22f5c3567f7177b19ff30a2540b7e69e_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

22f5c3567f7177b19ff30a2540b7e69e_JaffaCakes118
Size

1.3MB
MD5

22f5c3567f7177b19ff30a2540b7e69e
SHA1

0c6b22471d83b4b43a791671621cb6b3ca6f0e59
SHA256

387ae43099fee9234854e9c8ebe1b4ae42c22f5b952446334c6335587899deee
SHA512

5aac19abd30db56771b3adb018b2cfc1c1006e71aa540200e26b0992eb6a4fdb49483696892e18bed29cf403518d3ade6fe41119bdfeeff6647adc7ecc877e56
SSDEEP

24576:43ONoT1nTpwetGnhzxgvdrzSYYOITLGd/qFBwjVEkNkMG5GVvJFFHxqB7rsHZXOU:NmT1nTpPGnh2d3KfTs/qvDQ4YL+BHwZB

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 6 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx
static1/unpack001/bin/cpau/cpau.exe	upx
static1/unpack001/bin/upx/upx.exe	upx
static1/unpack001/kix2exe.exe	upx
static1/unpack001/scriptcfg.exe	upx
static1/unpack001/uninstall.exe	upx

Unsigned PE 23 IoCs

Checks for missing Authenticode signature.

resource
22f5c3567f7177b19ff30a2540b7e69e_JaffaCakes118
unpack001/bin/cpau/cpau.exe
unpack002/out.upx
unpack001/bin/k2epack/CStubs/lzma_solid
unpack001/bin/k2epack/CStubs/zlib
unpack001/bin/k2epack/Plugins/NotifyIcon.dll
unpack001/bin/k2epack/Plugins/SetEnv.dll
unpack001/bin/k2epack/Plugins/System.dll
unpack001/bin/k2epack/Plugins/nsExec.dll
unpack001/bin/k2epack/WStubs/lzma_solid
unpack001/bin/k2epack/WStubs/zlib
unpack001/bin/k2epack/k2epackc.exe
unpack001/bin/k2epack/k2epackw.exe
unpack001/bin/regsvrex/RegSvrEx.exe
unpack001/bin/startx/startx.exe
unpack001/bin/upx/upx.exe
unpack001/kix2exe.exe
unpack004/out.upx
unpack001/out.upx
unpack001/scriptcfg.exe
unpack005/out.upx
unpack001/uninstall.exe
unpack006/out.upx

NSIS installer 2 IoCs

installer

resource	yara_rule
static1/unpack001/out.upx	nsis_installer_2
static1/unpack006/out.upx	nsis_installer_2

Files

22f5c3567f7177b19ff30a2540b7e69e_JaffaCakes118
.exe windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 172KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 17KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 10KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
bin/cpau/cpau.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Sections

UPX0
Size: - Virtual size: 432KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 158KB - Virtual size: 160KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Exports

Exports

__GetExceptDLLinfo
___CPPdebugHook

Sections

.text
Size: 433KB - Virtual size: 436KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 88KB - Virtual size: 112KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.edata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 13KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
bin/k2epack/CStubs/lzma_solid
.exe windows:4 windows x86 arch:x86

fdd2a2691e26b92c7cbc500c7e391cbc

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LoadLibraryExA
GetModuleHandleA
GetExitCodeProcess
WaitForSingleObject
GlobalAlloc
GlobalFree
ExpandEnvironmentStringsA
lstrcmpA
lstrcmpiA
CloseHandle
SetFileTime
CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
GetProcAddress
CreateFileA
GetFileSize
GetModuleFileNameA
ExitProcess
GetCurrentProcess
DeleteFileA
GetWindowsDirectoryA
GetTempPathA
GetCommandLineA
SetErrorMode
CreateProcessA
GetTempFileNameA
GetTickCount
lstrcpynA
lstrlenA
lstrcatA
GetStdHandle
LoadLibraryA
GetSystemDirectoryA
GetVersion
RemoveDirectoryA
MultiByteToWideChar
FreeLibrary
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
Sleep
MulDiv

user32

PeekMessageA
DispatchMessageA
wvsprintfA
CharPrevA
MessageBoxIndirectA
SetWindowTextA
CharNextA
ExitWindowsEx
wsprintfA
SendMessageTimeoutA
FindWindowExA
IsWindow
InvalidateRect
SendMessageA

shell32

SHFileOperationA
SHGetSpecialFolderLocation
SHGetPathFromIDListA
SHGetFileInfoA
ShellExecuteA

advapi32

RegDeleteKeyA
RegEnumKeyA
RegOpenKeyExA
RegEnumValueA
RegQueryValueExA
RegSetValueExA
RegCreateKeyExA
RegDeleteValueA
RegCloseKey

comctl32

ord17

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 156KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 928B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
bin/k2epack/CStubs/uninst
bin/k2epack/CStubs/zlib
.exe windows:4 windows x86 arch:x86

9c3a484e3c62053cec0156d149edbad2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LoadLibraryExA
GetModuleHandleA
GetExitCodeProcess
WaitForSingleObject
GlobalAlloc
GlobalFree
ExpandEnvironmentStringsA
lstrcmpA
lstrcmpiA
CloseHandle
SetFileTime
CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
GetProcAddress
GetTickCount
GetFileSize
GetModuleFileNameA
ExitProcess
GetCurrentProcess
DeleteFileA
GetWindowsDirectoryA
GetTempPathA
GetCommandLineA
SetErrorMode
CreateProcessA
CreateFileA
GetTempFileNameA
lstrcpynA
lstrlenA
lstrcatA
GetStdHandle
LoadLibraryA
GetSystemDirectoryA
GetVersion
RemoveDirectoryA
MultiByteToWideChar
FreeLibrary
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
Sleep
MulDiv

user32

PeekMessageA
DispatchMessageA
wvsprintfA
CharPrevA
MessageBoxIndirectA
SetWindowTextA
CharNextA
ExitWindowsEx
wsprintfA
SendMessageTimeoutA
FindWindowExA
IsWindow
InvalidateRect
SendMessageA

shell32

SHFileOperationA
SHGetSpecialFolderLocation
SHGetPathFromIDListA
SHGetFileInfoA
ShellExecuteA

advapi32

RegDeleteKeyA
RegEnumKeyA
RegOpenKeyExA
RegEnumValueA
RegQueryValueExA
RegSetValueExA
RegCreateKeyExA
RegDeleteValueA
RegCloseKey

comctl32

ord17

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 200KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 928B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
bin/k2epack/Include/FileFunc.nsh
bin/k2epack/Include/LogicLib.nsh
bin/k2epack/Include/Sections.nsh
bin/k2epack/Include/Util.nsh
bin/k2epack/Include/WinVer.nsh
bin/k2epack/Include/WordFunc.nsh
bin/k2epack/Plugins/NotifyIcon.dll
.dll windows:4 windows x86 arch:x86

e043e246d8abcbb9de2ad82c6e18cd88

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

shell32

Shell_NotifyIconA

kernel32

GetProcAddress
lstrcpyA
lstrlenA
lstrcpynA
GlobalAlloc
GlobalFree
GetModuleHandleA

user32

CallWindowProcA
LoadImageA
ShowWindow
GetDlgItem
GetWindowLongA
SetWindowLongA
SendMessageA
FindWindowExA
wsprintfA
KillTimer
IsIconic
OpenIcon
SetTimer

Exports

Exports

Icon

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 758B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 572B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 414B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
bin/k2epack/Plugins/SetEnv.dll
.dll windows:4 windows x86 arch:x86

e68e943701b0a4f26be3848784a477d3

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalFree
lstrcpyA
lstrcpynA
GlobalAlloc
SetEnvironmentVariableA

Exports

Exports

SetEnvVar

Sections

.text
Size: 512B - Virtual size: 227B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 263B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 72B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
bin/k2epack/Plugins/System.dll
.dll windows:4 windows x86 arch:x86

88d8a4a9c21e345682f6b1fac45c4679

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalFree
GlobalSize
GetLastError
lstrcpyA
lstrcpynA
lstrcatA
GetProcAddress
LoadLibraryA
GetModuleHandleA
lstrlenA
WideCharToMultiByte
VirtualAlloc
VirtualProtect
MultiByteToWideChar
FreeLibrary

user32

wsprintfA

ole32

CLSIDFromString
StringFromGUID2

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 816B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 64B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 516B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
bin/k2epack/Plugins/nsExec.dll
.dll windows:4 windows x86 arch:x86

15853d16b1b391dba821d9b99cd14939

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrlenA
lstrcmpiA
ExitProcess
CloseHandle
GetExitCodeProcess
WaitForSingleObject
CreateProcessA
lstrcpynA
GetCommandLineA
Sleep
TerminateProcess
lstrcpyA
GlobalReAlloc
GlobalUnlock
GlobalSize
ReadFile
GetModuleHandleA
GetTickCount
GetStartupInfoA
CreatePipe
GetVersionExA
GlobalLock
DeleteFileA
lstrcatA
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
CreateFileA
CopyFileA
GetTempFileNameA
GlobalFree
GlobalAlloc
GetModuleFileNameA
GetProcAddress
PeekNamedPipe
GetCurrentProcess

user32

FindWindowExA
CharPrevA
OemToCharBuffA
SendMessageA
wsprintfA
CharNextA

advapi32

InitializeSecurityDescriptor
SetSecurityDescriptorDacl

Exports

Exports

Exec
ExecToLog
ExecToStack

Sections

.text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 406B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
bin/k2epack/WStubs/lzma_solid
.exe windows:4 windows x86 arch:x86

e01131ac8b26fbd0dad115e596c41ff9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LoadLibraryExA
GetModuleHandleA
GetExitCodeProcess
WaitForSingleObject
GlobalAlloc
GlobalFree
ExpandEnvironmentStringsA
lstrcmpA
lstrcmpiA
CloseHandle
SetFileTime
CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
GetProcAddress
CreateFileA
GetFileSize
GetModuleFileNameA
ExitProcess
GetCurrentProcess
DeleteFileA
GetWindowsDirectoryA
GetTempPathA
GetCommandLineA
SetErrorMode
CreateProcessA
GetTempFileNameA
GetTickCount
lstrcpynA
lstrlenA
lstrcatA
LoadLibraryA
GetSystemDirectoryA
GetVersion
RemoveDirectoryA
MultiByteToWideChar
FreeLibrary
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
Sleep
MulDiv

user32

PeekMessageA
DispatchMessageA
CharPrevA
MessageBoxIndirectA
SetWindowTextA
CharNextA
ExitWindowsEx
wsprintfA
SendMessageTimeoutA
FindWindowExA
IsWindow
InvalidateRect
SendMessageA

shell32

ShellExecuteA
SHGetSpecialFolderLocation
SHGetPathFromIDListA
SHGetFileInfoA
SHFileOperationA

advapi32

RegDeleteKeyA
RegEnumKeyA
RegOpenKeyExA
RegEnumValueA
RegQueryValueExA
RegSetValueExA
RegCreateKeyExA
RegDeleteValueA
RegCloseKey

comctl32

ord17

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 154KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 928B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
bin/k2epack/WStubs/uninst
bin/k2epack/WStubs/zlib
.exe windows:4 windows x86 arch:x86

73f0fec0827bb523394d5a3ddf077ab3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LoadLibraryExA
GetModuleHandleA
GetExitCodeProcess
WaitForSingleObject
GlobalAlloc
GlobalFree
ExpandEnvironmentStringsA
lstrcmpA
lstrcmpiA
CloseHandle
SetFileTime
CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
GetProcAddress
GetTickCount
GetFileSize
GetModuleFileNameA
ExitProcess
GetCurrentProcess
DeleteFileA
GetWindowsDirectoryA
GetTempPathA
GetCommandLineA
SetErrorMode
CreateProcessA
CreateFileA
GetTempFileNameA
lstrcpynA
lstrlenA
lstrcatA
LoadLibraryA
GetSystemDirectoryA
GetVersion
RemoveDirectoryA
MultiByteToWideChar
FreeLibrary
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
Sleep
MulDiv

user32

PeekMessageA
DispatchMessageA
CharPrevA
MessageBoxIndirectA
SetWindowTextA
CharNextA
ExitWindowsEx
wsprintfA
SendMessageTimeoutA
FindWindowExA
IsWindow
InvalidateRect
SendMessageA

shell32

ShellExecuteA
SHGetSpecialFolderLocation
SHGetPathFromIDListA
SHGetFileInfoA
SHFileOperationA

advapi32

RegDeleteKeyA
RegEnumKeyA
RegOpenKeyExA
RegEnumValueA
RegQueryValueExA
RegSetValueExA
RegCreateKeyExA
RegDeleteValueA
RegCloseKey

comctl32

ord17

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 198KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 928B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
bin/k2epack/k2epackc.exe
.exe windows:4 windows x86 arch:x86

ff4e8d85e261df4bbee64028e93ec90e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

gdi32

DeleteObject
GetTextExtentPoint32A
SelectObject
CreateFontIndirectA
CreateCompatibleDC
GetObjectA
DeleteDC

user32

SendMessageA
CharNextExA
wsprintfA
CharPrevA
CharNextA
IsWindow
GetDC
MapDialogRect
DestroyWindow
CreateDialogIndirectParamA

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

kernel32

GetCurrentDirectoryA
SetEndOfFile
GetLocaleInfoW
GetExitCodeProcess
InterlockedExchange
SetEnvironmentVariableA
CompareStringW
CompareStringA
GetOEMCP
GetACP
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
ResetEvent
CloseHandle
WaitForSingleObject
SetEvent
WaitForMultipleObjects
CreateThread
CreateEventA
GetModuleHandleA
FindClose
FindNextFileA
FindFirstFileA
IsValidCodePage
OpenEventA
SetPriorityClass
GetCurrentProcess
CreateFileMappingA
CreateFileA
GetTempFileNameA
GetTempPathA
MapViewOfFile
UnmapViewOfFile
FlushViewOfFile
GetSystemInfo
GetTimeFormatA
GetDateFormatA
FileTimeToSystemTime
FileTimeToLocalFileTime
GetFileAttributesA
GetFileTime
GetFileSize
CreateProcessA
SetLastError
GetLastError
GlobalFree
GlobalAlloc
GetFullPathNameA
GetModuleFileNameA
MultiByteToWideChar
WideCharToMultiByte
VirtualAlloc
VirtualFree
GetProcAddress
RtlUnwind
HeapFree
RaiseException
DeleteFileA
HeapAlloc
HeapReAlloc
ExitProcess
TerminateProcess
SetConsoleCtrlHandler
GetSystemTimeAsFileTime
GetCommandLineA
GetVersionExA
LCMapStringA
LCMapStringW
GetCPInfo
WriteFile
FlushFileBuffers
HeapDestroy
HeapCreate
IsBadWritePtr
LoadLibraryA
ReadFile
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
SetFilePointer
SetUnhandledExceptionFilter
UnhandledExceptionFilter
HeapSize
GetTimeZoneInformation
VirtualProtect
VirtualQuery
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetLocaleInfoA
GetStringTypeA
GetStringTypeW
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
IsBadReadPtr
IsBadCodePtr
SetStdHandle
SetCurrentDirectoryA

Sections

.text
Size: 293KB - Virtual size: 293KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 66KB - Virtual size: 65KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
bin/k2epack/k2epackw.exe
.exe windows:4 windows x86 arch:x86

ff4e8d85e261df4bbee64028e93ec90e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

gdi32

DeleteObject
GetTextExtentPoint32A
SelectObject
CreateFontIndirectA
CreateCompatibleDC
GetObjectA
DeleteDC

user32

SendMessageA
CharNextExA
wsprintfA
CharPrevA
CharNextA
IsWindow
GetDC
MapDialogRect
DestroyWindow
CreateDialogIndirectParamA

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

kernel32

GetCurrentDirectoryA
SetEndOfFile
GetLocaleInfoW
GetExitCodeProcess
InterlockedExchange
SetEnvironmentVariableA
CompareStringW
CompareStringA
GetOEMCP
GetACP
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
ResetEvent
CloseHandle
WaitForSingleObject
SetEvent
WaitForMultipleObjects
CreateThread
CreateEventA
GetModuleHandleA
FindClose
FindNextFileA
FindFirstFileA
IsValidCodePage
OpenEventA
SetPriorityClass
GetCurrentProcess
CreateFileMappingA
CreateFileA
GetTempFileNameA
GetTempPathA
MapViewOfFile
UnmapViewOfFile
FlushViewOfFile
GetSystemInfo
GetTimeFormatA
GetDateFormatA
FileTimeToSystemTime
FileTimeToLocalFileTime
GetFileAttributesA
GetFileTime
GetFileSize
CreateProcessA
SetLastError
GetLastError
GlobalFree
GlobalAlloc
GetFullPathNameA
GetModuleFileNameA
MultiByteToWideChar
WideCharToMultiByte
VirtualAlloc
VirtualFree
GetProcAddress
RtlUnwind
HeapFree
RaiseException
DeleteFileA
HeapAlloc
HeapReAlloc
ExitProcess
TerminateProcess
SetConsoleCtrlHandler
GetSystemTimeAsFileTime
GetCommandLineA
GetVersionExA
LCMapStringA
LCMapStringW
GetCPInfo
WriteFile
FlushFileBuffers
HeapDestroy
HeapCreate
IsBadWritePtr
LoadLibraryA
ReadFile
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
SetFilePointer
SetUnhandledExceptionFilter
UnhandledExceptionFilter
HeapSize
GetTimeZoneInformation
VirtualProtect
VirtualQuery
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetLocaleInfoA
GetStringTypeA
GetStringTypeW
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
IsBadReadPtr
IsBadCodePtr
SetStdHandle
SetCurrentDirectoryA

Sections

.text
Size: 293KB - Virtual size: 293KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 66KB - Virtual size: 65KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
bin/regsvrex/RegSvrEx.exe
.exe windows:4 windows x86 arch:x86

34bd334262f5d41c304357cef782d8ff

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\Documents and Settings\ramakrishna\My Documents\Visual Studio Projects\RegSvrEx\bin\Release\RegSvrEx.pdb

Imports

shlwapi

PathFindExtensionW
PathFindFileNameW

kernel32

GetStdHandle
SizeofResource
LockResource
LoadResource
FindResourceW
GetModuleHandleW
WriteFile
FormatMessageA
GetProcAddress
lstrcpyW
GetModuleFileNameW
GetLastError
GetExitCodeProcess
WaitForSingleObject
CloseHandle
LocalFree
SetThreadContext
WriteProcessMemory
VirtualAllocEx
GetThreadContext
CreateProcessW
FreeLibrary
LoadLibraryW
lstrcmpiW
GetCommandLineW
ResumeThread

user32

wsprintfA
LoadStringA

advapi32

RegCloseKey
RegOverridePredefKey
RegOpenKeyW

shell32

CommandLineToArgvW

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
bin/startx/startx.exe
.exe windows:4 windows x86 arch:x86

d270eac7f8557e68edf2f76c609b137a

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

RtlUnwind
GetStartupInfoA
GetCommandLineA
ExitProcess
RaiseException
HeapAlloc
HeapFree
TerminateProcess
GetACP
HeapReAlloc
HeapSize
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
SetHandleCount
GetStdHandle
GetFileType
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
SetUnhandledExceptionFilter
VirtualAlloc
IsBadWritePtr
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
IsBadReadPtr
IsBadCodePtr
SetStdHandle
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
GetCurrentProcess
SetErrorMode
WritePrivateProfileStringA
GetOEMCP
GetCPInfo
GetProcessVersion
TlsGetValue
LocalReAlloc
TlsSetValue
EnterCriticalSection
GlobalReAlloc
LeaveCriticalSection
TlsFree
GlobalHandle
DeleteCriticalSection
TlsAlloc
InitializeCriticalSection
LocalAlloc
SetLastError
GetModuleFileNameA
GlobalFlags
MulDiv
lstrcpynA
MultiByteToWideChar
WideCharToMultiByte
InterlockedDecrement
InterlockedIncrement
GlobalAlloc
lstrcmpA
GetCurrentThread
GetVersion
lstrcatA
GetCurrentThreadId
GlobalGetAtomNameA
lstrcmpiA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
lstrcpyA
GetModuleHandleA
GlobalLock
GlobalUnlock
GlobalFree
LockResource
FindResourceA
LoadResource
lstrlenA
GetLastError
CreateProcessA
WaitForSingleObject
GetExitCodeProcess
CloseHandle
FormatMessageA
LocalFree
LoadLibraryA
GetProcAddress
FreeLibrary
GetEnvironmentStringsW

user32

IsDialogMessageA
SetWindowTextA
ShowWindow
EnableMenuItem
CheckMenuItem
SetMenuItemBitmaps
ModifyMenuA
GetMenuState
LoadBitmapA
GetMenuCheckMarkDimensions
GetCursorPos
ValidateRect
TranslateMessage
GetMessageA
PostQuitMessage
SetCursor
LoadStringA
GetClassNameA
PtInRect
ClientToScreen
ReleaseDC
GetDC
TabbedTextOutA
DrawTextA
GrayStringA
LoadCursorA
GetSysColorBrush
DestroyMenu
SendDlgItemMessageA
MapWindowPoints
GetSysColor
PeekMessageA
DispatchMessageA
GetFocus
SetFocus
AdjustWindowRectEx
CopyRect
IsWindowVisible
GetTopWindow
MessageBoxA
GetCapture
WinHelpA
wsprintfA
GetClassInfoA
RegisterClassA
GetMenu
GetMenuItemCount
GetSubMenu
GetMenuItemID
GetWindowTextA
GetDlgCtrlID
GetKeyState
CreateWindowExA
CallNextHookEx
GetClassLongA
SetPropA
UnhookWindowsHookEx
GetPropA
CallWindowProcA
RemovePropA
DefWindowProcA
GetMessageTime
GetMessagePos
GetLastActivePopup
GetForegroundWindow
SetForegroundWindow
GetWindow
SetWindowLongA
SetWindowPos
RegisterWindowMessageA
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetWindowRect
GetNextDlgTabItem
EndDialog
GetActiveWindow
SetActiveWindow
IsWindow
GetSystemMetrics
LoadIconA
PostMessageA
GetClientRect
UpdateWindow
CreateDialogIndirectParamA
DestroyWindow
GetParent
GetWindowLongA
GetDlgItem
IsWindowEnabled
SendMessageA
EnableWindow
SetWindowsHookExA
UnregisterClassA

gdi32

GetDeviceCaps
GetStockObject
DeleteDC
SaveDC
RestoreDC
SetMapMode
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
SelectObject
DeleteObject
CreateBitmap
GetObjectA
SetBkColor
SetTextColor
GetClipBox

winspool.drv

DocumentPropertiesA
ClosePrinter
OpenPrinterA

advapi32

RegSetValueExA
RegOpenKeyExA
RegCreateKeyExA
RegCloseKey

shell32

ShellExecuteA

comctl32

ord17

Sections

.text
Size: 88KB - Virtual size: 84KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
bin/upx/BUGS
bin/upx/COPYING
bin/upx/LICENSE
bin/upx/NEWS
.vbs
bin/upx/README
bin/upx/README.1ST
bin/upx/THANKS
bin/upx/TODO
bin/upx/upx.1
.vbs
bin/upx/upx.doc
.vbs
bin/upx/upx.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Sections

UPX0
Size: - Virtual size: 1.0MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 263KB - Virtual size: 264KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
bin/upx/upx.html
.html .vbs polyglot
kix2exe.exe
.exe windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 336KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 12KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 10KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 156KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 144KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
kix2exe.ico
license.txt
out.upx
.exe windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 32KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
scriptcfg.exe
.exe windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 176KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 12KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 10KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 105KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 36KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
uninstall.exe
.exe windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 172KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 17KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 10KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 32KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

UPX0 Size: - Virtual size: 172KB

UPX1 Size: 17KB - Virtual size: 20KB

.rsrc Size: 10KB - Virtual size: 12KB

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 432KB

UPX1 Size: 158KB - Virtual size: 160KB

.rsrc Size: 2KB - Virtual size: 4KB

Headers

File Characteristics

Exports

Exports

Sections

.text Size: 433KB - Virtual size: 436KB

.data Size: 88KB - Virtual size: 112KB

.tls Size: 512B - Virtual size: 4KB

.rdata Size: 512B - Virtual size: 4KB

.idata Size: 3KB - Virtual size: 4KB

.edata Size: 512B - Virtual size: 4KB

.rsrc Size: 2KB - Virtual size: 4KB

.reloc Size: 13KB - Virtual size: 16KB

fdd2a2691e26b92c7cbc500c7e391cbc

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 15KB - Virtual size: 15KB

.rdata Size: 5KB - Virtual size: 5KB

.data Size: 512B - Virtual size: 156KB

.ndata Size: - Virtual size: 4KB

.rsrc Size: 1024B - Virtual size: 928B

9c3a484e3c62053cec0156d149edbad2

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 16KB - Virtual size: 16KB

.rdata Size: 5KB - Virtual size: 5KB

.data Size: 512B - Virtual size: 200KB

.ndata Size: - Virtual size: 4KB

.rsrc Size: 1024B - Virtual size: 928B

e043e246d8abcbb9de2ad82c6e18cd88

Headers

DLL Characteristics

File Characteristics

Imports

shell32

kernel32

user32

Exports

Exports

Sections

.text Size: 2KB - Virtual size: 2KB

.rdata Size: 1024B - Virtual size: 758B

UPX0
Size: - Virtual size: 172KB

UPX1
Size: 17KB - Virtual size: 20KB

.rsrc
Size: 10KB - Virtual size: 12KB

UPX0
Size: - Virtual size: 432KB

UPX1
Size: 158KB - Virtual size: 160KB

.rsrc
Size: 2KB - Virtual size: 4KB

.text
Size: 433KB - Virtual size: 436KB

.data
Size: 88KB - Virtual size: 112KB

.tls
Size: 512B - Virtual size: 4KB

.rdata
Size: 512B - Virtual size: 4KB

.idata
Size: 3KB - Virtual size: 4KB

.edata
Size: 512B - Virtual size: 4KB

.rsrc
Size: 2KB - Virtual size: 4KB

.reloc
Size: 13KB - Virtual size: 16KB

.text
Size: 15KB - Virtual size: 15KB

.rdata
Size: 5KB - Virtual size: 5KB

.data
Size: 512B - Virtual size: 156KB

.ndata
Size: - Virtual size: 4KB

.rsrc
Size: 1024B - Virtual size: 928B

.text
Size: 16KB - Virtual size: 16KB

.rdata
Size: 5KB - Virtual size: 5KB

.data
Size: 512B - Virtual size: 200KB

.ndata
Size: - Virtual size: 4KB

.rsrc
Size: 1024B - Virtual size: 928B

.text
Size: 2KB - Virtual size: 2KB

.rdata
Size: 1024B - Virtual size: 758B

.data
Size: - Virtual size: 572B

.reloc
Size: 512B - Virtual size: 414B

.text
Size: 512B - Virtual size: 227B

.rdata
Size: 512B - Virtual size: 263B

.data
Size: - Virtual size: 16B

.reloc
Size: 512B - Virtual size: 72B

.text
Size: 7KB - Virtual size: 6KB

.rdata
Size: 1024B - Virtual size: 816B

.data
Size: 512B - Virtual size: 64B

.reloc
Size: 1024B - Virtual size: 516B

.text
Size: 3KB - Virtual size: 2KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 406B

.text
Size: 14KB - Virtual size: 13KB

.rdata
Size: 3KB - Virtual size: 3KB

.data
Size: 512B - Virtual size: 154KB

.ndata
Size: - Virtual size: 4KB

.rsrc
Size: 1024B - Virtual size: 928B