePointer
TerminateProcess
GetCurrentProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
GetModuleHandleW
SetLastError
GetCurrentThreadId
InterlockedDecrement
IsValidLocale
WideCharToMultiByte
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
LeaveCriticalSection
FatalAppExitA
EnterCriticalSection
RtlUnwind
VirtualQuery
IsProcessorFeaturePresent
HeapCreate
HeapDestroy
WriteFile
GetStdHandle
GetModuleFileNameW
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
SetFilePointer
GetConsoleCP
GetConsoleMode
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
CompareStringW
MultiByteToWideChar
SetEnvironmentVariableA
SetConsoleCtrlHandler
FreeLibrary
InterlockedExchange
LoadLibraryW

gdi32

CreateDCA

advapi32

AccessCheckByTypeResultListAndAuditAlarmByHandleA

Sections

.text
Size: 118KB - Virtual size: 118KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 40KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.itext
Size: 35KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 35KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Potao Express/Potao_USBSpreaders/Potao_USBSpreaders_CDC60EB93B594FB5E7E5895E2B441240
.exe windows:5 windows x86 arch:x86

1e81476a7ece76f166693566027b93b3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shell32

SHGetFolderPathA

user32

RegisterClassExA
CreateWindowExA
GetMessageA
TranslateMessage
DefWindowProcA
MessageBoxA
EnumDisplayDevicesA
GetDC
ReleaseDC
DispatchMessageA

kernel32

FlushFileBuffers
CreateFileW
HeapSize
HeapReAlloc
GetStringTypeW
LCMapStringW
WriteConsoleW
SetStdHandle
GetLocaleInfoW
GetUserDefaultLCID
CloseHandle
GetLastError
GetProcAddress
LoadLibraryA
ExitProcess
Sleep
CopyFileA
GetModuleFileNameA
VirtualAlloc
EnumSystemLocalesA
GetLocaleInfoA
VirtualFree
GetCurrentThread
HeapFree
GetCommandLineA
HeapSetInformation
GetStartupInfoW
HeapAlloc
DecodePointer
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
EncodePointer
TerminateProcess
GetCurrentProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
GetModuleHandleW
SetLastError
GetCurrentThreadId
InterlockedDecrement
IsValidLocale
WideCharToMultiByte
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
LeaveCriticalSection
FatalAppExitA
EnterCriticalSection
RtlUnwind
VirtualQuery
IsProcessorFeaturePresent
HeapCreate
HeapDestroy
WriteFile
GetStdHandle
GetModuleFileNameW
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
SetFilePointer
GetConsoleCP
GetConsoleMode
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
CompareStringW
MultiByteToWideChar
SetEnvironmentVariableA
SetConsoleCtrlHandler
FreeLibrary
InterlockedExchange
LoadLibraryW

gdi32

CreateDCA

advapi32

AccessCheckByTypeResultListAndAuditAlarmByHandleA

Sections

.text
Size: 90KB - Virtual size: 89KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 38KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.itext
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Potao Express/Potao_USBSpreaders/Potao_USBSpreaders_E685EA8B37F707F3706D7281B8F6816A
.exe windows:5 windows x86 arch:x86

bcbd39add4d26b08f01bb2d61c7e3d82

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shell32

SHGetFolderPathA

user32

RegisterClassExA
CreateWindowExA
GetMessageA
TranslateMessage
DefWindowProcA
MessageBoxA
EnumDisplayDevicesA
GetDC
ReleaseDC
DispatchMessageA

kernel32

GetLocaleInfoA
GetUserDefaultLCID
FlushFileBuffers
CreateFileW
HeapSize
HeapReAlloc
GetStringTypeW
LCMapStringW
WriteConsoleW
SetStdHandle
EnumSystemLocalesA
VirtualFree
GetLastError
GetProcAddress
LoadLibraryA
Sleep
CopyFileA
ExitProcess
CloseHandle
GetModuleFileNameA
VirtualAlloc
RtlUnwind
InitializeCriticalSectionAndSpinCount
GetCommandLineA
HeapSetInformation
GetStartupInfoW
HeapAlloc
DecodePointer
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
EncodePointer
TerminateProcess
GetCurrentProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
GetModuleHandleW
SetLastError
GetCurrentThreadId
InterlockedDecrement
GetCurrentThread
WideCharToMultiByte
IsValidLocale
DeleteCriticalSection
LeaveCriticalSection
FatalAppExitA
EnterCriticalSection
IsProcessorFeaturePresent
WriteFile
GetStdHandle
GetModuleFileNameW
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
HeapCreate
HeapDestroy
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
SetFilePointer
GetConsoleCP
GetConsoleMode
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
HeapFree
CompareStringW
MultiByteToWideChar
SetEnvironmentVariableA
SetConsoleCtrlHandler
FreeLibrary
InterlockedExchange
LoadLibraryW
GetLocaleInfoW

gdi32

CreateDCA

Sections

.text
Size: 85KB - Virtual size: 85KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 91KB - Virtual size: 90KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 33KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 280KB

UPX1 Size: 51KB - Virtual size: 52KB

.rsrc Size: 6KB - Virtual size: 8KB

Headers

File Characteristics

Sections

.text Size: 5KB - Virtual size: 4KB

.pdata Size: 1024B - Virtual size: 3KB

.rdata Size: 1024B - Virtual size: 3KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 289KB - Virtual size: 289KB

.rsrc Size: 7KB - Virtual size: 8KB

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 344KB

UPX1 Size: 61KB - Virtual size: 64KB

.rsrc Size: 11KB - Virtual size: 12KB

Headers

File Characteristics

Sections

.pdata Size: 512B - Virtual size: 3KB

.data Size: 1024B - Virtual size: 1KB

.text Size: 4KB - Virtual size: 4KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 362KB - Virtual size: 362KB

.rsrc Size: 12KB - Virtual size: 16KB

1b9b4e9f8473550d8843bf1ec474e2e9

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

kernel32

Sections

.text Size: 8KB - Virtual size: 8KB

.data Size: 79KB - Virtual size: 79KB

.rsrc Size: 10KB - Virtual size: 10KB

.reloc Size: 1024B - Virtual size: 864B

38f4148665ca4dab151948b49b57dce9

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

msvcrt

user32

ole32

Sections

.text Size: 8KB - Virtual size: 7KB

.data Size: 512B - Virtual size: 844B

.rsrc Size: 30KB - Virtual size: 29KB

.reloc Size: 1024B - Virtual size: 602B

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 280KB

UPX1 Size: 55KB - Virtual size: 56KB

.rsrc Size: 6KB - Virtual size: 8KB

Headers

File Characteristics

Sections

.idata Size: - Virtual size: 1KB

.bss Size: 1024B - Virtual size: 1KB

.rsrc Size: 1024B - Virtual size: 2KB

.idata Size: 1024B - Virtual size: 2KB

.text Size: 4KB - Virtual size: 3KB

.rdata Size: 5KB - Virtual size: 4KB

.data Size: 290KB - Virtual size: 290KB

.rsrc Size: 7KB - Virtual size: 8KB

Headers

UPX0
Size: - Virtual size: 280KB

UPX1
Size: 51KB - Virtual size: 52KB

.rsrc
Size: 6KB - Virtual size: 8KB

.text
Size: 5KB - Virtual size: 4KB

.pdata
Size: 1024B - Virtual size: 3KB

.rdata
Size: 1024B - Virtual size: 3KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 289KB - Virtual size: 289KB

.rsrc
Size: 7KB - Virtual size: 8KB

UPX0
Size: - Virtual size: 344KB

UPX1
Size: 61KB - Virtual size: 64KB

.rsrc
Size: 11KB - Virtual size: 12KB

.pdata
Size: 512B - Virtual size: 3KB

.data
Size: 1024B - Virtual size: 1KB

.text
Size: 4KB - Virtual size: 4KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 362KB - Virtual size: 362KB

.rsrc
Size: 12KB - Virtual size: 16KB

.text
Size: 8KB - Virtual size: 8KB

.data
Size: 79KB - Virtual size: 79KB

.rsrc
Size: 10KB - Virtual size: 10KB

.reloc
Size: 1024B - Virtual size: 864B

.text
Size: 8KB - Virtual size: 7KB

.data
Size: 512B - Virtual size: 844B

.rsrc
Size: 30KB - Virtual size: 29KB

.reloc
Size: 1024B - Virtual size: 602B

UPX0
Size: - Virtual size: 280KB

UPX1
Size: 55KB - Virtual size: 56KB

.rsrc
Size: 6KB - Virtual size: 8KB

.idata
Size: - Virtual size: 1KB

.bss
Size: 1024B - Virtual size: 1KB

.rsrc
Size: 1024B - Virtual size: 2KB

.idata
Size: 1024B - Virtual size: 2KB

.text
Size: 4KB - Virtual size: 3KB

.rdata
Size: 5KB - Virtual size: 4KB

.data
Size: 290KB - Virtual size: 290KB

.rsrc
Size: 7KB - Virtual size: 8KB

UPX0
Size: - Virtual size: 348KB

UPX1
Size: 57KB - Virtual size: 60KB

.rsrc
Size: 11KB - Virtual size: 12KB

.rsrc
Size: - Virtual size: 1KB

.text
Size: - Virtual size: 835B

.rsrc
Size: 512B - Virtual size: 2KB

.text
Size: 4KB - Virtual size: 3KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 363KB - Virtual size: 362KB

.rsrc
Size: 12KB - Virtual size: 16KB

.text
Size: 9KB - Virtual size: 8KB

.data
Size: 512B - Virtual size: 948B

.rsrc
Size: 42KB - Virtual size: 41KB

.reloc
Size: 1024B - Virtual size: 778B

.text
Size: 10KB - Virtual size: 9KB

.data
Size: 512B - Virtual size: 836B

.rsrc
Size: 14KB - Virtual size: 13KB

UPX0
Size: - Virtual size: 340KB

UPX1
Size: 65KB - Virtual size: 68KB

.rsrc
Size: 12KB - Virtual size: 12KB

.arch
Size: 512B - Virtual size: 573B

.xdata
Size: 512B - Virtual size: 1KB

.text
Size: 4KB - Virtual size: 3KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 362KB - Virtual size: 362KB

.rsrc
Size: 12KB - Virtual size: 16KB

UPX0
Size: - Virtual size: 348KB

UPX1
Size: 68KB - Virtual size: 68KB

.rsrc
Size: 12KB - Virtual size: 12KB