pepsi (25)[.]rar

Sharing

Copy URL Twitter E-mail

General

Target

pepsi (25).rar
Size

4.8MB
MD5

84c13a17d006c51d928528786578050f
SHA1

df80ec2506d8261efad740974291bbfa7f2685fc
SHA256

16c6db1a1e2f0f1dfd3bb3e76fd650afc6869f2dffa0c378aba871729b21912c
SHA512

17e9e6d5f452480bf18d08c1424c5431da94de3aeda59b005e7ba2456d1676996b86aad49c4b7047fe868a603b42a41d123900e355741d959e58bf4f4d61cf6a
SSDEEP

98304:tYaUim4LAS9HWQHT1BLlEqLBL2pWFd+SIBhu1ya7WNC/1TmWNa2a9b0l3:Kfim4LrQQHT1DVLF2oFk7hFa7WY1Tmwz

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/[DemonArchives]1f128a6715021ee4b43427a08c536646.exe	upx

Unsigned PE 32 IoCs

Checks for missing Authenticode signature.

resource
unpack001/[DemonArchives]04637ffe2381be364f332545401be87a.exe
unpack001/[DemonArchives]0538a74da6fe3284fd81cce11c292ed0.exe
unpack001/[DemonArchives]0c78f351ad8264f943aef9973fd41315.exe
unpack001/[DemonArchives]0d502dffa2ebcbd7aca913f4b7eb8f72.exe
unpack001/[DemonArchives]0dacd022029eb8184cd508b0d69737d1.exe
unpack001/[DemonArchives]1021073f25f667eb4e6985e76708458d.exe
unpack001/[DemonArchives]147fea0db246a48cf6c26456f839a79d.exe
unpack001/[DemonArchives]1525cf394b86c3dca15139269ac8407e.exe
unpack001/[DemonArchives]1b573431177901d94743f6c4f23f9388.exe
unpack001/[DemonArchives]1c2e5f87fee973996f54d42b789fdaa7.exe
unpack001/[DemonArchives]1f128a6715021ee4b43427a08c536646.exe
unpack001/[DemonArchives]22ad44038ce790b5912fd6ab18cc11a1.exe
unpack001/[DemonArchives]27e3b7a2e0ab38c1ce3788ab3701d0a4.exe
unpack001/[DemonArchives]2b4057994f1ae753931c66ed4de43162.exe
unpack001/[DemonArchives]2f98b9c0e0ce98a74b652bb70e655643.exe
unpack001/[DemonArchives]308e151208096e9d97b01b552ab3278d.exe
unpack001/[DemonArchives]30b6041f6643fdfd1e3618a638ee348f.exe
unpack001/[DemonArchives]3114384a3c3538840edc4ccfb7b4100b.exe
unpack001/[DemonArchives]34a70cad3d24fb3e2615097e3b4e1a37.exe
unpack001/[DemonArchives]34dc3a71957e98c3963de991acf1baae.exe
unpack001/[DemonArchives]35ae42a293e0d05e4ef51ac4ad7b7d3d.exe
unpack001/[DemonArchives]37685c1f37aaf2e4f7779c1a9268ed8a.exe
unpack001/[DemonArchives]42aaf1119a35efe86c34e49110a7adfc.exe
unpack001/[DemonArchives]495082f82f11db655e54f105badb2b43.exe
unpack001/[DemonArchives]5755c48118cf9949cd43734998bb18b9.exe
unpack001/[DemonArchives]691e183b03c12268ec7b72ba6cd91f7f.exe
unpack001/[DemonArchives]a05c896c996d1fcf6058d879c6bd2bf3.exe
unpack001/[DemonArchives]a591e7a0155aee11fa8e711b3d427d95.exe
unpack001/[DemonArchives]a9dfebcf20af51671cb6be9ceaed6ff9.exe
unpack001/[DemonArchives]b5f4731562e07b8d21c2bb222b1873c9.exe
unpack001/[DemonArchives]b7a5f4ffc90d577029548e33f6c6cfdc.exe
unpack001/[DemonArchives]b98c7605f0b04729b8d866760f009e67.exe

Files

pepsi (25).rar
.rar
[DemonArchives]04637ffe2381be364f332545401be87a.exe
.exe windows:4 windows x86 arch:x86

a3cd30cc30d79a7a89ca3c454827da96

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

WSACloseEvent
gethostname
WSAAddressToStringW
WSAStartup
WSAConnect
getsockname
setsockopt
sendto
WSACleanup
socket
gethostbyname

kernel32

GetModuleHandleA
CreateFileA
SetStdHandle
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
ReadFile
GetLocaleInfoW
GetFileSize
SetEndOfFile
CreateProcessW
CreateDirectoryW
VirtualFree
WriteFile
LoadLibraryW
Sleep
MulDiv
CreateFileW
GetProcAddress
VirtualAlloc
GetDiskFreeSpaceW
ResetEvent
LocalAlloc
RemoveDirectoryW
VirtualProtect
DeleteCriticalSection
GetCurrentThreadId
CloseHandle
DeleteFileW
LocalFree
WideCharToMultiByte
InterlockedIncrement
InterlockedDecrement
InterlockedExchange
MultiByteToWideChar
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapFree
GetVersionExA
HeapAlloc
GetProcessHeap
GetStartupInfoW
GetCPInfo
GetLastError
RaiseException
RtlUnwind
LCMapStringA
LCMapStringW
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetACP
GetOEMCP
ExitProcess
GetStdHandle
GetModuleFileNameA
GetModuleFileNameW
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
HeapDestroy
HeapCreate
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
GetStringTypeA
GetStringTypeW
HeapReAlloc
GetConsoleCP
GetConsoleMode
FlushFileBuffers
SetFilePointer
HeapSize
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
IsValidCodePage
LoadLibraryA

Sections

.text
Size: 280KB - Virtual size: 278KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 72KB - Virtual size: 71KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 97KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.htext
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
[DemonArchives]0538a74da6fe3284fd81cce11c292ed0.exe
.exe windows:1 windows x86 arch:x86

c2a87fabf96470db507b2e6b43bd92eb

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ole32

CoCreateInstance
CLSIDFromString
CoInitialize
CoUninitialize

oleaut32

SysAllocString

wininet

DeleteUrlCacheEntry
FindFirstUrlCacheEntryA
FindNextUrlCacheEntryA

kernel32

ExitProcess
ExpandEnvironmentStringsA
GetCommandLineA
GetComputerNameA
GetCurrentProcessId
GetCurrentThreadId
GetExitCodeThread
GetFileSize
GetModuleFileNameA
GetModuleHandleA
CloseHandle
GetProcAddress
GetSystemDirectoryA
GetTempPathA
GetTickCount
GetVersion
GetVersionExA
GetWindowsDirectoryA
GlobalMemoryStatus
CopyFileA
InterlockedIncrement
IsBadReadPtr
IsBadWritePtr
LoadLibraryA
LocalAlloc
LocalFree
OpenMutexA
CreateFileA
ReadFile
RtlUnwind
SetFilePointer
CreateMutexA
Sleep
TerminateProcess
VirtualQuery
CreateProcessA
WaitForSingleObject
WideCharToMultiByte
WinExec
WriteFile
lstrlenA
lstrlenW
CreateThread
DeleteFileA

user32

GetWindowTextA
GetWindowRect
FindWindowA
GetWindow
GetClassNameA
SetFocus
GetForegroundWindow
LoadCursorA
LoadIconA
SetTimer
RegisterClassA
MessageBoxA
GetMessageA
GetWindowLongA
SetWindowLongA
CreateDesktopA
SetThreadDesktop
GetThreadDesktop
TranslateMessage
DispatchMessageA
SendMessageA
PostQuitMessage
ShowWindow
CreateWindowExA
DestroyWindow
MoveWindow
DefWindowProcA
CallWindowProcA

gdi32

GetStockObject
SetBkColor
SetTextColor
CreateBrushIndirect
CreateFontA

advapi32

GetUserNameA
RegCreateKeyExA
RegCloseKey
RegOpenKeyExA
RegQueryValueExA
RegSetValueExA
GetSecurityInfo
SetSecurityInfo
SetEntriesInAclA

crtdll

__GetMainArgs
_sleep
_stricmp
atoi
exit
memcpy
memset
printf
raise
rand
signal
sprintf
srand
sscanf
strcat
strchr
strncmp
vsprintf

msvcrt

_wgetcwd

Sections

.text
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 132KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfcd
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.l1
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
[DemonArchives]0c78f351ad8264f943aef9973fd41315.exe
.exe windows:1 windows x86 arch:x86

c2a87fabf96470db507b2e6b43bd92eb

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ole32

CoCreateInstance
CLSIDFromString
CoInitialize
CoUninitialize

oleaut32

SysAllocString

wininet

DeleteUrlCacheEntry
FindFirstUrlCacheEntryA
FindNextUrlCacheEntryA

kernel32

ExitProcess
ExpandEnvironmentStringsA
GetCommandLineA
GetComputerNameA
GetCurrentProcessId
GetCurrentThreadId
GetExitCodeThread
GetFileSize
GetModuleFileNameA
GetModuleHandleA
CloseHandle
GetProcAddress
GetSystemDirectoryA
GetTempPathA
GetTickCount
GetVersion
GetVersionExA
GetWindowsDirectoryA
GlobalMemoryStatus
CopyFileA
InterlockedIncrement
IsBadReadPtr
IsBadWritePtr
LoadLibraryA
LocalAlloc
LocalFree
OpenMutexA
CreateFileA
ReadFile
RtlUnwind
SetFilePointer
CreateMutexA
Sleep
TerminateProcess
VirtualQuery
CreateProcessA
WaitForSingleObject
WideCharToMultiByte
WinExec
WriteFile
lstrlenA
lstrlenW
CreateThread
DeleteFileA

user32

GetWindowTextA
GetWindowRect
FindWindowA
GetWindow
GetClassNameA
SetFocus
GetForegroundWindow
LoadCursorA
LoadIconA
SetTimer
RegisterClassA
MessageBoxA
GetMessageA
GetWindowLongA
SetWindowLongA
CreateDesktopA
SetThreadDesktop
GetThreadDesktop
TranslateMessage
DispatchMessageA
SendMessageA
PostQuitMessage
ShowWindow
CreateWindowExA
DestroyWindow
MoveWindow
DefWindowProcA
CallWindowProcA

gdi32

GetStockObject
SetBkColor
SetTextColor
CreateBrushIndirect
CreateFontA

advapi32

GetUserNameA
RegCreateKeyExA
RegCloseKey
RegOpenKeyExA
RegQueryValueExA
RegSetValueExA
GetSecurityInfo
SetSecurityInfo
SetEntriesInAclA

crtdll

__GetMainArgs
_sleep
_stricmp
atoi
exit
memcpy
memset
printf
raise
rand
signal
sprintf
srand
sscanf
strcat
strchr
strncmp
vsprintf

msvcrt

_wgetcwd

Sections

.text
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 132KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfcd
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.l1
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
[DemonArchives]0d502dffa2ebcbd7aca913f4b7eb8f72.exe
.exe windows:1 windows x86 arch:x86

a64e048b98d051ae6e6b6334f77c95d3

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ole32

CoCreateInstance
CLSIDFromString
CoInitialize
CoUninitialize

oleaut32

SysAllocString

wininet

DeleteUrlCacheEntry
FindFirstUrlCacheEntryA
FindNextUrlCacheEntryA

kernel32

ExitProcess
ExpandEnvironmentStringsA
GetCommandLineA
GetComputerNameA
GetCurrentProcessId
GetCurrentThreadId
GetExitCodeThread
GetFileSize
GetModuleFileNameA
GetModuleHandleA
CloseHandle
GetProcAddress
GetSystemDirectoryA
GetTempPathA
GetTickCount
GetVersion
GetVersionExA
GetWindowsDirectoryA
GlobalMemoryStatus
CopyFileA
InterlockedIncrement
IsBadReadPtr
IsBadWritePtr
LoadLibraryA
LocalAlloc
LocalFree
OpenMutexA
CreateFileA
ReadFile
RtlUnwind
SetFilePointer
CreateMutexA
Sleep
TerminateProcess
VirtualQuery
CreateProcessA
WaitForSingleObject
WideCharToMultiByte
WinExec
WriteFile
lstrlenA
lstrlenW
CreateThread
DeleteFileA

user32

GetWindowTextA
GetWindowRect
FindWindowA
GetWindow
GetClassNameA
SetFocus
GetForegroundWindow
LoadCursorA
LoadIconA
SetTimer
RegisterClassA
MessageBoxA
GetMessageA
GetWindowLongA
SetWindowLongA
CreateDesktopA
SetThreadDesktop
GetThreadDesktop
TranslateMessage
DispatchMessageA
SendMessageA
PostQuitMessage
ShowWindow
CreateWindowExA
DestroyWindow
MoveWindow
DefWindowProcA
CallWindowProcA

gdi32

GetStockObject
SetBkColor
SetTextColor
CreateBrushIndirect
CreateFontA

advapi32

GetUserNameA
RegCreateKeyExA
RegCloseKey
RegOpenKeyExA
RegQueryValueExA
RegSetValueExA
GetSecurityInfo
SetSecurityInfo
SetEntriesInAclA

crtdll

__GetMainArgs
_sleep
_stricmp
atoi
exit
memcpy
memset
printf
raise
rand
signal
sprintf
srand
sscanf
strcat
strchr
strncmp
vsprintf

Sections

.text
Size: 31KB - Virtual size: 31KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 132KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.aajaic
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
[DemonArchives]0dacd022029eb8184cd508b0d69737d1.exe
.exe windows:1 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.reloc
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: - Virtual size: 132KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.embm
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
[DemonArchives]1021073f25f667eb4e6985e76708458d.exe
.exe windows:1 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 51KB - Virtual size: 51KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 122KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.text
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
[DemonArchives]147fea0db246a48cf6c26456f839a79d.exe
.exe windows:1 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 51KB - Virtual size: 51KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 122KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.text
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
[DemonArchives]1525cf394b86c3dca15139269ac8407e.exe
.exe windows:1 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: - Virtual size: 132KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.embm
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 6KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.text
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 9KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.text
Size: 6KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
[DemonArchives]1b573431177901d94743f6c4f23f9388.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 47KB - Virtual size: 156KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

petite
Size: 274B - Virtual size: 274B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
[DemonArchives]1c2e5f87fee973996f54d42b789fdaa7.exe
.exe windows:1 windows x86 arch:x86

c2a87fabf96470db507b2e6b43bd92eb

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ole32

CoCreateInstance
CLSIDFromString
CoInitialize
CoUninitialize

oleaut32

SysAllocString

wininet

DeleteUrlCacheEntry
FindFirstUrlCacheEntryA
FindNextUrlCacheEntryA

kernel32

ExitProcess
ExpandEnvironmentStringsA
GetCommandLineA
GetComputerNameA
GetCurrentProcessId
GetCurrentThreadId
GetExitCodeThread
GetFileSize
GetModuleFileNameA
GetModuleHandleA
CloseHandle
GetProcAddress
GetSystemDirectoryA
GetTempPathA
GetTickCount
GetVersion
GetVersionExA
GetWindowsDirectoryA
GlobalMemoryStatus
CopyFileA
InterlockedIncrement
IsBadReadPtr
IsBadWritePtr
LoadLibraryA
LocalAlloc
LocalFree
OpenMutexA
CreateFileA
ReadFile
RtlUnwind
SetFilePointer
CreateMutexA
Sleep
TerminateProcess
VirtualQuery
CreateProcessA
WaitForSingleObject
WideCharToMultiByte
WinExec
WriteFile
lstrlenA
lstrlenW
CreateThread
DeleteFileA

user32

GetWindowTextA
GetWindowRect
FindWindowA
GetWindow
GetClassNameA
SetFocus
GetForegroundWindow
LoadCursorA
LoadIconA
SetTimer
RegisterClassA
MessageBoxA
GetMessageA
GetWindowLongA
SetWindowLongA
CreateDesktopA
SetThreadDesktop
GetThreadDesktop
TranslateMessage
DispatchMessageA
SendMessageA
PostQuitMessage
ShowWindow
CreateWindowExA
DestroyWindow
MoveWindow
DefWindowProcA
CallWindowProcA

gdi32

GetStockObject
SetBkColor
SetTextColor
CreateBrushIndirect
CreateFontA

advapi32

GetUserNameA
RegCreateKeyExA
RegCloseKey
RegOpenKeyExA
RegQueryValueExA
RegSetValueExA
GetSecurityInfo
SetSecurityInfo
SetEntriesInAclA

crtdll

__GetMainArgs
_sleep
_stricmp
atoi
exit
memcpy
memset
printf
raise
rand
signal
sprintf
srand
sscanf
strcat
strchr
strncmp
vsprintf

msvcrt

_wgetcwd

Sections

.text
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 132KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfcd
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.l1
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
[DemonArchives]1f128a6715021ee4b43427a08c536646.exe
.exe windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 68KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.btnj
Size: 34KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX2
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.t
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
[DemonArchives]22ad44038ce790b5912fd6ab18cc11a1.exe
.exe windows:1 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.reloc
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: - Virtual size: 132KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.embm
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
[DemonArchives]27e3b7a2e0ab38c1ce3788ab3701d0a4.exe
.exe windows:1 windows x86 arch:x86

26babd76bbb7f9c516a338b0601b4c9f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

wsock32

WSAGetLastError
WSAStartup
__WSAFDIsSet
accept
bind
closesocket
connect
gethostbyname
htonl
htons
inet_addr
ioctlsocket
listen
recv
select
send
socket

ole32

CoCreateInstance
CLSIDFromString
CoTaskMemFree
CoInitialize
CoUninitialize

oleaut32

SysAllocString

wininet

DeleteUrlCacheEntry
FindFirstUrlCacheEntryA
FindNextUrlCacheEntryA

kernel32

ExitProcess
ExitThread
ExpandEnvironmentStringsA
FileTimeToLocalFileTime
FileTimeToSystemTime
FindClose
FindFirstFileA
FindNextFileA
FreeLibrary
GetCommandLineA
GetCurrentProcessId
GetCurrentThreadId
GetExitCodeProcess
GetExitCodeThread
GetFileAttributesA
GetFileSize
GetFileTime
GetLocalTime
GetModuleFileNameA
GetModuleHandleA
CloseHandle
GetProcAddress
GetSystemDirectoryA
GetTempPathA
GetTickCount
GetTimeZoneInformation
GetVersion
GetVersionExA
GetWindowsDirectoryA
GlobalMemoryStatus
CopyFileA
InterlockedIncrement
IsBadReadPtr
IsBadWritePtr
LoadLibraryA
CreateDirectoryA
LocalAlloc
LocalFree
OpenFile
OpenMutexA
OpenProcess
PeekNamedPipe
CreateFileA
ReadFile
RemoveDirectoryA
RtlUnwind
SetFileAttributesA
SetFilePointer
CreateMutexA
Sleep
TerminateProcess
TerminateThread
CreatePipe
VirtualQuery
CreateProcessA
WaitForSingleObject
WideCharToMultiByte
WinExec
WriteFile
lstrlenA
lstrlenW
CreateThread
DeleteFileA

user32

GetWindowTextA
GetWindowRect
FindWindowA
GetWindow
IsWindowVisible
GetClassNameA
GetForegroundWindow
LoadCursorA
SetTimer
KillTimer
RegisterClassA
GetMessageA
CreateDesktopA
SetThreadDesktop
GetThreadDesktop
TranslateMessage
DispatchMessageA
SendMessageA
CharUpperBuffA
OemToCharA
PostQuitMessage
ShowWindow
CreateWindowExA
DestroyWindow
DefWindowProcA

gdi32

GetStockObject
DeleteObject

advapi32

RegCreateKeyExA
RegCloseKey
RegOpenKeyExA
RegQueryValueExA
RegSetValueExA
GetSecurityInfo
SetSecurityInfo
SetEntriesInAclA

crtdll

_itoa
__GetMainArgs
_sleep
_strcmpi
_stricmp
atoi
exit
memcpy
memset
raise
rand
signal
sprintf
srand
sscanf
strcat
strchr
strncmp

Sections

.text
Size: 51KB - Virtual size: 51KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 122KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.flh
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

EYDrlEDn
Size: 6KB - Virtual size: 6KB

EQFISfgO
Size: 40KB - Virtual size: 39KB

lqCdNCUj
Size: 7KB - Virtual size: 7KB

wRJymkPC
Size: 2KB - Virtual size: 1KB

GUbEovZx
Size: 2KB - Virtual size: 1KB

XSaxIbmT
Size: 512B - Virtual size: 226B

kuLUHNSh
Size: 46KB - Virtual size: 45KB

wAjRsDvJ
Size: 512B - Virtual size: 59B

wpxikxtQ
Size: 52KB - Virtual size: 51KB

HhtMkgHL
Size: 1024B - Virtual size: 517B
[DemonArchives]2b4057994f1ae753931c66ed4de43162.exe
.exe windows:1 windows x86 arch:x86

26babd76bbb7f9c516a338b0601b4c9f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

wsock32

WSAGetLastError
WSAStartup
__WSAFDIsSet
accept
bind
closesocket
connect
gethostbyname
htonl
htons
inet_addr
ioctlsocket
listen
recv
select
send
socket

ole32

CoCreateInstance
CLSIDFromString
CoTaskMemFree
CoInitialize
CoUninitialize

oleaut32

SysAllocString

wininet

DeleteUrlCacheEntry
FindFirstUrlCacheEntryA
FindNextUrlCacheEntryA

kernel32

ExitProcess
ExitThread
ExpandEnvironmentStringsA
FileTimeToLocalFileTime
FileTimeToSystemTime
FindClose
FindFirstFileA
FindNextFileA
FreeLibrary
GetCommandLineA
GetCurrentProcessId
GetCurrentThreadId
GetExitCodeProcess
GetExitCodeThread
GetFileAttributesA
GetFileSize
GetFileTime
GetLocalTime
GetModuleFileNameA
GetModuleHandleA
CloseHandle
GetProcAddress
GetSystemDirectoryA
GetTempPathA
GetTickCount
GetTimeZoneInformation
GetVersion
GetVersionExA
GetWindowsDirectoryA
GlobalMemoryStatus
CopyFileA
InterlockedIncrement
IsBadReadPtr
IsBadWritePtr
LoadLibraryA
CreateDirectoryA
LocalAlloc
LocalFree
OpenFile
OpenMutexA
OpenProcess
PeekNamedPipe
CreateFileA
ReadFile
RemoveDirectoryA
RtlUnwind
SetFileAttributesA
SetFilePointer
CreateMutexA
Sleep
TerminateProcess
TerminateThread
CreatePipe
VirtualQuery
CreateProcessA
WaitForSingleObject
WideCharToMultiByte
WinExec
WriteFile
lstrlenA
lstrlenW
CreateThread
DeleteFileA

user32

GetWindowTextA
GetWindowRect
FindWindowA
GetWindow
IsWindowVisible
GetClassNameA
GetForegroundWindow
LoadCursorA
SetTimer
KillTimer
RegisterClassA
GetMessageA
CreateDesktopA
SetThreadDesktop
GetThreadDesktop
TranslateMessage
DispatchMessageA
SendMessageA
CharUpperBuffA
OemToCharA
PostQuitMessage
ShowWindow
CreateWindowExA
DestroyWindow
DefWindowProcA

gdi32

GetStockObject
DeleteObject

advapi32

RegCreateKeyExA
RegCloseKey
RegOpenKeyExA
RegQueryValueExA
RegSetValueExA
GetSecurityInfo
SetSecurityInfo
SetEntriesInAclA

crtdll

_itoa
__GetMainArgs
_sleep
_strcmpi
_stricmp
atoi
exit
memcpy
memset
raise
rand
signal
sprintf
srand
sscanf
strcat
strchr
strncmp

Sections

.text
Size: 45KB - Virtual size: 45KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 122KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ajelhf
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
[DemonArchives]2f98b9c0e0ce98a74b652bb70e655643.exe
.exe windows:1 windows x86 arch:x86

c2a87fabf96470db507b2e6b43bd92eb

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ole32

CoCreateInstance
CLSIDFromString
CoInitialize
CoUninitialize

oleaut32

SysAllocString

wininet

DeleteUrlCacheEntry
FindFirstUrlCacheEntryA
FindNextUrlCacheEntryA

kernel32

ExitProcess
ExpandEnvironmentStringsA
GetCommandLineA
GetComputerNameA
GetCurrentProcessId
GetCurrentThreadId
GetExitCodeThread
GetFileSize
GetModuleFileNameA
GetModuleHandleA
CloseHandle
GetProcAddress
GetSystemDirectoryA
GetTempPathA
GetTickCount
GetVersion
GetVersionExA
GetWindowsDirectoryA
GlobalMemoryStatus
CopyFileA
InterlockedIncrement
IsBadReadPtr
IsBadWritePtr
LoadLibraryA
LocalAlloc
LocalFree
OpenMutexA
CreateFileA
ReadFile
RtlUnwind
SetFilePointer
CreateMutexA
Sleep
TerminateProcess
VirtualQuery
CreateProcessA
WaitForSingleObject
WideCharToMultiByte
WinExec
WriteFile
lstrlenA
lstrlenW
CreateThread
DeleteFileA

user32

GetWindowTextA
GetWindowRect
FindWindowA
GetWindow
GetClassNameA
SetFocus
GetForegroundWindow
LoadCursorA
LoadIconA
SetTimer
RegisterClassA
MessageBoxA
GetMessageA
GetWindowLongA
SetWindowLongA
CreateDesktopA
SetThreadDesktop
GetThreadDesktop
TranslateMessage
DispatchMessageA
SendMessageA
PostQuitMessage
ShowWindow
CreateWindowExA
DestroyWindow
MoveWindow
DefWindowProcA
CallWindowProcA

gdi32

GetStockObject
SetBkColor
SetTextColor
CreateBrushIndirect
CreateFontA

advapi32

GetUserNameA
RegCreateKeyExA
RegCloseKey
RegOpenKeyExA
RegQueryValueExA
RegSetValueExA
GetSecurityInfo
SetSecurityInfo
SetEntriesInAclA

crtdll

__GetMainArgs
_sleep
_stricmp
atoi
exit
memcpy
memset
printf
raise
rand
signal
sprintf
srand
sscanf
strcat
strchr
strncmp
vsprintf

msvcrt

_wgetcwd

Sections

.text
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 132KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfcd
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.l1
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
[DemonArchives]308e151208096e9d97b01b552ab3278d.exe
.exe windows:4 windows x86 arch:x86

b71ae52e8715ee7bfaa0c9df227db54a

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

GetLastError
SetLastError
GetTickCount
ExitProcess
GetStartupInfoA
GetStdHandle
GetCommandLineA
GetCurrentProcessId
GetCurrentThreadId
GetCurrentProcess
ReadProcessMemory
GetModuleFileNameA
GetModuleHandleA
WriteFile
ReadFile
CloseHandle
SetFilePointer
FreeLibrary
LoadLibraryA
GetProcAddress
DeleteFileW
MoveFileW
CreateFileW
GetFileAttributesW
GetConsoleMode
GetConsoleOutputCP
GetOEMCP
GetProcessHeap
HeapAlloc
HeapFree
TlsAlloc
TlsGetValue
TlsSetValue
CreateThread
ExitThread
LocalAlloc
LocalFree
Sleep
SuspendThread
ResumeThread
TerminateThread
WaitForSingleObject
SetThreadPriority
GetThreadPriority
CreateEventA
ResetEvent
SetEvent
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
TryEnterCriticalSection
MultiByteToWideChar
WideCharToMultiByte
GetACP
GetConsoleCP
SetUnhandledExceptionFilter
EnumResourceTypesA
EnumResourceNamesA
EnumResourceLanguagesA
FindResourceA
FindResourceExA
LoadResource
SizeofResource
LockResource
FreeResource
GetWindowsDirectoryA
CopyFileA
CreateProcessA
GetVersionExA
CompareStringA
GetLocaleInfoA
EnumCalendarInfoA
FormatMessageW
CompareStringW
TerminateProcess
GetThreadLocale
SetThreadLocale
GetUserDefaultLCID

oleaut32

SysAllocStringLen
SysFreeString
SysReAllocStringLen

user32

MessageBoxA
CharUpperBuffW
CharLowerBuffW
CharUpperA
CharUpperBuffA
CharLowerA
CharLowerBuffA
GetSystemMetrics
MessageBeep

shlwapi

SHSetThreadRef

Sections

.text
Size: 79KB - Virtual size: 79KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 78KB - Virtual size: 78KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 9KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.l1
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
[DemonArchives]30b6041f6643fdfd1e3618a638ee348f.exe
.exe windows:1 windows x86 arch:x86

26babd76bbb7f9c516a338b0601b4c9f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

wsock32

WSAGetLastError
WSAStartup
__WSAFDIsSet
accept
bind
closesocket
connect
gethostbyname
htonl
htons
inet_addr
ioctlsocket
listen
recv
select
send
socket

ole32

CoCreateInstance
CLSIDFromString
CoTaskMemFree
CoInitialize
CoUninitialize

oleaut32

SysAllocString

wininet

DeleteUrlCacheEntry
FindFirstUrlCacheEntryA
FindNextUrlCacheEntryA

kernel32

ExitProcess
ExitThread
ExpandEnvironmentStringsA
FileTimeToLocalFileTime
FileTimeToSystemTime
FindClose
FindFirstFileA
FindNextFileA
FreeLibrary
GetCommandLineA
GetCurrentProcessId
GetCurrentThreadId
GetExitCodeProcess
GetExitCodeThread
GetFileAttributesA
GetFileSize
GetFileTime
GetLocalTime
GetModuleFileNameA
GetModuleHandleA
CloseHandle
GetProcAddress
GetSystemDirectoryA
GetTempPathA
GetTickCount
GetTimeZoneInformation
GetVersion
GetVersionExA
GetWindowsDirectoryA
GlobalMemoryStatus
CopyFileA
InterlockedIncrement
IsBadReadPtr
IsBadWritePtr
LoadLibraryA
CreateDirectoryA
LocalAlloc
LocalFree
OpenFile
OpenMutexA
OpenProcess
PeekNamedPipe
CreateFileA
ReadFile
RemoveDirectoryA
RtlUnwind
SetFileAttributesA
SetFilePointer
CreateMutexA
Sleep
TerminateProcess
TerminateThread
CreatePipe
VirtualQuery
CreateProcessA
WaitForSingleObject
WideCharToMultiByte
WinExec
WriteFile
lstrlenA
lstrlenW
CreateThread
DeleteFileA

user32

GetWindowTextA
GetWindowRect
FindWindowA
GetWindow
IsWindowVisible
GetClassNameA
GetForegroundWindow
LoadCursorA
SetTimer
KillTimer
RegisterClassA
GetMessageA
CreateDesktopA
SetThreadDesktop
GetThreadDesktop
TranslateMessage
DispatchMessageA
SendMessageA
CharUpperBuffA
OemToCharA
PostQuitMessage
ShowWindow
CreateWindowExA
DestroyWindow
DefWindowProcA

gdi32

GetStockObject
DeleteObject

advapi32

RegCreateKeyExA
RegCloseKey
RegOpenKeyExA
RegQueryValueExA
RegSetValueExA
GetSecurityInfo
SetSecurityInfo
SetEntriesInAclA

crtdll

_itoa
__GetMainArgs
_sleep
_strcmpi
_stricmp
atoi
exit
memcpy
memset
raise
rand
signal
sprintf
srand
sscanf
strcat
strchr
strncmp

Sections

.text
Size: 45KB - Virtual size: 45KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 122KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ajelhf
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
[DemonArchives]3114384a3c3538840edc4ccfb7b4100b.exe
.exe windows:1 windows x86 arch:x86

26babd76bbb7f9c516a338b0601b4c9f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

wsock32

WSAGetLastError
WSAStartup
__WSAFDIsSet
accept
bind
closesocket
connect
gethostbyname
htonl
htons
inet_addr
ioctlsocket
listen
recv
select
send
socket

ole32

CoCreateInstance
CLSIDFromString
CoTaskMemFree
CoInitialize
CoUninitialize

oleaut32

SysAllocString

wininet

DeleteUrlCacheEntry
FindFirstUrlCacheEntryA
FindNextUrlCacheEntryA

kernel32

ExitProcess
ExitThread
ExpandEnvironmentStringsA
FileTimeToLocalFileTime
FileTimeToSystemTime
FindClose
FindFirstFileA
FindNextFileA
FreeLibrary
GetCommandLineA
GetCurrentProcessId
GetCurrentThreadId
GetExitCodeProcess
GetExitCodeThread
GetFileAttributesA
GetFileSize
GetFileTime
GetLocalTime
GetModuleFileNameA
GetModuleHandleA
CloseHandle
GetProcAddress
GetSystemDirectoryA
GetTempPathA
GetTickCount
GetTimeZoneInformation
GetVersion
GetVersionExA
GetWindowsDirectoryA
GlobalMemoryStatus
CopyFileA
InterlockedIncrement
IsBadReadPtr
IsBadWritePtr
LoadLibraryA
CreateDirectoryA
LocalAlloc
LocalFree
OpenFile
OpenMutexA
OpenProcess
PeekNamedPipe
CreateFileA
ReadFile
RemoveDirectoryA
RtlUnwind
SetFileAttributesA
SetFilePointer
CreateMutexA
Sleep
TerminateProcess
TerminateThread
CreatePipe
VirtualQuery
CreateProcessA
WaitForSingleObject
WideCharToMultiByte
WinExec
WriteFile
lstrlenA
lstrlenW
CreateThread
DeleteFileA

user32

GetWindowTextA
GetWindowRect
FindWindowA
GetWindow
IsWindowVisible
GetClassNameA
GetForegroundWindow
LoadCursorA
SetTimer
KillTimer
RegisterClassA
GetMessageA
CreateDesktopA
SetThreadDesktop
GetThreadDesktop
TranslateMessage
DispatchMessageA
SendMessageA
CharUpperBuffA
OemToCharA
PostQuitMessage
ShowWindow
CreateWindowExA
DestroyWindow
DefWindowProcA

gdi32

GetStockObject
DeleteObject

advapi32

RegCreateKeyExA
RegCloseKey
RegOpenKeyExA
RegQueryValueExA
RegSetValueExA
GetSecurityInfo
SetSecurityInfo
SetEntriesInAclA

crtdll

_itoa
__GetMainArgs
_sleep
_strcmpi
_stricmp
atoi
exit
memcpy
memset
raise
rand
signal
sprintf
srand
sscanf
strcat
strchr
strncmp

Sections

.text
Size: 45KB - Virtual size: 45KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 122KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ajelhf
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
[DemonArchives]34a70cad3d24fb3e2615097e3b4e1a37.exe
.exe windows:1 windows x86 arch:x86

62ec3dce1eba1b68f6a4511bb09f8c2c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ole32

CoCreateInstance
CLSIDFromString
CoInitialize
CoUninitialize

oleaut32

SysAllocString

wininet

DeleteUrlCacheEntry
FindFirstUrlCacheEntryA
FindNextUrlCacheEntryA

kernel32

ExitProcess
ExpandEnvironmentStringsA
GetCommandLineA
GetComputerNameA
GetCurrentProcessId
GetCurrentThreadId
GetExitCodeThread
GetFileSize
GetModuleFileNameA
GetModuleHandleA
CloseHandle
GetProcAddress
GetSystemDirectoryA
GetTempPathA
GetTickCount
GetVersion
GetVersionExA
GetWindowsDirectoryA
GlobalMemoryStatus
CopyFileA
InterlockedIncrement
IsBadReadPtr
IsBadWritePtr
LoadLibraryA
LocalAlloc
LocalFree
OpenMutexA
CreateFileA
ReadFile
RtlUnwind
SetFilePointer
CreateMutexA
Sleep
TerminateProcess
VirtualQuery
CreateProcessA
WaitForSingleObject
WideCharToMultiByte
WinExec
WriteFile
lstrlenA
lstrlenW
CreateThread
DeleteFileA

user32

GetWindowTextA
GetWindowRect
FindWindowA
GetWindow
GetClassNameA
SetFocus
GetForegroundWindow
LoadCursorA
LoadIconA
SetTimer
RegisterClassA
MessageBoxA
GetMessageA
GetWindowLongA
SetWindowLongA
CreateDesktopA
SetThreadDesktop
GetThreadDesktop
TranslateMessage
DispatchMessageA
SendMessageA
PostQuitMessage
ShowWindow
CreateWindowExA
DestroyWindow
MoveWindow
DefWindowProcA
CallWindowProcA

gdi32

GetStockObject
SetBkColor
SetTextColor
CreateBrushIndirect
CreateFontA

advapi32

GetUserNameA
RegCreateKeyExA
RegCloseKey
RegOpenKeyExA
RegQueryValueExA
RegSetValueExA
GetSecurityInfo
SetSecurityInfo
SetEntriesInAclA

crtdll

__GetMainArgs
_sleep
_stricmp
atoi
exit
memcpy
memset
printf
raise
rand
signal
sprintf
srand
sscanf
strcat
strchr
strncmp
vsprintf

msvcrt

memchr

Sections

.text
Size: 31KB - Virtual size: 31KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 132KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.kofbl
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.l1
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
[DemonArchives]34dc3a71957e98c3963de991acf1baae.exe
.exe windows:1 windows x86 arch:x86

c2a87fabf96470db507b2e6b43bd92eb

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ole32

CoCreateInstance
CLSIDFromString
CoInitialize
CoUninitialize

oleaut32

SysAllocString

wininet

DeleteUrlCacheEntry
FindFirstUrlCacheEntryA
FindNextUrlCacheEntryA

kernel32

ExitProcess
ExpandEnvironmentStringsA
GetCommandLineA
GetComputerNameA
GetCurrentProcessId
GetCurrentThreadId
GetExitCodeThread
GetFileSize
GetModuleFileNameA
GetModuleHandleA
CloseHandle
GetProcAddress
GetSystemDirectoryA
GetTempPathA
GetTickCount
GetVersion
GetVersionExA
GetWindowsDirectoryA
GlobalMemoryStatus
CopyFileA
InterlockedIncrement
IsBadReadPtr
IsBadWritePtr
LoadLibraryA
LocalAlloc
LocalFree
OpenMutexA
CreateFileA
ReadFile
RtlUnwind
SetFilePointer
CreateMutexA
Sleep
TerminateProcess
VirtualQuery
CreateProcessA
WaitForSingleObject
WideCharToMultiByte
WinExec
WriteFile
lstrlenA
lstrlenW
CreateThread
DeleteFileA

user32

GetWindowTextA
GetWindowRect
FindWindowA
GetWindow
GetClassNameA
SetFocus
GetForegroundWindow
LoadCursorA
LoadIconA
SetTimer
RegisterClassA
MessageBoxA
GetMessageA
GetWindowLongA
SetWindowLongA
CreateDesktopA
SetThreadDesktop
GetThreadDesktop
TranslateMessage
DispatchMessageA
SendMessageA
PostQuitMessage
ShowWindow
CreateWindowExA
DestroyWindow
MoveWindow
DefWindowProcA
CallWindowProcA

gdi32

GetStockObject
SetBkColor
SetTextColor
CreateBrushIndirect
CreateFontA

advapi32

GetUserNameA
RegCreateKeyExA
RegCloseKey
RegOpenKeyExA
RegQueryValueExA
RegSetValueExA
GetSecurityInfo
SetSecurityInfo
SetEntriesInAclA

crtdll

__GetMainArgs
_sleep
_stricmp
atoi
exit
memcpy
memset
printf
raise
rand
signal
sprintf
srand
sscanf
strcat
strchr
strncmp
vsprintf

msvcrt

_wgetcwd

Sections

.text
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 132KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfcd
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.l1
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
[DemonArchives]35ae42a293e0d05e4ef51ac4ad7b7d3d.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 47KB - Virtual size: 156KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

petite
Size: 274B - Virtual size: 274B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
[DemonArchives]37685c1f37aaf2e4f7779c1a9268ed8a.exe
.exe windows:1 windows x86 arch:x86

c2a87fabf96470db507b2e6b43bd92eb

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ole32

CoCreateInstance
CLSIDFromString
CoInitialize
CoUninitialize

oleaut32

SysAllocString

wininet

DeleteUrlCacheEntry
FindFirstUrlCacheEntryA
FindNextUrlCacheEntryA

kernel32

ExitProcess
ExpandEnvironmentStringsA
GetCommandLineA
GetComputerNameA
GetCurrentProcessId
GetCurrentThreadId
GetExitCodeThread
GetFileSize
GetModuleFileNameA
GetModuleHandleA
CloseHandle
GetProcAddress
GetSystemDirectoryA
GetTempPathA
GetTickCount
GetVersion
GetVersionExA
GetWindowsDirectoryA
GlobalMemoryStatus
CopyFileA
InterlockedIncrement
IsBadReadPtr
IsBadWritePtr
LoadLibraryA
LocalAlloc
LocalFree
OpenMutexA
CreateFileA
ReadFile
RtlUnwind
SetFilePointer
CreateMutexA
Sleep
TerminateProcess
VirtualQuery
CreateProcessA
WaitForSingleObject
WideCharToMultiByte
WinExec
WriteFile
lstrlenA
lstrlenW
CreateThread
DeleteFileA

user32

GetWindowTextA
GetWindowRect
FindWindowA
GetWindow
GetClassNameA
SetFocus
GetForegroundWindow
LoadCursorA
LoadIconA
SetTimer
RegisterClassA
MessageBoxA
GetMessageA
GetWindowLongA
SetWindowLongA
CreateDesktopA
SetThreadDesktop
GetThreadDesktop
TranslateMessage
DispatchMessageA
SendMessageA
PostQuitMessage
ShowWindow
CreateWindowExA
DestroyWindow
MoveWindow
DefWindowProcA
CallWindowProcA

gdi32

GetStockObject
SetBkColor
SetTextColor
CreateBrushIndirect
CreateFontA

advapi32

GetUserNameA
RegCreateKeyExA
RegCloseKey
RegOpenKeyExA
RegQueryValueExA
RegSetValueExA
GetSecurityInfo
SetSecurityInfo
SetEntriesInAclA

crtdll

__GetMainArgs
_sleep
_stricmp
atoi
exit
memcpy
memset
printf
raise
rand
signal
sprintf
srand
sscanf
strcat
strchr
strncmp
vsprintf

msvcrt

_wgetcwd

Sections

.text
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 132KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfcd
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.l1
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
[DemonArchives]42aaf1119a35efe86c34e49110a7adfc.exe
.exe windows:1 windows x86 arch:x86

26babd76bbb7f9c516a338b0601b4c9f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

wsock32

WSAGetLastError
WSAStartup
__WSAFDIsSet
accept
bind
closesocket
connect
gethostbyname
htonl
htons
inet_addr
ioctlsocket
listen
recv
select
send
socket

ole32

CoCreateInstance
CLSIDFromString
CoTaskMemFree
CoInitialize
CoUninitialize

oleaut32

SysAllocString

wininet

DeleteUrlCacheEntry
FindFirstUrlCacheEntryA
FindNextUrlCacheEntryA

kernel32

ExitProcess
ExitThread
ExpandEnvironmentStringsA
FileTimeToLocalFileTime
FileTimeToSystemTime
FindClose
FindFirstFileA
FindNextFileA
FreeLibrary
GetCommandLineA
GetCurrentProcessId
GetCurrentThreadId
GetExitCodeProcess
GetExitCodeThread
GetFileAttributesA
GetFileSize
GetFileTime
GetLocalTime
GetModuleFileNameA
GetModuleHandleA
CloseHandle
GetProcAddress
GetSystemDirectoryA
GetTempPathA
GetTickCount
GetTimeZoneInformation
GetVersion
GetVersionExA
GetWindowsDirectoryA
GlobalMemoryStatus
CopyFileA
InterlockedIncrement
IsBadReadPtr
IsBadWritePtr
LoadLibraryA
CreateDirectoryA
LocalAlloc
LocalFree
OpenFile
OpenMutexA
OpenProcess
PeekNamedPipe
CreateFileA
ReadFile
RemoveDirectoryA
RtlUnwind
SetFileAttributesA
SetFilePointer
CreateMutexA
Sleep
TerminateProcess
TerminateThread
CreatePipe
VirtualQuery
CreateProcessA
WaitForSingleObject
WideCharToMultiByte
WinExec
WriteFile
lstrlenA
lstrlenW
CreateThread
DeleteFileA

user32

GetWindowTextA
GetWindowRect
FindWindowA
GetWindow
IsWindowVisible
GetClassNameA
GetForegroundWindow
LoadCursorA
SetTimer
KillTimer
RegisterClassA
GetMessageA
CreateDesktopA
SetThreadDesktop
GetThreadDesktop
TranslateMessage
DispatchMessageA
SendMessageA
CharUpperBuffA
OemToCharA
PostQuitMessage
ShowWindow
CreateWindowExA
DestroyWindow
DefWindowProcA

gdi32

GetStockObject
DeleteObject

advapi32

RegCreateKeyExA
RegCloseKey
RegOpenKeyExA
RegQueryValueExA
RegSetValueExA
GetSecurityInfo
SetSecurityInfo
SetEntriesInAclA

crtdll

_itoa
__GetMainArgs
_sleep
_strcmpi
_stricmp
atoi
exit
memcpy
memset
raise
rand
signal
sprintf
srand
sscanf
strcat
strchr
strncmp

Sections

.text
Size: 51KB - Virtual size: 51KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 122KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.flh
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

EYDrlEDn
Size: 6KB - Virtual size: 6KB

EQFISfgO
Size: 40KB - Virtual size: 39KB

lqCdNCUj
Size: 7KB - Virtual size: 7KB

wRJymkPC
Size: 2KB - Virtual size: 1KB

GUbEovZx
Size: 2KB - Virtual size: 1KB

XSaxIbmT
Size: 512B - Virtual size: 226B

kuLUHNSh
Size: 46KB - Virtual size: 45KB

wAjRsDvJ
Size: 512B - Virtual size: 59B

wpxikxtQ
Size: 52KB - Virtual size: 51KB

HhtMkgHL
Size: 1024B - Virtual size: 517B
[DemonArchives]495082f82f11db655e54f105badb2b43.exe
.dll windows:6 windows x64 arch:x64

7033c905e0b812ef98e4ada49e7d39db

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

D:\a\_work\1\s\build\qtbase\lib\Qt5DBus.pdb

Imports

kernel32

InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
TerminateProcess
GetCurrentProcess
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetProcAddress
GetModuleHandleW
CreateEventW
WaitForSingleObjectEx
ResetEvent
SetEvent
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
CloseHandle
GetModuleHandleExW
DisableThreadLibraryCalls

Exports

Exports

g?0QDBusAbstractAdaptor@@IEAA@PEAVQObject@@@Z
g?0QDBusAbstractInterface@@IEAA@AEAVQDBusAbstractInterfacePrivate@@PEAVQObject@@@Z
g?0QDBusAbstractInterface@@IEAA@AEBVQString@@0PEBDAEBVQDBusConnection@@PEAVQObject@@@Z
g?0QDBusAbstractInterfaceBase@@IEAA@AEAVQDBusAbstractInterfacePrivate@@PEAVQObject@@@Z
g?0QDBusArgument@@IEAA@PEAVQDBusArgumentPrivate@@@Z
g?0QDBusArgument@@QEAA@$$QEAV0@@Z
g?0QDBusArgument@@QEAA@AEBV0@@Z
g?0QDBusArgument@@QEAA@XZ
g?0QDBusConnection@@IEAA@PEAVQDBusConnectionPrivate@@@Z
g?0QDBusConnection@@QEAA@$$QEAV0@@Z
g?0QDBusConnection@@QEAA@AEBV0@@Z
g?0QDBusConnection@@QEAA@AEBVQString@@@Z
g?0QDBusConnectionInterface@@AEAA@AEBVQDBusConnection@@PEAVQObject@@@Z
g?0QDBusContext@@QEAA@XZ
g?0QDBusError@@QEAA@$$QEAV0@@Z
g?0QDBusError@@QEAA@AEBV0@@Z
g?0QDBusError@@QEAA@AEBVQDBusMessage@@@Z
g?0QDBusError@@QEAA@PEBUDBusError@@@Z
g?0QDBusError@@QEAA@W4ErrorType@0@AEBVQString@@@Z
g?0QDBusError@@QEAA@XZ
g?0QDBusInterface@@QEAA@AEBVQString@@00AEBVQDBusConnection@@PEAVQObject@@@Z
g?0QDBusMessage@@QEAA@AEBV0@@Z
g?0QDBusMessage@@QEAA@XZ
g?0QDBusMetaObject@@AEAA@XZ
g?0QDBusObjectPath@@QEAA@$$QEAV0@@Z
g?0QDBusObjectPath@@QEAA@$$QEAVQString@@@Z
g?0QDBusObjectPath@@QEAA@AEBV0@@Z
g?0QDBusObjectPath@@QEAA@AEBVQString@@@Z
g?0QDBusObjectPath@@QEAA@PEBD@Z
g?0QDBusObjectPath@@QEAA@VQLatin1String@@@Z
g?0QDBusObjectPath@@QEAA@XZ
g?0QDBusPendingCall@@IEAA@PEAVQDBusPendingCallPrivate@@@Z
g?0QDBusPendingCall@@QEAA@AEBV0@@Z
g?0QDBusPendingCallWatcher@@QEAA@AEBVQDBusPendingCall@@PEAVQObject@@@Z
g?0QDBusPendingReplyData@@IEAA@XZ
g?0QDBusPendingReplyData@@QEAA@AEBV0@@Z
g?0QDBusServer@@QEAA@AEBVQString@@PEAVQObject@@@Z
g?0QDBusServer@@QEAA@PEAVQObject@@@Z
g?0QDBusServiceWatcher@@QEAA@AEBVQString@@AEBVQDBusConnection@@V?$QFlags@W4WatchModeFlag@QDBusServiceWatcher@@@@PEAVQObject@@@Z
g?0QDBusServiceWatcher@@QEAA@PEAVQObject@@@Z
g?0QDBusSignature@@QEAA@$$QEAV0@@Z
g?0QDBusSignature@@QEAA@$$QEAVQString@@@Z
g?0QDBusSignature@@QEAA@AEBV0@@Z
g?0QDBusSignature@@QEAA@AEBVQString@@@Z
g?0QDBusSignature@@QEAA@PEBD@Z
g?0QDBusSignature@@QEAA@VQLatin1String@@@Z
g?0QDBusSignature@@QEAA@XZ
g?0QDBusUnixFileDescriptor@@QEAA@AEBV0@@Z
g?0QDBusUnixFileDescriptor@@QEAA@H@Z
g?0QDBusUnixFileDescriptor@@QEAA@XZ
g?0QDBusVirtualObject@@QEAA@PEAVQObject@@@Z
g?1QDBusAbstractAdaptor@@UEAA@XZ
g?1QDBusAbstractInterface@@UEAA@XZ
g?1QDBusAbstractInterfaceBase@@UEAA@XZ
g?1QDBusArgument@@QEAA@XZ
g?1QDBusConnection@@QEAA@XZ
g?1QDBusConnectionInterface@@EEAA@XZ
g?1QDBusContext@@QEAA@XZ
g?1QDBusError@@QEAA@XZ
g?1QDBusInterface@@UEAA@XZ
g?1QDBusMessage@@QEAA@XZ
g?1QDBusMetaObject@@QEAA@XZ
g?1QDBusObjectPath@@QEAA@XZ
g?1QDBusPendingCall@@QEAA@XZ
g?1QDBusPendingCallWatcher@@UEAA@XZ
g?1QDBusPendingReplyData@@IEAA@XZ
g?1QDBusServer@@UEAA@XZ
g?1QDBusServiceWatcher@@UEAA@XZ
g?1QDBusSignature@@QEAA@XZ
g?1QDBusUnixFileDescriptor@@QEAA@XZ
g?1QDBusVirtualObject@@UEAA@XZ
g?4QDBusArgument@@QEAAAEAV0@$$QEAV0@@Z
g?4QDBusArgument@@QEAAAEAV0@AEBV0@@Z
g?4QDBusConnection@@QEAAAEAV0@$$QEAV0@@Z
g?4QDBusConnection@@QEAAAEAV0@AEBV0@@Z
g?4QDBusContext@@QEAAAEAV0@AEBV0@@Z
g?4QDBusError@@QEAAAEAV0@$$QEAV0@@Z
g?4QDBusError@@QEAAAEAV0@AEBV0@@Z
g?4QDBusError@@QEAAAEAV0@AEBVQDBusMessage@@@Z
g?4QDBusIntrospection@@QEAAAEAV0@$$QEAV0@@Z
g?4QDBusIntrospection@@QEAAAEAV0@AEBV0@@Z
g?4QDBusMessage@@QEAAAEAV0@$$QEAV0@@Z
g?4QDBusMessage@@QEAAAEAV0@AEBV0@@Z
g?4QDBusMetaObject@@QEAAAEAU0@AEBU0@@Z
g?4QDBusMetaType@@QEAAAEAV0@$$QEAV0@@Z
g?4QDBusMetaType@@QEAAAEAV0@AEBV0@@Z
g?4QDBusObjectPath@@QEAAAEAV0@$$QEAV0@@Z
g?4QDBusObjectPath@@QEAAAEAV0@AEBV0@@Z
g?4QDBusPendingCall@@QEAAAEAV0@$$QEAV0@@Z
g?4QDBusPendingCall@@QEAAAEAV0@AEBV0@@Z
g?4QDBusPendingReplyData@@QEAAAEAV0@AEBV0@@Z
g?4QDBusSignature@@QEAAAEAV0@$$QEAV0@@Z
g?4QDBusSignature@@QEAAAEAV0@AEBV0@@Z
g?4QDBusUnixFileDescriptor@@QEAAAEAV0@$$QEAV0@@Z
g?4QDBusUnixFileDescriptor@@QEAAAEAV0@AEBV0@@Z
g?5@YAAEBVQDBusArgument@@AEBV0@AEAVQDate@@@Z
g?5@YAAEBVQDBusArgument@@AEBV0@AEAVQDateTime@@@Z
g?5@YAAEBVQDBusArgument@@AEBV0@AEAVQLine@@@Z
g?5@YAAEBVQDBusArgument@@AEBV0@AEAVQLineF@@@Z
g?5@YAAEBVQDBusArgument@@AEBV0@AEAVQPoint@@@Z
g?5@YAAEBVQDBusArgument@@AEBV0@AEAVQPointF@@@Z
g?5@YAAEBVQDBusArgument@@AEBV0@AEAVQRect@@@Z
g?5@YAAEBVQDBusArgument@@AEBV0@AEAVQRectF@@@Z
g?5@YAAEBVQDBusArgument@@AEBV0@AEAVQSize@@@Z
g?5@YAAEBVQDBusArgument@@AEBV0@AEAVQSizeF@@@Z
g?5@YAAEBVQDBusArgument@@AEBV0@AEAVQTime@@@Z
g?5@YAAEBVQDBusArgument@@AEBV0@AEAVQVariant@@@Z
g?5QDBusArgument@@QEBAAEBV0@AEAE@Z
g?5QDBusArgument@@QEBAAEBV0@AEAF@Z
g?5QDBusArgument@@QEBAAEBV0@AEAG@Z
g?5QDBusArgument@@QEBAAEBV0@AEAH@Z
g?5QDBusArgument@@QEBAAEBV0@AEAI@Z
g?5QDBusArgument@@QEBAAEBV0@AEAN@Z
g?5QDBusArgument@@QEBAAEBV0@AEAVQByteArray@@@Z
g?5QDBusArgument@@QEBAAEBV0@AEAVQDBusObjectPath@@@Z
g?5QDBusArgument@@QEBAAEBV0@AEAVQDBusSignature@@@Z
g?5QDBusArgument@@QEBAAEBV0@AEAVQDBusUnixFileDescriptor@@@Z
g?5QDBusArgument@@QEBAAEBV0@AEAVQDBusVariant@@@Z
g?5QDBusArgument@@QEBAAEBV0@AEAVQString@@@Z
g?5QDBusArgument@@QEBAAEBV0@AEAVQStringList@@@Z
g?5QDBusArgument@@QEBAAEBV0@AEA_J@Z
g?5QDBusArgument@@QEBAAEBV0@AEA_K@Z
g?5QDBusArgument@@QEBAAEBV0@AEA_N@Z
g?6@YA?AVQDebug@@V0@AEBVQDBusError@@@Z
g?6@YA?AVQDebug@@V0@AEBVQDBusMessage@@@Z
g?6@YAAEAVQDBusArgument@@AEAV0@AEBVQDate@@@Z
g?6@YAAEAVQDBusArgument@@AEAV0@AEBVQDateTime@@@Z
g?6@YAAEAVQDBusArgument@@AEAV0@AEBVQLine@@@Z
g?6@YAAEAVQDBusArgument@@AEAV0@AEBVQLineF@@@Z
g?6@YAAEAVQDBusArgument@@AEAV0@AEBVQPoint@@@Z
g?6@YAAEAVQDBusArgument@@AEAV0@AEBVQPointF@@@Z
g?6@YAAEAVQDBusArgument@@AEAV0@AEBVQRect@@@Z
g?6@YAAEAVQDBusArgument@@AEAV0@AEBVQRectF@@@Z
g?6@YAAEAVQDBusArgument@@AEAV0@AEBVQSize@@@Z
g?6@YAAEAVQDBusArgument@@AEAV0@AEBVQSizeF@@@Z
g?6@YAAEAVQDBusArgument@@AEAV0@AEBVQTime@@@Z
g?6QDBusArgument@@QEAAAEAV0@AEBVQByteArray@@@Z
g?6QDBusArgument@@QEAAAEAV0@AEBVQDBusObjectPath@@@Z
g?6QDBusArgument@@QEAAAEAV0@AEBVQDBusSignature@@@Z
g?6QDBusArgument@@QEAAAEAV0@AEBVQDBusUnixFileDescriptor@@@Z
g?6QDBusArgument@@QEAAAEAV0@AEBVQDBusVariant@@@Z
g?6QDBusArgument@@QEAAAEAV0@AEBVQString@@@Z
g?6QDBusArgument@@QEAAAEAV0@AEBVQStringList@@@Z
g?6QDBusArgument@@QEAAAEAV0@E@Z
g?6QDBusArgument@@QEAAAEAV0@F@Z
g?6QDBusArgument@@QEAAAEAV0@G@Z
g?6QDBusArgument@@QEAAAEAV0@H@Z
g?6QDBusArgument@@QEAAAEAV0@I@Z
g?6QDBusArgument@@QEAAAEAV0@N@Z
g?6QDBusArgument@@QEAAAEAV0@_J@Z
g?6QDBusArgument@@QEAAAEAV0@_K@Z
g?6QDBusArgument@@QEAAAEAV0@_N@Z
g?6QDBusMessage@@QEAAAEAV0@AEBVQVariant@@@Z
g?BQDBusObjectPath@@QEBA?AVQVariant@@XZ
g?_7QDBusAbstractAdaptor@@6B@
g?_7QDBusAbstractInterface@@6B@
g?_7QDBusAbstractInterfaceBase@@6B@
g?_7QDBusConnectionInterface@@6B@
g?_7QDBusInterface@@6B@
g?_7QDBusPendingCallWatcher@@6B@
g?_7QDBusServer@@6B@
g?_7QDBusServiceWatcher@@6B@
g?_7QDBusVirtualObject@@6B@
g?_FQDBusServer@@QEAAXXZ
g?_FQDBusServiceWatcher@@QEAAXXZ
g?_FQDBusVirtualObject@@QEAAXXZ
gNameAcquired@QDBusConnectionInterface@@QEAAXAEBVQString@@@Z
gNameLost@QDBusConnectionInterface@@QEAAXAEBVQString@@@Z
gNameOwnerChanged@QDBusConnectionInterface@@QEAAXAEBVQString@@00@Z
gactivatableServiceNames@QDBusConnectionInterface@@QEBA?AV?$QDBusReply@VQStringList@@@@XZ
gaddWatchedService@QDBusServiceWatcher@@QEAAXAEBVQString@@@Z
gaddress@QDBusServer@@QEBA?AVQString@@XZ
gappendVariant@QDBusArgument@@QEAAXAEBVQVariant@@@Z
gargumentAt@QDBusPendingReplyData@@IEBA?AVQVariant@@H@Z
gargumentToString@QDBusUtil@@YA?AVQString@@AEBVQVariant@@@Z
garguments@QDBusMessage@@QEBA?AV?$QList@VQVariant@@@@XZ
gasVariant@QDBusArgument@@QEBA?AVQVariant@@XZ
gassign@QDBusPendingReplyData@@IEAAXAEBVQDBusMessage@@@Z
gassign@QDBusPendingReplyData@@IEAAXAEBVQDBusPendingCall@@@Z
gasyncCall@QDBusAbstractInterface@@QEAA?AVQDBusPendingCall@@AEBVQString@@@Z
gasyncCall@QDBusAbstractInterface@@QEAA?AVQDBusPendingCall@@AEBVQString@@AEBVQVariant@@1111111@Z
gasyncCall@QDBusConnection@@QEBA?AVQDBusPendingCall@@AEBVQDBusMessage@@H@Z
gasyncCallWithArgumentList@QDBusAbstractInterface@@QEAA?AVQDBusPendingCall@@AEBVQString@@AEBV?$QList@VQVariant@@@@@Z
gatEnd@QDBusArgument@@QEBA_NXZ
gautoRelaySignals@QDBusAbstractAdaptor@@IEBA_NXZ
gautoStartService@QDBusMessage@@QEBA_NXZ
gbaseService@QDBusConnection@@QEBA?AVQString@@XZ
gbeginArray@QDBusArgument@@QEAAXH@Z
gbeginArray@QDBusArgument@@QEBAXXZ
gbeginMap@QDBusArgument@@QEAAXHH@Z
gbeginMap@QDBusArgument@@QEBAXXZ
gbeginMapEntry@QDBusArgument@@QEAAXXZ
gbeginMapEntry@QDBusArgument@@QEBAXXZ
gbeginStructure@QDBusArgument@@QEAAXXZ
gbeginStructure@QDBusArgument@@QEBAXXZ
gcall@QDBusAbstractInterface@@QEAA?AVQDBusMessage@@AEBVQString@@@Z
gcall@QDBusAbstractInterface@@QEAA?AVQDBusMessage@@AEBVQString@@AEBVQVariant@@1111111@Z
gcall@QDBusAbstractInterface@@QEAA?AVQDBusMessage@@W4CallMode@QDBus@@AEBVQString@@@Z
gcall@QDBusAbstractInterface@@QEAA?AVQDBusMessage@@W4CallMode@QDBus@@AEBVQString@@AEBVQVariant@@2222222@Z
gcall@QDBusConnection@@QEBA?AVQDBusMessage@@AEBV2@W4CallMode@QDBus@@H@Z
gcallWithArgumentList@QDBusAbstractInterface@@QEAA?AVQDBusMessage@@W4CallMode@QDBus@@AEBVQString@@AEBV?$QList@VQVariant@@@@@Z
gcallWithCallback@QDBusAbstractInterface@@QEAA_NAEBVQString@@AEBV?$QList@VQVariant@@@@PEAVQObject@@PEBD3@Z
gcallWithCallback@QDBusAbstractInterface@@QEAA_NAEBVQString@@AEBV?$QList@VQVariant@@@@PEAVQObject@@PEBD@Z
gcallWithCallback@QDBusConnection@@QEBA_NAEBVQDBusMessage@@PEAVQObject@@PEBD2H@Z
gcallWithCallback@QDBusConnection@@QEBA_NAEBVQDBusMessage@@PEAVQObject@@PEBDH@Z
gcallWithCallbackFailed@QDBusConnectionInterface@@QEAAXAEBVQDBusError@@AEBVQDBusMessage@@@Z
gcalledFromDBus@QDBusContext@@QEBA_NXZ
gconnect@QDBusConnection@@QEAA_NAEBVQString@@0000PEAVQObject@@PEBD@Z
gconnect@QDBusConnection@@QEAA_NAEBVQString@@000AEBVQStringList@@0PEAVQObject@@PEBD@Z
gconnect@QDBusConnection@@QEAA_NAEBVQString@@000PEAVQObject@@PEBD@Z
gconnectNotify@QDBusAbstractInterface@@MEAAXAEBVQMetaMethod@@@Z
gconnectNotify@QDBusConnectionInterface@@MEAAXAEBVQMetaMethod@@@Z
gconnectToBus@QDBusConnection@@SA?AV1@AEBVQString@@0@Z
gconnectToBus@QDBusConnection@@SA?AV1@W4BusType@1@AEBVQString@@@Z
gconnectToPeer@QDBusConnection@@SA?AV1@AEBVQString@@0@Z
gconnection@QDBusAbstractInterface@@QEBA?AVQDBusConnection@@XZ
gconnection@QDBusContext@@QEBA?AVQDBusConnection@@XZ
gconnection@QDBusServiceWatcher@@QEBA?AVQDBusConnection@@XZ
gconnectionCapabilities@QDBusConnection@@QEBA?AV?$QFlags@W4ConnectionCapability@QDBusConnection@@@@XZ
gcreateError@QDBusMessage@@SA?AV1@AEBVQDBusError@@@Z
gcreateError@QDBusMessage@@SA?AV1@AEBVQString@@0@Z
gcreateError@QDBusMessage@@SA?AV1@W4ErrorType@QDBusError@@AEBVQString@@@Z
gcreateErrorReply@QDBusMessage@@QEBA?AV1@AEBVQDBusError@@@Z
gcreateErrorReply@QDBusMessage@@QEBA?AV1@VQString@@AEBV2@@Z
gcreateErrorReply@QDBusMessage@@QEBA?AV1@W4ErrorType@QDBusError@@AEBVQString@@@Z
gcreateMetaObject@QDBusMetaObject@@SAPEAU1@AEBVQString@@0AEAV?$QHash@VQString@@PEAUQDBusMetaObject@@@@AEAVQDBusError@@@Z
gcreateMethodCall@QDBusMessage@@SA?AV1@AEBVQString@@000@Z
gcreateReply@QDBusMessage@@QEBA?AV1@AEBV?$QList@VQVariant@@@@@Z
gcreateReply@QDBusMessage@@QEBA?AV1@AEBVQVariant@@@Z
gcreateSignal@QDBusMessage@@SA?AV1@AEBVQString@@00@Z
gcreateTargetedSignal@QDBusMessage@@SA?AV1@AEBVQString@@000@Z
gcurrentSignature@QDBusArgument@@QEBA?AVQString@@XZ
gcurrentType@QDBusArgument@@QEBA?AW4ElementType@1@XZ
gd_func@QDBusAbstractAdaptor@@AEAAPEAVQDBusAbstractAdaptorPrivate@@XZ
gd_func@QDBusAbstractAdaptor@@AEBAPEBVQDBusAbstractAdaptorPrivate@@XZ
gd_func@QDBusAbstractInterface@@AEAAPEAVQDBusAbstractInterfacePrivate@@XZ
gd_func@QDBusAbstractInterface@@AEBAPEBVQDBusAbstractInterfacePrivate@@XZ
gd_func@QDBusAbstractInterfaceBase@@AEAAPEAVQDBusAbstractInterfacePrivate@@XZ
gd_func@QDBusAbstractInterfaceBase@@AEBAPEBVQDBusAbstractInterfacePrivate@@XZ
gd_func@QDBusInterface@@AEAAPEAVQDBusInterfacePrivate@@XZ
gd_func@QDBusInterface@@AEBAPEBVQDBusInterfacePrivate@@XZ
gd_func@QDBusPendingCallWatcher@@AEAAPEAVQDBusPendingCallWatcherPrivate@@XZ
gd_func@QDBusPendingCallWatcher@@AEBAPEBVQDBusPendingCallWatcherPrivate@@XZ
gd_func@QDBusServiceWatcher@@AEAAPEAVQDBusServiceWatcherPrivate@@XZ
gd_func@QDBusServiceWatcher@@AEBAPEBVQDBusServiceWatcherPrivate@@XZ
gdemarshall@QDBusMetaType@@SA_NAEBVQDBusArgument@@HPEAX@Z
gdisconnect@QDBusConnection@@QEAA_NAEBVQString@@0000PEAVQObject@@PEBD@Z
gdisconnect@QDBusConnection@@QEAA_NAEBVQString@@000AEBVQStringList@@0PEAVQObject@@PEBD@Z
gdisconnect@QDBusConnection@@QEAA_NAEBVQString@@000PEAVQObject@@PEBD@Z
gdisconnectFromBus@QDBusConnection@@SAXAEBVQString@@@Z
gdisconnectFromPeer@QDBusConnection@@SAXAEBVQString@@@Z
gdisconnectNotify@QDBusAbstractInterface@@MEAAXAEBVQMetaMethod@@@Z
gdisconnectNotify@QDBusConnectionInterface@@MEAAXAEBVQMetaMethod@@@Z
gdoAsyncCall@QDBusAbstractInterface@@AEAA?AVQDBusPendingCall@@AEBVQString@@PEBVQVariant@@_K@Z
gdoCall@QDBusAbstractInterface@@AEAA?AVQDBusMessage@@W4CallMode@QDBus@@AEBVQString@@PEBVQVariant@@_K@Z
gdoCheck@QDBusObjectPath@@AEAAXXZ
gdoCheck@QDBusSignature@@AEAAXXZ
gendArray@QDBusArgument@@QEAAXXZ
gendArray@QDBusArgument@@QEBAXXZ
gendMap@QDBusArgument@@QEAAXXZ
gendMap@QDBusArgument@@QEBAXXZ
gendMapEntry@QDBusArgument@@QEAAXXZ
gendMapEntry@QDBusArgument@@QEBAXXZ
gendStructure@QDBusArgument@@QEAAXXZ
gendStructure@QDBusArgument@@QEBAXXZ
gerror@QDBusPendingCall@@QEBA?AVQDBusError@@XZ
gerrorMessage@QDBusMessage@@QEBA?AVQString@@XZ
gerrorName@QDBusMessage@@QEBA?AVQString@@XZ
gerrorString@QDBusError@@SA?AVQString@@W4ErrorType@1@@Z
gfileDescriptor@QDBusUnixFileDescriptor@@QEBAHXZ
gfinished@QDBusPendingCallWatcher@@QEAAXPEAV1@@Z
gfromCompletedCall@QDBusPendingCall@@SA?AV1@AEBVQDBusMessage@@@Z
gfromError@QDBusPendingCall@@SA?AV1@AEBVQDBusError@@@Z
ggiveFileDescriptor@QDBusUnixFileDescriptor@@QEAAXH@Z
ginputTypesForMethod@QDBusMetaObject@@QEBAPEBHH@Z
ginterface@QDBusAbstractInterface@@QEBA?AVQString@@XZ
ginterface@QDBusConnection@@QEBAPEAVQDBusConnectionInterface@@XZ
ginterface@QDBusMessage@@QEBA?AVQString@@XZ
ginternalConstCall@QDBusAbstractInterface@@IEBA?AVQDBusMessage@@W4CallMode@QDBus@@AEBVQString@@AEBV?$QList@VQVariant@@@@@Z
ginternalPointer@QDBusConnection@@QEBAPEAXXZ
ginternalPropGet@QDBusAbstractInterface@@IEBA?AVQVariant@@PEBD@Z
ginternalPropSet@QDBusAbstractInterface@@IEAAXPEBDAEBVQVariant@@@Z
gisAnonymousAuthenticationAllowed@QDBusServer@@QEBA_NXZ
gisConnected@QDBusConnection@@QEBA_NXZ
gisConnected@QDBusServer@@QEBA_NXZ
gisDelayedReply@QDBusContext@@QEBA_NXZ
gisDelayedReply@QDBusMessage@@QEBA_NXZ
gisError@QDBusPendingCall@@QEBA_NXZ
gisFinished@QDBusPendingCall@@QEBA_NXZ
gisInteractiveAuthorizationAllowed@QDBusMessage@@QEBA_NXZ
gisReplyRequired@QDBusMessage@@QEBA_NXZ
gisServiceRegistered@QDBusConnectionInterface@@QEBA?AV?$QDBusReply@_N@@AEBVQString@@@Z
gisSupported@QDBusUnixFileDescriptor@@SA_NXZ
gisValid@QDBusAbstractInterface@@QEBA_NXZ
gisValid@QDBusError@@QEBA_NXZ
gisValid@QDBusPendingCall@@QEBA_NXZ
gisValid@QDBusUnixFileDescriptor@@QEBA_NXZ
gisValidBasicType@QDBusUtil@@YA_NH@Z
gisValidBusName@QDBusUtil@@YA_NAEBVQString@@@Z
gisValidErrorName@QDBusUtil@@YA_NAEBVQString@@@Z
gisValidFixedType@QDBusUtil@@YA_NH@Z
gisValidInterfaceName@QDBusUtil@@YA_NAEBVQString@@@Z
gisValidMemberName@QDBusUtil@@YA_NAEBVQStringRef@@@Z
gisValidObjectPath@QDBusUtil@@YA_NAEBVQString@@@Z
gisValidPartOfObjectPath@QDBusUtil@@YA_NAEBVQStringRef@@@Z
gisValidSignature@QDBusUtil@@YA_NAEBVQString@@@Z
gisValidSingleSignature@QDBusUtil@@YA_NAEBVQString@@@Z
gisValidUniqueConnectionName@QDBusUtil@@YA_NAEBVQStringRef@@@Z
glastError@QDBusAbstractInterface@@QEBA?AVQDBusError@@XZ
glastError@QDBusConnection@@QEBA?AVQDBusError@@XZ
glastError@QDBusServer@@QEBA?AVQDBusError@@XZ
glocalMachineId@QDBusConnection@@SA?AVQByteArray@@XZ
gmarshall@QDBusMetaType@@SA_NAEAVQDBusArgument@@HPEBX@Z
gmember@QDBusMessage@@QEBA?AVQString@@XZ
gmessage@QDBusContext@@QEBAAEBVQDBusMessage@@XZ
gmessage@QDBusError@@QEBA?AVQString@@XZ
gmetaObject@QDBusAbstractAdaptor@@UEBAPEBUQMetaObject@@XZ
gmetaObject@QDBusAbstractInterface@@UEBAPEBUQMetaObject@@XZ
gmetaObject@QDBusConnectionInterface@@UEBAPEBUQMetaObject@@XZ
gmetaObject@QDBusInterface@@UEBAPEBUQMetaObject@@XZ
gmetaObject@QDBusPendingCallWatcher@@UEBAPEBUQMetaObject@@XZ
gmetaObject@QDBusServer@@UEBAPEBUQMetaObject@@XZ
gmetaObject@QDBusServiceWatcher@@UEBAPEBUQMetaObject@@XZ
gmetaObject@QDBusVirtualObject@@UEBAPEBUQMetaObject@@XZ
gname@QDBusConnection@@QEBA?AVQString@@XZ
gname@QDBusError@@QEBA?AVQString@@XZ
gnewConnection@QDBusServer@@QEAAXAEBVQDBusConnection@@@Z
gobjectRegisteredAt@QDBusConnection@@QEBAPEAVQObject@@AEBVQString@@@Z
goutputTypesForMethod@QDBusMetaObject@@QEBAPEBHH@Z
gparseInterface@QDBusIntrospection@@SA?AUInterface@1@AEBVQString@@@Z
gparseInterfaces@QDBusIntrospection@@SA?AV?$QMap@VQString@@V?$QSharedDataPointer@UInterface@QDBusIntrospection@@@@@@AEBVQString@@@Z
gparseObject@QDBusIntrospection@@SA?AUObject@1@AEBVQString@@00@Z
gpath@QDBusAbstractInterface@@QEBA?AVQString@@XZ
gpath@QDBusMessage@@QEBA?AVQString@@XZ
gpath@QDBusObjectPath@@QEBA?AVQString@@XZ
gpropertyMetaType@QDBusMetaObject@@QEBAHH@Z
gqDBusAddSpyHook@@YAXP6AXAEBVQDBusMessage@@@Z@Z
gqDBusBindToApplication@@YAXXZ
gqDBusCheckAsyncTag@@YA_NPEBD@Z
gqDBusGenerateMetaObjectXml@@YA?AVQString@@V1@PEBUQMetaObject@@1H@Z
gqDBusParametersForMethod@@YAHAEBV?$QList@VQByteArray@@@@AEAV?$QVector@H@@AEAVQString@@@Z
gqDBusReplyFill@@YAXAEBVQDBusMessage@@AEAVQDBusError@@AEAVQVariant@@@Z
gqt_dbus_metaobject_skip_annotations@@3_NA
gqt_metacall@QDBusAbstractAdaptor@@UEAAHW4Call@QMetaObject@@HPEAPEAX@Z
gqt_metacall@QDBusAbstractInterface@@UEAAHW4Call@QMetaObject@@HPEAPEAX@Z
gqt_metacall@QDBusAbstractInterfaceBase@@UEAAHW4Call@QMetaObject@@HPEAPEAX@Z
gqt_metacall@QDBusConnectionInterface@@UEAAHW4Call@QMetaObject@@HPEAPEAX@Z
gqt_metacall@QDBusInterface@@UEAAHW4Call@QMetaObject@@HPEAPEAX@Z
gqt_metacall@QDBusPendingCallWatcher@@UEAAHW4Call@QMetaObject@@HPEAPEAX@Z
gqt_metacall@QDBusServer@@UEAAHW4Call@QMetaObject@@HPEAPEAX@Z
gqt_metacall@QDBusServiceWatcher@@UEAAHW4Call@QMetaObject@@HPEAPEAX@Z
gqt_metacall@QDBusVirtualObject@@UEAAHW4Call@QMetaObject@@HPEAPEAX@Z
gqt_metacast@QDBusAbstractAdaptor@@UEAAPEAXPEBD@Z
gqt_metacast@QDBusAbstractInterface@@UEAAPEAXPEBD@Z
gqt_metacast@QDBusConnectionInterface@@UEAAPEAXPEBD@Z
gqt_metacast@QDBusInterface@@UEAAPEAXPEBD@Z
gqt_metacast@QDBusPendingCallWatcher@@UEAAPEAXPEBD@Z
gqt_metacast@QDBusServer@@UEAAPEAXPEBD@Z
gqt_metacast@QDBusServiceWatcher@@UEAAPEAXPEBD@Z
gqt_metacast@QDBusVirtualObject@@UEAAPEAXPEBD@Z
gqt_static_metacall@QDBusAbstractAdaptor@@CAXPEAVQObject@@W4Call@QMetaObject@@HPEAPEAX@Z
gqt_static_metacall@QDBusAbstractInterface@@CAXPEAVQObject@@W4Call@QMetaObject@@HPEAPEAX@Z
gqt_static_metacall@QDBusConnectionInterface@@CAXPEAVQObject@@W4Call@QMetaObject@@HPEAPEAX@Z
gqt_static_metacall@QDBusPendingCallWatcher@@CAXPEAVQObject@@W4Call@QMetaObject@@HPEAPEAX@Z
gqt_static_metacall@QDBusServer@@CAXPEAVQObject@@W4Call@QMetaObject@@HPEAPEAX@Z
gqt_static_metacall@QDBusServiceWatcher@@CAXPEAVQObject@@W4Call@QMetaObject@@HPEAPEAX@Z
gqt_static_metacall@QDBusVirtualObject@@CAXPEAVQObject@@W4Call@QMetaObject@@HPEAPEAX@Z
gregisterMarshallOperators@QDBusMetaType@@SAXHP6AXAEAVQDBusArgument@@PEBX@ZP6AXAEBV2@PEAX@Z@Z
gregisterObject@QDBusConnection@@QEAA_NAEBVQString@@0PEAVQObject@@V?$QFlags@W4RegisterOption@QDBusConnection@@@@@Z
gregisterObject@QDBusConnection@@QEAA_NAEBVQString@@PEAVQObject@@V?$QFlags@W4RegisterOption@QDBusConnection@@@@@Z
gregisterService@QDBusConnection@@QEAA_NAEBVQString@@@Z
gregisterService@QDBusConnectionInterface@@QEAA?AV?$QDBusReply@W4RegisterServiceReply@QDBusConnectionInterface@@@@AEBVQString@@W4ServiceQueueOptions@1@W4ServiceReplacementOptions@1@@Z
gregisterVirtualObject@QDBusConnection@@QEAA_NAEBVQString@@PEAVQDBusVirtualObject@@W4VirtualObjectRegisterOption@1@@Z
gregisteredServiceNames@QDBusConnectionInterface@@QEBA?AV?$QDBusReply@VQStringList@@@@XZ
gremoveWatchedService@QDBusServiceWatcher@@QEAA_NAEBVQString@@@Z
greply@QDBusPendingCall@@QEBA?AVQDBusMessage@@XZ
gsend@QDBusConnection@@QEBA_NAEBVQDBusMessage@@@Z
gsendErrorReply@QDBusContext@@QEBAXAEBVQString@@0@Z
gsendErrorReply@QDBusContext@@QEBAXW4ErrorType@QDBusError@@AEBVQString@@@Z
gsender@QDBusConnection@@SA?AV1@XZ
gservice@QDBusAbstractInterface@@QEBA?AVQString@@XZ
gservice@QDBusMessage@@QEBA?AVQString@@XZ
gserviceOwner@QDBusConnectionInterface@@QEBA?AV?$QDBusReply@VQString@@@@AEBVQString@@@Z
gserviceOwnerChanged@QDBusConnectionInterface@@QEAAXAEBVQString@@00@Z
gserviceOwnerChanged@QDBusServiceWatcher@@QEAAXAEBVQString@@00@Z
gservicePid@QDBusConnectionInterface@@QEBA?AV?$QDBusReply@I@@AEBVQString@@@Z
gserviceRegistered@QDBusConnectionInterface@@QEAAXAEBVQString@@@Z
gserviceRegistered@QDBusServiceWatcher@@QEAAXAEBVQString@@@Z
gserviceUid@QDBusConnectionInterface@@QEBA?AV?$QDBusReply@I@@AEBVQString@@@Z
gserviceUnregistered@QDBusConnectionInterface@@QEAAXAEBVQString@@@Z
gserviceUnregistered@QDBusServiceWatcher@@QEAAXAEBVQString@@@Z
gsessionBus@QDBusConnection@@SA?AV1@XZ
gsetAnonymousAuthenticationAllowed@QDBusServer@@QEAAX_N@Z
gsetArguments@QDBusMessage@@QEAAXAEBV?$QList@VQVariant@@@@@Z
gsetAutoRelaySignals@QDBusAbstractAdaptor@@IEAAX_N@Z
gsetAutoStartService@QDBusMessage@@QEAAX_N@Z
gsetConnection@QDBusServiceWatcher@@QEAAXAEBVQDBusConnection@@@Z
gsetDelayedReply@QDBusContext@@QEBAX_N@Z
gsetDelayedReply@QDBusMessage@@QEBAX_N@Z
gsetFileDescriptor@QDBusUnixFileDescriptor@@QEAAXH@Z
gsetInteractiveAuthorizationAllowed@QDBusMessage@@QEAAX_N@Z
gsetMetaTypes@QDBusPendingReplyData@@IEAAXHPEBH@Z
gsetPath@QDBusObjectPath@@QEAAXAEBVQString@@@Z
gsetSignature@QDBusSignature@@QEAAXAEBVQString@@@Z
gsetTimeout@QDBusAbstractInterface@@QEAAXH@Z
gsetWatchMode@QDBusServiceWatcher@@QEAAXV?$QFlags@W4WatchModeFlag@QDBusServiceWatcher@@@@@Z
gsetWatchedServices@QDBusServiceWatcher@@QEAAXAEBVQStringList@@@Z
gsignature@QDBusMessage@@QEBA?AVQString@@XZ
gsignature@QDBusSignature@@QEBA?AVQString@@XZ
gsignatureToType@QDBusMetaType@@SAHPEBD@Z
gstartService@QDBusConnectionInterface@@QEAA?AV?$QDBusReply@X@@AEBVQString@@@Z
gstaticInterfaceName@QDBusConnectionInterface@@CAPEBDXZ
gstaticMetaObject@QDBusAbstractAdaptor@@2UQMetaObject@@B
gstaticMetaObject@QDBusAbstractInterface@@2UQMetaObject@@B
gstaticMetaObject@QDBusConnection@@2UQMetaObject@@B
gstaticMetaObject@QDBusConnectionInterface@@2UQMetaObject@@B
gstaticMetaObject@QDBusError@@2UQMetaObject@@B
gstaticMetaObject@QDBusPendingCallWatcher@@2UQMetaObject@@B
gstaticMetaObject@QDBusServer@@2UQMetaObject@@B
gstaticMetaObject@QDBusServiceWatcher@@2UQMetaObject@@B
gstaticMetaObject@QDBusVirtualObject@@2UQMetaObject@@B
gswap@QDBusArgument@@QEAAXAEAV1@@Z
gswap@QDBusConnection@@QEAAXAEAV1@@Z
gswap@QDBusError@@QEAAXAEAV1@@Z
gswap@QDBusMessage@@QEAAXAEAV1@@Z
gswap@QDBusObjectPath@@QEAAXAEAV1@@Z
gswap@QDBusPendingCall@@QEAAXAEAV1@@Z
gswap@QDBusSignature@@QEAAXAEAV1@@Z
gswap@QDBusUnixFileDescriptor@@QEAAXAEAV1@@Z
gsystemBus@QDBusConnection@@SA?AV1@XZ
gtakeFileDescriptor@QDBusUnixFileDescriptor@@QEAAHXZ
gtimeout@QDBusAbstractInterface@@QEBAHXZ
gtr@QDBusAbstractAdaptor@@SA?AVQString@@PEBD0H@Z
gtr@QDBusAbstractInterface@@SA?AVQString@@PEBD0H@Z
gtr@QDBusConnectionInterface@@SA?AVQString@@PEBD0H@Z
gtr@QDBusPendingCallWatcher@@SA?AVQString@@PEBD0H@Z
gtr@QDBusServer@@SA?AVQString@@PEBD0H@Z
gtr@QDBusServiceWatcher@@SA?AVQString@@PEBD0H@Z
gtr@QDBusVirtualObject@@SA?AVQString@@PEBD0H@Z
gtrUtf8@QDBusAbstractAdaptor@@SA?AVQString@@PEBD0H@Z
gtrUtf8@QDBusAbstractInterface@@SA?AVQString@@PEBD0H@Z
gtrUtf8@QDBusConnectionInterface@@SA?AVQString@@PEBD0H@Z
gtrUtf8@QDBusPendingCallWatcher@@SA?AVQString@@PEBD0H@Z
gtrUtf8@QDBusServer@@SA?AVQString@@PEBD0H@Z
gtrUtf8@QDBusServiceWatcher@@SA?AVQString@@PEBD0H@Z
gtrUtf8@QDBusVirtualObject@@SA?AVQString@@PEBD0H@Z
gtype@QDBusError@@QEBA?AW4ErrorType@1@XZ
gtype@QDBusMessage@@QEBA?AW4MessageType@1@XZ
gtypeToSignature@QDBusMetaType@@SAPEBDH@Z
gunregisterObject@QDBusConnection@@QEAAXAEBVQString@@W4UnregisterMode@1@@Z
gunregisterService@QDBusConnection@@QEAA_NAEBVQString@@@Z
gunregisterService@QDBusConnectionInterface@@QEAA?AV?$QDBusReply@_N@@AEBVQString@@@Z
gwaitForFinished@QDBusPendingCall@@QEAAXXZ
gwaitForFinished@QDBusPendingCallWatcher@@QEAAXXZ
gwatchMode@QDBusServiceWatcher@@QEBA?AV?$QFlags@W4WatchModeFlag@QDBusServiceWatcher@@@@XZ
init

Sections

.text
Size: 279KB - Virtual size: 278KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 108KB - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 20KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 820B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
[DemonArchives]5755c48118cf9949cd43734998bb18b9.exe
.exe windows:1 windows x86 arch:x86

c2a87fabf96470db507b2e6b43bd92eb

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ole32

CoCreateInstance
CLSIDFromString
CoInitialize
CoUninitialize

oleaut32

SysAllocString

wininet

DeleteUrlCacheEntry
FindFirstUrlCacheEntryA
FindNextUrlCacheEntryA

kernel32

ExitProcess
ExpandEnvironmentStringsA
GetCommandLineA
GetComputerNameA
GetCurrentProcessId
GetCurrentThreadId
GetExitCodeThread
GetFileSize
GetModuleFileNameA
GetModuleHandleA
CloseHandle
GetProcAddress
GetSystemDirectoryA
GetTempPathA
GetTickCount
GetVersion
GetVersionExA
GetWindowsDirectoryA
GlobalMemoryStatus
CopyFileA
InterlockedIncrement
IsBadReadPtr
IsBadWritePtr
LoadLibraryA
LocalAlloc
LocalFree
OpenMutexA
CreateFileA
ReadFile
RtlUnwind
SetFilePointer
CreateMutexA
Sleep
TerminateProcess
VirtualQuery
CreateProcessA
WaitForSingleObject
WideCharToMultiByte
WinExec
WriteFile
lstrlenA
lstrlenW
CreateThread
DeleteFileA

user32

GetWindowTextA
GetWindowRect
FindWindowA
GetWindow
GetClassNameA
SetFocus
GetForegroundWindow
LoadCursorA
LoadIconA
SetTimer
RegisterClassA
MessageBoxA
GetMessageA
GetWindowLongA
SetWindowLongA
CreateDesktopA
SetThreadDesktop
GetThreadDesktop
TranslateMessage
DispatchMessageA
SendMessageA
PostQuitMessage
ShowWindow
CreateWindowExA
DestroyWindow
MoveWindow
DefWindowProcA
CallWindowProcA

gdi32

GetStockObject
SetBkColor
SetTextColor
CreateBrushIndirect
CreateFontA

advapi32

GetUserNameA
RegCreateKeyExA
RegCloseKey
RegOpenKeyExA
RegQueryValueExA
RegSetValueExA
GetSecurityInfo
SetSecurityInfo
SetEntriesInAclA

crtdll

__GetMainArgs
_sleep
_stricmp
atoi
exit
memcpy
memset
printf
raise
rand
signal
sprintf
srand
sscanf
strcat
strchr
strncmp
vsprintf

msvcrt

_wgetcwd

Sections

.text
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 132KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfcd
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.l1
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
[DemonArchives]691e183b03c12268ec7b72ba6cd91f7f.exe
.exe windows:1 windows x86 arch:x86

a64e048b98d051ae6e6b6334f77c95d3

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ole32

CoCreateInstance
CLSIDFromString
CoInitialize
CoUninitialize

oleaut32

SysAllocString

wininet

DeleteUrlCacheEntry
FindFirstUrlCacheEntryA
FindNextUrlCacheEntryA

kernel32

ExitProcess
ExpandEnvironmentStringsA
GetCommandLineA
GetComputerNameA
GetCurrentProcessId
GetCurrentThreadId
GetExitCodeThread
GetFileSize
GetModuleFileNameA
GetModuleHandleA
CloseHandle
GetProcAddress
GetSystemDirectoryA
GetTempPathA
GetTickCount
GetVersion
GetVersionExA
GetWindowsDirectoryA
GlobalMemoryStatus
CopyFileA
InterlockedIncrement
IsBadReadPtr
IsBadWritePtr
LoadLibraryA
LocalAlloc
LocalFree
OpenMutexA
CreateFileA
ReadFile
RtlUnwind
SetFilePointer
CreateMutexA
Sleep
TerminateProcess
VirtualQuery
CreateProcessA
WaitForSingleObject
WideCharToMultiByte
WinExec
WriteFile
lstrlenA
lstrlenW
CreateThread
DeleteFileA

user32

GetWindowTextA
GetWindowRect
FindWindowA
GetWindow
GetClassNameA
SetFocus
GetForegroundWindow
LoadCursorA
LoadIconA
SetTimer
RegisterClassA
MessageBoxA
GetMessageA
GetWindowLongA
SetWindowLongA
CreateDesktopA
SetThreadDesktop
GetThreadDesktop
TranslateMessage
DispatchMessageA
SendMessageA
PostQuitMessage
ShowWindow
CreateWindowExA
DestroyWindow
MoveWindow
DefWindowProcA
CallWindowProcA

gdi32

GetStockObject
SetBkColor
SetTextColor
CreateBrushIndirect
CreateFontA

advapi32

GetUserNameA
RegCreateKeyExA
RegCloseKey
RegOpenKeyExA
RegQueryValueExA
RegSetValueExA
GetSecurityInfo
SetSecurityInfo
SetEntriesInAclA

crtdll

__GetMainArgs
_sleep
_stricmp
atoi
exit
memcpy
memset
printf
raise
rand
signal
sprintf
srand
sscanf
strcat
strchr
strncmp
vsprintf

Sections

.text
Size: 31KB - Virtual size: 31KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 132KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.aajaic
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
[DemonArchives]a05c896c996d1fcf6058d879c6bd2bf3.exe
.exe windows:1 windows x86 arch:x86

95e6f8741083e0c7d9a63d45e2472360

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ole32

CoCreateInstance
CLSIDFromString
CoInitialize
CoUninitialize

oleaut32

SysAllocString

wininet

DeleteUrlCacheEntry
FindFirstUrlCacheEntryA
FindNextUrlCacheEntryA

kernel32

ExitProcess
ExpandEnvironmentStringsA
GetCommandLineA
GetCurrentProcessId
GetCurrentThreadId
GetExitCodeThread
GetFileSize
GetModuleFileNameA
GetModuleHandleA
CloseHandle
GetProcAddress
GetSystemDirectoryA
GetTempPathA
GetTickCount
GetVersion
GetVersionExA
GetWindowsDirectoryA
GlobalMemoryStatus
CopyFileA
InterlockedIncrement
IsBadReadPtr
IsBadWritePtr
LoadLibraryA
LocalAlloc
LocalFree
OpenMutexA
CreateFileA
ReadFile
RtlUnwind
SetFilePointer
CreateMutexA
Sleep
TerminateProcess
VirtualQuery
CreateProcessA
WaitForSingleObject
WideCharToMultiByte
WinExec
WriteFile
lstrlenA
lstrlenW
CreateThread
DeleteFileA

user32

GetWindowTextA
GetWindowRect
FindWindowA
GetWindow
GetClassNameA
SetFocus
GetForegroundWindow
LoadCursorA
LoadIconA
SetTimer
RegisterClassA
MessageBoxA
GetMessageA
GetWindowLongA
SetWindowLongA
CreateDesktopA
SetThreadDesktop
GetThreadDesktop
TranslateMessage
DispatchMessageA
SendMessageA
PostQuitMessage
ShowWindow
CreateWindowExA
DestroyWindow
MoveWindow
DefWindowProcA
CallWindowProcA

gdi32

GetStockObject
SetBkColor
SetTextColor
CreateBrushIndirect
CreateFontA

advapi32

RegCreateKeyExA
RegCloseKey
RegOpenKeyExA
RegQueryValueExA
RegSetValueExA
GetSecurityInfo
SetSecurityInfo
SetEntriesInAclA

crtdll

__GetMainArgs
_sleep
_stricmp
atoi
exit
memcpy
memset
printf
raise
rand
signal
sprintf
srand
sscanf
strcat
strchr
strncmp
vsprintf

Sections

.text
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 132KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.embm
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
[DemonArchives]a591e7a0155aee11fa8e711b3d427d95.exe
.exe windows:1 windows x86 arch:x86

c2a87fabf96470db507b2e6b43bd92eb

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ole32

CoCreateInstance
CLSIDFromString
CoInitialize
CoUninitialize

oleaut32

SysAllocString

wininet

DeleteUrlCacheEntry
FindFirstUrlCacheEntryA
FindNextUrlCacheEntryA

kernel32

ExitProcess
ExpandEnvironmentStringsA
GetCommandLineA
GetComputerNameA
GetCurrentProcessId
GetCurrentThreadId
GetExitCodeThread
GetFileSize
GetModuleFileNameA
GetModuleHandleA
CloseHandle
GetProcAddress
GetSystemDirectoryA
GetTempPathA
GetTickCount
GetVersion
GetVersionExA
GetWindowsDirectoryA
GlobalMemoryStatus
CopyFileA
InterlockedIncrement
IsBadReadPtr
IsBadWritePtr
LoadLibraryA
LocalAlloc
LocalFree
OpenMutexA
CreateFileA
ReadFile
RtlUnwind
SetFilePointer
CreateMutexA
Sleep
TerminateProcess
VirtualQuery
CreateProcessA
WaitForSingleObject
WideCharToMultiByte
WinExec
WriteFile
lstrlenA
lstrlenW
CreateThread
DeleteFileA

user32

GetWindowTextA
GetWindowRect
FindWindowA
GetWindow
GetClassNameA
SetFocus
GetForegroundWindow
LoadCursorA
LoadIconA
SetTimer
RegisterClassA
MessageBoxA
GetMessageA
GetWindowLongA
SetWindowLongA
CreateDesktopA
SetThreadDesktop
GetThreadDesktop
TranslateMessage
DispatchMessageA
SendMessageA
PostQuitMessage
ShowWindow
CreateWindowExA
DestroyWindow
MoveWindow
DefWindowProcA
CallWindowProcA

gdi32

GetStockObject
SetBkColor
SetTextColor
CreateBrushIndirect
CreateFontA

advapi32

GetUserNameA
RegCreateKeyExA
RegCloseKey
RegOpenKeyExA
RegQueryValueExA
RegSetValueExA
GetSecurityInfo
SetSecurityInfo
SetEntriesInAclA

crtdll

__GetMainArgs
_sleep
_stricmp
atoi
exit
memcpy
memset
printf
raise
rand
signal
sprintf
srand
sscanf
strcat
strchr
strncmp
vsprintf

msvcrt

_wgetcwd

Sections

.text
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 132KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfcd
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.l1
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
[DemonArchives]a9dfebcf20af51671cb6be9ceaed6ff9.exe
.exe windows:1 windows x86 arch:x86

26babd76bbb7f9c516a338b0601b4c9f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

wsock32

WSAGetLastError
WSAStartup
__WSAFDIsSet
accept
bind
closesocket
connect
gethostbyname
htonl
htons
inet_addr
ioctlsocket
listen
recv
select
send
socket

ole32

CoCreateInstance
CLSIDFromString
CoTaskMemFree
CoInitialize
CoUninitialize

oleaut32

SysAllocString

wininet

DeleteUrlCacheEntry
FindFirstUrlCacheEntryA
FindNextUrlCacheEntryA

kernel32

ExitProcess
ExitThread
ExpandEnvironmentStringsA
FileTimeToLocalFileTime
FileTimeToSystemTime
FindClose
FindFirstFileA
FindNextFileA
FreeLibrary
GetCommandLineA
GetCurrentProcessId
GetCurrentThreadId
GetExitCodeProcess
GetExitCodeThread
GetFileAttributesA
GetFileSize
GetFileTime
GetLocalTime
GetModuleFileNameA
GetModuleHandleA
CloseHandle
GetProcAddress
GetSystemDirectoryA
GetTempPathA
GetTickCount
GetTimeZoneInformation
GetVersion
GetVersionExA
GetWindowsDirectoryA
GlobalMemoryStatus
CopyFileA
InterlockedIncrement
IsBadReadPtr
IsBadWritePtr
LoadLibraryA
CreateDirectoryA
LocalAlloc
LocalFree
OpenFile
OpenMutexA
OpenProcess
PeekNamedPipe
CreateFileA
ReadFile
RemoveDirectoryA
RtlUnwind
SetFileAttributesA
SetFilePointer
CreateMutexA
Sleep
TerminateProcess
TerminateThread
CreatePipe
VirtualQuery
CreateProcessA
WaitForSingleObject
WideCharToMultiByte
WinExec
WriteFile
lstrlenA
lstrlenW
CreateThread
DeleteFileA

user32

GetWindowTextA
GetWindowRect
FindWindowA
GetWindow
IsWindowVisible
GetClassNameA
GetForegroundWindow
LoadCursorA
SetTimer
KillTimer
RegisterClassA
GetMessageA
CreateDesktopA
SetThreadDesktop
GetThreadDesktop
TranslateMessage
DispatchMessageA
SendMessageA
CharUpperBuffA
OemToCharA
PostQuitMessage
ShowWindow
CreateWindowExA
DestroyWindow
DefWindowProcA

gdi32

GetStockObject
DeleteObject

advapi32

RegCreateKeyExA
RegCloseKey
RegOpenKeyExA
RegQueryValueExA
RegSetValueExA
GetSecurityInfo
SetSecurityInfo
SetEntriesInAclA

crtdll

_itoa
__GetMainArgs
_sleep
_strcmpi
_stricmp
atoi
exit
memcpy
memset
raise
rand
signal
sprintf
srand
sscanf
strcat
strchr
strncmp

Sections

.text
Size: 45KB - Virtual size: 45KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 122KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ajelhf
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
[DemonArchives]b5f4731562e07b8d21c2bb222b1873c9.exe
.exe windows:1 windows x86 arch:x86

c2a87fabf96470db507b2e6b43bd92eb

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ole32

CoCreateInstance
CLSIDFromString
CoInitialize
CoUninitialize

oleaut32

SysAllocString

wininet

DeleteUrlCacheEntry
FindFirstUrlCacheEntryA
FindNextUrlCacheEntryA

kernel32

ExitProcess
ExpandEnvironmentStringsA
GetCommandLineA
GetComputerNameA
GetCurrentProcessId
GetCurrentThreadId
GetExitCodeThread
GetFileSize
GetModuleFileNameA
GetModuleHandleA
CloseHandle
GetProcAddress
GetSystemDirectoryA
GetTempPathA
GetTickCount
GetVersion
GetVersionExA
GetWindowsDirectoryA
GlobalMemoryStatus
CopyFileA
InterlockedIncrement
IsBadReadPtr
IsBadWritePtr
LoadLibraryA
LocalAlloc
LocalFree
OpenMutexA
CreateFileA
ReadFile
RtlUnwind
SetFilePointer
CreateMutexA
Sleep
TerminateProcess
VirtualQuery
CreateProcessA
WaitForSingleObject
WideCharToMultiByte
WinExec
WriteFile
lstrlenA
lstrlenW
CreateThread
DeleteFileA

user32

GetWindowTextA
GetWindowRect
FindWindowA
GetWindow
GetClassNameA
SetFocus
GetForegroundWindow
LoadCursorA
LoadIconA
SetTimer
RegisterClassA
MessageBoxA
GetMessageA
GetWindowLongA
SetWindowLongA
CreateDesktopA
SetThreadDesktop
GetThreadDesktop
TranslateMessage
DispatchMessageA
SendMessageA
PostQuitMessage
ShowWindow
CreateWindowExA
DestroyWindow
MoveWindow
DefWindowProcA
CallWindowProcA

gdi32

GetStockObject
SetBkColor
SetTextColor
CreateBrushIndirect
CreateFontA

advapi32

GetUserNameA
RegCreateKeyExA
RegCloseKey
RegOpenKeyExA
RegQueryValueExA
RegSetValueExA
GetSecurityInfo
SetSecurityInfo
SetEntriesInAclA

crtdll

__GetMainArgs
_sleep
_stricmp
atoi
exit
memcpy
memset
printf
raise
rand
signal
sprintf
srand
sscanf
strcat
strchr
strncmp
vsprintf

msvcrt

_wgetcwd

Sections

.text
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 132KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfcd
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.l1
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
[DemonArchives]b7a5f4ffc90d577029548e33f6c6cfdc.exe
.exe windows:1 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 51KB - Virtual size: 51KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 122KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.text
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
[DemonArchives]b98c7605f0b04729b8d866760f009e67.exe
.exe windows:1 windows x86 arch:x86

c2a87fabf96470db507b2e6b43bd92eb

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ole32

CoCreateInstance
CLSIDFromString
CoInitialize
CoUninitialize

oleaut32

SysAllocString

wininet

DeleteUrlCacheEntry
FindFirstUrlCacheEntryA
FindNextUrlCacheEntryA

kernel32

ExitProcess
ExpandEnvironmentStringsA
GetCommandLineA
GetComputerNameA
GetCurrentProcessId
GetCurrentThreadId
GetExitCodeThread
GetFileSize
GetModuleFileNameA
GetModuleHandleA
CloseHandle
GetProcAddress
GetSystemDirectoryA
GetTempPathA
GetTickCount
GetVersion
GetVersionExA
GetWindowsDirectoryA
GlobalMemoryStatus
CopyFileA
InterlockedIncrement
IsBadReadPtr
IsBadWritePtr
LoadLibraryA
LocalAlloc
LocalFree
OpenMutexA
CreateFileA
ReadFile
RtlUnwind
SetFilePointer
CreateMutexA
Sleep
TerminateProcess
VirtualQuery
CreateProcessA
WaitForSingleObject
WideCharToMultiByte
WinExec
WriteFile
lstrlenA
lstrlenW
CreateThread
DeleteFileA

user32

GetWindowTextA
GetWindowRect
FindWindowA
GetWindow
GetClassNameA
SetFocus
GetForegroundWindow
LoadCursorA
LoadIconA
SetTimer
RegisterClassA
MessageBoxA
GetMessageA
GetWindowLongA
SetWindowLongA
CreateDesktopA
SetThreadDesktop
GetThreadDesktop
TranslateMessage
DispatchMessageA
SendMessageA
PostQuitMessage
ShowWindow
CreateWindowExA
DestroyWindow
MoveWindow
DefWindowProcA
CallWindowProcA

gdi32

GetStockObject
SetBkColor
SetTextColor
CreateBrushIndirect
CreateFontA

advapi32

GetUserNameA
RegCreateKeyExA
RegCloseKey
RegOpenKeyExA
RegQueryValueExA
RegSetValueExA
GetSecurityInfo
SetSecurityInfo
SetEntriesInAclA

crtdll

__GetMainArgs
_sleep
_stricmp
atoi
exit
memcpy
memset
printf
raise
rand
signal
sprintf
srand
sscanf
strcat
strchr
strncmp
vsprintf

msvcrt

_wgetcwd

Sections

.text
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 132KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfcd
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.l1
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

a3cd30cc30d79a7a89ca3c454827da96

Headers

File Characteristics

Imports

ws2_32

kernel32

Sections

.text Size: 280KB - Virtual size: 278KB

.rdata Size: 72KB - Virtual size: 71KB

.data Size: 20KB - Virtual size: 97KB

.rsrc Size: 28KB - Virtual size: 26KB

.htext Size: 24KB - Virtual size: 24KB

c2a87fabf96470db507b2e6b43bd92eb

Headers

File Characteristics

Imports

ole32

oleaut32

wininet

kernel32

user32

gdi32

advapi32

crtdll

msvcrt

Sections

.text Size: 32KB - Virtual size: 32KB

.bss Size: - Virtual size: 132KB

.data Size: 12KB - Virtual size: 12KB

.idata Size: 3KB - Virtual size: 3KB

.gfcd Size: 512B - Virtual size: 4KB

.l1 Size: 4KB - Virtual size: 4KB

c2a87fabf96470db507b2e6b43bd92eb

Headers

File Characteristics

Imports

ole32

oleaut32

wininet

kernel32

user32

gdi32

advapi32

crtdll

msvcrt

Sections

.text Size: 32KB - Virtual size: 32KB

.bss Size: - Virtual size: 132KB

.data Size: 12KB - Virtual size: 12KB

.idata Size: 3KB - Virtual size: 3KB

.gfcd Size: 512B - Virtual size: 4KB

.l1 Size: 4KB - Virtual size: 4KB

a64e048b98d051ae6e6b6334f77c95d3

Headers

File Characteristics

Imports

ole32

oleaut32

wininet

kernel32

user32

gdi32

advapi32

crtdll

Sections

.text Size: 31KB - Virtual size: 31KB

.bss Size: - Virtual size: 132KB

.data Size: 12KB - Virtual size: 12KB

.idata Size: 3KB - Virtual size: 3KB

.aajaic Size: 512B - Virtual size: 4KB

Headers

File Characteristics

Sections

.reloc Size: 27KB - Virtual size: 27KB

.reloc Size: - Virtual size: 132KB

.text
Size: 280KB - Virtual size: 278KB

.rdata
Size: 72KB - Virtual size: 71KB

.data
Size: 20KB - Virtual size: 97KB

.rsrc
Size: 28KB - Virtual size: 26KB

.htext
Size: 24KB - Virtual size: 24KB

.text
Size: 32KB - Virtual size: 32KB

.bss
Size: - Virtual size: 132KB

.data
Size: 12KB - Virtual size: 12KB

.idata
Size: 3KB - Virtual size: 3KB

.gfcd
Size: 512B - Virtual size: 4KB

.l1
Size: 4KB - Virtual size: 4KB

.text
Size: 32KB - Virtual size: 32KB

.bss
Size: - Virtual size: 132KB

.data
Size: 12KB - Virtual size: 12KB

.idata
Size: 3KB - Virtual size: 3KB

.gfcd
Size: 512B - Virtual size: 4KB

.l1
Size: 4KB - Virtual size: 4KB

.text
Size: 31KB - Virtual size: 31KB

.bss
Size: - Virtual size: 132KB

.data
Size: 12KB - Virtual size: 12KB

.idata
Size: 3KB - Virtual size: 3KB

.aajaic
Size: 512B - Virtual size: 4KB

.reloc
Size: 27KB - Virtual size: 27KB

.reloc
Size: - Virtual size: 132KB

.rsrc
Size: 11KB - Virtual size: 11KB

.idata
Size: 3KB - Virtual size: 3KB

.embm
Size: 512B - Virtual size: 4KB

.rsrc
Size: 2KB - Virtual size: 4KB

.idata
Size: 512B - Virtual size: 4KB

.data
Size: 512B - Virtual size: 4KB

.idata
Size: 512B - Virtual size: 4KB

.idata
Size: 512B - Virtual size: 4KB

.text
Size: 51KB - Virtual size: 51KB

.bss
Size: - Virtual size: 122KB

.data
Size: 13KB - Virtual size: 13KB

.reloc
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 512B - Virtual size: 4KB

.idata
Size: 512B - Virtual size: 4KB

.idata
Size: 1024B - Virtual size: 4KB

.reloc
Size: 6KB - Virtual size: 8KB

.idata
Size: 512B - Virtual size: 4KB

.reloc
Size: 8KB - Virtual size: 12KB

.idata
Size: 512B - Virtual size: 4KB

.idata
Size: 512B - Virtual size: 4KB

.idata
Size: 1024B - Virtual size: 4KB

.text
Size: 3KB - Virtual size: 4KB

.text
Size: 5KB - Virtual size: 8KB

.idata
Size: 512B - Virtual size: 4KB

.text
Size: 51KB - Virtual size: 51KB

.bss
Size: - Virtual size: 122KB

.data
Size: 13KB - Virtual size: 13KB

.reloc
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 512B - Virtual size: 4KB

.idata
Size: 512B - Virtual size: 4KB

.idata
Size: 1024B - Virtual size: 4KB

.reloc
Size: 6KB - Virtual size: 8KB

.idata
Size: 512B - Virtual size: 4KB

.reloc
Size: 8KB - Virtual size: 12KB

.idata
Size: 512B - Virtual size: 4KB

.idata
Size: 512B - Virtual size: 4KB

.idata
Size: 1024B - Virtual size: 4KB

.text
Size: 3KB - Virtual size: 4KB

.text
Size: 5KB - Virtual size: 8KB

.idata
Size: 512B - Virtual size: 4KB

.text
Size: 27KB - Virtual size: 27KB

.data
Size: - Virtual size: 132KB

.data
Size: 11KB - Virtual size: 11KB

.idata
Size: 3KB - Virtual size: 3KB

.embm
Size: 512B - Virtual size: 4KB

.rsrc
Size: 6KB - Virtual size: 8KB

.idata
Size: 512B - Virtual size: 4KB

.idata
Size: 512B - Virtual size: 4KB

.data
Size: 3KB - Virtual size: 4KB

.text
Size: 3KB - Virtual size: 4KB

.idata
Size: 1024B - Virtual size: 4KB

.data
Size: 6KB - Virtual size: 8KB

.rdata
Size: 9KB - Virtual size: 12KB

.idata
Size: 512B - Virtual size: 4KB

.idata
Size: 512B - Virtual size: 4KB

.text
Size: 6KB - Virtual size: 8KB